PERFORCE change 174724 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Mon Feb 15 17:04:40 UTC 2010
http://p4web.freebsd.org/chv.cgi?CH=174724
Change 174724 by trasz at trasz_victim on 2010/02/15 17:04:00
Little renaming.
Affected files ...
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#73 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#42 edit
Differences ...
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#73 (text+ko) ====
@@ -60,13 +60,13 @@
#define HRL_LOG_BUFSIZE 128
/*
- * 'hrl_limit' connects a rule with every container it's related to.
+ * 'hrl_rule_link' connects a rule with every container it's related to.
* For example, rule 'user:X:openfiles:deny=N/process' is linked
* with uidinfo for user X, and to each process of that user.
*/
-struct hrl_limit {
- LIST_ENTRY(hrl_limit) hl_next;
- struct hrl_rule *hl_rule;
+struct hrl_rule_link {
+ LIST_ENTRY(hrl_rule_link) hrl_next;
+ struct hrl_rule *hrl_rule;
};
struct dict {
@@ -114,7 +114,7 @@
static void hrl_init(void);
SYSINIT(hrl, SI_SUB_CPU, SI_ORDER_FIRST, hrl_init, NULL);
-static uma_zone_t hrl_limit_zone;
+static uma_zone_t hrl_rule_link_zone;
static uma_zone_t hrl_rule_zone;
static struct mtx hrl_lock;
@@ -273,7 +273,7 @@
{
int64_t available[HRL_RESOURCE_MAX];
struct hrl_rule *rule;
- struct hrl_limit *limit;
+ struct hrl_rule_link *link;
struct sbuf sb;
int should_deny = 0;
char *buf;
@@ -300,10 +300,10 @@
/*
* XXX: We should sort the rules somewhat, so that 'log' and 'sig'
* rules come before before 'deny', to spare iterations over
- * the p_container.hc_limits.
+ * the p_container.hc_rule_links.
*/
- LIST_FOREACH(limit, &p->p_container.hc_limits, hl_next) {
- rule = limit->hl_rule;
+ LIST_FOREACH(link, &p->p_container.hc_rule_links, hrl_next) {
+ rule = link->hrl_rule;
if (rule->hr_resource != resource)
continue;
if (!hrl_would_exceed(p, rule, amount))
@@ -372,7 +372,7 @@
{
int i, resource;
int64_t available;
- struct hrl_limit *limit;
+ struct hrl_rule_link *link;
struct hrl_rule *rule;
mtx_assert(&hrl_lock, MA_OWNED);
@@ -380,8 +380,8 @@
for (i = 0; i <= HRL_RESOURCE_MAX; i++)
(*availablep)[i] = INT64_MAX;
- LIST_FOREACH(limit, &p->p_container.hc_limits, hl_next) {
- rule = limit->hl_rule;
+ LIST_FOREACH(link, &p->p_container.hc_rule_links, hrl_next) {
+ rule = link->hrl_rule;
resource = rule->hr_resource;
available = hrl_available_resource(p, rule);
if (available < 0) {
@@ -783,34 +783,34 @@
static void
hrl_container_add_rule(struct hrl_container *container, struct hrl_rule *rule)
{
- struct hrl_limit *limit;
+ struct hrl_rule_link *link;
KASSERT(hrl_rule_fully_specified(rule), ("rule not fully specified"));
hrl_rule_acquire(rule);
- limit = uma_zalloc(hrl_limit_zone, M_WAITOK);
- limit->hl_rule = rule;
+ link = uma_zalloc(hrl_rule_link_zone, M_WAITOK);
+ link->hrl_rule = rule;
mtx_lock(&hrl_lock);
- LIST_INSERT_HEAD(&container->hc_limits, limit, hl_next);
+ LIST_INSERT_HEAD(&container->hc_rule_links, link, hrl_next);
mtx_unlock(&hrl_lock);
}
static int
hrl_container_add_rule_locked(struct hrl_container *container, struct hrl_rule *rule)
{
- struct hrl_limit *limit;
+ struct hrl_rule_link *link;
KASSERT(hrl_rule_fully_specified(rule), ("rule not fully specified"));
mtx_assert(&hrl_lock, MA_OWNED);
- limit = uma_zalloc(hrl_limit_zone, M_NOWAIT);
- if (limit == NULL)
+ link = uma_zalloc(hrl_rule_link_zone, M_NOWAIT);
+ if (link == NULL)
return (ENOMEM);
hrl_rule_acquire(rule);
- limit->hl_rule = rule;
+ link->hrl_rule = rule;
- LIST_INSERT_HEAD(&container->hc_limits, limit, hl_next);
+ LIST_INSERT_HEAD(&container->hc_rule_links, link, hrl_next);
return (0);
}
@@ -824,16 +824,16 @@
const struct hrl_rule *filter)
{
int removed = 0;
- struct hrl_limit *limit, *limittmp;
+ struct hrl_rule_link *link, *linktmp;
mtx_lock(&hrl_lock);
- LIST_FOREACH_SAFE(limit, &container->hc_limits, hl_next, limittmp) {
- if (!hrl_rule_matches(limit->hl_rule, filter))
+ LIST_FOREACH_SAFE(link, &container->hc_rule_links, hrl_next, linktmp) {
+ if (!hrl_rule_matches(link->hrl_rule, filter))
continue;
- LIST_REMOVE(limit, hl_next);
- hrl_rule_release(limit->hl_rule);
- uma_zfree(hrl_limit_zone, limit);
+ LIST_REMOVE(link, hrl_next);
+ hrl_rule_release(link->hrl_rule);
+ uma_zfree(hrl_rule_link_zone, link);
removed++;
}
mtx_unlock(&hrl_lock);
@@ -1489,15 +1489,15 @@
hrl_get_rules_callback(struct hrl_container *container,
const struct hrl_rule *filter, void *arg3)
{
- struct hrl_limit *limit;
+ struct hrl_rule_link *link;
struct sbuf *sb = (struct sbuf *)arg3;
mtx_assert(&hrl_lock, MA_OWNED);
- LIST_FOREACH(limit, &container->hc_limits, hl_next) {
- if (!hrl_rule_matches(limit->hl_rule, filter))
+ LIST_FOREACH(link, &container->hc_rule_links, hrl_next) {
+ if (!hrl_rule_matches(link->hrl_rule, filter))
continue;
- hrl_rule_to_sbuf(sb, limit->hl_rule);
+ hrl_rule_to_sbuf(sb, link->hrl_rule);
sbuf_printf(sb, ",");
}
@@ -1512,7 +1512,7 @@
char *inputstr, *buf;
struct sbuf *sb;
struct hrl_rule *filter;
- struct hrl_limit *limit;
+ struct hrl_rule_link *link;
struct proc *p;
error = hrl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
@@ -1535,16 +1535,16 @@
sx_assert(&allproc_lock, SA_LOCKED);
FOREACH_PROC_IN_SYSTEM(p) {
mtx_lock(&hrl_lock);
- LIST_FOREACH(limit, &p->p_container.hc_limits, hl_next) {
+ LIST_FOREACH(link, &p->p_container.hc_rule_links, hrl_next) {
/*
* Non-process rules will be added to the buffer later.
* Adding them here would result in duplicated output.
*/
- if (limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_PROCESS)
+ if (link->hrl_rule->hr_subject_type != HRL_SUBJECT_TYPE_PROCESS)
continue;
- if (!hrl_rule_matches(limit->hl_rule, filter))
+ if (!hrl_rule_matches(link->hrl_rule, filter))
continue;
- hrl_rule_to_sbuf(sb, limit->hl_rule);
+ hrl_rule_to_sbuf(sb, link->hrl_rule);
sbuf_printf(sb, ",");
}
mtx_unlock(&hrl_lock);
@@ -1584,7 +1584,7 @@
char *inputstr, *buf;
struct sbuf *sb;
struct hrl_rule *filter;
- struct hrl_limit *limit;
+ struct hrl_rule_link *link;
error = hrl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
if (error)
@@ -1620,8 +1620,8 @@
KASSERT(sb != NULL, ("sbuf_new failed"));
mtx_lock(&hrl_lock);
- LIST_FOREACH(limit, &filter->hr_subject.hs_proc->p_container.hc_limits, hl_next) {
- hrl_rule_to_sbuf(sb, limit->hl_rule);
+ LIST_FOREACH(link, &filter->hr_subject.hs_proc->p_container.hc_rule_links, hrl_next) {
+ hrl_rule_to_sbuf(sb, link->hrl_rule);
sbuf_printf(sb, ",");
}
mtx_unlock(&hrl_lock);
@@ -1743,7 +1743,7 @@
hrl_proc_ucred_changing(struct proc *p, struct ucred *newcred)
{
int error;
- struct hrl_limit *limit;
+ struct hrl_rule_link *link;
struct uidinfo *olduip, *newuip;
struct loginclass *oldlc, *newlc;
struct prison *oldpr, *newpr;
@@ -1762,8 +1762,8 @@
/*
* Remove rules that are no longer applicable with the new ucred.
*/
- LIST_FOREACH(limit, &p->p_container.hc_limits, hl_next) {
- switch (limit->hl_rule->hr_subject_type) {
+ LIST_FOREACH(link, &p->p_container.hc_rule_links, hrl_next) {
+ switch (link->hrl_rule->hr_subject_type) {
case HRL_SUBJECT_TYPE_PROCESS:
continue;
case HRL_SUBJECT_TYPE_USER:
@@ -1780,20 +1780,20 @@
break;
default:
panic("hrl_proc_ucred_changing: unknown subject %d",
- limit->hl_rule->hr_subject_type);
+ link->hrl_rule->hr_subject_type);
}
- LIST_REMOVE(limit, hl_next);
- hrl_rule_release(limit->hl_rule);
- uma_zfree(hrl_limit_zone, limit);
+ LIST_REMOVE(link, hrl_next);
+ hrl_rule_release(link->hrl_rule);
+ uma_zfree(hrl_rule_link_zone, link);
}
/*
* Add rules for the new ucred and move between containers where applicable.
*/
if (newuip != olduip) {
- LIST_FOREACH(limit, &newuip->ui_container.hc_limits, hl_next) {
- error = hrl_container_add_rule_locked(&p->p_container, limit->hl_rule);
+ LIST_FOREACH(link, &newuip->ui_container.hc_rule_links, hrl_next) {
+ error = hrl_container_add_rule_locked(&p->p_container, link->hrl_rule);
KASSERT(error == 0, ("XXX: better error handling needed"));
}
@@ -1801,8 +1801,8 @@
hrl_container_join(&p->p_container, &newuip->ui_container);
}
if (newlc != oldlc) {
- LIST_FOREACH(limit, &newlc->lc_container.hc_limits, hl_next) {
- error = hrl_container_add_rule_locked(&p->p_container, limit->hl_rule);
+ LIST_FOREACH(link, &newlc->lc_container.hc_rule_links, hrl_next) {
+ error = hrl_container_add_rule_locked(&p->p_container, link->hrl_rule);
KASSERT(error == 0, ("XXX: better error handling needed"));
}
@@ -1810,8 +1810,8 @@
hrl_container_join(&p->p_container, &newlc->lc_container);
}
if (newpr != oldpr) {
- LIST_FOREACH(limit, &newpr->pr_container.hc_limits, hl_next) {
- error = hrl_container_add_rule_locked(&p->p_container, limit->hl_rule);
+ LIST_FOREACH(link, &newpr->pr_container.hc_rule_links, hrl_next) {
+ error = hrl_container_add_rule_locked(&p->p_container, link->hrl_rule);
KASSERT(error == 0, ("XXX: better error handling needed"));
}
@@ -1831,7 +1831,7 @@
int flags __unused)
{
int error, i;
- struct hrl_limit *limit;
+ struct hrl_rule_link *link;
struct hrl_rule *rule;
struct hrl_container *container;
@@ -1863,9 +1863,9 @@
* Rules with 'process' subject have to be duplicated in order to make their
* hr_subject point to the new process.
*/
- LIST_FOREACH(limit, &parent->p_container.hc_limits, hl_next) {
- if (limit->hl_rule->hr_subject_type == HRL_SUBJECT_TYPE_PROCESS) {
- rule = hrl_rule_duplicate(limit->hl_rule, M_NOWAIT);
+ LIST_FOREACH(link, &parent->p_container.hc_rule_links, hrl_next) {
+ if (link->hrl_rule->hr_subject_type == HRL_SUBJECT_TYPE_PROCESS) {
+ rule = hrl_rule_duplicate(link->hrl_rule, M_NOWAIT);
KASSERT(rule != NULL, ("XXX: better error handling needed"));
KASSERT(rule->hr_subject.hs_proc == parent,
("rule->hr_subject.hs_proc == parent"));
@@ -1874,7 +1874,7 @@
KASSERT(error == 0, ("XXX: better error handling needed"));
hrl_rule_release(rule);
} else {
- error = hrl_container_add_rule_locked(&child->p_container, limit->hl_rule);
+ error = hrl_container_add_rule_locked(&child->p_container, link->hrl_rule);
KASSERT(error == 0, ("XXX: better error handling needed"));
}
}
@@ -1905,14 +1905,14 @@
static void
hrl_proc_exit(void *arg __unused, struct proc *p)
{
- struct hrl_limit *limit;
+ struct hrl_rule_link *link;
mtx_lock(&hrl_lock);
- while (!LIST_EMPTY(&p->p_container.hc_limits)) {
- limit = LIST_FIRST(&p->p_container.hc_limits);
- LIST_REMOVE(limit, hl_next);
- hrl_rule_release(limit->hl_rule);
- uma_zfree(hrl_limit_zone, limit);
+ while (!LIST_EMPTY(&p->p_container.hc_rule_links)) {
+ link = LIST_FIRST(&p->p_container.hc_rule_links);
+ LIST_REMOVE(link, hrl_next);
+ hrl_rule_release(link->hrl_rule);
+ uma_zfree(hrl_rule_link_zone, link);
}
mtx_unlock(&hrl_lock);
}
@@ -1921,7 +1921,7 @@
hrl_init(void)
{
- hrl_limit_zone = uma_zcreate("hrl_limit", sizeof(struct hrl_limit),
+ hrl_rule_link_zone = uma_zcreate("hrl_rule_link", sizeof(struct hrl_rule_link),
NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
hrl_rule_zone = uma_zcreate("hrl_rule", sizeof(struct hrl_rule),
NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
==== //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#42 (text+ko) ====
@@ -39,6 +39,7 @@
struct loginclass;
struct prison;
struct ucred;
+struct hrl_rule_link;
/*
* Hierarchical Resource Limits.
@@ -54,10 +55,10 @@
* 'struct uidinfo' for uid 1984, and 'hr_per' would be equal
* HRL_SUBJECT_TYPE_PROCESS.
*
- * 'hr_refcount' is equal to the number of hrl_limit structures
+ * 'hr_refcount' is equal to the number of hrl_rule_link structures
* pointing to the rule.
*
- * This structure must never change after being added, via hrl_limit
+ * This structure must never change after being added, via hrl_rule_link
* structures, to subjects. In order to change a limit, add a new
* rule and remove the previous one.
*/
@@ -153,7 +154,7 @@
struct hrl_container {
int64_t hc_resources[HRL_RESOURCE_MAX + 1];
struct hrl_container *hc_parents[HRL_HC_PARENTS_MAX + 1];
- LIST_HEAD(, hrl_limit) hc_limits;
+ LIST_HEAD(, hrl_rule_link) hc_rule_links;
};
#ifdef _KERNEL
More information about the p4-projects
mailing list