summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_resource.c
Commit message (Collapse)AuthorAgeFilesLines
* Add new line character to debugging printf's.ps2000-09-181-4/+4
|
* Major update to the way synchronization is done in the kernel. Highlightsjasone2000-09-071-1/+1
| | | | | | | | | | | | | | | include: * Mutual exclusion is used instead of spl*(). See mutex(9). (Note: The alpha port is still in transition and currently uses both.) * Per-CPU idle processes. * Interrupts are run in their own separate kernel threads and can be preempted (i386 only). Partially contributed by: BSDi (BSD/OS) Submissions by (at least): cp, dfr, dillon, grog, jake, jhb, sheldonh
* Change the calls to panic() in uifree(), chgproccnt(), and chgsbsize()truckman2000-09-061-4/+4
| | | | | to printf(). Any errors detected are not likely to be fatal, so it should be safe to let things keep running.
* Remove uidinfo hash table lookup and maintenance out of chgproccnt() andtruckman2000-09-051-0/+142
| | | | | | | | | | | | | | chgsbsize(), which are called rather frequently and may be called from an interrupt context in the case of chgsbsize(). Instead, do the hash table lookup and maintenance when credentials are changed, which is a lot less frequent. Add pointers to the uidinfo structures to the ucred and pcred structures for fast access. Pass a pointer to the credential to chgproccnt() and chgsbsize() instead of passing the uid. Add a reference count to the uidinfo structure and use it to decide when to free the structure rather than freeing the structure when the resource consumption drops to zero. Move the resource tracking code from kern_proc.c to kern_resource.c. Move some duplicate code sequences in kern_prot.c to separate helper functions. Change KASSERTs in this code to unconditional tests and calls to panic().
* o Centralize inter-process access control, introducing:rwatson2000-08-301-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | int p_can(p1, p2, operation, privused) which allows specification of subject process, object process, inter-process operation, and an optional call-by-reference privused flag, allowing the caller to determine if privilege was required for the call to succeed. This allows jail, kern.ps_showallprocs and regular credential-based interaction checks to occur in one block of code. Possible operations are P_CAN_SEE, P_CAN_SCHED, P_CAN_KILL, and P_CAN_DEBUG. p_can currently breaks out as a wrapper to a series of static function checks in kern_prot, which should not be invoked directly. o Commented out capabilities entries are included for some checks. o Update most inter-process authorization to make use of p_can() instead of manual checks, PRISON_CHECK(), P_TRESPASS(), and kern.ps_showallprocs. o Modify suser{,_xxx} to use const arguments, as it no longer modifies process flags due to the disabling of ASU. o Modify some checks/errors in procfs so that ENOENT is returned instead of ESRCH, further improving concealment of processes that should not be visible to other processes. Also introduce new access checks to improve hiding of processes for procfs_lookup(), procfs_getattr(), procfs_readdir(). Correct a bug reported by bp concerning not handling the CREATE case in procfs_lookup(). Remove volatile flag in procfs that caused apparently spurious qualifier warnigns (approved by bde). o Add comment noting that ktrace() has not been updated, as its access control checks are different from ptrace(), whereas they should probably be the same. Further discussion should happen on this topic. Reviewed by: bde, green, phk, freebsd-security, others Approved by: bde Obtained from: TrustedBSD Project
* Revert the suser -> suser_xxx change made previously. It was rightgreen2000-08-241-1/+1
| | | | before.
* Fix a couple cases where p_trespass wasn't transitioned into place.green2000-08-161-9/+3
| | | | Make RTP_SET (rtprio) only accessible to real root, not root in jails.
* fix a typophk2000-06-101-1/+1
|
* o Modify jail to limit creation of sockets to UNIX domain sockets,rwatson2000-06-041-5/+13
| | | | | | | | | | | | | | | | | TCP/IP (v4) sockets, and routing sockets. Previously, interaction with IPv6 was not well-defined, and might be inappropriate for some environments. Similarly, sysctl MIB entries providing interface information also give out only addresses from those protocol domains. For the time being, this functionality is enabled by default, and toggleable using the sysctl variable jail.socket_unixiproute_only. In the future, protocol domains will be able to determine whether or not they are ``jail aware''. o Further limitations on process use of getpriority() and setpriority() by jailed processes. Addresses problem described in kern/17878. Reviewed by: phk, jmg
* Don't try to account for the partial quantum unless the process isphk2000-02-151-4/+0
| | | | | | | | | | curproc. This only makes any difference on SMP, where we used a (potentially very bogus) switchtime from our own CPU to calculate resource usage on another CPU. This should remove some if not all calcru() related warnings on SMP. Approved by: jkh
* Fix a bug that could crash the system if you press ^T while a slowergreen2000-01-281-17/+16
| | | | | | | | | | | | | | | system is slowed down and in the right spot (a race condition in fork()). The "previous time" fields have moved from pstat to proc. Anything which uses KVM needs to be recompiled with a new libkvm/headers. A couple wacky u_quad_t's in struct proc are now u_int64_t (the same, but according to lack of 'quad's in proc.h and usage in kern_resource.c). This will have no effect on code. This has been make-world-and-installed-new-kernel-which-works-fine-tested. Reviewed by: bde (previous version)
* Add a bit of sanity checking and problem avoidance in case thephk1999-11-291-2/+8
| | | | | | | timecounter hardware is bogus. This will produce a new warning "microuptime() went backwards" and try to not screw up the process resource accounting.
* This is a partial commit of the patch from PR 14914:phk1999-11-161-6/+4
| | | | | | | | | | | | | Alot of the code in sys/kern directly accesses the *Q_HEAD and *Q_ENTRY structures for list operations. This patch makes all list operations in sys/kern use the queue(3) macros, rather than directly accessing the *Q_{HEAD,ENTRY} structures. This batch of changes compile to the same object files. Reviewed by: phk Submitted by: Jake Burkholder <jake@checker.org> PR: 14914
* useracc() the prequel:phk1999-10-291-1/+0
| | | | | | | | | | | Merge the contents (less some trivial bordering the silly comments) of <vm/vm_prot.h> and <vm/vm_inherit.h> into <vm/vm.h>. This puts the #defines for the vm_inherit_t and vm_prot_t types next to their typedefs. This paves the road for the commit to follow shortly: change useracc() to use VM_PROT_{READ|WRITE} rather than B_{READ|WRITE} as argument.
* Trim unused options (or #ifdef for undoc options).peter1999-10-111-1/+0
| | | | Submitted by: phk
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* This Implements the mumbled about "Jail" feature.phk1999-04-281-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
* Change suser_xxx() to suser() where it applies.phk1999-04-271-3/+3
|
* Suser() simplification:phk1999-04-271-4/+4
| | | | | | | | | | | | | | | | | | | 1: s/suser/suser_xxx/ 2: Add new function: suser(struct proc *), prototyped in <sys/proc.h>. 3: s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/ The remaining suser_xxx() calls will be scrutinized and dealt with later. There may be some unneeded #include <sys/cred.h>, but they are left as an exercise for Bruce. More changes to the suser() API will come along with the "jail" code.
* Enforce monotonicity of apparent process user, system and interrupt times.bde1999-03-131-22/+51
| | | | PR: 975, 10402
* Fixed runtime accounting. The time since the previous context switchbde1999-03-111-12/+1
| | | | | | | | was discarded on every call to calcru(). Hacking on the `switchtime' global for a related fix in rev.1.38 of kern_resource.c was too fragile and broke when p_switchtime went away. PR: 10402
* The magic "no-cpu" cpu number is 0xff. Don't misrepresent cpubde1999-03-051-2/+2
| | | | | | numbers as chars or use bogus casts in an attempt to unmisrepresnt them. In top, don't assume that 0xff is the only negative cpu number when cpu numbers are (mis)represented.
* Removed all traces of `p_switchtime'. The relevant timestamp is per-cpu,bde1999-02-281-3/+3
| | | | | | | | | | | | | not per-process. Keep it in `switchtime' consistently. It is now clear that the timestamp is always valid in fork_trampoline() except when the child is running on a previously idle cpu, which can only happen if there are multiple cpus, so don't check or set the timestamp in fork_trampoline except in the (i386) SMP case. Just remove the alpha code for setting it unconditionally, since there is no SMP case for alpha and the code had rotted. Parts reviewed by: dfr, phk
* Don't forget to update `switchticks' in corner cases (except forbde1999-02-251-2/+3
| | | | | the alpha fork_trampoline(), forget it because it I believe it is only necessary for the unsupported SMP case).
* Added comments about non-staticization so it doesn't get un-done nextnewton1999-01-311-1/+2
| | | | | | time someone goes on a staticization binge. Suggested by: eivind
* Unstaticized routines which are needed by the svr4 KLD and the streamsnewton1999-01-301-3/+3
| | | | garbage needed to support SysVR4 networking.
* Fixed double counting of runtime after a process exits. The lastbde1998-07-271-1/+11
| | | | | | | | timeslice of the exiting process was counted for both the exiting process and the next process to run if the next process runs immediately. Broken in: mostly in kern_clock.c rev.1.70 (1998/05/28)
* Some cleanups related to timecounters and weird ifdefs in <sys/time.h>.phk1998-05-281-11/+14
| | | | | | | | | | | | | | | | | | | | Clean up (or if antipodic: down) some of the msgbuf stuff. Use an inline function rather than a macro for timecounter delta. Maintain process "on-cpu" time as 64 bits of microseconds to avoid needless second rollover overhead. Avoid calling microuptime the second time in mi_switch() if we do not pass through _idle in cpu_switch() This should reduce our context-switch overhead a bit, in particular on pre-P5 and SMP systems. WARNING: Programs which muck about with struct proc in userland will have to be fixed. Reviewed, but found imperfect by: bde
* s/nanoruntime/nanouptime/gphk1998-05-171-2/+2
| | | | | | s/microruntime/microuptime/g Reviewed by: bde
* Fix previous commit. Don't people read compiler messages or something??peter1998-04-051-2/+2
|
* Time changes mark 2:phk1998-04-041-7/+10
| | | | | | | | | | | | | | | | | * Figure out UTC relative to boottime. Four new functions provide time relative to boottime. * move "runtime" into struct proc. This helps fix the calcru() problem in SMP. * kill mono_time. * add timespec{add|sub|cmp} macros to time.h. (XXX: These may change!) * nanosleep, select & poll takes long sleeps one day at a time Reviewed by: bde Tested by: ache and others
* Reviewed by: msmith, bde long agodufault1998-03-041-2/+5
| | | | | | | Fix for RTPRIO scheduler to eliminate invalid context switches. POSIX.4 headers and sysctl variables. Nothing should change unless POSIX4 is defined or _POSIX_VERSION is set to 199309.
* Staticize.eivind1998-02-091-5/+5
|
* Restrict idleprio to superuser:dg1998-02-041-1/+11
| | | | | | | | | Realtime priority has to be restricted for reasons which should be obvious. However, for idle priority, there is a potential for system deadlock if an idleprio process gains a lock on a resource that other processes need (and the idleprio process can't run due to a CPU-bound normal process). Fix me! XXX PR: 5639
* Set p_retval for the correct process in getpriority(). This fixesbde1998-01-191-3/+3
| | | | | | | | a null pointer panic when the pointer for the incorrect process is NULL. getpriority() was broken in rev.1.27. Rev.1.28 broke the warning instead of fixing the problem. PR: 5495
* Make COMPAT_43 and COMPAT_SUNOS new-style options.eivind1997-12-161-1/+2
|
* Remove a bunch of variables which were unused both in GENERIC and LINT.phk1997-11-071-2/+2
| | | | Found by: -Wunused
* Move the "retval" (3rd) parameter from all syscall functions and putphk1997-11-061-18/+10
| | | | | | | | | | | | it in struct proc instead. This fixes a boatload of compiler warning, and removes a lot of cruft from the sources. I have not removed the /*ARGSUSED*/, they will require some looking at. libkvm, ps and other userland struct proc frobbing programs will need recompiled.
* Print more info in the "calcru: negative time" message.bde1997-08-261-2/+3
|
* Man the liferafts! Here comes the long awaited SMP -> -current merge!peter1997-04-261-2/+4
| | | | | | | | | | | | | | | | There are various options documented in i386/conf/LINT, there is more to come over the next few days. The kernel should run pretty much "as before" without the options to activate SMP mode. There are a handful of known "loose ends" that need to be fixed, but have been put off since the SMP kernel is in a moderately good condition at the moment. This commit is the result of the tinkering and testing over the last 14 months by many people. A special thanks to Steve Passe for implementing the APIC code!
* Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are notpeter1997-02-221-1/+1
| | | | ready for it yet.
* This is the kernel Lite/2 commit. There are some requisite userlanddyson1997-02-101-1/+1
| | | | | | | | | | | | | | | changes, so don't expect to be able to run the kernel as-is (very well) without the appropriate Lite/2 userland changes. The system boots and can mount UFS filesystems. Untested: ext2fs, msdosfs, NFS Known problems: Incorrect Berkeley ID strings in some files. Mount_std mounts will not work until the getfsent library routine is changed. Reviewed by: various people Submitted by: Jeffery Hsu <hsu@freebsd.org>
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Make DFLDSIZ and MAXDSIZ fully-supported options.joerg1996-12-221-1/+3
| | | | "Don't forget to do a ``make depend''" :-)
* Fixed accumulation of run time for processes that don't accumulatebde1996-06-081-7/+5
| | | | | | | | | | | any statclock ticks. Pretend that all the time up to the first statclock tick is system time. . This makes a difference mainly for benchmarks that test short-lived processes - the user and system times for processes that each lived for about 1ms only added up to about 10% of the real time even when there was very little interrupt activity. Break the printing of a quad_t variable correctly.
* From Lite2: proc LIST changeshsu1996-03-111-8/+9
| | | | | stylistic changes to function prototypes Reviewed by: david & bde
* Fix a printf, well, actually break it, that is...phk1996-01-161-10/+10
| | | | We don't have the ability to print 64bit things yet...
* Untangled the vm.h include file spaghetti.dg1995-12-071-1/+6
|
* Included <sys/sysproto.h> to get central declarations for syscall argsbde1995-11-121-1/+18
| | | | | | | | | | structs and prototypes for syscalls. Ifdefed duplicated decentralized declarations of args structs. It's convenient to have this visible but they are hard to maintain. Some are already different from the central declarations. 4.4lite2 puts them in comments in the function headers but I wanted to avoid the large changes for that.
* Fixed types of rtprio(), osetrlimit() and setrlimit(). The args structbde1995-11-111-12/+12
| | | | | tag and/or member names conflicted with the machine generated ones in <sys/sysproto.h>.
OpenPOWER on IntegriCloud