From: Alexander Bluhm <bluhm@openbsd.org>
Subject: Re: sysctl(2): unlock KERN_MSGBUFSIZE and KERN_CONSBUFSIZE
To: Vitaliy Makkoveev <mvs@openbsd.org>
Cc: tech@openbsd.org
Date: Thu, 8 Aug 2024 09:24:35 +0200

On Wed, Aug 07, 2024 at 12:37:41PM +0300, Vitaliy Makkoveev wrote:
> `msgbufp' and `consbufp' are immutable, such as `msg_magic' and
> `msg_bufs'. initmsgbuf() and initconsbuf() which initialize this buffers
> are called during kernel bootstrap, when concurrent sysctl(2) is
> impossible, so they don't need to be reordered or use barriers.
> 
> ok?

OK bluhm@

> Index: sys/kern/kern_sysctl.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
> diff -u -p -r1.434 kern_sysctl.c
> --- sys/kern/kern_sysctl.c	6 Aug 2024 12:36:54 -0000	1.434
> +++ sys/kern/kern_sysctl.c	7 Aug 2024 09:22:27 -0000
> @@ -533,6 +533,18 @@ kern_sysctl(int *name, u_int namelen, vo
>  		return (sysctl_rdstruct(oldp, oldlenp, newp,
>  		    &mbs, sizeof(mbs)));
>  	}
> +	case KERN_MSGBUFSIZE:
> +	case KERN_CONSBUFSIZE: {
> +		struct msgbuf *mp;
> +		mp = (name[0] == KERN_MSGBUFSIZE) ? msgbufp : consbufp;
> +		/*
> +		 * deal with cases where the message buffer has
> +		 * become corrupted.
> +		 */
> +		if (!mp || mp->msg_magic != MSG_MAGIC)
> +			return (ENXIO);
> +		return (sysctl_rdint(oldp, oldlenp, newp, mp->msg_bufs));
> +	}
>  	case KERN_OSREV:
>  	case KERN_NFILES:
>  	case KERN_TTYCOUNT:
> @@ -616,18 +628,6 @@ kern_sysctl_locked(int *name, u_int name
>  		error =  sysctl_int(oldp, oldlenp, newp, newlen, &inthostid);
>  		hostid = inthostid;
>  		return (error);
> -	case KERN_MSGBUFSIZE:
> -	case KERN_CONSBUFSIZE: {
> -		struct msgbuf *mp;
> -		mp = (name[0] == KERN_MSGBUFSIZE) ? msgbufp : consbufp;
> -		/*
> -		 * deal with cases where the message buffer has
> -		 * become corrupted.
> -		 */
> -		if (!mp || mp->msg_magic != MSG_MAGIC)
> -			return (ENXIO);
> -		return (sysctl_rdint(oldp, oldlenp, newp, mp->msg_bufs));
> -	}
>  	case KERN_CONSBUF:
>  		if ((error = suser(p)))
>  			return (error);
> @@ -635,7 +635,10 @@ kern_sysctl_locked(int *name, u_int name
>  	case KERN_MSGBUF: {
>  		struct msgbuf *mp;
>  		mp = (name[0] == KERN_MSGBUF) ? msgbufp : consbufp;
> -		/* see note above */
> +		/*
> +		 * deal with cases where the message buffer has
> +		 * become corrupted.
> +		 */
>  		if (!mp || mp->msg_magic != MSG_MAGIC)
>  			return (ENXIO);
>  		return (sysctl_rdstruct(oldp, oldlenp, newp, mp,