From 1191e723226364d278286525dd91e07dc3941f7b Mon Sep 17 00:00:00 2001 From: trasz Date: Thu, 31 Mar 2016 17:00:47 +0000 Subject: Fix overflows, making it impossible to add negative amounts using rctl(8). MFC after: 1 month Sponsored by: The FreeBSD Foundation --- sys/kern/kern_rctl.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'sys/kern/kern_rctl.c') diff --git a/sys/kern/kern_rctl.c b/sys/kern/kern_rctl.c index b0d3fd6..6edeb82 100644 --- a/sys/kern/kern_rctl.c +++ b/sys/kern/kern_rctl.c @@ -642,6 +642,9 @@ str2int64(const char *str, int64_t *value) if ((size_t)(end - str) != strlen(str)) return (EINVAL); + if (*value < 0) + return (ERANGE); + return (0); } @@ -1008,8 +1011,13 @@ rctl_string_to_rule(char *rulestr, struct rctl_rule **rulep) error = str2int64(amountstr, &rule->rr_amount); if (error != 0) goto out; - if (RACCT_IS_IN_MILLIONS(rule->rr_resource)) + if (RACCT_IS_IN_MILLIONS(rule->rr_resource)) { + if (rule->rr_amount > INT64_MAX / 1000000) { + error = ERANGE; + goto out; + } rule->rr_amount *= 1000000; + } } if (perstr == NULL || perstr[0] == '\0') -- cgit v1.1 From fe839a29fe4ce5f4dffa814f4dae266be09a2ff2 Mon Sep 17 00:00:00 2001 From: trasz Date: Thu, 31 Mar 2016 17:32:28 +0000 Subject: Refactor; no functional changes. MFC after: 1 month Sponsored by: The FreeBSD Foundation --- sys/kern/kern_rctl.c | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) (limited to 'sys/kern/kern_rctl.c') diff --git a/sys/kern/kern_rctl.c b/sys/kern/kern_rctl.c index 6edeb82..c0ea5bc 100644 --- a/sys/kern/kern_rctl.c +++ b/sys/kern/kern_rctl.c @@ -219,43 +219,43 @@ rctl_resource_name(int resource) panic("rctl_resource_name: unknown resource %d", resource); } -/* - * Return the amount of resource that can be allocated by 'p' before - * hitting 'rule'. - */ -static int64_t -rctl_available_resource(const struct proc *p, const struct rctl_rule *rule) +static struct racct * +rctl_proc_rule_to_racct(const struct proc *p, const struct rctl_rule *rule) { - int resource; - int64_t available = INT64_MAX; struct ucred *cred = p->p_ucred; ASSERT_RACCT_ENABLED(); rw_assert(&rctl_lock, RA_LOCKED); - resource = rule->rr_resource; switch (rule->rr_per) { case RCTL_SUBJECT_TYPE_PROCESS: - available = rule->rr_amount - - p->p_racct->r_resources[resource]; - break; + return (p->p_racct); case RCTL_SUBJECT_TYPE_USER: - available = rule->rr_amount - - cred->cr_ruidinfo->ui_racct->r_resources[resource]; - break; + return (cred->cr_ruidinfo->ui_racct); case RCTL_SUBJECT_TYPE_LOGINCLASS: - available = rule->rr_amount - - cred->cr_loginclass->lc_racct->r_resources[resource]; - break; + return (cred->cr_loginclass->lc_racct); case RCTL_SUBJECT_TYPE_JAIL: - available = rule->rr_amount - - cred->cr_prison->pr_prison_racct->prr_racct-> - r_resources[resource]; - break; + return (cred->cr_prison->pr_prison_racct->prr_racct); default: - panic("rctl_compute_available: unknown per %d", - rule->rr_per); + panic("%s: unknown per %d", __func__, rule->rr_per); } +} + +/* + * Return the amount of resource that can be allocated by 'p' before + * hitting 'rule'. + */ +static int64_t +rctl_available_resource(const struct proc *p, const struct rctl_rule *rule) +{ + int64_t available; + const struct racct *racct; + + ASSERT_RACCT_ENABLED(); + rw_assert(&rctl_lock, RA_LOCKED); + + racct = rctl_proc_rule_to_racct(p, rule); + available = rule->rr_amount - racct->r_resources[rule->rr_resource]; return (available); } -- cgit v1.1 From e0e88029f1d404f5a73b978a88bfc87d184af472 Mon Sep 17 00:00:00 2001 From: trasz Date: Sat, 2 Apr 2016 09:11:52 +0000 Subject: Add configurable rate limit for "log" and "devctl" actions. MFC after: 1 month Sponsored by: The FreeBSD Foundation --- sys/kern/kern_rctl.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'sys/kern/kern_rctl.c') diff --git a/sys/kern/kern_rctl.c b/sys/kern/kern_rctl.c index c0ea5bc..1970ed8 100644 --- a/sys/kern/kern_rctl.c +++ b/sys/kern/kern_rctl.c @@ -78,10 +78,16 @@ FEATURE(rctl, "Resource Limits"); #define RCTL_PCPU_SHIFT (10 * 1000000) unsigned int rctl_maxbufsize = RCTL_MAX_OUTBUFSIZE; +static int rctl_log_rate_limit = 10; +static int rctl_devctl_rate_limit = 10; SYSCTL_NODE(_kern_racct, OID_AUTO, rctl, CTLFLAG_RW, 0, "Resource Limits"); SYSCTL_UINT(_kern_racct_rctl, OID_AUTO, maxbufsize, CTLFLAG_RWTUN, &rctl_maxbufsize, 0, "Maximum output buffer size"); +SYSCTL_UINT(_kern_racct_rctl, OID_AUTO, log_rate_limit, CTLFLAG_RW, + &rctl_log_rate_limit, 0, "Maximum number of log messages per second"); +SYSCTL_UINT(_kern_racct_rctl, OID_AUTO, devctl_rate_limit, CTLFLAG_RW, + &rctl_devctl_rate_limit, 0, "Maximum number of devctl messages per second"); /* * 'rctl_rule_link' connects a rule with every racct it's related to. @@ -336,13 +342,13 @@ rctl_pcpu_available(const struct proc *p) { int rctl_enforce(struct proc *p, int resource, uint64_t amount) { + static struct timeval log_lasttime, devctl_lasttime; + static int log_curtime = 0, devctl_curtime = 0; struct rctl_rule *rule; struct rctl_rule_link *link; struct sbuf sb; int should_deny = 0; char *buf; - static int curtime = 0; - static struct timeval lasttime; ASSERT_RACCT_ENABLED(); @@ -383,7 +389,8 @@ rctl_enforce(struct proc *p, int resource, uint64_t amount) if (p->p_state != PRS_NORMAL) continue; - if (!ppsratecheck(&lasttime, &curtime, 10)) + if (!ppsratecheck(&log_lasttime, &log_curtime, + rctl_log_rate_limit)) continue; buf = malloc(RCTL_LOG_BUFSIZE, M_RCTL, M_NOWAIT); @@ -409,6 +416,10 @@ rctl_enforce(struct proc *p, int resource, uint64_t amount) if (p->p_state != PRS_NORMAL) continue; + if (!ppsratecheck(&devctl_lasttime, &devctl_curtime, + rctl_devctl_rate_limit)) + continue; + buf = malloc(RCTL_LOG_BUFSIZE, M_RCTL, M_NOWAIT); if (buf == NULL) { printf("rctl_enforce: out of memory\n"); -- cgit v1.1