[openssh-commits] [openssh] branch master updated (1b311b6b -> 6c49e5f7)

git+noreply at mindrot.org git+noreply at mindrot.org
Sun Mar 23 11:24:23 AEDT 2025 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a change to branch master
in repository openssh.

    from 1b311b6b upstream: Prevent theoretical NULL deref in throughlocal_sftp.
     new fdc4853c platform: introduce a way to hook new session start
     new 6c49e5f7 Add support for locking memory on Linux

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 6c49e5f7dcaf886b4a702a6c003cae9dca04d3ea
Author: Daniil Tatianin <d-tatianin at yandex-team.ru>
Date:   Thu Feb 27 11:37:13 2025 +0300

    Add support for locking memory on Linux
    
    Linux wakes up kcompactd threads in order to make more contiguous memory
    available on the system, it does this by migrating live movable pages
    (actively modifying live processes' page tables and constantly flooding
    them with page invalidation IPIs, which can be up to millions per
    second), which causes the process to become unresponsive for up to
    seconds or even minutes in some severe cases. In case of sshd, we want
    to always be able to connect to the system, even if it's under heavy
    kcompactd load.
    
    Introduce an option to protect sshd and its children sessions from being
    compacted by kcompactd (this works in cojunction with
    compact_unevictable_allowed = 0). Note that we depend on MCL_ONFAULT
    being available, which was introduced in linux 4.4. MCL_ONFAULT allows
    the system to lock pages lazily, thus drastically reducing memory usage
    of a locked process (without MCL_ONFAULT, every existing mapping in the
    process is instantly write-faulted).

commit fdc4853c5b1567934d43ab13282f03033cc21325
Author: Daniil Tatianin <d-tatianin at yandex-team.ru>
Date:   Thu Feb 27 11:46:25 2025 +0300

    platform: introduce a way to hook new session start
    
    Previously this was possible via post_fork_child, but ever since sshd
    was split into multiple binaries, this is now no longer possible becase
    of execv.

Summary of changes:
 Makefile.in                 |  2 +-
 configure.ac                | 21 +++++++++++++++++++++
 openbsd-compat/port-linux.c | 13 +++++++++++++
 openbsd-compat/port-linux.h |  4 ++++
 platform-listen.c           | 17 +++++++++++++++++
 platform.h                  |  1 +
 sshd-session.c              |  2 ++
 7 files changed, 59 insertions(+), 1 deletion(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list