Print this page
3830 SIGQUEUE_MAX's limit of 32 is too low
Reviewed by: Cedric Blancher <cedric.blancher@gmail.com>
Reviewed by: John Kennedy <john.kennedy@delphix.com>
Reviewed by: Irek Szczesniak <iszczesniak@gmail.com>


   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 #pragma ident   "%Z%%M% %I%     %E% SMI"
  27 
  28 #include <sys/types.h>
  29 #include <sys/cmn_err.h>
  30 #include <sys/sysmacros.h>
  31 #include <sys/proc.h>
  32 #include <sys/rctl.h>
  33 #include <sys/rctl_impl.h>
  34 #include <sys/port_kernel.h>


  35 
  36 #include <sys/vmparam.h>
  37 #include <sys/machparam.h>
  38 
  39 /*
  40  * Process-based resource controls
  41  *   The structure of the kernel leaves us no particular place where the process
  42  *   abstraction can be declared--it is intertwined with the growth of the Unix
  43  *   kernel.  Accordingly, we place all of the resource control logic associated
  44  *   with processes, both existing and future, in this file.
  45  */
  46 
  47 rctl_hndl_t rctlproc_legacy[RLIM_NLIMITS];
  48 uint_t rctlproc_flags[RLIM_NLIMITS] = {
  49         RCTL_LOCAL_SIGNAL,                      /* RLIMIT_CPU   */
  50         RCTL_LOCAL_DENY | RCTL_LOCAL_SIGNAL,    /* RLIMIT_FSIZE */
  51         RCTL_LOCAL_DENY,                                /* RLIMIT_DATA  */
  52         RCTL_LOCAL_DENY,                                /* RLIMIT_STACK */
  53         RCTL_LOCAL_DENY,                                /* RLIMIT_CORE  */
  54         RCTL_LOCAL_DENY,                                /* RLIMIT_NOFILE */
  55         RCTL_LOCAL_DENY                         /* RLIMIT_VMEM  */
  56 };
  57 int rctlproc_signals[RLIM_NLIMITS] = {
  58         SIGXCPU,                                /* RLIMIT_CPU   */
  59         SIGXFSZ,                                /* RLIMIT_FSIZE */
  60         0, 0, 0, 0, 0                           /* remainder do not signal */
  61 };
  62 
  63 rctl_hndl_t rc_process_msgmnb;
  64 rctl_hndl_t rc_process_msgtql;
  65 rctl_hndl_t rc_process_semmsl;
  66 rctl_hndl_t rc_process_semopm;
  67 rctl_hndl_t rc_process_portev;

  68 
  69 /*
  70  * process.max-cpu-time / RLIMIT_CPU
  71  */
  72 /*ARGSUSED*/
  73 static int
  74 proc_cpu_time_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e,
  75     rctl_val_t *rval, rctl_qty_t inc, uint_t flags)
  76 {
  77         return (inc >= rval->rcv_value);
  78 }
  79 
  80 static rctl_ops_t proc_cpu_time_ops = {
  81         rcop_no_action,
  82         rcop_no_usage,
  83         rcop_no_set,
  84         proc_cpu_time_test
  85 };
  86 
  87 /*


 271         (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_NOFILE], initp, &rlp64,
 272             gp, RCTL_LOCAL_DENY, 0, kcred);
 273 
 274         /*
 275          * RLIMIT_VMEM
 276          */
 277         rlp64.rlim_cur = rlp64.rlim_max = RLIM64_INFINITY;
 278         (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_VMEM], initp, &rlp64, gp,
 279             RCTL_LOCAL_DENY, 0, kcred);
 280 }
 281 
 282 /*
 283  * void rctlproc_init()
 284  *
 285  * Overview
 286  *   Register the various resource controls associated with process entities.
 287  *   The historical rlim_infinity_map and rlim_infinity32_map are now encoded
 288  *   here as the native and ILP32 infinite values for each resource control.
 289  */
 290 void
 291 rctlproc_init()
 292 {
 293         rctl_set_t *set;
 294         rctl_alloc_gp_t *gp;
 295         rctl_entity_p_t e;
 296 
 297         rctlproc_legacy[RLIMIT_CPU] = rctl_register("process.max-cpu-time",
 298             RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_NEVER |
 299             RCTL_GLOBAL_CPU_TIME | RCTL_GLOBAL_INFINITE | RCTL_GLOBAL_SECONDS,
 300             UINT64_MAX, UINT64_MAX, &proc_cpu_time_ops);
 301         rctlproc_legacy[RLIMIT_FSIZE] = rctl_register("process.max-file-size",
 302             RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS |
 303             RCTL_GLOBAL_FILE_SIZE | RCTL_GLOBAL_BYTES,
 304             MAXOFFSET_T, MAXOFFSET_T, &proc_filesize_ops);
 305         rctlproc_legacy[RLIMIT_DATA] = rctl_register("process.max-data-size",
 306             RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS |
 307             RCTL_GLOBAL_SIGNAL_NEVER | RCTL_GLOBAL_BYTES,
 308             ULONG_MAX, UINT32_MAX, &rctl_default_ops);
 309 #ifdef _LP64
 310 #ifdef __sparc
 311         rctlproc_legacy[RLIMIT_STACK] = rctl_register("process.max-stack-size",


 352 
 353         rc_process_msgmnb = rctl_register("process.max-msg-qbytes",
 354             RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_BYTES,
 355             ULONG_MAX, ULONG_MAX, &rctl_absolute_ops);
 356         rctl_add_legacy_limit("process.max-msg-qbytes", "msgsys",
 357             "msginfo_msgmnb", 65536, ULONG_MAX);
 358 
 359         rc_process_msgtql = rctl_register("process.max-msg-messages",
 360             RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT,
 361             UINT_MAX, UINT_MAX, &rctl_absolute_ops);
 362         rctl_add_legacy_limit("process.max-msg-messages", "msgsys",
 363             "msginfo_msgtql", 8192, UINT_MAX);
 364 
 365         rc_process_portev = rctl_register("process.max-port-events",
 366             RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT,
 367             PORT_MAX_EVENTS, PORT_MAX_EVENTS, &rctl_absolute_ops);
 368         rctl_add_default_limit("process.max-port-events", PORT_DEFAULT_EVENTS,
 369             RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY);
 370 
 371         /*














 372          * Place minimal set of controls on "sched" process for inheritance by
 373          * processes created via newproc().
 374          */
 375         set = rctl_set_create();
 376         gp = rctl_set_init_prealloc(RCENTITY_PROCESS);
 377         mutex_enter(&curproc->p_lock);
 378         e.rcep_p.proc = curproc;
 379         e.rcep_t = RCENTITY_PROCESS;
 380         curproc->p_rctls = rctl_set_init(RCENTITY_PROCESS, curproc, &e,
 381             set, gp);
 382         mutex_exit(&curproc->p_lock);
 383         rctl_prealloc_destroy(gp);
 384 }


   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 


  26 #include <sys/types.h>
  27 #include <sys/cmn_err.h>
  28 #include <sys/sysmacros.h>
  29 #include <sys/proc.h>
  30 #include <sys/rctl.h>
  31 #include <sys/rctl_impl.h>
  32 #include <sys/port_kernel.h>
  33 #include <sys/signal.h>
  34 #include <sys/var.h>
  35 
  36 #include <sys/vmparam.h>
  37 #include <sys/machparam.h>
  38 
  39 /*
  40  * Process-based resource controls
  41  *   The structure of the kernel leaves us no particular place where the process
  42  *   abstraction can be declared--it is intertwined with the growth of the Unix
  43  *   kernel.  Accordingly, we place all of the resource control logic associated
  44  *   with processes, both existing and future, in this file.
  45  */
  46 
  47 rctl_hndl_t rctlproc_legacy[RLIM_NLIMITS];
  48 uint_t rctlproc_flags[RLIM_NLIMITS] = {
  49         RCTL_LOCAL_SIGNAL,                      /* RLIMIT_CPU   */
  50         RCTL_LOCAL_DENY | RCTL_LOCAL_SIGNAL,    /* RLIMIT_FSIZE */
  51         RCTL_LOCAL_DENY,                                /* RLIMIT_DATA  */
  52         RCTL_LOCAL_DENY,                                /* RLIMIT_STACK */
  53         RCTL_LOCAL_DENY,                                /* RLIMIT_CORE  */
  54         RCTL_LOCAL_DENY,                                /* RLIMIT_NOFILE */
  55         RCTL_LOCAL_DENY                         /* RLIMIT_VMEM  */
  56 };
  57 int rctlproc_signals[RLIM_NLIMITS] = {
  58         SIGXCPU,                                /* RLIMIT_CPU   */
  59         SIGXFSZ,                                /* RLIMIT_FSIZE */
  60         0, 0, 0, 0, 0                           /* remainder do not signal */
  61 };
  62 
  63 rctl_hndl_t rc_process_msgmnb;
  64 rctl_hndl_t rc_process_msgtql;
  65 rctl_hndl_t rc_process_semmsl;
  66 rctl_hndl_t rc_process_semopm;
  67 rctl_hndl_t rc_process_portev;
  68 rctl_hndl_t rc_process_sigqueue;
  69 
  70 /*
  71  * process.max-cpu-time / RLIMIT_CPU
  72  */
  73 /*ARGSUSED*/
  74 static int
  75 proc_cpu_time_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e,
  76     rctl_val_t *rval, rctl_qty_t inc, uint_t flags)
  77 {
  78         return (inc >= rval->rcv_value);
  79 }
  80 
  81 static rctl_ops_t proc_cpu_time_ops = {
  82         rcop_no_action,
  83         rcop_no_usage,
  84         rcop_no_set,
  85         proc_cpu_time_test
  86 };
  87 
  88 /*


 272         (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_NOFILE], initp, &rlp64,
 273             gp, RCTL_LOCAL_DENY, 0, kcred);
 274 
 275         /*
 276          * RLIMIT_VMEM
 277          */
 278         rlp64.rlim_cur = rlp64.rlim_max = RLIM64_INFINITY;
 279         (void) rctl_rlimit_set(rctlproc_legacy[RLIMIT_VMEM], initp, &rlp64, gp,
 280             RCTL_LOCAL_DENY, 0, kcred);
 281 }
 282 
 283 /*
 284  * void rctlproc_init()
 285  *
 286  * Overview
 287  *   Register the various resource controls associated with process entities.
 288  *   The historical rlim_infinity_map and rlim_infinity32_map are now encoded
 289  *   here as the native and ILP32 infinite values for each resource control.
 290  */
 291 void
 292 rctlproc_init(void)
 293 {
 294         rctl_set_t *set;
 295         rctl_alloc_gp_t *gp;
 296         rctl_entity_p_t e;
 297 
 298         rctlproc_legacy[RLIMIT_CPU] = rctl_register("process.max-cpu-time",
 299             RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_NEVER |
 300             RCTL_GLOBAL_CPU_TIME | RCTL_GLOBAL_INFINITE | RCTL_GLOBAL_SECONDS,
 301             UINT64_MAX, UINT64_MAX, &proc_cpu_time_ops);
 302         rctlproc_legacy[RLIMIT_FSIZE] = rctl_register("process.max-file-size",
 303             RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS |
 304             RCTL_GLOBAL_FILE_SIZE | RCTL_GLOBAL_BYTES,
 305             MAXOFFSET_T, MAXOFFSET_T, &proc_filesize_ops);
 306         rctlproc_legacy[RLIMIT_DATA] = rctl_register("process.max-data-size",
 307             RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS |
 308             RCTL_GLOBAL_SIGNAL_NEVER | RCTL_GLOBAL_BYTES,
 309             ULONG_MAX, UINT32_MAX, &rctl_default_ops);
 310 #ifdef _LP64
 311 #ifdef __sparc
 312         rctlproc_legacy[RLIMIT_STACK] = rctl_register("process.max-stack-size",


 353 
 354         rc_process_msgmnb = rctl_register("process.max-msg-qbytes",
 355             RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_BYTES,
 356             ULONG_MAX, ULONG_MAX, &rctl_absolute_ops);
 357         rctl_add_legacy_limit("process.max-msg-qbytes", "msgsys",
 358             "msginfo_msgmnb", 65536, ULONG_MAX);
 359 
 360         rc_process_msgtql = rctl_register("process.max-msg-messages",
 361             RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT,
 362             UINT_MAX, UINT_MAX, &rctl_absolute_ops);
 363         rctl_add_legacy_limit("process.max-msg-messages", "msgsys",
 364             "msginfo_msgtql", 8192, UINT_MAX);
 365 
 366         rc_process_portev = rctl_register("process.max-port-events",
 367             RCENTITY_PROCESS, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT,
 368             PORT_MAX_EVENTS, PORT_MAX_EVENTS, &rctl_absolute_ops);
 369         rctl_add_default_limit("process.max-port-events", PORT_DEFAULT_EVENTS,
 370             RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY);
 371 
 372         /*
 373          * We set the upper limit to the maximum number of processes per user
 374          * to make it theoretical possible to deliver all SIGCHILD signals on
 375          * child termination, but at least to 8k.
 376          */
 377         rc_process_sigqueue = rctl_register("process.max-sigqueue-size",
 378             RCENTITY_PROCESS, RCTL_GLOBAL_LOWERABLE | RCTL_GLOBAL_DENY_ALWAYS |
 379             RCTL_GLOBAL_COUNT, MAX(v.v_maxup, 8192), MAX(v.v_maxup, 8192),
 380             &rctl_absolute_ops);
 381         rctl_add_default_limit("process.max-sigqueue-size",
 382             _SIGQUEUE_SIZE_BASIC, RCPRIV_BASIC, RCTL_LOCAL_DENY);
 383         rctl_add_default_limit("process.max-sigqueue-size",
 384             _SIGQUEUE_SIZE_PRIVILEGED, RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY);
 385 
 386         /*
 387          * Place minimal set of controls on "sched" process for inheritance by
 388          * processes created via newproc().
 389          */
 390         set = rctl_set_create();
 391         gp = rctl_set_init_prealloc(RCENTITY_PROCESS);
 392         mutex_enter(&curproc->p_lock);
 393         e.rcep_p.proc = curproc;
 394         e.rcep_t = RCENTITY_PROCESS;
 395         curproc->p_rctls = rctl_set_init(RCENTITY_PROCESS, curproc, &e,
 396             set, gp);
 397         mutex_exit(&curproc->p_lock);
 398         rctl_prealloc_destroy(gp);
 399 }