PERFORCE change 188308 for review

[Edward Tomasz Napierala]

http://p4web.freebsd.org/@@188308?ac=10

Change 188308 by trasz at trasz_victim on 2011/01/29 12:48:07

	In addition to preventing one from adding per-process rules for
	system processes, also don't link other rules to system processes.
	Also, we don't need to PROC_LOCK() just to change for P_SYSTEM.

Affected files ...

.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#24 edit

Differences ...

==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#24 (text+ko) ====

@@ -935,16 +935,6 @@
 	    rusage_is_sloppy(rule->rr_resource))
 		return (EINVAL);
 
-	if (rule->rr_subject_type == RCTL_SUBJECT_TYPE_PROCESS) {
-		p = rule->rr_subject.rs_proc;
-		PROC_LOCK(p);
-		if (p->p_flag & P_SYSTEM) {
-			PROC_UNLOCK(p);
-			return (EINVAL);
-		}
-		PROC_UNLOCK(p);
-	}
-
 	/*
 	 * Make sure there are no duplicated rules.  Also, for the "deny"
 	 * rules, remove ones differing only by "amount".
@@ -961,6 +951,12 @@
 	case RCTL_SUBJECT_TYPE_PROCESS:
 		p = rule->rr_subject.rs_proc;
 		KASSERT(p != NULL, ("rctl_rule_add: NULL proc"));
+		/*
+		 * No resource limits for system processes.
+		 */
+		if (p->p_flag & P_SYSTEM)
+			return (EINVAL);
+
 		rctl_container_add_rule(p->p_container, rule);
 		/*
 		 * In case of per-process rule, we don't have anything more
@@ -997,6 +993,8 @@
 	 */
 	sx_assert(&allproc_lock, SA_LOCKED);
 	FOREACH_PROC_IN_SYSTEM(p) {
+		if (p->p_flag & P_SYSTEM)
+			continue;
 		cred = p->p_ucred;
 		switch (rule->rr_subject_type) {
 		case RCTL_SUBJECT_TYPE_USER:
@@ -1233,13 +1231,10 @@
 			error = EINVAL;
 			goto out;
 		}
-		PROC_LOCK(p);
 		if (p->p_flag & P_SYSTEM) {
-			PROC_UNLOCK(p);
 			error = EINVAL;
 			goto out;
 		}
-		PROC_UNLOCK(p);
 		outputsbuf = rctl_container_to_sbuf(p->p_container, 0);
 		break;
 	case RCTL_SUBJECT_TYPE_USER: