Implement global and per-uid accounting of the anonymous memory. Add

rlimit RLIMIT_SWAP that limits the amount of swap that may be reserved
for the uid.

The accounting information (charge) is associated with either map entry,
or vm object backing the entry, assuming the object is the first one
in the shadow chain and entry does not require COW. Charge is moved
from entry to object on allocation of the object, e.g. during the mmap,
assuming the object is allocated, or on the first page fault on the
entry. It moves back to the entry on forks due to COW setup.

The per-entry granularity of accounting makes the charge process fair
for processes that change uid during lifetime, and decrements charge
for proper uid when region is unmapped.

The interface of vm_pager_allocate(9) is extended by adding struct ucred *,
that is used to charge appropriate uid when allocation if performed by
kernel, e.g. md(4).

Several syscalls, among them is fork(2), may now return ENOMEM when
global or per-uid limits are enforced.

In collaboration with:	pho
Reviewed by:	alc
Approved by:	re (kensmith)

1 files changed, 70 insertions, 3 deletions

diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c
index c73882c..9e65cb4 100644
--- a/sys/vm/vm_object.c
+++ b/sys/vm/vm_object.c
@@ -77,6 +77,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/mutex.h>
 #include <sys/proc.h>		/* for curproc, pageproc */
 #include <sys/socket.h>
+#include <sys/resourcevar.h>
 #include <sys/vnode.h>
 #include <sys/vmmeter.h>
 #include <sys/sx.h>
@@ -222,6 +223,8 @@ _vm_object_allocate(objtype_t type, vm_pindex_t size, vm_object_t object)
 	object->generation = 1;
 	object->ref_count = 1;
 	object->flags = 0;
+	object->uip = NULL;
+	object->charge = 0;
 	if ((object->type == OBJT_DEFAULT) || (object->type == OBJT_SWAP))
 		object->flags = OBJ_ONEMAPPING;
 	object->pg_color = 0;
@@ -609,6 +612,20 @@ vm_object_destroy(vm_object_t object)
 	mtx_unlock(&vm_object_list_mtx);
 
 	/*
+	 * Release the allocation charge.
+	 */
+	if (object->uip != NULL) {
+		KASSERT(object->type == OBJT_DEFAULT ||
+		    object->type == OBJT_SWAP,
+		    ("vm_object_terminate: non-swap obj %p has uip",
+		     object));
+		swap_release_by_uid(object->charge, object->uip);
+		object->charge = 0;
+		uifree(object->uip);
+		object->uip = NULL;
+	}
+
+	/*
 	 * Free the space for the object.
 	 */
 	uma_zfree(obj_zone, object);
@@ -1347,6 +1364,14 @@ vm_object_split(vm_map_entry_t entry)
 			orig_object->backing_object_offset + entry->offset;
 		new_object->backing_object = source;
 	}
+	if (orig_object->uip != NULL) {
+		new_object->uip = orig_object->uip;
+		uihold(orig_object->uip);
+		new_object->charge = ptoa(size);
+		KASSERT(orig_object->charge >= ptoa(size),
+		    ("orig_object->charge < 0"));
+		orig_object->charge -= ptoa(size);
+	}
 retry:
 	if ((m = TAILQ_FIRST(&orig_object->memq)) != NULL) {
 		if (m->pindex < offidxstart) {
@@ -1757,6 +1782,13 @@ vm_object_collapse(vm_object_t object)
 			 * and no object references within it, all that is
 			 * necessary is to dispose of it.
 			 */
+			if (backing_object->uip != NULL) {
+				swap_release_by_uid(backing_object->charge,
+				    backing_object->uip);
+				backing_object->charge = 0;
+				uifree(backing_object->uip);
+				backing_object->uip = NULL;
+			}
 			KASSERT(backing_object->ref_count == 1, ("backing_object %p was somehow re-referenced during collapse!", backing_object));
 			VM_OBJECT_UNLOCK(backing_object);
 
@@ -1994,13 +2026,15 @@ vm_object_populate(vm_object_t object, vm_pindex_t start, vm_pindex_t end)
  *		prev_offset	Offset into prev_object
  *		prev_size	Size of reference to prev_object
  *		next_size	Size of reference to the second object
+ *		reserved	Indicator that extension region has
+ *				swap accounted for
  *
  *	Conditions:
  *	The object must *not* be locked.
  */
 boolean_t
 vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset,
-	vm_size_t prev_size, vm_size_t next_size)
+    vm_size_t prev_size, vm_size_t next_size, boolean_t reserved)
 {
 	vm_pindex_t next_pindex;
 
@@ -2039,6 +2073,28 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset,
 	}
 
 	/*
+	 * Account for the charge.
+	 */
+	if (prev_object->uip != NULL) {
+
+		/*
+		 * If prev_object was charged, then this mapping,
+		 * althought not charged now, may become writable
+		 * later. Non-NULL uip in the object would prevent
+		 * swap reservation during enabling of the write
+		 * access, so reserve swap now. Failed reservation
+		 * cause allocation of the separate object for the map
+		 * entry, and swap reservation for this entry is
+		 * managed in appropriate time.
+		 */
+		if (!reserved && !swap_reserve_by_uid(ptoa(next_size),
+		    prev_object->uip)) {
+			return (FALSE);
+		}
+		prev_object->charge += ptoa(next_size);
+	}
+
+	/*
 	 * Remove any pages that may still be in the object from a previous
 	 * deallocation.
 	 */
@@ -2049,6 +2105,16 @@ vm_object_coalesce(vm_object_t prev_object, vm_ooffset_t prev_offset,
 		if (prev_object->type == OBJT_SWAP)
 			swap_pager_freespace(prev_object,
 					     next_pindex, next_size);
+#if 0
+		if (prev_object->uip != NULL) {
+			KASSERT(prev_object->charge >=
+			    ptoa(prev_object->size - next_pindex),
+			    ("object %p overcharged 1 %jx %jx", prev_object,
+				(uintmax_t)next_pindex, (uintmax_t)next_size));
+			prev_object->charge -= ptoa(prev_object->size -
+			    next_pindex);
+		}
+#endif
 	}
 
 	/*
@@ -2198,9 +2264,10 @@ DB_SHOW_COMMAND(object, vm_object_print_static)
 		return;
 
 	db_iprintf(
-	    "Object %p: type=%d, size=0x%jx, res=%d, ref=%d, flags=0x%x\n",
+	    "Object %p: type=%d, size=0x%jx, res=%d, ref=%d, flags=0x%x uip %d charge %jx\n",
 	    object, (int)object->type, (uintmax_t)object->size,
-	    object->resident_page_count, object->ref_count, object->flags);
+	    object->resident_page_count, object->ref_count, object->flags,
+	    object->uip ? object->uip->ui_uid : -1, (uintmax_t)object->charge);
 	db_iprintf(" sref=%d, backing_object(%d)=(%p)+0x%jx\n",
 	    object->shadow_count, 
 	    object->backing_object ? object->backing_object->ref_count : 0,