2 * Copyright (c) 1982, 1986, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)kern_resource.c 8.5 (Berkeley) 1/21/94
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD$");
40 #include "opt_compat.h"
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/sysproto.h>
46 #include <sys/kernel.h>
48 #include <sys/malloc.h>
49 #include <sys/mutex.h>
52 #include <sys/refcount.h>
53 #include <sys/resourcevar.h>
54 #include <sys/rwlock.h>
55 #include <sys/sched.h>
57 #include <sys/syscallsubr.h>
58 #include <sys/sysent.h>
63 #include <vm/vm_param.h>
65 #include <vm/vm_map.h>
68 static MALLOC_DEFINE(M_PLIMIT, "plimit", "plimit structures");
69 static MALLOC_DEFINE(M_UIDINFO, "uidinfo", "uidinfo structures");
70 #define UIHASH(uid) (&uihashtbl[(uid) & uihash])
71 static struct rwlock uihashtbl_lock;
72 static LIST_HEAD(uihashhead, uidinfo) *uihashtbl;
73 static u_long uihash; /* size of hash table - 1 */
75 static void calcru1(struct proc *p, struct rusage_ext *ruxp,
76 struct timeval *up, struct timeval *sp);
77 static int donice(struct thread *td, struct proc *chgp, int n);
78 static struct uidinfo *uilookup(uid_t uid);
79 static void ruxagg_locked(struct rusage_ext *rux, struct thread *td);
82 * Resource controls and accounting.
84 #ifndef _SYS_SYSPROTO_H_
85 struct getpriority_args {
93 register struct getpriority_args *uap;
101 switch (uap->which) {
105 low = td->td_proc->p_nice;
110 if (p_cansee(td, p) == 0)
117 sx_slock(&proctree_lock);
119 pg = td->td_proc->p_pgrp;
122 pg = pgfind(uap->who);
124 sx_sunlock(&proctree_lock);
128 sx_sunlock(&proctree_lock);
129 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
131 if (p_cansee(td, p) == 0) {
142 uap->who = td->td_ucred->cr_uid;
143 sx_slock(&allproc_lock);
144 FOREACH_PROC_IN_SYSTEM(p) {
146 if (p->p_state == PRS_NORMAL &&
147 p_cansee(td, p) == 0 &&
148 p->p_ucred->cr_uid == uap->who) {
154 sx_sunlock(&allproc_lock);
161 if (low == PRIO_MAX + 1 && error == 0)
163 td->td_retval[0] = low;
167 #ifndef _SYS_SYSPROTO_H_
168 struct setpriority_args {
177 struct setpriority_args *uap;
179 struct proc *curp, *p;
181 int found = 0, error = 0;
184 switch (uap->which) {
188 error = donice(td, curp, uap->prio);
194 error = p_cansee(td, p);
196 error = donice(td, p, uap->prio);
203 sx_slock(&proctree_lock);
208 pg = pgfind(uap->who);
210 sx_sunlock(&proctree_lock);
214 sx_sunlock(&proctree_lock);
215 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
217 if (p_cansee(td, p) == 0) {
218 error = donice(td, p, uap->prio);
228 uap->who = td->td_ucred->cr_uid;
229 sx_slock(&allproc_lock);
230 FOREACH_PROC_IN_SYSTEM(p) {
232 if (p->p_ucred->cr_uid == uap->who &&
233 p_cansee(td, p) == 0) {
234 error = donice(td, p, uap->prio);
239 sx_sunlock(&allproc_lock);
246 if (found == 0 && error == 0)
252 * Set "nice" for a (whole) process.
255 donice(struct thread *td, struct proc *p, int n)
259 PROC_LOCK_ASSERT(p, MA_OWNED);
260 if ((error = p_cansched(td, p)))
266 if (n < p->p_nice && priv_check(td, PRIV_SCHED_SETPRIORITY) != 0)
273 * Set realtime priority for LWP.
275 #ifndef _SYS_SYSPROTO_H_
276 struct rtprio_thread_args {
283 rtprio_thread(struct thread *td, struct rtprio_thread_args *uap)
290 /* Perform copyin before acquiring locks if needed. */
291 if (uap->function == RTP_SET)
292 cierror = copyin(uap->rtp, &rtp, sizeof(struct rtprio));
297 * Though lwpid is unique, only current process is supported
298 * since there is no efficient way to look up a LWP yet.
303 switch (uap->function) {
305 if ((error = p_cansee(td, p)))
307 if (uap->lwpid == 0 || uap->lwpid == td->td_tid)
310 td1 = thread_find(p, uap->lwpid);
312 pri_to_rtp(td1, &rtp);
316 return (copyout(&rtp, uap->rtp, sizeof(struct rtprio)));
318 if ((error = p_cansched(td, p)) || (error = cierror))
321 /* Disallow setting rtprio in most cases if not superuser. */
323 * Realtime priority has to be restricted for reasons which should be
324 * obvious. However, for idle priority, there is a potential for
325 * system deadlock if an idleprio process gains a lock on a resource
326 * that other processes need (and the idleprio process can't run
327 * due to a CPU-bound normal process). Fix me! XXX
330 if (RTP_PRIO_IS_REALTIME(rtp.type)) {
332 if (rtp.type != RTP_PRIO_NORMAL) {
334 error = priv_check(td, PRIV_SCHED_RTPRIO);
339 if (uap->lwpid == 0 || uap->lwpid == td->td_tid)
342 td1 = thread_find(p, uap->lwpid);
344 error = rtp_to_pri(&rtp, td1);
357 * Set realtime priority.
359 #ifndef _SYS_SYSPROTO_H_
368 struct thread *td; /* curthread */
369 register struct rtprio_args *uap;
376 /* Perform copyin before acquiring locks if needed. */
377 if (uap->function == RTP_SET)
378 cierror = copyin(uap->rtp, &rtp, sizeof(struct rtprio));
391 switch (uap->function) {
393 if ((error = p_cansee(td, p)))
396 * Return OUR priority if no pid specified,
397 * or if one is, report the highest priority
398 * in the process. There isn't much more you can do as
399 * there is only room to return a single priority.
400 * Note: specifying our own pid is not the same
401 * as leaving it zero.
404 pri_to_rtp(td, &rtp);
408 rtp.type = RTP_PRIO_IDLE;
409 rtp.prio = RTP_PRIO_MAX;
410 FOREACH_THREAD_IN_PROC(p, tdp) {
411 pri_to_rtp(tdp, &rtp2);
412 if (rtp2.type < rtp.type ||
413 (rtp2.type == rtp.type &&
414 rtp2.prio < rtp.prio)) {
415 rtp.type = rtp2.type;
416 rtp.prio = rtp2.prio;
421 return (copyout(&rtp, uap->rtp, sizeof(struct rtprio)));
423 if ((error = p_cansched(td, p)) || (error = cierror))
426 /* Disallow setting rtprio in most cases if not superuser. */
428 * Realtime priority has to be restricted for reasons which should be
429 * obvious. However, for idle priority, there is a potential for
430 * system deadlock if an idleprio process gains a lock on a resource
431 * that other processes need (and the idleprio process can't run
432 * due to a CPU-bound normal process). Fix me! XXX
435 if (RTP_PRIO_IS_REALTIME(rtp.type)) {
437 if (rtp.type != RTP_PRIO_NORMAL) {
439 error = priv_check(td, PRIV_SCHED_RTPRIO);
445 * If we are setting our own priority, set just our
446 * thread but if we are doing another process,
447 * do all the threads on that process. If we
448 * specify our own pid we do the latter.
451 error = rtp_to_pri(&rtp, td);
453 FOREACH_THREAD_IN_PROC(p, td) {
454 if ((error = rtp_to_pri(&rtp, td)) != 0)
468 rtp_to_pri(struct rtprio *rtp, struct thread *td)
473 switch (RTP_PRIO_BASE(rtp->type)) {
474 case RTP_PRIO_REALTIME:
475 if (rtp->prio > RTP_PRIO_MAX)
477 newpri = PRI_MIN_REALTIME + rtp->prio;
479 case RTP_PRIO_NORMAL:
480 if (rtp->prio > (PRI_MAX_TIMESHARE - PRI_MIN_TIMESHARE))
482 newpri = PRI_MIN_TIMESHARE + rtp->prio;
485 if (rtp->prio > RTP_PRIO_MAX)
487 newpri = PRI_MIN_IDLE + rtp->prio;
494 sched_class(td, rtp->type); /* XXX fix */
495 oldpri = td->td_user_pri;
496 sched_user_prio(td, newpri);
498 sched_prio(curthread, td->td_user_pri); /* XXX dubious */
499 if (TD_ON_UPILOCK(td) && oldpri != newpri) {
501 umtx_pi_adjust(td, oldpri);
508 pri_to_rtp(struct thread *td, struct rtprio *rtp)
512 switch (PRI_BASE(td->td_pri_class)) {
514 rtp->prio = td->td_base_user_pri - PRI_MIN_REALTIME;
517 rtp->prio = td->td_base_user_pri - PRI_MIN_TIMESHARE;
520 rtp->prio = td->td_base_user_pri - PRI_MIN_IDLE;
525 rtp->type = td->td_pri_class;
529 #if defined(COMPAT_43)
530 #ifndef _SYS_SYSPROTO_H_
531 struct osetrlimit_args {
539 register struct osetrlimit_args *uap;
545 if ((error = copyin(uap->rlp, &olim, sizeof(struct orlimit))))
547 lim.rlim_cur = olim.rlim_cur;
548 lim.rlim_max = olim.rlim_max;
549 error = kern_setrlimit(td, uap->which, &lim);
553 #ifndef _SYS_SYSPROTO_H_
554 struct ogetrlimit_args {
562 register struct ogetrlimit_args *uap;
569 if (uap->which >= RLIM_NLIMITS)
573 lim_rlimit(p, uap->which, &rl);
577 * XXX would be more correct to convert only RLIM_INFINITY to the
578 * old RLIM_INFINITY and fail with EOVERFLOW for other larger
579 * values. Most 64->32 and 32->16 conversions, including not
580 * unimportant ones of uids are even more broken than what we
581 * do here (they blindly truncate). We don't do this correctly
582 * here since we have little experience with EOVERFLOW yet.
583 * Elsewhere, getuid() can't fail...
585 olim.rlim_cur = rl.rlim_cur > 0x7fffffff ? 0x7fffffff : rl.rlim_cur;
586 olim.rlim_max = rl.rlim_max > 0x7fffffff ? 0x7fffffff : rl.rlim_max;
587 error = copyout(&olim, uap->rlp, sizeof(olim));
590 #endif /* COMPAT_43 */
592 #ifndef _SYS_SYSPROTO_H_
593 struct __setrlimit_args {
601 register struct __setrlimit_args *uap;
606 if ((error = copyin(uap->rlp, &alim, sizeof(struct rlimit))))
608 error = kern_setrlimit(td, uap->which, &alim);
620 PROC_LOCK_ASSERT(p, MA_OWNED);
622 * Check if the process exceeds its cpu resource allocation. If
623 * it reaches the max, arrange to kill the process in ast().
625 if (p->p_cpulimit == RLIM_INFINITY)
628 FOREACH_THREAD_IN_PROC(p, td) {
632 if (p->p_rux.rux_runtime > p->p_cpulimit * cpu_tickrate()) {
633 lim_rlimit(p, RLIMIT_CPU, &rlim);
634 if (p->p_rux.rux_runtime >= rlim.rlim_max * cpu_tickrate()) {
635 killproc(p, "exceeded maximum CPU limit");
637 if (p->p_cpulimit < rlim.rlim_max)
642 if ((p->p_flag & P_WEXIT) == 0)
643 callout_reset(&p->p_limco, hz, lim_cb, p);
647 kern_setrlimit(td, which, limp)
652 struct plimit *newlim, *oldlim;
654 register struct rlimit *alimp;
655 struct rlimit oldssiz;
658 if (which >= RLIM_NLIMITS)
662 * Preserve historical bugs by treating negative limits as unsigned.
664 if (limp->rlim_cur < 0)
665 limp->rlim_cur = RLIM_INFINITY;
666 if (limp->rlim_max < 0)
667 limp->rlim_max = RLIM_INFINITY;
669 oldssiz.rlim_cur = 0;
671 newlim = lim_alloc();
674 alimp = &oldlim->pl_rlimit[which];
675 if (limp->rlim_cur > alimp->rlim_max ||
676 limp->rlim_max > alimp->rlim_max)
677 if ((error = priv_check(td, PRIV_PROC_SETRLIMIT))) {
682 if (limp->rlim_cur > limp->rlim_max)
683 limp->rlim_cur = limp->rlim_max;
684 lim_copy(newlim, oldlim);
685 alimp = &newlim->pl_rlimit[which];
690 if (limp->rlim_cur != RLIM_INFINITY &&
691 p->p_cpulimit == RLIM_INFINITY)
692 callout_reset(&p->p_limco, hz, lim_cb, p);
693 p->p_cpulimit = limp->rlim_cur;
696 if (limp->rlim_cur > maxdsiz)
697 limp->rlim_cur = maxdsiz;
698 if (limp->rlim_max > maxdsiz)
699 limp->rlim_max = maxdsiz;
703 if (limp->rlim_cur > maxssiz)
704 limp->rlim_cur = maxssiz;
705 if (limp->rlim_max > maxssiz)
706 limp->rlim_max = maxssiz;
708 if (td->td_proc->p_sysent->sv_fixlimit != NULL)
709 td->td_proc->p_sysent->sv_fixlimit(&oldssiz,
714 if (limp->rlim_cur > maxfilesperproc)
715 limp->rlim_cur = maxfilesperproc;
716 if (limp->rlim_max > maxfilesperproc)
717 limp->rlim_max = maxfilesperproc;
721 if (limp->rlim_cur > maxprocperuid)
722 limp->rlim_cur = maxprocperuid;
723 if (limp->rlim_max > maxprocperuid)
724 limp->rlim_max = maxprocperuid;
725 if (limp->rlim_cur < 1)
727 if (limp->rlim_max < 1)
731 if (td->td_proc->p_sysent->sv_fixlimit != NULL)
732 td->td_proc->p_sysent->sv_fixlimit(limp, which);
738 if (which == RLIMIT_STACK) {
740 * Stack is allocated to the max at exec time with only
741 * "rlim_cur" bytes accessible. If stack limit is going
742 * up make more accessible, if going down make inaccessible.
744 if (limp->rlim_cur != oldssiz.rlim_cur) {
749 if (limp->rlim_cur > oldssiz.rlim_cur) {
750 prot = p->p_sysent->sv_stackprot;
751 size = limp->rlim_cur - oldssiz.rlim_cur;
752 addr = p->p_sysent->sv_usrstack -
756 size = oldssiz.rlim_cur - limp->rlim_cur;
757 addr = p->p_sysent->sv_usrstack -
760 addr = trunc_page(addr);
761 size = round_page(size);
762 (void)vm_map_protect(&p->p_vmspace->vm_map,
763 addr, addr + size, prot, FALSE);
770 #ifndef _SYS_SYSPROTO_H_
771 struct __getrlimit_args {
780 register struct __getrlimit_args *uap;
786 if (uap->which >= RLIM_NLIMITS)
790 lim_rlimit(p, uap->which, &rlim);
792 error = copyout(&rlim, uap->rlp, sizeof(struct rlimit));
797 * Transform the running time and tick information for children of proc p
798 * into user and system time usage.
807 PROC_LOCK_ASSERT(p, MA_OWNED);
808 calcru1(p, &p->p_crux, up, sp);
812 * Transform the running time and tick information in proc p into user
813 * and system time usage. If appropriate, include the current time slice
817 calcru(struct proc *p, struct timeval *up, struct timeval *sp)
822 PROC_LOCK_ASSERT(p, MA_OWNED);
823 PROC_SLOCK_ASSERT(p, MA_OWNED);
825 * If we are getting stats for the current process, then add in the
826 * stats that this thread has accumulated in its current time slice.
827 * We reset the thread and CPU state as if we had performed a context
831 if (td->td_proc == p) {
833 p->p_rux.rux_runtime += u - PCPU_GET(switchtime);
834 PCPU_SET(switchtime, u);
836 /* Make sure the per-thread stats are current. */
837 FOREACH_THREAD_IN_PROC(p, td) {
838 if (td->td_incruntime == 0)
842 calcru1(p, &p->p_rux, up, sp);
846 calcru1(struct proc *p, struct rusage_ext *ruxp, struct timeval *up,
849 /* {user, system, interrupt, total} {ticks, usec}: */
850 u_int64_t ut, uu, st, su, it, tt, tu;
852 ut = ruxp->rux_uticks;
853 st = ruxp->rux_sticks;
854 it = ruxp->rux_iticks;
857 /* Avoid divide by zero */
861 tu = cputick2usec(ruxp->rux_runtime);
862 if ((int64_t)tu < 0) {
863 /* XXX: this should be an assert /phk */
864 printf("calcru: negative runtime of %jd usec for pid %d (%s)\n",
865 (intmax_t)tu, p->p_pid, p->p_comm);
869 if (tu >= ruxp->rux_tu) {
871 * The normal case, time increased.
872 * Enforce monotonicity of bucketed numbers.
875 if (uu < ruxp->rux_uu)
878 if (su < ruxp->rux_su)
880 } else if (tu + 3 > ruxp->rux_tu || 101 * tu > 100 * ruxp->rux_tu) {
882 * When we calibrate the cputicker, it is not uncommon to
883 * see the presumably fixed frequency increase slightly over
884 * time as a result of thermal stabilization and NTP
885 * discipline (of the reference clock). We therefore ignore
886 * a bit of backwards slop because we expect to catch up
887 * shortly. We use a 3 microsecond limit to catch low
888 * counts and a 1% limit for high counts.
893 } else { /* tu < ruxp->rux_tu */
895 * What happened here was likely that a laptop, which ran at
896 * a reduced clock frequency at boot, kicked into high gear.
897 * The wisdom of spamming this message in that case is
898 * dubious, but it might also be indicative of something
899 * serious, so lets keep it and hope laptops can be made
900 * more truthful about their CPU speed via ACPI.
902 printf("calcru: runtime went backwards from %ju usec "
903 "to %ju usec for pid %d (%s)\n",
904 (uintmax_t)ruxp->rux_tu, (uintmax_t)tu,
905 p->p_pid, p->p_comm);
914 up->tv_sec = uu / 1000000;
915 up->tv_usec = uu % 1000000;
916 sp->tv_sec = su / 1000000;
917 sp->tv_usec = su % 1000000;
920 #ifndef _SYS_SYSPROTO_H_
921 struct getrusage_args {
923 struct rusage *rusage;
928 register struct thread *td;
929 register struct getrusage_args *uap;
934 error = kern_getrusage(td, uap->who, &ru);
936 error = copyout(&ru, uap->rusage, sizeof(struct rusage));
941 kern_getrusage(struct thread *td, int who, struct rusage *rup)
951 rufetchcalc(p, rup, &rup->ru_utime,
955 case RUSAGE_CHILDREN:
956 *rup = p->p_stats->p_cru;
957 calccru(p, &rup->ru_utime, &rup->ru_stime);
966 calcru1(p, &td->td_rux, &rup->ru_utime, &rup->ru_stime);
978 rucollect(struct rusage *ru, struct rusage *ru2)
983 if (ru->ru_maxrss < ru2->ru_maxrss)
984 ru->ru_maxrss = ru2->ru_maxrss;
986 ip2 = &ru2->ru_first;
987 for (i = &ru->ru_last - &ru->ru_first; i >= 0; i--)
992 ruadd(struct rusage *ru, struct rusage_ext *rux, struct rusage *ru2,
993 struct rusage_ext *rux2)
996 rux->rux_runtime += rux2->rux_runtime;
997 rux->rux_uticks += rux2->rux_uticks;
998 rux->rux_sticks += rux2->rux_sticks;
999 rux->rux_iticks += rux2->rux_iticks;
1000 rux->rux_uu += rux2->rux_uu;
1001 rux->rux_su += rux2->rux_su;
1002 rux->rux_tu += rux2->rux_tu;
1007 * Aggregate tick counts into the proc's rusage_ext.
1010 ruxagg_locked(struct rusage_ext *rux, struct thread *td)
1013 THREAD_LOCK_ASSERT(td, MA_OWNED);
1014 PROC_SLOCK_ASSERT(td->td_proc, MA_OWNED);
1015 rux->rux_runtime += td->td_incruntime;
1016 rux->rux_uticks += td->td_uticks;
1017 rux->rux_sticks += td->td_sticks;
1018 rux->rux_iticks += td->td_iticks;
1022 ruxagg(struct proc *p, struct thread *td)
1026 ruxagg_locked(&p->p_rux, td);
1027 ruxagg_locked(&td->td_rux, td);
1028 td->td_incruntime = 0;
1036 * Update the rusage_ext structure and fetch a valid aggregate rusage
1037 * for proc p if storage for one is supplied.
1040 rufetch(struct proc *p, struct rusage *ru)
1044 PROC_SLOCK_ASSERT(p, MA_OWNED);
1047 if (p->p_numthreads > 0) {
1048 FOREACH_THREAD_IN_PROC(p, td) {
1050 rucollect(ru, &td->td_ru);
1056 * Atomically perform a rufetch and a calcru together.
1057 * Consumers, can safely assume the calcru is executed only once
1058 * rufetch is completed.
1061 rufetchcalc(struct proc *p, struct rusage *ru, struct timeval *up,
1072 * Allocate a new resource limits structure and initialize its
1073 * reference count and mutex pointer.
1078 struct plimit *limp;
1080 limp = malloc(sizeof(struct plimit), M_PLIMIT, M_WAITOK);
1081 refcount_init(&limp->pl_refcnt, 1);
1087 struct plimit *limp;
1090 refcount_acquire(&limp->pl_refcnt);
1095 lim_fork(struct proc *p1, struct proc *p2)
1097 p2->p_limit = lim_hold(p1->p_limit);
1098 callout_init_mtx(&p2->p_limco, &p2->p_mtx, 0);
1099 if (p1->p_cpulimit != RLIM_INFINITY)
1100 callout_reset(&p2->p_limco, hz, lim_cb, p2);
1105 struct plimit *limp;
1108 KASSERT(limp->pl_refcnt > 0, ("plimit refcnt underflow"));
1109 if (refcount_release(&limp->pl_refcnt))
1110 free((void *)limp, M_PLIMIT);
1114 * Make a copy of the plimit structure.
1115 * We share these structures copy-on-write after fork.
1119 struct plimit *dst, *src;
1122 KASSERT(dst->pl_refcnt == 1, ("lim_copy to shared limit"));
1123 bcopy(src->pl_rlimit, dst->pl_rlimit, sizeof(src->pl_rlimit));
1127 * Return the hard limit for a particular system resource. The
1128 * which parameter specifies the index into the rlimit array.
1131 lim_max(struct proc *p, int which)
1135 lim_rlimit(p, which, &rl);
1136 return (rl.rlim_max);
1140 * Return the current (soft) limit for a particular system resource.
1141 * The which parameter which specifies the index into the rlimit array
1144 lim_cur(struct proc *p, int which)
1148 lim_rlimit(p, which, &rl);
1149 return (rl.rlim_cur);
1153 * Return a copy of the entire rlimit structure for the system limit
1154 * specified by 'which' in the rlimit structure pointed to by 'rlp'.
1157 lim_rlimit(struct proc *p, int which, struct rlimit *rlp)
1160 PROC_LOCK_ASSERT(p, MA_OWNED);
1161 KASSERT(which >= 0 && which < RLIM_NLIMITS,
1162 ("request for invalid resource limit"));
1163 *rlp = p->p_limit->pl_rlimit[which];
1164 if (p->p_sysent->sv_fixlimit != NULL)
1165 p->p_sysent->sv_fixlimit(rlp, which);
1169 * Find the uidinfo structure for a uid. This structure is used to
1170 * track the total resource consumption (process count, socket buffer
1171 * size, etc.) for the uid and impose limits.
1177 uihashtbl = hashinit(maxproc / 16, M_UIDINFO, &uihash);
1178 rw_init(&uihashtbl_lock, "uidinfo hash");
1182 * Look up a uidinfo struct for the parameter uid.
1183 * uihashtbl_lock must be locked.
1185 static struct uidinfo *
1189 struct uihashhead *uipp;
1190 struct uidinfo *uip;
1192 rw_assert(&uihashtbl_lock, RA_LOCKED);
1194 LIST_FOREACH(uip, uipp, ui_hash)
1195 if (uip->ui_uid == uid)
1202 * Find or allocate a struct uidinfo for a particular uid.
1203 * Increase refcount on uidinfo struct returned.
1204 * uifree() should be called on a struct uidinfo when released.
1210 struct uidinfo *old_uip, *uip;
1212 rw_rlock(&uihashtbl_lock);
1213 uip = uilookup(uid);
1215 rw_runlock(&uihashtbl_lock);
1216 uip = malloc(sizeof(*uip), M_UIDINFO, M_WAITOK | M_ZERO);
1217 rw_wlock(&uihashtbl_lock);
1219 * There's a chance someone created our uidinfo while we
1220 * were in malloc and not holding the lock, so we have to
1221 * make sure we don't insert a duplicate uidinfo.
1223 if ((old_uip = uilookup(uid)) != NULL) {
1224 /* Someone else beat us to it. */
1225 free(uip, M_UIDINFO);
1228 refcount_init(&uip->ui_ref, 0);
1230 mtx_init(&uip->ui_vmsize_mtx, "ui_vmsize", NULL,
1232 LIST_INSERT_HEAD(UIHASH(uid), uip, ui_hash);
1236 rw_unlock(&uihashtbl_lock);
1241 * Place another refcount on a uidinfo struct.
1245 struct uidinfo *uip;
1248 refcount_acquire(&uip->ui_ref);
1252 * Since uidinfo structs have a long lifetime, we use an
1253 * opportunistic refcounting scheme to avoid locking the lookup hash
1256 * If the refcount hits 0, we need to free the structure,
1257 * which means we need to lock the hash.
1259 * After locking the struct and lowering the refcount, if we find
1260 * that we don't need to free, simply unlock and return.
1262 * If refcount lowering results in need to free, bump the count
1263 * back up, lose the lock and acquire the locks in the proper
1264 * order to try again.
1268 struct uidinfo *uip;
1272 /* Prepare for optimal case. */
1274 if (old > 1 && atomic_cmpset_int(&uip->ui_ref, old, old - 1))
1277 /* Prepare for suboptimal case. */
1278 rw_wlock(&uihashtbl_lock);
1279 if (refcount_release(&uip->ui_ref)) {
1280 LIST_REMOVE(uip, ui_hash);
1281 rw_wunlock(&uihashtbl_lock);
1282 if (uip->ui_sbsize != 0)
1283 printf("freeing uidinfo: uid = %d, sbsize = %ld\n",
1284 uip->ui_uid, uip->ui_sbsize);
1285 if (uip->ui_proccnt != 0)
1286 printf("freeing uidinfo: uid = %d, proccnt = %ld\n",
1287 uip->ui_uid, uip->ui_proccnt);
1288 if (uip->ui_vmsize != 0)
1289 printf("freeing uidinfo: uid = %d, swapuse = %lld\n",
1290 uip->ui_uid, (unsigned long long)uip->ui_vmsize);
1291 mtx_destroy(&uip->ui_vmsize_mtx);
1292 free(uip, M_UIDINFO);
1296 * Someone added a reference between atomic_cmpset_int() and
1297 * rw_wlock(&uihashtbl_lock).
1299 rw_wunlock(&uihashtbl_lock);
1303 * Change the count associated with number of processes
1304 * a given user is using. When 'max' is 0, don't enforce a limit
1307 chgproccnt(uip, diff, max)
1308 struct uidinfo *uip;
1313 /* Don't allow them to exceed max, but allow subtraction. */
1314 if (diff > 0 && max != 0) {
1315 if (atomic_fetchadd_long(&uip->ui_proccnt, (long)diff) + diff > max) {
1316 atomic_subtract_long(&uip->ui_proccnt, (long)diff);
1320 atomic_add_long(&uip->ui_proccnt, (long)diff);
1321 if (uip->ui_proccnt < 0)
1322 printf("negative proccnt for uid = %d\n", uip->ui_uid);
1328 * Change the total socket buffer size a user has used.
1331 chgsbsize(uip, hiwat, to, max)
1332 struct uidinfo *uip;
1341 if (atomic_fetchadd_long(&uip->ui_sbsize, (long)diff) + diff > max) {
1342 atomic_subtract_long(&uip->ui_sbsize, (long)diff);
1346 atomic_add_long(&uip->ui_sbsize, (long)diff);
1347 if (uip->ui_sbsize < 0)
1348 printf("negative sbsize for uid = %d\n", uip->ui_uid);
1355 * Change the count associated with number of pseudo-terminals
1356 * a given user is using. When 'max' is 0, don't enforce a limit
1359 chgptscnt(uip, diff, max)
1360 struct uidinfo *uip;
1365 /* Don't allow them to exceed max, but allow subtraction. */
1366 if (diff > 0 && max != 0) {
1367 if (atomic_fetchadd_long(&uip->ui_ptscnt, (long)diff) + diff > max) {
1368 atomic_subtract_long(&uip->ui_ptscnt, (long)diff);
1372 atomic_add_long(&uip->ui_ptscnt, (long)diff);
1373 if (uip->ui_ptscnt < 0)
1374 printf("negative ptscnt for uid = %d\n", uip->ui_uid);