From owner-p4-projects@FreeBSD.ORG Mon Jul 17 05:18:29 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 244BF16A4DF; Mon, 17 Jul 2006 05:18:29 +0000 (UTC) X-Original-To: perforce@FreeBSD.org Delivered-To: perforce@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E390B16A4DD for ; Mon, 17 Jul 2006 05:18:28 +0000 (UTC) (envelope-from cdjones@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 932E643D45 for ; Mon, 17 Jul 2006 05:18:28 +0000 (GMT) (envelope-from cdjones@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k6H5ISJa041478 for ; Mon, 17 Jul 2006 05:18:28 GMT (envelope-from cdjones@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k6H5ISkQ041475 for perforce@freebsd.org; Mon, 17 Jul 2006 05:18:28 GMT (envelope-from cdjones@FreeBSD.org) Date: Mon, 17 Jul 2006 05:18:28 GMT Message-Id: <200607170518.k6H5ISkQ041475@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to cdjones@FreeBSD.org using -f From: Chris Jones To: Perforce Change Reviews Cc: Subject: PERFORCE change 101734 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 05:18:29 -0000 http://perforce.freebsd.org/chv.cgi?CH=101734 Change 101734 by cdjones@cdjones-impulse on 2006/07/17 05:18:07 Add functions (prison_memory, prison_memory_limit) to get the amount of memory in use or permitted to be used by a jail. Next step, inserting calls to check this. Obvious places are in fork() and friends, but probably it would be good to also check memory usage at request-more-memory time rather than just at new-process time. Thanks to Roberto Lima (betogigi@gmail.com) for sending me his patch for 4.x; this is similar, though not taken directly from it. Affected files ... .. //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#9 edit .. //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#10 edit Differences ... ==== //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#9 (text+ko) ==== @@ -22,6 +22,11 @@ #include #include #include +#include +#include +#include +#include +#include #include #include #include @@ -125,7 +130,7 @@ struct prison *pr, *tpr; struct jail j; struct jail_attach_args jaa; - struct proc *j_sched_proc; + struct proc *j_sched_proc = NULL; int vfslocked, error, tryprid; error = copyin(uap->jail, &j, sizeof(j)); @@ -426,6 +431,41 @@ return (ok); } +/* Given credential, return memory usage in bytes. */ +int +prison_memory(struct ucred *cred) +{ + struct proc *p; + u_int mem_used = 0; + + /* TODO: cut this to search only procs in given jail. */ + FOREACH_PROC_IN_SYSTEM(p) { + if (!jailed(p->p_ucred) || + (cred->cr_prison != p->p_ucred->cr_prison)) { + continue; + } + + /* Get memory usage (see vm/vm_map.h). */ + mem_used += (p->p_vmspace)->vm_tsize; /* text size (pages) */ + mem_used += (p->p_vmspace)->vm_dsize; /* data size (pages) */ + mem_used += (p->p_vmspace)->vm_ssize; /* stack size (pages) */ + } + + /* Convert to bytes, cache (maybe unncessary?). */ + mem_used *= PAGE_SIZE; + mtx_lock(&cred->cr_prison->pr_mtx); + cred->cr_prison->pr_mem_usage = mem_used; + mtx_unlock(&cred->cr_prison->pr_mtx); + return mem_used; +} + +/* Given credential, return permitted memory usage in bytes. */ +int +prison_memory_limit(struct ucred *cred) +{ + return cred->cr_prison->pr_mem_limit; +} + /* * Return 0 if jails permit p1 to frob p2, otherwise ESRCH. */ ==== //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#10 (text+ko) ==== @@ -133,6 +133,8 @@ void prison_hold(struct prison *pr); int prison_if(struct ucred *cred, struct sockaddr *sa); int prison_ip(struct ucred *cred, int flag, u_int32_t *ip); +int prison_memory(struct ucred *cred); +int prison_memory_limit(struct ucred *cred); void prison_remote_ip(struct ucred *cred, int flags, u_int32_t *ip); #endif /* _KERNEL */