Date: Mon, 15 Feb 2010 17:04:39 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 174724 for review Message-ID: <201002151704.o1FH4dAr057327@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/chv.cgi?CH=174724 Change 174724 by trasz@trasz_victim on 2010/02/15 17:04:00 Little renaming. Affected files ... .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#73 edit .. //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#42 edit Differences ... ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#73 (text+ko) ==== @@ -60,13 +60,13 @@ #define HRL_LOG_BUFSIZE 128 /* - * 'hrl_limit' connects a rule with every container it's related to. + * 'hrl_rule_link' connects a rule with every container it's related to. * For example, rule 'user:X:openfiles:deny=N/process' is linked * with uidinfo for user X, and to each process of that user. */ -struct hrl_limit { - LIST_ENTRY(hrl_limit) hl_next; - struct hrl_rule *hl_rule; +struct hrl_rule_link { + LIST_ENTRY(hrl_rule_link) hrl_next; + struct hrl_rule *hrl_rule; }; struct dict { @@ -114,7 +114,7 @@ static void hrl_init(void); SYSINIT(hrl, SI_SUB_CPU, SI_ORDER_FIRST, hrl_init, NULL); -static uma_zone_t hrl_limit_zone; +static uma_zone_t hrl_rule_link_zone; static uma_zone_t hrl_rule_zone; static struct mtx hrl_lock; @@ -273,7 +273,7 @@ { int64_t available[HRL_RESOURCE_MAX]; struct hrl_rule *rule; - struct hrl_limit *limit; + struct hrl_rule_link *link; struct sbuf sb; int should_deny = 0; char *buf; @@ -300,10 +300,10 @@ /* * XXX: We should sort the rules somewhat, so that 'log' and 'sig' * rules come before before 'deny', to spare iterations over - * the p_container.hc_limits. + * the p_container.hc_rule_links. */ - LIST_FOREACH(limit, &p->p_container.hc_limits, hl_next) { - rule = limit->hl_rule; + LIST_FOREACH(link, &p->p_container.hc_rule_links, hrl_next) { + rule = link->hrl_rule; if (rule->hr_resource != resource) continue; if (!hrl_would_exceed(p, rule, amount)) @@ -372,7 +372,7 @@ { int i, resource; int64_t available; - struct hrl_limit *limit; + struct hrl_rule_link *link; struct hrl_rule *rule; mtx_assert(&hrl_lock, MA_OWNED); @@ -380,8 +380,8 @@ for (i = 0; i <= HRL_RESOURCE_MAX; i++) (*availablep)[i] = INT64_MAX; - LIST_FOREACH(limit, &p->p_container.hc_limits, hl_next) { - rule = limit->hl_rule; + LIST_FOREACH(link, &p->p_container.hc_rule_links, hrl_next) { + rule = link->hrl_rule; resource = rule->hr_resource; available = hrl_available_resource(p, rule); if (available < 0) { @@ -783,34 +783,34 @@ static void hrl_container_add_rule(struct hrl_container *container, struct hrl_rule *rule) { - struct hrl_limit *limit; + struct hrl_rule_link *link; KASSERT(hrl_rule_fully_specified(rule), ("rule not fully specified")); hrl_rule_acquire(rule); - limit = uma_zalloc(hrl_limit_zone, M_WAITOK); - limit->hl_rule = rule; + link = uma_zalloc(hrl_rule_link_zone, M_WAITOK); + link->hrl_rule = rule; mtx_lock(&hrl_lock); - LIST_INSERT_HEAD(&container->hc_limits, limit, hl_next); + LIST_INSERT_HEAD(&container->hc_rule_links, link, hrl_next); mtx_unlock(&hrl_lock); } static int hrl_container_add_rule_locked(struct hrl_container *container, struct hrl_rule *rule) { - struct hrl_limit *limit; + struct hrl_rule_link *link; KASSERT(hrl_rule_fully_specified(rule), ("rule not fully specified")); mtx_assert(&hrl_lock, MA_OWNED); - limit = uma_zalloc(hrl_limit_zone, M_NOWAIT); - if (limit == NULL) + link = uma_zalloc(hrl_rule_link_zone, M_NOWAIT); + if (link == NULL) return (ENOMEM); hrl_rule_acquire(rule); - limit->hl_rule = rule; + link->hrl_rule = rule; - LIST_INSERT_HEAD(&container->hc_limits, limit, hl_next); + LIST_INSERT_HEAD(&container->hc_rule_links, link, hrl_next); return (0); } @@ -824,16 +824,16 @@ const struct hrl_rule *filter) { int removed = 0; - struct hrl_limit *limit, *limittmp; + struct hrl_rule_link *link, *linktmp; mtx_lock(&hrl_lock); - LIST_FOREACH_SAFE(limit, &container->hc_limits, hl_next, limittmp) { - if (!hrl_rule_matches(limit->hl_rule, filter)) + LIST_FOREACH_SAFE(link, &container->hc_rule_links, hrl_next, linktmp) { + if (!hrl_rule_matches(link->hrl_rule, filter)) continue; - LIST_REMOVE(limit, hl_next); - hrl_rule_release(limit->hl_rule); - uma_zfree(hrl_limit_zone, limit); + LIST_REMOVE(link, hrl_next); + hrl_rule_release(link->hrl_rule); + uma_zfree(hrl_rule_link_zone, link); removed++; } mtx_unlock(&hrl_lock); @@ -1489,15 +1489,15 @@ hrl_get_rules_callback(struct hrl_container *container, const struct hrl_rule *filter, void *arg3) { - struct hrl_limit *limit; + struct hrl_rule_link *link; struct sbuf *sb = (struct sbuf *)arg3; mtx_assert(&hrl_lock, MA_OWNED); - LIST_FOREACH(limit, &container->hc_limits, hl_next) { - if (!hrl_rule_matches(limit->hl_rule, filter)) + LIST_FOREACH(link, &container->hc_rule_links, hrl_next) { + if (!hrl_rule_matches(link->hrl_rule, filter)) continue; - hrl_rule_to_sbuf(sb, limit->hl_rule); + hrl_rule_to_sbuf(sb, link->hrl_rule); sbuf_printf(sb, ","); } @@ -1512,7 +1512,7 @@ char *inputstr, *buf; struct sbuf *sb; struct hrl_rule *filter; - struct hrl_limit *limit; + struct hrl_rule_link *link; struct proc *p; error = hrl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen); @@ -1535,16 +1535,16 @@ sx_assert(&allproc_lock, SA_LOCKED); FOREACH_PROC_IN_SYSTEM(p) { mtx_lock(&hrl_lock); - LIST_FOREACH(limit, &p->p_container.hc_limits, hl_next) { + LIST_FOREACH(link, &p->p_container.hc_rule_links, hrl_next) { /* * Non-process rules will be added to the buffer later. * Adding them here would result in duplicated output. */ - if (limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_PROCESS) + if (link->hrl_rule->hr_subject_type != HRL_SUBJECT_TYPE_PROCESS) continue; - if (!hrl_rule_matches(limit->hl_rule, filter)) + if (!hrl_rule_matches(link->hrl_rule, filter)) continue; - hrl_rule_to_sbuf(sb, limit->hl_rule); + hrl_rule_to_sbuf(sb, link->hrl_rule); sbuf_printf(sb, ","); } mtx_unlock(&hrl_lock); @@ -1584,7 +1584,7 @@ char *inputstr, *buf; struct sbuf *sb; struct hrl_rule *filter; - struct hrl_limit *limit; + struct hrl_rule_link *link; error = hrl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen); if (error) @@ -1620,8 +1620,8 @@ KASSERT(sb != NULL, ("sbuf_new failed")); mtx_lock(&hrl_lock); - LIST_FOREACH(limit, &filter->hr_subject.hs_proc->p_container.hc_limits, hl_next) { - hrl_rule_to_sbuf(sb, limit->hl_rule); + LIST_FOREACH(link, &filter->hr_subject.hs_proc->p_container.hc_rule_links, hrl_next) { + hrl_rule_to_sbuf(sb, link->hrl_rule); sbuf_printf(sb, ","); } mtx_unlock(&hrl_lock); @@ -1743,7 +1743,7 @@ hrl_proc_ucred_changing(struct proc *p, struct ucred *newcred) { int error; - struct hrl_limit *limit; + struct hrl_rule_link *link; struct uidinfo *olduip, *newuip; struct loginclass *oldlc, *newlc; struct prison *oldpr, *newpr; @@ -1762,8 +1762,8 @@ /* * Remove rules that are no longer applicable with the new ucred. */ - LIST_FOREACH(limit, &p->p_container.hc_limits, hl_next) { - switch (limit->hl_rule->hr_subject_type) { + LIST_FOREACH(link, &p->p_container.hc_rule_links, hrl_next) { + switch (link->hrl_rule->hr_subject_type) { case HRL_SUBJECT_TYPE_PROCESS: continue; case HRL_SUBJECT_TYPE_USER: @@ -1780,20 +1780,20 @@ break; default: panic("hrl_proc_ucred_changing: unknown subject %d", - limit->hl_rule->hr_subject_type); + link->hrl_rule->hr_subject_type); } - LIST_REMOVE(limit, hl_next); - hrl_rule_release(limit->hl_rule); - uma_zfree(hrl_limit_zone, limit); + LIST_REMOVE(link, hrl_next); + hrl_rule_release(link->hrl_rule); + uma_zfree(hrl_rule_link_zone, link); } /* * Add rules for the new ucred and move between containers where applicable. */ if (newuip != olduip) { - LIST_FOREACH(limit, &newuip->ui_container.hc_limits, hl_next) { - error = hrl_container_add_rule_locked(&p->p_container, limit->hl_rule); + LIST_FOREACH(link, &newuip->ui_container.hc_rule_links, hrl_next) { + error = hrl_container_add_rule_locked(&p->p_container, link->hrl_rule); KASSERT(error == 0, ("XXX: better error handling needed")); } @@ -1801,8 +1801,8 @@ hrl_container_join(&p->p_container, &newuip->ui_container); } if (newlc != oldlc) { - LIST_FOREACH(limit, &newlc->lc_container.hc_limits, hl_next) { - error = hrl_container_add_rule_locked(&p->p_container, limit->hl_rule); + LIST_FOREACH(link, &newlc->lc_container.hc_rule_links, hrl_next) { + error = hrl_container_add_rule_locked(&p->p_container, link->hrl_rule); KASSERT(error == 0, ("XXX: better error handling needed")); } @@ -1810,8 +1810,8 @@ hrl_container_join(&p->p_container, &newlc->lc_container); } if (newpr != oldpr) { - LIST_FOREACH(limit, &newpr->pr_container.hc_limits, hl_next) { - error = hrl_container_add_rule_locked(&p->p_container, limit->hl_rule); + LIST_FOREACH(link, &newpr->pr_container.hc_rule_links, hrl_next) { + error = hrl_container_add_rule_locked(&p->p_container, link->hrl_rule); KASSERT(error == 0, ("XXX: better error handling needed")); } @@ -1831,7 +1831,7 @@ int flags __unused) { int error, i; - struct hrl_limit *limit; + struct hrl_rule_link *link; struct hrl_rule *rule; struct hrl_container *container; @@ -1863,9 +1863,9 @@ * Rules with 'process' subject have to be duplicated in order to make their * hr_subject point to the new process. */ - LIST_FOREACH(limit, &parent->p_container.hc_limits, hl_next) { - if (limit->hl_rule->hr_subject_type == HRL_SUBJECT_TYPE_PROCESS) { - rule = hrl_rule_duplicate(limit->hl_rule, M_NOWAIT); + LIST_FOREACH(link, &parent->p_container.hc_rule_links, hrl_next) { + if (link->hrl_rule->hr_subject_type == HRL_SUBJECT_TYPE_PROCESS) { + rule = hrl_rule_duplicate(link->hrl_rule, M_NOWAIT); KASSERT(rule != NULL, ("XXX: better error handling needed")); KASSERT(rule->hr_subject.hs_proc == parent, ("rule->hr_subject.hs_proc == parent")); @@ -1874,7 +1874,7 @@ KASSERT(error == 0, ("XXX: better error handling needed")); hrl_rule_release(rule); } else { - error = hrl_container_add_rule_locked(&child->p_container, limit->hl_rule); + error = hrl_container_add_rule_locked(&child->p_container, link->hrl_rule); KASSERT(error == 0, ("XXX: better error handling needed")); } } @@ -1905,14 +1905,14 @@ static void hrl_proc_exit(void *arg __unused, struct proc *p) { - struct hrl_limit *limit; + struct hrl_rule_link *link; mtx_lock(&hrl_lock); - while (!LIST_EMPTY(&p->p_container.hc_limits)) { - limit = LIST_FIRST(&p->p_container.hc_limits); - LIST_REMOVE(limit, hl_next); - hrl_rule_release(limit->hl_rule); - uma_zfree(hrl_limit_zone, limit); + while (!LIST_EMPTY(&p->p_container.hc_rule_links)) { + link = LIST_FIRST(&p->p_container.hc_rule_links); + LIST_REMOVE(link, hrl_next); + hrl_rule_release(link->hrl_rule); + uma_zfree(hrl_rule_link_zone, link); } mtx_unlock(&hrl_lock); } @@ -1921,7 +1921,7 @@ hrl_init(void) { - hrl_limit_zone = uma_zcreate("hrl_limit", sizeof(struct hrl_limit), + hrl_rule_link_zone = uma_zcreate("hrl_rule_link", sizeof(struct hrl_rule_link), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); hrl_rule_zone = uma_zcreate("hrl_rule", sizeof(struct hrl_rule), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); ==== //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#42 (text+ko) ==== @@ -39,6 +39,7 @@ struct loginclass; struct prison; struct ucred; +struct hrl_rule_link; /* * Hierarchical Resource Limits. @@ -54,10 +55,10 @@ * 'struct uidinfo' for uid 1984, and 'hr_per' would be equal * HRL_SUBJECT_TYPE_PROCESS. * - * 'hr_refcount' is equal to the number of hrl_limit structures + * 'hr_refcount' is equal to the number of hrl_rule_link structures * pointing to the rule. * - * This structure must never change after being added, via hrl_limit + * This structure must never change after being added, via hrl_rule_link * structures, to subjects. In order to change a limit, add a new * rule and remove the previous one. */ @@ -153,7 +154,7 @@ struct hrl_container { int64_t hc_resources[HRL_RESOURCE_MAX + 1]; struct hrl_container *hc_parents[HRL_HC_PARENTS_MAX + 1]; - LIST_HEAD(, hrl_limit) hc_limits; + LIST_HEAD(, hrl_rule_link) hc_rule_links; }; #ifdef _KERNEL
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002151704.o1FH4dAr057327>