Date: Sun, 11 Oct 2009 13:55:32 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 169392 for review Message-ID: <200910111355.n9BDtWYb031284@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=169392 Change 169392 by trasz@trasz_victim on 2009/10/11 13:55:02 Optimize things a little. Affected files ... .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#67 edit Differences ... ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#67 (text+ko) ==== @@ -1662,9 +1662,8 @@ } /* - * Called after credentials change, to adjust p_limits. - * - * XXX: What about jails? + * Called before credentials change, to adjust HRL data structures + * assigned to the process. */ void hrl_proc_ucred_changing(struct proc *p, struct ucred *newcred) @@ -1673,20 +1672,42 @@ struct hrl_limit *limit; struct uidinfo *olduip, *newuip; struct loginclass *oldlc, *newlc; + struct prison *oldpr, *newpr; PROC_LOCK_ASSERT(p, MA_OWNED); + newuip = newcred->cr_ruidinfo; + olduip = p->p_ucred->cr_ruidinfo; + newlc = newcred->cr_loginclass; + oldlc = p->p_ucred->cr_loginclass; + newpr = newcred->cr_prison; + oldpr = p->p_ucred->cr_prison; + mtx_lock(&hrl_lock); /* - * Remove rules for the old user credentials - per-user, per-group - * and per-loginclass. + * Remove rules that are no longer applicable with the new ucred. */ LIST_FOREACH(limit, &p->p_limits, hl_next) { - if (limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_USER && - limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_GROUP && - limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_LOGINCLASS) + switch (limit->hl_rule->hr_subject_type) { + case HRL_SUBJECT_TYPE_PROCESS: continue; + case HRL_SUBJECT_TYPE_USER: + if (newuip == olduip) + continue; + break; + case HRL_SUBJECT_TYPE_LOGINCLASS: + if (newlc == oldlc) + continue; + break; + case HRL_SUBJECT_TYPE_JAIL: + if (newpr == oldpr) + continue; + break; + default: + panic("hrl_proc_ucred_changing: unknown subject %d", + limit->hl_rule->hr_subject_type); + } LIST_REMOVE(limit, hl_next); hrl_rule_release(limit->hl_rule); @@ -1694,19 +1715,25 @@ } /* - * Now add rules for the current user credentials. + * Add rules for the new ucred. */ - LIST_FOREACH(limit, &newcred->cr_ruidinfo->ui_limits, hl_next) { - error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); - KASSERT(error == 0, ("XXX: better error handling needed")); + if (newuip != olduip) { + LIST_FOREACH(limit, &newuip->ui_limits, hl_next) { + error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); + KASSERT(error == 0, ("XXX: better error handling needed")); + } + } + if (newlc != oldlc) { + LIST_FOREACH(limit, &newlc->lc_limits, hl_next) { + error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); + KASSERT(error == 0, ("XXX: better error handling needed")); + } } - - /* - * Add rules for the current loginclass. - */ - LIST_FOREACH(limit, &newcred->cr_loginclass->lc_limits, hl_next) { - error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); - KASSERT(error == 0, ("XXX: better error handling needed")); + if (newpr != newpr) { + LIST_FOREACH(limit, &newpr->pr_limits, hl_next) { + error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); + KASSERT(error == 0, ("XXX: better error handling needed")); + } } mtx_unlock(&hrl_lock); @@ -1714,8 +1741,6 @@ /* * Fix up per-ruid resource consumption. */ - newuip = newcred->cr_ruidinfo; - olduip = p->p_ucred->cr_ruidinfo; if (newuip != olduip) { hrl_container_subtract(&olduip->ui_container, &p->p_container); hrl_container_add(&newuip->ui_container, &p->p_container); @@ -1724,12 +1749,14 @@ /* * Adjust loginclass resource usage information. */ - newlc = newcred->cr_loginclass; - oldlc = p->p_ucred->cr_loginclass; if (newlc != oldlc) { hrl_container_subtract(&oldlc->lc_container, &p->p_container); hrl_container_add(&newlc->lc_container, &p->p_container); } + + /* + * XXX: Jail resource consumption. + */ } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910111355.n9BDtWYb031284>