PERFORCE change 169163 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Fri Oct 2 22:30:29 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=169163
Change 169163 by trasz at trasz_victim on 2009/10/02 22:29:27
Move loginclass pointer from process to ucred, where it should
be in the first place.
Affected files ...
.. //depot/projects/soc2009/trasz_limits/TODO#12 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/init_main.c#14 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_exit.c#14 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_fork.c#13 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#62 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_loginclass.c#13 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_prot.c#23 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#35 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/proc.h#12 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/ucred.h#9 edit
Differences ...
==== //depot/projects/soc2009/trasz_limits/TODO#12 (text+ko) ====
@@ -1,6 +1,4 @@
- - Why did I put the loginclass pointer into the proc and not into the cred?
-
- Make the limits lists protected by the subjects lock (e.g. process lock)
instead of hrl_lock.
==== //depot/projects/soc2009/trasz_limits/sys/kern/init_main.c#14 (text+ko) ====
@@ -470,6 +470,7 @@
p->p_ucred->cr_uidinfo = uifind(0);
p->p_ucred->cr_ruidinfo = uifind(0);
p->p_ucred->cr_prison = &prison0;
+ p->p_ucred->cr_loginclass = loginclass_find("default");
#ifdef AUDIT
audit_cred_kproc0(p->p_ucred);
#endif
@@ -478,9 +479,6 @@
#endif
td->td_ucred = crhold(p->p_ucred);
- /* Set default login class. */
- p->p_loginclass = loginclass_find("default");
-
/* Create sigacts. */
p->p_sigacts = sigacts_alloc();
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_exit.c#14 (text+ko) ====
@@ -48,7 +48,6 @@
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/lock.h>
-#include <sys/loginclass.h>
#include <sys/mutex.h>
#include <sys/proc.h>
#include <sys/pioctl.h>
@@ -771,7 +770,7 @@
hrl_proc_exiting(p);
/*
- * Free credentials, arguments, sigacts and loginclass.
+ * Free credentials, arguments and sigacts.
*/
crfree(p->p_ucred);
p->p_ucred = NULL;
@@ -779,8 +778,6 @@
p->p_args = NULL;
sigacts_free(p->p_sigacts);
p->p_sigacts = NULL;
- loginclass_release(p->p_loginclass);
- p->p_loginclass = NULL;
/*
* Do any thread-system specific cleanups.
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_fork.c#13 (text+ko) ====
@@ -52,7 +52,6 @@
#include <sys/kthread.h>
#include <sys/sysctl.h>
#include <sys/lock.h>
-#include <sys/loginclass.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
#include <sys/priv.h>
@@ -484,9 +483,6 @@
/* Tell the prison that we exist. */
prison_proc_hold(p2->p_ucred->cr_prison);
- /* Loginclass might want to know too. */
- loginclass_acquire(p2->p_loginclass);
-
PROC_UNLOCK(p2);
/*
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#62 (text+ko) ====
@@ -290,7 +290,7 @@
break;
case HRL_SUBJECT_TYPE_LOGINCLASS:
available = rule->hr_amount -
- p->p_loginclass->lc_usage.hu_resources[resource];
+ cred->cr_loginclass->lc_usage.hu_resources[resource];
available = INT64_MAX; /* XXX */
break;
case HRL_SUBJECT_TYPE_JAIL:
@@ -493,11 +493,11 @@
return (error);
}
p->p_usage.hu_resources[resource] += amount;
- p->p_loginclass->lc_usage.hu_resources[resource] += amount;
cred = p->p_ucred;
cred->cr_ruidinfo->ui_usage.hu_resources[resource] += amount;
for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent)
pr->pr_usage.hu_resources[resource] += amount;
+ cred->cr_loginclass->lc_usage.hu_resources[resource] += amount;
/*
* XXX: Slow.
*/
@@ -557,11 +557,11 @@
}
}
p->p_usage.hu_resources[resource] = amount;
- p->p_loginclass->lc_usage.hu_resources[resource] += diff;
cred = p->p_ucred;
cred->cr_ruidinfo->ui_usage.hu_resources[resource] += diff;
for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent)
pr->pr_usage.hu_resources[resource] += diff;
+ cred->cr_loginclass->lc_usage.hu_resources[resource] += diff;
/*
* XXX: Slow.
*/
@@ -612,11 +612,11 @@
"%ld for %s (pid %d)", amount, hrl_resource_name(resource),
p->p_usage.hu_resources[resource], p->p_comm, p->p_pid));
p->p_usage.hu_resources[resource] -= amount;
- p->p_loginclass->lc_usage.hu_resources[resource] -= amount;
cred = p->p_ucred;
cred->cr_ruidinfo->ui_usage.hu_resources[resource] -= amount;
for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent)
pr->pr_usage.hu_resources[resource] -= amount;
+ cred->cr_loginclass->lc_usage.hu_resources[resource] -= amount;
/*
* XXX: Slow.
*/
@@ -1235,7 +1235,7 @@
break;
continue;
case HRL_SUBJECT_TYPE_LOGINCLASS:
- if (p->p_loginclass == rule->hr_subject.hs_loginclass)
+ if (cred->cr_loginclass == rule->hr_subject.hs_loginclass)
break;
continue;
case HRL_SUBJECT_TYPE_JAIL:
@@ -1727,54 +1727,8 @@
}
/*
- * Called just before loginclass change, to adjust p_limits and lc_usage.
- */
-void
-hrl_proc_loginclass_changing(struct proc *p, struct loginclass *newlc)
-{
- int error;
- struct hrl_limit *limit;
- struct loginclass *lc = p->p_loginclass;
-
- PROC_LOCK_ASSERT(p, MA_OWNED);
-
- mtx_lock(&hrl_lock);
-
- /*
- * Remove rules for the old loginclass.
- */
- LIST_FOREACH(limit, &p->p_limits, hl_next) {
- if (limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_LOGINCLASS)
- continue;
-
- LIST_REMOVE(limit, hl_next);
- hrl_rule_release(limit->hl_rule);
- uma_zfree(hrl_limit_zone, limit);
- }
-
- /*
- * Now add rules for the current loginclass.
- */
- LIST_FOREACH(limit, &newlc->lc_limits, hl_next) {
- error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule);
- KASSERT(error == 0, ("XXX: better error handling needed"));
- }
-
- mtx_unlock(&hrl_lock);
-
- /*
- * Adjust loginclass resource usage information.
- */
- hrl_usage_subtract(&lc->lc_usage, &p->p_usage);
- hrl_usage_add(&newlc->lc_usage, &p->p_usage);
-}
-
-/*
* Called after credentials change, to adjust p_limits.
*
- * XXX: This should be merged with the routine above, after moving
- * the loginclass pointer from 'struct proc' to 'struct ucred'.
- *
* XXX: What about jails?
*/
void
@@ -1783,17 +1737,20 @@
int error, i;
struct hrl_limit *limit;
struct uidinfo *olduip, *newuip;
+ struct loginclass *oldlc, *newlc;
PROC_LOCK_ASSERT(p, MA_OWNED);
mtx_lock(&hrl_lock);
/*
- * Remove rules for the old user credentials.
+ * Remove rules for the old user credentials - per-user, per-group
+ * and per-loginclass.
*/
LIST_FOREACH(limit, &p->p_limits, hl_next) {
if (limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_USER &&
- limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_GROUP)
+ limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_GROUP &&
+ limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_LOGINCLASS)
continue;
LIST_REMOVE(limit, hl_next);
@@ -1820,6 +1777,14 @@
}
}
+ /*
+ * Add rules for the current loginclass.
+ */
+ LIST_FOREACH(limit, &newcred->cr_loginclass->lc_limits, hl_next) {
+ error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule);
+ KASSERT(error == 0, ("XXX: better error handling needed"));
+ }
+
mtx_unlock(&hrl_lock);
/*
@@ -1843,6 +1808,16 @@
hrl_usage_add(
&newcred->cr_gidinfos[i]->gi_usage, &p->p_usage);
}
+
+ /*
+ * Adjust loginclass resource usage information.
+ */
+ newlc = newcred->cr_loginclass;
+ oldlc = p->p_ucred->cr_loginclass;
+ if (newlc != oldlc) {
+ hrl_usage_subtract(&oldlc->lc_usage, &p->p_usage);
+ hrl_usage_add(&newlc->lc_usage, &p->p_usage);
+ }
}
/*
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_loginclass.c#13 (text+ko) ====
@@ -159,7 +159,7 @@
struct loginclass *lc;
PROC_LOCK(p);
- lc = p->p_loginclass;
+ lc = p->p_ucred->cr_loginclass;
loginclass_acquire(lc);
PROC_UNLOCK(p);
@@ -187,7 +187,8 @@
struct proc *p = td->td_proc;
int error;
char lcname[MAXLOGNAME];
- struct loginclass *newlc, *oldlc;
+ struct loginclass *newlc;
+ struct ucred *newcred, *oldcred;
error = priv_check(td, PRIV_PROC_SETLOGINCLASS);
if (error)
@@ -196,15 +197,18 @@
if (error == ENAMETOOLONG)
return (EINVAL);
+ newcred = crget();
newlc = loginclass_find(lcname);
PROC_LOCK(p);
- hrl_proc_loginclass_changing(p, newlc);
- oldlc = p->p_loginclass;
- p->p_loginclass = newlc;
+ oldcred = crcopysafe(p, newcred);
+ newcred->cr_loginclass = newlc;
+ hrl_proc_ucred_changing(p, newcred);
+ p->p_ucred = newcred;
PROC_UNLOCK(p);
- loginclass_release(oldlc);
+ loginclass_release(oldcred->cr_loginclass);
+ crfree(oldcred);
return (0);
}
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_prot.c#23 (text+ko) ====
@@ -55,6 +55,7 @@
#include <sys/kdb.h>
#include <sys/kernel.h>
#include <sys/lock.h>
+#include <sys/loginclass.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
#include <sys/refcount.h>
@@ -1897,6 +1898,7 @@
*/
if (cr->cr_prison != NULL)
prison_free(cr->cr_prison);
+ loginclass_release(cr->cr_loginclass);
#ifdef AUDIT
audit_cred_destroy(cr);
#endif
@@ -1938,6 +1940,7 @@
gihold(dest->cr_gidinfos[i]);
}
prison_hold(dest->cr_prison);
+ loginclass_acquire(dest->cr_loginclass);
#ifdef AUDIT
audit_cred_copy(src, dest);
#endif
==== //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#35 (text+ko) ====
@@ -154,7 +154,6 @@
void hrl_proc_exiting(struct proc *p);
-void hrl_proc_loginclass_changing(struct proc *p, struct loginclass *newlc);
void hrl_proc_ucred_changing(struct proc *p, struct ucred *newcred);
struct hrl_rule *hrl_rule_alloc(int flags);
==== //depot/projects/soc2009/trasz_limits/sys/sys/proc.h#12 (text+ko) ====
@@ -171,7 +171,6 @@
struct kdtrace_proc;
struct kdtrace_thread;
struct cpuset;
-struct loginclass;
/*
* Kernel runnable context (thread).
@@ -529,7 +528,6 @@
rlim_t p_cpulimit; /* (c) Current CPU limit in seconds. */
signed char p_nice; /* (c) Process "nice" value. */
int p_fibnum; /* in this routing domain XXX MRT */
- struct loginclass *p_loginclass; /* (c) login class */
/* End area that is copied on creation. */
#define p_endcopy p_xstat
==== //depot/projects/soc2009/trasz_limits/sys/sys/ucred.h#9 (text+ko) ====
@@ -35,6 +35,8 @@
#include <bsm/audit.h>
+struct loginclass;
+
/*
* Credentials.
*
@@ -54,7 +56,7 @@
struct uidinfo *cr_uidinfo; /* per euid resource consumption */
struct uidinfo *cr_ruidinfo; /* per ruid resource consumption */
struct prison *cr_prison; /* jail(2) */
- void *cr_pspare; /* general use */
+ struct loginclass *cr_loginclass; /* login class */
u_int cr_flags; /* credential flags */
void *cr_pspare2[2]; /* general use 2 */
#define cr_endcopy cr_label
More information about the p4-projects
mailing list