From owner-svn-src-head@freebsd.org Thu Oct 19 01:38:32 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8A87AE4932F; Thu, 19 Oct 2017 01:38:32 +0000 (UTC) (envelope-from mjg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5A5D971F96; Thu, 19 Oct 2017 01:38:32 +0000 (UTC) (envelope-from mjg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J1cVUh058374; Thu, 19 Oct 2017 01:38:31 GMT (envelope-from mjg@FreeBSD.org) Received: (from mjg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9J1cV4B058373; Thu, 19 Oct 2017 01:38:31 GMT (envelope-from mjg@FreeBSD.org) Message-Id: <201710190138.v9J1cV4B058373@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mjg set sender to mjg@FreeBSD.org using -f From: Mateusz Guzik Date: Thu, 19 Oct 2017 01:38:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r324736 - head/sys/kern X-SVN-Group: head X-SVN-Commit-Author: mjg X-SVN-Commit-Paths: head/sys/kern X-SVN-Commit-Revision: 324736 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 01:38:32 -0000 Author: mjg Date: Thu Oct 19 01:38:31 2017 New Revision: 324736 URL: https://svnweb.freebsd.org/changeset/base/324736 Log: sysctl: only take mem lock if oldlen is > 4 * PAGE_SIZE The previous limit of just one page is hit by ps. The entire mechanism should be reworked, if not whacked. It seems the intent is to reduce kernel dos-ability - some handlers wire the amount of memory passed here. Handlers should probably stop wiring in the first place or in the worst case indicate they are doing so so that the check is done only if necessary. It should also probably be a counter, not a lock. MFC after: 1 week Modified: head/sys/kern/kern_sysctl.c Modified: head/sys/kern/kern_sysctl.c ============================================================================== --- head/sys/kern/kern_sysctl.c Thu Oct 19 00:46:15 2017 (r324735) +++ head/sys/kern/kern_sysctl.c Thu Oct 19 01:38:31 2017 (r324736) @@ -2109,12 +2109,11 @@ userland_sysctl(struct thread *td, int *name, u_int na if (KTRPOINT(curthread, KTR_SYSCTL)) ktrsysctl(name, namelen); #endif - - if (req.oldptr && req.oldlen > PAGE_SIZE) { + memlocked = 0; + if (req.oldptr && req.oldlen > 4 * PAGE_SIZE) { memlocked = 1; sx_xlock(&sysctlmemlock); - } else - memlocked = 0; + } CURVNET_SET(TD_TO_VNET(td)); for (;;) {