From nobody Wed Dec 17 18:03:48 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dWhWG34hnz6L5v2; Wed, 17 Dec 2025 18:03:54 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from smtp052.goneo.de (smtp052.goneo.de [85.220.129.60]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4dWhWG0hJ3z3sCy; Wed, 17 Dec 2025 18:03:53 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Authentication-Results: mx1.freebsd.org; none Received: from hub2.goneo.de (hub2.goneo.de [85.220.129.53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp5.goneo.de (Postfix) with ESMTPS id EA46B240E16; Wed, 17 Dec 2025 19:03:51 +0100 (CET) Received: from hub2.goneo.de (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by hub2.goneo.de (Postfix) with ESMTPS id 2C158240285; Wed, 17 Dec 2025 19:03:50 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walstatt-de.de; s=DKIM001; t=1765994630; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yJu6KKsIJf3qDNvzg/0ULU2cZTRIo5ZA0CD1S8e6VBU=; b=lfCHf33R06zQiUZ6AM8Ev5w5whuW5uvsWQEQZJ+DG3igzF5yaxP4ZhyIRdLCx65wgs2/kA 8mIGA3VJxBqlPiG4C89GEoFYTOD9boVZkrlSfWPePJrW6YQSctNpY4xjzGIKXO+DQhCIKN +ZYCUAlOKlSx4pAUEmF4Yh40Xyz2ojaIMusSv9poQfHl12EuDHWBZiniMRZhpbnrfflsf2 tqgD1/uRCSzj/0INMLg13unEvHnEGaPSPx1L9uEmmT5or4o4dHCDXuFDFdqPtdKvk2sAqC kVcnCyaWACVCV5BehUSJ5eYEmOcwoRZW/eaqpaYsA3qFVF0meqaUOiwCa7u4mw== Received: from hermann (dynamic-2a02-3100-23eb-e506-7eab-170c-13ee-c827.310.pool.telefonica.de [IPv6:2a02:3100:23eb:e506:7eab:170c:13ee:c827]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by hub2.goneo.de (Postfix) with ESMTPSA id B6CF4240282; Wed, 17 Dec 2025 19:03:49 +0100 (CET) Date: Wed, 17 Dec 2025 19:03:48 +0100 From: FreeBSD User To: Bojan =?UTF-8?B?Tm92a292acSH?= Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 1092ec8b3375 - main - kern: Introduce RLIMIT_VMM Message-ID: <20251217190348.7df7c756@hermann> In-Reply-To: <6942b977.387dc.1bc32951@gitrepo.freebsd.org> References: <6942b977.387dc.1bc32951@gitrepo.freebsd.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-UID: a74f54 X-Rspamd-UID: b574f0 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:25394, ipnet:85.220.128.0/17, country:DE] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Queue-Id: 4dWhWG0hJ3z3sCy On Wed, 17 Dec 2025 14:08:55 +0000 Bojan Novkovi=C4=87 wrote: > The branch main has been updated by bnovkov: >=20 > URL: > https://cgit.FreeBSD.org/src/commit/?id=3D1092ec8b337595ed8d52accf41c6904= d75b3689d >=20 > commit 1092ec8b337595ed8d52accf41c6904d75b3689d > Author: Bojan Novkovi=C4=87 > AuthorDate: 2025-11-07 13:11:03 +0000 > Commit: Bojan Novkovi=C4=87 > CommitDate: 2025-12-17 14:08:31 +0000 >=20 > kern: Introduce RLIMIT_VMM > =20 > This change introduces a new per-UID limit for controlling the > number of vmm instances, in anticipation of unprivileged bhyve. > This allows ut to limit the amount of kernel memory allocated > by the vmm driver and prevent potential memory exhaustion attacks. > =20 > Differential Revision: https://reviews.freebsd.org/D53728 > Reviewed by: markj, olce, corvink > MFC after: 3 months > Sponsored by: The FreeBSD Foundation > Sponsored by: Klara, Inc. > --- > sys/dev/vmm/vmm_dev.c | 18 +++++++++++++++--- > sys/kern/kern_resource.c | 13 +++++++++++++ > sys/sys/resource.h | 4 +++- > sys/sys/resourcevar.h | 2 ++ > usr.bin/procstat/procstat_rlimit.c | 1 + > 5 files changed, 34 insertions(+), 4 deletions(-) >=20 > diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c > index d6543bf6534e..3a86a8f966ef 100644 > --- a/sys/dev/vmm/vmm_dev.c > +++ b/sys/dev/vmm/vmm_dev.c > @@ -18,6 +18,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -96,6 +97,10 @@ u_int vm_maxcpu; > SYSCTL_UINT(_hw_vmm, OID_AUTO, maxcpu, CTLFLAG_RDTUN | CTLFLAG_NOFETCH, > &vm_maxcpu, 0, "Maximum number of vCPUs"); > =20 > +u_int vm_maxvmms; > +SYSCTL_UINT(_hw_vmm, OID_AUTO, maxvmms, CTLFLAG_RWTUN, > + &vm_maxvmms, 0, "Maximum number of VMM instances per user"); > + > static void devmem_destroy(void *arg); > static int devmem_create_cdev(struct vmmdev_softc *sc, int id, char *dev= mem); > =20 > @@ -870,6 +875,7 @@ vmmdev_destroy(struct vmmdev_softc *sc) > int error __diagused; > =20 > KASSERT(sc->cdev =3D=3D NULL, ("%s: cdev not free", __func__)); > + KASSERT(sc->ucred !=3D NULL, ("%s: missing ucred", __func__)); > =20 > /* > * Destroy all cdevs: > @@ -898,8 +904,8 @@ vmmdev_destroy(struct vmmdev_softc *sc) > if (sc->vm !=3D NULL) > vm_destroy(sc->vm); > =20 > - if (sc->ucred !=3D NULL) > - crfree(sc->ucred); > + chgvmmcnt(sc->ucred->cr_ruidinfo, -1, 0); > + crfree(sc->ucred); > =20 > sx_xlock(&vmmdev_mtx); > SLIST_REMOVE(&head, sc, vmmdev_softc, link); > @@ -1021,6 +1027,12 @@ vmmdev_create(const char *name, struct ucred *cred) > vmmdev_destroy(sc); > return (error); > } > + if (!chgvmmcnt(cred->cr_ruidinfo, 1, vm_maxvmms)) { > + sx_xunlock(&vmmdev_mtx); > + destroy_dev(cdev); > + vmmdev_destroy(sc); > + return (ENOMEM); > + } > sc->cdev =3D cdev; > sx_xunlock(&vmmdev_mtx); > return (0); > @@ -1172,7 +1184,7 @@ vmm_handler(module_t mod, int what, void *arg) > } > if (vm_maxcpu =3D=3D 0) > vm_maxcpu =3D 1; > - > + vm_maxvmms =3D 4 * mp_ncpus; > error =3D vmm_modinit(); > if (error =3D=3D 0) > vmm_initialized =3D true; > diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c > index dcd38c6e6fbe..31f89bd41f6d 100644 > --- a/sys/kern/kern_resource.c > +++ b/sys/kern/kern_resource.c > @@ -895,6 +895,9 @@ getrlimitusage_one(struct proc *p, u_int which, int > flags, rlim_t *res) case RLIMIT_PIPEBUF: > *res =3D ui->ui_pipecnt; > break; > + case RLIMIT_VMM: > + *res =3D ui->ui_vmmcnt; > + break; > default: > error =3D EINVAL; > break; > @@ -1643,6 +1646,9 @@ uifree(struct uidinfo *uip) > if (uip->ui_inotifywatchcnt !=3D 0) > printf("freeing uidinfo: uid =3D %d, inotifywatchcnt =3D %ld\n", > uip->ui_uid, uip->ui_inotifywatchcnt); > + if (uip->ui_vmmcnt !=3D 0) > + printf("freeing vmmcnt: uid =3D %d, vmmcnt =3D %ld\n", > + uip->ui_uid, uip->ui_vmmcnt); > free(uip, M_UIDINFO); > } > =20 > @@ -1763,6 +1769,13 @@ chginotifywatchcnt(struct uidinfo *uip, int diff, > rlim_t max) "inotifywatchcnt")); > } > =20 > +int > +chgvmmcnt(struct uidinfo *uip, int diff, rlim_t max) > +{ > + > + return (chglimit(uip, &uip->ui_vmmcnt, diff, max, "vmmcnt")); > +} > + > static int > sysctl_kern_proc_rlimit_usage(SYSCTL_HANDLER_ARGS) > { > diff --git a/sys/sys/resource.h b/sys/sys/resource.h > index 2725aa1ef646..9e0635cdb328 100644 > --- a/sys/sys/resource.h > +++ b/sys/sys/resource.h > @@ -115,8 +115,9 @@ struct __wrusage { > #define RLIMIT_KQUEUES 13 /* kqueues allocated > */ #define RLIMIT_UMTXP 14 /* process-shared > umtx */ #define RLIMIT_PIPEBUF 15 /* pipes/fifos > buffers */ +#define RLIMIT_VMM 16 /* virtual > machines */=20 > -#define RLIM_NLIMITS 16 /* number of resource > limits */ +#define RLIM_NLIMITS 17 /* number of > resource limits */=20 > #define RLIM_INFINITY ((rlim_t)(((__uint64_t)1 << 63) - 1)) > #define RLIM_SAVED_MAX RLIM_INFINITY > @@ -144,6 +145,7 @@ static const char *rlimit_ident[] =3D { > "kqueues", > "umtx", > "pipebuf", > + "vmm", > }; > #endif > =20 > diff --git a/sys/sys/resourcevar.h b/sys/sys/resourcevar.h > index 61411890c85b..d5c4561eec66 100644 > --- a/sys/sys/resourcevar.h > +++ b/sys/sys/resourcevar.h > @@ -124,6 +124,7 @@ struct uidinfo { > long ui_pipecnt; /* (b) consumption of pipe > buffers */ long ui_inotifycnt; /* (b) number of inotify > descriptors */ long ui_inotifywatchcnt; /* (b) number of > inotify watches */ > + long ui_vmmcnt; /* (b) number of vmm instances > */ uid_t ui_uid; /* (a) uid */ > u_int ui_ref; /* (b) reference count */ > #ifdef RACCT > @@ -148,6 +149,7 @@ int chgumtxcnt(struct uidinfo *uip, int diff, > rlim_t maxval); int chgpipecnt(struct uidinfo *uip, int diff, rlim_t > max); int chginotifycnt(struct uidinfo *uip, int diff, rlim_t maxval); > int chginotifywatchcnt(struct uidinfo *uip, int diff, rlim_t maxval); > +int chgvmmcnt(struct uidinfo *uip, int diff, rlim_t max); > int kern_proc_setrlimit(struct thread *td, struct proc *p, u_int > which, struct rlimit *limp); > struct plimit > diff --git a/usr.bin/procstat/procstat_rlimit.c > b/usr.bin/procstat/procstat_rlimit.c index c34550295f05..f3132758e005 100= 644 > --- a/usr.bin/procstat/procstat_rlimit.c > +++ b/usr.bin/procstat/procstat_rlimit.c > @@ -64,6 +64,7 @@ static struct { > {"kqueues", " "}, > {"umtxp", " "}, > {"pipebuf", "B "}, > + {"virtual-machines", " "}, > }; > =20 > _Static_assert(nitems(rlimit_param) =3D=3D RLIM_NLIMITS, >=20 After this commit - probably - my kernel pollutes the console with lots of= =20 pid XXXXX (limits), jid 0, uid 0: exited on signal 11 (core dumped) Especially bind920 (named) is failing immediately, surprisingly the mouse i= sn't working anymore and so on ... ssgd is also dying on startup - no access possible. Environment: customized kernel (especially commenting out unused driver and ZFS/IPFW in-kernel). Kind regards, oh =20