1 /* $NetBSD: kern_resource.c,v 1.181 2018/05/13 14:45:23 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 1982, 1986, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)kern_resource.c 8.8 (Berkeley) 2/14/95 37 */ 38 39 #include <sys/cdefs.h> 40 __KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.181 2018/05/13 14:45:23 christos Exp $"); 41 42 #include <sys/param.h> 43 #include <sys/systm.h> 44 #include <sys/kernel.h> 45 #include <sys/file.h> 46 #include <sys/resourcevar.h> 47 #include <sys/kmem.h> 48 #include <sys/namei.h> 49 #include <sys/pool.h> 50 #include <sys/proc.h> 51 #include <sys/sysctl.h> 52 #include <sys/timevar.h> 53 #include <sys/kauth.h> 54 #include <sys/atomic.h> 55 #include <sys/mount.h> 56 #include <sys/syscallargs.h> 57 #include <sys/atomic.h> 58 59 #include <uvm/uvm_extern.h> 60 61 /* 62 * Maximum process data and stack limits. 63 * They are variables so they are patchable. 64 */ 65 rlim_t maxdmap = MAXDSIZ; 66 rlim_t maxsmap = MAXSSIZ; 67 68 static pool_cache_t plimit_cache __read_mostly; 69 static pool_cache_t pstats_cache __read_mostly; 70 71 static kauth_listener_t resource_listener; 72 static struct sysctllog *proc_sysctllog; 73 74 static int donice(struct lwp *, struct proc *, int); 75 static void sysctl_proc_setup(void); 76 77 static int 78 resource_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 79 void *arg0, void *arg1, void *arg2, void *arg3) 80 { 81 struct proc *p; 82 int result; 83 84 result = KAUTH_RESULT_DEFER; 85 p = arg0; 86 87 switch (action) { 88 case KAUTH_PROCESS_NICE: 89 if (kauth_cred_geteuid(cred) != kauth_cred_geteuid(p->p_cred) && 90 kauth_cred_getuid(cred) != kauth_cred_geteuid(p->p_cred)) { 91 break; 92 } 93 94 if ((u_long)arg1 >= p->p_nice) 95 result = KAUTH_RESULT_ALLOW; 96 97 break; 98 99 case KAUTH_PROCESS_RLIMIT: { 100 enum kauth_process_req req; 101 102 req = (enum kauth_process_req)(unsigned long)arg1; 103 104 switch (req) { 105 case KAUTH_REQ_PROCESS_RLIMIT_GET: 106 result = KAUTH_RESULT_ALLOW; 107 break; 108 109 case KAUTH_REQ_PROCESS_RLIMIT_SET: { 110 struct rlimit *new_rlimit; 111 u_long which; 112 113 if ((p != curlwp->l_proc) && 114 (proc_uidmatch(cred, p->p_cred) != 0)) 115 break; 116 117 new_rlimit = arg2; 118 which = (u_long)arg3; 119 120 if (new_rlimit->rlim_max <= p->p_rlimit[which].rlim_max) 121 result = KAUTH_RESULT_ALLOW; 122 123 break; 124 } 125 126 default: 127 break; 128 } 129 130 break; 131 } 132 133 default: 134 break; 135 } 136 137 return result; 138 } 139 140 void 141 resource_init(void) 142 { 143 144 plimit_cache = pool_cache_init(sizeof(struct plimit), 0, 0, 0, 145 "plimitpl", NULL, IPL_NONE, NULL, NULL, NULL); 146 pstats_cache = pool_cache_init(sizeof(struct pstats), 0, 0, 0, 147 "pstatspl", NULL, IPL_NONE, NULL, NULL, NULL); 148 149 resource_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 150 resource_listener_cb, NULL); 151 152 sysctl_proc_setup(); 153 } 154 155 /* 156 * Resource controls and accounting. 157 */ 158 159 int 160 sys_getpriority(struct lwp *l, const struct sys_getpriority_args *uap, 161 register_t *retval) 162 { 163 /* { 164 syscallarg(int) which; 165 syscallarg(id_t) who; 166 } */ 167 struct proc *curp = l->l_proc, *p; 168 id_t who = SCARG(uap, who); 169 int low = NZERO + PRIO_MAX + 1; 170 171 mutex_enter(proc_lock); 172 switch (SCARG(uap, which)) { 173 case PRIO_PROCESS: 174 p = who ? proc_find(who) : curp; 175 if (p != NULL) 176 low = p->p_nice; 177 break; 178 179 case PRIO_PGRP: { 180 struct pgrp *pg; 181 182 if (who == 0) 183 pg = curp->p_pgrp; 184 else if ((pg = pgrp_find(who)) == NULL) 185 break; 186 LIST_FOREACH(p, &pg->pg_members, p_pglist) { 187 if (p->p_nice < low) 188 low = p->p_nice; 189 } 190 break; 191 } 192 193 case PRIO_USER: 194 if (who == 0) 195 who = (int)kauth_cred_geteuid(l->l_cred); 196 PROCLIST_FOREACH(p, &allproc) { 197 mutex_enter(p->p_lock); 198 if (kauth_cred_geteuid(p->p_cred) == 199 (uid_t)who && p->p_nice < low) 200 low = p->p_nice; 201 mutex_exit(p->p_lock); 202 } 203 break; 204 205 default: 206 mutex_exit(proc_lock); 207 return EINVAL; 208 } 209 mutex_exit(proc_lock); 210 211 if (low == NZERO + PRIO_MAX + 1) { 212 return ESRCH; 213 } 214 *retval = low - NZERO; 215 return 0; 216 } 217 218 int 219 sys_setpriority(struct lwp *l, const struct sys_setpriority_args *uap, 220 register_t *retval) 221 { 222 /* { 223 syscallarg(int) which; 224 syscallarg(id_t) who; 225 syscallarg(int) prio; 226 } */ 227 struct proc *curp = l->l_proc, *p; 228 id_t who = SCARG(uap, who); 229 int found = 0, error = 0; 230 231 mutex_enter(proc_lock); 232 switch (SCARG(uap, which)) { 233 case PRIO_PROCESS: 234 p = who ? proc_find(who) : curp; 235 if (p != NULL) { 236 mutex_enter(p->p_lock); 237 found++; 238 error = donice(l, p, SCARG(uap, prio)); 239 mutex_exit(p->p_lock); 240 } 241 break; 242 243 case PRIO_PGRP: { 244 struct pgrp *pg; 245 246 if (who == 0) 247 pg = curp->p_pgrp; 248 else if ((pg = pgrp_find(who)) == NULL) 249 break; 250 LIST_FOREACH(p, &pg->pg_members, p_pglist) { 251 mutex_enter(p->p_lock); 252 found++; 253 error = donice(l, p, SCARG(uap, prio)); 254 mutex_exit(p->p_lock); 255 if (error) 256 break; 257 } 258 break; 259 } 260 261 case PRIO_USER: 262 if (who == 0) 263 who = (int)kauth_cred_geteuid(l->l_cred); 264 PROCLIST_FOREACH(p, &allproc) { 265 mutex_enter(p->p_lock); 266 if (kauth_cred_geteuid(p->p_cred) == 267 (uid_t)SCARG(uap, who)) { 268 found++; 269 error = donice(l, p, SCARG(uap, prio)); 270 } 271 mutex_exit(p->p_lock); 272 if (error) 273 break; 274 } 275 break; 276 277 default: 278 mutex_exit(proc_lock); 279 return EINVAL; 280 } 281 mutex_exit(proc_lock); 282 283 return (found == 0) ? ESRCH : error; 284 } 285 286 /* 287 * Renice a process. 288 * 289 * Call with the target process' credentials locked. 290 */ 291 static int 292 donice(struct lwp *l, struct proc *chgp, int n) 293 { 294 kauth_cred_t cred = l->l_cred; 295 296 KASSERT(mutex_owned(chgp->p_lock)); 297 298 if (kauth_cred_geteuid(cred) && kauth_cred_getuid(cred) && 299 kauth_cred_geteuid(cred) != kauth_cred_geteuid(chgp->p_cred) && 300 kauth_cred_getuid(cred) != kauth_cred_geteuid(chgp->p_cred)) 301 return EPERM; 302 303 if (n > PRIO_MAX) { 304 n = PRIO_MAX; 305 } 306 if (n < PRIO_MIN) { 307 n = PRIO_MIN; 308 } 309 n += NZERO; 310 311 if (kauth_authorize_process(cred, KAUTH_PROCESS_NICE, chgp, 312 KAUTH_ARG(n), NULL, NULL)) { 313 return EACCES; 314 } 315 316 sched_nice(chgp, n); 317 return 0; 318 } 319 320 int 321 sys_setrlimit(struct lwp *l, const struct sys_setrlimit_args *uap, 322 register_t *retval) 323 { 324 /* { 325 syscallarg(int) which; 326 syscallarg(const struct rlimit *) rlp; 327 } */ 328 int error, which = SCARG(uap, which); 329 struct rlimit alim; 330 331 error = copyin(SCARG(uap, rlp), &alim, sizeof(struct rlimit)); 332 if (error) { 333 return error; 334 } 335 return dosetrlimit(l, l->l_proc, which, &alim); 336 } 337 338 int 339 dosetrlimit(struct lwp *l, struct proc *p, int which, struct rlimit *limp) 340 { 341 struct rlimit *alimp; 342 int error; 343 344 if ((u_int)which >= RLIM_NLIMITS) 345 return EINVAL; 346 347 if (limp->rlim_cur > limp->rlim_max) { 348 /* 349 * This is programming error. According to SUSv2, we should 350 * return error in this case. 351 */ 352 return EINVAL; 353 } 354 355 alimp = &p->p_rlimit[which]; 356 /* if we don't change the value, no need to limcopy() */ 357 if (limp->rlim_cur == alimp->rlim_cur && 358 limp->rlim_max == alimp->rlim_max) 359 return 0; 360 361 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_RLIMIT, 362 p, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_SET), limp, KAUTH_ARG(which)); 363 if (error) 364 return error; 365 366 lim_privatise(p); 367 /* p->p_limit is now unchangeable */ 368 alimp = &p->p_rlimit[which]; 369 370 switch (which) { 371 372 case RLIMIT_DATA: 373 if (limp->rlim_cur > maxdmap) 374 limp->rlim_cur = maxdmap; 375 if (limp->rlim_max > maxdmap) 376 limp->rlim_max = maxdmap; 377 break; 378 379 case RLIMIT_STACK: 380 if (limp->rlim_cur > maxsmap) 381 limp->rlim_cur = maxsmap; 382 if (limp->rlim_max > maxsmap) 383 limp->rlim_max = maxsmap; 384 385 /* 386 * Return EINVAL if the new stack size limit is lower than 387 * current usage. Otherwise, the process would get SIGSEGV the 388 * moment it would try to access anything on its current stack. 389 * This conforms to SUSv2. 390 */ 391 if (btoc(limp->rlim_cur) < p->p_vmspace->vm_ssize || 392 btoc(limp->rlim_max) < p->p_vmspace->vm_ssize) { 393 return EINVAL; 394 } 395 396 /* 397 * Stack is allocated to the max at exec time with 398 * only "rlim_cur" bytes accessible (In other words, 399 * allocates stack dividing two contiguous regions at 400 * "rlim_cur" bytes boundary). 401 * 402 * Since allocation is done in terms of page, roundup 403 * "rlim_cur" (otherwise, contiguous regions 404 * overlap). If stack limit is going up make more 405 * accessible, if going down make inaccessible. 406 */ 407 limp->rlim_max = round_page(limp->rlim_max); 408 limp->rlim_cur = round_page(limp->rlim_cur); 409 if (limp->rlim_cur != alimp->rlim_cur) { 410 vaddr_t addr; 411 vsize_t size; 412 vm_prot_t prot; 413 char *base, *tmp; 414 415 base = p->p_vmspace->vm_minsaddr; 416 if (limp->rlim_cur > alimp->rlim_cur) { 417 prot = VM_PROT_READ | VM_PROT_WRITE; 418 size = limp->rlim_cur - alimp->rlim_cur; 419 tmp = STACK_GROW(base, alimp->rlim_cur); 420 } else { 421 prot = VM_PROT_NONE; 422 size = alimp->rlim_cur - limp->rlim_cur; 423 tmp = STACK_GROW(base, limp->rlim_cur); 424 } 425 addr = (vaddr_t)STACK_ALLOC(tmp, size); 426 (void) uvm_map_protect(&p->p_vmspace->vm_map, 427 addr, addr + size, prot, false); 428 } 429 break; 430 431 case RLIMIT_NOFILE: 432 if (limp->rlim_cur > maxfiles) 433 limp->rlim_cur = maxfiles; 434 if (limp->rlim_max > maxfiles) 435 limp->rlim_max = maxfiles; 436 break; 437 438 case RLIMIT_NPROC: 439 if (limp->rlim_cur > maxproc) 440 limp->rlim_cur = maxproc; 441 if (limp->rlim_max > maxproc) 442 limp->rlim_max = maxproc; 443 break; 444 445 case RLIMIT_NTHR: 446 if (limp->rlim_cur > maxlwp) 447 limp->rlim_cur = maxlwp; 448 if (limp->rlim_max > maxlwp) 449 limp->rlim_max = maxlwp; 450 break; 451 } 452 453 mutex_enter(&p->p_limit->pl_lock); 454 *alimp = *limp; 455 mutex_exit(&p->p_limit->pl_lock); 456 return 0; 457 } 458 459 int 460 sys_getrlimit(struct lwp *l, const struct sys_getrlimit_args *uap, 461 register_t *retval) 462 { 463 /* { 464 syscallarg(int) which; 465 syscallarg(struct rlimit *) rlp; 466 } */ 467 struct proc *p = l->l_proc; 468 int which = SCARG(uap, which); 469 struct rlimit rl; 470 471 if ((u_int)which >= RLIM_NLIMITS) 472 return EINVAL; 473 474 mutex_enter(p->p_lock); 475 memcpy(&rl, &p->p_rlimit[which], sizeof(rl)); 476 mutex_exit(p->p_lock); 477 478 return copyout(&rl, SCARG(uap, rlp), sizeof(rl)); 479 } 480 481 /* 482 * Transform the running time and tick information in proc p into user, 483 * system, and interrupt time usage. 484 * 485 * Should be called with p->p_lock held unless called from exit1(). 486 */ 487 void 488 calcru(struct proc *p, struct timeval *up, struct timeval *sp, 489 struct timeval *ip, struct timeval *rp) 490 { 491 uint64_t u, st, ut, it, tot; 492 struct lwp *l; 493 struct bintime tm; 494 struct timeval tv; 495 496 KASSERT(p->p_stat == SDEAD || mutex_owned(p->p_lock)); 497 498 mutex_spin_enter(&p->p_stmutex); 499 st = p->p_sticks; 500 ut = p->p_uticks; 501 it = p->p_iticks; 502 mutex_spin_exit(&p->p_stmutex); 503 504 tm = p->p_rtime; 505 506 LIST_FOREACH(l, &p->p_lwps, l_sibling) { 507 lwp_lock(l); 508 bintime_add(&tm, &l->l_rtime); 509 if ((l->l_pflag & LP_RUNNING) != 0) { 510 struct bintime diff; 511 /* 512 * Adjust for the current time slice. This is 513 * actually fairly important since the error 514 * here is on the order of a time quantum, 515 * which is much greater than the sampling 516 * error. 517 */ 518 binuptime(&diff); 519 bintime_sub(&diff, &l->l_stime); 520 bintime_add(&tm, &diff); 521 } 522 lwp_unlock(l); 523 } 524 525 tot = st + ut + it; 526 bintime2timeval(&tm, &tv); 527 u = (uint64_t)tv.tv_sec * 1000000ul + tv.tv_usec; 528 529 if (tot == 0) { 530 /* No ticks, so can't use to share time out, split 50-50 */ 531 st = ut = u / 2; 532 } else { 533 st = (u * st) / tot; 534 ut = (u * ut) / tot; 535 } 536 537 /* 538 * Try to avoid lying to the users (too much) 539 * 540 * Of course, user/sys time are based on sampling (ie: statistics) 541 * so that would be impossible, but convincing the mark 542 * that we have used less ?time this call than we had 543 * last time, is beyond reasonable... (the con fails!) 544 * 545 * Note that since actual used time cannot decrease, either 546 * utime or stime (or both) must be greater now than last time 547 * (or both the same) - if one seems to have decreased, hold 548 * it constant and steal the necessary bump from the other 549 * which must have increased. 550 */ 551 if (p->p_xutime > ut) { 552 st -= p->p_xutime - ut; 553 ut = p->p_xutime; 554 } else if (p->p_xstime > st) { 555 ut -= p->p_xstime - st; 556 st = p->p_xstime; 557 } 558 559 if (sp != NULL) { 560 p->p_xstime = st; 561 sp->tv_sec = st / 1000000; 562 sp->tv_usec = st % 1000000; 563 } 564 if (up != NULL) { 565 p->p_xutime = ut; 566 up->tv_sec = ut / 1000000; 567 up->tv_usec = ut % 1000000; 568 } 569 if (ip != NULL) { 570 if (it != 0) /* it != 0 --> tot != 0 */ 571 it = (u * it) / tot; 572 ip->tv_sec = it / 1000000; 573 ip->tv_usec = it % 1000000; 574 } 575 if (rp != NULL) { 576 *rp = tv; 577 } 578 } 579 580 int 581 sys___getrusage50(struct lwp *l, const struct sys___getrusage50_args *uap, 582 register_t *retval) 583 { 584 /* { 585 syscallarg(int) who; 586 syscallarg(struct rusage *) rusage; 587 } */ 588 int error; 589 struct rusage ru; 590 struct proc *p = l->l_proc; 591 592 error = getrusage1(p, SCARG(uap, who), &ru); 593 if (error != 0) 594 return error; 595 596 return copyout(&ru, SCARG(uap, rusage), sizeof(ru)); 597 } 598 599 int 600 getrusage1(struct proc *p, int who, struct rusage *ru) { 601 602 switch (who) { 603 case RUSAGE_SELF: 604 mutex_enter(p->p_lock); 605 ruspace(p); 606 memcpy(ru, &p->p_stats->p_ru, sizeof(*ru)); 607 calcru(p, &ru->ru_utime, &ru->ru_stime, NULL, NULL); 608 rulwps(p, ru); 609 mutex_exit(p->p_lock); 610 break; 611 case RUSAGE_CHILDREN: 612 mutex_enter(p->p_lock); 613 memcpy(ru, &p->p_stats->p_cru, sizeof(*ru)); 614 mutex_exit(p->p_lock); 615 break; 616 default: 617 return EINVAL; 618 } 619 620 return 0; 621 } 622 623 void 624 ruspace(struct proc *p) 625 { 626 struct vmspace *vm = p->p_vmspace; 627 struct rusage *ru = &p->p_stats->p_ru; 628 629 ru->ru_ixrss = vm->vm_tsize << (PAGE_SHIFT - 10); 630 ru->ru_idrss = vm->vm_dsize << (PAGE_SHIFT - 10); 631 ru->ru_isrss = vm->vm_ssize << (PAGE_SHIFT - 10); 632 #ifdef __HAVE_NO_PMAP_STATS 633 /* We don't keep track of the max so we get the current */ 634 ru->ru_maxrss = vm_resident_count(vm) << (PAGE_SHIFT - 10); 635 #else 636 ru->ru_maxrss = vm->vm_rssmax << (PAGE_SHIFT - 10); 637 #endif 638 } 639 640 void 641 ruadd(struct rusage *ru, struct rusage *ru2) 642 { 643 long *ip, *ip2; 644 int i; 645 646 timeradd(&ru->ru_utime, &ru2->ru_utime, &ru->ru_utime); 647 timeradd(&ru->ru_stime, &ru2->ru_stime, &ru->ru_stime); 648 if (ru->ru_maxrss < ru2->ru_maxrss) 649 ru->ru_maxrss = ru2->ru_maxrss; 650 ip = &ru->ru_first; ip2 = &ru2->ru_first; 651 for (i = &ru->ru_last - &ru->ru_first; i >= 0; i--) 652 *ip++ += *ip2++; 653 } 654 655 void 656 rulwps(proc_t *p, struct rusage *ru) 657 { 658 lwp_t *l; 659 660 KASSERT(mutex_owned(p->p_lock)); 661 662 LIST_FOREACH(l, &p->p_lwps, l_sibling) { 663 ruadd(ru, &l->l_ru); 664 ru->ru_nvcsw += (l->l_ncsw - l->l_nivcsw); 665 ru->ru_nivcsw += l->l_nivcsw; 666 } 667 } 668 669 /* 670 * lim_copy: make a copy of the plimit structure. 671 * 672 * We use copy-on-write after fork, and copy when a limit is changed. 673 */ 674 struct plimit * 675 lim_copy(struct plimit *lim) 676 { 677 struct plimit *newlim; 678 char *corename; 679 size_t alen, len; 680 681 newlim = pool_cache_get(plimit_cache, PR_WAITOK); 682 mutex_init(&newlim->pl_lock, MUTEX_DEFAULT, IPL_NONE); 683 newlim->pl_writeable = false; 684 newlim->pl_refcnt = 1; 685 newlim->pl_sv_limit = NULL; 686 687 mutex_enter(&lim->pl_lock); 688 memcpy(newlim->pl_rlimit, lim->pl_rlimit, 689 sizeof(struct rlimit) * RLIM_NLIMITS); 690 691 /* 692 * Note: the common case is a use of default core name. 693 */ 694 alen = 0; 695 corename = NULL; 696 for (;;) { 697 if (lim->pl_corename == defcorename) { 698 newlim->pl_corename = defcorename; 699 newlim->pl_cnlen = 0; 700 break; 701 } 702 len = lim->pl_cnlen; 703 if (len == alen) { 704 newlim->pl_corename = corename; 705 newlim->pl_cnlen = len; 706 memcpy(corename, lim->pl_corename, len); 707 corename = NULL; 708 break; 709 } 710 mutex_exit(&lim->pl_lock); 711 if (corename) { 712 kmem_free(corename, alen); 713 } 714 alen = len; 715 corename = kmem_alloc(alen, KM_SLEEP); 716 mutex_enter(&lim->pl_lock); 717 } 718 mutex_exit(&lim->pl_lock); 719 720 if (corename) { 721 kmem_free(corename, alen); 722 } 723 return newlim; 724 } 725 726 void 727 lim_addref(struct plimit *lim) 728 { 729 atomic_inc_uint(&lim->pl_refcnt); 730 } 731 732 /* 733 * lim_privatise: give a process its own private plimit structure. 734 */ 735 void 736 lim_privatise(proc_t *p) 737 { 738 struct plimit *lim = p->p_limit, *newlim; 739 740 if (lim->pl_writeable) { 741 return; 742 } 743 744 newlim = lim_copy(lim); 745 746 mutex_enter(p->p_lock); 747 if (p->p_limit->pl_writeable) { 748 /* Other thread won the race. */ 749 mutex_exit(p->p_lock); 750 lim_free(newlim); 751 return; 752 } 753 754 /* 755 * Since p->p_limit can be accessed without locked held, 756 * old limit structure must not be deleted yet. 757 */ 758 newlim->pl_sv_limit = p->p_limit; 759 newlim->pl_writeable = true; 760 p->p_limit = newlim; 761 mutex_exit(p->p_lock); 762 } 763 764 void 765 lim_setcorename(proc_t *p, char *name, size_t len) 766 { 767 struct plimit *lim; 768 char *oname; 769 size_t olen; 770 771 lim_privatise(p); 772 lim = p->p_limit; 773 774 mutex_enter(&lim->pl_lock); 775 oname = lim->pl_corename; 776 olen = lim->pl_cnlen; 777 lim->pl_corename = name; 778 lim->pl_cnlen = len; 779 mutex_exit(&lim->pl_lock); 780 781 if (oname != defcorename) { 782 kmem_free(oname, olen); 783 } 784 } 785 786 void 787 lim_free(struct plimit *lim) 788 { 789 struct plimit *sv_lim; 790 791 do { 792 if (atomic_dec_uint_nv(&lim->pl_refcnt) > 0) { 793 return; 794 } 795 if (lim->pl_corename != defcorename) { 796 kmem_free(lim->pl_corename, lim->pl_cnlen); 797 } 798 sv_lim = lim->pl_sv_limit; 799 mutex_destroy(&lim->pl_lock); 800 pool_cache_put(plimit_cache, lim); 801 } while ((lim = sv_lim) != NULL); 802 } 803 804 struct pstats * 805 pstatscopy(struct pstats *ps) 806 { 807 struct pstats *nps; 808 size_t len; 809 810 nps = pool_cache_get(pstats_cache, PR_WAITOK); 811 812 len = (char *)&nps->pstat_endzero - (char *)&nps->pstat_startzero; 813 memset(&nps->pstat_startzero, 0, len); 814 815 len = (char *)&nps->pstat_endcopy - (char *)&nps->pstat_startcopy; 816 memcpy(&nps->pstat_startcopy, &ps->pstat_startcopy, len); 817 818 return nps; 819 } 820 821 void 822 pstatsfree(struct pstats *ps) 823 { 824 825 pool_cache_put(pstats_cache, ps); 826 } 827 828 /* 829 * sysctl_proc_findproc: a routine for sysctl proc subtree helpers that 830 * need to pick a valid process by PID. 831 * 832 * => Hold a reference on the process, on success. 833 */ 834 static int 835 sysctl_proc_findproc(lwp_t *l, pid_t pid, proc_t **p2) 836 { 837 proc_t *p; 838 int error; 839 840 if (pid == PROC_CURPROC) { 841 p = l->l_proc; 842 } else { 843 mutex_enter(proc_lock); 844 p = proc_find(pid); 845 if (p == NULL) { 846 mutex_exit(proc_lock); 847 return ESRCH; 848 } 849 } 850 error = rw_tryenter(&p->p_reflock, RW_READER) ? 0 : EBUSY; 851 if (pid != PROC_CURPROC) { 852 mutex_exit(proc_lock); 853 } 854 *p2 = p; 855 return error; 856 } 857 858 /* 859 * sysctl_proc_paxflags: helper routine to get process's paxctl flags 860 */ 861 static int 862 sysctl_proc_paxflags(SYSCTLFN_ARGS) 863 { 864 struct proc *p; 865 struct sysctlnode node; 866 int paxflags; 867 int error; 868 869 /* First, validate the request. */ 870 if (namelen != 0 || name[-1] != PROC_PID_PAXFLAGS) 871 return EINVAL; 872 873 /* Find the process. Hold a reference (p_reflock), if found. */ 874 error = sysctl_proc_findproc(l, (pid_t)name[-2], &p); 875 if (error) 876 return error; 877 878 /* XXX-elad */ 879 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, p, 880 KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 881 if (error) { 882 rw_exit(&p->p_reflock); 883 return error; 884 } 885 886 /* Retrieve the limits. */ 887 node = *rnode; 888 paxflags = p->p_pax; 889 node.sysctl_data = &paxflags; 890 891 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 892 893 /* If attempting to write new value, it's an error */ 894 if (error == 0 && newp != NULL) 895 error = EACCES; 896 897 rw_exit(&p->p_reflock); 898 return error; 899 } 900 901 /* 902 * sysctl_proc_corename: helper routine to get or set the core file name 903 * for a process specified by PID. 904 */ 905 static int 906 sysctl_proc_corename(SYSCTLFN_ARGS) 907 { 908 struct proc *p; 909 struct plimit *lim; 910 char *cnbuf, *cname; 911 struct sysctlnode node; 912 size_t len; 913 int error; 914 915 /* First, validate the request. */ 916 if (namelen != 0 || name[-1] != PROC_PID_CORENAME) 917 return EINVAL; 918 919 /* Find the process. Hold a reference (p_reflock), if found. */ 920 error = sysctl_proc_findproc(l, (pid_t)name[-2], &p); 921 if (error) 922 return error; 923 924 /* XXX-elad */ 925 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, p, 926 KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 927 if (error) { 928 rw_exit(&p->p_reflock); 929 return error; 930 } 931 932 cnbuf = PNBUF_GET(); 933 934 if (oldp) { 935 /* Get case: copy the core name into the buffer. */ 936 error = kauth_authorize_process(l->l_cred, 937 KAUTH_PROCESS_CORENAME, p, 938 KAUTH_ARG(KAUTH_REQ_PROCESS_CORENAME_GET), NULL, NULL); 939 if (error) { 940 goto done; 941 } 942 lim = p->p_limit; 943 mutex_enter(&lim->pl_lock); 944 strlcpy(cnbuf, lim->pl_corename, MAXPATHLEN); 945 mutex_exit(&lim->pl_lock); 946 } 947 948 node = *rnode; 949 node.sysctl_data = cnbuf; 950 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 951 952 /* Return if error, or if caller is only getting the core name. */ 953 if (error || newp == NULL) { 954 goto done; 955 } 956 957 /* 958 * Set case. Check permission and then validate new core name. 959 * It must be either "core", "/core", or end in ".core". 960 */ 961 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CORENAME, 962 p, KAUTH_ARG(KAUTH_REQ_PROCESS_CORENAME_SET), cnbuf, NULL); 963 if (error) { 964 goto done; 965 } 966 len = strlen(cnbuf); 967 if ((len < 4 || strcmp(cnbuf + len - 4, "core") != 0) || 968 (len > 4 && cnbuf[len - 5] != '/' && cnbuf[len - 5] != '.')) { 969 error = EINVAL; 970 goto done; 971 } 972 973 /* Allocate, copy and set the new core name for plimit structure. */ 974 cname = kmem_alloc(++len, KM_NOSLEEP); 975 if (cname == NULL) { 976 error = ENOMEM; 977 goto done; 978 } 979 memcpy(cname, cnbuf, len); 980 lim_setcorename(p, cname, len); 981 done: 982 rw_exit(&p->p_reflock); 983 PNBUF_PUT(cnbuf); 984 return error; 985 } 986 987 /* 988 * sysctl_proc_stop: helper routine for checking/setting the stop flags. 989 */ 990 static int 991 sysctl_proc_stop(SYSCTLFN_ARGS) 992 { 993 struct proc *p; 994 int isset, flag, error = 0; 995 struct sysctlnode node; 996 997 if (namelen != 0) 998 return EINVAL; 999 1000 /* Find the process. Hold a reference (p_reflock), if found. */ 1001 error = sysctl_proc_findproc(l, (pid_t)name[-2], &p); 1002 if (error) 1003 return error; 1004 1005 /* XXX-elad */ 1006 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, p, 1007 KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 1008 if (error) { 1009 goto out; 1010 } 1011 1012 /* Determine the flag. */ 1013 switch (rnode->sysctl_num) { 1014 case PROC_PID_STOPFORK: 1015 flag = PS_STOPFORK; 1016 break; 1017 case PROC_PID_STOPEXEC: 1018 flag = PS_STOPEXEC; 1019 break; 1020 case PROC_PID_STOPEXIT: 1021 flag = PS_STOPEXIT; 1022 break; 1023 default: 1024 error = EINVAL; 1025 goto out; 1026 } 1027 isset = (p->p_flag & flag) ? 1 : 0; 1028 node = *rnode; 1029 node.sysctl_data = &isset; 1030 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1031 1032 /* Return if error, or if callers is only getting the flag. */ 1033 if (error || newp == NULL) { 1034 goto out; 1035 } 1036 1037 /* Check if caller can set the flags. */ 1038 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_STOPFLAG, 1039 p, KAUTH_ARG(flag), NULL, NULL); 1040 if (error) { 1041 goto out; 1042 } 1043 mutex_enter(p->p_lock); 1044 if (isset) { 1045 p->p_sflag |= flag; 1046 } else { 1047 p->p_sflag &= ~flag; 1048 } 1049 mutex_exit(p->p_lock); 1050 out: 1051 rw_exit(&p->p_reflock); 1052 return error; 1053 } 1054 1055 /* 1056 * sysctl_proc_plimit: helper routine to get/set rlimits of a process. 1057 */ 1058 static int 1059 sysctl_proc_plimit(SYSCTLFN_ARGS) 1060 { 1061 struct proc *p; 1062 u_int limitno; 1063 int which, error = 0; 1064 struct rlimit alim; 1065 struct sysctlnode node; 1066 1067 if (namelen != 0) 1068 return EINVAL; 1069 1070 which = name[-1]; 1071 if (which != PROC_PID_LIMIT_TYPE_SOFT && 1072 which != PROC_PID_LIMIT_TYPE_HARD) 1073 return EINVAL; 1074 1075 limitno = name[-2] - 1; 1076 if (limitno >= RLIM_NLIMITS) 1077 return EINVAL; 1078 1079 if (name[-3] != PROC_PID_LIMIT) 1080 return EINVAL; 1081 1082 /* Find the process. Hold a reference (p_reflock), if found. */ 1083 error = sysctl_proc_findproc(l, (pid_t)name[-4], &p); 1084 if (error) 1085 return error; 1086 1087 /* XXX-elad */ 1088 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, p, 1089 KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 1090 if (error) 1091 goto out; 1092 1093 /* Check if caller can retrieve the limits. */ 1094 if (newp == NULL) { 1095 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_RLIMIT, 1096 p, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_GET), &alim, 1097 KAUTH_ARG(which)); 1098 if (error) 1099 goto out; 1100 } 1101 1102 /* Retrieve the limits. */ 1103 node = *rnode; 1104 memcpy(&alim, &p->p_rlimit[limitno], sizeof(alim)); 1105 if (which == PROC_PID_LIMIT_TYPE_HARD) { 1106 node.sysctl_data = &alim.rlim_max; 1107 } else { 1108 node.sysctl_data = &alim.rlim_cur; 1109 } 1110 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1111 1112 /* Return if error, or if we are only retrieving the limits. */ 1113 if (error || newp == NULL) { 1114 goto out; 1115 } 1116 error = dosetrlimit(l, p, limitno, &alim); 1117 out: 1118 rw_exit(&p->p_reflock); 1119 return error; 1120 } 1121 1122 /* 1123 * Setup sysctl nodes. 1124 */ 1125 static void 1126 sysctl_proc_setup(void) 1127 { 1128 1129 sysctl_createv(&proc_sysctllog, 0, NULL, NULL, 1130 CTLFLAG_PERMANENT|CTLFLAG_ANYNUMBER, 1131 CTLTYPE_NODE, "curproc", 1132 SYSCTL_DESCR("Per-process settings"), 1133 NULL, 0, NULL, 0, 1134 CTL_PROC, PROC_CURPROC, CTL_EOL); 1135 1136 sysctl_createv(&proc_sysctllog, 0, NULL, NULL, 1137 CTLFLAG_PERMANENT|CTLFLAG_READONLY, 1138 CTLTYPE_INT, "paxflags", 1139 SYSCTL_DESCR("Process PAX control flags"), 1140 sysctl_proc_paxflags, 0, NULL, 0, 1141 CTL_PROC, PROC_CURPROC, PROC_PID_PAXFLAGS, CTL_EOL); 1142 1143 sysctl_createv(&proc_sysctllog, 0, NULL, NULL, 1144 CTLFLAG_PERMANENT|CTLFLAG_READWRITE|CTLFLAG_ANYWRITE, 1145 CTLTYPE_STRING, "corename", 1146 SYSCTL_DESCR("Core file name"), 1147 sysctl_proc_corename, 0, NULL, MAXPATHLEN, 1148 CTL_PROC, PROC_CURPROC, PROC_PID_CORENAME, CTL_EOL); 1149 sysctl_createv(&proc_sysctllog, 0, NULL, NULL, 1150 CTLFLAG_PERMANENT, 1151 CTLTYPE_NODE, "rlimit", 1152 SYSCTL_DESCR("Process limits"), 1153 NULL, 0, NULL, 0, 1154 CTL_PROC, PROC_CURPROC, PROC_PID_LIMIT, CTL_EOL); 1155 1156 #define create_proc_plimit(s, n) do { \ 1157 sysctl_createv(&proc_sysctllog, 0, NULL, NULL, \ 1158 CTLFLAG_PERMANENT, \ 1159 CTLTYPE_NODE, s, \ 1160 SYSCTL_DESCR("Process " s " limits"), \ 1161 NULL, 0, NULL, 0, \ 1162 CTL_PROC, PROC_CURPROC, PROC_PID_LIMIT, n, \ 1163 CTL_EOL); \ 1164 sysctl_createv(&proc_sysctllog, 0, NULL, NULL, \ 1165 CTLFLAG_PERMANENT|CTLFLAG_READWRITE|CTLFLAG_ANYWRITE, \ 1166 CTLTYPE_QUAD, "soft", \ 1167 SYSCTL_DESCR("Process soft " s " limit"), \ 1168 sysctl_proc_plimit, 0, NULL, 0, \ 1169 CTL_PROC, PROC_CURPROC, PROC_PID_LIMIT, n, \ 1170 PROC_PID_LIMIT_TYPE_SOFT, CTL_EOL); \ 1171 sysctl_createv(&proc_sysctllog, 0, NULL, NULL, \ 1172 CTLFLAG_PERMANENT|CTLFLAG_READWRITE|CTLFLAG_ANYWRITE, \ 1173 CTLTYPE_QUAD, "hard", \ 1174 SYSCTL_DESCR("Process hard " s " limit"), \ 1175 sysctl_proc_plimit, 0, NULL, 0, \ 1176 CTL_PROC, PROC_CURPROC, PROC_PID_LIMIT, n, \ 1177 PROC_PID_LIMIT_TYPE_HARD, CTL_EOL); \ 1178 } while (0/*CONSTCOND*/) 1179 1180 create_proc_plimit("cputime", PROC_PID_LIMIT_CPU); 1181 create_proc_plimit("filesize", PROC_PID_LIMIT_FSIZE); 1182 create_proc_plimit("datasize", PROC_PID_LIMIT_DATA); 1183 create_proc_plimit("stacksize", PROC_PID_LIMIT_STACK); 1184 create_proc_plimit("coredumpsize", PROC_PID_LIMIT_CORE); 1185 create_proc_plimit("memoryuse", PROC_PID_LIMIT_RSS); 1186 create_proc_plimit("memorylocked", PROC_PID_LIMIT_MEMLOCK); 1187 create_proc_plimit("maxproc", PROC_PID_LIMIT_NPROC); 1188 create_proc_plimit("descriptors", PROC_PID_LIMIT_NOFILE); 1189 create_proc_plimit("sbsize", PROC_PID_LIMIT_SBSIZE); 1190 create_proc_plimit("vmemoryuse", PROC_PID_LIMIT_AS); 1191 create_proc_plimit("maxlwp", PROC_PID_LIMIT_NTHR); 1192 1193 #undef create_proc_plimit 1194 1195 sysctl_createv(&proc_sysctllog, 0, NULL, NULL, 1196 CTLFLAG_PERMANENT|CTLFLAG_READWRITE|CTLFLAG_ANYWRITE, 1197 CTLTYPE_INT, "stopfork", 1198 SYSCTL_DESCR("Stop process at fork(2)"), 1199 sysctl_proc_stop, 0, NULL, 0, 1200 CTL_PROC, PROC_CURPROC, PROC_PID_STOPFORK, CTL_EOL); 1201 sysctl_createv(&proc_sysctllog, 0, NULL, NULL, 1202 CTLFLAG_PERMANENT|CTLFLAG_READWRITE|CTLFLAG_ANYWRITE, 1203 CTLTYPE_INT, "stopexec", 1204 SYSCTL_DESCR("Stop process at execve(2)"), 1205 sysctl_proc_stop, 0, NULL, 0, 1206 CTL_PROC, PROC_CURPROC, PROC_PID_STOPEXEC, CTL_EOL); 1207 sysctl_createv(&proc_sysctllog, 0, NULL, NULL, 1208 CTLFLAG_PERMANENT|CTLFLAG_READWRITE|CTLFLAG_ANYWRITE, 1209 CTLTYPE_INT, "stopexit", 1210 SYSCTL_DESCR("Stop process before completing exit"), 1211 sysctl_proc_stop, 0, NULL, 0, 1212 CTL_PROC, PROC_CURPROC, PROC_PID_STOPEXIT, CTL_EOL); 1213 } 1214