FreeBSD/Linux Kernel Cross Reference
sys/kern/kern_rctl.c
1 /*-
2 * Copyright (c) 2010 The FreeBSD Foundation
3 * All rights reserved.
4 *
5 * This software was developed by Edward Tomasz Napierala under sponsorship
6 * from the FreeBSD Foundation.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $FreeBSD: releng/10.0/sys/kern/kern_rctl.c 242139 2012-10-26 16:01:08Z trasz $
30 */
31
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD: releng/10.0/sys/kern/kern_rctl.c 242139 2012-10-26 16:01:08Z trasz $");
34
35 #include <sys/param.h>
36 #include <sys/bus.h>
37 #include <sys/malloc.h>
38 #include <sys/queue.h>
39 #include <sys/refcount.h>
40 #include <sys/jail.h>
41 #include <sys/kernel.h>
42 #include <sys/limits.h>
43 #include <sys/loginclass.h>
44 #include <sys/priv.h>
45 #include <sys/proc.h>
46 #include <sys/racct.h>
47 #include <sys/rctl.h>
48 #include <sys/resourcevar.h>
49 #include <sys/sx.h>
50 #include <sys/sysent.h>
51 #include <sys/sysproto.h>
52 #include <sys/systm.h>
53 #include <sys/types.h>
54 #include <sys/eventhandler.h>
55 #include <sys/lock.h>
56 #include <sys/mutex.h>
57 #include <sys/rwlock.h>
58 #include <sys/sbuf.h>
59 #include <sys/taskqueue.h>
60 #include <sys/tree.h>
61 #include <vm/uma.h>
62
63 #ifdef RCTL
64 #ifndef RACCT
65 #error "The RCTL option requires the RACCT option"
66 #endif
67
68 FEATURE(rctl, "Resource Limits");
69
70 #define HRF_DEFAULT 0
71 #define HRF_DONT_INHERIT 1
72 #define HRF_DONT_ACCUMULATE 2
73
74 /* Default buffer size for rctl_get_rules(2). */
75 #define RCTL_DEFAULT_BUFSIZE 4096
76 #define RCTL_MAX_INBUFLEN 4096
77 #define RCTL_LOG_BUFSIZE 128
78
79 #define RCTL_PCPU_SHIFT (10 * 1000000)
80
81 /*
82 * 'rctl_rule_link' connects a rule with every racct it's related to.
83 * For example, rule 'user:X:openfiles:deny=N/process' is linked
84 * with uidinfo for user X, and to each process of that user.
85 */
86 struct rctl_rule_link {
87 LIST_ENTRY(rctl_rule_link) rrl_next;
88 struct rctl_rule *rrl_rule;
89 int rrl_exceeded;
90 };
91
92 struct dict {
93 const char *d_name;
94 int d_value;
95 };
96
97 static struct dict subjectnames[] = {
98 { "process", RCTL_SUBJECT_TYPE_PROCESS },
99 { "user", RCTL_SUBJECT_TYPE_USER },
100 { "loginclass", RCTL_SUBJECT_TYPE_LOGINCLASS },
101 { "jail", RCTL_SUBJECT_TYPE_JAIL },
102 { NULL, -1 }};
103
104 static struct dict resourcenames[] = {
105 { "cputime", RACCT_CPU },
106 { "datasize", RACCT_DATA },
107 { "stacksize", RACCT_STACK },
108 { "coredumpsize", RACCT_CORE },
109 { "memoryuse", RACCT_RSS },
110 { "memorylocked", RACCT_MEMLOCK },
111 { "maxproc", RACCT_NPROC },
112 { "openfiles", RACCT_NOFILE },
113 { "vmemoryuse", RACCT_VMEM },
114 { "pseudoterminals", RACCT_NPTS },
115 { "swapuse", RACCT_SWAP },
116 { "nthr", RACCT_NTHR },
117 { "msgqqueued", RACCT_MSGQQUEUED },
118 { "msgqsize", RACCT_MSGQSIZE },
119 { "nmsgq", RACCT_NMSGQ },
120 { "nsem", RACCT_NSEM },
121 { "nsemop", RACCT_NSEMOP },
122 { "nshm", RACCT_NSHM },
123 { "shmsize", RACCT_SHMSIZE },
124 { "wallclock", RACCT_WALLCLOCK },
125 { "pcpu", RACCT_PCTCPU },
126 { NULL, -1 }};
127
128 static struct dict actionnames[] = {
129 { "sighup", RCTL_ACTION_SIGHUP },
130 { "sigint", RCTL_ACTION_SIGINT },
131 { "sigquit", RCTL_ACTION_SIGQUIT },
132 { "sigill", RCTL_ACTION_SIGILL },
133 { "sigtrap", RCTL_ACTION_SIGTRAP },
134 { "sigabrt", RCTL_ACTION_SIGABRT },
135 { "sigemt", RCTL_ACTION_SIGEMT },
136 { "sigfpe", RCTL_ACTION_SIGFPE },
137 { "sigkill", RCTL_ACTION_SIGKILL },
138 { "sigbus", RCTL_ACTION_SIGBUS },
139 { "sigsegv", RCTL_ACTION_SIGSEGV },
140 { "sigsys", RCTL_ACTION_SIGSYS },
141 { "sigpipe", RCTL_ACTION_SIGPIPE },
142 { "sigalrm", RCTL_ACTION_SIGALRM },
143 { "sigterm", RCTL_ACTION_SIGTERM },
144 { "sigurg", RCTL_ACTION_SIGURG },
145 { "sigstop", RCTL_ACTION_SIGSTOP },
146 { "sigtstp", RCTL_ACTION_SIGTSTP },
147 { "sigchld", RCTL_ACTION_SIGCHLD },
148 { "sigttin", RCTL_ACTION_SIGTTIN },
149 { "sigttou", RCTL_ACTION_SIGTTOU },
150 { "sigio", RCTL_ACTION_SIGIO },
151 { "sigxcpu", RCTL_ACTION_SIGXCPU },
152 { "sigxfsz", RCTL_ACTION_SIGXFSZ },
153 { "sigvtalrm", RCTL_ACTION_SIGVTALRM },
154 { "sigprof", RCTL_ACTION_SIGPROF },
155 { "sigwinch", RCTL_ACTION_SIGWINCH },
156 { "siginfo", RCTL_ACTION_SIGINFO },
157 { "sigusr1", RCTL_ACTION_SIGUSR1 },
158 { "sigusr2", RCTL_ACTION_SIGUSR2 },
159 { "sigthr", RCTL_ACTION_SIGTHR },
160 { "deny", RCTL_ACTION_DENY },
161 { "log", RCTL_ACTION_LOG },
162 { "devctl", RCTL_ACTION_DEVCTL },
163 { NULL, -1 }};
164
165 static void rctl_init(void);
166 SYSINIT(rctl, SI_SUB_RACCT, SI_ORDER_FIRST, rctl_init, NULL);
167
168 static uma_zone_t rctl_rule_link_zone;
169 static uma_zone_t rctl_rule_zone;
170 static struct rwlock rctl_lock;
171 RW_SYSINIT(rctl_lock, &rctl_lock, "RCTL lock");
172
173 static int rctl_rule_fully_specified(const struct rctl_rule *rule);
174 static void rctl_rule_to_sbuf(struct sbuf *sb, const struct rctl_rule *rule);
175
176 static MALLOC_DEFINE(M_RCTL, "rctl", "Resource Limits");
177
178 static const char *
179 rctl_subject_type_name(int subject)
180 {
181 int i;
182
183 for (i = 0; subjectnames[i].d_name != NULL; i++) {
184 if (subjectnames[i].d_value == subject)
185 return (subjectnames[i].d_name);
186 }
187
188 panic("rctl_subject_type_name: unknown subject type %d", subject);
189 }
190
191 static const char *
192 rctl_action_name(int action)
193 {
194 int i;
195
196 for (i = 0; actionnames[i].d_name != NULL; i++) {
197 if (actionnames[i].d_value == action)
198 return (actionnames[i].d_name);
199 }
200
201 panic("rctl_action_name: unknown action %d", action);
202 }
203
204 const char *
205 rctl_resource_name(int resource)
206 {
207 int i;
208
209 for (i = 0; resourcenames[i].d_name != NULL; i++) {
210 if (resourcenames[i].d_value == resource)
211 return (resourcenames[i].d_name);
212 }
213
214 panic("rctl_resource_name: unknown resource %d", resource);
215 }
216
217 /*
218 * Return the amount of resource that can be allocated by 'p' before
219 * hitting 'rule'.
220 */
221 static int64_t
222 rctl_available_resource(const struct proc *p, const struct rctl_rule *rule)
223 {
224 int resource;
225 int64_t available = INT64_MAX;
226 struct ucred *cred = p->p_ucred;
227
228 rw_assert(&rctl_lock, RA_LOCKED);
229
230 resource = rule->rr_resource;
231 switch (rule->rr_per) {
232 case RCTL_SUBJECT_TYPE_PROCESS:
233 available = rule->rr_amount -
234 p->p_racct->r_resources[resource];
235 break;
236 case RCTL_SUBJECT_TYPE_USER:
237 available = rule->rr_amount -
238 cred->cr_ruidinfo->ui_racct->r_resources[resource];
239 break;
240 case RCTL_SUBJECT_TYPE_LOGINCLASS:
241 available = rule->rr_amount -
242 cred->cr_loginclass->lc_racct->r_resources[resource];
243 break;
244 case RCTL_SUBJECT_TYPE_JAIL:
245 available = rule->rr_amount -
246 cred->cr_prison->pr_prison_racct->prr_racct->
247 r_resources[resource];
248 break;
249 default:
250 panic("rctl_compute_available: unknown per %d",
251 rule->rr_per);
252 }
253
254 return (available);
255 }
256
257 /*
258 * Return non-zero if allocating 'amount' by proc 'p' would exceed
259 * resource limit specified by 'rule'.
260 */
261 static int
262 rctl_would_exceed(const struct proc *p, const struct rctl_rule *rule,
263 int64_t amount)
264 {
265 int64_t available;
266
267 rw_assert(&rctl_lock, RA_LOCKED);
268
269 available = rctl_available_resource(p, rule);
270 if (available >= amount)
271 return (0);
272
273 return (1);
274 }
275
276 /*
277 * Special version of rctl_available() function for the %cpu resource.
278 * We slightly cheat here and return less than we normally would.
279 */
280 int64_t
281 rctl_pcpu_available(const struct proc *p) {
282 struct rctl_rule *rule;
283 struct rctl_rule_link *link;
284 int64_t available, minavailable, limit;
285
286 minavailable = INT64_MAX;
287 limit = 0;
288
289 rw_rlock(&rctl_lock);
290
291 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
292 rule = link->rrl_rule;
293 if (rule->rr_resource != RACCT_PCTCPU)
294 continue;
295 if (rule->rr_action != RCTL_ACTION_DENY)
296 continue;
297 available = rctl_available_resource(p, rule);
298 if (available < minavailable) {
299 minavailable = available;
300 limit = rule->rr_amount;
301 }
302 }
303
304 rw_runlock(&rctl_lock);
305
306 /*
307 * Return slightly less than actual value of the available
308 * %cpu resource. This makes %cpu throttling more agressive
309 * and lets us act sooner than the limits are already exceeded.
310 */
311 if (limit != 0) {
312 if (limit > 2 * RCTL_PCPU_SHIFT)
313 minavailable -= RCTL_PCPU_SHIFT;
314 else
315 minavailable -= (limit / 2);
316 }
317
318 return (minavailable);
319 }
320
321 /*
322 * Check whether the proc 'p' can allocate 'amount' of 'resource' in addition
323 * to what it keeps allocated now. Returns non-zero if the allocation should
324 * be denied, 0 otherwise.
325 */
326 int
327 rctl_enforce(struct proc *p, int resource, uint64_t amount)
328 {
329 struct rctl_rule *rule;
330 struct rctl_rule_link *link;
331 struct sbuf sb;
332 int should_deny = 0;
333 char *buf;
334 static int curtime = 0;
335 static struct timeval lasttime;
336
337 rw_rlock(&rctl_lock);
338
339 /*
340 * There may be more than one matching rule; go through all of them.
341 * Denial should be done last, after logging and sending signals.
342 */
343 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
344 rule = link->rrl_rule;
345 if (rule->rr_resource != resource)
346 continue;
347 if (!rctl_would_exceed(p, rule, amount)) {
348 link->rrl_exceeded = 0;
349 continue;
350 }
351
352 switch (rule->rr_action) {
353 case RCTL_ACTION_DENY:
354 should_deny = 1;
355 continue;
356 case RCTL_ACTION_LOG:
357 /*
358 * If rrl_exceeded != 0, it means we've already
359 * logged a warning for this process.
360 */
361 if (link->rrl_exceeded != 0)
362 continue;
363
364 /*
365 * If the process state is not fully initialized yet,
366 * we can't access most of the required fields, e.g.
367 * p->p_comm. This happens when called from fork1().
368 * Ignore this rule for now; it will be processed just
369 * after fork, when called from racct_proc_fork_done().
370 */
371 if (p->p_state != PRS_NORMAL)
372 continue;
373
374 if (!ppsratecheck(&lasttime, &curtime, 10))
375 continue;
376
377 buf = malloc(RCTL_LOG_BUFSIZE, M_RCTL, M_NOWAIT);
378 if (buf == NULL) {
379 printf("rctl_enforce: out of memory\n");
380 continue;
381 }
382 sbuf_new(&sb, buf, RCTL_LOG_BUFSIZE, SBUF_FIXEDLEN);
383 rctl_rule_to_sbuf(&sb, rule);
384 sbuf_finish(&sb);
385 printf("rctl: rule \"%s\" matched by pid %d "
386 "(%s), uid %d, jail %s\n", sbuf_data(&sb),
387 p->p_pid, p->p_comm, p->p_ucred->cr_uid,
388 p->p_ucred->cr_prison->pr_prison_racct->prr_name);
389 sbuf_delete(&sb);
390 free(buf, M_RCTL);
391 link->rrl_exceeded = 1;
392 continue;
393 case RCTL_ACTION_DEVCTL:
394 if (link->rrl_exceeded != 0)
395 continue;
396
397 if (p->p_state != PRS_NORMAL)
398 continue;
399
400 buf = malloc(RCTL_LOG_BUFSIZE, M_RCTL, M_NOWAIT);
401 if (buf == NULL) {
402 printf("rctl_enforce: out of memory\n");
403 continue;
404 }
405 sbuf_new(&sb, buf, RCTL_LOG_BUFSIZE, SBUF_FIXEDLEN);
406 sbuf_printf(&sb, "rule=");
407 rctl_rule_to_sbuf(&sb, rule);
408 sbuf_printf(&sb, " pid=%d ruid=%d jail=%s",
409 p->p_pid, p->p_ucred->cr_ruid,
410 p->p_ucred->cr_prison->pr_prison_racct->prr_name);
411 sbuf_finish(&sb);
412 devctl_notify_f("RCTL", "rule", "matched",
413 sbuf_data(&sb), M_NOWAIT);
414 sbuf_delete(&sb);
415 free(buf, M_RCTL);
416 link->rrl_exceeded = 1;
417 continue;
418 default:
419 if (link->rrl_exceeded != 0)
420 continue;
421
422 if (p->p_state != PRS_NORMAL)
423 continue;
424
425 KASSERT(rule->rr_action > 0 &&
426 rule->rr_action <= RCTL_ACTION_SIGNAL_MAX,
427 ("rctl_enforce: unknown action %d",
428 rule->rr_action));
429
430 /*
431 * We're using the fact that RCTL_ACTION_SIG* values
432 * are equal to their counterparts from sys/signal.h.
433 */
434 kern_psignal(p, rule->rr_action);
435 link->rrl_exceeded = 1;
436 continue;
437 }
438 }
439
440 rw_runlock(&rctl_lock);
441
442 if (should_deny) {
443 /*
444 * Return fake error code; the caller should change it
445 * into one proper for the situation - EFSIZ, ENOMEM etc.
446 */
447 return (EDOOFUS);
448 }
449
450 return (0);
451 }
452
453 uint64_t
454 rctl_get_limit(struct proc *p, int resource)
455 {
456 struct rctl_rule *rule;
457 struct rctl_rule_link *link;
458 uint64_t amount = UINT64_MAX;
459
460 rw_rlock(&rctl_lock);
461
462 /*
463 * There may be more than one matching rule; go through all of them.
464 * Denial should be done last, after logging and sending signals.
465 */
466 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
467 rule = link->rrl_rule;
468 if (rule->rr_resource != resource)
469 continue;
470 if (rule->rr_action != RCTL_ACTION_DENY)
471 continue;
472 if (rule->rr_amount < amount)
473 amount = rule->rr_amount;
474 }
475
476 rw_runlock(&rctl_lock);
477
478 return (amount);
479 }
480
481 uint64_t
482 rctl_get_available(struct proc *p, int resource)
483 {
484 struct rctl_rule *rule;
485 struct rctl_rule_link *link;
486 int64_t available, minavailable, allocated;
487
488 minavailable = INT64_MAX;
489
490 rw_rlock(&rctl_lock);
491
492 /*
493 * There may be more than one matching rule; go through all of them.
494 * Denial should be done last, after logging and sending signals.
495 */
496 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
497 rule = link->rrl_rule;
498 if (rule->rr_resource != resource)
499 continue;
500 if (rule->rr_action != RCTL_ACTION_DENY)
501 continue;
502 available = rctl_available_resource(p, rule);
503 if (available < minavailable)
504 minavailable = available;
505 }
506
507 rw_runlock(&rctl_lock);
508
509 /*
510 * XXX: Think about this _hard_.
511 */
512 allocated = p->p_racct->r_resources[resource];
513 if (minavailable < INT64_MAX - allocated)
514 minavailable += allocated;
515 if (minavailable < 0)
516 minavailable = 0;
517 return (minavailable);
518 }
519
520 static int
521 rctl_rule_matches(const struct rctl_rule *rule, const struct rctl_rule *filter)
522 {
523
524 if (filter->rr_subject_type != RCTL_SUBJECT_TYPE_UNDEFINED) {
525 if (rule->rr_subject_type != filter->rr_subject_type)
526 return (0);
527
528 switch (filter->rr_subject_type) {
529 case RCTL_SUBJECT_TYPE_PROCESS:
530 if (filter->rr_subject.rs_proc != NULL &&
531 rule->rr_subject.rs_proc !=
532 filter->rr_subject.rs_proc)
533 return (0);
534 break;
535 case RCTL_SUBJECT_TYPE_USER:
536 if (filter->rr_subject.rs_uip != NULL &&
537 rule->rr_subject.rs_uip !=
538 filter->rr_subject.rs_uip)
539 return (0);
540 break;
541 case RCTL_SUBJECT_TYPE_LOGINCLASS:
542 if (filter->rr_subject.rs_loginclass != NULL &&
543 rule->rr_subject.rs_loginclass !=
544 filter->rr_subject.rs_loginclass)
545 return (0);
546 break;
547 case RCTL_SUBJECT_TYPE_JAIL:
548 if (filter->rr_subject.rs_prison_racct != NULL &&
549 rule->rr_subject.rs_prison_racct !=
550 filter->rr_subject.rs_prison_racct)
551 return (0);
552 break;
553 default:
554 panic("rctl_rule_matches: unknown subject type %d",
555 filter->rr_subject_type);
556 }
557 }
558
559 if (filter->rr_resource != RACCT_UNDEFINED) {
560 if (rule->rr_resource != filter->rr_resource)
561 return (0);
562 }
563
564 if (filter->rr_action != RCTL_ACTION_UNDEFINED) {
565 if (rule->rr_action != filter->rr_action)
566 return (0);
567 }
568
569 if (filter->rr_amount != RCTL_AMOUNT_UNDEFINED) {
570 if (rule->rr_amount != filter->rr_amount)
571 return (0);
572 }
573
574 if (filter->rr_per != RCTL_SUBJECT_TYPE_UNDEFINED) {
575 if (rule->rr_per != filter->rr_per)
576 return (0);
577 }
578
579 return (1);
580 }
581
582 static int
583 str2value(const char *str, int *value, struct dict *table)
584 {
585 int i;
586
587 if (value == NULL)
588 return (EINVAL);
589
590 for (i = 0; table[i].d_name != NULL; i++) {
591 if (strcasecmp(table[i].d_name, str) == 0) {
592 *value = table[i].d_value;
593 return (0);
594 }
595 }
596
597 return (EINVAL);
598 }
599
600 static int
601 str2id(const char *str, id_t *value)
602 {
603 char *end;
604
605 if (str == NULL)
606 return (EINVAL);
607
608 *value = strtoul(str, &end, 10);
609 if ((size_t)(end - str) != strlen(str))
610 return (EINVAL);
611
612 return (0);
613 }
614
615 static int
616 str2int64(const char *str, int64_t *value)
617 {
618 char *end;
619
620 if (str == NULL)
621 return (EINVAL);
622
623 *value = strtoul(str, &end, 10);
624 if ((size_t)(end - str) != strlen(str))
625 return (EINVAL);
626
627 return (0);
628 }
629
630 /*
631 * Connect the rule to the racct, increasing refcount for the rule.
632 */
633 static void
634 rctl_racct_add_rule(struct racct *racct, struct rctl_rule *rule)
635 {
636 struct rctl_rule_link *link;
637
638 KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified"));
639
640 rctl_rule_acquire(rule);
641 link = uma_zalloc(rctl_rule_link_zone, M_WAITOK);
642 link->rrl_rule = rule;
643 link->rrl_exceeded = 0;
644
645 rw_wlock(&rctl_lock);
646 LIST_INSERT_HEAD(&racct->r_rule_links, link, rrl_next);
647 rw_wunlock(&rctl_lock);
648 }
649
650 static int
651 rctl_racct_add_rule_locked(struct racct *racct, struct rctl_rule *rule)
652 {
653 struct rctl_rule_link *link;
654
655 KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified"));
656 rw_assert(&rctl_lock, RA_WLOCKED);
657
658 link = uma_zalloc(rctl_rule_link_zone, M_NOWAIT);
659 if (link == NULL)
660 return (ENOMEM);
661 rctl_rule_acquire(rule);
662 link->rrl_rule = rule;
663 link->rrl_exceeded = 0;
664
665 LIST_INSERT_HEAD(&racct->r_rule_links, link, rrl_next);
666 return (0);
667 }
668
669 /*
670 * Remove limits for a rules matching the filter and release
671 * the refcounts for the rules, possibly freeing them. Returns
672 * the number of limit structures removed.
673 */
674 static int
675 rctl_racct_remove_rules(struct racct *racct,
676 const struct rctl_rule *filter)
677 {
678 int removed = 0;
679 struct rctl_rule_link *link, *linktmp;
680
681 rw_assert(&rctl_lock, RA_WLOCKED);
682
683 LIST_FOREACH_SAFE(link, &racct->r_rule_links, rrl_next, linktmp) {
684 if (!rctl_rule_matches(link->rrl_rule, filter))
685 continue;
686
687 LIST_REMOVE(link, rrl_next);
688 rctl_rule_release(link->rrl_rule);
689 uma_zfree(rctl_rule_link_zone, link);
690 removed++;
691 }
692 return (removed);
693 }
694
695 static void
696 rctl_rule_acquire_subject(struct rctl_rule *rule)
697 {
698
699 switch (rule->rr_subject_type) {
700 case RCTL_SUBJECT_TYPE_UNDEFINED:
701 case RCTL_SUBJECT_TYPE_PROCESS:
702 break;
703 case RCTL_SUBJECT_TYPE_JAIL:
704 if (rule->rr_subject.rs_prison_racct != NULL)
705 prison_racct_hold(rule->rr_subject.rs_prison_racct);
706 break;
707 case RCTL_SUBJECT_TYPE_USER:
708 if (rule->rr_subject.rs_uip != NULL)
709 uihold(rule->rr_subject.rs_uip);
710 break;
711 case RCTL_SUBJECT_TYPE_LOGINCLASS:
712 if (rule->rr_subject.rs_loginclass != NULL)
713 loginclass_hold(rule->rr_subject.rs_loginclass);
714 break;
715 default:
716 panic("rctl_rule_acquire_subject: unknown subject type %d",
717 rule->rr_subject_type);
718 }
719 }
720
721 static void
722 rctl_rule_release_subject(struct rctl_rule *rule)
723 {
724
725 switch (rule->rr_subject_type) {
726 case RCTL_SUBJECT_TYPE_UNDEFINED:
727 case RCTL_SUBJECT_TYPE_PROCESS:
728 break;
729 case RCTL_SUBJECT_TYPE_JAIL:
730 if (rule->rr_subject.rs_prison_racct != NULL)
731 prison_racct_free(rule->rr_subject.rs_prison_racct);
732 break;
733 case RCTL_SUBJECT_TYPE_USER:
734 if (rule->rr_subject.rs_uip != NULL)
735 uifree(rule->rr_subject.rs_uip);
736 break;
737 case RCTL_SUBJECT_TYPE_LOGINCLASS:
738 if (rule->rr_subject.rs_loginclass != NULL)
739 loginclass_free(rule->rr_subject.rs_loginclass);
740 break;
741 default:
742 panic("rctl_rule_release_subject: unknown subject type %d",
743 rule->rr_subject_type);
744 }
745 }
746
747 struct rctl_rule *
748 rctl_rule_alloc(int flags)
749 {
750 struct rctl_rule *rule;
751
752 rule = uma_zalloc(rctl_rule_zone, flags);
753 if (rule == NULL)
754 return (NULL);
755 rule->rr_subject_type = RCTL_SUBJECT_TYPE_UNDEFINED;
756 rule->rr_subject.rs_proc = NULL;
757 rule->rr_subject.rs_uip = NULL;
758 rule->rr_subject.rs_loginclass = NULL;
759 rule->rr_subject.rs_prison_racct = NULL;
760 rule->rr_per = RCTL_SUBJECT_TYPE_UNDEFINED;
761 rule->rr_resource = RACCT_UNDEFINED;
762 rule->rr_action = RCTL_ACTION_UNDEFINED;
763 rule->rr_amount = RCTL_AMOUNT_UNDEFINED;
764 refcount_init(&rule->rr_refcount, 1);
765
766 return (rule);
767 }
768
769 struct rctl_rule *
770 rctl_rule_duplicate(const struct rctl_rule *rule, int flags)
771 {
772 struct rctl_rule *copy;
773
774 copy = uma_zalloc(rctl_rule_zone, flags);
775 if (copy == NULL)
776 return (NULL);
777 copy->rr_subject_type = rule->rr_subject_type;
778 copy->rr_subject.rs_proc = rule->rr_subject.rs_proc;
779 copy->rr_subject.rs_uip = rule->rr_subject.rs_uip;
780 copy->rr_subject.rs_loginclass = rule->rr_subject.rs_loginclass;
781 copy->rr_subject.rs_prison_racct = rule->rr_subject.rs_prison_racct;
782 copy->rr_per = rule->rr_per;
783 copy->rr_resource = rule->rr_resource;
784 copy->rr_action = rule->rr_action;
785 copy->rr_amount = rule->rr_amount;
786 refcount_init(©->rr_refcount, 1);
787 rctl_rule_acquire_subject(copy);
788
789 return (copy);
790 }
791
792 void
793 rctl_rule_acquire(struct rctl_rule *rule)
794 {
795
796 KASSERT(rule->rr_refcount > 0, ("rule->rr_refcount <= 0"));
797
798 refcount_acquire(&rule->rr_refcount);
799 }
800
801 static void
802 rctl_rule_free(void *context, int pending)
803 {
804 struct rctl_rule *rule;
805
806 rule = (struct rctl_rule *)context;
807
808 KASSERT(rule->rr_refcount == 0, ("rule->rr_refcount != 0"));
809
810 /*
811 * We don't need locking here; rule is guaranteed to be inaccessible.
812 */
813
814 rctl_rule_release_subject(rule);
815 uma_zfree(rctl_rule_zone, rule);
816 }
817
818 void
819 rctl_rule_release(struct rctl_rule *rule)
820 {
821
822 KASSERT(rule->rr_refcount > 0, ("rule->rr_refcount <= 0"));
823
824 if (refcount_release(&rule->rr_refcount)) {
825 /*
826 * rctl_rule_release() is often called when iterating
827 * over all the uidinfo structures in the system,
828 * holding uihashtbl_lock. Since rctl_rule_free()
829 * might end up calling uifree(), this would lead
830 * to lock recursion. Use taskqueue to avoid this.
831 */
832 TASK_INIT(&rule->rr_task, 0, rctl_rule_free, rule);
833 taskqueue_enqueue(taskqueue_thread, &rule->rr_task);
834 }
835 }
836
837 static int
838 rctl_rule_fully_specified(const struct rctl_rule *rule)
839 {
840
841 switch (rule->rr_subject_type) {
842 case RCTL_SUBJECT_TYPE_UNDEFINED:
843 return (0);
844 case RCTL_SUBJECT_TYPE_PROCESS:
845 if (rule->rr_subject.rs_proc == NULL)
846 return (0);
847 break;
848 case RCTL_SUBJECT_TYPE_USER:
849 if (rule->rr_subject.rs_uip == NULL)
850 return (0);
851 break;
852 case RCTL_SUBJECT_TYPE_LOGINCLASS:
853 if (rule->rr_subject.rs_loginclass == NULL)
854 return (0);
855 break;
856 case RCTL_SUBJECT_TYPE_JAIL:
857 if (rule->rr_subject.rs_prison_racct == NULL)
858 return (0);
859 break;
860 default:
861 panic("rctl_rule_fully_specified: unknown subject type %d",
862 rule->rr_subject_type);
863 }
864 if (rule->rr_resource == RACCT_UNDEFINED)
865 return (0);
866 if (rule->rr_action == RCTL_ACTION_UNDEFINED)
867 return (0);
868 if (rule->rr_amount == RCTL_AMOUNT_UNDEFINED)
869 return (0);
870 if (rule->rr_per == RCTL_SUBJECT_TYPE_UNDEFINED)
871 return (0);
872
873 return (1);
874 }
875
876 static int
877 rctl_string_to_rule(char *rulestr, struct rctl_rule **rulep)
878 {
879 int error = 0;
880 char *subjectstr, *subject_idstr, *resourcestr, *actionstr,
881 *amountstr, *perstr;
882 struct rctl_rule *rule;
883 id_t id;
884
885 rule = rctl_rule_alloc(M_WAITOK);
886
887 subjectstr = strsep(&rulestr, ":");
888 subject_idstr = strsep(&rulestr, ":");
889 resourcestr = strsep(&rulestr, ":");
890 actionstr = strsep(&rulestr, "=/");
891 amountstr = strsep(&rulestr, "/");
892 perstr = rulestr;
893
894 if (subjectstr == NULL || subjectstr[0] == '\0')
895 rule->rr_subject_type = RCTL_SUBJECT_TYPE_UNDEFINED;
896 else {
897 error = str2value(subjectstr, &rule->rr_subject_type, subjectnames);
898 if (error != 0)
899 goto out;
900 }
901
902 if (subject_idstr == NULL || subject_idstr[0] == '\0') {
903 rule->rr_subject.rs_proc = NULL;
904 rule->rr_subject.rs_uip = NULL;
905 rule->rr_subject.rs_loginclass = NULL;
906 rule->rr_subject.rs_prison_racct = NULL;
907 } else {
908 switch (rule->rr_subject_type) {
909 case RCTL_SUBJECT_TYPE_UNDEFINED:
910 error = EINVAL;
911 goto out;
912 case RCTL_SUBJECT_TYPE_PROCESS:
913 error = str2id(subject_idstr, &id);
914 if (error != 0)
915 goto out;
916 sx_assert(&allproc_lock, SA_LOCKED);
917 rule->rr_subject.rs_proc = pfind(id);
918 if (rule->rr_subject.rs_proc == NULL) {
919 error = ESRCH;
920 goto out;
921 }
922 PROC_UNLOCK(rule->rr_subject.rs_proc);
923 break;
924 case RCTL_SUBJECT_TYPE_USER:
925 error = str2id(subject_idstr, &id);
926 if (error != 0)
927 goto out;
928 rule->rr_subject.rs_uip = uifind(id);
929 break;
930 case RCTL_SUBJECT_TYPE_LOGINCLASS:
931 rule->rr_subject.rs_loginclass =
932 loginclass_find(subject_idstr);
933 if (rule->rr_subject.rs_loginclass == NULL) {
934 error = ENAMETOOLONG;
935 goto out;
936 }
937 break;
938 case RCTL_SUBJECT_TYPE_JAIL:
939 rule->rr_subject.rs_prison_racct =
940 prison_racct_find(subject_idstr);
941 if (rule->rr_subject.rs_prison_racct == NULL) {
942 error = ENAMETOOLONG;
943 goto out;
944 }
945 break;
946 default:
947 panic("rctl_string_to_rule: unknown subject type %d",
948 rule->rr_subject_type);
949 }
950 }
951
952 if (resourcestr == NULL || resourcestr[0] == '\0')
953 rule->rr_resource = RACCT_UNDEFINED;
954 else {
955 error = str2value(resourcestr, &rule->rr_resource,
956 resourcenames);
957 if (error != 0)
958 goto out;
959 }
960
961 if (actionstr == NULL || actionstr[0] == '\0')
962 rule->rr_action = RCTL_ACTION_UNDEFINED;
963 else {
964 error = str2value(actionstr, &rule->rr_action, actionnames);
965 if (error != 0)
966 goto out;
967 }
968
969 if (amountstr == NULL || amountstr[0] == '\0')
970 rule->rr_amount = RCTL_AMOUNT_UNDEFINED;
971 else {
972 error = str2int64(amountstr, &rule->rr_amount);
973 if (error != 0)
974 goto out;
975 if (RACCT_IS_IN_MILLIONS(rule->rr_resource))
976 rule->rr_amount *= 1000000;
977 }
978
979 if (perstr == NULL || perstr[0] == '\0')
980 rule->rr_per = RCTL_SUBJECT_TYPE_UNDEFINED;
981 else {
982 error = str2value(perstr, &rule->rr_per, subjectnames);
983 if (error != 0)
984 goto out;
985 }
986
987 out:
988 if (error == 0)
989 *rulep = rule;
990 else
991 rctl_rule_release(rule);
992
993 return (error);
994 }
995
996 /*
997 * Link a rule with all the subjects it applies to.
998 */
999 int
1000 rctl_rule_add(struct rctl_rule *rule)
1001 {
1002 struct proc *p;
1003 struct ucred *cred;
1004 struct uidinfo *uip;
1005 struct prison *pr;
1006 struct prison_racct *prr;
1007 struct loginclass *lc;
1008 struct rctl_rule *rule2;
1009 int match;
1010
1011 KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified"));
1012
1013 /*
1014 * Some rules just don't make sense. Note that the one below
1015 * cannot be rewritten using RACCT_IS_DENIABLE(); the RACCT_PCTCPU,
1016 * for example, is not deniable in the racct sense, but the
1017 * limit is enforced in a different way, so "deny" rules for %CPU
1018 * do make sense.
1019 */
1020 if (rule->rr_action == RCTL_ACTION_DENY &&
1021 (rule->rr_resource == RACCT_CPU ||
1022 rule->rr_resource == RACCT_WALLCLOCK))
1023 return (EOPNOTSUPP);
1024
1025 if (rule->rr_per == RCTL_SUBJECT_TYPE_PROCESS &&
1026 RACCT_IS_SLOPPY(rule->rr_resource))
1027 return (EOPNOTSUPP);
1028
1029 /*
1030 * Make sure there are no duplicated rules. Also, for the "deny"
1031 * rules, remove ones differing only by "amount".
1032 */
1033 if (rule->rr_action == RCTL_ACTION_DENY) {
1034 rule2 = rctl_rule_duplicate(rule, M_WAITOK);
1035 rule2->rr_amount = RCTL_AMOUNT_UNDEFINED;
1036 rctl_rule_remove(rule2);
1037 rctl_rule_release(rule2);
1038 } else
1039 rctl_rule_remove(rule);
1040
1041 switch (rule->rr_subject_type) {
1042 case RCTL_SUBJECT_TYPE_PROCESS:
1043 p = rule->rr_subject.rs_proc;
1044 KASSERT(p != NULL, ("rctl_rule_add: NULL proc"));
1045
1046 rctl_racct_add_rule(p->p_racct, rule);
1047 /*
1048 * In case of per-process rule, we don't have anything more
1049 * to do.
1050 */
1051 return (0);
1052
1053 case RCTL_SUBJECT_TYPE_USER:
1054 uip = rule->rr_subject.rs_uip;
1055 KASSERT(uip != NULL, ("rctl_rule_add: NULL uip"));
1056 rctl_racct_add_rule(uip->ui_racct, rule);
1057 break;
1058
1059 case RCTL_SUBJECT_TYPE_LOGINCLASS:
1060 lc = rule->rr_subject.rs_loginclass;
1061 KASSERT(lc != NULL, ("rctl_rule_add: NULL loginclass"));
1062 rctl_racct_add_rule(lc->lc_racct, rule);
1063 break;
1064
1065 case RCTL_SUBJECT_TYPE_JAIL:
1066 prr = rule->rr_subject.rs_prison_racct;
1067 KASSERT(prr != NULL, ("rctl_rule_add: NULL pr"));
1068 rctl_racct_add_rule(prr->prr_racct, rule);
1069 break;
1070
1071 default:
1072 panic("rctl_rule_add: unknown subject type %d",
1073 rule->rr_subject_type);
1074 }
1075
1076 /*
1077 * Now go through all the processes and add the new rule to the ones
1078 * it applies to.
1079 */
1080 sx_assert(&allproc_lock, SA_LOCKED);
1081 FOREACH_PROC_IN_SYSTEM(p) {
1082 cred = p->p_ucred;
1083 switch (rule->rr_subject_type) {
1084 case RCTL_SUBJECT_TYPE_USER:
1085 if (cred->cr_uidinfo == rule->rr_subject.rs_uip ||
1086 cred->cr_ruidinfo == rule->rr_subject.rs_uip)
1087 break;
1088 continue;
1089 case RCTL_SUBJECT_TYPE_LOGINCLASS:
1090 if (cred->cr_loginclass == rule->rr_subject.rs_loginclass)
1091 break;
1092 continue;
1093 case RCTL_SUBJECT_TYPE_JAIL:
1094 match = 0;
1095 for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent) {
1096 if (pr->pr_prison_racct == rule->rr_subject.rs_prison_racct) {
1097 match = 1;
1098 break;
1099 }
1100 }
1101 if (match)
1102 break;
1103 continue;
1104 default:
1105 panic("rctl_rule_add: unknown subject type %d",
1106 rule->rr_subject_type);
1107 }
1108
1109 rctl_racct_add_rule(p->p_racct, rule);
1110 }
1111
1112 return (0);
1113 }
1114
1115 static void
1116 rctl_rule_remove_callback(struct racct *racct, void *arg2, void *arg3)
1117 {
1118 struct rctl_rule *filter = (struct rctl_rule *)arg2;
1119 int found = 0;
1120
1121 rw_wlock(&rctl_lock);
1122 found += rctl_racct_remove_rules(racct, filter);
1123 rw_wunlock(&rctl_lock);
1124
1125 *((int *)arg3) += found;
1126 }
1127
1128 /*
1129 * Remove all rules that match the filter.
1130 */
1131 int
1132 rctl_rule_remove(struct rctl_rule *filter)
1133 {
1134 int found = 0;
1135 struct proc *p;
1136
1137 if (filter->rr_subject_type == RCTL_SUBJECT_TYPE_PROCESS &&
1138 filter->rr_subject.rs_proc != NULL) {
1139 p = filter->rr_subject.rs_proc;
1140 rw_wlock(&rctl_lock);
1141 found = rctl_racct_remove_rules(p->p_racct, filter);
1142 rw_wunlock(&rctl_lock);
1143 if (found)
1144 return (0);
1145 return (ESRCH);
1146 }
1147
1148 loginclass_racct_foreach(rctl_rule_remove_callback, filter,
1149 (void *)&found);
1150 ui_racct_foreach(rctl_rule_remove_callback, filter,
1151 (void *)&found);
1152 prison_racct_foreach(rctl_rule_remove_callback, filter,
1153 (void *)&found);
1154
1155 sx_assert(&allproc_lock, SA_LOCKED);
1156 rw_wlock(&rctl_lock);
1157 FOREACH_PROC_IN_SYSTEM(p) {
1158 found += rctl_racct_remove_rules(p->p_racct, filter);
1159 }
1160 rw_wunlock(&rctl_lock);
1161
1162 if (found)
1163 return (0);
1164 return (ESRCH);
1165 }
1166
1167 /*
1168 * Appends a rule to the sbuf.
1169 */
1170 static void
1171 rctl_rule_to_sbuf(struct sbuf *sb, const struct rctl_rule *rule)
1172 {
1173 int64_t amount;
1174
1175 sbuf_printf(sb, "%s:", rctl_subject_type_name(rule->rr_subject_type));
1176
1177 switch (rule->rr_subject_type) {
1178 case RCTL_SUBJECT_TYPE_PROCESS:
1179 if (rule->rr_subject.rs_proc == NULL)
1180 sbuf_printf(sb, ":");
1181 else
1182 sbuf_printf(sb, "%d:",
1183 rule->rr_subject.rs_proc->p_pid);
1184 break;
1185 case RCTL_SUBJECT_TYPE_USER:
1186 if (rule->rr_subject.rs_uip == NULL)
1187 sbuf_printf(sb, ":");
1188 else
1189 sbuf_printf(sb, "%d:",
1190 rule->rr_subject.rs_uip->ui_uid);
1191 break;
1192 case RCTL_SUBJECT_TYPE_LOGINCLASS:
1193 if (rule->rr_subject.rs_loginclass == NULL)
1194 sbuf_printf(sb, ":");
1195 else
1196 sbuf_printf(sb, "%s:",
1197 rule->rr_subject.rs_loginclass->lc_name);
1198 break;
1199 case RCTL_SUBJECT_TYPE_JAIL:
1200 if (rule->rr_subject.rs_prison_racct == NULL)
1201 sbuf_printf(sb, ":");
1202 else
1203 sbuf_printf(sb, "%s:",
1204 rule->rr_subject.rs_prison_racct->prr_name);
1205 break;
1206 default:
1207 panic("rctl_rule_to_sbuf: unknown subject type %d",
1208 rule->rr_subject_type);
1209 }
1210
1211 amount = rule->rr_amount;
1212 if (amount != RCTL_AMOUNT_UNDEFINED &&
1213 RACCT_IS_IN_MILLIONS(rule->rr_resource))
1214 amount /= 1000000;
1215
1216 sbuf_printf(sb, "%s:%s=%jd",
1217 rctl_resource_name(rule->rr_resource),
1218 rctl_action_name(rule->rr_action),
1219 amount);
1220
1221 if (rule->rr_per != rule->rr_subject_type)
1222 sbuf_printf(sb, "/%s", rctl_subject_type_name(rule->rr_per));
1223 }
1224
1225 /*
1226 * Routine used by RCTL syscalls to read in input string.
1227 */
1228 static int
1229 rctl_read_inbuf(char **inputstr, const char *inbufp, size_t inbuflen)
1230 {
1231 int error;
1232 char *str;
1233
1234 if (inbuflen <= 0)
1235 return (EINVAL);
1236 if (inbuflen > RCTL_MAX_INBUFLEN)
1237 return (E2BIG);
1238
1239 str = malloc(inbuflen + 1, M_RCTL, M_WAITOK);
1240 error = copyinstr(inbufp, str, inbuflen, NULL);
1241 if (error != 0) {
1242 free(str, M_RCTL);
1243 return (error);
1244 }
1245
1246 *inputstr = str;
1247
1248 return (0);
1249 }
1250
1251 /*
1252 * Routine used by RCTL syscalls to write out output string.
1253 */
1254 static int
1255 rctl_write_outbuf(struct sbuf *outputsbuf, char *outbufp, size_t outbuflen)
1256 {
1257 int error;
1258
1259 if (outputsbuf == NULL)
1260 return (0);
1261
1262 sbuf_finish(outputsbuf);
1263 if (outbuflen < sbuf_len(outputsbuf) + 1) {
1264 sbuf_delete(outputsbuf);
1265 return (ERANGE);
1266 }
1267 error = copyout(sbuf_data(outputsbuf), outbufp,
1268 sbuf_len(outputsbuf) + 1);
1269 sbuf_delete(outputsbuf);
1270 return (error);
1271 }
1272
1273 static struct sbuf *
1274 rctl_racct_to_sbuf(struct racct *racct, int sloppy)
1275 {
1276 int i;
1277 int64_t amount;
1278 struct sbuf *sb;
1279
1280 sb = sbuf_new_auto();
1281 for (i = 0; i <= RACCT_MAX; i++) {
1282 if (sloppy == 0 && RACCT_IS_SLOPPY(i))
1283 continue;
1284 amount = racct->r_resources[i];
1285 if (RACCT_IS_IN_MILLIONS(i))
1286 amount /= 1000000;
1287 sbuf_printf(sb, "%s=%jd,", rctl_resource_name(i), amount);
1288 }
1289 sbuf_setpos(sb, sbuf_len(sb) - 1);
1290 return (sb);
1291 }
1292
1293 int
1294 sys_rctl_get_racct(struct thread *td, struct rctl_get_racct_args *uap)
1295 {
1296 int error;
1297 char *inputstr;
1298 struct rctl_rule *filter;
1299 struct sbuf *outputsbuf = NULL;
1300 struct proc *p;
1301 struct uidinfo *uip;
1302 struct loginclass *lc;
1303 struct prison_racct *prr;
1304
1305 error = priv_check(td, PRIV_RCTL_GET_RACCT);
1306 if (error != 0)
1307 return (error);
1308
1309 error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
1310 if (error != 0)
1311 return (error);
1312
1313 sx_slock(&allproc_lock);
1314 error = rctl_string_to_rule(inputstr, &filter);
1315 free(inputstr, M_RCTL);
1316 if (error != 0) {
1317 sx_sunlock(&allproc_lock);
1318 return (error);
1319 }
1320
1321 switch (filter->rr_subject_type) {
1322 case RCTL_SUBJECT_TYPE_PROCESS:
1323 p = filter->rr_subject.rs_proc;
1324 if (p == NULL) {
1325 error = EINVAL;
1326 goto out;
1327 }
1328 outputsbuf = rctl_racct_to_sbuf(p->p_racct, 0);
1329 break;
1330 case RCTL_SUBJECT_TYPE_USER:
1331 uip = filter->rr_subject.rs_uip;
1332 if (uip == NULL) {
1333 error = EINVAL;
1334 goto out;
1335 }
1336 outputsbuf = rctl_racct_to_sbuf(uip->ui_racct, 1);
1337 break;
1338 case RCTL_SUBJECT_TYPE_LOGINCLASS:
1339 lc = filter->rr_subject.rs_loginclass;
1340 if (lc == NULL) {
1341 error = EINVAL;
1342 goto out;
1343 }
1344 outputsbuf = rctl_racct_to_sbuf(lc->lc_racct, 1);
1345 break;
1346 case RCTL_SUBJECT_TYPE_JAIL:
1347 prr = filter->rr_subject.rs_prison_racct;
1348 if (prr == NULL) {
1349 error = EINVAL;
1350 goto out;
1351 }
1352 outputsbuf = rctl_racct_to_sbuf(prr->prr_racct, 1);
1353 break;
1354 default:
1355 error = EINVAL;
1356 }
1357 out:
1358 rctl_rule_release(filter);
1359 sx_sunlock(&allproc_lock);
1360 if (error != 0)
1361 return (error);
1362
1363 error = rctl_write_outbuf(outputsbuf, uap->outbufp, uap->outbuflen);
1364
1365 return (error);
1366 }
1367
1368 static void
1369 rctl_get_rules_callback(struct racct *racct, void *arg2, void *arg3)
1370 {
1371 struct rctl_rule *filter = (struct rctl_rule *)arg2;
1372 struct rctl_rule_link *link;
1373 struct sbuf *sb = (struct sbuf *)arg3;
1374
1375 rw_rlock(&rctl_lock);
1376 LIST_FOREACH(link, &racct->r_rule_links, rrl_next) {
1377 if (!rctl_rule_matches(link->rrl_rule, filter))
1378 continue;
1379 rctl_rule_to_sbuf(sb, link->rrl_rule);
1380 sbuf_printf(sb, ",");
1381 }
1382 rw_runlock(&rctl_lock);
1383 }
1384
1385 int
1386 sys_rctl_get_rules(struct thread *td, struct rctl_get_rules_args *uap)
1387 {
1388 int error;
1389 size_t bufsize = RCTL_DEFAULT_BUFSIZE;
1390 char *inputstr, *buf;
1391 struct sbuf *sb;
1392 struct rctl_rule *filter;
1393 struct rctl_rule_link *link;
1394 struct proc *p;
1395
1396 error = priv_check(td, PRIV_RCTL_GET_RULES);
1397 if (error != 0)
1398 return (error);
1399
1400 error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
1401 if (error != 0)
1402 return (error);
1403
1404 sx_slock(&allproc_lock);
1405 error = rctl_string_to_rule(inputstr, &filter);
1406 free(inputstr, M_RCTL);
1407 if (error != 0) {
1408 sx_sunlock(&allproc_lock);
1409 return (error);
1410 }
1411
1412 again:
1413 buf = malloc(bufsize, M_RCTL, M_WAITOK);
1414 sb = sbuf_new(NULL, buf, bufsize, SBUF_FIXEDLEN);
1415 KASSERT(sb != NULL, ("sbuf_new failed"));
1416
1417 sx_assert(&allproc_lock, SA_LOCKED);
1418 FOREACH_PROC_IN_SYSTEM(p) {
1419 rw_rlock(&rctl_lock);
1420 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
1421 /*
1422 * Non-process rules will be added to the buffer later.
1423 * Adding them here would result in duplicated output.
1424 */
1425 if (link->rrl_rule->rr_subject_type !=
1426 RCTL_SUBJECT_TYPE_PROCESS)
1427 continue;
1428 if (!rctl_rule_matches(link->rrl_rule, filter))
1429 continue;
1430 rctl_rule_to_sbuf(sb, link->rrl_rule);
1431 sbuf_printf(sb, ",");
1432 }
1433 rw_runlock(&rctl_lock);
1434 }
1435
1436 loginclass_racct_foreach(rctl_get_rules_callback, filter, sb);
1437 ui_racct_foreach(rctl_get_rules_callback, filter, sb);
1438 prison_racct_foreach(rctl_get_rules_callback, filter, sb);
1439 if (sbuf_error(sb) == ENOMEM) {
1440 sbuf_delete(sb);
1441 free(buf, M_RCTL);
1442 bufsize *= 4;
1443 goto again;
1444 }
1445
1446 /*
1447 * Remove trailing ",".
1448 */
1449 if (sbuf_len(sb) > 0)
1450 sbuf_setpos(sb, sbuf_len(sb) - 1);
1451
1452 error = rctl_write_outbuf(sb, uap->outbufp, uap->outbuflen);
1453
1454 rctl_rule_release(filter);
1455 sx_sunlock(&allproc_lock);
1456 free(buf, M_RCTL);
1457 return (error);
1458 }
1459
1460 int
1461 sys_rctl_get_limits(struct thread *td, struct rctl_get_limits_args *uap)
1462 {
1463 int error;
1464 size_t bufsize = RCTL_DEFAULT_BUFSIZE;
1465 char *inputstr, *buf;
1466 struct sbuf *sb;
1467 struct rctl_rule *filter;
1468 struct rctl_rule_link *link;
1469
1470 error = priv_check(td, PRIV_RCTL_GET_LIMITS);
1471 if (error != 0)
1472 return (error);
1473
1474 error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
1475 if (error != 0)
1476 return (error);
1477
1478 sx_slock(&allproc_lock);
1479 error = rctl_string_to_rule(inputstr, &filter);
1480 free(inputstr, M_RCTL);
1481 if (error != 0) {
1482 sx_sunlock(&allproc_lock);
1483 return (error);
1484 }
1485
1486 if (filter->rr_subject_type == RCTL_SUBJECT_TYPE_UNDEFINED) {
1487 rctl_rule_release(filter);
1488 sx_sunlock(&allproc_lock);
1489 return (EINVAL);
1490 }
1491 if (filter->rr_subject_type != RCTL_SUBJECT_TYPE_PROCESS) {
1492 rctl_rule_release(filter);
1493 sx_sunlock(&allproc_lock);
1494 return (EOPNOTSUPP);
1495 }
1496 if (filter->rr_subject.rs_proc == NULL) {
1497 rctl_rule_release(filter);
1498 sx_sunlock(&allproc_lock);
1499 return (EINVAL);
1500 }
1501
1502 again:
1503 buf = malloc(bufsize, M_RCTL, M_WAITOK);
1504 sb = sbuf_new(NULL, buf, bufsize, SBUF_FIXEDLEN);
1505 KASSERT(sb != NULL, ("sbuf_new failed"));
1506
1507 rw_rlock(&rctl_lock);
1508 LIST_FOREACH(link, &filter->rr_subject.rs_proc->p_racct->r_rule_links,
1509 rrl_next) {
1510 rctl_rule_to_sbuf(sb, link->rrl_rule);
1511 sbuf_printf(sb, ",");
1512 }
1513 rw_runlock(&rctl_lock);
1514 if (sbuf_error(sb) == ENOMEM) {
1515 sbuf_delete(sb);
1516 free(buf, M_RCTL);
1517 bufsize *= 4;
1518 goto again;
1519 }
1520
1521 /*
1522 * Remove trailing ",".
1523 */
1524 if (sbuf_len(sb) > 0)
1525 sbuf_setpos(sb, sbuf_len(sb) - 1);
1526
1527 error = rctl_write_outbuf(sb, uap->outbufp, uap->outbuflen);
1528 rctl_rule_release(filter);
1529 sx_sunlock(&allproc_lock);
1530 free(buf, M_RCTL);
1531 return (error);
1532 }
1533
1534 int
1535 sys_rctl_add_rule(struct thread *td, struct rctl_add_rule_args *uap)
1536 {
1537 int error;
1538 struct rctl_rule *rule;
1539 char *inputstr;
1540
1541 error = priv_check(td, PRIV_RCTL_ADD_RULE);
1542 if (error != 0)
1543 return (error);
1544
1545 error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
1546 if (error != 0)
1547 return (error);
1548
1549 sx_slock(&allproc_lock);
1550 error = rctl_string_to_rule(inputstr, &rule);
1551 free(inputstr, M_RCTL);
1552 if (error != 0) {
1553 sx_sunlock(&allproc_lock);
1554 return (error);
1555 }
1556 /*
1557 * The 'per' part of a rule is optional.
1558 */
1559 if (rule->rr_per == RCTL_SUBJECT_TYPE_UNDEFINED &&
1560 rule->rr_subject_type != RCTL_SUBJECT_TYPE_UNDEFINED)
1561 rule->rr_per = rule->rr_subject_type;
1562
1563 if (!rctl_rule_fully_specified(rule)) {
1564 error = EINVAL;
1565 goto out;
1566 }
1567
1568 error = rctl_rule_add(rule);
1569
1570 out:
1571 rctl_rule_release(rule);
1572 sx_sunlock(&allproc_lock);
1573 return (error);
1574 }
1575
1576 int
1577 sys_rctl_remove_rule(struct thread *td, struct rctl_remove_rule_args *uap)
1578 {
1579 int error;
1580 struct rctl_rule *filter;
1581 char *inputstr;
1582
1583 error = priv_check(td, PRIV_RCTL_REMOVE_RULE);
1584 if (error != 0)
1585 return (error);
1586
1587 error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen);
1588 if (error != 0)
1589 return (error);
1590
1591 sx_slock(&allproc_lock);
1592 error = rctl_string_to_rule(inputstr, &filter);
1593 free(inputstr, M_RCTL);
1594 if (error != 0) {
1595 sx_sunlock(&allproc_lock);
1596 return (error);
1597 }
1598
1599 error = rctl_rule_remove(filter);
1600 rctl_rule_release(filter);
1601 sx_sunlock(&allproc_lock);
1602
1603 return (error);
1604 }
1605
1606 /*
1607 * Update RCTL rule list after credential change.
1608 */
1609 void
1610 rctl_proc_ucred_changed(struct proc *p, struct ucred *newcred)
1611 {
1612 int rulecnt, i;
1613 struct rctl_rule_link *link, *newlink;
1614 struct uidinfo *newuip;
1615 struct loginclass *newlc;
1616 struct prison_racct *newprr;
1617 LIST_HEAD(, rctl_rule_link) newrules;
1618
1619 newuip = newcred->cr_ruidinfo;
1620 newlc = newcred->cr_loginclass;
1621 newprr = newcred->cr_prison->pr_prison_racct;
1622
1623 LIST_INIT(&newrules);
1624
1625 again:
1626 /*
1627 * First, count the rules that apply to the process with new
1628 * credentials.
1629 */
1630 rulecnt = 0;
1631 rw_rlock(&rctl_lock);
1632 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
1633 if (link->rrl_rule->rr_subject_type ==
1634 RCTL_SUBJECT_TYPE_PROCESS)
1635 rulecnt++;
1636 }
1637 LIST_FOREACH(link, &newuip->ui_racct->r_rule_links, rrl_next)
1638 rulecnt++;
1639 LIST_FOREACH(link, &newlc->lc_racct->r_rule_links, rrl_next)
1640 rulecnt++;
1641 LIST_FOREACH(link, &newprr->prr_racct->r_rule_links, rrl_next)
1642 rulecnt++;
1643 rw_runlock(&rctl_lock);
1644
1645 /*
1646 * Create temporary list. We've dropped the rctl_lock in order
1647 * to use M_WAITOK.
1648 */
1649 for (i = 0; i < rulecnt; i++) {
1650 newlink = uma_zalloc(rctl_rule_link_zone, M_WAITOK);
1651 newlink->rrl_rule = NULL;
1652 LIST_INSERT_HEAD(&newrules, newlink, rrl_next);
1653 }
1654
1655 newlink = LIST_FIRST(&newrules);
1656
1657 /*
1658 * Assign rules to the newly allocated list entries.
1659 */
1660 rw_wlock(&rctl_lock);
1661 LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) {
1662 if (link->rrl_rule->rr_subject_type ==
1663 RCTL_SUBJECT_TYPE_PROCESS) {
1664 if (newlink == NULL)
1665 goto goaround;
1666 rctl_rule_acquire(link->rrl_rule);
1667 newlink->rrl_rule = link->rrl_rule;
1668 newlink = LIST_NEXT(newlink, rrl_next);
1669 rulecnt--;
1670 }
1671 }
1672
1673 LIST_FOREACH(link, &newuip->ui_racct->r_rule_links, rrl_next) {
1674 if (newlink == NULL)
1675 goto goaround;
1676 rctl_rule_acquire(link->rrl_rule);
1677 newlink->rrl_rule = link->rrl_rule;
1678 newlink = LIST_NEXT(newlink, rrl_next);
1679 rulecnt--;
1680 }
1681
1682 LIST_FOREACH(link, &newlc->lc_racct->r_rule_links, rrl_next) {
1683 if (newlink == NULL)
1684 goto goaround;
1685 rctl_rule_acquire(link->rrl_rule);
1686 newlink->rrl_rule = link->rrl_rule;
1687 newlink = LIST_NEXT(newlink, rrl_next);
1688 rulecnt--;
1689 }
1690
1691 LIST_FOREACH(link, &newprr->prr_racct->r_rule_links, rrl_next) {
1692 if (newlink == NULL)
1693 goto goaround;
1694 rctl_rule_acquire(link->rrl_rule);
1695 newlink->rrl_rule = link->rrl_rule;
1696 newlink = LIST_NEXT(newlink, rrl_next);
1697 rulecnt--;
1698 }
1699
1700 if (rulecnt == 0) {
1701 /*
1702 * Free the old rule list.
1703 */
1704 while (!LIST_EMPTY(&p->p_racct->r_rule_links)) {
1705 link = LIST_FIRST(&p->p_racct->r_rule_links);
1706 LIST_REMOVE(link, rrl_next);
1707 rctl_rule_release(link->rrl_rule);
1708 uma_zfree(rctl_rule_link_zone, link);
1709 }
1710
1711 /*
1712 * Replace lists and we're done.
1713 *
1714 * XXX: Is there any way to switch list heads instead
1715 * of iterating here?
1716 */
1717 while (!LIST_EMPTY(&newrules)) {
1718 newlink = LIST_FIRST(&newrules);
1719 LIST_REMOVE(newlink, rrl_next);
1720 LIST_INSERT_HEAD(&p->p_racct->r_rule_links,
1721 newlink, rrl_next);
1722 }
1723
1724 rw_wunlock(&rctl_lock);
1725
1726 return;
1727 }
1728
1729 goaround:
1730 rw_wunlock(&rctl_lock);
1731
1732 /*
1733 * Rule list changed while we were not holding the rctl_lock.
1734 * Free the new list and try again.
1735 */
1736 while (!LIST_EMPTY(&newrules)) {
1737 newlink = LIST_FIRST(&newrules);
1738 LIST_REMOVE(newlink, rrl_next);
1739 if (newlink->rrl_rule != NULL)
1740 rctl_rule_release(newlink->rrl_rule);
1741 uma_zfree(rctl_rule_link_zone, newlink);
1742 }
1743
1744 goto again;
1745 }
1746
1747 /*
1748 * Assign RCTL rules to the newly created process.
1749 */
1750 int
1751 rctl_proc_fork(struct proc *parent, struct proc *child)
1752 {
1753 int error;
1754 struct rctl_rule_link *link;
1755 struct rctl_rule *rule;
1756
1757 LIST_INIT(&child->p_racct->r_rule_links);
1758
1759 KASSERT(parent->p_racct != NULL, ("process without racct; p = %p", parent));
1760
1761 rw_wlock(&rctl_lock);
1762
1763 /*
1764 * Go through limits applicable to the parent and assign them
1765 * to the child. Rules with 'process' subject have to be duplicated
1766 * in order to make their rr_subject point to the new process.
1767 */
1768 LIST_FOREACH(link, &parent->p_racct->r_rule_links, rrl_next) {
1769 if (link->rrl_rule->rr_subject_type ==
1770 RCTL_SUBJECT_TYPE_PROCESS) {
1771 rule = rctl_rule_duplicate(link->rrl_rule, M_NOWAIT);
1772 if (rule == NULL)
1773 goto fail;
1774 KASSERT(rule->rr_subject.rs_proc == parent,
1775 ("rule->rr_subject.rs_proc != parent"));
1776 rule->rr_subject.rs_proc = child;
1777 error = rctl_racct_add_rule_locked(child->p_racct,
1778 rule);
1779 rctl_rule_release(rule);
1780 if (error != 0)
1781 goto fail;
1782 } else {
1783 error = rctl_racct_add_rule_locked(child->p_racct,
1784 link->rrl_rule);
1785 if (error != 0)
1786 goto fail;
1787 }
1788 }
1789
1790 rw_wunlock(&rctl_lock);
1791 return (0);
1792
1793 fail:
1794 while (!LIST_EMPTY(&child->p_racct->r_rule_links)) {
1795 link = LIST_FIRST(&child->p_racct->r_rule_links);
1796 LIST_REMOVE(link, rrl_next);
1797 rctl_rule_release(link->rrl_rule);
1798 uma_zfree(rctl_rule_link_zone, link);
1799 }
1800 rw_wunlock(&rctl_lock);
1801 return (EAGAIN);
1802 }
1803
1804 /*
1805 * Release rules attached to the racct.
1806 */
1807 void
1808 rctl_racct_release(struct racct *racct)
1809 {
1810 struct rctl_rule_link *link;
1811
1812 rw_wlock(&rctl_lock);
1813 while (!LIST_EMPTY(&racct->r_rule_links)) {
1814 link = LIST_FIRST(&racct->r_rule_links);
1815 LIST_REMOVE(link, rrl_next);
1816 rctl_rule_release(link->rrl_rule);
1817 uma_zfree(rctl_rule_link_zone, link);
1818 }
1819 rw_wunlock(&rctl_lock);
1820 }
1821
1822 static void
1823 rctl_init(void)
1824 {
1825
1826 rctl_rule_link_zone = uma_zcreate("rctl_rule_link",
1827 sizeof(struct rctl_rule_link), NULL, NULL, NULL, NULL,
1828 UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
1829 rctl_rule_zone = uma_zcreate("rctl_rule", sizeof(struct rctl_rule),
1830 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
1831 }
1832
1833 #else /* !RCTL */
1834
1835 int
1836 sys_rctl_get_racct(struct thread *td, struct rctl_get_racct_args *uap)
1837 {
1838
1839 return (ENOSYS);
1840 }
1841
1842 int
1843 sys_rctl_get_rules(struct thread *td, struct rctl_get_rules_args *uap)
1844 {
1845
1846 return (ENOSYS);
1847 }
1848
1849 int
1850 sys_rctl_get_limits(struct thread *td, struct rctl_get_limits_args *uap)
1851 {
1852
1853 return (ENOSYS);
1854 }
1855
1856 int
1857 sys_rctl_add_rule(struct thread *td, struct rctl_add_rule_args *uap)
1858 {
1859
1860 return (ENOSYS);
1861 }
1862
1863 int
1864 sys_rctl_remove_rule(struct thread *td, struct rctl_remove_rule_args *uap)
1865 {
1866
1867 return (ENOSYS);
1868 }
1869
1870 #endif /* !RCTL */
Cache object: 50cc460fe2475c5f93d765ffb08e46bc
|