Date: Mon, 17 Jul 2006 05:18:28 GMT From: Chris Jones <cdjones@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 101734 for review Message-ID: <200607170518.k6H5ISkQ041475@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=101734 Change 101734 by cdjones@cdjones-impulse on 2006/07/17 05:18:07 Add functions (prison_memory, prison_memory_limit) to get the amount of memory in use or permitted to be used by a jail. Next step, inserting calls to check this. Obvious places are in fork() and friends, but probably it would be good to also check memory usage at request-more-memory time rather than just at new-process time. Thanks to Roberto Lima (betogigi@gmail.com) for sending me his patch for 4.x; this is similar, though not taken directly from it. Affected files ... .. //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#9 edit .. //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#10 edit Differences ... ==== //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#9 (text+ko) ==== @@ -22,6 +22,11 @@ #include <sys/mac.h> #include <sys/malloc.h> #include <sys/proc.h> +#include <vm/vm.h> +#include <vm/vm_extern.h> +#include <vm/vm_page.h> +#include <vm/vm_object.h> +#include <vm/vm_map.h> #include <sys/taskqueue.h> #include <sys/jail.h> #include <sys/lock.h> @@ -125,7 +130,7 @@ struct prison *pr, *tpr; struct jail j; struct jail_attach_args jaa; - struct proc *j_sched_proc; + struct proc *j_sched_proc = NULL; int vfslocked, error, tryprid; error = copyin(uap->jail, &j, sizeof(j)); @@ -426,6 +431,41 @@ return (ok); } +/* Given credential, return memory usage in bytes. */ +int +prison_memory(struct ucred *cred) +{ + struct proc *p; + u_int mem_used = 0; + + /* TODO: cut this to search only procs in given jail. */ + FOREACH_PROC_IN_SYSTEM(p) { + if (!jailed(p->p_ucred) || + (cred->cr_prison != p->p_ucred->cr_prison)) { + continue; + } + + /* Get memory usage (see vm/vm_map.h). */ + mem_used += (p->p_vmspace)->vm_tsize; /* text size (pages) */ + mem_used += (p->p_vmspace)->vm_dsize; /* data size (pages) */ + mem_used += (p->p_vmspace)->vm_ssize; /* stack size (pages) */ + } + + /* Convert to bytes, cache (maybe unncessary?). */ + mem_used *= PAGE_SIZE; + mtx_lock(&cred->cr_prison->pr_mtx); + cred->cr_prison->pr_mem_usage = mem_used; + mtx_unlock(&cred->cr_prison->pr_mtx); + return mem_used; +} + +/* Given credential, return permitted memory usage in bytes. */ +int +prison_memory_limit(struct ucred *cred) +{ + return cred->cr_prison->pr_mem_limit; +} + /* * Return 0 if jails permit p1 to frob p2, otherwise ESRCH. */ ==== //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#10 (text+ko) ==== @@ -133,6 +133,8 @@ void prison_hold(struct prison *pr); int prison_if(struct ucred *cred, struct sockaddr *sa); int prison_ip(struct ucred *cred, int flag, u_int32_t *ip); +int prison_memory(struct ucred *cred); +int prison_memory_limit(struct ucred *cred); void prison_remote_ip(struct ucred *cred, int flags, u_int32_t *ip); #endif /* _KERNEL */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607170518.k6H5ISkQ041475>