2 * Copyright (c) 2010 The FreeBSD Foundation
5 * This software was developed by Edward Tomasz Napierala under sponsorship
6 * from the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
35 #include <sys/param.h>
37 #include <sys/malloc.h>
38 #include <sys/queue.h>
39 #include <sys/refcount.h>
41 #include <sys/kernel.h>
42 #include <sys/limits.h>
43 #include <sys/loginclass.h>
46 #include <sys/racct.h>
48 #include <sys/resourcevar.h>
50 #include <sys/sysent.h>
51 #include <sys/sysproto.h>
52 #include <sys/systm.h>
53 #include <sys/types.h>
54 #include <sys/eventhandler.h>
56 #include <sys/mutex.h>
57 #include <sys/rwlock.h>
59 #include <sys/taskqueue.h>
65 #error "The RCTL option requires the RACCT option"
68 FEATURE(rctl, "Resource Limits");
71 #define HRF_DONT_INHERIT 1
72 #define HRF_DONT_ACCUMULATE 2
74 /* Default buffer size for rctl_get_rules(2). */
75 #define RCTL_DEFAULT_BUFSIZE 4096
76 #define RCTL_MAX_INBUFLEN 4096
77 #define RCTL_LOG_BUFSIZE 128
79 #define RCTL_PCPU_SHIFT (10 * 1000000)
82 * 'rctl_rule_link' connects a rule with every racct it's related to.
83 * For example, rule 'user:X:openfiles:deny=N/process' is linked
84 * with uidinfo for user X, and to each process of that user.
86 struct rctl_rule_link {
87 LIST_ENTRY(rctl_rule_link) rrl_next;
88 struct rctl_rule *rrl_rule;
97 static struct dict subjectnames[] = {
98 { "process", RCTL_SUBJECT_TYPE_PROCESS },
99 { "user", RCTL_SUBJECT_TYPE_USER },
100 { "loginclass", RCTL_SUBJECT_TYPE_LOGINCLASS },
101 { "jail", RCTL_SUBJECT_TYPE_JAIL },
104 static struct dict resourcenames[] = {
105 { "cputime", RACCT_CPU },
106 { "datasize", RACCT_DATA },
107 { "stacksize", RACCT_STACK },
108 { "coredumpsize", RACCT_CORE },
109 { "memoryuse", RACCT_RSS },
110 { "memorylocked", RACCT_MEMLOCK },
111 { "maxproc", RACCT_NPROC },
112 { "openfiles", RACCT_NOFILE },
113 { "vmemoryuse", RACCT_VMEM },
114 { "pseudoterminals", RACCT_NPTS },
115 { "swapuse", RACCT_SWAP },
116 { "nthr", RACCT_NTHR },
117 { "msgqqueued", RACCT_MSGQQUEUED },
118 { "msgqsize", RACCT_MSGQSIZE },
119 { "nmsgq", RACCT_NMSGQ },
120 { "nsem", RACCT_NSEM },
121 { "nsemop", RACCT_NSEMOP },
122 { "nshm", RACCT_NSHM },
123 { "shmsize", RACCT_SHMSIZE },
124 { "wallclock", RACCT_WALLCLOCK },
125 { "pcpu", RACCT_PCTCPU },
128 static struct dict actionnames[] = {
129 { "sighup", RCTL_ACTION_SIGHUP },
130 { "sigint", RCTL_ACTION_SIGINT },
131 { "sigquit", RCTL_ACTION_SIGQUIT },
132 { "sigill", RCTL_ACTION_SIGILL },
133 { "sigtrap", RCTL_ACTION_SIGTRAP },
134 { "sigabrt", RCTL_ACTION_SIGABRT },
135 { "sigemt", RCTL_ACTION_SIGEMT },
136 { "sigfpe", RCTL_ACTION_SIGFPE },
137 { "sigkill", RCTL_ACTION_SIGKILL },
138 { "sigbus", RCTL_ACTION_SIGBUS },
139 { "sigsegv", RCTL_ACTION_SIGSEGV },
140 { "sigsys", RCTL_ACTION_SIGSYS },
141 { "sigpipe", RCTL_ACTION_SIGPIPE },
142 { "sigalrm", RCTL_ACTION_SIGALRM },
143 { "sigterm", RCTL_ACTION_SIGTERM },
144 { "sigurg", RCTL_ACTION_SIGURG },
145 { "sigstop", RCTL_ACTION_SIGSTOP },
146 { "sigtstp", RCTL_ACTION_SIGTSTP },
147 { "sigchld", RCTL_ACTION_SIGCHLD },
148 { "sigttin", RCTL_ACTION_SIGTTIN },
149 { "sigttou", RCTL_ACTION_SIGTTOU },
150 { "sigio", RCTL_ACTION_SIGIO },
151 { "sigxcpu", RCTL_ACTION_SIGXCPU },
152 { "sigxfsz", RCTL_ACTION_SIGXFSZ },
153 { "sigvtalrm", RCTL_ACTION_SIGVTALRM },
154 { "sigprof", RCTL_ACTION_SIGPROF },
155 { "sigwinch", RCTL_ACTION_SIGWINCH },
156 { "siginfo", RCTL_ACTION_SIGINFO },
157 { "sigusr1", RCTL_ACTION_SIGUSR1 },
158 { "sigusr2", RCTL_ACTION_SIGUSR2 },
159 { "sigthr", RCTL_ACTION_SIGTHR },
160 { "deny", RCTL_ACTION_DENY },
161 { "log", RCTL_ACTION_LOG },
162 { "devctl", RCTL_ACTION_DEVCTL },
165 static void rctl_init(void);
166 SYSINIT(rctl, SI_SUB_RACCT, SI_ORDER_FIRST, rctl_init, NULL);
168 static uma_zone_t rctl_rule_link_zone;
169 static uma_zone_t rctl_rule_zone;
170 static struct rwlock rctl_lock;
171 RW_SYSINIT(rctl_lock, &rctl_lock, "RCTL lock");
173 static int rctl_rule_fully_specified(const struct rctl_rule *rule);
174 static void rctl_rule_to_sbuf(struct sbuf *sb, const struct rctl_rule *rule);
176 static MALLOC_DEFINE(M_RCTL, "rctl", "Resource Limits");
179 rctl_subject_type_name(int subject)
183 for (i = 0; subjectnames[i].d_name != NULL; i++) {
184 if (subjectnames[i].d_value == subject)
185 return (subjectnames[i].d_name);
188 panic("rctl_subject_type_name: unknown subject type %d", subject);
192 rctl_action_name(int action)
196 for (i = 0; actionnames[i].d_name != NULL; i++) {
197 if (actionnames[i].d_value == action)
198 return (actionnames[i].d_name);
201 panic("rctl_action_name: unknown action %d", action);
205 rctl_resource_name(int resource)
209 for (i = 0; resourcenames[i].d_name != NULL; i++) {
210 if (resourcenames[i].d_value == resource)
211 return (resourcenames[i].d_name);
214 panic("rctl_resource_name: unknown resource %d", resource);
218 * Return the amount of resource that can be allocated by 'p' before
222 rctl_available_resource(const struct proc *p, const struct rctl_rule *rule)
225 int64_t available = INT64_MAX;
226 struct ucred *cred = p->p_ucred;
228 rw_assert(&rctl_lock, RA_LOCKED);
230 resource = rule->rr_resource;
231 switch (rule->rr_per) {
232 case RCTL_SUBJECT_TYPE_PROCESS:
233 available = rule->rr_amount -
234 p->p_racct->r_resources[resource];
236 case RCTL_SUBJECT_TYPE_USER:
237 available = rule->rr_amount -
238 cred->cr_ruidinfo->ui_racct->r_resources[resource];
240 case RCTL_SUBJECT_TYPE_LOGINCLASS:
241 available = rule->rr_amount -
242 cred->cr_loginclass->lc_racct->r_resources[resource];
244 case RCTL_SUBJECT_TYPE_JAIL:
245 available = rule->rr_amount -
246 cred->cr_prison->pr_prison_racct->prr_racct->
247 r_resources[resource];
250 panic("rctl_compute_available: unknown per %d",
258 * Return non-zero if allocating 'amount' by proc 'p' would exceed
259 * resource limit specified by 'rule'.
262 rctl_would_exceed(const struct proc *p, const struct rctl_rule *rule,
267 rw_assert(&rctl_lock, RA_LOCKED);
269 available = rctl_available_resource(p, rule);
270 if (available >= amount)
277 * Special version of rctl_available() function for the %cpu resource.
278 * We slightly cheat here and return less than we normally would.
281 rctl_pcpu_available(const struct proc *p) {
282 struct rctl_rule *rule;
283 struct rctl_rule_link *link;
284 int64_t available, minavailable, limit;
286 minavailable = INT64_MAX;
289 rw_rlock(&rctl_lock);
291 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
292 rule = link->rrl_rule;
293 if (rule->rr_resource != RACCT_PCTCPU)
295 if (rule->rr_action != RCTL_ACTION_DENY)
297 available = rctl_available_resource(p, rule);
298 if (available < minavailable) {
299 minavailable = available;
300 limit = rule->rr_amount;
304 rw_runlock(&rctl_lock);
307 * Return slightly less than actual value of the available
308 * %cpu resource. This makes %cpu throttling more agressive
309 * and lets us act sooner than the limits are already exceeded.
312 if (limit > 2 * RCTL_PCPU_SHIFT)
313 minavailable -= RCTL_PCPU_SHIFT;
315 minavailable -= (limit / 2);
318 return (minavailable);
322 * Check whether the proc 'p' can allocate 'amount' of 'resource' in addition
323 * to what it keeps allocated now. Returns non-zero if the allocation should
324 * be denied, 0 otherwise.
327 rctl_enforce(struct proc *p, int resource, uint64_t amount)
329 struct rctl_rule *rule;
330 struct rctl_rule_link *link;
334 static int curtime = 0;
335 static struct timeval lasttime;
337 rw_rlock(&rctl_lock);
340 * There may be more than one matching rule; go through all of them.
341 * Denial should be done last, after logging and sending signals.
343 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
344 rule = link->rrl_rule;
345 if (rule->rr_resource != resource)
347 if (!rctl_would_exceed(p, rule, amount)) {
348 link->rrl_exceeded = 0;
352 switch (rule->rr_action) {
353 case RCTL_ACTION_DENY:
356 case RCTL_ACTION_LOG:
358 * If rrl_exceeded != 0, it means we've already
359 * logged a warning for this process.
361 if (link->rrl_exceeded != 0)
365 * If the process state is not fully initialized yet,
366 * we can't access most of the required fields, e.g.
367 * p->p_comm. This happens when called from fork1().
368 * Ignore this rule for now; it will be processed just
369 * after fork, when called from racct_proc_fork_done().
371 if (p->p_state != PRS_NORMAL)
374 if (!ppsratecheck(&lasttime, &curtime, 10))
377 buf = malloc(RCTL_LOG_BUFSIZE, M_RCTL, M_NOWAIT);
379 printf("rctl_enforce: out of memory\n");
382 sbuf_new(&sb, buf, RCTL_LOG_BUFSIZE, SBUF_FIXEDLEN);
383 rctl_rule_to_sbuf(&sb, rule);
385 printf("rctl: rule \"%s\" matched by pid %d "
386 "(%s), uid %d, jail %s\n", sbuf_data(&sb),
387 p->p_pid, p->p_comm, p->p_ucred->cr_uid,
388 p->p_ucred->cr_prison->pr_prison_racct->prr_name);
391 link->rrl_exceeded = 1;
393 case RCTL_ACTION_DEVCTL:
394 if (link->rrl_exceeded != 0)
397 if (p->p_state != PRS_NORMAL)
400 buf = malloc(RCTL_LOG_BUFSIZE, M_RCTL, M_NOWAIT);
402 printf("rctl_enforce: out of memory\n");
405 sbuf_new(&sb, buf, RCTL_LOG_BUFSIZE, SBUF_FIXEDLEN);
406 sbuf_printf(&sb, "rule=");
407 rctl_rule_to_sbuf(&sb, rule);
408 sbuf_printf(&sb, " pid=%d ruid=%d jail=%s",
409 p->p_pid, p->p_ucred->cr_ruid,
410 p->p_ucred->cr_prison->pr_prison_racct->prr_name);
412 devctl_notify_f("RCTL", "rule", "matched",
413 sbuf_data(&sb), M_NOWAIT);
416 link->rrl_exceeded = 1;
419 if (link->rrl_exceeded != 0)
422 if (p->p_state != PRS_NORMAL)
425 KASSERT(rule->rr_action > 0 &&
426 rule->rr_action <= RCTL_ACTION_SIGNAL_MAX,
427 ("rctl_enforce: unknown action %d",
431 * We're using the fact that RCTL_ACTION_SIG* values
432 * are equal to their counterparts from sys/signal.h.
434 kern_psignal(p, rule->rr_action);
435 link->rrl_exceeded = 1;
440 rw_runlock(&rctl_lock);
444 * Return fake error code; the caller should change it
445 * into one proper for the situation - EFSIZ, ENOMEM etc.
454 rctl_get_limit(struct proc *p, int resource)
456 struct rctl_rule *rule;
457 struct rctl_rule_link *link;
458 uint64_t amount = UINT64_MAX;
460 rw_rlock(&rctl_lock);
463 * There may be more than one matching rule; go through all of them.
464 * Denial should be done last, after logging and sending signals.
466 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
467 rule = link->rrl_rule;
468 if (rule->rr_resource != resource)
470 if (rule->rr_action != RCTL_ACTION_DENY)
472 if (rule->rr_amount < amount)
473 amount = rule->rr_amount;
476 rw_runlock(&rctl_lock);
482 rctl_get_available(struct proc *p, int resource)
484 struct rctl_rule *rule;
485 struct rctl_rule_link *link;
486 int64_t available, minavailable, allocated;
488 minavailable = INT64_MAX;
490 rw_rlock(&rctl_lock);
493 * There may be more than one matching rule; go through all of them.
494 * Denial should be done last, after logging and sending signals.
496 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
497 rule = link->rrl_rule;
498 if (rule->rr_resource != resource)
500 if (rule->rr_action != RCTL_ACTION_DENY)
502 available = rctl_available_resource(p, rule);
503 if (available < minavailable)
504 minavailable = available;
507 rw_runlock(&rctl_lock);
510 * XXX: Think about this _hard_.
512 allocated = p->p_racct->r_resources[resource];
513 if (minavailable < INT64_MAX - allocated)
514 minavailable += allocated;
515 if (minavailable < 0)
517 return (minavailable);
521 rctl_rule_matches(const struct rctl_rule *rule, const struct rctl_rule *filter)
524 if (filter->rr_subject_type != RCTL_SUBJECT_TYPE_UNDEFINED) {
525 if (rule->rr_subject_type != filter->rr_subject_type)
528 switch (filter->rr_subject_type) {
529 case RCTL_SUBJECT_TYPE_PROCESS:
530 if (filter->rr_subject.rs_proc != NULL &&
531 rule->rr_subject.rs_proc !=
532 filter->rr_subject.rs_proc)
535 case RCTL_SUBJECT_TYPE_USER:
536 if (filter->rr_subject.rs_uip != NULL &&
537 rule->rr_subject.rs_uip !=
538 filter->rr_subject.rs_uip)
541 case RCTL_SUBJECT_TYPE_LOGINCLASS:
542 if (filter->rr_subject.rs_loginclass != NULL &&
543 rule->rr_subject.rs_loginclass !=
544 filter->rr_subject.rs_loginclass)
547 case RCTL_SUBJECT_TYPE_JAIL:
548 if (filter->rr_subject.rs_prison_racct != NULL &&
549 rule->rr_subject.rs_prison_racct !=
550 filter->rr_subject.rs_prison_racct)
554 panic("rctl_rule_matches: unknown subject type %d",
555 filter->rr_subject_type);
559 if (filter->rr_resource != RACCT_UNDEFINED) {
560 if (rule->rr_resource != filter->rr_resource)
564 if (filter->rr_action != RCTL_ACTION_UNDEFINED) {
565 if (rule->rr_action != filter->rr_action)
569 if (filter->rr_amount != RCTL_AMOUNT_UNDEFINED) {
570 if (rule->rr_amount != filter->rr_amount)
574 if (filter->rr_per != RCTL_SUBJECT_TYPE_UNDEFINED) {
575 if (rule->rr_per != filter->rr_per)
583 str2value(const char *str, int *value, struct dict *table)
590 for (i = 0; table[i].d_name != NULL; i++) {
591 if (strcasecmp(table[i].d_name, str) == 0) {
592 *value = table[i].d_value;
601 str2id(const char *str, id_t *value)
608 *value = strtoul(str, &end, 10);
609 if ((size_t)(end - str) != strlen(str))
616 str2int64(const char *str, int64_t *value)
623 *value = strtoul(str, &end, 10);
624 if ((size_t)(end - str) != strlen(str))
631 * Connect the rule to the racct, increasing refcount for the rule.
634 rctl_racct_add_rule(struct racct *racct, struct rctl_rule *rule)
636 struct rctl_rule_link *link;
638 KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified"));
640 rctl_rule_acquire(rule);
641 link = uma_zalloc(rctl_rule_link_zone, M_WAITOK);
642 link->rrl_rule = rule;
643 link->rrl_exceeded = 0;
645 rw_wlock(&rctl_lock);
646 LIST_INSERT_HEAD(&racct->r_rule_links, link, rrl_next);
647 rw_wunlock(&rctl_lock);
651 rctl_racct_add_rule_locked(struct racct *racct, struct rctl_rule *rule)
653 struct rctl_rule_link *link;
655 KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified"));
656 rw_assert(&rctl_lock, RA_WLOCKED);
658 link = uma_zalloc(rctl_rule_link_zone, M_NOWAIT);
661 rctl_rule_acquire(rule);
662 link->rrl_rule = rule;
663 link->rrl_exceeded = 0;
665 LIST_INSERT_HEAD(&racct->r_rule_links, link, rrl_next);
670 * Remove limits for a rules matching the filter and release
671 * the refcounts for the rules, possibly freeing them. Returns
672 * the number of limit structures removed.
675 rctl_racct_remove_rules(struct racct *racct,
676 const struct rctl_rule *filter)
679 struct rctl_rule_link *link, *linktmp;
681 rw_assert(&rctl_lock, RA_WLOCKED);
683 LIST_FOREACH_SAFE(link, &racct->r_rule_links, rrl_next, linktmp) {
684 if (!rctl_rule_matches(link->rrl_rule, filter))
687 LIST_REMOVE(link, rrl_next);
688 rctl_rule_release(link->rrl_rule);
689 uma_zfree(rctl_rule_link_zone, link);
696 rctl_rule_acquire_subject(struct rctl_rule *rule)
699 switch (rule->rr_subject_type) {
700 case RCTL_SUBJECT_TYPE_UNDEFINED:
701 case RCTL_SUBJECT_TYPE_PROCESS:
703 case RCTL_SUBJECT_TYPE_JAIL:
704 if (rule->rr_subject.rs_prison_racct != NULL)
705 prison_racct_hold(rule->rr_subject.rs_prison_racct);
707 case RCTL_SUBJECT_TYPE_USER:
708 if (rule->rr_subject.rs_uip != NULL)
709 uihold(rule->rr_subject.rs_uip);
711 case RCTL_SUBJECT_TYPE_LOGINCLASS:
712 if (rule->rr_subject.rs_loginclass != NULL)
713 loginclass_hold(rule->rr_subject.rs_loginclass);
716 panic("rctl_rule_acquire_subject: unknown subject type %d",
717 rule->rr_subject_type);
722 rctl_rule_release_subject(struct rctl_rule *rule)
725 switch (rule->rr_subject_type) {
726 case RCTL_SUBJECT_TYPE_UNDEFINED:
727 case RCTL_SUBJECT_TYPE_PROCESS:
729 case RCTL_SUBJECT_TYPE_JAIL:
730 if (rule->rr_subject.rs_prison_racct != NULL)
731 prison_racct_free(rule->rr_subject.rs_prison_racct);
733 case RCTL_SUBJECT_TYPE_USER:
734 if (rule->rr_subject.rs_uip != NULL)
735 uifree(rule->rr_subject.rs_uip);
737 case RCTL_SUBJECT_TYPE_LOGINCLASS:
738 if (rule->rr_subject.rs_loginclass != NULL)
739 loginclass_free(rule->rr_subject.rs_loginclass);
742 panic("rctl_rule_release_subject: unknown subject type %d",
743 rule->rr_subject_type);
748 rctl_rule_alloc(int flags)
750 struct rctl_rule *rule;
752 rule = uma_zalloc(rctl_rule_zone, flags);
755 rule->rr_subject_type = RCTL_SUBJECT_TYPE_UNDEFINED;
756 rule->rr_subject.rs_proc = NULL;
757 rule->rr_subject.rs_uip = NULL;
758 rule->rr_subject.rs_loginclass = NULL;
759 rule->rr_subject.rs_prison_racct = NULL;
760 rule->rr_per = RCTL_SUBJECT_TYPE_UNDEFINED;
761 rule->rr_resource = RACCT_UNDEFINED;
762 rule->rr_action = RCTL_ACTION_UNDEFINED;
763 rule->rr_amount = RCTL_AMOUNT_UNDEFINED;
764 refcount_init(&rule->rr_refcount, 1);
770 rctl_rule_duplicate(const struct rctl_rule *rule, int flags)
772 struct rctl_rule *copy;
774 copy = uma_zalloc(rctl_rule_zone, flags);
777 copy->rr_subject_type = rule->rr_subject_type;
778 copy->rr_subject.rs_proc = rule->rr_subject.rs_proc;
779 copy->rr_subject.rs_uip = rule->rr_subject.rs_uip;
780 copy->rr_subject.rs_loginclass = rule->rr_subject.rs_loginclass;
781 copy->rr_subject.rs_prison_racct = rule->rr_subject.rs_prison_racct;
782 copy->rr_per = rule->rr_per;
783 copy->rr_resource = rule->rr_resource;
784 copy->rr_action = rule->rr_action;
785 copy->rr_amount = rule->rr_amount;
786 refcount_init(©->rr_refcount, 1);
787 rctl_rule_acquire_subject(copy);
793 rctl_rule_acquire(struct rctl_rule *rule)
796 KASSERT(rule->rr_refcount > 0, ("rule->rr_refcount <= 0"));
798 refcount_acquire(&rule->rr_refcount);
802 rctl_rule_free(void *context, int pending)
804 struct rctl_rule *rule;
806 rule = (struct rctl_rule *)context;
808 KASSERT(rule->rr_refcount == 0, ("rule->rr_refcount != 0"));
811 * We don't need locking here; rule is guaranteed to be inaccessible.
814 rctl_rule_release_subject(rule);
815 uma_zfree(rctl_rule_zone, rule);
819 rctl_rule_release(struct rctl_rule *rule)
822 KASSERT(rule->rr_refcount > 0, ("rule->rr_refcount <= 0"));
824 if (refcount_release(&rule->rr_refcount)) {
826 * rctl_rule_release() is often called when iterating
827 * over all the uidinfo structures in the system,
828 * holding uihashtbl_lock. Since rctl_rule_free()
829 * might end up calling uifree(), this would lead
830 * to lock recursion. Use taskqueue to avoid this.
832 TASK_INIT(&rule->rr_task, 0, rctl_rule_free, rule);
833 taskqueue_enqueue(taskqueue_thread, &rule->rr_task);
838 rctl_rule_fully_specified(const struct rctl_rule *rule)
841 switch (rule->rr_subject_type) {
842 case RCTL_SUBJECT_TYPE_UNDEFINED:
844 case RCTL_SUBJECT_TYPE_PROCESS:
845 if (rule->rr_subject.rs_proc == NULL)
848 case RCTL_SUBJECT_TYPE_USER:
849 if (rule->rr_subject.rs_uip == NULL)
852 case RCTL_SUBJECT_TYPE_LOGINCLASS:
853 if (rule->rr_subject.rs_loginclass == NULL)
856 case RCTL_SUBJECT_TYPE_JAIL:
857 if (rule->rr_subject.rs_prison_racct == NULL)
861 panic("rctl_rule_fully_specified: unknown subject type %d",
862 rule->rr_subject_type);
864 if (rule->rr_resource == RACCT_UNDEFINED)
866 if (rule->rr_action == RCTL_ACTION_UNDEFINED)
868 if (rule->rr_amount == RCTL_AMOUNT_UNDEFINED)
870 if (rule->rr_per == RCTL_SUBJECT_TYPE_UNDEFINED)
877 rctl_string_to_rule(char *rulestr, struct rctl_rule **rulep)
880 char *subjectstr, *subject_idstr, *resourcestr, *actionstr,
882 struct rctl_rule *rule;
885 rule = rctl_rule_alloc(M_WAITOK);
887 subjectstr = strsep(&rulestr, ":");
888 subject_idstr = strsep(&rulestr, ":");
889 resourcestr = strsep(&rulestr, ":");
890 actionstr = strsep(&rulestr, "=/");
891 amountstr = strsep(&rulestr, "/");
894 if (subjectstr == NULL || subjectstr[0] == '\0')
895 rule->rr_subject_type = RCTL_SUBJECT_TYPE_UNDEFINED;
897 error = str2value(subjectstr, &rule->rr_subject_type, subjectnames);
902 if (subject_idstr == NULL || subject_idstr[0] == '\0') {
903 rule->rr_subject.rs_proc = NULL;
904 rule->rr_subject.rs_uip = NULL;
905 rule->rr_subject.rs_loginclass = NULL;
906 rule->rr_subject.rs_prison_racct = NULL;
908 switch (rule->rr_subject_type) {
909 case RCTL_SUBJECT_TYPE_UNDEFINED:
912 case RCTL_SUBJECT_TYPE_PROCESS:
913 error = str2id(subject_idstr, &id);
916 sx_assert(&allproc_lock, SA_LOCKED);
917 rule->rr_subject.rs_proc = pfind(id);
918 if (rule->rr_subject.rs_proc == NULL) {
922 PROC_UNLOCK(rule->rr_subject.rs_proc);
924 case RCTL_SUBJECT_TYPE_USER:
925 error = str2id(subject_idstr, &id);
928 rule->rr_subject.rs_uip = uifind(id);
930 case RCTL_SUBJECT_TYPE_LOGINCLASS:
931 rule->rr_subject.rs_loginclass =
932 loginclass_find(subject_idstr);
933 if (rule->rr_subject.rs_loginclass == NULL) {
934 error = ENAMETOOLONG;
938 case RCTL_SUBJECT_TYPE_JAIL:
939 rule->rr_subject.rs_prison_racct =
940 prison_racct_find(subject_idstr);
941 if (rule->rr_subject.rs_prison_racct == NULL) {
942 error = ENAMETOOLONG;
947 panic("rctl_string_to_rule: unknown subject type %d",
948 rule->rr_subject_type);
952 if (resourcestr == NULL || resourcestr[0] == '\0')
953 rule->rr_resource = RACCT_UNDEFINED;
955 error = str2value(resourcestr, &rule->rr_resource,
961 if (actionstr == NULL || actionstr[0] == '\0')
962 rule->rr_action = RCTL_ACTION_UNDEFINED;
964 error = str2value(actionstr, &rule->rr_action, actionnames);
969 if (amountstr == NULL || amountstr[0] == '\0')
970 rule->rr_amount = RCTL_AMOUNT_UNDEFINED;
972 error = str2int64(amountstr, &rule->rr_amount);
975 if (RACCT_IS_IN_MILLIONS(rule->rr_resource))
976 rule->rr_amount *= 1000000;
979 if (perstr == NULL || perstr[0] == '\0')
980 rule->rr_per = RCTL_SUBJECT_TYPE_UNDEFINED;
982 error = str2value(perstr, &rule->rr_per, subjectnames);
991 rctl_rule_release(rule);
997 * Link a rule with all the subjects it applies to.
1000 rctl_rule_add(struct rctl_rule *rule)
1004 struct uidinfo *uip;
1006 struct prison_racct *prr;
1007 struct loginclass *lc;
1008 struct rctl_rule *rule2;
1011 KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified"));
1014 * Some rules just don't make sense. Note that the one below
1015 * cannot be rewritten using RACCT_IS_DENIABLE(); the RACCT_PCTCPU,
1016 * for example, is not deniable in the racct sense, but the
1017 * limit is enforced in a different way, so "deny" rules for %CPU
1020 if (rule->rr_action == RCTL_ACTION_DENY &&
1021 (rule->rr_resource == RACCT_CPU ||
1022 rule->rr_resource == RACCT_WALLCLOCK))
1023 return (EOPNOTSUPP);
1025 if (rule->rr_per == RCTL_SUBJECT_TYPE_PROCESS &&
1026 RACCT_IS_SLOPPY(rule->rr_resource))
1027 return (EOPNOTSUPP);
1030 * Make sure there are no duplicated rules. Also, for the "deny"
1031 * rules, remove ones differing only by "amount".
1033 if (rule->rr_action == RCTL_ACTION_DENY) {
1034 rule2 = rctl_rule_duplicate(rule, M_WAITOK);
1035 rule2->rr_amount = RCTL_AMOUNT_UNDEFINED;
1036 rctl_rule_remove(rule2);
1037 rctl_rule_release(rule2);
1039 rctl_rule_remove(rule);
1041 switch (rule->rr_subject_type) {
1042 case RCTL_SUBJECT_TYPE_PROCESS:
1043 p = rule->rr_subject.rs_proc;
1044 KASSERT(p != NULL, ("rctl_rule_add: NULL proc"));
1046 rctl_racct_add_rule(p->p_racct, rule);
1048 * In case of per-process rule, we don't have anything more
1053 case RCTL_SUBJECT_TYPE_USER:
1054 uip = rule->rr_subject.rs_uip;
1055 KASSERT(uip != NULL, ("rctl_rule_add: NULL uip"));
1056 rctl_racct_add_rule(uip->ui_racct, rule);
1059 case RCTL_SUBJECT_TYPE_LOGINCLASS:
1060 lc = rule->rr_subject.rs_loginclass;
1061 KASSERT(lc != NULL, ("rctl_rule_add: NULL loginclass"));
1062 rctl_racct_add_rule(lc->lc_racct, rule);
1065 case RCTL_SUBJECT_TYPE_JAIL:
1066 prr = rule->rr_subject.rs_prison_racct;
1067 KASSERT(prr != NULL, ("rctl_rule_add: NULL pr"));
1068 rctl_racct_add_rule(prr->prr_racct, rule);
1072 panic("rctl_rule_add: unknown subject type %d",
1073 rule->rr_subject_type);
1077 * Now go through all the processes and add the new rule to the ones
1080 sx_assert(&allproc_lock, SA_LOCKED);
1081 FOREACH_PROC_IN_SYSTEM(p) {
1083 switch (rule->rr_subject_type) {
1084 case RCTL_SUBJECT_TYPE_USER:
1085 if (cred->cr_uidinfo == rule->rr_subject.rs_uip ||
1086 cred->cr_ruidinfo == rule->rr_subject.rs_uip)
1089 case RCTL_SUBJECT_TYPE_LOGINCLASS:
1090 if (cred->cr_loginclass == rule->rr_subject.rs_loginclass)
1093 case RCTL_SUBJECT_TYPE_JAIL:
1095 for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent) {
1096 if (pr->pr_prison_racct == rule->rr_subject.rs_prison_racct) {
1105 panic("rctl_rule_add: unknown subject type %d",
1106 rule->rr_subject_type);
1109 rctl_racct_add_rule(p->p_racct, rule);
1116 rctl_rule_remove_callback(struct racct *racct, void *arg2, void *arg3)
1118 struct rctl_rule *filter = (struct rctl_rule *)arg2;
1121 rw_wlock(&rctl_lock);
1122 found += rctl_racct_remove_rules(racct, filter);
1123 rw_wunlock(&rctl_lock);
1125 *((int *)arg3) += found;
1129 * Remove all rules that match the filter.
1132 rctl_rule_remove(struct rctl_rule *filter)
1137 if (filter->rr_subject_type == RCTL_SUBJECT_TYPE_PROCESS &&
1138 filter->rr_subject.rs_proc != NULL) {
1139 p = filter->rr_subject.rs_proc;
1140 rw_wlock(&rctl_lock);
1141 found = rctl_racct_remove_rules(p->p_racct, filter);
1142 rw_wunlock(&rctl_lock);
1148 loginclass_racct_foreach(rctl_rule_remove_callback, filter,
1150 ui_racct_foreach(rctl_rule_remove_callback, filter,
1152 prison_racct_foreach(rctl_rule_remove_callback, filter,
1155 sx_assert(&allproc_lock, SA_LOCKED);
1156 rw_wlock(&rctl_lock);
1157 FOREACH_PROC_IN_SYSTEM(p) {
1158 found += rctl_racct_remove_rules(p->p_racct, filter);
1160 rw_wunlock(&rctl_lock);
1168 * Appends a rule to the sbuf.
1171 rctl_rule_to_sbuf(struct sbuf *sb, const struct rctl_rule *rule)
1175 sbuf_printf(sb, "%s:", rctl_subject_type_name(rule->rr_subject_type));
1177 switch (rule->rr_subject_type) {
1178 case RCTL_SUBJECT_TYPE_PROCESS:
1179 if (rule->rr_subject.rs_proc == NULL)
1180 sbuf_printf(sb, ":");
1182 sbuf_printf(sb, "%d:",
1183 rule->rr_subject.rs_proc->p_pid);
1185 case RCTL_SUBJECT_TYPE_USER:
1186 if (rule->rr_subject.rs_uip == NULL)
1187 sbuf_printf(sb, ":");
1189 sbuf_printf(sb, "%d:",
1190 rule->rr_subject.rs_uip->ui_uid);
1192 case RCTL_SUBJECT_TYPE_LOGINCLASS:
1193 if (rule->rr_subject.rs_loginclass == NULL)
1194 sbuf_printf(sb, ":");
1196 sbuf_printf(sb, "%s:",
1197 rule->rr_subject.rs_loginclass->lc_name);
1199 case RCTL_SUBJECT_TYPE_JAIL:
1200 if (rule->rr_subject.rs_prison_racct == NULL)
1201 sbuf_printf(sb, ":");
1203 sbuf_printf(sb, "%s:",
1204 rule->rr_subject.rs_prison_racct->prr_name);
1207 panic("rctl_rule_to_sbuf: unknown subject type %d",
1208 rule->rr_subject_type);
1211 amount = rule->rr_amount;
1212 if (amount != RCTL_AMOUNT_UNDEFINED &&
1213 RACCT_IS_IN_MILLIONS(rule->rr_resource))
1216 sbuf_printf(sb, "%s:%s=%jd",
1217 rctl_resource_name(rule->rr_resource),
1218 rctl_action_name(rule->rr_action),
1221 if (rule->rr_per != rule->rr_subject_type)
1222 sbuf_printf(sb, "/%s", rctl_subject_type_name(rule->rr_per));
1226 * Routine used by RCTL syscalls to read in input string.
1229 rctl_read_inbuf(char **inputstr, const char *inbufp, size_t inbuflen)
1236 if (inbuflen > RCTL_MAX_INBUFLEN)
1239 str = malloc(inbuflen + 1, M_RCTL, M_WAITOK);
1240 error = copyinstr(inbufp, str, inbuflen, NULL);
1252 * Routine used by RCTL syscalls to write out output string.
1255 rctl_write_outbuf(struct sbuf *outputsbuf, char *outbufp, size_t outbuflen)
1259 if (outputsbuf == NULL)
1262 sbuf_finish(outputsbuf);
1263 if (outbuflen < sbuf_len(outputsbuf) + 1) {
1264 sbuf_delete(outputsbuf);
1267 error = copyout(sbuf_data(outputsbuf), outbufp,
1268 sbuf_len(outputsbuf) + 1);
1269 sbuf_delete(outputsbuf);
1273 static struct sbuf *
1274 rctl_racct_to_sbuf(struct racct *racct, int sloppy)
1280 sb = sbuf_new_auto();
1281 for (i = 0; i <= RACCT_MAX; i++) {
1282 if (sloppy == 0 && RACCT_IS_SLOPPY(i))
1284 amount = racct->r_resources[i];
1285 if (RACCT_IS_IN_MILLIONS(i))
1287 sbuf_printf(sb, "%s=%jd,", rctl_resource_name(i), amount);
1289 sbuf_setpos(sb, sbuf_len(sb) - 1);
1294 sys_rctl_get_racct(struct thread *td, struct rctl_get_racct_args *uap)
1298 struct rctl_rule *filter;
1299 struct sbuf *outputsbuf = NULL;
1301 struct uidinfo *uip;
1302 struct loginclass *lc;
1303 struct prison_racct *prr;
1305 error = priv_check(td, PRIV_RCTL_GET_RACCT);
1309 error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
1313 sx_slock(&allproc_lock);
1314 error = rctl_string_to_rule(inputstr, &filter);
1315 free(inputstr, M_RCTL);
1317 sx_sunlock(&allproc_lock);
1321 switch (filter->rr_subject_type) {
1322 case RCTL_SUBJECT_TYPE_PROCESS:
1323 p = filter->rr_subject.rs_proc;
1328 outputsbuf = rctl_racct_to_sbuf(p->p_racct, 0);
1330 case RCTL_SUBJECT_TYPE_USER:
1331 uip = filter->rr_subject.rs_uip;
1336 outputsbuf = rctl_racct_to_sbuf(uip->ui_racct, 1);
1338 case RCTL_SUBJECT_TYPE_LOGINCLASS:
1339 lc = filter->rr_subject.rs_loginclass;
1344 outputsbuf = rctl_racct_to_sbuf(lc->lc_racct, 1);
1346 case RCTL_SUBJECT_TYPE_JAIL:
1347 prr = filter->rr_subject.rs_prison_racct;
1352 outputsbuf = rctl_racct_to_sbuf(prr->prr_racct, 1);
1358 rctl_rule_release(filter);
1359 sx_sunlock(&allproc_lock);
1363 error = rctl_write_outbuf(outputsbuf, uap->outbufp, uap->outbuflen);
1369 rctl_get_rules_callback(struct racct *racct, void *arg2, void *arg3)
1371 struct rctl_rule *filter = (struct rctl_rule *)arg2;
1372 struct rctl_rule_link *link;
1373 struct sbuf *sb = (struct sbuf *)arg3;
1375 rw_rlock(&rctl_lock);
1376 LIST_FOREACH(link, &racct->r_rule_links, rrl_next) {
1377 if (!rctl_rule_matches(link->rrl_rule, filter))
1379 rctl_rule_to_sbuf(sb, link->rrl_rule);
1380 sbuf_printf(sb, ",");
1382 rw_runlock(&rctl_lock);
1386 sys_rctl_get_rules(struct thread *td, struct rctl_get_rules_args *uap)
1389 size_t bufsize = RCTL_DEFAULT_BUFSIZE;
1390 char *inputstr, *buf;
1392 struct rctl_rule *filter;
1393 struct rctl_rule_link *link;
1396 error = priv_check(td, PRIV_RCTL_GET_RULES);
1400 error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
1404 sx_slock(&allproc_lock);
1405 error = rctl_string_to_rule(inputstr, &filter);
1406 free(inputstr, M_RCTL);
1408 sx_sunlock(&allproc_lock);
1413 buf = malloc(bufsize, M_RCTL, M_WAITOK);
1414 sb = sbuf_new(NULL, buf, bufsize, SBUF_FIXEDLEN);
1415 KASSERT(sb != NULL, ("sbuf_new failed"));
1417 sx_assert(&allproc_lock, SA_LOCKED);
1418 FOREACH_PROC_IN_SYSTEM(p) {
1419 rw_rlock(&rctl_lock);
1420 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
1422 * Non-process rules will be added to the buffer later.
1423 * Adding them here would result in duplicated output.
1425 if (link->rrl_rule->rr_subject_type !=
1426 RCTL_SUBJECT_TYPE_PROCESS)
1428 if (!rctl_rule_matches(link->rrl_rule, filter))
1430 rctl_rule_to_sbuf(sb, link->rrl_rule);
1431 sbuf_printf(sb, ",");
1433 rw_runlock(&rctl_lock);
1436 loginclass_racct_foreach(rctl_get_rules_callback, filter, sb);
1437 ui_racct_foreach(rctl_get_rules_callback, filter, sb);
1438 prison_racct_foreach(rctl_get_rules_callback, filter, sb);
1439 if (sbuf_error(sb) == ENOMEM) {
1447 * Remove trailing ",".
1449 if (sbuf_len(sb) > 0)
1450 sbuf_setpos(sb, sbuf_len(sb) - 1);
1452 error = rctl_write_outbuf(sb, uap->outbufp, uap->outbuflen);
1454 rctl_rule_release(filter);
1455 sx_sunlock(&allproc_lock);
1461 sys_rctl_get_limits(struct thread *td, struct rctl_get_limits_args *uap)
1464 size_t bufsize = RCTL_DEFAULT_BUFSIZE;
1465 char *inputstr, *buf;
1467 struct rctl_rule *filter;
1468 struct rctl_rule_link *link;
1470 error = priv_check(td, PRIV_RCTL_GET_LIMITS);
1474 error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
1478 sx_slock(&allproc_lock);
1479 error = rctl_string_to_rule(inputstr, &filter);
1480 free(inputstr, M_RCTL);
1482 sx_sunlock(&allproc_lock);
1486 if (filter->rr_subject_type == RCTL_SUBJECT_TYPE_UNDEFINED) {
1487 rctl_rule_release(filter);
1488 sx_sunlock(&allproc_lock);
1491 if (filter->rr_subject_type != RCTL_SUBJECT_TYPE_PROCESS) {
1492 rctl_rule_release(filter);
1493 sx_sunlock(&allproc_lock);
1494 return (EOPNOTSUPP);
1496 if (filter->rr_subject.rs_proc == NULL) {
1497 rctl_rule_release(filter);
1498 sx_sunlock(&allproc_lock);
1503 buf = malloc(bufsize, M_RCTL, M_WAITOK);
1504 sb = sbuf_new(NULL, buf, bufsize, SBUF_FIXEDLEN);
1505 KASSERT(sb != NULL, ("sbuf_new failed"));
1507 rw_rlock(&rctl_lock);
1508 LIST_FOREACH(link, &filter->rr_subject.rs_proc->p_racct->r_rule_links,
1510 rctl_rule_to_sbuf(sb, link->rrl_rule);
1511 sbuf_printf(sb, ",");
1513 rw_runlock(&rctl_lock);
1514 if (sbuf_error(sb) == ENOMEM) {
1522 * Remove trailing ",".
1524 if (sbuf_len(sb) > 0)
1525 sbuf_setpos(sb, sbuf_len(sb) - 1);
1527 error = rctl_write_outbuf(sb, uap->outbufp, uap->outbuflen);
1528 rctl_rule_release(filter);
1529 sx_sunlock(&allproc_lock);
1535 sys_rctl_add_rule(struct thread *td, struct rctl_add_rule_args *uap)
1538 struct rctl_rule *rule;
1541 error = priv_check(td, PRIV_RCTL_ADD_RULE);
1545 error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
1549 sx_slock(&allproc_lock);
1550 error = rctl_string_to_rule(inputstr, &rule);
1551 free(inputstr, M_RCTL);
1553 sx_sunlock(&allproc_lock);
1557 * The 'per' part of a rule is optional.
1559 if (rule->rr_per == RCTL_SUBJECT_TYPE_UNDEFINED &&
1560 rule->rr_subject_type != RCTL_SUBJECT_TYPE_UNDEFINED)
1561 rule->rr_per = rule->rr_subject_type;
1563 if (!rctl_rule_fully_specified(rule)) {
1568 error = rctl_rule_add(rule);
1571 rctl_rule_release(rule);
1572 sx_sunlock(&allproc_lock);
1577 sys_rctl_remove_rule(struct thread *td, struct rctl_remove_rule_args *uap)
1580 struct rctl_rule *filter;
1583 error = priv_check(td, PRIV_RCTL_REMOVE_RULE);
1587 error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
1591 sx_slock(&allproc_lock);
1592 error = rctl_string_to_rule(inputstr, &filter);
1593 free(inputstr, M_RCTL);
1595 sx_sunlock(&allproc_lock);
1599 error = rctl_rule_remove(filter);
1600 rctl_rule_release(filter);
1601 sx_sunlock(&allproc_lock);
1607 * Update RCTL rule list after credential change.
1610 rctl_proc_ucred_changed(struct proc *p, struct ucred *newcred)
1613 struct rctl_rule_link *link, *newlink;
1614 struct uidinfo *newuip;
1615 struct loginclass *newlc;
1616 struct prison_racct *newprr;
1617 LIST_HEAD(, rctl_rule_link) newrules;
1619 newuip = newcred->cr_ruidinfo;
1620 newlc = newcred->cr_loginclass;
1621 newprr = newcred->cr_prison->pr_prison_racct;
1623 LIST_INIT(&newrules);
1627 * First, count the rules that apply to the process with new
1631 rw_rlock(&rctl_lock);
1632 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
1633 if (link->rrl_rule->rr_subject_type ==
1634 RCTL_SUBJECT_TYPE_PROCESS)
1637 LIST_FOREACH(link, &newuip->ui_racct->r_rule_links, rrl_next)
1639 LIST_FOREACH(link, &newlc->lc_racct->r_rule_links, rrl_next)
1641 LIST_FOREACH(link, &newprr->prr_racct->r_rule_links, rrl_next)
1643 rw_runlock(&rctl_lock);
1646 * Create temporary list. We've dropped the rctl_lock in order
1649 for (i = 0; i < rulecnt; i++) {
1650 newlink = uma_zalloc(rctl_rule_link_zone, M_WAITOK);
1651 newlink->rrl_rule = NULL;
1652 LIST_INSERT_HEAD(&newrules, newlink, rrl_next);
1655 newlink = LIST_FIRST(&newrules);
1658 * Assign rules to the newly allocated list entries.
1660 rw_wlock(&rctl_lock);
1661 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
1662 if (link->rrl_rule->rr_subject_type ==
1663 RCTL_SUBJECT_TYPE_PROCESS) {
1664 if (newlink == NULL)
1666 rctl_rule_acquire(link->rrl_rule);
1667 newlink->rrl_rule = link->rrl_rule;
1668 newlink = LIST_NEXT(newlink, rrl_next);
1673 LIST_FOREACH(link, &newuip->ui_racct->r_rule_links, rrl_next) {
1674 if (newlink == NULL)
1676 rctl_rule_acquire(link->rrl_rule);
1677 newlink->rrl_rule = link->rrl_rule;
1678 newlink = LIST_NEXT(newlink, rrl_next);
1682 LIST_FOREACH(link, &newlc->lc_racct->r_rule_links, rrl_next) {
1683 if (newlink == NULL)
1685 rctl_rule_acquire(link->rrl_rule);
1686 newlink->rrl_rule = link->rrl_rule;
1687 newlink = LIST_NEXT(newlink, rrl_next);
1691 LIST_FOREACH(link, &newprr->prr_racct->r_rule_links, rrl_next) {
1692 if (newlink == NULL)
1694 rctl_rule_acquire(link->rrl_rule);
1695 newlink->rrl_rule = link->rrl_rule;
1696 newlink = LIST_NEXT(newlink, rrl_next);
1702 * Free the old rule list.
1704 while (!LIST_EMPTY(&p->p_racct->r_rule_links)) {
1705 link = LIST_FIRST(&p->p_racct->r_rule_links);
1706 LIST_REMOVE(link, rrl_next);
1707 rctl_rule_release(link->rrl_rule);
1708 uma_zfree(rctl_rule_link_zone, link);
1712 * Replace lists and we're done.
1714 * XXX: Is there any way to switch list heads instead
1715 * of iterating here?
1717 while (!LIST_EMPTY(&newrules)) {
1718 newlink = LIST_FIRST(&newrules);
1719 LIST_REMOVE(newlink, rrl_next);
1720 LIST_INSERT_HEAD(&p->p_racct->r_rule_links,
1724 rw_wunlock(&rctl_lock);
1730 rw_wunlock(&rctl_lock);
1733 * Rule list changed while we were not holding the rctl_lock.
1734 * Free the new list and try again.
1736 while (!LIST_EMPTY(&newrules)) {
1737 newlink = LIST_FIRST(&newrules);
1738 LIST_REMOVE(newlink, rrl_next);
1739 if (newlink->rrl_rule != NULL)
1740 rctl_rule_release(newlink->rrl_rule);
1741 uma_zfree(rctl_rule_link_zone, newlink);
1748 * Assign RCTL rules to the newly created process.
1751 rctl_proc_fork(struct proc *parent, struct proc *child)
1754 struct rctl_rule_link *link;
1755 struct rctl_rule *rule;
1757 LIST_INIT(&child->p_racct->r_rule_links);
1759 KASSERT(parent->p_racct != NULL, ("process without racct; p = %p", parent));
1761 rw_wlock(&rctl_lock);
1764 * Go through limits applicable to the parent and assign them
1765 * to the child. Rules with 'process' subject have to be duplicated
1766 * in order to make their rr_subject point to the new process.
1768 LIST_FOREACH(link, &parent->p_racct->r_rule_links, rrl_next) {
1769 if (link->rrl_rule->rr_subject_type ==
1770 RCTL_SUBJECT_TYPE_PROCESS) {
1771 rule = rctl_rule_duplicate(link->rrl_rule, M_NOWAIT);
1774 KASSERT(rule->rr_subject.rs_proc == parent,
1775 ("rule->rr_subject.rs_proc != parent"));
1776 rule->rr_subject.rs_proc = child;
1777 error = rctl_racct_add_rule_locked(child->p_racct,
1779 rctl_rule_release(rule);
1783 error = rctl_racct_add_rule_locked(child->p_racct,
1790 rw_wunlock(&rctl_lock);
1794 while (!LIST_EMPTY(&child->p_racct->r_rule_links)) {
1795 link = LIST_FIRST(&child->p_racct->r_rule_links);
1796 LIST_REMOVE(link, rrl_next);
1797 rctl_rule_release(link->rrl_rule);
1798 uma_zfree(rctl_rule_link_zone, link);
1800 rw_wunlock(&rctl_lock);
1805 * Release rules attached to the racct.
1808 rctl_racct_release(struct racct *racct)
1810 struct rctl_rule_link *link;
1812 rw_wlock(&rctl_lock);
1813 while (!LIST_EMPTY(&racct->r_rule_links)) {
1814 link = LIST_FIRST(&racct->r_rule_links);
1815 LIST_REMOVE(link, rrl_next);
1816 rctl_rule_release(link->rrl_rule);
1817 uma_zfree(rctl_rule_link_zone, link);
1819 rw_wunlock(&rctl_lock);
1826 rctl_rule_link_zone = uma_zcreate("rctl_rule_link",
1827 sizeof(struct rctl_rule_link), NULL, NULL, NULL, NULL,
1828 UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
1829 rctl_rule_zone = uma_zcreate("rctl_rule", sizeof(struct rctl_rule),
1830 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
1836 sys_rctl_get_racct(struct thread *td, struct rctl_get_racct_args *uap)
1843 sys_rctl_get_rules(struct thread *td, struct rctl_get_rules_args *uap)
1850 sys_rctl_get_limits(struct thread *td, struct rctl_get_limits_args *uap)
1857 sys_rctl_add_rule(struct thread *td, struct rctl_add_rule_args *uap)
1864 sys_rctl_remove_rule(struct thread *td, struct rctl_remove_rule_args *uap)