Locking for the per-process resource limits structure.

- struct plimit includes a mutex to protect a reference count.  The plimit
  structure is treated similarly to struct ucred in that is is always copy
  on write, so having a reference to a structure is sufficient to read from
  it without needing a further lock.
- The proc lock protects the p_limit pointer and must be held while reading
  limits from a process to keep the limit structure from changing out from
  under you while reading from it.
- Various global limits that are ints are not protected by a lock since
  int writes are atomic on all the archs we support and thus a lock
  wouldn't buy us anything.
- All accesses to individual resource limits from a process are abstracted
  behind a simple lim_rlimit(), lim_max(), and lim_cur() API that return
  either an rlimit, or the current or max individual limit of the specified
  resource from a process.
- dosetrlimit() was renamed to kern_setrlimit() to match existing style of
  other similar syscall helper functions.
- The alpha OSF/1 compat layer no longer calls getrlimit() and setrlimit()
  (it didn't used the stackgap when it should have) but uses lim_rlimit()
  and kern_setrlimit() instead.
- The svr4 compat no longer uses the stackgap for resource limits calls,
  but uses lim_rlimit() and kern_setrlimit() instead.
- The ibcs2 compat no longer uses the stackgap for resource limits.  It
  also no longer uses the stackgap for accessing sysctl's for the
  ibcs2_sysconf() syscall but uses kernel_sysctl() instead.  As a result,
  ibcs2_sysconf() no longer needs Giant.
- The p_rlimit macro no longer exists.

Submitted by:	mtm (mostly, I only did a few cleanups and catchups)
Tested on:	i386
Compiled on:	alpha, amd64

5 files changed, 44 insertions, 19 deletions

diff --git a/sys/fs/fdescfs/fdesc_vfsops.c b/sys/fs/fdescfs/fdesc_vfsops.c
index a958308..c80e8eb 100644
--- a/sys/fs/fdescfs/fdesc_vfsops.c
+++ b/sys/fs/fdescfs/fdesc_vfsops.c
@@ -169,7 +169,9 @@ fdesc_statfs(mp, sbp, td)
 	 * limit is ever reduced below the current number
 	 * of open files... ]
 	 */
-	lim = td->td_proc->p_rlimit[RLIMIT_NOFILE].rlim_cur;
+	PROC_LOCK(td->td_proc);
+	lim = lim_cur(td->td_proc, RLIMIT_NOFILE);
+	PROC_UNLOCK(td->td_proc);
 	fdp = td->td_proc->p_fd;
 	FILEDESC_LOCK(fdp);
 	last = min(fdp->fd_nfiles, lim);
diff --git a/sys/fs/msdosfs/msdosfs_vnops.c b/sys/fs/msdosfs/msdosfs_vnops.c
index 0e1ea91..728fd10 100644
--- a/sys/fs/msdosfs/msdosfs_vnops.c
+++ b/sys/fs/msdosfs/msdosfs_vnops.c
@@ -646,13 +646,15 @@ msdosfs_write(ap)
 	/*
 	 * If they've exceeded their filesize limit, tell them about it.
 	 */
-	if (td &&
-	    ((uoff_t)uio->uio_offset + uio->uio_resid >
-	    td->td_proc->p_rlimit[RLIMIT_FSIZE].rlim_cur)) {
+	if (td != NULL) {
 		PROC_LOCK(td->td_proc);
-		psignal(td->td_proc, SIGXFSZ);
+		if ((uoff_t)uio->uio_offset + uio->uio_resid >
+		    lim_cur(td->td_proc, RLIMIT_FSIZE)) {
+			psignal(td->td_proc, SIGXFSZ);
+			PROC_UNLOCK(td->td_proc);
+			return (EFBIG);
+		}
 		PROC_UNLOCK(td->td_proc);
-		return (EFBIG);
 	}
 
 	if ((uoff_t)uio->uio_offset + uio->uio_resid > DOS_FILESIZE_MAX)
diff --git a/sys/fs/nwfs/nwfs_io.c b/sys/fs/nwfs/nwfs_io.c
index d0ab8e5..c1d19ab 100644
--- a/sys/fs/nwfs/nwfs_io.c
+++ b/sys/fs/nwfs/nwfs_io.c
@@ -235,12 +235,15 @@ nwfs_writevnode(vp, uiop, cred, ioflag)
 		}
 	}
 	if (uiop->uio_resid == 0) return 0;
-	if (td && uiop->uio_offset + uiop->uio_resid
-	    > td->td_proc->p_rlimit[RLIMIT_FSIZE].rlim_cur) {
+	if (td != NULL) {
 		PROC_LOCK(td->td_proc);
-		psignal(td->td_proc, SIGXFSZ);
+		if  (uiop->uio_offset + uiop->uio_resid >
+		    lim_cur(td->td_proc, RLIMIT_FSIZE)) {
+			psignal(td->td_proc, SIGXFSZ);
+			PROC_UNLOCK(td->td_proc);
+			return (EFBIG);
+		}
 		PROC_UNLOCK(td->td_proc);
-		return (EFBIG);
 	}
 	error = ncp_write(NWFSTOCONN(nmp), &np->n_fh, uiop, cred);
 	NCPVNDEBUG("after: ofs=%d,resid=%d\n",(int)uiop->uio_offset, uiop->uio_resid);
diff --git a/sys/fs/procfs/procfs_rlimit.c b/sys/fs/procfs/procfs_rlimit.c
index 396c079..a9bb64d 100644
--- a/sys/fs/procfs/procfs_rlimit.c
+++ b/sys/fs/procfs/procfs_rlimit.c
@@ -46,11 +46,15 @@
 #define _RLIMIT_IDENT
 
 #include <sys/param.h>
+#include <sys/lock.h>
+#include <sys/mutex.h>
 #include <sys/systm.h>
 #include <sys/proc.h>
 #include <sys/resourcevar.h>
 #include <sys/resource.h>
 #include <sys/sbuf.h>
+#include <sys/types.h>
+#include <sys/malloc.h>
 
 #include <fs/pseudofs/pseudofs.h>
 #include <fs/procfs/procfs.h>
@@ -59,8 +63,17 @@
 int
 procfs_doprocrlimit(PFS_FILL_ARGS)
 {
+	struct plimit *limp;
 	int i;
 
+	/*
+	 * Obtain a private reference to resource limits
+	 */
+
+	PROC_LOCK(p);
+	limp = lim_hold(p->p_limit);
+	PROC_UNLOCK(p);
+
 	for (i = 0; i < RLIM_NLIMITS; i++) {
 
 		/*
@@ -77,24 +90,25 @@ procfs_doprocrlimit(PFS_FILL_ARGS)
 		 * current limit
 		 */
 
-		if (p->p_rlimit[i].rlim_cur == RLIM_INFINITY) {
+		if (limp->pl_rlimit[i].rlim_cur == RLIM_INFINITY) {
 			sbuf_printf(sb, "-1 ");
 		} else {
 			sbuf_printf(sb, "%llu ",
-				(unsigned long long)p->p_rlimit[i].rlim_cur);
+			    (unsigned long long)limp->pl_rlimit[i].rlim_cur);
 		}
 
 		/*
 		 * maximum limit
 		 */
 
-		if (p->p_rlimit[i].rlim_max == RLIM_INFINITY) {
+		if (limp->pl_rlimit[i].rlim_max == RLIM_INFINITY) {
 			sbuf_printf(sb, "-1\n");
 		} else {
 			sbuf_printf(sb, "%llu\n",
-				(unsigned long long)p->p_rlimit[i].rlim_max);
+			    (unsigned long long)limp->pl_rlimit[i].rlim_max);
 		}
 	}
 
+	lim_free(limp);
 	return (0);
 }
diff --git a/sys/fs/smbfs/smbfs_io.c b/sys/fs/smbfs/smbfs_io.c
index 99f7c7d..5a0606c 100644
--- a/sys/fs/smbfs/smbfs_io.c
+++ b/sys/fs/smbfs/smbfs_io.c
@@ -277,11 +277,15 @@ smbfs_writevnode(struct vnode *vp, struct uio *uiop,
 	}
 	if (uiop->uio_resid == 0)
 		return 0;
-	if (p && uiop->uio_offset + uiop->uio_resid > p->p_rlimit[RLIMIT_FSIZE].rlim_cur) {
-		PROC_LOCK(td->td_proc);
-		psignal(td->td_proc, SIGXFSZ);
-		PROC_UNLOCK(td->td_proc);
-		return EFBIG;
+	if (p != NULL) {
+		PROC_LOCK(p);
+		if (uiop->uio_offset + uiop->uio_resid >
+		    lim_cur(p, RLIMIT_FSIZE)) {
+			psignal(p, SIGXFSZ);
+			PROC_UNLOCK(p);
+			return EFBIG;
+		}
+		PROC_UNLOCK(p);
 	}
 	smb_makescred(&scred, td, cred);
 	error = smb_write(smp->sm_share, np->n_fid, uiop, &scred);