From nobody Sat Jan  4 14:08:18 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YQMjb0DxNz5kK10;
	Sat, 04 Jan 2025 14:08:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YQMjZ3Rt6z4V5r;
	Sat,  4 Jan 2025 14:08:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1735999698;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vYnuw+Udv277fhuQU5hVC5Lx8rsqjdIsxstORut4F/0=;
	b=O4WtKnDK5b1e9NAix+waKjHL5VP3Aooa7cWLwnLsXUXYFWU8SrcKSqKEFQcE8P+4WJbonu
	lcr8C26kzKmmer9wyXp3k5lHBRbMvf3fatE25HnwsqnkGUDHGTkoFbcBBodQ3R/iAv4nXL
	KuRS8kw2Cb56KwJiAzyQeETUTY7U48SzJqhwR5w4DC9jaUomCq6S6g5d12DPPslg+OkkO7
	9Cs+bo1zvObiKEVIAfnFsS98ik/eFR5N+Q/JbGWq0pgX0N4qSjC+zk8IsFL5DEMYPQI08W
	nCb+maU0Xg0A2BxtPVf7CbkwGMTQnptpUAI2vBtSHnXr3Pu+w5MBBIWyQ+hd3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1735999698;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vYnuw+Udv277fhuQU5hVC5Lx8rsqjdIsxstORut4F/0=;
	b=usye2tm3Y8Ghz79oXTUxoS6ogQmffMt3OiRauSRnNbdsGDVegOQko+Zqi9sKHcf5K4bRSF
	EiAGRZX6or82j/pG4TuA68bY9VMsWWGc/BSSvmASfmdyY9h1i5mD2iZHrk/QhiSlt6gDOX
	VUaxt9dB4POex4+bm1JT0zXtDBBv4982qBfpIkVZ3OiSnkanPnkxCDIimhmP5dn+NudgAO
	WXxOnh9+enNvz6OCARvMH56O/RXD+DT+vUZc/3Okicj7SR2wI5e/h2BHxn/AJ0C2VZ6sFM
	OFgvAIy9xvjoqN8Jb8MUg+lJL+JBzpjGYpQrIUIXLKT/oxsKbbkaZk2P1+pYCw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1735999698; a=rsa-sha256; cv=none;
	b=WDa4O5s2r/57acp/wr/T5wkY5TbbGpUuR167OIOpzXnbsN/RXC6N9XcEhGqBMsBWiapEmz
	by0qo+FcFRCR0nTjf1ly5Mw5QvLxw+7fXZmucvcB8Tx7b0xA8j7nEtj4/oN1oOkkbbK5AD
	FJ4Fhh8qOvRo1oAGeFHwKg22OUL5WCuoROXRPCf4FrTRLIW0X3EL/+8U0WWaYSixlF3tfh
	VTEZPzaqnZnQAXR2Jy8SnASVh+l1NkzK3fPbsV0rr/63C7qFApSHjpMY7LZlKJIqWseY2o
	dRE+gKJwSRrLcAPn/f4l8vyUPwS1WDtrfxCHOdiVWqXMxtsouAn+/p8Duh3BGw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YQMjZ2rwLzwVh;
	Sat, 04 Jan 2025 14:08:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 504E8IWB070613;
	Sat, 4 Jan 2025 14:08:18 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 504E8IqB070610;
	Sat, 4 Jan 2025 14:08:18 GMT
	(envelope-from git)
Date: Sat, 4 Jan 2025 14:08:18 GMT
Message-Id: <202501041408.504E8IqB070610@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: eecdd412ff5b - stable/14 - sysctl: Do not serialize
  requests when running as root
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: eecdd412ff5b9f2462b9fbad700e301fa420002e
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=eecdd412ff5b9f2462b9fbad700e301fa420002e

commit eecdd412ff5b9f2462b9fbad700e301fa420002e
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-12-21 19:25:32 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-01-04 13:56:59 +0000

    sysctl: Do not serialize requests when running as root
    
    Bugs or unexpected behaviour can cause a user thread to block in a
    sysctl handler for a long time.  "procstat -kka" is the most useful tool
    to see why this might happen, but it can block on sysctlmemlock too.
    
    Since the purpose of this lock is merely to ensure userspace can't wire
    too much memory, don't require it for requests from privileged threads.
    
    PR:             282994
    Reviewed by:    kib, jhb
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D47842
    
    (cherry picked from commit 7d1d9cc440f800858b6ec8dfb5a41c853fc8c36d)
---
 sys/kern/kern_sysctl.c | 10 ++++++----
 sys/sys/priv.h         |  1 +
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index 53b61c08713f..2e983e2ff803 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -2398,8 +2398,9 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old,
     size_t *oldlenp, int inkernel, const void *new, size_t newlen,
     size_t *retval, int flags)
 {
-	int error = 0, memlocked;
 	struct sysctl_req req;
+	int error = 0;
+	bool memlocked;
 
 	bzero(&req, sizeof req);
 
@@ -2431,9 +2432,10 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old,
 	if (KTRPOINT(curthread, KTR_SYSCTL))
 		ktrsysctl(name, namelen);
 #endif
-	memlocked = 0;
-	if (req.oldptr && req.oldlen > 4 * PAGE_SIZE) {
-		memlocked = 1;
+	memlocked = false;
+	if (priv_check(td, PRIV_SYSCTL_MEMLOCK) != 0 &&
+	    req.oldptr != NULL && req.oldlen > 4 * PAGE_SIZE) {
+		memlocked = true;
 		sx_xlock(&sysctlmemlock);
 	}
 	CURVNET_SET(TD_TO_VNET(td));
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index fd0f7dd213ff..cfec8345a4b4 100644
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -210,6 +210,7 @@
 #define	PRIV_SYSCTL_DEBUG	240	/* Can invoke sysctl.debug. */
 #define	PRIV_SYSCTL_WRITE	241	/* Can write sysctls. */
 #define	PRIV_SYSCTL_WRITEJAIL	242	/* Can write sysctls, jail permitted. */
+#define	PRIV_SYSCTL_MEMLOCK	243	/* Large requests are not serialized. */
 
 /*
  * TTY privileges.