1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/cmn_err.h> 28 #include <sys/sysmacros.h> 29 #include <sys/proc.h> 30 #include <sys/rctl.h> 31 #include <sys/rctl_impl.h> 32 #include <sys/port_kernel.h> 33 #include <sys/signal.h> 34 #include <sys/var.h> 35 36 #include <sys/vmparam.h> 37 #include <sys/machparam.h> 38 39 /* 40 * Process-based resource controls 41 * The structure of the kernel leaves us no particular place where the process 42 * abstraction can be declared--it is intertwined with the growth of the Unix 43 * kernel. Accordingly, we place all of the resource control logic associated 44 * with processes, both existing and future, in this file. 45 */ 46 47 rctl_hndl_t rctlproc_legacy[RLIM_NLIMITS]; 48 uint_t rctlproc_flags[RLIM_NLIMITS] = { 49 RCTL_LOCAL_SIGNAL, /* RLIMIT_CPU */ 50 RCTL_LOCAL_DENY | RCTL_LOCAL_SIGNAL, /* RLIMIT_FSIZE */ 51 RCTL_LOCAL_DENY, /* RLIMIT_DATA */ 52 RCTL_LOCAL_DENY, /* RLIMIT_STACK */ 53 RCTL_LOCAL_DENY, /* RLIMIT_CORE */ 54 RCTL_LOCAL_DENY, /* RLIMIT_NOFILE */ 55 RCTL_LOCAL_DENY /* RLIMIT_VMEM */ 56 }; 57 int rctlproc_signals[RLIM_NLIMITS] = { 58 SIGXCPU, /* RLIMIT_CPU */ 59 SIGXFSZ, /* RLIMIT_FSIZE */ 60 0, 0, 0, 0, 0 /* remainder do not signal */ 61 }; 62 63 rctl_hndl_t rc_process_msgmnb; 64 rctl_hndl_t rc_process_msgtql; 65 rctl_hndl_t rc_process_semmsl; 66 rctl_hndl_t rc_process_semopm; 67 rctl_hndl_t rc_process_portev; 68 rctl_hndl_t rc_process_sigqueue; 69 70 /* 71 * process.max-cpu-time / RLIMIT_CPU 72 */ 73 /*ARGSUSED*/ 74 static int 75 proc_cpu_time_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e, 76 rctl_val_t *rval, rctl_qty_t inc, uint_t flags) 77 { 78 return (inc >= rval->rcv_value); 79 } 80 81 static rctl_ops_t proc_cpu_time_ops = { 82 rcop_no_action, 83 rcop_no_usage, 84 rcop_no_set, 85 proc_cpu_time_test 86 }; 87 88 /* 89 * process.max-file-size / RLIMIT_FSIZE 90 */ 91 static int 92 proc_filesize_set(rctl_t *rctl, struct proc *p, rctl_entity_p_t *e, 93 rctl_qty_t nv) 94 { 95 if (p->p_model == DATAMODEL_NATIVE) 96 nv = MIN(nv, rctl->rc_dict_entry->rcd_max_native); 97 else 98 nv = MIN(nv, rctl->rc_dict_entry->rcd_max_ilp32); 99 100 ASSERT(e->rcep_t == RCENTITY_PROCESS); 101 e->rcep_p.proc->p_fsz_ctl = nv; 102 103 return (0); 104 } 105 106 static rctl_ops_t proc_filesize_ops = { 107 rcop_no_action, 108 rcop_no_usage, 109 proc_filesize_set, 110 rcop_no_test 111 }; 112 113 /* 114 * process.max-data / RLIMIT_DATA 115 */ 116 117 /* 118 * process.max-stack-size / RLIMIT_STACK 119 */ 120 static int 121 proc_stack_set(rctl_t *rctl, struct proc *p, rctl_entity_p_t *e, 122 rctl_qty_t nv) 123 { 124 klwp_t *lwp = ttolwp(curthread); 125 126 if (p->p_model == DATAMODEL_NATIVE) 127 nv = MIN(nv, rctl->rc_dict_entry->rcd_max_native); 128 else 129 nv = MIN(nv, rctl->rc_dict_entry->rcd_max_ilp32); 130 131 /* 132 * In the process of changing the rlimit, this function actually 133 * gets called a number of times. We only want to save the current 134 * rlimit the first time we come through here. In post_syscall(), 135 * we copyin() the lwp's ustack, and compare it to the rlimit we 136 * save here; if the two match, we adjust the ustack to reflect 137 * the new stack bounds. 138 * 139 * We check to make sure that we're changing the rlimit of our 140 * own process rather than on behalf of some other process. The 141 * notion of changing this resource limit on behalf of another 142 * process is problematic at best, and changing the amount of stack 143 * space a process is allowed to consume is a rather antiquated 144 * notion that has limited applicability in our multithreaded 145 * process model. 146 */ 147 ASSERT(e->rcep_t == RCENTITY_PROCESS); 148 if (lwp != NULL && lwp->lwp_procp == e->rcep_p.proc && 149 lwp->lwp_ustack && lwp->lwp_old_stk_ctl == 0) { 150 lwp->lwp_old_stk_ctl = (size_t)e->rcep_p.proc->p_stk_ctl; 151 curthread->t_post_sys = 1; 152 } 153 154 e->rcep_p.proc->p_stk_ctl = nv; 155 156 return (0); 157 } 158 159 static rctl_ops_t proc_stack_ops = { 160 rcop_no_action, 161 rcop_no_usage, 162 proc_stack_set, 163 rcop_no_test 164 }; 165 166 /* 167 * process.max-file-descriptors / RLIMIT_NOFILE 168 */ 169 static int 170 proc_nofile_set(rctl_t *rctl, struct proc *p, rctl_entity_p_t *e, rctl_qty_t nv) 171 { 172 ASSERT(e->rcep_t == RCENTITY_PROCESS); 173 if (p->p_model == DATAMODEL_NATIVE) 174 nv = MIN(nv, rctl->rc_dict_entry->rcd_max_native); 175 else 176 nv = MIN(nv, rctl->rc_dict_entry->rcd_max_ilp32); 177 178 e->rcep_p.proc->p_fno_ctl = nv; 179 180 return (0); 181 } 182 183 static rctl_ops_t proc_nofile_ops = { 184 rcop_no_action, 185 rcop_no_usage, 186 proc_nofile_set, 187 rcop_absolute_test 188 }; 189 190 /* 191 * process.max-address-space / RLIMIT_VMEM 192 */ 193 static int 194 proc_vmem_set(rctl_t *rctl, struct proc *p, rctl_entity_p_t *e, rctl_qty_t nv) 195 { 196 ASSERT(e->rcep_t == RCENTITY_PROCESS); 197 if (p->p_model == DATAMODEL_ILP32) 198 nv = MIN(nv, rctl->rc_dict_entry->rcd_max_ilp32); 199 else 200 nv = MIN(nv, rctl->rc_dict_entry->rcd_max_native); 201 202 e->rcep_p.proc->p_vmem_ctl = nv; 203 204 return (0); 205 } 206 207 static rctl_ops_t proc_vmem_ops = { 208 rcop_no_action, 209 rcop_no_usage, 210 proc_vmem_set, 211 rcop_no_test 212 }; 213 214 /* 215 * void rctlproc_default_init() 216 * 217 * Overview 218 * Establish default basic and privileged control values on the init process. 219 * These correspond to the soft and hard limits, respectively. 220 */ 221 void 222 rctlproc_default_init(struct proc *initp, rctl_alloc_gp_t *gp) 223 { 224 struct rlimit64 rlp64; 225 226 /* 227 * RLIMIT_CPU: deny never, sigtoproc(pp, NULL, SIGXCPU). 228 */ 229 rlp64.rlim_cur = rlp64.rlim_max = RLIM64_INFINITY; 230 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_CPU], initp, &rlp64, gp, 231 RCTL_LOCAL_SIGNAL, SIGXCPU, kcred); 232 233 /* 234 * RLIMIT_FSIZE: deny always, sigtoproc(pp, NULL, SIGXFSZ). 235 */ 236 rlp64.rlim_cur = rlp64.rlim_max = RLIM64_INFINITY; 237 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_FSIZE], initp, &rlp64, gp, 238 RCTL_LOCAL_SIGNAL | RCTL_LOCAL_DENY, SIGXFSZ, kcred); 239 240 /* 241 * RLIMIT_DATA: deny always, no default action. 242 */ 243 rlp64.rlim_cur = rlp64.rlim_max = RLIM64_INFINITY; 244 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_DATA], initp, &rlp64, gp, 245 RCTL_LOCAL_DENY, 0, kcred); 246 247 /* 248 * RLIMIT_STACK: deny always, no default action. 249 */ 250 #ifdef __sparc 251 rlp64.rlim_cur = DFLSSIZ; 252 rlp64.rlim_max = LONG_MAX; 253 #else 254 rlp64.rlim_cur = DFLSSIZ; 255 rlp64.rlim_max = MAXSSIZ; 256 #endif 257 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_STACK], initp, &rlp64, gp, 258 RCTL_LOCAL_DENY, 0, kcred); 259 260 /* 261 * RLIMIT_CORE: deny always, no default action. 262 */ 263 rlp64.rlim_cur = rlp64.rlim_max = RLIM64_INFINITY; 264 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_CORE], initp, &rlp64, gp, 265 RCTL_LOCAL_DENY, 0, kcred); 266 267 /* 268 * RLIMIT_NOFILE: deny always, no action. 269 */ 270 rlp64.rlim_cur = rlim_fd_cur; 271 rlp64.rlim_max = rlim_fd_max; 272 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_NOFILE], initp, &rlp64, 273 gp, RCTL_LOCAL_DENY, 0, kcred); 274 275 /* 276 * RLIMIT_VMEM 277 */ 278 rlp64.rlim_cur = rlp64.rlim_max = RLIM64_INFINITY; 279 (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_VMEM], initp, &rlp64, gp, 280 RCTL_LOCAL_DENY, 0, kcred); 281 } 282 283 /* 284 * void rctlproc_init() 285 * 286 * Overview 287 * Register the various resource controls associated with process entities. 288 * The historical rlim_infinity_map and rlim_infinity32_map are now encoded 289 * here as the native and ILP32 infinite values for each resource control. 290 */ 291 void 292 rctlproc_init(void) 293 { 294 rctl_set_t *set; 295 rctl_alloc_gp_t *gp; 296 rctl_entity_p_t e; 297 298 rctlproc_legacy[RLIMIT_CPU] = rctl_register("process.max-cpu-time", 299 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_NEVER | 300 RCTL_GLOBAL_CPU_TIME | RCTL_GLOBAL_INFINITE | RCTL_GLOBAL_SECONDS, 301 UINT64_MAX, UINT64_MAX, &proc_cpu_time_ops); 302 rctlproc_legacy[RLIMIT_FSIZE] = rctl_register("process.max-file-size", 303 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS | 304 RCTL_GLOBAL_FILE_SIZE | RCTL_GLOBAL_BYTES, 305 MAXOFFSET_T, MAXOFFSET_T, &proc_filesize_ops); 306 rctlproc_legacy[RLIMIT_DATA] = rctl_register("process.max-data-size", 307 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS | 308 RCTL_GLOBAL_SIGNAL_NEVER | RCTL_GLOBAL_BYTES, 309 ULONG_MAX, UINT32_MAX, &rctl_default_ops); 310 #ifdef _LP64 311 #ifdef __sparc 312 rctlproc_legacy[RLIMIT_STACK] = rctl_register("process.max-stack-size", 313 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS | 314 RCTL_GLOBAL_SIGNAL_NEVER | RCTL_GLOBAL_BYTES, 315 LONG_MAX, INT32_MAX, &proc_stack_ops); 316 #else /* __sparc */ 317 rctlproc_legacy[RLIMIT_STACK] = rctl_register("process.max-stack-size", 318 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS | 319 RCTL_GLOBAL_SIGNAL_NEVER | RCTL_GLOBAL_BYTES, 320 MAXSSIZ, USRSTACK32 - PAGESIZE, &proc_stack_ops); 321 #endif /* __sparc */ 322 #else /* _LP64 */ 323 rctlproc_legacy[RLIMIT_STACK] = rctl_register("process.max-stack-size", 324 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS | 325 RCTL_GLOBAL_SIGNAL_NEVER | RCTL_GLOBAL_BYTES, 326 USRSTACK - PAGESIZE, USRSTACK - PAGESIZE, &proc_stack_ops); 327 #endif 328 rctlproc_legacy[RLIMIT_CORE] = rctl_register("process.max-core-size", 329 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS | 330 RCTL_GLOBAL_SIGNAL_NEVER | RCTL_GLOBAL_BYTES, 331 MIN(MAXOFFSET_T, ULONG_MAX), UINT32_MAX, &rctl_default_ops); 332 rctlproc_legacy[RLIMIT_NOFILE] = rctl_register( 333 "process.max-file-descriptor", RCENTITY_PROCESS, 334 RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS | 335 RCTL_GLOBAL_COUNT, INT32_MAX, INT32_MAX, &proc_nofile_ops); 336 rctlproc_legacy[RLIMIT_VMEM] = 337 rctl_register("process.max-address-space", RCENTITY_PROCESS, 338 RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS | 339 RCTL_GLOBAL_SIGNAL_NEVER | RCTL_GLOBAL_BYTES, 340 ULONG_MAX, UINT32_MAX, &proc_vmem_ops); 341 342 rc_process_semmsl = rctl_register("process.max-sem-nsems", 343 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT, 344 SHRT_MAX, SHRT_MAX, &rctl_absolute_ops); 345 rctl_add_legacy_limit("process.max-sem-nsems", "semsys", 346 "seminfo_semmsl", 512, SHRT_MAX); 347 348 rc_process_semopm = rctl_register("process.max-sem-ops", 349 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT, 350 INT_MAX, INT_MAX, &rctl_absolute_ops); 351 rctl_add_legacy_limit("process.max-sem-ops", "semsys", 352 "seminfo_semopm", 512, INT_MAX); 353 354 rc_process_msgmnb = rctl_register("process.max-msg-qbytes", 355 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_BYTES, 356 ULONG_MAX, ULONG_MAX, &rctl_absolute_ops); 357 rctl_add_legacy_limit("process.max-msg-qbytes", "msgsys", 358 "msginfo_msgmnb", 65536, ULONG_MAX); 359 360 rc_process_msgtql = rctl_register("process.max-msg-messages", 361 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT, 362 UINT_MAX, UINT_MAX, &rctl_absolute_ops); 363 rctl_add_legacy_limit("process.max-msg-messages", "msgsys", 364 "msginfo_msgtql", 8192, UINT_MAX); 365 366 rc_process_portev = rctl_register("process.max-port-events", 367 RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT, 368 PORT_MAX_EVENTS, PORT_MAX_EVENTS, &rctl_absolute_ops); 369 rctl_add_default_limit("process.max-port-events", PORT_DEFAULT_EVENTS, 370 RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY); 371 372 /* 373 * We set the upper limit to the maximum number of processes per user 374 * to make it theoretical possible to deliver all SIGCHILD signals on 375 * child termination, but at least to 8k. 376 */ 377 rc_process_sigqueue = rctl_register("process.max-sigqueue-size", 378 RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS | 379 RCTL_GLOBAL_COUNT, MAX(v.v_maxup, 8192), MAX(v.v_maxup, 8192), 380 &rctl_absolute_ops); 381 rctl_add_default_limit("process.max-sigqueue-size", 382 _SIGQUEUE_SIZE_BASIC, RCPRIV_BASIC, RCTL_LOCAL_DENY); 383 rctl_add_default_limit("process.max-sigqueue-size", 384 _SIGQUEUE_SIZE_PRIVILEGED, RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY); 385 386 /* 387 * Place minimal set of controls on "sched" process for inheritance by 388 * processes created via newproc(). 389 */ 390 set = rctl_set_create(); 391 gp = rctl_set_init_prealloc(RCENTITY_PROCESS); 392 mutex_enter(&curproc->p_lock); 393 e.rcep_p.proc = curproc; 394 e.rcep_t = RCENTITY_PROCESS; 395 curproc->p_rctls = rctl_set_init(RCENTITY_PROCESS, curproc, &e, 396 set, gp); 397 mutex_exit(&curproc->p_lock); 398 rctl_prealloc_destroy(gp); 399 }