PERFORCE change 187054 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Sun Dec 19 13:29:13 UTC 2010
http://p4web.freebsd.org/@@187054?ac=10
Change 187054 by trasz at trasz_victim on 2010/12/19 13:28:16
Drop the plan to replace all the plimit stuff with containers.
Get rid of temporary per-process rules generated by setrusage()
and many instances of '#ifdef HRL'. This was incomplete anyway,
and when completed it would be far too intrusive.
Affected files ...
.. //depot/projects/soc2009/trasz_limits/TODO#35 edit
.. //depot/projects/soc2009/trasz_limits/sys/compat/linux/linux_misc.c#19 edit
.. //depot/projects/soc2009/trasz_limits/sys/compat/svr4/imgact_svr4.c#12 edit
.. //depot/projects/soc2009/trasz_limits/sys/fs/fdescfs/fdesc_vfsops.c#6 edit
.. //depot/projects/soc2009/trasz_limits/sys/i386/linux/imgact_linux.c#11 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/imgact_aout.c#12 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/imgact_elf.c#20 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/imgact_gzip.c#10 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_loginclass.c#22 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_resource.c#54 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/vfs_vnops.c#21 edit
.. //depot/projects/soc2009/trasz_limits/sys/vm/swap_pager.c#15 edit
.. //depot/projects/soc2009/trasz_limits/sys/vm/vm_glue.c#10 edit
.. //depot/projects/soc2009/trasz_limits/sys/vm/vm_mmap.c#22 edit
.. //depot/projects/soc2009/trasz_limits/sys/vm/vm_unix.c#12 edit
Differences ...
==== //depot/projects/soc2009/trasz_limits/TODO#35 (text+ko) ====
@@ -102,7 +102,9 @@
HRL-specific issues:
- - Bring back per-group limits.
+ - Reconsider setrlimit(2) handling.
+
+ - Reconsider bringing back per-group limits.
- Some things need to be accounted for per-euid, and some per-ruid. Geez.
==== //depot/projects/soc2009/trasz_limits/sys/compat/linux/linux_misc.c#19 (text+ko) ====
@@ -359,26 +359,16 @@
* XXX - this is not complete. it should check current usage PLUS
* the resources needed by this library.
*/
-#ifndef HRL
PROC_LOCK(td->td_proc);
if (a_out->a_text > maxtsiz ||
- a_out->a_data + bss_size > lim_cur(td->td_proc, RLIMIT_DATA)) {
+ a_out->a_data + bss_size > lim_cur(td->td_proc, RLIMIT_DATA) ||
+ rusage_set(td->td_proc, RUSAGE_DATA, a_out->a_data +
+ bss_size) != 0) {
PROC_UNLOCK(td->td_proc);
error = ENOMEM;
goto cleanup;
}
PROC_UNLOCK(td->td_proc);
-#endif
- if (a_out->a_text > maxtsiz) {
- error = ENOMEM;
- goto cleanup;
- }
- error = rusage_set(td->td_proc, RUSAGE_DATA,
- a_out->a_data + bss_size);
- if (error != 0) {
- error = ENOMEM;
- goto cleanup;
- }
/*
* Prevent more writers.
==== //depot/projects/soc2009/trasz_limits/sys/compat/svr4/imgact_svr4.c#12 (text+ko) ====
@@ -107,21 +107,14 @@
/*
* text/data/bss must not exceed limits
*/
-#ifndef HRL
PROC_LOCK(imgp->proc);
if (a_out->a_text > maxtsiz ||
- a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA)) {
+ a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA) ||
+ rusage_set(imgp->proc, RUSAGE_DATA, a_out->a_data + bss_size) != 0) {;
PROC_UNLOCK(imgp->proc);
return (ENOMEM);
}
PROC_UNLOCK(imgp->proc);
-#endif /* !HRL */
- if (a_out->a_text > maxtsiz)
- return (ENOMEM);
- error = rusage_set(imgp->proc, RUSAGE_DATA,
- a_out->a_data + bss_size);
- if (error != 0)
- return (ENOMEM);
VOP_UNLOCK(imgp->vp, 0);
==== //depot/projects/soc2009/trasz_limits/sys/fs/fdescfs/fdesc_vfsops.c#6 (text+ko) ====
@@ -197,20 +197,14 @@
* limit is ever reduced below the current number
* of open files... ]
*/
-#ifndef HRL
PROC_LOCK(td->td_proc);
lim = lim_cur(td->td_proc, RLIMIT_NOFILE);
PROC_UNLOCK(td->td_proc);
-#endif
fdp = td->td_proc->p_fd;
FILEDESC_SLOCK(fdp);
limit = rusage_get_limit(td->td_proc, RUSAGE_NOFILE);
-#ifdef HRL
- lim = limit;
-#else
if (lim > limit)
lim = limit;
-#endif
last = min(fdp->fd_nfiles, lim);
freefd = 0;
for (i = fdp->fd_freefile; i < last; i++)
==== //depot/projects/soc2009/trasz_limits/sys/i386/linux/imgact_linux.c#11 (text+ko) ====
@@ -105,21 +105,14 @@
/*
* text/data/bss must not exceed limits
*/
-#ifndef HRL
PROC_LOCK(imgp->proc);
if (a_out->a_text > maxtsiz ||
- a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA)) {
+ a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA) ||
+ rusage_set(imgp->proc, RUSAGE_DATA, a_out->a_data + bss_size) != 0) {
PROC_UNLOCK(imgp->proc);
return (ENOMEM);
}
PROC_UNLOCK(imgp->proc);
-#endif /* !HRL */
- if (a_out->a_text > maxtsiz)
- return (ENOMEM);
- error = rusage_set(imgp->proc, RUSAGE_DATA,
- a_out->a_data + bss_size);
- if (error != 0)
- return (ENOMEM);
VOP_UNLOCK(imgp->vp, 0);
==== //depot/projects/soc2009/trasz_limits/sys/kern/imgact_aout.c#12 (text+ko) ====
@@ -185,25 +185,18 @@
/*
* text/data/bss must not exceed limits
*/
-#ifndef HRL
PROC_LOCK(imgp->proc);
if (/* text can't exceed maximum text size */
a_out->a_text > maxtsiz ||
/* data + bss can't exceed rlimit */
- a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA)) {
+ a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA) ||
+ rusage_set(imgp->proc, RUSAGE_DATA,
+ a_out->a_data + bss_size) != 0) {
PROC_UNLOCK(imgp->proc);
return (ENOMEM);
}
PROC_UNLOCK(imgp->proc);
-#endif /* !HRL */
- if (/* text can't exceed maximum text size */
- a_out->a_text > maxtsiz)
- return (ENOMEM);
- error = rusage_set(imgp->proc, RUSAGE_DATA,
- a_out->a_data + bss_size);
- if (error != 0)
- return (ENOMEM);
/*
* Avoid a possible deadlock if the current address space is destroyed
==== //depot/projects/soc2009/trasz_limits/sys/kern/imgact_elf.c#20 (text+ko) ====
@@ -874,27 +874,15 @@
* limits after loading the segments since we do
* not actually fault in all the segments pages.
*/
-#ifndef HRL
PROC_LOCK(imgp->proc);
if (data_size > lim_cur(imgp->proc, RLIMIT_DATA) ||
text_size > maxtsiz ||
- total_size > lim_cur(imgp->proc, RLIMIT_VMEM)) {
+ total_size > lim_cur(imgp->proc, RLIMIT_VMEM) ||
+ rusage_set(imgp->proc, RUSAGE_DATA, data_size) != 0 ||
+ rusage_set(imgp->proc, RUSAGE_VMEM, total_size) != 0) {
PROC_UNLOCK(imgp->proc);
return (ENOMEM);
}
-#else
- PROC_LOCK(imgp->proc);
-#endif /* !HRL */
- if (text_size > maxtsiz)
- return (ENOMEM);
- error = rusage_set(imgp->proc, RUSAGE_DATA,
- data_size);
- if (error != 0)
- return (ENOMEM);
- error = rusage_set(imgp->proc, RUSAGE_VMEM,
- total_size);
- if (error != 0)
- return (ENOMEM);
vmspace->vm_tsize = text_size >> PAGE_SHIFT;
vmspace->vm_taddr = (caddr_t)(uintptr_t)text_addr;
==== //depot/projects/soc2009/trasz_limits/sys/kern/imgact_gzip.c#10 (text+ko) ====
@@ -210,29 +210,20 @@
/*
* text/data/bss must not exceed limits
*/
-#ifndef HRL
PROC_LOCK(gz->ip->proc);
if ( /* text can't exceed maximum text size */
gz->a_out.a_text > maxtsiz ||
/* data + bss can't exceed rlimit */
gz->a_out.a_data + gz->bss_size >
- lim_cur(gz->ip->proc, RLIMIT_DATA)) {
+ lim_cur(gz->ip->proc, RLIMIT_DATA) ||
+ rusage_set(gz->ip->proc, RUSAGE_DATA,
+ gz->a_out.a_data + gz->bss_size) != 0) {
PROC_UNLOCK(gz->ip->proc);
gz->where = __LINE__;
return (ENOMEM);
}
PROC_UNLOCK(gz->ip->proc);
-#endif /* !HRL */
- if ( /* text can't exceed maximum text size */
- gz->a_out.a_text > maxtsiz) {
- gz->where = __LINE__;
- return (ENOMEM);
- }
- error = rusage_set(gz->ip->proc, RUSAGE_DATA,
- gz->a_out.a_data + gz->bss_size);
- if (error != 0)
- return (ENOMEM);
/* Find out how far we should go */
gz->file_end = gz->file_offset + gz->a_out.a_text + gz->a_out.a_data;
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_loginclass.c#22 (text+ko) ====
@@ -85,9 +85,7 @@
mtx_lock(&loginclasses_lock);
if (refcount_release(&lc->lc_refcount)) {
-#ifdef HRL
container_destroy(&lc->lc_container);
-#endif
LIST_REMOVE(lc, lc_next);
mtx_unlock(&loginclasses_lock);
free(lc, M_LOGINCLASS);
@@ -127,9 +125,7 @@
}
/* Add new loginclass. */
-#ifdef HRL
container_create(&newlc->lc_container);
-#endif
strcpy(newlc->lc_name, name);
refcount_init(&newlc->lc_refcount, 1);
LIST_INSERT_HEAD(&loginclasses, newlc, lc_next);
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_resource.c#54 (text+ko) ====
@@ -606,13 +606,12 @@
return (error);
}
-#ifndef HRL
static void
lim_cb(void *arg)
{
+ struct rlimit rlim;
struct thread *td;
struct proc *p;
- struct rlimit rlim;
p = arg;
PROC_LOCK_ASSERT(p, MA_OWNED);
@@ -640,119 +639,6 @@
if ((p->p_flag & P_WEXIT) == 0)
callout_reset(&p->p_limco, hz, lim_cb, p);
}
-#endif /* !HRL */
-
-#ifdef HRL
-static void
-hrl_handle_setrlimit(u_int which, struct rlimit *lim, struct thread *td)
-{
- int error;
- struct hrl_rule *rule, *rule2;
-
- rule = hrl_rule_alloc(M_WAITOK);
- rule->hr_subject_type = HRL_SUBJECT_TYPE_PROCESS;
- rule->hr_subject.hs_proc = td->td_proc;
- rule->hr_action = HRL_ACTION_DENY;
- rule->hr_amount = -1;
- rule->hr_per = HRL_SUBJECT_TYPE_PROCESS;
-
- switch (which) {
- case RLIMIT_CPU:
- rule->hr_resource = RUSAGE_CPU;
- rule->hr_action = HRL_ACTION_SIGXCPU;
- break;
- case RLIMIT_FSIZE:
- rule->hr_resource = RUSAGE_FSIZE;
- break;
- case RLIMIT_DATA:
- rule->hr_resource = RUSAGE_DATA;
- break;
- case RLIMIT_STACK:
- rule->hr_resource = RUSAGE_STACK;
- rule->hr_action = HRL_ACTION_SIGSEGV;
- break;
- case RLIMIT_CORE:
- rule->hr_resource = RUSAGE_CORE;
- break;
- case RLIMIT_RSS:
- rule->hr_resource = RUSAGE_RSS;
- break;
- case RLIMIT_MEMLOCK:
- rule->hr_resource = RUSAGE_MEMLOCK;
- break;
- case RLIMIT_NPROC:
- rule->hr_resource = RUSAGE_NPROC;
- rule->hr_per = HRL_SUBJECT_TYPE_USER;
- break;
- case RLIMIT_NOFILE:
- rule->hr_resource = RUSAGE_NOFILE;
- rule->hr_action = HRL_ACTION_SIGXFSZ;
- break;
- case RLIMIT_SBSIZE:
- rule->hr_resource = RUSAGE_SBSIZE;
- rule->hr_per = HRL_SUBJECT_TYPE_USER;
- break;
- case RLIMIT_VMEM:
- rule->hr_resource = RUSAGE_VMEM;
- break;
- case RLIMIT_NPTS:
- rule->hr_resource = RUSAGE_NPTS;
- rule->hr_per = HRL_SUBJECT_TYPE_USER;
- break;
- case RLIMIT_SWAP:
- rule->hr_resource = RUSAGE_SWAP;
- rule->hr_per = HRL_SUBJECT_TYPE_USER;
- break;
- default:
- panic("hrl_handle_setrlimit: unknown limit %d", which);
- }
-
- /*
- * Remove a previous limit that might exist for the resource
- * with a different hr_amount.
- */
- hrl_rule_remove(rule);
-
- /*
- * For rules with action different than "deny", we add another
- * rule, "deny".
- */
- if (rule->hr_action != HRL_ACTION_DENY) {
- rule2 = hrl_rule_duplicate(rule, M_WAITOK);
-
- /*
- * The "deny" action doesn't make sense for some resources,
- * such as RUSAGE_CPU.
- */
- if (rule2->hr_resource == RUSAGE_CPU)
- rule2->hr_action = HRL_ACTION_SIGKILL;
- else
- rule2->hr_action = HRL_ACTION_DENY;
- hrl_rule_remove(rule2);
-
- if (lim->rlim_cur != RLIM_INFINITY) {
- if (rule2->hr_resource == RUSAGE_CPU)
- rule2->hr_amount = (uint64_t)lim->rlim_max *
- 1000000;
- else
- rule2->hr_amount = lim->rlim_cur;
- error = hrl_rule_add(rule2);
- KASSERT(error == 0, ("hrl_rule_add failed"));
- }
- hrl_rule_release(rule2);
- }
-
- if (lim->rlim_cur != RLIM_INFINITY) {
- rule->hr_amount = lim->rlim_cur;
- /* Container stores CPU time in microseconds. */
- if (rule->hr_resource == RUSAGE_CPU)
- rule->hr_amount *= 1000000;
- error = hrl_rule_add(rule);
- KASSERT(error == 0, ("hrl_rule_add failed"));
- }
- hrl_rule_release(rule);
-}
-#endif /* HRL */
int
kern_setrlimit(td, which, limp)
@@ -797,14 +683,12 @@
switch (which) {
-#ifndef HRL
case RLIMIT_CPU:
if (limp->rlim_cur != RLIM_INFINITY &&
p->p_cpulimit == RLIM_INFINITY)
callout_reset(&p->p_limco, hz, lim_cb, p);
p->p_cpulimit = limp->rlim_cur;
break;
-#endif
case RLIMIT_DATA:
if (limp->rlim_cur > maxdsiz)
limp->rlim_cur = maxdsiz;
@@ -877,10 +761,6 @@
}
}
-#ifdef HRL
- hrl_handle_setrlimit(which, alimp, td);
-#endif
-
return (0);
}
@@ -1213,10 +1093,8 @@
{
p2->p_limit = lim_hold(p1->p_limit);
callout_init_mtx(&p2->p_limco, &p2->p_mtx, 0);
-#ifndef HRL
if (p1->p_cpulimit != RLIM_INFINITY)
callout_reset(&p2->p_limco, hz, lim_cb, p2);
-#endif
}
void
@@ -1344,9 +1222,7 @@
mtx_init(&uip->ui_vmsize_mtx, "ui_vmsize", NULL,
MTX_DEF);
LIST_INSERT_HEAD(UIHASH(uid), uip, ui_hash);
-#ifdef HRL
container_create(&uip->ui_container);
-#endif
}
}
uihold(uip);
@@ -1394,9 +1270,7 @@
/* Prepare for suboptimal case. */
rw_wlock(&uihashtbl_lock);
if (refcount_release(&uip->ui_ref)) {
-#ifdef HRL
container_destroy(&uip->ui_container);
-#endif
LIST_REMOVE(uip, ui_hash);
rw_wunlock(&uihashtbl_lock);
if (uip->ui_sbsize != 0)
==== //depot/projects/soc2009/trasz_limits/sys/kern/vfs_vnops.c#21 (text+ko) ====
@@ -1344,22 +1344,21 @@
vn_rlimit_fsize(const struct vnode *vp, const struct uio *uio,
const struct thread *td)
{
-
+ uoff_t fsize;
+
if (vp->v_type != VREG || td == NULL)
return (0);
-#ifndef HRL
+
+ fsize = (uoff_t)uio->uio_offset + uio->uio_resid;
+
PROC_LOCK(td->td_proc);
- if ((uoff_t)uio->uio_offset + uio->uio_resid >
- lim_cur(td->td_proc, RLIMIT_FSIZE)) {
+ if (fsize > lim_cur(td->td_proc, RLIMIT_FSIZE) ||
+ rusage_set(td->td_proc, RUSAGE_FSIZE, fsize) != 0) {
psignal(td->td_proc, SIGXFSZ);
PROC_UNLOCK(td->td_proc);
return (EFBIG);
}
PROC_UNLOCK(td->td_proc);
-#endif
- if (rusage_set(td->td_proc, RUSAGE_FSIZE,
- (uoff_t)uio->uio_offset + uio->uio_resid))
- return (EFBIG);
return (0);
}
==== //depot/projects/soc2009/trasz_limits/sys/vm/swap_pager.c#15 (text+ko) ====
@@ -211,12 +211,13 @@
if (res) {
PROC_LOCK(curproc);
UIDINFO_VMSIZE_LOCK(uip);
+ /*
+ * XXX: What if rusage_add() succeeds, and lim_cur() check fails?
+ */
if (
rusage_add(curproc, RUSAGE_SWAP, incr) &&
-#ifndef HRL
(overcommit & SWAP_RESERVE_RLIMIT_ON) != 0 &&
uip->ui_vmsize + incr > lim_cur(curproc, RLIMIT_SWAP) &&
-#endif
priv_check(curthread, PRIV_VM_SWAP_NORLIMIT))
res = 0;
else
==== //depot/projects/soc2009/trasz_limits/sys/vm/vm_glue.c#10 (text+ko) ====
@@ -200,15 +200,12 @@
PROC_LOCK(curproc);
nsize = ptoa(npages +
pmap_wired_count(vm_map_pmap(&curproc->p_vmspace->vm_map)));
-#ifndef HRL
- if (nsize > lim_cur(curproc, RLIMIT_MEMLOCK)) {
+ if (nsize > lim_cur(curproc, RLIMIT_MEMLOCK) ||
+ rusage_set(curproc, RUSAGE_MEMLOCK, nsize) != 0) {
PROC_UNLOCK(curproc);
return (ENOMEM);
}
-#endif
PROC_UNLOCK(curproc);
- if (rusage_set(curproc, RUSAGE_MEMLOCK, nsize))
- return (ENOMEM);
#if 0
/*
* XXX - not yet
==== //depot/projects/soc2009/trasz_limits/sys/vm/vm_mmap.c#22 (text+ko) ====
@@ -1051,12 +1051,10 @@
PROC_LOCK(proc);
nsize = ptoa(npages +
pmap_wired_count(vm_map_pmap(&proc->p_vmspace->vm_map)));
-#ifndef HRL
if (nsize > lim_cur(proc, RLIMIT_MEMLOCK)) {
PROC_UNLOCK(proc);
return (ENOMEM);
}
-#endif
PROC_UNLOCK(proc);
if (npages + cnt.v_wire_count > vm_page_max_wired)
return (EAGAIN);
@@ -1431,7 +1429,6 @@
size = round_page(size);
-#ifndef HRL
PROC_LOCK(td->td_proc);
if (td->td_proc->p_vmspace->vm_map.size + size >
lim_cur(td->td_proc, RLIMIT_VMEM)) {
@@ -1439,7 +1436,6 @@
return(ENOMEM);
}
PROC_UNLOCK(td->td_proc);
-#endif
if (rusage_set(td->td_proc, RUSAGE_VMEM,
td->td_proc->p_vmspace->vm_map.size + size))
return (ENOMEM);
==== //depot/projects/soc2009/trasz_limits/sys/vm/vm_unix.c#12 (text+ko) ====
@@ -74,19 +74,15 @@
{
struct vmspace *vm = td->td_proc->p_vmspace;
vm_offset_t new, old, base;
-#ifndef HRL
rlim_t datalim, vmemlim;
-#endif
int rv;
int error = 0;
boolean_t do_map_wirefuture;
-#ifndef HRL
PROC_LOCK(td->td_proc);
datalim = lim_cur(td->td_proc, RLIMIT_DATA);
vmemlim = lim_cur(td->td_proc, RLIMIT_VMEM);
PROC_UNLOCK(td->td_proc);
-#endif
do_map_wirefuture = FALSE;
new = round_page((vm_offset_t)uap->nsize);
@@ -95,7 +91,6 @@
base = round_page((vm_offset_t) vm->vm_daddr);
old = base + ctob(vm->vm_dsize);
if (new > base) {
-#ifndef HRL
/*
* Check the resource limit, but allow a process to reduce
* its usage, even if it remains over the limit.
@@ -104,9 +99,7 @@
error = ENOMEM;
goto done;
}
-#endif /* !HRL */
- error = rusage_set(td->td_proc, RUSAGE_DATA,
- new - base);
+ error = rusage_set(td->td_proc, RUSAGE_DATA, new - base);
if (error != 0) {
error = ENOMEM;
goto done;
@@ -126,18 +119,19 @@
goto done;
}
if (new > old) {
-#ifndef HRL
if (vm->vm_map.size + (new - old) > vmemlim) {
error = ENOMEM;
goto done;
}
-#endif /* !HRL */
error = rusage_set(td->td_proc, RUSAGE_VMEM,
vm->vm_map.size + (new - old));
if (error != 0) {
error = ENOMEM;
goto done;
}
+ /*
+ * XXX: Rollback for rusage_set() call above?
+ */
rv = vm_map_insert(&vm->vm_map, NULL, 0, old, new,
VM_PROT_RW, VM_PROT_ALL, 0);
if (rv != KERN_SUCCESS) {
More information about the p4-projects
mailing list