diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2026-02-21 16:16:32 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2026-02-21 16:16:32 +0000 |
| commit | 0fa6ce255661acc984a45deaf2d710149b957ce6 (patch) | |
| tree | 8e51ad84abab46b66a663068efeaece8389cfdb8 | |
| parent | 80950a079b20ed59616525fbca8ccaf3b6afcebc (diff) | |
sysctl: Avoid calling priv_check() unnecessarily
After commit 7d1d9cc440f80 we only serialize large sysctl requests for
non-root users, but we should avoid calling priv_check() unless the
request actually is large, as that's not the common case. In
particular, priv_check() might not be cheap to evaluate if MAC hooks are
installed.
Reviewed by: olce, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55377
| -rw-r--r-- | sys/kern/kern_sysctl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index be0acb0a4a55..4adbd71fae24 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -2573,8 +2573,8 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old, ktrsysctl(name, namelen); #endif memlocked = false; - if (priv_check(td, PRIV_SYSCTL_MEMLOCK) != 0 && - req.oldptr != NULL && req.oldlen > 4 * PAGE_SIZE) { + if (req.oldptr != NULL && req.oldlen > 4 * PAGE_SIZE && + priv_check(td, PRIV_SYSCTL_MEMLOCK) != 0) { memlocked = true; sx_xlock(&sysctlmemlock); } |