diff options
author | mjg <mjg@FreeBSD.org> | 2015-06-10 10:48:12 +0000 |
---|---|---|
committer | mjg <mjg@FreeBSD.org> | 2015-06-10 10:48:12 +0000 |
commit | d7bc9285a673d676370f95a84ce93ef553c8688c (patch) | |
tree | dbbb077ee034cbfe839c1ba19dbe5ce374a5c6a3 /sys/kern | |
parent | 67f2eebb44e1f27017750eddaf5a5ea513cb9c71 (diff) | |
download | FreeBSD-src-d7bc9285a673d676370f95a84ce93ef553c8688c.zip FreeBSD-src-d7bc9285a673d676370f95a84ce93ef553c8688c.tar.gz |
Implement lockless resource limits.
Use the same scheme implemented to manage credentials.
Code needing to look at process's credentials (as opposed to thred's) is
provided with *_proc variants of relevant functions.
Places which possibly had to take the proc lock anyway still use the proc
pointer to access limits.
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/imgact_aout.c | 2 | ||||
-rw-r--r-- | sys/kern/imgact_elf.c | 8 | ||||
-rw-r--r-- | sys/kern/imgact_gzip.c | 2 | ||||
-rw-r--r-- | sys/kern/kern_descrip.c | 24 | ||||
-rw-r--r-- | sys/kern/kern_event.c | 6 | ||||
-rw-r--r-- | sys/kern/kern_exec.c | 2 | ||||
-rw-r--r-- | sys/kern/kern_fork.c | 4 | ||||
-rw-r--r-- | sys/kern/kern_proc.c | 2 | ||||
-rw-r--r-- | sys/kern/kern_resource.c | 92 | ||||
-rw-r--r-- | sys/kern/kern_sig.c | 2 | ||||
-rw-r--r-- | sys/kern/kern_syscalls.c | 1 | ||||
-rw-r--r-- | sys/kern/kern_thread.c | 6 | ||||
-rw-r--r-- | sys/kern/subr_uio.c | 4 | ||||
-rw-r--r-- | sys/kern/sysv_shm.c | 2 | ||||
-rw-r--r-- | sys/kern/tty_pts.c | 4 | ||||
-rw-r--r-- | sys/kern/uipc_sockbuf.c | 4 | ||||
-rw-r--r-- | sys/kern/vfs_vnops.c | 7 |
17 files changed, 97 insertions, 75 deletions
diff --git a/sys/kern/imgact_aout.c b/sys/kern/imgact_aout.c index edd5f5f..3165ac0 100644 --- a/sys/kern/imgact_aout.c +++ b/sys/kern/imgact_aout.c @@ -248,7 +248,7 @@ exec_aout_imgact(struct image_params *imgp) a_out->a_text > maxtsiz || /* data + bss can't exceed rlimit */ - a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA) || + a_out->a_data + bss_size > lim_cur_proc(imgp->proc, RLIMIT_DATA) || racct_set(imgp->proc, RACCT_DATA, a_out->a_data + bss_size) != 0) { PROC_UNLOCK(imgp->proc); return (ENOMEM); diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index c3953fe..0675128 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c @@ -908,11 +908,11 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) * not actually fault in all the segments pages. */ PROC_LOCK(imgp->proc); - if (data_size > lim_cur(imgp->proc, RLIMIT_DATA)) + if (data_size > lim_cur_proc(imgp->proc, RLIMIT_DATA)) err_str = "Data segment size exceeds process limit"; else if (text_size > maxtsiz) err_str = "Text segment size exceeds system limit"; - else if (total_size > lim_cur(imgp->proc, RLIMIT_VMEM)) + else if (total_size > lim_cur_proc(imgp->proc, RLIMIT_VMEM)) err_str = "Total segment size exceeds process limit"; else if (racct_set(imgp->proc, RACCT_DATA, data_size) != 0) err_str = "Data segment size exceeds resource limit"; @@ -936,7 +936,7 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) * calculation is that it leaves room for the heap to grow to * its maximum allowed size. */ - addr = round_page((vm_offset_t)vmspace->vm_daddr + lim_max(imgp->proc, + addr = round_page((vm_offset_t)vmspace->vm_daddr + lim_max(curthread, RLIMIT_DATA)); PROC_UNLOCK(imgp->proc); @@ -1983,7 +1983,7 @@ note_procstat_rlimit(void *arg, struct sbuf *sb, size_t *sizep) sbuf_bcat(sb, &structsize, sizeof(structsize)); PROC_LOCK(p); for (i = 0; i < RLIM_NLIMITS; i++) - lim_rlimit(p, i, &rlim[i]); + lim_rlimit_proc(p, i, &rlim[i]); PROC_UNLOCK(p); sbuf_bcat(sb, rlim, sizeof(rlim)); } diff --git a/sys/kern/imgact_gzip.c b/sys/kern/imgact_gzip.c index ab77a88..47b7280 100644 --- a/sys/kern/imgact_gzip.c +++ b/sys/kern/imgact_gzip.c @@ -212,7 +212,7 @@ do_aout_hdr(struct imgact_gzip * gz) /* data + bss can't exceed rlimit */ gz->a_out.a_data + gz->bss_size > - lim_cur(gz->ip->proc, RLIMIT_DATA) || + lim_cur_proc(gz->ip->proc, RLIMIT_DATA) || racct_set(gz->ip->proc, RACCT_DATA, gz->a_out.a_data + gz->bss_size) != 0) { PROC_UNLOCK(gz->ip->proc); diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 98a15d8..d16f3f9 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -109,7 +109,7 @@ static void fdgrowtable(struct filedesc *fdp, int nfd); static void fdgrowtable_exp(struct filedesc *fdp, int nfd); static void fdunused(struct filedesc *fdp, int fd); static void fdused(struct filedesc *fdp, int fd); -static int getmaxfd(struct proc *p); +static int getmaxfd(struct thread *td); /* Flags for do_dup() */ #define DUP_FIXED 0x1 /* Force fixed allocation. */ @@ -328,16 +328,19 @@ struct getdtablesize_args { int sys_getdtablesize(struct thread *td, struct getdtablesize_args *uap) { - struct proc *p = td->td_proc; +#ifdef RACCT uint64_t lim; +#endif - PROC_LOCK(p); td->td_retval[0] = - min((int)lim_cur(p, RLIMIT_NOFILE), maxfilesperproc); + min((int)lim_cur(td, RLIMIT_NOFILE), maxfilesperproc); +#ifdef RACCT + PROC_LOCK(p); lim = racct_get_limit(td->td_proc, RACCT_NOFILE); PROC_UNLOCK(p); if (lim < td->td_retval[0]) td->td_retval[0] = lim; +#endif return (0); } @@ -780,15 +783,10 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg) } static int -getmaxfd(struct proc *p) +getmaxfd(struct thread *td) { - int maxfd; - - PROC_LOCK(p); - maxfd = min((int)lim_cur(p, RLIMIT_NOFILE), maxfilesperproc); - PROC_UNLOCK(p); - return (maxfd); + return (min((int)lim_cur(td, RLIMIT_NOFILE), maxfilesperproc)); } /* @@ -816,7 +814,7 @@ do_dup(struct thread *td, int flags, int old, int new) return (EBADF); if (new < 0) return (flags & DUP_FCNTL ? EINVAL : EBADF); - maxfd = getmaxfd(p); + maxfd = getmaxfd(td); if (new >= maxfd) return (flags & DUP_FCNTL ? EINVAL : EBADF); @@ -1616,7 +1614,7 @@ fdalloc(struct thread *td, int minfd, int *result) if (fdp->fd_freefile > minfd) minfd = fdp->fd_freefile; - maxfd = getmaxfd(p); + maxfd = getmaxfd(td); /* * Search the bitmap for a free descriptor starting at minfd. diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index 9000add..ff17fe9 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -754,14 +754,10 @@ kern_kqueue(struct thread *td, int flags) p = td->td_proc; cred = td->td_ucred; crhold(cred); - PROC_LOCK(p); - if (!chgkqcnt(cred->cr_ruidinfo, 1, lim_cur(td->td_proc, - RLIMIT_KQUEUES))) { - PROC_UNLOCK(p); + if (!chgkqcnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_KQUEUES))) { crfree(cred); return (ENOMEM); } - PROC_UNLOCK(p); fdp = p->p_fd; error = falloc(td, &fp, &fd, flags); diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 8668f0d..d3ae4f0 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1073,7 +1073,7 @@ exec_new_vmspace(imgp, sv) if (imgp->stack_sz != 0) { ssiz = trunc_page(imgp->stack_sz); PROC_LOCK(p); - lim_rlimit(p, RLIMIT_STACK, &rlim_stack); + lim_rlimit_proc(p, RLIMIT_STACK, &rlim_stack); PROC_UNLOCK(p); if (ssiz > rlim_stack.rlim_max) ssiz = rlim_stack.rlim_max; diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c index 835b497..3fd4f09 100644 --- a/sys/kern/kern_fork.c +++ b/sys/kern/kern_fork.c @@ -912,10 +912,8 @@ fork1(struct thread *td, int flags, int pages, struct proc **procp, if (error == 0) ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0); else { - PROC_LOCK(p1); ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, - lim_cur(p1, RLIMIT_NPROC)); - PROC_UNLOCK(p1); + lim_cur(td, RLIMIT_NPROC)); } if (ok) { do_fork(td, flags, newproc, td2, vm2, pdflags); diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index fc33feb..27c6f40 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -2615,7 +2615,7 @@ sysctl_kern_proc_rlimit(SYSCTL_HANDLER_ARGS) */ if (req->oldptr != NULL) { PROC_LOCK(p); - lim_rlimit(p, which, &rlim); + lim_rlimit_proc(p, which, &rlim); PROC_UNLOCK(p); } error = SYSCTL_OUT(req, &rlim, sizeof(rlim)); diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index dac49cd..546f3b2 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -560,15 +560,11 @@ ogetrlimit(struct thread *td, register struct ogetrlimit_args *uap) { struct orlimit olim; struct rlimit rl; - struct proc *p; int error; if (uap->which >= RLIM_NLIMITS) return (EINVAL); - p = td->td_proc; - PROC_LOCK(p); - lim_rlimit(p, uap->which, &rl); - PROC_UNLOCK(p); + lim_rlimit(td, uap->which, &rl); /* * XXX would be more correct to convert only RLIM_INFINITY to the @@ -625,7 +621,7 @@ lim_cb(void *arg) } PROC_STATUNLOCK(p); if (p->p_rux.rux_runtime > p->p_cpulimit * cpu_tickrate()) { - lim_rlimit(p, RLIMIT_CPU, &rlim); + lim_rlimit_proc(p, RLIMIT_CPU, &rlim); if (p->p_rux.rux_runtime >= rlim.rlim_max * cpu_tickrate()) { killproc(p, "exceeded maximum CPU limit"); } else { @@ -667,29 +663,21 @@ kern_proc_setrlimit(struct thread *td, struct proc *p, u_int which, limp->rlim_max = RLIM_INFINITY; oldssiz.rlim_cur = 0; - newlim = NULL; + newlim = lim_alloc(); PROC_LOCK(p); - if (lim_shared(p->p_limit)) { - PROC_UNLOCK(p); - newlim = lim_alloc(); - PROC_LOCK(p); - } oldlim = p->p_limit; alimp = &oldlim->pl_rlimit[which]; if (limp->rlim_cur > alimp->rlim_max || limp->rlim_max > alimp->rlim_max) if ((error = priv_check(td, PRIV_PROC_SETRLIMIT))) { PROC_UNLOCK(p); - if (newlim != NULL) - lim_free(newlim); + lim_free(newlim); return (error); } if (limp->rlim_cur > limp->rlim_max) limp->rlim_cur = limp->rlim_max; - if (newlim != NULL) { - lim_copy(newlim, oldlim); - alimp = &newlim->pl_rlimit[which]; - } + lim_copy(newlim, oldlim); + alimp = &newlim->pl_rlimit[which]; switch (which) { @@ -739,11 +727,10 @@ kern_proc_setrlimit(struct thread *td, struct proc *p, u_int which, if (p->p_sysent->sv_fixlimit != NULL) p->p_sysent->sv_fixlimit(limp, which); *alimp = *limp; - if (newlim != NULL) - p->p_limit = newlim; + p->p_limit = newlim; + PROC_UPDATE_COW(p); PROC_UNLOCK(p); - if (newlim != NULL) - lim_free(oldlim); + lim_free(oldlim); if (which == RLIMIT_STACK && /* @@ -793,15 +780,11 @@ int sys_getrlimit(struct thread *td, register struct __getrlimit_args *uap) { struct rlimit rlim; - struct proc *p; int error; if (uap->which >= RLIM_NLIMITS) return (EINVAL); - p = td->td_proc; - PROC_LOCK(p); - lim_rlimit(p, uap->which, &rlim); - PROC_UNLOCK(p); + lim_rlimit(td, uap->which, &rlim); error = copyout(&rlim, uap->rlp, sizeof(struct rlimit)); return (error); } @@ -1172,11 +1155,20 @@ lim_copy(struct plimit *dst, struct plimit *src) * which parameter specifies the index into the rlimit array. */ rlim_t -lim_max(struct proc *p, int which) +lim_max(struct thread *td, int which) { struct rlimit rl; - lim_rlimit(p, which, &rl); + lim_rlimit(td, which, &rl); + return (rl.rlim_max); +} + +rlim_t +lim_max_proc(struct proc *p, int which) +{ + struct rlimit rl; + + lim_rlimit_proc(p, which, &rl); return (rl.rlim_max); } @@ -1185,11 +1177,20 @@ lim_max(struct proc *p, int which) * The which parameter which specifies the index into the rlimit array */ rlim_t -lim_cur(struct proc *p, int which) +lim_cur(struct thread *td, int which) { struct rlimit rl; - lim_rlimit(p, which, &rl); + lim_rlimit(td, which, &rl); + return (rl.rlim_cur); +} + +rlim_t +lim_cur_proc(struct proc *p, int which) +{ + struct rlimit rl; + + lim_rlimit_proc(p, which, &rl); return (rl.rlim_cur); } @@ -1198,7 +1199,20 @@ lim_cur(struct proc *p, int which) * specified by 'which' in the rlimit structure pointed to by 'rlp'. */ void -lim_rlimit(struct proc *p, int which, struct rlimit *rlp) +lim_rlimit(struct thread *td, int which, struct rlimit *rlp) +{ + struct proc *p = td->td_proc; + + MPASS(td == curthread); + KASSERT(which >= 0 && which < RLIM_NLIMITS, + ("request for invalid resource limit")); + *rlp = td->td_limit->pl_rlimit[which]; + if (p->p_sysent->sv_fixlimit != NULL) + p->p_sysent->sv_fixlimit(rlp, which); +} + +void +lim_rlimit_proc(struct proc *p, int which, struct rlimit *rlp) { PROC_LOCK_ASSERT(p, MA_OWNED); @@ -1441,3 +1455,17 @@ chgkqcnt(struct uidinfo *uip, int diff, rlim_t max) } return (1); } + +void +lim_update_thread(struct thread *td) +{ + struct proc *p; + struct plimit *lim; + + p = td->td_proc; + lim = td->td_limit; + PROC_LOCK_ASSERT(p, MA_OWNED); + td->td_limit = lim_hold(p->p_limit); + if (lim != NULL) + lim_free(lim); +} diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 5d48060..b70da5b 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -3309,7 +3309,7 @@ coredump(struct thread *td) * a corefile is truncated instead of not being created, * if it is larger than the limit. */ - limit = (off_t)lim_cur(p, RLIMIT_CORE); + limit = (off_t)lim_cur(td, RLIMIT_CORE); if (limit == 0 || racct_get_available(p, RACCT_CORE) == 0) { PROC_UNLOCK(p); return (EFBIG); diff --git a/sys/kern/kern_syscalls.c b/sys/kern/kern_syscalls.c index 3d3df01..15574be 100644 --- a/sys/kern/kern_syscalls.c +++ b/sys/kern/kern_syscalls.c @@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$"); #include <sys/module.h> #include <sys/mutex.h> #include <sys/proc.h> +#include <sys/resourcevar.h> #include <sys/sx.h> #include <sys/syscall.h> #include <sys/sysent.h> diff --git a/sys/kern/kern_thread.c b/sys/kern/kern_thread.c index 2e97553..4343b64 100644 --- a/sys/kern/kern_thread.c +++ b/sys/kern/kern_thread.c @@ -389,6 +389,7 @@ thread_cow_get_proc(struct thread *newtd, struct proc *p) PROC_LOCK_ASSERT(p, MA_OWNED); newtd->td_ucred = crhold(p->p_ucred); + newtd->td_limit = lim_hold(p->p_limit); newtd->td_cowgen = p->p_cowgen; } @@ -397,6 +398,7 @@ thread_cow_get(struct thread *newtd, struct thread *td) { newtd->td_ucred = crhold(td->td_ucred); + newtd->td_limit = lim_hold(td->td_limit); newtd->td_cowgen = td->td_cowgen; } @@ -406,6 +408,8 @@ thread_cow_free(struct thread *td) if (td->td_ucred) crfree(td->td_ucred); + if (td->td_limit) + lim_free(td->td_limit); } void @@ -417,6 +421,8 @@ thread_cow_update(struct thread *td) PROC_LOCK(p); if (td->td_ucred != p->p_ucred) cred_update_thread(td); + if (td->td_limit != p->p_limit) + lim_update_thread(td); td->td_cowgen = p->p_cowgen; PROC_UNLOCK(p); } diff --git a/sys/kern/subr_uio.c b/sys/kern/subr_uio.c index 410085e..aac6eb6 100644 --- a/sys/kern/subr_uio.c +++ b/sys/kern/subr_uio.c @@ -409,10 +409,8 @@ copyout_map(struct thread *td, vm_offset_t *addr, size_t sz) /* * Map somewhere after heap in process memory. */ - PROC_LOCK(td->td_proc); *addr = round_page((vm_offset_t)vms->vm_daddr + - lim_max(td->td_proc, RLIMIT_DATA)); - PROC_UNLOCK(td->td_proc); + lim_max(td, RLIMIT_DATA)); /* round size up to page boundry */ size = (vm_size_t)round_page(sz); diff --git a/sys/kern/sysv_shm.c b/sys/kern/sysv_shm.c index 3240a5f..3eb126b 100644 --- a/sys/kern/sysv_shm.c +++ b/sys/kern/sysv_shm.c @@ -382,7 +382,7 @@ kern_shmat_locked(struct thread *td, int shmid, const void *shmaddr, */ PROC_LOCK(p); attach_va = round_page((vm_offset_t)p->p_vmspace->vm_daddr + - lim_max(p, RLIMIT_DATA)); + lim_max_proc(p, RLIMIT_DATA)); PROC_UNLOCK(p); } diff --git a/sys/kern/tty_pts.c b/sys/kern/tty_pts.c index 2d1e8fe..fcc9c47 100644 --- a/sys/kern/tty_pts.c +++ b/sys/kern/tty_pts.c @@ -741,7 +741,7 @@ pts_alloc(int fflags, struct thread *td, struct file *fp) PROC_UNLOCK(p); return (EAGAIN); } - ok = chgptscnt(cred->cr_ruidinfo, 1, lim_cur(p, RLIMIT_NPTS)); + ok = chgptscnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_NPTS)); if (!ok) { racct_sub(p, RACCT_NPTS, 1); PROC_UNLOCK(p); @@ -795,7 +795,7 @@ pts_alloc_external(int fflags, struct thread *td, struct file *fp, PROC_UNLOCK(p); return (EAGAIN); } - ok = chgptscnt(cred->cr_ruidinfo, 1, lim_cur(p, RLIMIT_NPTS)); + ok = chgptscnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_NPTS)); if (!ok) { racct_sub(p, RACCT_NPTS, 1); PROC_UNLOCK(p); diff --git a/sys/kern/uipc_sockbuf.c b/sys/kern/uipc_sockbuf.c index 88952ed..243450d 100644 --- a/sys/kern/uipc_sockbuf.c +++ b/sys/kern/uipc_sockbuf.c @@ -420,9 +420,7 @@ sbreserve_locked(struct sockbuf *sb, u_long cc, struct socket *so, if (cc > sb_max_adj) return (0); if (td != NULL) { - PROC_LOCK(td->td_proc); - sbsize_limit = lim_cur(td->td_proc, RLIMIT_SBSIZE); - PROC_UNLOCK(td->td_proc); + sbsize_limit = lim_cur(td, RLIMIT_SBSIZE); } else sbsize_limit = RLIM_INFINITY; if (!chgsbsize(so->so_cred->cr_uidinfo, &sb->sb_hiwat, cc, diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index 573d009..0b073b9 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -2106,19 +2106,18 @@ vn_vget_ino_gen(struct vnode *vp, vn_get_ino_t alloc, void *alloc_arg, int vn_rlimit_fsize(const struct vnode *vp, const struct uio *uio, - const struct thread *td) + struct thread *td) { if (vp->v_type != VREG || td == NULL) return (0); - PROC_LOCK(td->td_proc); if ((uoff_t)uio->uio_offset + uio->uio_resid > - lim_cur(td->td_proc, RLIMIT_FSIZE)) { + lim_cur(td, RLIMIT_FSIZE)) { + PROC_LOCK(td->td_proc); kern_psignal(td->td_proc, SIGXFSZ); PROC_UNLOCK(td->td_proc); return (EFBIG); } - PROC_UNLOCK(td->td_proc); return (0); } |