From owner-p4-projects@FreeBSD.ORG Sun Oct 11 13:55:33 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 281541065697; Sun, 11 Oct 2009 13:55:33 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C86611065692 for ; Sun, 11 Oct 2009 13:55:32 +0000 (UTC) (envelope-from trasz@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id B70958FC19 for ; Sun, 11 Oct 2009 13:55:32 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n9BDtWPD031286 for ; Sun, 11 Oct 2009 13:55:32 GMT (envelope-from trasz@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n9BDtWYb031284 for perforce@freebsd.org; Sun, 11 Oct 2009 13:55:32 GMT (envelope-from trasz@freebsd.org) Date: Sun, 11 Oct 2009 13:55:32 GMT Message-Id: <200910111355.n9BDtWYb031284@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to trasz@freebsd.org using -f From: Edward Tomasz Napierala To: Perforce Change Reviews Cc: Subject: PERFORCE change 169392 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Oct 2009 13:55:33 -0000 http://perforce.freebsd.org/chv.cgi?CH=169392 Change 169392 by trasz@trasz_victim on 2009/10/11 13:55:02 Optimize things a little. Affected files ... .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#67 edit Differences ... ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#67 (text+ko) ==== @@ -1662,9 +1662,8 @@ } /* - * Called after credentials change, to adjust p_limits. - * - * XXX: What about jails? + * Called before credentials change, to adjust HRL data structures + * assigned to the process. */ void hrl_proc_ucred_changing(struct proc *p, struct ucred *newcred) @@ -1673,20 +1672,42 @@ struct hrl_limit *limit; struct uidinfo *olduip, *newuip; struct loginclass *oldlc, *newlc; + struct prison *oldpr, *newpr; PROC_LOCK_ASSERT(p, MA_OWNED); + newuip = newcred->cr_ruidinfo; + olduip = p->p_ucred->cr_ruidinfo; + newlc = newcred->cr_loginclass; + oldlc = p->p_ucred->cr_loginclass; + newpr = newcred->cr_prison; + oldpr = p->p_ucred->cr_prison; + mtx_lock(&hrl_lock); /* - * Remove rules for the old user credentials - per-user, per-group - * and per-loginclass. + * Remove rules that are no longer applicable with the new ucred. */ LIST_FOREACH(limit, &p->p_limits, hl_next) { - if (limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_USER && - limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_GROUP && - limit->hl_rule->hr_subject_type != HRL_SUBJECT_TYPE_LOGINCLASS) + switch (limit->hl_rule->hr_subject_type) { + case HRL_SUBJECT_TYPE_PROCESS: continue; + case HRL_SUBJECT_TYPE_USER: + if (newuip == olduip) + continue; + break; + case HRL_SUBJECT_TYPE_LOGINCLASS: + if (newlc == oldlc) + continue; + break; + case HRL_SUBJECT_TYPE_JAIL: + if (newpr == oldpr) + continue; + break; + default: + panic("hrl_proc_ucred_changing: unknown subject %d", + limit->hl_rule->hr_subject_type); + } LIST_REMOVE(limit, hl_next); hrl_rule_release(limit->hl_rule); @@ -1694,19 +1715,25 @@ } /* - * Now add rules for the current user credentials. + * Add rules for the new ucred. */ - LIST_FOREACH(limit, &newcred->cr_ruidinfo->ui_limits, hl_next) { - error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); - KASSERT(error == 0, ("XXX: better error handling needed")); + if (newuip != olduip) { + LIST_FOREACH(limit, &newuip->ui_limits, hl_next) { + error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); + KASSERT(error == 0, ("XXX: better error handling needed")); + } + } + if (newlc != oldlc) { + LIST_FOREACH(limit, &newlc->lc_limits, hl_next) { + error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); + KASSERT(error == 0, ("XXX: better error handling needed")); + } } - - /* - * Add rules for the current loginclass. - */ - LIST_FOREACH(limit, &newcred->cr_loginclass->lc_limits, hl_next) { - error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); - KASSERT(error == 0, ("XXX: better error handling needed")); + if (newpr != newpr) { + LIST_FOREACH(limit, &newpr->pr_limits, hl_next) { + error = hrl_limit_add_locked(&p->p_limits, limit->hl_rule); + KASSERT(error == 0, ("XXX: better error handling needed")); + } } mtx_unlock(&hrl_lock); @@ -1714,8 +1741,6 @@ /* * Fix up per-ruid resource consumption. */ - newuip = newcred->cr_ruidinfo; - olduip = p->p_ucred->cr_ruidinfo; if (newuip != olduip) { hrl_container_subtract(&olduip->ui_container, &p->p_container); hrl_container_add(&newuip->ui_container, &p->p_container); @@ -1724,12 +1749,14 @@ /* * Adjust loginclass resource usage information. */ - newlc = newcred->cr_loginclass; - oldlc = p->p_ucred->cr_loginclass; if (newlc != oldlc) { hrl_container_subtract(&oldlc->lc_container, &p->p_container); hrl_container_add(&newlc->lc_container, &p->p_container); } + + /* + * XXX: Jail resource consumption. + */ } /*