6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #pragma ident "%Z%%M% %I% %E% SMI"
27
28 #include <sys/types.h>
29 #include <sys/cmn_err.h>
30 #include <sys/sysmacros.h>
31 #include <sys/proc.h>
32 #include <sys/rctl.h>
33 #include <sys/rctl_impl.h>
34 #include <sys/port_kernel.h>
35
36 #include <sys/vmparam.h>
37 #include <sys/machparam.h>
38
39 /*
40 * Process-based resource controls
41 * The structure of the kernel leaves us no particular place where the process
42 * abstraction can be declared--it is intertwined with the growth of the Unix
43 * kernel. Accordingly, we place all of the resource control logic associated
44 * with processes, both existing and future, in this file.
45 */
46
47 rctl_hndl_t rctlproc_legacy[RLIM_NLIMITS];
48 uint_t rctlproc_flags[RLIM_NLIMITS] = {
49 RCTL_LOCAL_SIGNAL, /* RLIMIT_CPU */
50 RCTL_LOCAL_DENY | RCTL_LOCAL_SIGNAL, /* RLIMIT_FSIZE */
51 RCTL_LOCAL_DENY, /* RLIMIT_DATA */
52 RCTL_LOCAL_DENY, /* RLIMIT_STACK */
53 RCTL_LOCAL_DENY, /* RLIMIT_CORE */
54 RCTL_LOCAL_DENY, /* RLIMIT_NOFILE */
55 RCTL_LOCAL_DENY /* RLIMIT_VMEM */
56 };
57 int rctlproc_signals[RLIM_NLIMITS] = {
58 SIGXCPU, /* RLIMIT_CPU */
59 SIGXFSZ, /* RLIMIT_FSIZE */
60 0, 0, 0, 0, 0 /* remainder do not signal */
61 };
62
63 rctl_hndl_t rc_process_msgmnb;
64 rctl_hndl_t rc_process_msgtql;
65 rctl_hndl_t rc_process_semmsl;
66 rctl_hndl_t rc_process_semopm;
67 rctl_hndl_t rc_process_portev;
68
69 /*
70 * process.max-cpu-time / RLIMIT_CPU
71 */
72 /*ARGSUSED*/
73 static int
74 proc_cpu_time_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e,
75 rctl_val_t *rval, rctl_qty_t inc, uint_t flags)
76 {
77 return (inc >= rval->rcv_value);
78 }
79
80 static rctl_ops_t proc_cpu_time_ops = {
81 rcop_no_action,
82 rcop_no_usage,
83 rcop_no_set,
84 proc_cpu_time_test
85 };
86
87 /*
271 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_NOFILE], initp, &rlp64,
272 gp, RCTL_LOCAL_DENY, 0, kcred);
273
274 /*
275 * RLIMIT_VMEM
276 */
277 rlp64.rlim_cur = rlp64.rlim_max = RLIM64_INFINITY;
278 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_VMEM], initp, &rlp64, gp,
279 RCTL_LOCAL_DENY, 0, kcred);
280 }
281
282 /*
283 * void rctlproc_init()
284 *
285 * Overview
286 * Register the various resource controls associated with process entities.
287 * The historical rlim_infinity_map and rlim_infinity32_map are now encoded
288 * here as the native and ILP32 infinite values for each resource control.
289 */
290 void
291 rctlproc_init()
292 {
293 rctl_set_t *set;
294 rctl_alloc_gp_t *gp;
295 rctl_entity_p_t e;
296
297 rctlproc_legacy[RLIMIT_CPU] = rctl_register("process.max-cpu-time",
298 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_NEVER |
299 RCTL_GLOBAL_CPU_TIME | RCTL_GLOBAL_INFINITE | RCTL_GLOBAL_SECONDS,
300 UINT64_MAX, UINT64_MAX, &proc_cpu_time_ops);
301 rctlproc_legacy[RLIMIT_FSIZE] = rctl_register("process.max-file-size",
302 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS |
303 RCTL_GLOBAL_FILE_SIZE | RCTL_GLOBAL_BYTES,
304 MAXOFFSET_T, MAXOFFSET_T, &proc_filesize_ops);
305 rctlproc_legacy[RLIMIT_DATA] = rctl_register("process.max-data-size",
306 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS |
307 RCTL_GLOBAL_SIGNAL_NEVER | RCTL_GLOBAL_BYTES,
308 ULONG_MAX, UINT32_MAX, &rctl_default_ops);
309 #ifdef _LP64
310 #ifdef __sparc
311 rctlproc_legacy[RLIMIT_STACK] = rctl_register("process.max-stack-size",
351 "seminfo_semopm", 512, INT_MAX);
352
353 rc_process_msgmnb = rctl_register("process.max-msg-qbytes",
354 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_BYTES,
355 ULONG_MAX, ULONG_MAX, &rctl_absolute_ops);
356 rctl_add_legacy_limit("process.max-msg-qbytes", "msgsys",
357 "msginfo_msgmnb", 65536, ULONG_MAX);
358
359 rc_process_msgtql = rctl_register("process.max-msg-messages",
360 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT,
361 UINT_MAX, UINT_MAX, &rctl_absolute_ops);
362 rctl_add_legacy_limit("process.max-msg-messages", "msgsys",
363 "msginfo_msgtql", 8192, UINT_MAX);
364
365 rc_process_portev = rctl_register("process.max-port-events",
366 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT,
367 PORT_MAX_EVENTS, PORT_MAX_EVENTS, &rctl_absolute_ops);
368 rctl_add_default_limit("process.max-port-events", PORT_DEFAULT_EVENTS,
369 RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY);
370
371 /*
372 * Place minimal set of controls on "sched" process for inheritance by
373 * processes created via newproc().
374 */
375 set = rctl_set_create();
376 gp = rctl_set_init_prealloc(RCENTITY_PROCESS);
377 mutex_enter(&curproc->p_lock);
378 e.rcep_p.proc = curproc;
379 e.rcep_t = RCENTITY_PROCESS;
380 curproc->p_rctls = rctl_set_init(RCENTITY_PROCESS, curproc, &e,
381 set, gp);
382 mutex_exit(&curproc->p_lock);
383 rctl_prealloc_destroy(gp);
384 }
|
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <sys/types.h>
27 #include <sys/cmn_err.h>
28 #include <sys/sysmacros.h>
29 #include <sys/proc.h>
30 #include <sys/rctl.h>
31 #include <sys/rctl_impl.h>
32 #include <sys/port_kernel.h>
33 #include <sys/signal.h>
34
35 #include <sys/vmparam.h>
36 #include <sys/machparam.h>
37
38 /*
39 * Process-based resource controls
40 * The structure of the kernel leaves us no particular place where the process
41 * abstraction can be declared--it is intertwined with the growth of the Unix
42 * kernel. Accordingly, we place all of the resource control logic associated
43 * with processes, both existing and future, in this file.
44 */
45
46 rctl_hndl_t rctlproc_legacy[RLIM_NLIMITS];
47 uint_t rctlproc_flags[RLIM_NLIMITS] = {
48 RCTL_LOCAL_SIGNAL, /* RLIMIT_CPU */
49 RCTL_LOCAL_DENY | RCTL_LOCAL_SIGNAL, /* RLIMIT_FSIZE */
50 RCTL_LOCAL_DENY, /* RLIMIT_DATA */
51 RCTL_LOCAL_DENY, /* RLIMIT_STACK */
52 RCTL_LOCAL_DENY, /* RLIMIT_CORE */
53 RCTL_LOCAL_DENY, /* RLIMIT_NOFILE */
54 RCTL_LOCAL_DENY /* RLIMIT_VMEM */
55 };
56 int rctlproc_signals[RLIM_NLIMITS] = {
57 SIGXCPU, /* RLIMIT_CPU */
58 SIGXFSZ, /* RLIMIT_FSIZE */
59 0, 0, 0, 0, 0 /* remainder do not signal */
60 };
61
62 rctl_hndl_t rc_process_msgmnb;
63 rctl_hndl_t rc_process_msgtql;
64 rctl_hndl_t rc_process_semmsl;
65 rctl_hndl_t rc_process_semopm;
66 rctl_hndl_t rc_process_portev;
67 rctl_hndl_t rc_process_sigqueue;
68
69 /*
70 * process.max-cpu-time / RLIMIT_CPU
71 */
72 /*ARGSUSED*/
73 static int
74 proc_cpu_time_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e,
75 rctl_val_t *rval, rctl_qty_t inc, uint_t flags)
76 {
77 return (inc >= rval->rcv_value);
78 }
79
80 static rctl_ops_t proc_cpu_time_ops = {
81 rcop_no_action,
82 rcop_no_usage,
83 rcop_no_set,
84 proc_cpu_time_test
85 };
86
87 /*
271 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_NOFILE], initp, &rlp64,
272 gp, RCTL_LOCAL_DENY, 0, kcred);
273
274 /*
275 * RLIMIT_VMEM
276 */
277 rlp64.rlim_cur = rlp64.rlim_max = RLIM64_INFINITY;
278 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_VMEM], initp, &rlp64, gp,
279 RCTL_LOCAL_DENY, 0, kcred);
280 }
281
282 /*
283 * void rctlproc_init()
284 *
285 * Overview
286 * Register the various resource controls associated with process entities.
287 * The historical rlim_infinity_map and rlim_infinity32_map are now encoded
288 * here as the native and ILP32 infinite values for each resource control.
289 */
290 void
291 rctlproc_init(void)
292 {
293 rctl_set_t *set;
294 rctl_alloc_gp_t *gp;
295 rctl_entity_p_t e;
296
297 rctlproc_legacy[RLIMIT_CPU] = rctl_register("process.max-cpu-time",
298 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_NEVER |
299 RCTL_GLOBAL_CPU_TIME | RCTL_GLOBAL_INFINITE | RCTL_GLOBAL_SECONDS,
300 UINT64_MAX, UINT64_MAX, &proc_cpu_time_ops);
301 rctlproc_legacy[RLIMIT_FSIZE] = rctl_register("process.max-file-size",
302 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS |
303 RCTL_GLOBAL_FILE_SIZE | RCTL_GLOBAL_BYTES,
304 MAXOFFSET_T, MAXOFFSET_T, &proc_filesize_ops);
305 rctlproc_legacy[RLIMIT_DATA] = rctl_register("process.max-data-size",
306 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS |
307 RCTL_GLOBAL_SIGNAL_NEVER | RCTL_GLOBAL_BYTES,
308 ULONG_MAX, UINT32_MAX, &rctl_default_ops);
309 #ifdef _LP64
310 #ifdef __sparc
311 rctlproc_legacy[RLIMIT_STACK] = rctl_register("process.max-stack-size",
351 "seminfo_semopm", 512, INT_MAX);
352
353 rc_process_msgmnb = rctl_register("process.max-msg-qbytes",
354 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_BYTES,
355 ULONG_MAX, ULONG_MAX, &rctl_absolute_ops);
356 rctl_add_legacy_limit("process.max-msg-qbytes", "msgsys",
357 "msginfo_msgmnb", 65536, ULONG_MAX);
358
359 rc_process_msgtql = rctl_register("process.max-msg-messages",
360 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT,
361 UINT_MAX, UINT_MAX, &rctl_absolute_ops);
362 rctl_add_legacy_limit("process.max-msg-messages", "msgsys",
363 "msginfo_msgtql", 8192, UINT_MAX);
364
365 rc_process_portev = rctl_register("process.max-port-events",
366 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT,
367 PORT_MAX_EVENTS, PORT_MAX_EVENTS, &rctl_absolute_ops);
368 rctl_add_default_limit("process.max-port-events", PORT_DEFAULT_EVENTS,
369 RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY);
370
371 rc_process_sigqueue = rctl_register("process.max-sigqueue-size",
372 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS |
373 RCTL_GLOBAL_COUNT, _SIGQSZ_MAX, _SIGQSZ_MAX, &rctl_absolute_ops);
374 rctl_add_default_limit("process.max-sigqueue-size", _SIGQSZ_DEFAULT,
375 RCPRIV_BASIC, RCTL_LOCAL_DENY);
376 rctl_add_default_limit("process.max-sigqueue-size", _SIGQSZ_PRIVILEGED,
377 RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY);
378
379 /*
380 * Place minimal set of controls on "sched" process for inheritance by
381 * processes created via newproc().
382 */
383 set = rctl_set_create();
384 gp = rctl_set_init_prealloc(RCENTITY_PROCESS);
385 mutex_enter(&curproc->p_lock);
386 e.rcep_p.proc = curproc;
387 e.rcep_t = RCENTITY_PROCESS;
388 curproc->p_rctls = rctl_set_init(RCENTITY_PROCESS, curproc, &e,
389 set, gp);
390 mutex_exit(&curproc->p_lock);
391 rctl_prealloc_destroy(gp);
392 }
|