1*0Sstevel@tonic-gate /* 2*0Sstevel@tonic-gate * CDDL HEADER START 3*0Sstevel@tonic-gate * 4*0Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*0Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*0Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*0Sstevel@tonic-gate * with the License. 8*0Sstevel@tonic-gate * 9*0Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*0Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*0Sstevel@tonic-gate * See the License for the specific language governing permissions 12*0Sstevel@tonic-gate * and limitations under the License. 13*0Sstevel@tonic-gate * 14*0Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*0Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*0Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*0Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*0Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*0Sstevel@tonic-gate * 20*0Sstevel@tonic-gate * CDDL HEADER END 21*0Sstevel@tonic-gate */ 22*0Sstevel@tonic-gate /* 23*0Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*0Sstevel@tonic-gate * Use is subject to license terms. 25*0Sstevel@tonic-gate */ 26*0Sstevel@tonic-gate 27*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*0Sstevel@tonic-gate 29*0Sstevel@tonic-gate #include <sys/project.h> 30*0Sstevel@tonic-gate #include <sys/modhash.h> 31*0Sstevel@tonic-gate #include <sys/modctl.h> 32*0Sstevel@tonic-gate #include <sys/kmem.h> 33*0Sstevel@tonic-gate #include <sys/atomic.h> 34*0Sstevel@tonic-gate #include <sys/cmn_err.h> 35*0Sstevel@tonic-gate #include <sys/proc.h> 36*0Sstevel@tonic-gate #include <sys/rctl.h> 37*0Sstevel@tonic-gate #include <sys/sunddi.h> 38*0Sstevel@tonic-gate #include <sys/fss.h> 39*0Sstevel@tonic-gate #include <sys/systm.h> 40*0Sstevel@tonic-gate #include <sys/ipc_impl.h> 41*0Sstevel@tonic-gate #include <sys/port_kernel.h> 42*0Sstevel@tonic-gate #include <sys/task.h> 43*0Sstevel@tonic-gate #include <sys/zone.h> 44*0Sstevel@tonic-gate 45*0Sstevel@tonic-gate int project_hash_size = 64; 46*0Sstevel@tonic-gate static kmutex_t project_hash_lock; 47*0Sstevel@tonic-gate static kmutex_t projects_list_lock; 48*0Sstevel@tonic-gate static mod_hash_t *projects_hash; 49*0Sstevel@tonic-gate static kproject_t *projects_list; 50*0Sstevel@tonic-gate 51*0Sstevel@tonic-gate rctl_hndl_t rc_project_cpu_shares; 52*0Sstevel@tonic-gate rctl_hndl_t rc_project_nlwps; 53*0Sstevel@tonic-gate rctl_hndl_t rc_project_ntasks; 54*0Sstevel@tonic-gate rctl_hndl_t rc_project_msgmni; 55*0Sstevel@tonic-gate rctl_hndl_t rc_project_semmni; 56*0Sstevel@tonic-gate rctl_hndl_t rc_project_shmmax; 57*0Sstevel@tonic-gate rctl_hndl_t rc_project_shmmni; 58*0Sstevel@tonic-gate rctl_hndl_t rc_project_portids; 59*0Sstevel@tonic-gate rctl_hndl_t rc_project_devlockmem; 60*0Sstevel@tonic-gate rctl_hndl_t rc_project_contract; 61*0Sstevel@tonic-gate rctl_hndl_t rc_project_crypto_mem; 62*0Sstevel@tonic-gate 63*0Sstevel@tonic-gate /* 64*0Sstevel@tonic-gate * Dummy structure used when comparing projects. This structure must be kept 65*0Sstevel@tonic-gate * identical to the first two fields of kproject_t. 66*0Sstevel@tonic-gate */ 67*0Sstevel@tonic-gate struct project_zone { 68*0Sstevel@tonic-gate projid_t kpj_id; 69*0Sstevel@tonic-gate zoneid_t kpj_zoneid; 70*0Sstevel@tonic-gate }; 71*0Sstevel@tonic-gate 72*0Sstevel@tonic-gate /* 73*0Sstevel@tonic-gate * Projects 74*0Sstevel@tonic-gate * 75*0Sstevel@tonic-gate * A dictionary of all active projects is maintained by the kernel so that we 76*0Sstevel@tonic-gate * may track project usage and limits. (By an active project, we mean a 77*0Sstevel@tonic-gate * project associated with one or more task, and therefore with one or more 78*0Sstevel@tonic-gate * processes.) We build the dictionary on top of the mod_hash facility, since 79*0Sstevel@tonic-gate * project additions and deletions are relatively rare events. An 80*0Sstevel@tonic-gate * integer-to-pointer mapping is maintained within the hash, representing the 81*0Sstevel@tonic-gate * map from project id to project structure. All projects, including the 82*0Sstevel@tonic-gate * primordial "project 0", are allocated via the project_hold_by_id() 83*0Sstevel@tonic-gate * interface. 84*0Sstevel@tonic-gate * 85*0Sstevel@tonic-gate * Currently, the project contains a reference count; the project ID, which is 86*0Sstevel@tonic-gate * examined by the extended accounting subsystem as well as /proc; a resource 87*0Sstevel@tonic-gate * control set, which contains the allowable values (and actions on exceeding 88*0Sstevel@tonic-gate * those values) for controlled project-level resources on the system; and a 89*0Sstevel@tonic-gate * number of CPU shares, which is used by the fair share scheduling class 90*0Sstevel@tonic-gate * (FSS) to support its proportion-based scheduling algorithm. 91*0Sstevel@tonic-gate * 92*0Sstevel@tonic-gate * Reference counting convention 93*0Sstevel@tonic-gate * The dictionary entry does not itself count as a reference--only references 94*0Sstevel@tonic-gate * outside of the subsystem are tallied. At the drop of the final external 95*0Sstevel@tonic-gate * reference, the project entry is removed. The reference counter keeps 96*0Sstevel@tonic-gate * track of the number of threads *and* tasks within a project. 97*0Sstevel@tonic-gate * 98*0Sstevel@tonic-gate * Locking 99*0Sstevel@tonic-gate * Walking the doubly-linked project list must be done while holding 100*0Sstevel@tonic-gate * projects_list_lock. Thus, any dereference of kpj_next or kpj_prev must be 101*0Sstevel@tonic-gate * under projects_list_lock. 102*0Sstevel@tonic-gate * 103*0Sstevel@tonic-gate * If both the hash lock, project_hash_lock, and the list lock are to be 104*0Sstevel@tonic-gate * acquired, the hash lock is to be acquired first. 105*0Sstevel@tonic-gate */ 106*0Sstevel@tonic-gate 107*0Sstevel@tonic-gate 108*0Sstevel@tonic-gate static void 109*0Sstevel@tonic-gate project_data_init(kproject_data_t *data) 110*0Sstevel@tonic-gate { 111*0Sstevel@tonic-gate /* 112*0Sstevel@tonic-gate * Initialize subsystem-specific data 113*0Sstevel@tonic-gate */ 114*0Sstevel@tonic-gate data->kpd_shmmax = 0; 115*0Sstevel@tonic-gate data->kpd_shmmni = 0; 116*0Sstevel@tonic-gate data->kpd_semmni = 0; 117*0Sstevel@tonic-gate data->kpd_msgmni = 0; 118*0Sstevel@tonic-gate data->kpd_devlockmem = 0; 119*0Sstevel@tonic-gate data->kpd_contract = 0; 120*0Sstevel@tonic-gate data->kpd_crypto_mem = 0; 121*0Sstevel@tonic-gate } 122*0Sstevel@tonic-gate 123*0Sstevel@tonic-gate /*ARGSUSED*/ 124*0Sstevel@tonic-gate static uint_t 125*0Sstevel@tonic-gate project_hash_by_id(void *hash_data, mod_hash_key_t key) 126*0Sstevel@tonic-gate { 127*0Sstevel@tonic-gate struct project_zone *pz = key; 128*0Sstevel@tonic-gate uint_t mykey; 129*0Sstevel@tonic-gate 130*0Sstevel@tonic-gate /* 131*0Sstevel@tonic-gate * Merge the zoneid and projectid together to a 32-bit quantity, and 132*0Sstevel@tonic-gate * then pass that in to the existing idhash. 133*0Sstevel@tonic-gate */ 134*0Sstevel@tonic-gate mykey = (pz->kpj_zoneid << 16) | pz->kpj_id; 135*0Sstevel@tonic-gate return (mod_hash_byid(hash_data, (mod_hash_key_t)(uintptr_t)mykey)); 136*0Sstevel@tonic-gate } 137*0Sstevel@tonic-gate 138*0Sstevel@tonic-gate static int 139*0Sstevel@tonic-gate project_hash_key_cmp(mod_hash_key_t key1, mod_hash_key_t key2) 140*0Sstevel@tonic-gate { 141*0Sstevel@tonic-gate struct project_zone *pz1 = key1, *pz2 = key2; 142*0Sstevel@tonic-gate int retval; 143*0Sstevel@tonic-gate 144*0Sstevel@tonic-gate return ((int)((retval = pz1->kpj_id - pz2->kpj_id) != 0 ? retval : 145*0Sstevel@tonic-gate pz1->kpj_zoneid - pz2->kpj_zoneid)); 146*0Sstevel@tonic-gate } 147*0Sstevel@tonic-gate 148*0Sstevel@tonic-gate static void 149*0Sstevel@tonic-gate project_hash_val_dtor(mod_hash_val_t val) 150*0Sstevel@tonic-gate { 151*0Sstevel@tonic-gate kproject_t *kp = (kproject_t *)val; 152*0Sstevel@tonic-gate 153*0Sstevel@tonic-gate ASSERT(kp->kpj_count == 0); 154*0Sstevel@tonic-gate kmem_free(kp, sizeof (kproject_t)); 155*0Sstevel@tonic-gate } 156*0Sstevel@tonic-gate 157*0Sstevel@tonic-gate /* 158*0Sstevel@tonic-gate * kproject_t *project_hold(kproject_t *) 159*0Sstevel@tonic-gate * 160*0Sstevel@tonic-gate * Overview 161*0Sstevel@tonic-gate * Record that an additional reference on the indicated project has been 162*0Sstevel@tonic-gate * taken. 163*0Sstevel@tonic-gate * 164*0Sstevel@tonic-gate * Return values 165*0Sstevel@tonic-gate * A pointer to the indicated project. 166*0Sstevel@tonic-gate * 167*0Sstevel@tonic-gate * Caller's context 168*0Sstevel@tonic-gate * project_hash_lock must not be held across the project_hold() call. 169*0Sstevel@tonic-gate */ 170*0Sstevel@tonic-gate kproject_t * 171*0Sstevel@tonic-gate project_hold(kproject_t *p) 172*0Sstevel@tonic-gate { 173*0Sstevel@tonic-gate mutex_enter(&project_hash_lock); 174*0Sstevel@tonic-gate ASSERT(p != NULL); 175*0Sstevel@tonic-gate p->kpj_count++; 176*0Sstevel@tonic-gate ASSERT(p->kpj_count != 0); 177*0Sstevel@tonic-gate mutex_exit(&project_hash_lock); 178*0Sstevel@tonic-gate return (p); 179*0Sstevel@tonic-gate } 180*0Sstevel@tonic-gate 181*0Sstevel@tonic-gate /* 182*0Sstevel@tonic-gate * kproject_t *project_hold_by_id(projid_t, zoneid_t, int) 183*0Sstevel@tonic-gate * 184*0Sstevel@tonic-gate * Overview 185*0Sstevel@tonic-gate * project_hold_by_id() performs a look-up in the dictionary of projects 186*0Sstevel@tonic-gate * active on the system by specified project ID + zone ID and puts a hold on 187*0Sstevel@tonic-gate * it. The third argument defines the desired behavior in the case when 188*0Sstevel@tonic-gate * project with given project ID cannot be found: 189*0Sstevel@tonic-gate * 190*0Sstevel@tonic-gate * PROJECT_HOLD_INSERT New entry is made in dictionary and the project 191*0Sstevel@tonic-gate * is added to the global list. 192*0Sstevel@tonic-gate * 193*0Sstevel@tonic-gate * PROJECT_HOLD_FIND Return NULL. 194*0Sstevel@tonic-gate * 195*0Sstevel@tonic-gate * The project is returned with its reference count incremented by one. 196*0Sstevel@tonic-gate * A new project derives its resource controls from those of project 0. 197*0Sstevel@tonic-gate * 198*0Sstevel@tonic-gate * Return values 199*0Sstevel@tonic-gate * A pointer to the held project. 200*0Sstevel@tonic-gate * 201*0Sstevel@tonic-gate * Caller's context 202*0Sstevel@tonic-gate * Caller must be in a context suitable for KM_SLEEP allocations. 203*0Sstevel@tonic-gate */ 204*0Sstevel@tonic-gate kproject_t * 205*0Sstevel@tonic-gate project_hold_by_id(projid_t id, zoneid_t zoneid, int flag) 206*0Sstevel@tonic-gate { 207*0Sstevel@tonic-gate kproject_t *spare_p; 208*0Sstevel@tonic-gate kproject_t *p; 209*0Sstevel@tonic-gate mod_hash_hndl_t hndl; 210*0Sstevel@tonic-gate rctl_set_t *set; 211*0Sstevel@tonic-gate rctl_alloc_gp_t *gp; 212*0Sstevel@tonic-gate rctl_entity_p_t e; 213*0Sstevel@tonic-gate struct project_zone pz; 214*0Sstevel@tonic-gate 215*0Sstevel@tonic-gate pz.kpj_id = id; 216*0Sstevel@tonic-gate pz.kpj_zoneid = zoneid; 217*0Sstevel@tonic-gate 218*0Sstevel@tonic-gate if (flag == PROJECT_HOLD_FIND) { 219*0Sstevel@tonic-gate mutex_enter(&project_hash_lock); 220*0Sstevel@tonic-gate 221*0Sstevel@tonic-gate if (mod_hash_find(projects_hash, (mod_hash_key_t)&pz, 222*0Sstevel@tonic-gate (mod_hash_val_t)&p) == MH_ERR_NOTFOUND) 223*0Sstevel@tonic-gate p = NULL; 224*0Sstevel@tonic-gate else 225*0Sstevel@tonic-gate p->kpj_count++; 226*0Sstevel@tonic-gate 227*0Sstevel@tonic-gate mutex_exit(&project_hash_lock); 228*0Sstevel@tonic-gate return (p); 229*0Sstevel@tonic-gate } 230*0Sstevel@tonic-gate 231*0Sstevel@tonic-gate ASSERT(flag == PROJECT_HOLD_INSERT); 232*0Sstevel@tonic-gate 233*0Sstevel@tonic-gate spare_p = kmem_zalloc(sizeof (kproject_t), KM_SLEEP); 234*0Sstevel@tonic-gate set = rctl_set_create(); 235*0Sstevel@tonic-gate 236*0Sstevel@tonic-gate gp = rctl_set_init_prealloc(RCENTITY_PROJECT); 237*0Sstevel@tonic-gate 238*0Sstevel@tonic-gate (void) mod_hash_reserve(projects_hash, &hndl); 239*0Sstevel@tonic-gate 240*0Sstevel@tonic-gate mutex_enter(&curproc->p_lock); 241*0Sstevel@tonic-gate mutex_enter(&project_hash_lock); 242*0Sstevel@tonic-gate if (mod_hash_find(projects_hash, (mod_hash_key_t)&pz, 243*0Sstevel@tonic-gate (mod_hash_val_t *)&p) == MH_ERR_NOTFOUND) { 244*0Sstevel@tonic-gate p = spare_p; 245*0Sstevel@tonic-gate p->kpj_id = id; 246*0Sstevel@tonic-gate p->kpj_zoneid = zoneid; 247*0Sstevel@tonic-gate p->kpj_count = 0; 248*0Sstevel@tonic-gate p->kpj_shares = 1; 249*0Sstevel@tonic-gate p->kpj_nlwps = 0; 250*0Sstevel@tonic-gate p->kpj_ntasks = 0; 251*0Sstevel@tonic-gate p->kpj_nlwps_ctl = INT_MAX; 252*0Sstevel@tonic-gate p->kpj_ntasks_ctl = INT_MAX; 253*0Sstevel@tonic-gate project_data_init(&p->kpj_data); 254*0Sstevel@tonic-gate e.rcep_p.proj = p; 255*0Sstevel@tonic-gate e.rcep_t = RCENTITY_PROJECT; 256*0Sstevel@tonic-gate p->kpj_rctls = rctl_set_init(RCENTITY_PROJECT, curproc, &e, 257*0Sstevel@tonic-gate set, gp); 258*0Sstevel@tonic-gate mutex_exit(&curproc->p_lock); 259*0Sstevel@tonic-gate 260*0Sstevel@tonic-gate if (mod_hash_insert_reserve(projects_hash, (mod_hash_key_t)p, 261*0Sstevel@tonic-gate (mod_hash_val_t)p, hndl)) 262*0Sstevel@tonic-gate panic("unable to insert project %d(%p)", id, (void *)p); 263*0Sstevel@tonic-gate 264*0Sstevel@tonic-gate /* 265*0Sstevel@tonic-gate * Insert project into global project list. 266*0Sstevel@tonic-gate */ 267*0Sstevel@tonic-gate mutex_enter(&projects_list_lock); 268*0Sstevel@tonic-gate if (id != 0 || zoneid != GLOBAL_ZONEID) { 269*0Sstevel@tonic-gate p->kpj_next = projects_list; 270*0Sstevel@tonic-gate p->kpj_prev = projects_list->kpj_prev; 271*0Sstevel@tonic-gate p->kpj_prev->kpj_next = p; 272*0Sstevel@tonic-gate projects_list->kpj_prev = p; 273*0Sstevel@tonic-gate } else { 274*0Sstevel@tonic-gate /* 275*0Sstevel@tonic-gate * Special case: primordial hold on project 0. 276*0Sstevel@tonic-gate */ 277*0Sstevel@tonic-gate p->kpj_next = p; 278*0Sstevel@tonic-gate p->kpj_prev = p; 279*0Sstevel@tonic-gate projects_list = p; 280*0Sstevel@tonic-gate } 281*0Sstevel@tonic-gate mutex_exit(&projects_list_lock); 282*0Sstevel@tonic-gate } else { 283*0Sstevel@tonic-gate mutex_exit(&curproc->p_lock); 284*0Sstevel@tonic-gate mod_hash_cancel(projects_hash, &hndl); 285*0Sstevel@tonic-gate kmem_free(spare_p, sizeof (kproject_t)); 286*0Sstevel@tonic-gate rctl_set_free(set); 287*0Sstevel@tonic-gate } 288*0Sstevel@tonic-gate 289*0Sstevel@tonic-gate rctl_prealloc_destroy(gp); 290*0Sstevel@tonic-gate p->kpj_count++; 291*0Sstevel@tonic-gate mutex_exit(&project_hash_lock); 292*0Sstevel@tonic-gate 293*0Sstevel@tonic-gate return (p); 294*0Sstevel@tonic-gate } 295*0Sstevel@tonic-gate 296*0Sstevel@tonic-gate 297*0Sstevel@tonic-gate /* 298*0Sstevel@tonic-gate * void project_rele(kproject_t *) 299*0Sstevel@tonic-gate * 300*0Sstevel@tonic-gate * Overview 301*0Sstevel@tonic-gate * Advertise that one external reference to this project is no longer needed. 302*0Sstevel@tonic-gate * 303*0Sstevel@tonic-gate * Return values 304*0Sstevel@tonic-gate * None. 305*0Sstevel@tonic-gate * 306*0Sstevel@tonic-gate * Caller's context 307*0Sstevel@tonic-gate * No restriction on context. 308*0Sstevel@tonic-gate */ 309*0Sstevel@tonic-gate void 310*0Sstevel@tonic-gate project_rele(kproject_t *p) 311*0Sstevel@tonic-gate { 312*0Sstevel@tonic-gate mutex_enter(&project_hash_lock); 313*0Sstevel@tonic-gate ASSERT(p->kpj_count != 0); 314*0Sstevel@tonic-gate p->kpj_count--; 315*0Sstevel@tonic-gate if (p->kpj_count == 0) { 316*0Sstevel@tonic-gate 317*0Sstevel@tonic-gate /* 318*0Sstevel@tonic-gate * Remove project from global list. 319*0Sstevel@tonic-gate */ 320*0Sstevel@tonic-gate mutex_enter(&projects_list_lock); 321*0Sstevel@tonic-gate p->kpj_next->kpj_prev = p->kpj_prev; 322*0Sstevel@tonic-gate p->kpj_prev->kpj_next = p->kpj_next; 323*0Sstevel@tonic-gate if (projects_list == p) 324*0Sstevel@tonic-gate projects_list = p->kpj_next; 325*0Sstevel@tonic-gate mutex_exit(&projects_list_lock); 326*0Sstevel@tonic-gate 327*0Sstevel@tonic-gate rctl_set_free(p->kpj_rctls); 328*0Sstevel@tonic-gate 329*0Sstevel@tonic-gate if (mod_hash_destroy(projects_hash, (mod_hash_key_t)p)) 330*0Sstevel@tonic-gate panic("unable to delete project %d zone %d", p->kpj_id, 331*0Sstevel@tonic-gate p->kpj_zoneid); 332*0Sstevel@tonic-gate 333*0Sstevel@tonic-gate } 334*0Sstevel@tonic-gate mutex_exit(&project_hash_lock); 335*0Sstevel@tonic-gate } 336*0Sstevel@tonic-gate 337*0Sstevel@tonic-gate /* 338*0Sstevel@tonic-gate * int project_walk_all(zoneid_t, int (*)(kproject_t *, void *), void *) 339*0Sstevel@tonic-gate * 340*0Sstevel@tonic-gate * Overview 341*0Sstevel@tonic-gate * Walk the project list for the given zoneid with a callback. 342*0Sstevel@tonic-gate * 343*0Sstevel@tonic-gate * Return values 344*0Sstevel@tonic-gate * -1 for an invalid walk, number of projects visited otherwise. 345*0Sstevel@tonic-gate * 346*0Sstevel@tonic-gate * Caller's context 347*0Sstevel@tonic-gate * projects_list_lock must not be held, as it is acquired by 348*0Sstevel@tonic-gate * project_walk_all(). Accordingly, callbacks may not perform KM_SLEEP 349*0Sstevel@tonic-gate * allocations. 350*0Sstevel@tonic-gate */ 351*0Sstevel@tonic-gate int 352*0Sstevel@tonic-gate project_walk_all(zoneid_t zoneid, int (*cb)(kproject_t *, void *), 353*0Sstevel@tonic-gate void *walk_data) 354*0Sstevel@tonic-gate { 355*0Sstevel@tonic-gate int cnt = 0; 356*0Sstevel@tonic-gate kproject_t *kp = proj0p; 357*0Sstevel@tonic-gate 358*0Sstevel@tonic-gate mutex_enter(&projects_list_lock); 359*0Sstevel@tonic-gate do { 360*0Sstevel@tonic-gate if (zoneid != ALL_ZONES && kp->kpj_zoneid != zoneid) 361*0Sstevel@tonic-gate continue; 362*0Sstevel@tonic-gate if (cb(kp, walk_data) == -1) { 363*0Sstevel@tonic-gate cnt = -1; 364*0Sstevel@tonic-gate break; 365*0Sstevel@tonic-gate } else { 366*0Sstevel@tonic-gate cnt++; 367*0Sstevel@tonic-gate } 368*0Sstevel@tonic-gate } while ((kp = kp->kpj_next) != proj0p); 369*0Sstevel@tonic-gate mutex_exit(&projects_list_lock); 370*0Sstevel@tonic-gate return (cnt); 371*0Sstevel@tonic-gate } 372*0Sstevel@tonic-gate 373*0Sstevel@tonic-gate /* 374*0Sstevel@tonic-gate * projid_t curprojid(void) 375*0Sstevel@tonic-gate * 376*0Sstevel@tonic-gate * Overview 377*0Sstevel@tonic-gate * Return project ID of the current thread 378*0Sstevel@tonic-gate * 379*0Sstevel@tonic-gate * Caller's context 380*0Sstevel@tonic-gate * No restrictions. 381*0Sstevel@tonic-gate */ 382*0Sstevel@tonic-gate projid_t 383*0Sstevel@tonic-gate curprojid() 384*0Sstevel@tonic-gate { 385*0Sstevel@tonic-gate return (ttoproj(curthread)->kpj_id); 386*0Sstevel@tonic-gate } 387*0Sstevel@tonic-gate 388*0Sstevel@tonic-gate /* 389*0Sstevel@tonic-gate * project.cpu-shares resource control support. 390*0Sstevel@tonic-gate */ 391*0Sstevel@tonic-gate /*ARGSUSED*/ 392*0Sstevel@tonic-gate static rctl_qty_t 393*0Sstevel@tonic-gate project_cpu_shares_usage(rctl_t *rctl, struct proc *p) 394*0Sstevel@tonic-gate { 395*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 396*0Sstevel@tonic-gate return (p->p_task->tk_proj->kpj_shares); 397*0Sstevel@tonic-gate } 398*0Sstevel@tonic-gate 399*0Sstevel@tonic-gate /*ARGSUSED*/ 400*0Sstevel@tonic-gate static int 401*0Sstevel@tonic-gate project_cpu_shares_set(rctl_t *rctl, struct proc *p, rctl_entity_p_t *e, 402*0Sstevel@tonic-gate rctl_qty_t nv) 403*0Sstevel@tonic-gate { 404*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 405*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 406*0Sstevel@tonic-gate if (e->rcep_p.proj == NULL) 407*0Sstevel@tonic-gate return (0); 408*0Sstevel@tonic-gate 409*0Sstevel@tonic-gate e->rcep_p.proj->kpj_shares = nv; 410*0Sstevel@tonic-gate 411*0Sstevel@tonic-gate return (0); 412*0Sstevel@tonic-gate } 413*0Sstevel@tonic-gate 414*0Sstevel@tonic-gate 415*0Sstevel@tonic-gate static rctl_ops_t project_cpu_shares_ops = { 416*0Sstevel@tonic-gate rcop_no_action, 417*0Sstevel@tonic-gate project_cpu_shares_usage, 418*0Sstevel@tonic-gate project_cpu_shares_set, 419*0Sstevel@tonic-gate rcop_no_test 420*0Sstevel@tonic-gate }; 421*0Sstevel@tonic-gate 422*0Sstevel@tonic-gate /*ARGSUSED*/ 423*0Sstevel@tonic-gate static rctl_qty_t 424*0Sstevel@tonic-gate project_lwps_usage(rctl_t *r, proc_t *p) 425*0Sstevel@tonic-gate { 426*0Sstevel@tonic-gate kproject_t *pj; 427*0Sstevel@tonic-gate rctl_qty_t nlwps; 428*0Sstevel@tonic-gate 429*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 430*0Sstevel@tonic-gate pj = p->p_task->tk_proj; 431*0Sstevel@tonic-gate mutex_enter(&p->p_zone->zone_nlwps_lock); 432*0Sstevel@tonic-gate nlwps = pj->kpj_nlwps; 433*0Sstevel@tonic-gate mutex_exit(&p->p_zone->zone_nlwps_lock); 434*0Sstevel@tonic-gate 435*0Sstevel@tonic-gate return (nlwps); 436*0Sstevel@tonic-gate } 437*0Sstevel@tonic-gate 438*0Sstevel@tonic-gate /*ARGSUSED*/ 439*0Sstevel@tonic-gate static int 440*0Sstevel@tonic-gate project_lwps_test(rctl_t *r, proc_t *p, rctl_entity_p_t *e, rctl_val_t *rcntl, 441*0Sstevel@tonic-gate rctl_qty_t incr, uint_t flags) 442*0Sstevel@tonic-gate { 443*0Sstevel@tonic-gate rctl_qty_t nlwps; 444*0Sstevel@tonic-gate 445*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 446*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 447*0Sstevel@tonic-gate if (e->rcep_p.proj == NULL) 448*0Sstevel@tonic-gate return (0); 449*0Sstevel@tonic-gate 450*0Sstevel@tonic-gate nlwps = e->rcep_p.proj->kpj_nlwps; 451*0Sstevel@tonic-gate if (nlwps + incr > rcntl->rcv_value) 452*0Sstevel@tonic-gate return (1); 453*0Sstevel@tonic-gate 454*0Sstevel@tonic-gate return (0); 455*0Sstevel@tonic-gate } 456*0Sstevel@tonic-gate 457*0Sstevel@tonic-gate /*ARGSUSED*/ 458*0Sstevel@tonic-gate static int 459*0Sstevel@tonic-gate project_lwps_set(rctl_t *rctl, struct proc *p, rctl_entity_p_t *e, 460*0Sstevel@tonic-gate rctl_qty_t nv) { 461*0Sstevel@tonic-gate 462*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 463*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 464*0Sstevel@tonic-gate if (e->rcep_p.proj == NULL) 465*0Sstevel@tonic-gate return (0); 466*0Sstevel@tonic-gate 467*0Sstevel@tonic-gate e->rcep_p.proj->kpj_nlwps_ctl = nv; 468*0Sstevel@tonic-gate return (0); 469*0Sstevel@tonic-gate } 470*0Sstevel@tonic-gate 471*0Sstevel@tonic-gate static rctl_ops_t project_lwps_ops = { 472*0Sstevel@tonic-gate rcop_no_action, 473*0Sstevel@tonic-gate project_lwps_usage, 474*0Sstevel@tonic-gate project_lwps_set, 475*0Sstevel@tonic-gate project_lwps_test, 476*0Sstevel@tonic-gate }; 477*0Sstevel@tonic-gate 478*0Sstevel@tonic-gate /*ARGSUSED*/ 479*0Sstevel@tonic-gate static rctl_qty_t 480*0Sstevel@tonic-gate project_ntasks_usage(rctl_t *r, proc_t *p) 481*0Sstevel@tonic-gate { 482*0Sstevel@tonic-gate kproject_t *pj; 483*0Sstevel@tonic-gate rctl_qty_t ntasks; 484*0Sstevel@tonic-gate 485*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 486*0Sstevel@tonic-gate pj = p->p_task->tk_proj; 487*0Sstevel@tonic-gate mutex_enter(&p->p_zone->zone_nlwps_lock); 488*0Sstevel@tonic-gate ntasks = pj->kpj_ntasks; 489*0Sstevel@tonic-gate mutex_exit(&p->p_zone->zone_nlwps_lock); 490*0Sstevel@tonic-gate 491*0Sstevel@tonic-gate return (ntasks); 492*0Sstevel@tonic-gate } 493*0Sstevel@tonic-gate 494*0Sstevel@tonic-gate /*ARGSUSED*/ 495*0Sstevel@tonic-gate static int 496*0Sstevel@tonic-gate project_ntasks_test(rctl_t *r, proc_t *p, rctl_entity_p_t *e, rctl_val_t *rcntl, 497*0Sstevel@tonic-gate rctl_qty_t incr, uint_t flags) 498*0Sstevel@tonic-gate { 499*0Sstevel@tonic-gate rctl_qty_t ntasks; 500*0Sstevel@tonic-gate 501*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 502*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 503*0Sstevel@tonic-gate ntasks = e->rcep_p.proj->kpj_ntasks; 504*0Sstevel@tonic-gate if (ntasks + incr > rcntl->rcv_value) 505*0Sstevel@tonic-gate return (1); 506*0Sstevel@tonic-gate 507*0Sstevel@tonic-gate return (0); 508*0Sstevel@tonic-gate } 509*0Sstevel@tonic-gate 510*0Sstevel@tonic-gate /*ARGSUSED*/ 511*0Sstevel@tonic-gate static int 512*0Sstevel@tonic-gate project_ntasks_set(rctl_t *rctl, struct proc *p, rctl_entity_p_t *e, 513*0Sstevel@tonic-gate rctl_qty_t nv) { 514*0Sstevel@tonic-gate 515*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 516*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 517*0Sstevel@tonic-gate e->rcep_p.proj->kpj_ntasks_ctl = nv; 518*0Sstevel@tonic-gate return (0); 519*0Sstevel@tonic-gate } 520*0Sstevel@tonic-gate 521*0Sstevel@tonic-gate static rctl_ops_t project_tasks_ops = { 522*0Sstevel@tonic-gate rcop_no_action, 523*0Sstevel@tonic-gate project_ntasks_usage, 524*0Sstevel@tonic-gate project_ntasks_set, 525*0Sstevel@tonic-gate project_ntasks_test, 526*0Sstevel@tonic-gate }; 527*0Sstevel@tonic-gate 528*0Sstevel@tonic-gate /* 529*0Sstevel@tonic-gate * project.max-shm-memory resource control support. 530*0Sstevel@tonic-gate */ 531*0Sstevel@tonic-gate 532*0Sstevel@tonic-gate /*ARGSUSED*/ 533*0Sstevel@tonic-gate static int 534*0Sstevel@tonic-gate project_shmmax_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e, 535*0Sstevel@tonic-gate rctl_val_t *rval, rctl_qty_t inc, uint_t flags) 536*0Sstevel@tonic-gate { 537*0Sstevel@tonic-gate rctl_qty_t v; 538*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 539*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 540*0Sstevel@tonic-gate v = e->rcep_p.proj->kpj_data.kpd_shmmax + inc; 541*0Sstevel@tonic-gate if (v > rval->rcv_value) 542*0Sstevel@tonic-gate return (1); 543*0Sstevel@tonic-gate 544*0Sstevel@tonic-gate return (0); 545*0Sstevel@tonic-gate } 546*0Sstevel@tonic-gate 547*0Sstevel@tonic-gate static rctl_ops_t project_shmmax_ops = { 548*0Sstevel@tonic-gate rcop_no_action, 549*0Sstevel@tonic-gate rcop_no_usage, 550*0Sstevel@tonic-gate rcop_no_set, 551*0Sstevel@tonic-gate project_shmmax_test 552*0Sstevel@tonic-gate }; 553*0Sstevel@tonic-gate 554*0Sstevel@tonic-gate /* 555*0Sstevel@tonic-gate * project.max-shm-ids resource control support. 556*0Sstevel@tonic-gate */ 557*0Sstevel@tonic-gate 558*0Sstevel@tonic-gate /*ARGSUSED*/ 559*0Sstevel@tonic-gate static int 560*0Sstevel@tonic-gate project_shmmni_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e, 561*0Sstevel@tonic-gate rctl_val_t *rval, rctl_qty_t inc, uint_t flags) 562*0Sstevel@tonic-gate { 563*0Sstevel@tonic-gate rctl_qty_t v; 564*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 565*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 566*0Sstevel@tonic-gate v = e->rcep_p.proj->kpj_data.kpd_shmmni + inc; 567*0Sstevel@tonic-gate if (v > rval->rcv_value) 568*0Sstevel@tonic-gate return (1); 569*0Sstevel@tonic-gate 570*0Sstevel@tonic-gate return (0); 571*0Sstevel@tonic-gate } 572*0Sstevel@tonic-gate 573*0Sstevel@tonic-gate static rctl_ops_t project_shmmni_ops = { 574*0Sstevel@tonic-gate rcop_no_action, 575*0Sstevel@tonic-gate rcop_no_usage, 576*0Sstevel@tonic-gate rcop_no_set, 577*0Sstevel@tonic-gate project_shmmni_test 578*0Sstevel@tonic-gate }; 579*0Sstevel@tonic-gate 580*0Sstevel@tonic-gate /* 581*0Sstevel@tonic-gate * project.max-sem-ids resource control support. 582*0Sstevel@tonic-gate */ 583*0Sstevel@tonic-gate 584*0Sstevel@tonic-gate /*ARGSUSED*/ 585*0Sstevel@tonic-gate static int 586*0Sstevel@tonic-gate project_semmni_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e, 587*0Sstevel@tonic-gate rctl_val_t *rval, rctl_qty_t inc, uint_t flags) 588*0Sstevel@tonic-gate { 589*0Sstevel@tonic-gate rctl_qty_t v; 590*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 591*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 592*0Sstevel@tonic-gate v = e->rcep_p.proj->kpj_data.kpd_semmni + inc; 593*0Sstevel@tonic-gate if (v > rval->rcv_value) 594*0Sstevel@tonic-gate return (1); 595*0Sstevel@tonic-gate 596*0Sstevel@tonic-gate return (0); 597*0Sstevel@tonic-gate } 598*0Sstevel@tonic-gate 599*0Sstevel@tonic-gate static rctl_ops_t project_semmni_ops = { 600*0Sstevel@tonic-gate rcop_no_action, 601*0Sstevel@tonic-gate rcop_no_usage, 602*0Sstevel@tonic-gate rcop_no_set, 603*0Sstevel@tonic-gate project_semmni_test 604*0Sstevel@tonic-gate }; 605*0Sstevel@tonic-gate 606*0Sstevel@tonic-gate /* 607*0Sstevel@tonic-gate * project.max-msg-ids resource control support. 608*0Sstevel@tonic-gate */ 609*0Sstevel@tonic-gate 610*0Sstevel@tonic-gate /*ARGSUSED*/ 611*0Sstevel@tonic-gate static int 612*0Sstevel@tonic-gate project_msgmni_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e, 613*0Sstevel@tonic-gate rctl_val_t *rval, rctl_qty_t inc, uint_t flags) 614*0Sstevel@tonic-gate { 615*0Sstevel@tonic-gate rctl_qty_t v; 616*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 617*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 618*0Sstevel@tonic-gate v = e->rcep_p.proj->kpj_data.kpd_msgmni + inc; 619*0Sstevel@tonic-gate if (v > rval->rcv_value) 620*0Sstevel@tonic-gate return (1); 621*0Sstevel@tonic-gate 622*0Sstevel@tonic-gate return (0); 623*0Sstevel@tonic-gate } 624*0Sstevel@tonic-gate 625*0Sstevel@tonic-gate static rctl_ops_t project_msgmni_ops = { 626*0Sstevel@tonic-gate rcop_no_action, 627*0Sstevel@tonic-gate rcop_no_usage, 628*0Sstevel@tonic-gate rcop_no_set, 629*0Sstevel@tonic-gate project_msgmni_test 630*0Sstevel@tonic-gate }; 631*0Sstevel@tonic-gate 632*0Sstevel@tonic-gate /* 633*0Sstevel@tonic-gate * project.max-device-locked-memory resource control support. 634*0Sstevel@tonic-gate */ 635*0Sstevel@tonic-gate 636*0Sstevel@tonic-gate /*ARGSUSED*/ 637*0Sstevel@tonic-gate static int 638*0Sstevel@tonic-gate project_devlockmem_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e, 639*0Sstevel@tonic-gate rctl_val_t *rval, rctl_qty_t inc, uint_t flags) 640*0Sstevel@tonic-gate { 641*0Sstevel@tonic-gate rctl_qty_t v; 642*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 643*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 644*0Sstevel@tonic-gate v = e->rcep_p.proj->kpj_data.kpd_devlockmem + inc; 645*0Sstevel@tonic-gate if (v > rval->rcv_value) 646*0Sstevel@tonic-gate return (1); 647*0Sstevel@tonic-gate return (0); 648*0Sstevel@tonic-gate } 649*0Sstevel@tonic-gate 650*0Sstevel@tonic-gate static rctl_ops_t project_devlockmem_ops = { 651*0Sstevel@tonic-gate rcop_no_action, 652*0Sstevel@tonic-gate rcop_no_usage, 653*0Sstevel@tonic-gate rcop_no_set, 654*0Sstevel@tonic-gate project_devlockmem_test 655*0Sstevel@tonic-gate }; 656*0Sstevel@tonic-gate 657*0Sstevel@tonic-gate /* 658*0Sstevel@tonic-gate * project.max-contracts resource control support. 659*0Sstevel@tonic-gate */ 660*0Sstevel@tonic-gate 661*0Sstevel@tonic-gate /*ARGSUSED*/ 662*0Sstevel@tonic-gate static int 663*0Sstevel@tonic-gate project_contract_test(struct rctl *rctl, struct proc *p, rctl_entity_p_t *e, 664*0Sstevel@tonic-gate rctl_val_t *rval, rctl_qty_t inc, uint_t flags) 665*0Sstevel@tonic-gate { 666*0Sstevel@tonic-gate rctl_qty_t v; 667*0Sstevel@tonic-gate 668*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 669*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 670*0Sstevel@tonic-gate 671*0Sstevel@tonic-gate v = e->rcep_p.proj->kpj_data.kpd_contract + inc; 672*0Sstevel@tonic-gate 673*0Sstevel@tonic-gate if ((p->p_task != NULL) && (p->p_task->tk_proj) != NULL && 674*0Sstevel@tonic-gate (v > rval->rcv_value)) 675*0Sstevel@tonic-gate return (1); 676*0Sstevel@tonic-gate 677*0Sstevel@tonic-gate return (0); 678*0Sstevel@tonic-gate } 679*0Sstevel@tonic-gate 680*0Sstevel@tonic-gate static rctl_ops_t project_contract_ops = { 681*0Sstevel@tonic-gate rcop_no_action, 682*0Sstevel@tonic-gate rcop_no_usage, 683*0Sstevel@tonic-gate rcop_no_set, 684*0Sstevel@tonic-gate project_contract_test 685*0Sstevel@tonic-gate }; 686*0Sstevel@tonic-gate 687*0Sstevel@tonic-gate /*ARGSUSED*/ 688*0Sstevel@tonic-gate static int 689*0Sstevel@tonic-gate project_crypto_test(rctl_t *r, proc_t *p, rctl_entity_p_t *e, 690*0Sstevel@tonic-gate rctl_val_t *rval, rctl_qty_t incr, uint_t flags) 691*0Sstevel@tonic-gate { 692*0Sstevel@tonic-gate rctl_qty_t v; 693*0Sstevel@tonic-gate ASSERT(MUTEX_HELD(&p->p_lock)); 694*0Sstevel@tonic-gate ASSERT(e->rcep_t == RCENTITY_PROJECT); 695*0Sstevel@tonic-gate v = e->rcep_p.proj->kpj_data.kpd_crypto_mem + incr; 696*0Sstevel@tonic-gate if (v > rval->rcv_value) 697*0Sstevel@tonic-gate return (1); 698*0Sstevel@tonic-gate return (0); 699*0Sstevel@tonic-gate } 700*0Sstevel@tonic-gate 701*0Sstevel@tonic-gate static rctl_ops_t project_crypto_mem_ops = { 702*0Sstevel@tonic-gate rcop_no_action, 703*0Sstevel@tonic-gate rcop_no_usage, 704*0Sstevel@tonic-gate rcop_no_set, 705*0Sstevel@tonic-gate project_crypto_test 706*0Sstevel@tonic-gate }; 707*0Sstevel@tonic-gate 708*0Sstevel@tonic-gate /* 709*0Sstevel@tonic-gate * void project_init(void) 710*0Sstevel@tonic-gate * 711*0Sstevel@tonic-gate * Overview 712*0Sstevel@tonic-gate * Initialize the project subsystem, including the primordial project 0 entry. 713*0Sstevel@tonic-gate * Register generic project resource controls, if any. 714*0Sstevel@tonic-gate * 715*0Sstevel@tonic-gate * Return values 716*0Sstevel@tonic-gate * None. 717*0Sstevel@tonic-gate * 718*0Sstevel@tonic-gate * Caller's context 719*0Sstevel@tonic-gate * Safe for KM_SLEEP allocations. 720*0Sstevel@tonic-gate */ 721*0Sstevel@tonic-gate void 722*0Sstevel@tonic-gate project_init(void) 723*0Sstevel@tonic-gate { 724*0Sstevel@tonic-gate rctl_qty_t shmmni, shmmax, qty; 725*0Sstevel@tonic-gate boolean_t check; 726*0Sstevel@tonic-gate 727*0Sstevel@tonic-gate projects_hash = mod_hash_create_extended("projects_hash", 728*0Sstevel@tonic-gate project_hash_size, mod_hash_null_keydtor, project_hash_val_dtor, 729*0Sstevel@tonic-gate project_hash_by_id, 730*0Sstevel@tonic-gate (void *)(uintptr_t)mod_hash_iddata_gen(project_hash_size), 731*0Sstevel@tonic-gate project_hash_key_cmp, KM_SLEEP); 732*0Sstevel@tonic-gate 733*0Sstevel@tonic-gate rc_project_cpu_shares = rctl_register("project.cpu-shares", 734*0Sstevel@tonic-gate RCENTITY_PROJECT, RCTL_GLOBAL_SIGNAL_NEVER | 735*0Sstevel@tonic-gate RCTL_GLOBAL_DENY_NEVER | RCTL_GLOBAL_NOBASIC | 736*0Sstevel@tonic-gate RCTL_GLOBAL_COUNT, FSS_MAXSHARES, FSS_MAXSHARES, 737*0Sstevel@tonic-gate &project_cpu_shares_ops); 738*0Sstevel@tonic-gate rctl_add_default_limit("project.cpu-shares", 1, RCPRIV_PRIVILEGED, 739*0Sstevel@tonic-gate RCTL_LOCAL_NOACTION); 740*0Sstevel@tonic-gate 741*0Sstevel@tonic-gate rc_project_nlwps = rctl_register("project.max-lwps", RCENTITY_PROJECT, 742*0Sstevel@tonic-gate RCTL_GLOBAL_NOACTION | RCTL_GLOBAL_NOBASIC | RCTL_GLOBAL_COUNT, 743*0Sstevel@tonic-gate INT_MAX, INT_MAX, &project_lwps_ops); 744*0Sstevel@tonic-gate 745*0Sstevel@tonic-gate rc_project_ntasks = rctl_register("project.max-tasks", RCENTITY_PROJECT, 746*0Sstevel@tonic-gate RCTL_GLOBAL_NOACTION | RCTL_GLOBAL_NOBASIC | RCTL_GLOBAL_COUNT, 747*0Sstevel@tonic-gate INT_MAX, INT_MAX, &project_tasks_ops); 748*0Sstevel@tonic-gate 749*0Sstevel@tonic-gate /* 750*0Sstevel@tonic-gate * This rctl handle is used by /dev/crypto. It is here rather than 751*0Sstevel@tonic-gate * in misc/kcf or the drv/crypto module because resource controls 752*0Sstevel@tonic-gate * currently don't allow modules to be unloaded, and the control 753*0Sstevel@tonic-gate * must be registered before init starts. 754*0Sstevel@tonic-gate */ 755*0Sstevel@tonic-gate rc_project_crypto_mem = rctl_register("project.max-crypto-memory", 756*0Sstevel@tonic-gate RCENTITY_PROJECT, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_NOBASIC | 757*0Sstevel@tonic-gate RCTL_GLOBAL_BYTES, UINT64_MAX, UINT64_MAX, 758*0Sstevel@tonic-gate &project_crypto_mem_ops); 759*0Sstevel@tonic-gate 760*0Sstevel@tonic-gate /* 761*0Sstevel@tonic-gate * Default to a quarter of the machine's memory 762*0Sstevel@tonic-gate */ 763*0Sstevel@tonic-gate qty = availrmem_initial << (PAGESHIFT - 2); 764*0Sstevel@tonic-gate rctl_add_default_limit("project.max-crypto-memory", qty, 765*0Sstevel@tonic-gate RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY); 766*0Sstevel@tonic-gate 767*0Sstevel@tonic-gate /* 768*0Sstevel@tonic-gate * System V IPC resource controls 769*0Sstevel@tonic-gate */ 770*0Sstevel@tonic-gate rc_project_semmni = rctl_register("project.max-sem-ids", 771*0Sstevel@tonic-gate RCENTITY_PROJECT, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_NOBASIC | 772*0Sstevel@tonic-gate RCTL_GLOBAL_COUNT, IPC_IDS_MAX, IPC_IDS_MAX, &project_semmni_ops); 773*0Sstevel@tonic-gate rctl_add_legacy_limit("project.max-sem-ids", "semsys", 774*0Sstevel@tonic-gate "seminfo_semmni", 128, IPC_IDS_MAX); 775*0Sstevel@tonic-gate 776*0Sstevel@tonic-gate rc_project_msgmni = rctl_register("project.max-msg-ids", 777*0Sstevel@tonic-gate RCENTITY_PROJECT, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_NOBASIC | 778*0Sstevel@tonic-gate RCTL_GLOBAL_COUNT, IPC_IDS_MAX, IPC_IDS_MAX, &project_msgmni_ops); 779*0Sstevel@tonic-gate rctl_add_legacy_limit("project.max-msg-ids", "msgsys", 780*0Sstevel@tonic-gate "msginfo_msgmni", 128, IPC_IDS_MAX); 781*0Sstevel@tonic-gate 782*0Sstevel@tonic-gate rc_project_shmmni = rctl_register("project.max-shm-ids", 783*0Sstevel@tonic-gate RCENTITY_PROJECT, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_NOBASIC | 784*0Sstevel@tonic-gate RCTL_GLOBAL_COUNT, IPC_IDS_MAX, IPC_IDS_MAX, &project_shmmni_ops); 785*0Sstevel@tonic-gate rctl_add_legacy_limit("project.max-shm-ids", "shmsys", 786*0Sstevel@tonic-gate "shminfo_shmmni", 128, IPC_IDS_MAX); 787*0Sstevel@tonic-gate 788*0Sstevel@tonic-gate rc_project_shmmax = rctl_register("project.max-shm-memory", 789*0Sstevel@tonic-gate RCENTITY_PROJECT, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_NOBASIC | 790*0Sstevel@tonic-gate RCTL_GLOBAL_BYTES, UINT64_MAX, UINT64_MAX, &project_shmmax_ops); 791*0Sstevel@tonic-gate 792*0Sstevel@tonic-gate check = B_FALSE; 793*0Sstevel@tonic-gate if (!mod_sysvar("shmsys", "shminfo_shmmni", &shmmni)) 794*0Sstevel@tonic-gate shmmni = 100; 795*0Sstevel@tonic-gate else 796*0Sstevel@tonic-gate check = B_TRUE; 797*0Sstevel@tonic-gate if (!mod_sysvar("shmsys", "shminfo_shmmax", &shmmax)) 798*0Sstevel@tonic-gate shmmax = 0x800000; 799*0Sstevel@tonic-gate else 800*0Sstevel@tonic-gate check = B_TRUE; 801*0Sstevel@tonic-gate 802*0Sstevel@tonic-gate /* 803*0Sstevel@tonic-gate * Default to a quarter of the machine's memory 804*0Sstevel@tonic-gate */ 805*0Sstevel@tonic-gate qty = availrmem_initial << (PAGESHIFT - 2); 806*0Sstevel@tonic-gate if (check) { 807*0Sstevel@tonic-gate if ((shmmax > 0) && (UINT64_MAX / shmmax <= shmmni)) 808*0Sstevel@tonic-gate qty = UINT64_MAX; 809*0Sstevel@tonic-gate else if (shmmni * shmmax > qty) 810*0Sstevel@tonic-gate qty = shmmni * shmmax; 811*0Sstevel@tonic-gate } 812*0Sstevel@tonic-gate rctl_add_default_limit("project.max-shm-memory", qty, 813*0Sstevel@tonic-gate RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY); 814*0Sstevel@tonic-gate 815*0Sstevel@tonic-gate /* 816*0Sstevel@tonic-gate * Event Ports resource controls 817*0Sstevel@tonic-gate */ 818*0Sstevel@tonic-gate 819*0Sstevel@tonic-gate rc_project_portids = rctl_register("project.max-port-ids", 820*0Sstevel@tonic-gate RCENTITY_PROJECT, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_NOBASIC | 821*0Sstevel@tonic-gate RCTL_GLOBAL_COUNT, PORT_MAX_PORTS, PORT_MAX_PORTS, 822*0Sstevel@tonic-gate &rctl_absolute_ops); 823*0Sstevel@tonic-gate rctl_add_default_limit("project.max-port-ids", PORT_DEFAULT_PORTS, 824*0Sstevel@tonic-gate RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY); 825*0Sstevel@tonic-gate 826*0Sstevel@tonic-gate /* 827*0Sstevel@tonic-gate * Resource control for locked memory 828*0Sstevel@tonic-gate */ 829*0Sstevel@tonic-gate rc_project_devlockmem = rctl_register( 830*0Sstevel@tonic-gate "project.max-device-locked-memory", RCENTITY_PROJECT, 831*0Sstevel@tonic-gate RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_NOBASIC | RCTL_GLOBAL_BYTES, 832*0Sstevel@tonic-gate UINT64_MAX, UINT64_MAX, &project_devlockmem_ops); 833*0Sstevel@tonic-gate 834*0Sstevel@tonic-gate /* 835*0Sstevel@tonic-gate * Defaults to 1/16th of the machine's memory 836*0Sstevel@tonic-gate */ 837*0Sstevel@tonic-gate qty = availrmem_initial << (PAGESHIFT - 4); 838*0Sstevel@tonic-gate 839*0Sstevel@tonic-gate rctl_add_default_limit("project.max-device-locked-memory", qty, 840*0Sstevel@tonic-gate RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY); 841*0Sstevel@tonic-gate 842*0Sstevel@tonic-gate /* 843*0Sstevel@tonic-gate * Per project limit on contracts. 844*0Sstevel@tonic-gate */ 845*0Sstevel@tonic-gate rc_project_contract = rctl_register("project.max-contracts", 846*0Sstevel@tonic-gate RCENTITY_PROJECT, RCTL_GLOBAL_DENY_ALWAYS | RCTL_GLOBAL_COUNT, 847*0Sstevel@tonic-gate INT_MAX, INT_MAX, &project_contract_ops); 848*0Sstevel@tonic-gate rctl_add_default_limit("project.max-contracts", 10000, 849*0Sstevel@tonic-gate RCPRIV_PRIVILEGED, RCTL_LOCAL_DENY); 850*0Sstevel@tonic-gate 851*0Sstevel@tonic-gate t0.t_proj = proj0p = project_hold_by_id(0, GLOBAL_ZONEID, 852*0Sstevel@tonic-gate PROJECT_HOLD_INSERT); 853*0Sstevel@tonic-gate 854*0Sstevel@tonic-gate mutex_enter(&p0.p_lock); 855*0Sstevel@tonic-gate proj0p->kpj_nlwps = p0.p_lwpcnt; 856*0Sstevel@tonic-gate mutex_exit(&p0.p_lock); 857*0Sstevel@tonic-gate proj0p->kpj_ntasks = 1; 858*0Sstevel@tonic-gate } 859