From owner-p4-projects@FreeBSD.ORG  Sun Dec 19 13:29:13 2010
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 2E98B1065673; Sun, 19 Dec 2010 13:29:13 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E34FC106567A
	for <perforce@freebsd.org>; Sun, 19 Dec 2010 13:29:12 +0000 (UTC)
	(envelope-from trasz@freebsd.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org
	[IPv6:2001:4f8:fff6::2d])
	by mx1.freebsd.org (Postfix) with ESMTP id CF91F8FC13
	for <perforce@freebsd.org>; Sun, 19 Dec 2010 13:29:12 +0000 (UTC)
Received: from skunkworks.freebsd.org (localhost [127.0.0.1])
	by skunkworks.freebsd.org (8.14.4/8.14.4) with ESMTP id oBJDTCtb026072
	for <perforce@freebsd.org>; Sun, 19 Dec 2010 13:29:12 GMT
	(envelope-from trasz@freebsd.org)
Received: (from perforce@localhost)
	by skunkworks.freebsd.org (8.14.4/8.14.4/Submit) id oBJDTCX5026069
	for perforce@freebsd.org; Sun, 19 Dec 2010 13:29:12 GMT
	(envelope-from trasz@freebsd.org)
Date: Sun, 19 Dec 2010 13:29:12 GMT
Message-Id: <201012191329.oBJDTCX5026069@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
	trasz@freebsd.org using -f
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Precedence: bulk
Cc: 
Subject: PERFORCE change 187054 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Dec 2010 13:29:13 -0000

http://p4web.freebsd.org/@@187054?ac=10

Change 187054 by trasz@trasz_victim on 2010/12/19 13:28:16

	Drop the plan to replace all the plimit stuff with containers.
	Get rid of temporary per-process rules generated by setrusage()
	and many instances of '#ifdef HRL'.  This was incomplete anyway,
	and when completed it would be far too intrusive.

Affected files ...

.. //depot/projects/soc2009/trasz_limits/TODO#35 edit
.. //depot/projects/soc2009/trasz_limits/sys/compat/linux/linux_misc.c#19 edit
.. //depot/projects/soc2009/trasz_limits/sys/compat/svr4/imgact_svr4.c#12 edit
.. //depot/projects/soc2009/trasz_limits/sys/fs/fdescfs/fdesc_vfsops.c#6 edit
.. //depot/projects/soc2009/trasz_limits/sys/i386/linux/imgact_linux.c#11 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/imgact_aout.c#12 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/imgact_elf.c#20 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/imgact_gzip.c#10 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_loginclass.c#22 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_resource.c#54 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/vfs_vnops.c#21 edit
.. //depot/projects/soc2009/trasz_limits/sys/vm/swap_pager.c#15 edit
.. //depot/projects/soc2009/trasz_limits/sys/vm/vm_glue.c#10 edit
.. //depot/projects/soc2009/trasz_limits/sys/vm/vm_mmap.c#22 edit
.. //depot/projects/soc2009/trasz_limits/sys/vm/vm_unix.c#12 edit

Differences ...

==== //depot/projects/soc2009/trasz_limits/TODO#35 (text+ko) ====

@@ -102,7 +102,9 @@
 
 HRL-specific issues:
 
- - Bring back per-group limits.
+ - Reconsider setrlimit(2) handling.
+
+ - Reconsider bringing back per-group limits.
 
  - Some things need to be accounted for per-euid, and some per-ruid.  Geez.
 

==== //depot/projects/soc2009/trasz_limits/sys/compat/linux/linux_misc.c#19 (text+ko) ====

@@ -359,26 +359,16 @@
 	 * XXX - this is not complete. it should check current usage PLUS
 	 * the resources needed by this library.
 	 */
-#ifndef HRL
 	PROC_LOCK(td->td_proc);
 	if (a_out->a_text > maxtsiz ||
-	    a_out->a_data + bss_size > lim_cur(td->td_proc, RLIMIT_DATA)) {
+	    a_out->a_data + bss_size > lim_cur(td->td_proc, RLIMIT_DATA) ||
+	    rusage_set(td->td_proc, RUSAGE_DATA, a_out->a_data +
+	    bss_size) != 0) {
 		PROC_UNLOCK(td->td_proc);
 		error = ENOMEM;
 		goto cleanup;
 	}
 	PROC_UNLOCK(td->td_proc);
-#endif
-	if (a_out->a_text > maxtsiz) {
-		error = ENOMEM;
-		goto cleanup;
-	}
-	error = rusage_set(td->td_proc, RUSAGE_DATA,
-	    a_out->a_data + bss_size);
-	if (error != 0) {
-		error = ENOMEM;
-		goto cleanup;
-	}
 
 	/*
 	 * Prevent more writers.

==== //depot/projects/soc2009/trasz_limits/sys/compat/svr4/imgact_svr4.c#12 (text+ko) ====

@@ -107,21 +107,14 @@
     /*
      * text/data/bss must not exceed limits
      */
-#ifndef HRL
     PROC_LOCK(imgp->proc);
     if (a_out->a_text > maxtsiz ||
-	a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA)) {
+	a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA) ||
+	rusage_set(imgp->proc, RUSAGE_DATA, a_out->a_data + bss_size) != 0) {;
     	PROC_UNLOCK(imgp->proc);
 	return (ENOMEM);
     }
     PROC_UNLOCK(imgp->proc);
-#endif /* !HRL */
-    if (a_out->a_text > maxtsiz)
-        return (ENOMEM);
-    error = rusage_set(imgp->proc, RUSAGE_DATA,
-        a_out->a_data + bss_size);
-    if (error != 0)
-        return (ENOMEM);
 
     VOP_UNLOCK(imgp->vp, 0);
 

==== //depot/projects/soc2009/trasz_limits/sys/fs/fdescfs/fdesc_vfsops.c#6 (text+ko) ====

@@ -197,20 +197,14 @@
 	 * limit is ever reduced below the current number
 	 * of open files... ]
 	 */
-#ifndef HRL
 	PROC_LOCK(td->td_proc);
 	lim = lim_cur(td->td_proc, RLIMIT_NOFILE);
 	PROC_UNLOCK(td->td_proc);
-#endif
 	fdp = td->td_proc->p_fd;
 	FILEDESC_SLOCK(fdp);
 	limit = rusage_get_limit(td->td_proc, RUSAGE_NOFILE);
-#ifdef HRL
-	lim = limit;
-#else
 	if (lim > limit)
 		lim = limit;
-#endif
 	last = min(fdp->fd_nfiles, lim);
 	freefd = 0;
 	for (i = fdp->fd_freefile; i < last; i++)

==== //depot/projects/soc2009/trasz_limits/sys/i386/linux/imgact_linux.c#11 (text+ko) ====

@@ -105,21 +105,14 @@
     /*
      * text/data/bss must not exceed limits
      */
-#ifndef HRL
     PROC_LOCK(imgp->proc);
     if (a_out->a_text > maxtsiz ||
-	a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA)) {
+	a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA) ||
+	rusage_set(imgp->proc, RUSAGE_DATA, a_out->a_data + bss_size) != 0) {
 	PROC_UNLOCK(imgp->proc);
 	return (ENOMEM);
     }
     PROC_UNLOCK(imgp->proc);
-#endif /* !HRL */
-    if (a_out->a_text > maxtsiz)
-	return (ENOMEM);
-    error = rusage_set(imgp->proc, RUSAGE_DATA,
-	a_out->a_data + bss_size);
-    if (error != 0)
-	return (ENOMEM);
 
     VOP_UNLOCK(imgp->vp, 0);
 

==== //depot/projects/soc2009/trasz_limits/sys/kern/imgact_aout.c#12 (text+ko) ====

@@ -185,25 +185,18 @@
 	/*
 	 * text/data/bss must not exceed limits
 	 */
-#ifndef HRL
 	PROC_LOCK(imgp->proc);
 	if (/* text can't exceed maximum text size */
 	    a_out->a_text > maxtsiz ||
 
 	    /* data + bss can't exceed rlimit */
-	    a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA)) {
+	    a_out->a_data + bss_size > lim_cur(imgp->proc, RLIMIT_DATA) ||
+	    rusage_set(imgp->proc, RUSAGE_DATA,
+	    a_out->a_data + bss_size) != 0) {
 			PROC_UNLOCK(imgp->proc);
 			return (ENOMEM);
 	}
 	PROC_UNLOCK(imgp->proc);
-#endif /* !HRL */
-	if (/* text can't exceed maximum text size */
-	    a_out->a_text > maxtsiz)
-		return (ENOMEM);
-	error = rusage_set(imgp->proc, RUSAGE_DATA,
-	    a_out->a_data + bss_size);
-	if (error != 0)
-		return (ENOMEM);
 
 	/*
 	 * Avoid a possible deadlock if the current address space is destroyed

==== //depot/projects/soc2009/trasz_limits/sys/kern/imgact_elf.c#20 (text+ko) ====

@@ -874,27 +874,15 @@
 	 * limits after loading the segments since we do
 	 * not actually fault in all the segments pages.
 	 */
-#ifndef HRL
 	PROC_LOCK(imgp->proc);
 	if (data_size > lim_cur(imgp->proc, RLIMIT_DATA) ||
 	    text_size > maxtsiz ||
-	    total_size > lim_cur(imgp->proc, RLIMIT_VMEM)) {
+	    total_size > lim_cur(imgp->proc, RLIMIT_VMEM) ||
+	    rusage_set(imgp->proc, RUSAGE_DATA, data_size) != 0 ||
+	    rusage_set(imgp->proc, RUSAGE_VMEM, total_size) != 0) {
 		PROC_UNLOCK(imgp->proc);
 		return (ENOMEM);
 	}
-#else
-	PROC_LOCK(imgp->proc);
-#endif /* !HRL */
-	if (text_size > maxtsiz)
-		return (ENOMEM);
-	error = rusage_set(imgp->proc, RUSAGE_DATA,
-	    data_size);
-	if (error != 0)
-		return (ENOMEM);
-	error = rusage_set(imgp->proc, RUSAGE_VMEM,
-	    total_size);
-	if (error != 0)
-		return (ENOMEM);
 
 	vmspace->vm_tsize = text_size >> PAGE_SHIFT;
 	vmspace->vm_taddr = (caddr_t)(uintptr_t)text_addr;

==== //depot/projects/soc2009/trasz_limits/sys/kern/imgact_gzip.c#10 (text+ko) ====

@@ -210,29 +210,20 @@
 	/*
 	 * text/data/bss must not exceed limits
 	 */
-#ifndef HRL
 	PROC_LOCK(gz->ip->proc);
 	if (			/* text can't exceed maximum text size */
 	    gz->a_out.a_text > maxtsiz ||
 
 	/* data + bss can't exceed rlimit */
 	    gz->a_out.a_data + gz->bss_size >
-	    lim_cur(gz->ip->proc, RLIMIT_DATA)) {
+	    lim_cur(gz->ip->proc, RLIMIT_DATA) ||
+	    rusage_set(gz->ip->proc, RUSAGE_DATA,
+	    gz->a_out.a_data + gz->bss_size) != 0) {
 		PROC_UNLOCK(gz->ip->proc);
 		gz->where = __LINE__;
 		return (ENOMEM);
 	}
 	PROC_UNLOCK(gz->ip->proc);
-#endif /* !HRL */
-	if (			/* text can't exceed maximum text size */
-	    gz->a_out.a_text > maxtsiz) {
-		gz->where = __LINE__;
-		return (ENOMEM);
-	}
-	error = rusage_set(gz->ip->proc, RUSAGE_DATA,
-	    gz->a_out.a_data + gz->bss_size);
-	if (error != 0)
-		return (ENOMEM);
 	/* Find out how far we should go */
 	gz->file_end = gz->file_offset + gz->a_out.a_text + gz->a_out.a_data;
 

==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_loginclass.c#22 (text+ko) ====

@@ -85,9 +85,7 @@
 
 	mtx_lock(&loginclasses_lock);
 	if (refcount_release(&lc->lc_refcount)) {
-#ifdef HRL
 		container_destroy(&lc->lc_container);
-#endif
 		LIST_REMOVE(lc, lc_next);
 		mtx_unlock(&loginclasses_lock);
 		free(lc, M_LOGINCLASS);
@@ -127,9 +125,7 @@
 	}
 
 	/* Add new loginclass. */
-#ifdef HRL
 	container_create(&newlc->lc_container);
-#endif
 	strcpy(newlc->lc_name, name);
 	refcount_init(&newlc->lc_refcount, 1);
 	LIST_INSERT_HEAD(&loginclasses, newlc, lc_next);

==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_resource.c#54 (text+ko) ====

@@ -606,13 +606,12 @@
 	return (error);
 }
 
-#ifndef HRL
 static void
 lim_cb(void *arg)
 {
+	struct rlimit rlim;
 	struct thread *td;
 	struct proc *p;
-	struct rlimit rlim;
 
 	p = arg;
 	PROC_LOCK_ASSERT(p, MA_OWNED);
@@ -640,119 +639,6 @@
 	if ((p->p_flag & P_WEXIT) == 0)
 		callout_reset(&p->p_limco, hz, lim_cb, p);
 }
-#endif /* !HRL */
-
-#ifdef HRL
-static void
-hrl_handle_setrlimit(u_int which, struct rlimit *lim, struct thread *td)
-{
-	int error;
-	struct hrl_rule *rule, *rule2;
-
-	rule = hrl_rule_alloc(M_WAITOK);
-	rule->hr_subject_type = HRL_SUBJECT_TYPE_PROCESS;
-	rule->hr_subject.hs_proc = td->td_proc;
-	rule->hr_action = HRL_ACTION_DENY;
-	rule->hr_amount = -1;
-	rule->hr_per = HRL_SUBJECT_TYPE_PROCESS;
-
-	switch (which) {
-	case RLIMIT_CPU:
-		rule->hr_resource = RUSAGE_CPU;
-		rule->hr_action = HRL_ACTION_SIGXCPU;
-		break;
-	case RLIMIT_FSIZE:
-		rule->hr_resource = RUSAGE_FSIZE;
-		break;
-	case RLIMIT_DATA:
-		rule->hr_resource = RUSAGE_DATA;
-		break;
-	case RLIMIT_STACK:
-		rule->hr_resource = RUSAGE_STACK;
-		rule->hr_action = HRL_ACTION_SIGSEGV;
-		break;
-	case RLIMIT_CORE:
-		rule->hr_resource = RUSAGE_CORE;
-		break;
-	case RLIMIT_RSS:
-		rule->hr_resource = RUSAGE_RSS;
-		break;
-	case RLIMIT_MEMLOCK:
-		rule->hr_resource = RUSAGE_MEMLOCK;
-		break;
-	case RLIMIT_NPROC:
-		rule->hr_resource = RUSAGE_NPROC;
-		rule->hr_per = HRL_SUBJECT_TYPE_USER;
-		break;
-	case RLIMIT_NOFILE:
-		rule->hr_resource = RUSAGE_NOFILE;
-		rule->hr_action = HRL_ACTION_SIGXFSZ;
-		break;
-	case RLIMIT_SBSIZE:
-		rule->hr_resource = RUSAGE_SBSIZE;
-		rule->hr_per = HRL_SUBJECT_TYPE_USER;
-		break;
-	case RLIMIT_VMEM:
-		rule->hr_resource = RUSAGE_VMEM;
-		break;
-	case RLIMIT_NPTS:
-		rule->hr_resource = RUSAGE_NPTS;
-		rule->hr_per = HRL_SUBJECT_TYPE_USER;
-		break;
-	case RLIMIT_SWAP:
-		rule->hr_resource = RUSAGE_SWAP;
-		rule->hr_per = HRL_SUBJECT_TYPE_USER;
-		break;
-	default:
-		panic("hrl_handle_setrlimit: unknown limit %d", which);
-	}
-
-	/*
-	 * Remove a previous limit that might exist for the resource
-	 * with a different hr_amount.
-	 */
-	hrl_rule_remove(rule);
-
-	/*
-	 * For rules with action different than "deny", we add another
-	 * rule, "deny".
-	 */
-	if (rule->hr_action != HRL_ACTION_DENY) {
-		rule2 = hrl_rule_duplicate(rule, M_WAITOK);
-
-		/*
-		 * The "deny" action doesn't make sense for some resources,
-		 * such as RUSAGE_CPU.
-		 */
-		if (rule2->hr_resource == RUSAGE_CPU)
-			rule2->hr_action = HRL_ACTION_SIGKILL;
-		else
-			rule2->hr_action = HRL_ACTION_DENY;
-		hrl_rule_remove(rule2);
-
-		if (lim->rlim_cur != RLIM_INFINITY) {
-			if (rule2->hr_resource == RUSAGE_CPU)
-				rule2->hr_amount = (uint64_t)lim->rlim_max *
-				    1000000;
-			else
-				rule2->hr_amount = lim->rlim_cur;
-			error = hrl_rule_add(rule2);
-			KASSERT(error == 0, ("hrl_rule_add failed"));
-		}
-		hrl_rule_release(rule2);
-	}
-
-	if (lim->rlim_cur != RLIM_INFINITY) {
-		rule->hr_amount = lim->rlim_cur;
-		/* Container stores CPU time in microseconds. */
-		if (rule->hr_resource == RUSAGE_CPU)
-				rule->hr_amount *= 1000000;
-		error = hrl_rule_add(rule);
-		KASSERT(error == 0, ("hrl_rule_add failed"));
-	}
-	hrl_rule_release(rule);
-}
-#endif /* HRL */
 
 int
 kern_setrlimit(td, which, limp)
@@ -797,14 +683,12 @@
 
 	switch (which) {
 
-#ifndef HRL
 	case RLIMIT_CPU:
 		if (limp->rlim_cur != RLIM_INFINITY &&
 		    p->p_cpulimit == RLIM_INFINITY)
 			callout_reset(&p->p_limco, hz, lim_cb, p);
 		p->p_cpulimit = limp->rlim_cur;
 		break;
-#endif
 	case RLIMIT_DATA:
 		if (limp->rlim_cur > maxdsiz)
 			limp->rlim_cur = maxdsiz;
@@ -877,10 +761,6 @@
 		}
 	}
 
-#ifdef HRL
-	hrl_handle_setrlimit(which, alimp, td);
-#endif
-
 	return (0);
 }
 
@@ -1213,10 +1093,8 @@
 {
 	p2->p_limit = lim_hold(p1->p_limit);
 	callout_init_mtx(&p2->p_limco, &p2->p_mtx, 0);
-#ifndef HRL
 	if (p1->p_cpulimit != RLIM_INFINITY)
 		callout_reset(&p2->p_limco, hz, lim_cb, p2);
-#endif
 }
 
 void
@@ -1344,9 +1222,7 @@
 			mtx_init(&uip->ui_vmsize_mtx, "ui_vmsize", NULL,
 			    MTX_DEF);
 			LIST_INSERT_HEAD(UIHASH(uid), uip, ui_hash);
-#ifdef HRL
 			container_create(&uip->ui_container);
-#endif
 		}
 	}
 	uihold(uip);
@@ -1394,9 +1270,7 @@
 	/* Prepare for suboptimal case. */
 	rw_wlock(&uihashtbl_lock);
 	if (refcount_release(&uip->ui_ref)) {
-#ifdef HRL
 		container_destroy(&uip->ui_container);
-#endif
 		LIST_REMOVE(uip, ui_hash);
 		rw_wunlock(&uihashtbl_lock);
 		if (uip->ui_sbsize != 0)

==== //depot/projects/soc2009/trasz_limits/sys/kern/vfs_vnops.c#21 (text+ko) ====

@@ -1344,22 +1344,21 @@
 vn_rlimit_fsize(const struct vnode *vp, const struct uio *uio,
     const struct thread *td)
 {
-
+	uoff_t fsize;
+	
 	if (vp->v_type != VREG || td == NULL)
 		return (0);
-#ifndef HRL
+	
+	fsize = (uoff_t)uio->uio_offset + uio->uio_resid;
+
 	PROC_LOCK(td->td_proc);
-	if ((uoff_t)uio->uio_offset + uio->uio_resid >
-	    lim_cur(td->td_proc, RLIMIT_FSIZE)) {
+	if (fsize > lim_cur(td->td_proc, RLIMIT_FSIZE) ||
+	    rusage_set(td->td_proc, RUSAGE_FSIZE, fsize) != 0) {
 		psignal(td->td_proc, SIGXFSZ);
 		PROC_UNLOCK(td->td_proc);
 		return (EFBIG);
 	}
 	PROC_UNLOCK(td->td_proc);
-#endif
-	if (rusage_set(td->td_proc, RUSAGE_FSIZE,
-	    (uoff_t)uio->uio_offset + uio->uio_resid))
-		return (EFBIG);
 
 	return (0);
 }

==== //depot/projects/soc2009/trasz_limits/sys/vm/swap_pager.c#15 (text+ko) ====

@@ -211,12 +211,13 @@
 	if (res) {
 		PROC_LOCK(curproc);
 		UIDINFO_VMSIZE_LOCK(uip);
+		/*
+		 * XXX: What if rusage_add() succeeds, and lim_cur() check fails?
+		 */
 		if (
 		    rusage_add(curproc, RUSAGE_SWAP, incr) &&
-#ifndef HRL
 		    (overcommit & SWAP_RESERVE_RLIMIT_ON) != 0 &&
 		    uip->ui_vmsize + incr > lim_cur(curproc, RLIMIT_SWAP) &&
-#endif
 		    priv_check(curthread, PRIV_VM_SWAP_NORLIMIT))
 			res = 0;
 		else

==== //depot/projects/soc2009/trasz_limits/sys/vm/vm_glue.c#10 (text+ko) ====

@@ -200,15 +200,12 @@
 	PROC_LOCK(curproc);
 	nsize = ptoa(npages +
 	    pmap_wired_count(vm_map_pmap(&curproc->p_vmspace->vm_map)));
-#ifndef HRL
-	if (nsize > lim_cur(curproc, RLIMIT_MEMLOCK)) {
+	if (nsize > lim_cur(curproc, RLIMIT_MEMLOCK) ||
+	    rusage_set(curproc, RUSAGE_MEMLOCK, nsize) != 0) {
 		PROC_UNLOCK(curproc);
 		return (ENOMEM);
 	}
-#endif
 	PROC_UNLOCK(curproc);
-	if (rusage_set(curproc, RUSAGE_MEMLOCK, nsize))
-		return (ENOMEM);
 #if 0
 	/*
 	 * XXX - not yet

==== //depot/projects/soc2009/trasz_limits/sys/vm/vm_mmap.c#22 (text+ko) ====

@@ -1051,12 +1051,10 @@
 	PROC_LOCK(proc);
 	nsize = ptoa(npages +
 	    pmap_wired_count(vm_map_pmap(&proc->p_vmspace->vm_map)));
-#ifndef HRL
 	if (nsize > lim_cur(proc, RLIMIT_MEMLOCK)) {
 		PROC_UNLOCK(proc);
 		return (ENOMEM);
 	}
-#endif
 	PROC_UNLOCK(proc);
 	if (npages + cnt.v_wire_count > vm_page_max_wired)
 		return (EAGAIN);
@@ -1431,7 +1429,6 @@
 
 	size = round_page(size);
 
-#ifndef HRL
 	PROC_LOCK(td->td_proc);
 	if (td->td_proc->p_vmspace->vm_map.size + size >
 	    lim_cur(td->td_proc, RLIMIT_VMEM)) {
@@ -1439,7 +1436,6 @@
 		return(ENOMEM);
 	}
 	PROC_UNLOCK(td->td_proc);
-#endif
 	if (rusage_set(td->td_proc, RUSAGE_VMEM,
 	    td->td_proc->p_vmspace->vm_map.size + size))
 		return (ENOMEM);

==== //depot/projects/soc2009/trasz_limits/sys/vm/vm_unix.c#12 (text+ko) ====

@@ -74,19 +74,15 @@
 {
 	struct vmspace *vm = td->td_proc->p_vmspace;
 	vm_offset_t new, old, base;
-#ifndef HRL
 	rlim_t datalim, vmemlim;
-#endif
 	int rv;
 	int error = 0;
 	boolean_t do_map_wirefuture;
 
-#ifndef HRL
 	PROC_LOCK(td->td_proc);
 	datalim = lim_cur(td->td_proc, RLIMIT_DATA);
 	vmemlim = lim_cur(td->td_proc, RLIMIT_VMEM);
 	PROC_UNLOCK(td->td_proc);
-#endif
 
 	do_map_wirefuture = FALSE;
 	new = round_page((vm_offset_t)uap->nsize);
@@ -95,7 +91,6 @@
 	base = round_page((vm_offset_t) vm->vm_daddr);
 	old = base + ctob(vm->vm_dsize);
 	if (new > base) {
-#ifndef HRL
 		/*
 		 * Check the resource limit, but allow a process to reduce
 		 * its usage, even if it remains over the limit.
@@ -104,9 +99,7 @@
 			error = ENOMEM;
 			goto done;
 		}
-#endif /* !HRL */
-		error = rusage_set(td->td_proc, RUSAGE_DATA,
-		    new - base);
+		error = rusage_set(td->td_proc, RUSAGE_DATA, new - base);
 		if (error != 0) {
 			error = ENOMEM;
 			goto done;
@@ -126,18 +119,19 @@
 		goto done;
 	}
 	if (new > old) {
-#ifndef HRL
 		if (vm->vm_map.size + (new - old) > vmemlim) {
 			error = ENOMEM;
 			goto done;
 		}
-#endif /* !HRL */
 		error = rusage_set(td->td_proc, RUSAGE_VMEM,
 		    vm->vm_map.size + (new - old));
 		if (error != 0) {
 			error = ENOMEM;
 			goto done;
 		}
+		/*
+		 * XXX: Rollback for rusage_set() call above?
+		 */
 		rv = vm_map_insert(&vm->vm_map, NULL, 0, old, new,
 		    VM_PROT_RW, VM_PROT_ALL, 0);
 		if (rv != KERN_SUCCESS) {