PERFORCE change 169392 for review

Sun Oct 11 13:55:33 UTC 2009

http://perforce.freebsd.org/chv.cgi?CH=169392

Change 169392 by trasz at trasz_victim on 2009/10/11 13:55:02

	Optimize things a little.

Affected files ...

.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#67 edit

Differences ...

==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#67 (text+ko) ====

@@ -1662,9 +1662,8 @@
 }
 
 /*
- * Called after credentials change, to adjust p_limits.
- *
- * XXX: What about jails?
+ * Called before credentials change, to adjust HRL data structures
+ * assigned to the process.
  */
 void
 hrl_proc_ucred_changing(struct proc *p, struct ucred *newcred)
@@ -1673,20 +1672,42 @@
 	struct hrl_limit *limit;
 	struct uidinfo *olduip, *newuip;
 	struct loginclass *oldlc, *newlc;
+	struct prison *oldpr, *newpr;
 
 	PROC_LOCK_ASSERT(p, MA_OWNED);
 
+	newuip = newcred->cr_ruidinfo;
+	olduip = p->p_ucred->cr_ruidinfo;
+	newlc = newcred->cr_loginclass;
+	oldlc = p->p_ucred->cr_loginclass;
+	newpr = newcred->cr_prison;
+	oldpr = p->p_ucred->cr_prison;
+
 	mtx_lock(&hrl_lock);
 
 	/*
-	 * Remove rules for the old user credentials - per-user, per-group
-	 * and per-loginclass.
+	 * Remove rules that are no longer applicable with the new ucred.
 	 */
 	LIST_FOREACH(limit, &p->p_limits, hl_next) {
-		if (limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_USER &&
-		    limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_GROUP &&
-		    limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_LOGINCLASS)
+		switch (limit->hl_rule->hr_subject_type) {
+		case HRL_SUBJECT_TYPE_PROCESS:
 			continue;
+		case HRL_SUBJECT_TYPE_USER:
+			if (newuip == olduip)
+				continue;
+			break;
+		case HRL_SUBJECT_TYPE_LOGINCLASS:
+			if (newlc == oldlc)
+				continue;
+			break;
+		case HRL_SUBJECT_TYPE_JAIL:
+			if (newpr == oldpr)
+				continue;
+			break;
+		default:
+			panic("hrl_proc_ucred_changing: unknown subject %d",
+			    limit->hl_rule->hr_subject_type);
+		}
 
 		LIST_REMOVE(limit, hl_next);
 		hrl_rule_release(limit->hl_rule);
@@ -1694,19 +1715,25 @@
 	}
 	
 	/*
-	 * Now add rules for the current user credentials.
+	 * Add rules for the new ucred.
 	 */
-	LIST_FOREACH(limit, &newcred->cr_ruidinfo->ui_limits, hl_next) {
-		error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule);
-		KASSERT(error == 0, ("XXX: better error handling needed"));
+	if (newuip != olduip) {
+		LIST_FOREACH(limit, &newuip->ui_limits, hl_next) {
+			error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule);
+			KASSERT(error == 0, ("XXX: better error handling needed"));
+		}
+	}
+	if (newlc != oldlc) {
+		LIST_FOREACH(limit, &newlc->lc_limits, hl_next) {
+			error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule);
+			KASSERT(error == 0, ("XXX: better error handling needed"));
+		}
 	}
-
-	/*
-	 * Add rules for the current loginclass.
-	 */
-	LIST_FOREACH(limit, &newcred->cr_loginclass->lc_limits, hl_next) {
-		error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule);
-		KASSERT(error == 0, ("XXX: better error handling needed"));
+	if (newpr != newpr) {
+		LIST_FOREACH(limit, &newpr->pr_limits, hl_next) {
+			error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule);
+			KASSERT(error == 0, ("XXX: better error handling needed"));
+		}
 	}
 
 	mtx_unlock(&hrl_lock);
@@ -1714,8 +1741,6 @@
 	/*
 	 * Fix up per-ruid resource consumption.
 	 */
-	newuip = newcred->cr_ruidinfo;
-	olduip = p->p_ucred->cr_ruidinfo;
 	if (newuip != olduip) {
 		hrl_container_subtract(&olduip->ui_container, &p->p_container);
 		hrl_container_add(&newuip->ui_container, &p->p_container);
@@ -1724,12 +1749,14 @@
 	/*
 	 * Adjust loginclass resource usage information.
 	 */
-	newlc = newcred->cr_loginclass;
-	oldlc = p->p_ucred->cr_loginclass;
 	if (newlc != oldlc) {
 		hrl_container_subtract(&oldlc->lc_container, &p->p_container);
 		hrl_container_add(&newlc->lc_container, &p->p_container);
 	}
+
+	/*
+	 * XXX: Jail resource consumption.
+	 */
 }
 
 /*
