The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=0fa6ce255661acc984a45deaf2d710149b957ce6
commit 0fa6ce255661acc984a45deaf2d710149b957ce6 Author: Mark Johnston <[email protected]> AuthorDate: 2026-02-21 16:16:32 +0000 Commit: Mark Johnston <[email protected]> CommitDate: 2026-02-21 16:16:32 +0000 sysctl: Avoid calling priv_check() unnecessarily After commit 7d1d9cc440f80 we only serialize large sysctl requests for non-root users, but we should avoid calling priv_check() unless the request actually is large, as that's not the common case. In particular, priv_check() might not be cheap to evaluate if MAC hooks are installed. Reviewed by: olce, kib MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D55377 --- sys/kern/kern_sysctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index be0acb0a4a55..4adbd71fae24 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -2573,8 +2573,8 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old, ktrsysctl(name, namelen); #endif memlocked = false; - if (priv_check(td, PRIV_SYSCTL_MEMLOCK) != 0 && - req.oldptr != NULL && req.oldlen > 4 * PAGE_SIZE) { + if (req.oldptr != NULL && req.oldlen > 4 * PAGE_SIZE && + priv_check(td, PRIV_SYSCTL_MEMLOCK) != 0) { memlocked = true; sx_xlock(&sysctlmemlock); }
