Date: Fri, 2 Oct 2009 22:30:28 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 169163 for review Message-ID: <200910022230.n92MUSw7091449@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=169163 Change 169163 by trasz@trasz_victim on 2009/10/02 22:29:27 Move loginclass pointer from process to ucred, where it should be in the first place. Affected files ... .. //depot/projects/soc2009/trasz_limits/TODO#12 edit .. //depot/projects/soc2009/trasz_limits/sys/kern/init_main.c#14 edit .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_exit.c#14 edit .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_fork.c#13 edit .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#62 edit .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_loginclass.c#13 edit .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_prot.c#23 edit .. //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#35 edit .. //depot/projects/soc2009/trasz_limits/sys/sys/proc.h#12 edit .. //depot/projects/soc2009/trasz_limits/sys/sys/ucred.h#9 edit Differences ... ==== //depot/projects/soc2009/trasz_limits/TODO#12 (text+ko) ==== @@ -1,6 +1,4 @@ - - Why did I put the loginclass pointer into the proc and not into the cred? - - Make the limits lists protected by the subjects lock (e.g. process lock) instead of hrl_lock. ==== //depot/projects/soc2009/trasz_limits/sys/kern/init_main.c#14 (text+ko) ==== @@ -470,6 +470,7 @@ p->p_ucred->cr_uidinfo = uifind(0); p->p_ucred->cr_ruidinfo = uifind(0); p->p_ucred->cr_prison = &prison0; + p->p_ucred->cr_loginclass = loginclass_find("default"); #ifdef AUDIT audit_cred_kproc0(p->p_ucred); #endif @@ -478,9 +479,6 @@ #endif td->td_ucred = crhold(p->p_ucred); - /* Set default login class. */ - p->p_loginclass = loginclass_find("default"); - /* Create sigacts. */ p->p_sigacts = sigacts_alloc(); ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_exit.c#14 (text+ko) ==== @@ -48,7 +48,6 @@ #include <sys/kernel.h> #include <sys/malloc.h> #include <sys/lock.h> -#include <sys/loginclass.h> #include <sys/mutex.h> #include <sys/proc.h> #include <sys/pioctl.h> @@ -771,7 +770,7 @@ hrl_proc_exiting(p); /* - * Free credentials, arguments, sigacts and loginclass. + * Free credentials, arguments and sigacts. */ crfree(p->p_ucred); p->p_ucred = NULL; @@ -779,8 +778,6 @@ p->p_args = NULL; sigacts_free(p->p_sigacts); p->p_sigacts = NULL; - loginclass_release(p->p_loginclass); - p->p_loginclass = NULL; /* * Do any thread-system specific cleanups. ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_fork.c#13 (text+ko) ==== @@ -52,7 +52,6 @@ #include <sys/kthread.h> #include <sys/sysctl.h> #include <sys/lock.h> -#include <sys/loginclass.h> #include <sys/malloc.h> #include <sys/mutex.h> #include <sys/priv.h> @@ -484,9 +483,6 @@ /* Tell the prison that we exist. */ prison_proc_hold(p2->p_ucred->cr_prison); - /* Loginclass might want to know too. */ - loginclass_acquire(p2->p_loginclass); - PROC_UNLOCK(p2); /* ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#62 (text+ko) ==== @@ -290,7 +290,7 @@ break; case HRL_SUBJECT_TYPE_LOGINCLASS: available = rule->hr_amount - - p->p_loginclass->lc_usage.hu_resources[resource]; + cred->cr_loginclass->lc_usage.hu_resources[resource]; available = INT64_MAX; /* XXX */ break; case HRL_SUBJECT_TYPE_JAIL: @@ -493,11 +493,11 @@ return (error); } p->p_usage.hu_resources[resource] += amount; - p->p_loginclass->lc_usage.hu_resources[resource] += amount; cred = p->p_ucred; cred->cr_ruidinfo->ui_usage.hu_resources[resource] += amount; for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent) pr->pr_usage.hu_resources[resource] += amount; + cred->cr_loginclass->lc_usage.hu_resources[resource] += amount; /* * XXX: Slow. */ @@ -557,11 +557,11 @@ } } p->p_usage.hu_resources[resource] = amount; - p->p_loginclass->lc_usage.hu_resources[resource] += diff; cred = p->p_ucred; cred->cr_ruidinfo->ui_usage.hu_resources[resource] += diff; for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent) pr->pr_usage.hu_resources[resource] += diff; + cred->cr_loginclass->lc_usage.hu_resources[resource] += diff; /* * XXX: Slow. */ @@ -612,11 +612,11 @@ "%ld for %s (pid %d)", amount, hrl_resource_name(resource), p->p_usage.hu_resources[resource], p->p_comm, p->p_pid)); p->p_usage.hu_resources[resource] -= amount; - p->p_loginclass->lc_usage.hu_resources[resource] -= amount; cred = p->p_ucred; cred->cr_ruidinfo->ui_usage.hu_resources[resource] -= amount; for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent) pr->pr_usage.hu_resources[resource] -= amount; + cred->cr_loginclass->lc_usage.hu_resources[resource] -= amount; /* * XXX: Slow. */ @@ -1235,7 +1235,7 @@ break; continue; case HRL_SUBJECT_TYPE_LOGINCLASS: - if (p->p_loginclass == rule->hr_subject.hs_loginclass) + if (cred->cr_loginclass == rule->hr_subject.hs_loginclass) break; continue; case HRL_SUBJECT_TYPE_JAIL: @@ -1727,54 +1727,8 @@ } /* - * Called just before loginclass change, to adjust p_limits and lc_usage. - */ -void -hrl_proc_loginclass_changing(struct proc *p, struct loginclass *newlc) -{ - int error; - struct hrl_limit *limit; - struct loginclass *lc = p->p_loginclass; - - PROC_LOCK_ASSERT(p, MA_OWNED); - - mtx_lock(&hrl_lock); - - /* - * Remove rules for the old loginclass. - */ - LIST_FOREACH(limit, &p->p_limits, hl_next) { - if (limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_LOGINCLASS) - continue; - - LIST_REMOVE(limit, hl_next); - hrl_rule_release(limit->hl_rule); - uma_zfree(hrl_limit_zone, limit); - } - - /* - * Now add rules for the current loginclass. - */ - LIST_FOREACH(limit, &newlc->lc_limits, hl_next) { - error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); - KASSERT(error == 0, ("XXX: better error handling needed")); - } - - mtx_unlock(&hrl_lock); - - /* - * Adjust loginclass resource usage information. - */ - hrl_usage_subtract(&lc->lc_usage, &p->p_usage); - hrl_usage_add(&newlc->lc_usage, &p->p_usage); -} - -/* * Called after credentials change, to adjust p_limits. * - * XXX: This should be merged with the routine above, after moving - * the loginclass pointer from 'struct proc' to 'struct ucred'. - * * XXX: What about jails? */ void @@ -1783,17 +1737,20 @@ int error, i; struct hrl_limit *limit; struct uidinfo *olduip, *newuip; + struct loginclass *oldlc, *newlc; PROC_LOCK_ASSERT(p, MA_OWNED); mtx_lock(&hrl_lock); /* - * Remove rules for the old user credentials. + * Remove rules for the old user credentials - per-user, per-group + * and per-loginclass. */ LIST_FOREACH(limit, &p->p_limits, hl_next) { if (limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_USER && - limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_GROUP) + limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_GROUP && + limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_LOGINCLASS) continue; LIST_REMOVE(limit, hl_next); @@ -1820,6 +1777,14 @@ } } + /* + * Add rules for the current loginclass. + */ + LIST_FOREACH(limit, &newcred->cr_loginclass->lc_limits, hl_next) { + error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); + KASSERT(error == 0, ("XXX: better error handling needed")); + } + mtx_unlock(&hrl_lock); /* @@ -1843,6 +1808,16 @@ hrl_usage_add( &newcred->cr_gidinfos[i]->gi_usage, &p->p_usage); } + + /* + * Adjust loginclass resource usage information. + */ + newlc = newcred->cr_loginclass; + oldlc = p->p_ucred->cr_loginclass; + if (newlc != oldlc) { + hrl_usage_subtract(&oldlc->lc_usage, &p->p_usage); + hrl_usage_add(&newlc->lc_usage, &p->p_usage); + } } /* ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_loginclass.c#13 (text+ko) ==== @@ -159,7 +159,7 @@ struct loginclass *lc; PROC_LOCK(p); - lc = p->p_loginclass; + lc = p->p_ucred->cr_loginclass; loginclass_acquire(lc); PROC_UNLOCK(p); @@ -187,7 +187,8 @@ struct proc *p = td->td_proc; int error; char lcname[MAXLOGNAME]; - struct loginclass *newlc, *oldlc; + struct loginclass *newlc; + struct ucred *newcred, *oldcred; error = priv_check(td, PRIV_PROC_SETLOGINCLASS); if (error) @@ -196,15 +197,18 @@ if (error == ENAMETOOLONG) return (EINVAL); + newcred = crget(); newlc = loginclass_find(lcname); PROC_LOCK(p); - hrl_proc_loginclass_changing(p, newlc); - oldlc = p->p_loginclass; - p->p_loginclass = newlc; + oldcred = crcopysafe(p, newcred); + newcred->cr_loginclass = newlc; + hrl_proc_ucred_changing(p, newcred); + p->p_ucred = newcred; PROC_UNLOCK(p); - loginclass_release(oldlc); + loginclass_release(oldcred->cr_loginclass); + crfree(oldcred); return (0); } ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_prot.c#23 (text+ko) ==== @@ -55,6 +55,7 @@ #include <sys/kdb.h> #include <sys/kernel.h> #include <sys/lock.h> +#include <sys/loginclass.h> #include <sys/malloc.h> #include <sys/mutex.h> #include <sys/refcount.h> @@ -1897,6 +1898,7 @@ */ if (cr->cr_prison != NULL) prison_free(cr->cr_prison); + loginclass_release(cr->cr_loginclass); #ifdef AUDIT audit_cred_destroy(cr); #endif @@ -1938,6 +1940,7 @@ gihold(dest->cr_gidinfos[i]); } prison_hold(dest->cr_prison); + loginclass_acquire(dest->cr_loginclass); #ifdef AUDIT audit_cred_copy(src, dest); #endif ==== //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#35 (text+ko) ==== @@ -154,7 +154,6 @@ void hrl_proc_exiting(struct proc *p); -void hrl_proc_loginclass_changing(struct proc *p, struct loginclass *newlc); void hrl_proc_ucred_changing(struct proc *p, struct ucred *newcred); struct hrl_rule *hrl_rule_alloc(int flags); ==== //depot/projects/soc2009/trasz_limits/sys/sys/proc.h#12 (text+ko) ==== @@ -171,7 +171,6 @@ struct kdtrace_proc; struct kdtrace_thread; struct cpuset; -struct loginclass; /* * Kernel runnable context (thread). @@ -529,7 +528,6 @@ rlim_t p_cpulimit; /* (c) Current CPU limit in seconds. */ signed char p_nice; /* (c) Process "nice" value. */ int p_fibnum; /* in this routing domain XXX MRT */ - struct loginclass *p_loginclass; /* (c) login class */ /* End area that is copied on creation. */ #define p_endcopy p_xstat ==== //depot/projects/soc2009/trasz_limits/sys/sys/ucred.h#9 (text+ko) ==== @@ -35,6 +35,8 @@ #include <bsm/audit.h> +struct loginclass; + /* * Credentials. * @@ -54,7 +56,7 @@ struct uidinfo *cr_uidinfo; /* per euid resource consumption */ struct uidinfo *cr_ruidinfo; /* per ruid resource consumption */ struct prison *cr_prison; /* jail(2) */ - void *cr_pspare; /* general use */ + struct loginclass *cr_loginclass; /* login class */ u_int cr_flags; /* credential flags */ void *cr_pspare2[2]; /* general use 2 */ #define cr_endcopy cr_label
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910022230.n92MUSw7091449>