2 * Copyright (c) 1982, 1986, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)kern_resource.c 8.5 (Berkeley) 1/21/94
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD$");
40 #include "opt_compat.h"
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/sysproto.h>
46 #include <sys/kernel.h>
48 #include <sys/malloc.h>
49 #include <sys/mutex.h>
52 #include <sys/refcount.h>
53 #include <sys/resourcevar.h>
54 #include <sys/sched.h>
56 #include <sys/syscallsubr.h>
57 #include <sys/sysent.h>
61 #include <vm/vm_param.h>
63 #include <vm/vm_map.h>
66 static MALLOC_DEFINE(M_PLIMIT, "plimit", "plimit structures");
67 static MALLOC_DEFINE(M_UIDINFO, "uidinfo", "uidinfo structures");
68 #define UIHASH(uid) (&uihashtbl[(uid) & uihash])
69 static struct mtx uihashtbl_mtx;
70 static LIST_HEAD(uihashhead, uidinfo) *uihashtbl;
71 static u_long uihash; /* size of hash table - 1 */
73 static void calcru1(struct proc *p, struct rusage_ext *ruxp,
74 struct timeval *up, struct timeval *sp);
75 static int donice(struct thread *td, struct proc *chgp, int n);
76 static struct uidinfo *uilookup(uid_t uid);
79 * Resource controls and accounting.
81 #ifndef _SYS_SYSPROTO_H_
82 struct getpriority_args {
90 register struct getpriority_args *uap;
102 low = td->td_proc->p_nice;
107 if (p_cansee(td, p) == 0)
114 sx_slock(&proctree_lock);
116 pg = td->td_proc->p_pgrp;
119 pg = pgfind(uap->who);
121 sx_sunlock(&proctree_lock);
125 sx_sunlock(&proctree_lock);
126 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
128 if (!p_cansee(td, p)) {
139 uap->who = td->td_ucred->cr_uid;
140 sx_slock(&allproc_lock);
141 FOREACH_PROC_IN_SYSTEM(p) {
142 /* Do not bother to check PRS_NEW processes */
143 if (p->p_state == PRS_NEW)
146 if (!p_cansee(td, p) &&
147 p->p_ucred->cr_uid == uap->who) {
153 sx_sunlock(&allproc_lock);
160 if (low == PRIO_MAX + 1 && error == 0)
162 td->td_retval[0] = low;
166 #ifndef _SYS_SYSPROTO_H_
167 struct setpriority_args {
176 struct setpriority_args *uap;
178 struct proc *curp, *p;
180 int found = 0, error = 0;
183 switch (uap->which) {
187 error = donice(td, curp, uap->prio);
193 if (p_cansee(td, p) == 0)
194 error = donice(td, p, uap->prio);
201 sx_slock(&proctree_lock);
206 pg = pgfind(uap->who);
208 sx_sunlock(&proctree_lock);
212 sx_sunlock(&proctree_lock);
213 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
215 if (!p_cansee(td, p)) {
216 error = donice(td, p, uap->prio);
226 uap->who = td->td_ucred->cr_uid;
227 sx_slock(&allproc_lock);
228 FOREACH_PROC_IN_SYSTEM(p) {
230 if (p->p_ucred->cr_uid == uap->who &&
232 error = donice(td, p, uap->prio);
237 sx_sunlock(&allproc_lock);
244 if (found == 0 && error == 0)
250 * Set "nice" for a (whole) process.
253 donice(struct thread *td, struct proc *p, int n)
257 PROC_LOCK_ASSERT(p, MA_OWNED);
258 if ((error = p_cansched(td, p)))
264 if (n < p->p_nice && priv_check(td, PRIV_SCHED_SETPRIORITY) != 0)
273 * Set realtime priority for LWP.
275 #ifndef _SYS_SYSPROTO_H_
276 struct rtprio_thread_args {
283 rtprio_thread(struct thread *td, struct rtprio_thread_args *uap)
291 /* Perform copyin before acquiring locks if needed. */
292 if (uap->function == RTP_SET)
293 cierror = copyin(uap->rtp, &rtp, sizeof(struct rtprio));
299 * Though lwpid is unique, only current process is supported
300 * since there is no efficient way to look up a LWP yet.
305 switch (uap->function) {
307 if ((error = p_cansee(td, p)))
310 if (uap->lwpid == 0 || uap->lwpid == td->td_tid)
313 td1 = thread_find(p, uap->lwpid);
315 pri_to_rtp(td1, &rtp);
320 return (copyout(&rtp, uap->rtp, sizeof(struct rtprio)));
322 if ((error = p_cansched(td, p)) || (error = cierror))
325 /* Disallow setting rtprio in most cases if not superuser. */
327 * Realtime priority has to be restricted for reasons which should be
328 * obvious. However, for idle priority, there is a potential for
329 * system deadlock if an idleprio process gains a lock on a resource
330 * that other processes need (and the idleprio process can't run
331 * due to a CPU-bound normal process). Fix me! XXX
334 if (RTP_PRIO_IS_REALTIME(rtp.type)) {
336 if (rtp.type != RTP_PRIO_NORMAL) {
338 error = priv_check(td, PRIV_SCHED_RTPRIO);
344 if (uap->lwpid == 0 || uap->lwpid == td->td_tid)
347 td1 = thread_find(p, uap->lwpid);
349 error = rtp_to_pri(&rtp, td1);
363 * Set realtime priority.
365 #ifndef _SYS_SYSPROTO_H_
374 struct thread *td; /* curthread */
375 register struct rtprio_args *uap;
383 /* Perform copyin before acquiring locks if needed. */
384 if (uap->function == RTP_SET)
385 cierror = copyin(uap->rtp, &rtp, sizeof(struct rtprio));
399 switch (uap->function) {
401 if ((error = p_cansee(td, p)))
405 * Return OUR priority if no pid specified,
406 * or if one is, report the highest priority
407 * in the process. There isn't much more you can do as
408 * there is only room to return a single priority.
409 * XXXKSE: maybe need a new interface to report
410 * priorities of multiple system scope threads.
411 * Note: specifying our own pid is not the same
412 * as leaving it zero.
415 pri_to_rtp(td, &rtp);
419 rtp.type = RTP_PRIO_IDLE;
420 rtp.prio = RTP_PRIO_MAX;
421 FOREACH_THREAD_IN_PROC(p, tdp) {
422 pri_to_rtp(tdp, &rtp2);
423 if (rtp2.type < rtp.type ||
424 (rtp2.type == rtp.type &&
425 rtp2.prio < rtp.prio)) {
426 rtp.type = rtp2.type;
427 rtp.prio = rtp2.prio;
433 return (copyout(&rtp, uap->rtp, sizeof(struct rtprio)));
435 if ((error = p_cansched(td, p)) || (error = cierror))
438 /* Disallow setting rtprio in most cases if not superuser. */
440 * Realtime priority has to be restricted for reasons which should be
441 * obvious. However, for idle priority, there is a potential for
442 * system deadlock if an idleprio process gains a lock on a resource
443 * that other processes need (and the idleprio process can't run
444 * due to a CPU-bound normal process). Fix me! XXX
447 if (RTP_PRIO_IS_REALTIME(rtp.type)) {
449 if (rtp.type != RTP_PRIO_NORMAL) {
451 error = priv_check(td, PRIV_SCHED_RTPRIO);
457 * If we are setting our own priority, set just our
458 * thread but if we are doing another process,
459 * do all the threads on that process. If we
460 * specify our own pid we do the latter.
464 error = rtp_to_pri(&rtp, td);
466 FOREACH_THREAD_IN_PROC(p, td) {
467 if ((error = rtp_to_pri(&rtp, td)) != 0)
482 rtp_to_pri(struct rtprio *rtp, struct thread *td)
486 if (rtp->prio > RTP_PRIO_MAX)
489 switch (RTP_PRIO_BASE(rtp->type)) {
490 case RTP_PRIO_REALTIME:
491 newpri = PRI_MIN_REALTIME + rtp->prio;
493 case RTP_PRIO_NORMAL:
494 newpri = PRI_MIN_TIMESHARE + rtp->prio;
497 newpri = PRI_MIN_IDLE + rtp->prio;
503 sched_class(td, rtp->type); /* XXX fix */
504 sched_user_prio(td, newpri);
506 sched_prio(curthread, td->td_user_pri); /* XXX dubious */
512 pri_to_rtp(struct thread *td, struct rtprio *rtp)
516 switch (PRI_BASE(td->td_pri_class)) {
518 rtp->prio = td->td_base_user_pri - PRI_MIN_REALTIME;
521 rtp->prio = td->td_base_user_pri - PRI_MIN_TIMESHARE;
524 rtp->prio = td->td_base_user_pri - PRI_MIN_IDLE;
529 rtp->type = td->td_pri_class;
533 #if defined(COMPAT_43)
534 #ifndef _SYS_SYSPROTO_H_
535 struct osetrlimit_args {
543 register struct osetrlimit_args *uap;
549 if ((error = copyin(uap->rlp, &olim, sizeof(struct orlimit))))
551 lim.rlim_cur = olim.rlim_cur;
552 lim.rlim_max = olim.rlim_max;
553 error = kern_setrlimit(td, uap->which, &lim);
557 #ifndef _SYS_SYSPROTO_H_
558 struct ogetrlimit_args {
566 register struct ogetrlimit_args *uap;
573 if (uap->which >= RLIM_NLIMITS)
577 lim_rlimit(p, uap->which, &rl);
581 * XXX would be more correct to convert only RLIM_INFINITY to the
582 * old RLIM_INFINITY and fail with EOVERFLOW for other larger
583 * values. Most 64->32 and 32->16 conversions, including not
584 * unimportant ones of uids are even more broken than what we
585 * do here (they blindly truncate). We don't do this correctly
586 * here since we have little experience with EOVERFLOW yet.
587 * Elsewhere, getuid() can't fail...
589 olim.rlim_cur = rl.rlim_cur > 0x7fffffff ? 0x7fffffff : rl.rlim_cur;
590 olim.rlim_max = rl.rlim_max > 0x7fffffff ? 0x7fffffff : rl.rlim_max;
591 error = copyout(&olim, uap->rlp, sizeof(olim));
594 #endif /* COMPAT_43 */
596 #ifndef _SYS_SYSPROTO_H_
597 struct __setrlimit_args {
605 register struct __setrlimit_args *uap;
610 if ((error = copyin(uap->rlp, &alim, sizeof(struct rlimit))))
612 error = kern_setrlimit(td, uap->which, &alim);
624 PROC_LOCK_ASSERT(p, MA_OWNED);
626 * Check if the process exceeds its cpu resource allocation. If
627 * it reaches the max, arrange to kill the process in ast().
629 if (p->p_cpulimit == RLIM_INFINITY)
632 FOREACH_THREAD_IN_PROC(p, td) {
634 ruxagg(&p->p_rux, td);
638 if (p->p_rux.rux_runtime > p->p_cpulimit * cpu_tickrate()) {
639 lim_rlimit(p, RLIMIT_CPU, &rlim);
640 if (p->p_rux.rux_runtime >= rlim.rlim_max * cpu_tickrate()) {
641 killproc(p, "exceeded maximum CPU limit");
643 if (p->p_cpulimit < rlim.rlim_max)
648 callout_reset(&p->p_limco, hz, lim_cb, p);
652 kern_setrlimit(td, which, limp)
657 struct plimit *newlim, *oldlim;
659 register struct rlimit *alimp;
663 if (which >= RLIM_NLIMITS)
667 * Preserve historical bugs by treating negative limits as unsigned.
669 if (limp->rlim_cur < 0)
670 limp->rlim_cur = RLIM_INFINITY;
671 if (limp->rlim_max < 0)
672 limp->rlim_max = RLIM_INFINITY;
676 newlim = lim_alloc();
679 alimp = &oldlim->pl_rlimit[which];
680 if (limp->rlim_cur > alimp->rlim_max ||
681 limp->rlim_max > alimp->rlim_max)
682 if ((error = priv_check(td, PRIV_PROC_SETRLIMIT))) {
687 if (limp->rlim_cur > limp->rlim_max)
688 limp->rlim_cur = limp->rlim_max;
689 lim_copy(newlim, oldlim);
690 alimp = &newlim->pl_rlimit[which];
695 if (limp->rlim_cur != RLIM_INFINITY &&
696 p->p_cpulimit == RLIM_INFINITY)
697 callout_reset(&p->p_limco, hz, lim_cb, p);
699 p->p_cpulimit = limp->rlim_cur;
703 if (limp->rlim_cur > maxdsiz)
704 limp->rlim_cur = maxdsiz;
705 if (limp->rlim_max > maxdsiz)
706 limp->rlim_max = maxdsiz;
710 if (limp->rlim_cur > maxssiz)
711 limp->rlim_cur = maxssiz;
712 if (limp->rlim_max > maxssiz)
713 limp->rlim_max = maxssiz;
714 oldssiz = alimp->rlim_cur;
718 if (limp->rlim_cur > maxfilesperproc)
719 limp->rlim_cur = maxfilesperproc;
720 if (limp->rlim_max > maxfilesperproc)
721 limp->rlim_max = maxfilesperproc;
725 if (limp->rlim_cur > maxprocperuid)
726 limp->rlim_cur = maxprocperuid;
727 if (limp->rlim_max > maxprocperuid)
728 limp->rlim_max = maxprocperuid;
729 if (limp->rlim_cur < 1)
731 if (limp->rlim_max < 1)
735 if (td->td_proc->p_sysent->sv_fixlimit != NULL)
736 td->td_proc->p_sysent->sv_fixlimit(limp, which);
742 if (which == RLIMIT_STACK) {
744 * Stack is allocated to the max at exec time with only
745 * "rlim_cur" bytes accessible. If stack limit is going
746 * up make more accessible, if going down make inaccessible.
748 if (limp->rlim_cur != oldssiz) {
753 if (limp->rlim_cur > oldssiz) {
754 prot = p->p_sysent->sv_stackprot;
755 size = limp->rlim_cur - oldssiz;
756 addr = p->p_sysent->sv_usrstack -
760 size = oldssiz - limp->rlim_cur;
761 addr = p->p_sysent->sv_usrstack - oldssiz;
763 addr = trunc_page(addr);
764 size = round_page(size);
765 (void)vm_map_protect(&p->p_vmspace->vm_map,
766 addr, addr + size, prot, FALSE);
773 #ifndef _SYS_SYSPROTO_H_
774 struct __getrlimit_args {
783 register struct __getrlimit_args *uap;
789 if (uap->which >= RLIM_NLIMITS)
793 lim_rlimit(p, uap->which, &rlim);
795 error = copyout(&rlim, uap->rlp, sizeof(struct rlimit));
800 * Transform the running time and tick information for children of proc p
801 * into user and system time usage.
810 PROC_LOCK_ASSERT(p, MA_OWNED);
811 calcru1(p, &p->p_crux, up, sp);
815 * Transform the running time and tick information in proc p into user
816 * and system time usage. If appropriate, include the current time slice
820 calcru(struct proc *p, struct timeval *up, struct timeval *sp)
825 PROC_LOCK_ASSERT(p, MA_OWNED);
826 PROC_SLOCK_ASSERT(p, MA_OWNED);
828 * If we are getting stats for the current process, then add in the
829 * stats that this thread has accumulated in its current time slice.
830 * We reset the thread and CPU state as if we had performed a context
834 if (td->td_proc == p) {
836 p->p_rux.rux_runtime += u - PCPU_GET(switchtime);
837 PCPU_SET(switchtime, u);
839 calcru1(p, &p->p_rux, up, sp);
843 calcru1(struct proc *p, struct rusage_ext *ruxp, struct timeval *up,
846 /* {user, system, interrupt, total} {ticks, usec}: */
847 u_int64_t ut, uu, st, su, it, tt, tu;
849 ut = ruxp->rux_uticks;
850 st = ruxp->rux_sticks;
851 it = ruxp->rux_iticks;
854 /* Avoid divide by zero */
858 tu = cputick2usec(ruxp->rux_runtime);
859 if ((int64_t)tu < 0) {
860 /* XXX: this should be an assert /phk */
861 printf("calcru: negative runtime of %jd usec for pid %d (%s)\n",
862 (intmax_t)tu, p->p_pid, p->p_comm);
866 if (tu >= ruxp->rux_tu) {
868 * The normal case, time increased.
869 * Enforce monotonicity of bucketed numbers.
872 if (uu < ruxp->rux_uu)
875 if (su < ruxp->rux_su)
877 } else if (tu + 3 > ruxp->rux_tu || 101 * tu > 100 * ruxp->rux_tu) {
879 * When we calibrate the cputicker, it is not uncommon to
880 * see the presumably fixed frequency increase slightly over
881 * time as a result of thermal stabilization and NTP
882 * discipline (of the reference clock). We therefore ignore
883 * a bit of backwards slop because we expect to catch up
884 * shortly. We use a 3 microsecond limit to catch low
885 * counts and a 1% limit for high counts.
890 } else { /* tu < ruxp->rux_tu */
892 * What happene here was likely that a laptop, which ran at
893 * a reduced clock frequency at boot, kicked into high gear.
894 * The wisdom of spamming this message in that case is
895 * dubious, but it might also be indicative of something
896 * serious, so lets keep it and hope laptops can be made
897 * more truthful about their CPU speed via ACPI.
899 printf("calcru: runtime went backwards from %ju usec "
900 "to %ju usec for pid %d (%s)\n",
901 (uintmax_t)ruxp->rux_tu, (uintmax_t)tu,
902 p->p_pid, p->p_comm);
911 up->tv_sec = uu / 1000000;
912 up->tv_usec = uu % 1000000;
913 sp->tv_sec = su / 1000000;
914 sp->tv_usec = su % 1000000;
917 #ifndef _SYS_SYSPROTO_H_
918 struct getrusage_args {
920 struct rusage *rusage;
925 register struct thread *td;
926 register struct getrusage_args *uap;
931 error = kern_getrusage(td, uap->who, &ru);
933 error = copyout(&ru, uap->rusage, sizeof(struct rusage));
938 kern_getrusage(td, who, rup)
950 rufetchcalc(p, rup, &rup->ru_utime,
954 case RUSAGE_CHILDREN:
955 *rup = p->p_stats->p_cru;
956 calccru(p, &rup->ru_utime, &rup->ru_stime);
968 rucollect(struct rusage *ru, struct rusage *ru2)
973 if (ru->ru_maxrss < ru2->ru_maxrss)
974 ru->ru_maxrss = ru2->ru_maxrss;
976 ip2 = &ru2->ru_first;
977 for (i = &ru->ru_last - &ru->ru_first; i >= 0; i--)
982 ruadd(struct rusage *ru, struct rusage_ext *rux, struct rusage *ru2,
983 struct rusage_ext *rux2)
986 rux->rux_runtime += rux2->rux_runtime;
987 rux->rux_uticks += rux2->rux_uticks;
988 rux->rux_sticks += rux2->rux_sticks;
989 rux->rux_iticks += rux2->rux_iticks;
990 rux->rux_uu += rux2->rux_uu;
991 rux->rux_su += rux2->rux_su;
992 rux->rux_tu += rux2->rux_tu;
997 * Aggregate tick counts into the proc's rusage_ext.
1000 ruxagg(struct rusage_ext *rux, struct thread *td)
1003 THREAD_LOCK_ASSERT(td, MA_OWNED);
1004 PROC_SLOCK_ASSERT(td->td_proc, MA_OWNED);
1005 rux->rux_runtime += td->td_runtime;
1006 rux->rux_uticks += td->td_uticks;
1007 rux->rux_sticks += td->td_sticks;
1008 rux->rux_iticks += td->td_iticks;
1016 * Update the rusage_ext structure and fetch a valid aggregate rusage
1017 * for proc p if storage for one is supplied.
1020 rufetch(struct proc *p, struct rusage *ru)
1024 PROC_SLOCK_ASSERT(p, MA_OWNED);
1027 if (p->p_numthreads > 0) {
1028 FOREACH_THREAD_IN_PROC(p, td) {
1030 ruxagg(&p->p_rux, td);
1032 rucollect(ru, &td->td_ru);
1038 * Atomically perform a rufetch and a calcru together.
1039 * Consumers, can safely assume the calcru is executed only once
1040 * rufetch is completed.
1043 rufetchcalc(struct proc *p, struct rusage *ru, struct timeval *up,
1054 * Allocate a new resource limits structure and initialize its
1055 * reference count and mutex pointer.
1060 struct plimit *limp;
1062 limp = malloc(sizeof(struct plimit), M_PLIMIT, M_WAITOK);
1063 refcount_init(&limp->pl_refcnt, 1);
1069 struct plimit *limp;
1072 refcount_acquire(&limp->pl_refcnt);
1077 lim_fork(struct proc *p1, struct proc *p2)
1079 p2->p_limit = lim_hold(p1->p_limit);
1080 callout_init_mtx(&p2->p_limco, &p2->p_mtx, 0);
1081 if (p1->p_cpulimit != RLIM_INFINITY)
1082 callout_reset(&p2->p_limco, hz, lim_cb, p2);
1087 struct plimit *limp;
1090 KASSERT(limp->pl_refcnt > 0, ("plimit refcnt underflow"));
1091 if (refcount_release(&limp->pl_refcnt))
1092 free((void *)limp, M_PLIMIT);
1096 * Make a copy of the plimit structure.
1097 * We share these structures copy-on-write after fork.
1101 struct plimit *dst, *src;
1104 KASSERT(dst->pl_refcnt == 1, ("lim_copy to shared limit"));
1105 bcopy(src->pl_rlimit, dst->pl_rlimit, sizeof(src->pl_rlimit));
1109 * Return the hard limit for a particular system resource. The
1110 * which parameter specifies the index into the rlimit array.
1113 lim_max(struct proc *p, int which)
1117 lim_rlimit(p, which, &rl);
1118 return (rl.rlim_max);
1122 * Return the current (soft) limit for a particular system resource.
1123 * The which parameter which specifies the index into the rlimit array
1126 lim_cur(struct proc *p, int which)
1130 lim_rlimit(p, which, &rl);
1131 return (rl.rlim_cur);
1135 * Return a copy of the entire rlimit structure for the system limit
1136 * specified by 'which' in the rlimit structure pointed to by 'rlp'.
1139 lim_rlimit(struct proc *p, int which, struct rlimit *rlp)
1142 PROC_LOCK_ASSERT(p, MA_OWNED);
1143 KASSERT(which >= 0 && which < RLIM_NLIMITS,
1144 ("request for invalid resource limit"));
1145 *rlp = p->p_limit->pl_rlimit[which];
1146 if (p->p_sysent->sv_fixlimit != NULL)
1147 p->p_sysent->sv_fixlimit(rlp, which);
1151 * Find the uidinfo structure for a uid. This structure is used to
1152 * track the total resource consumption (process count, socket buffer
1153 * size, etc.) for the uid and impose limits.
1159 uihashtbl = hashinit(maxproc / 16, M_UIDINFO, &uihash);
1160 mtx_init(&uihashtbl_mtx, "uidinfo hash", NULL, MTX_DEF);
1164 * Look up a uidinfo struct for the parameter uid.
1165 * uihashtbl_mtx must be locked.
1167 static struct uidinfo *
1171 struct uihashhead *uipp;
1172 struct uidinfo *uip;
1174 mtx_assert(&uihashtbl_mtx, MA_OWNED);
1176 LIST_FOREACH(uip, uipp, ui_hash)
1177 if (uip->ui_uid == uid)
1184 * Find or allocate a struct uidinfo for a particular uid.
1185 * Increase refcount on uidinfo struct returned.
1186 * uifree() should be called on a struct uidinfo when released.
1192 struct uidinfo *old_uip, *uip;
1194 mtx_lock(&uihashtbl_mtx);
1195 uip = uilookup(uid);
1197 mtx_unlock(&uihashtbl_mtx);
1198 uip = malloc(sizeof(*uip), M_UIDINFO, M_WAITOK | M_ZERO);
1199 mtx_lock(&uihashtbl_mtx);
1201 * There's a chance someone created our uidinfo while we
1202 * were in malloc and not holding the lock, so we have to
1203 * make sure we don't insert a duplicate uidinfo.
1205 if ((old_uip = uilookup(uid)) != NULL) {
1206 /* Someone else beat us to it. */
1207 free(uip, M_UIDINFO);
1210 uip->ui_mtxp = mtx_pool_alloc(mtxpool_sleep);
1212 LIST_INSERT_HEAD(UIHASH(uid), uip, ui_hash);
1216 mtx_unlock(&uihashtbl_mtx);
1221 * Place another refcount on a uidinfo struct.
1225 struct uidinfo *uip;
1230 UIDINFO_UNLOCK(uip);
1234 * Since uidinfo structs have a long lifetime, we use an
1235 * opportunistic refcounting scheme to avoid locking the lookup hash
1238 * If the refcount hits 0, we need to free the structure,
1239 * which means we need to lock the hash.
1241 * After locking the struct and lowering the refcount, if we find
1242 * that we don't need to free, simply unlock and return.
1244 * If refcount lowering results in need to free, bump the count
1245 * back up, lose the lock and acquire the locks in the proper
1246 * order to try again.
1250 struct uidinfo *uip;
1253 /* Prepare for optimal case. */
1256 if (--uip->ui_ref != 0) {
1257 UIDINFO_UNLOCK(uip);
1261 /* Prepare for suboptimal case. */
1263 UIDINFO_UNLOCK(uip);
1264 mtx_lock(&uihashtbl_mtx);
1268 * We must subtract one from the count again because we backed out
1269 * our initial subtraction before dropping the lock.
1270 * Since another thread may have added a reference after we dropped the
1271 * initial lock we have to test for zero again.
1273 if (--uip->ui_ref == 0) {
1274 LIST_REMOVE(uip, ui_hash);
1275 mtx_unlock(&uihashtbl_mtx);
1276 if (uip->ui_sbsize != 0)
1277 printf("freeing uidinfo: uid = %d, sbsize = %jd\n",
1278 uip->ui_uid, (intmax_t)uip->ui_sbsize);
1279 if (uip->ui_proccnt != 0)
1280 printf("freeing uidinfo: uid = %d, proccnt = %ld\n",
1281 uip->ui_uid, uip->ui_proccnt);
1282 UIDINFO_UNLOCK(uip);
1283 FREE(uip, M_UIDINFO);
1287 mtx_unlock(&uihashtbl_mtx);
1288 UIDINFO_UNLOCK(uip);
1292 * Change the count associated with number of processes
1293 * a given user is using. When 'max' is 0, don't enforce a limit
1296 chgproccnt(uip, diff, max)
1297 struct uidinfo *uip;
1303 /* Don't allow them to exceed max, but allow subtraction. */
1304 if (diff > 0 && uip->ui_proccnt + diff > max && max != 0) {
1305 UIDINFO_UNLOCK(uip);
1308 uip->ui_proccnt += diff;
1309 if (uip->ui_proccnt < 0)
1310 printf("negative proccnt for uid = %d\n", uip->ui_uid);
1311 UIDINFO_UNLOCK(uip);
1316 * Change the total socket buffer size a user has used.
1319 chgsbsize(uip, hiwat, to, max)
1320 struct uidinfo *uip;
1328 new = uip->ui_sbsize + to - *hiwat;
1329 /* Don't allow them to exceed max, but allow subtraction. */
1330 if (to > *hiwat && new > max) {
1331 UIDINFO_UNLOCK(uip);
1334 uip->ui_sbsize = new;
1335 UIDINFO_UNLOCK(uip);
1338 printf("negative sbsize for uid = %d\n", uip->ui_uid);