PERFORCE change 182028 for review

Edward Tomasz Napierala trasz at FreeBSD.org
Sat Aug 7 15:09:57 UTC 2010 

http://p4web.freebsd.org/@@182028?ac=10

Change 182028 by trasz at trasz_victim on 2010/08/07 15:09:03

	Enforce RUSAGE_RSS.

Affected files ...

.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_container.c#26 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#91 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/container.h#10 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#48 edit
.. //depot/projects/soc2009/trasz_limits/sys/vm/vm_pageout.c#11 edit

Differences ...

==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_container.c#26 (text+ko) ====

@@ -98,6 +98,18 @@
 }
 
 static int
+container_resource_deniable(int resource)
+{
+
+	switch (resource) {
+	case RUSAGE_RSS:
+		return (0);
+	default:
+		return (1);
+	}
+}
+
+static int
 container_add(struct container *dest, const struct container *src)
 {
 	int i, error;
@@ -361,7 +373,7 @@
 	mtx_lock(&container_lock);
 #ifdef HRL
 	error = hrl_enforce_proc(p, resource, amount);
-	if (error) {
+	if (error && container_resource_deniable(resource)) {
 		SDT_PROBE(container, kernel, rusage, add_failure, p, resource, amount, 0, 0);
 		mtx_unlock(&container_lock);
 		return (error);
@@ -398,7 +410,7 @@
 #ifdef HRL
 	if (diff > 0) {
 		error = hrl_enforce_proc(p, resource, diff);
-		if (error) {
+		if (error && container_resource_deniable(resource)) {
 			SDT_PROBE(container, kernel, rusage, set_failure, p, resource, amount, 0, 0);
 			return (error);
 		}
@@ -427,6 +439,22 @@
 
 	return (error);
 }
+
+/*
+ * Returns amount of 'resource' the process 'p' can keep allocated.
+ * Allocating more than that would be denied, unless the resource
+ * is marked undeniable.
+ */
+uint64_t
+rusage_get_limit(struct proc *p, int resource)
+{
+
+#ifdef HRL
+	return (hrl_available_proc(p, resource));
+#else
+	return (UINT64_MAX);
+#endif
+}
 	
 /*
  * Decrease allocation of 'resource' by 'amount' for process 'p'.

==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#91 (text+ko) ====

@@ -247,7 +247,8 @@
 	 */
 	if (available < 0) {
 #ifdef notyet
-		KASSERT(rule->hr_action != HRL_ACTION_DENY,
+		KASSERT(rule->hr_action != HRL_ACTION_DENY ||
+		    !container_resource_deniable(rule->hr_resource),
 		    ("hrl_would_exceed: deny rule already exceeded"));
 #endif
 		return (0);
@@ -339,6 +340,34 @@
 	return (0);
 }
 
+uint64_t
+hrl_available_proc(struct proc *p, int resource)
+{
+	struct hrl_rule *rule;
+	struct hrl_rule_link *link;
+	uint64_t amount = UINT64_MAX;
+
+	mtx_lock(&hrl_lock);
+
+	/*
+	 * There may be more than one matching rule; go through all of them.
+	 * Denial should be done last, after logging and sending signals.
+	 */
+	LIST_FOREACH(link, &p->p_container.c_rule_links, hrl_next) {
+		rule = link->hrl_rule;
+		if (rule->hr_resource != resource)
+			continue;
+		if (rule->hr_action != HRL_ACTION_DENY)
+			continue;
+		if (rule->hr_amount < amount)
+			amount = rule->hr_amount;
+	}
+
+	mtx_unlock(&hrl_lock);
+
+	return (amount);
+}
+
 static int
 hrl_rule_matches(const struct hrl_rule *rule, const struct hrl_rule *filter)
 {

==== //depot/projects/soc2009/trasz_limits/sys/sys/container.h#10 (text+ko) ====

@@ -95,6 +95,7 @@
 int	rusage_add(struct proc *p, int object, uint64_t amount);
 int	rusage_set(struct proc *p, int object, uint64_t amount);
 void	rusage_sub(struct proc *p, int object, uint64_t amount);
+uint64_t	rusage_get_limit(struct proc *p, int object);
 
 void	container_create(struct container *container);
 void	container_destroy(struct container *container);

==== //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#48 (text+ko) ====

@@ -118,7 +118,8 @@
 int	hrl_rule_remove(const struct hrl_rule *filter);
 
 int	hrl_enforce_proc(struct proc *p, int resource, uint64_t amount);
-const char *hrl_resource_name(int resource);
+uint64_t	hrl_available_proc(struct proc *p, int resource);
+const char	*hrl_resource_name(int resource);
 int	hrl_proc_fork(struct proc *parent, struct proc *child);
 void	hrl_proc_exit(struct proc *p);
 #else /* !_KERNEL */

==== //depot/projects/soc2009/trasz_limits/sys/vm/vm_pageout.c#11 (text+ko) ====

@@ -79,6 +79,7 @@
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
+#include <sys/container.h>
 #include <sys/eventhandler.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
@@ -1620,6 +1621,9 @@
 	struct thread *td;
 	struct vmspace *vm;
 	int breakout, swapout_flags;
+#ifdef CONTAINERS
+	uint64_t maxsize;
+#endif
 
 	while (TRUE) {
 		mtx_lock(&vm_daemon_mtx);
@@ -1691,6 +1695,14 @@
 				vm_pageout_map_deactivate_pages(
 				    &vm->vm_map, limit);
 			}
+#ifdef CONTAINERS
+			rusage_set(p, RUSAGE_RSS, IDX_TO_OFF(size));
+			maxsize = OFF_TO_IDX(rusage_get_limit(p, RUSAGE_RSS));
+			if (size > maxsize) {
+				vm_pageout_map_deactivate_pages(
+				    &vm->vm_map, limit);
+			}
+#endif
 			vmspace_free(vm);
 		}
 		sx_sunlock(&allproc_lock);

More information about the p4-projects mailing list