2 * Copyright (c) 1982, 1986, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)kern_resource.c 8.5 (Berkeley) 1/21/94
35 * $FreeBSD: src/sys/kern/kern_resource.c,v 1.55.2.5 2001/11/03 01:41:08 ps Exp $
38 #include "opt_compat.h"
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/sysproto.h>
44 #include <sys/kern_syscall.h>
45 #include <sys/kernel.h>
46 #include <sys/resourcevar.h>
47 #include <sys/malloc.h>
51 #include <sys/lockf.h>
54 #include <vm/vm_param.h>
57 #include <vm/vm_map.h>
59 #include <sys/thread2.h>
60 #include <sys/spinlock2.h>
62 static int donice (struct proc *chgp, int n);
63 static int doionice (struct proc *chgp, int n);
65 static MALLOC_DEFINE(M_UIDINFO, "uidinfo", "uidinfo structures");
66 #define UIHASH(uid) (&uihashtbl[(uid) & uihash])
67 static struct spinlock uihash_lock;
68 static LIST_HEAD(uihashhead, uidinfo) *uihashtbl;
69 static u_long uihash; /* size of hash table - 1 */
71 static struct uidinfo *uicreate (uid_t uid);
72 static struct uidinfo *uilookup (uid_t uid);
75 * Resource controls and accounting.
78 struct getpriority_info {
83 static int getpriority_callback(struct proc *p, void *data);
89 sys_getpriority(struct getpriority_args *uap)
91 struct getpriority_info info;
92 thread_t curtd = curthread;
93 struct proc *curp = curproc;
96 int low = PRIO_MAX + 1;
106 lwkt_gettoken_shared(&p->p_token);
107 if (PRISON_CHECK(curtd->td_ucred, p->p_ucred))
109 lwkt_reltoken(&p->p_token);
116 lwkt_gettoken_shared(&curp->p_token);
119 lwkt_reltoken(&curp->p_token);
120 } else if ((pg = pgfind(uap->who)) == NULL) {
122 } /* else ref held from pgfind */
124 lwkt_gettoken_shared(&pg->pg_token);
125 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
126 if (PRISON_CHECK(curtd->td_ucred, p->p_ucred) &&
131 lwkt_reltoken(&pg->pg_token);
136 uap->who = curtd->td_ucred->cr_uid;
139 allproc_scan(getpriority_callback, &info);
147 if (low == PRIO_MAX + 1) {
151 uap->sysmsg_result = low;
158 * Figure out the current lowest nice priority for processes owned
159 * by the specified user.
163 getpriority_callback(struct proc *p, void *data)
165 struct getpriority_info *info = data;
167 lwkt_gettoken_shared(&p->p_token);
168 if (PRISON_CHECK(curthread->td_ucred, p->p_ucred) &&
169 p->p_ucred->cr_uid == info->who &&
170 p->p_nice < info->low) {
171 info->low = p->p_nice;
173 lwkt_reltoken(&p->p_token);
177 struct setpriority_info {
184 static int setpriority_callback(struct proc *p, void *data);
190 sys_setpriority(struct setpriority_args *uap)
192 struct setpriority_info info;
193 thread_t curtd = curthread;
194 struct proc *curp = curproc;
197 int found = 0, error = 0;
199 switch (uap->which) {
202 lwkt_gettoken(&curp->p_token);
203 error = donice(curp, uap->prio);
205 lwkt_reltoken(&curp->p_token);
209 lwkt_gettoken(&p->p_token);
210 if (PRISON_CHECK(curtd->td_ucred, p->p_ucred)) {
211 error = donice(p, uap->prio);
214 lwkt_reltoken(&p->p_token);
221 lwkt_gettoken_shared(&curp->p_token);
224 lwkt_reltoken(&curp->p_token);
225 } else if ((pg = pgfind(uap->who)) == NULL) {
227 } /* else ref held from pgfind */
229 lwkt_gettoken(&pg->pg_token);
231 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
233 lwkt_gettoken(&p->p_token);
234 if (p->p_pgrp == pg &&
235 PRISON_CHECK(curtd->td_ucred, p->p_ucred)) {
236 error = donice(p, uap->prio);
239 lwkt_reltoken(&p->p_token);
240 if (p->p_pgrp != pg) {
246 lwkt_reltoken(&pg->pg_token);
251 uap->who = curtd->td_ucred->cr_uid;
252 info.prio = uap->prio;
256 allproc_scan(setpriority_callback, &info);
273 setpriority_callback(struct proc *p, void *data)
275 struct setpriority_info *info = data;
278 lwkt_gettoken(&p->p_token);
279 if (p->p_ucred->cr_uid == info->who &&
280 PRISON_CHECK(curthread->td_ucred, p->p_ucred)) {
281 error = donice(p, info->prio);
286 lwkt_reltoken(&p->p_token);
291 * Caller must hold chgp->p_token
294 donice(struct proc *chgp, int n)
296 struct ucred *cr = curthread->td_ucred;
299 if (cr->cr_uid && cr->cr_ruid &&
300 cr->cr_uid != chgp->p_ucred->cr_uid &&
301 cr->cr_ruid != chgp->p_ucred->cr_uid)
307 if (n < chgp->p_nice && priv_check_cred(cr, PRIV_SCHED_SETPRIORITY, 0))
310 FOREACH_LWP_IN_PROC(lp, chgp) {
312 chgp->p_usched->resetpriority(lp);
319 struct ioprio_get_info {
324 static int ioprio_get_callback(struct proc *p, void *data);
330 sys_ioprio_get(struct ioprio_get_args *uap)
332 struct ioprio_get_info info;
333 thread_t curtd = curthread;
334 struct proc *curp = curproc;
337 int high = IOPRIO_MIN-2;
340 switch (uap->which) {
343 high = curp->p_ionice;
347 lwkt_gettoken_shared(&p->p_token);
348 if (PRISON_CHECK(curtd->td_ucred, p->p_ucred))
350 lwkt_reltoken(&p->p_token);
357 lwkt_gettoken_shared(&curp->p_token);
360 lwkt_reltoken(&curp->p_token);
361 } else if ((pg = pgfind(uap->who)) == NULL) {
363 } /* else ref held from pgfind */
365 lwkt_gettoken_shared(&pg->pg_token);
366 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
367 if (PRISON_CHECK(curtd->td_ucred, p->p_ucred) &&
371 lwkt_reltoken(&pg->pg_token);
376 uap->who = curtd->td_ucred->cr_uid;
379 allproc_scan(ioprio_get_callback, &info);
386 if (high == IOPRIO_MIN-2) {
390 uap->sysmsg_result = high;
397 * Figure out the current lowest nice priority for processes owned
398 * by the specified user.
402 ioprio_get_callback(struct proc *p, void *data)
404 struct ioprio_get_info *info = data;
406 lwkt_gettoken_shared(&p->p_token);
407 if (PRISON_CHECK(curthread->td_ucred, p->p_ucred) &&
408 p->p_ucred->cr_uid == info->who &&
409 p->p_ionice > info->high) {
410 info->high = p->p_ionice;
412 lwkt_reltoken(&p->p_token);
417 struct ioprio_set_info {
424 static int ioprio_set_callback(struct proc *p, void *data);
430 sys_ioprio_set(struct ioprio_set_args *uap)
432 struct ioprio_set_info info;
433 thread_t curtd = curthread;
434 struct proc *curp = curproc;
437 int found = 0, error = 0;
439 switch (uap->which) {
442 lwkt_gettoken(&curp->p_token);
443 error = doionice(curp, uap->prio);
444 lwkt_reltoken(&curp->p_token);
449 lwkt_gettoken(&p->p_token);
450 if (PRISON_CHECK(curtd->td_ucred, p->p_ucred)) {
451 error = doionice(p, uap->prio);
454 lwkt_reltoken(&p->p_token);
461 lwkt_gettoken_shared(&curp->p_token);
464 lwkt_reltoken(&curp->p_token);
465 } else if ((pg = pgfind(uap->who)) == NULL) {
467 } /* else ref held from pgfind */
469 lwkt_gettoken(&pg->pg_token);
471 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
473 lwkt_gettoken(&p->p_token);
474 if (p->p_pgrp == pg &&
475 PRISON_CHECK(curtd->td_ucred, p->p_ucred)) {
476 error = doionice(p, uap->prio);
479 lwkt_reltoken(&p->p_token);
480 if (p->p_pgrp != pg) {
486 lwkt_reltoken(&pg->pg_token);
491 uap->who = curtd->td_ucred->cr_uid;
492 info.prio = uap->prio;
496 allproc_scan(ioprio_set_callback, &info);
513 ioprio_set_callback(struct proc *p, void *data)
515 struct ioprio_set_info *info = data;
518 lwkt_gettoken(&p->p_token);
519 if (p->p_ucred->cr_uid == info->who &&
520 PRISON_CHECK(curthread->td_ucred, p->p_ucred)) {
521 error = doionice(p, info->prio);
526 lwkt_reltoken(&p->p_token);
531 doionice(struct proc *chgp, int n)
533 struct ucred *cr = curthread->td_ucred;
535 if (cr->cr_uid && cr->cr_ruid &&
536 cr->cr_uid != chgp->p_ucred->cr_uid &&
537 cr->cr_ruid != chgp->p_ucred->cr_uid)
543 if (n < chgp->p_ionice &&
544 priv_check_cred(cr, PRIV_SCHED_SETPRIORITY, 0))
556 sys_lwp_rtprio(struct lwp_rtprio_args *uap)
558 struct ucred *cr = curthread->td_ucred;
564 error = copyin(uap->rtp, &rtp, sizeof(struct rtprio));
580 lwkt_gettoken(&p->p_token);
586 if (uap->tid == -1) {
588 * sadly, tid can be 0 so we can't use 0 here
591 lp = curthread->td_lwp;
593 lp = lwp_rb_tree_RB_LOOKUP(&p->p_lwp_tree, uap->tid);
601 * Make sure that this lwp is not ripped if any of the following
602 * code blocks, e.g. copyout.
605 switch (uap->function) {
607 error = copyout(&lp->lwp_rtprio, uap->rtp,
608 sizeof(struct rtprio));
611 if (cr->cr_uid && cr->cr_ruid &&
612 cr->cr_uid != p->p_ucred->cr_uid &&
613 cr->cr_ruid != p->p_ucred->cr_uid) {
617 /* disallow setting rtprio in most cases if not superuser */
618 if (priv_check_cred(cr, PRIV_SCHED_RTPRIO, 0)) {
619 /* can't set someone else's */
620 if (uap->pid) { /* XXX */
624 /* can't set realtime priority */
626 * Realtime priority has to be restricted for reasons which should be
627 * obvious. However, for idle priority, there is a potential for
628 * system deadlock if an idleprio process gains a lock on a resource
629 * that other processes need (and the idleprio process can't run
630 * due to a CPU-bound normal process). Fix me! XXX
632 if (RTP_PRIO_IS_REALTIME(rtp.type)) {
641 case RTP_PRIO_REALTIME:
642 case RTP_PRIO_NORMAL:
644 if (rtp.prio > RTP_PRIO_MAX) {
647 lp->lwp_rtprio = rtp;
664 lwkt_reltoken(&p->p_token);
671 * Set realtime priority
676 sys_rtprio(struct rtprio_args *uap)
678 struct ucred *cr = curthread->td_ucred;
684 error = copyin(uap->rtp, &rtp, sizeof(struct rtprio));
699 lwkt_gettoken(&p->p_token);
702 lp = FIRST_LWP_IN_PROC(p);
703 switch (uap->function) {
705 error = copyout(&lp->lwp_rtprio, uap->rtp,
706 sizeof(struct rtprio));
709 if (cr->cr_uid && cr->cr_ruid &&
710 cr->cr_uid != p->p_ucred->cr_uid &&
711 cr->cr_ruid != p->p_ucred->cr_uid) {
715 /* disallow setting rtprio in most cases if not superuser */
716 if (priv_check_cred(cr, PRIV_SCHED_RTPRIO, 0)) {
717 /* can't set someone else's */
722 /* can't set realtime priority */
724 * Realtime priority has to be restricted for reasons which should be
725 * obvious. However, for idle priority, there is a potential for
726 * system deadlock if an idleprio process gains a lock on a resource
727 * that other processes need (and the idleprio process can't run
728 * due to a CPU-bound normal process). Fix me! XXX
730 if (RTP_PRIO_IS_REALTIME(rtp.type)) {
739 case RTP_PRIO_REALTIME:
740 case RTP_PRIO_NORMAL:
742 if (rtp.prio > RTP_PRIO_MAX) {
746 lp->lwp_rtprio = rtp;
760 lwkt_reltoken(&p->p_token);
771 sys_setrlimit(struct __setrlimit_args *uap)
776 error = copyin(uap->rlp, &alim, sizeof(alim));
780 error = kern_setrlimit(uap->which, &alim);
789 sys_getrlimit(struct __getrlimit_args *uap)
794 error = kern_getrlimit(uap->which, &lim);
797 error = copyout(&lim, uap->rlp, sizeof(*uap->rlp));
802 * Transform the running time and tick information in lwp lp's thread into user,
803 * system, and interrupt time usage.
805 * Since we are limited to statclock tick granularity this is a statisical
806 * calculation which will be correct over the long haul, but should not be
807 * expected to measure fine grained deltas.
809 * It is possible to catch a lwp in the midst of being created, so
810 * check whether lwp_thread is NULL or not.
813 calcru(struct lwp *lp, struct timeval *up, struct timeval *sp)
818 * Calculate at the statclock level. YYY if the thread is owned by
819 * another cpu we need to forward the request to the other cpu, or
820 * have a token to interlock the information in order to avoid racing
821 * thread destruction.
823 if ((td = lp->lwp_thread) != NULL) {
825 up->tv_sec = td->td_uticks / 1000000;
826 up->tv_usec = td->td_uticks % 1000000;
827 sp->tv_sec = td->td_sticks / 1000000;
828 sp->tv_usec = td->td_sticks % 1000000;
834 * Aggregate resource statistics of all lwps of a process.
836 * proc.p_ru keeps track of all statistics directly related to a proc. This
837 * consists of RSS usage and nswap information and aggregate numbers for all
838 * former lwps of this proc.
840 * proc.p_cru is the sum of all stats of reaped children.
842 * lwp.lwp_ru contains the stats directly related to one specific lwp, meaning
843 * packet, scheduler switch or page fault counts, etc. This information gets
844 * added to lwp.lwp_proc.p_ru when the lwp exits.
847 calcru_proc(struct proc *p, struct rusage *ru)
849 struct timeval upt, spt;
855 FOREACH_LWP_IN_PROC(lp, p) {
856 calcru(lp, &upt, &spt);
857 timevaladd(&ru->ru_utime, &upt);
858 timevaladd(&ru->ru_stime, &spt);
859 for (rip1 = &ru->ru_first, rip2 = &lp->lwp_ru.ru_first;
860 rip1 <= &ru->ru_last;
871 sys_getrusage(struct getrusage_args *uap)
873 struct proc *p = curproc;
878 lwkt_gettoken(&p->p_token);
886 case RUSAGE_CHILDREN:
894 lwkt_reltoken(&p->p_token);
897 error = copyout(rup, uap->rusage, sizeof(struct rusage));
902 ruadd(struct rusage *ru, struct rusage *ru2)
907 timevaladd(&ru->ru_utime, &ru2->ru_utime);
908 timevaladd(&ru->ru_stime, &ru2->ru_stime);
909 if (ru->ru_maxrss < ru2->ru_maxrss)
910 ru->ru_maxrss = ru2->ru_maxrss;
911 ip = &ru->ru_first; ip2 = &ru2->ru_first;
912 for (i = &ru->ru_last - &ru->ru_first; i >= 0; i--)
917 * Find the uidinfo structure for a uid. This structure is used to
918 * track the total resource consumption (process count, socket buffer
919 * size, etc.) for the uid and impose limits.
924 spin_init(&uihash_lock, "uihashinit");
925 uihashtbl = hashinit(maxproc / 16, M_UIDINFO, &uihash);
929 * NOTE: Must be called with uihash_lock held
933 static struct uidinfo *
936 struct uihashhead *uipp;
940 LIST_FOREACH(uip, uipp, ui_hash) {
941 if (uip->ui_uid == uid)
948 * Helper function to creat ea uid that could not be found.
949 * This function will properly deal with races.
953 static struct uidinfo *
956 struct uidinfo *uip, *tmp;
959 * Allocate space and check for a race
961 uip = kmalloc(sizeof(*uip), M_UIDINFO, M_WAITOK|M_ZERO);
964 * Initialize structure and enter it into the hash table
966 spin_init(&uip->ui_lock, "uicreate");
968 uip->ui_ref = 1; /* we're returning a ref */
969 varsymset_init(&uip->ui_varsymset, NULL);
972 * Somebody may have already created the uidinfo for this
973 * uid. If so, return that instead.
975 spin_lock(&uihash_lock);
979 spin_unlock(&uihash_lock);
981 spin_uninit(&uip->ui_lock);
982 varsymset_clean(&uip->ui_varsymset);
983 kfree(uip, M_UIDINFO);
986 LIST_INSERT_HEAD(UIHASH(uid), uip, ui_hash);
987 spin_unlock(&uihash_lock);
1000 struct uidinfo *uip;
1002 spin_lock(&uihash_lock);
1003 uip = uilookup(uid);
1005 spin_unlock(&uihash_lock);
1006 uip = uicreate(uid);
1009 spin_unlock(&uihash_lock);
1015 * Helper funtion to remove a uidinfo whos reference count is
1016 * transitioning from 1->0. The reference count is 1 on call.
1018 * Zero is returned on success, otherwise non-zero and the
1019 * uiphas not been removed.
1024 uifree(struct uidinfo *uip)
1027 * If we are still the only holder after acquiring the uihash_lock
1028 * we can safely unlink the uip and destroy it. Otherwise we lost
1029 * a race and must fail.
1031 spin_lock(&uihash_lock);
1032 if (uip->ui_ref != 1) {
1033 spin_unlock(&uihash_lock);
1036 LIST_REMOVE(uip, ui_hash);
1037 spin_unlock(&uihash_lock);
1040 * The uip is now orphaned and we can destroy it at our
1043 if (uip->ui_sbsize != 0)
1044 kprintf("freeing uidinfo: uid = %d, sbsize = %jd\n",
1045 uip->ui_uid, (intmax_t)uip->ui_sbsize);
1046 if (uip->ui_proccnt != 0)
1047 kprintf("freeing uidinfo: uid = %d, proccnt = %ld\n",
1048 uip->ui_uid, uip->ui_proccnt);
1050 varsymset_clean(&uip->ui_varsymset);
1051 lockuninit(&uip->ui_varsymset.vx_lock);
1052 spin_uninit(&uip->ui_lock);
1053 kfree(uip, M_UIDINFO);
1061 uihold(struct uidinfo *uip)
1063 atomic_add_int(&uip->ui_ref, 1);
1064 KKASSERT(uip->ui_ref >= 0);
1068 * NOTE: It is important for us to not drop the ref count to 0
1069 * because this can cause a 2->0/2->0 race with another
1070 * concurrent dropper. Losing the race in that situation
1071 * can cause uip to become stale for one of the other
1077 uidrop(struct uidinfo *uip)
1081 KKASSERT(uip->ui_ref > 0);
1087 if (uifree(uip) == 0)
1089 } else if (atomic_cmpset_int(&uip->ui_ref, ref, ref - 1)) {
1097 uireplace(struct uidinfo **puip, struct uidinfo *nuip)
1104 * Change the count associated with number of processes
1105 * a given user is using. When 'max' is 0, don't enforce a limit
1108 chgproccnt(struct uidinfo *uip, int diff, int max)
1111 spin_lock(&uip->ui_lock);
1112 /* don't allow them to exceed max, but allow subtraction */
1113 if (diff > 0 && uip->ui_proccnt + diff > max && max != 0) {
1116 uip->ui_proccnt += diff;
1117 if (uip->ui_proccnt < 0)
1118 kprintf("negative proccnt for uid = %d\n", uip->ui_uid);
1121 spin_unlock(&uip->ui_lock);
1126 * Change the total socket buffer size a user has used.
1129 chgsbsize(struct uidinfo *uip, u_long *hiwat, u_long to, rlim_t max)
1136 sbsize = atomic_fetchadd_long(&uip->ui_sbsize, to - *hiwat);
1137 new = sbsize + to - *hiwat;
1139 spin_lock(&uip->ui_lock);
1140 new = uip->ui_sbsize + to - *hiwat;
1141 uip->ui_sbsize = new;
1142 spin_unlock(&uip->ui_lock);
1147 * If we are trying to increase the socket buffer size
1148 * Scale down the hi water mark when we exceed the user's
1149 * allowed socket buffer space.
1151 * We can't scale down too much or we will blow up atomic packet
1154 if (to > *hiwat && to > MCLBYTES && new > max) {
1155 to = to * max / new;