From owner-svn-src-all@FreeBSD.ORG Mon Oct 21 16:46:14 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id BA5845F1; Mon, 21 Oct 2013 16:46:14 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A63E524C3; Mon, 21 Oct 2013 16:46:14 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r9LGkEoN012913; Mon, 21 Oct 2013 16:46:14 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r9LGkDl5012906; Mon, 21 Oct 2013 16:46:13 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <201310211646.r9LGkDl5012906@svn.freebsd.org> From: Konstantin Belousov Date: Mon, 21 Oct 2013 16:46:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r256850 - in head: bin/sh etc lib/libc/sys lib/libutil usr.bin/limits usr.bin/procstat X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2013 16:46:14 -0000 Author: kib Date: Mon Oct 21 16:46:12 2013 New Revision: 256850 URL: http://svnweb.freebsd.org/changeset/base/256850 Log: Add a resource limit for the total number of kqueues available to the user. Kqueue now saves the ucred of the allocating thread, to correctly decrement the counter on close. Under some specific and not real-world use scenario for kqueue, it is possible for the kqueues to consume memory proportional to the square of the number of the filedescriptors available to the process. Limit allows administrator to prevent the abuse. This is kernel-mode side of the change, with the user-mode enabling commit following. Reported and tested by: pho Discussed with: jmg Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Modified: head/bin/sh/miscbltin.c head/etc/login.conf head/lib/libc/sys/getrlimit.2 head/lib/libutil/login_class.3 head/lib/libutil/login_class.c head/usr.bin/limits/limits.c head/usr.bin/procstat/procstat_rlimit.c Modified: head/bin/sh/miscbltin.c ============================================================================== --- head/bin/sh/miscbltin.c Mon Oct 21 16:44:53 2013 (r256849) +++ head/bin/sh/miscbltin.c Mon Oct 21 16:46:12 2013 (r256850) @@ -405,6 +405,9 @@ static const struct limits limits[] = { #ifdef RLIMIT_NPTS { "pseudo-terminals", (char *)0, RLIMIT_NPTS, 1, 'p' }, #endif +#ifdef RLIMIT_KQUEUES + { "kqueues", (char *)0, RLIMIT_KQUEUES, 1, 'k' }, +#endif { (char *) 0, (char *)0, 0, 0, '\0' } }; @@ -421,7 +424,7 @@ ulimitcmd(int argc __unused, char **argv struct rlimit limit; what = 'f'; - while ((optc = nextopt("HSatfdsmcnuvlbpw")) != '\0') + while ((optc = nextopt("HSatfdsmcnuvlbpwk")) != '\0') switch (optc) { case 'H': how = HARD; Modified: head/etc/login.conf ============================================================================== --- head/etc/login.conf Mon Oct 21 16:44:53 2013 (r256849) +++ head/etc/login.conf Mon Oct 21 16:46:12 2013 (r256850) @@ -42,6 +42,7 @@ default:\ :vmemoryuse=unlimited:\ :swapuse=unlimited:\ :pseudoterminals=unlimited:\ + :kqueues=unlimited:\ :priority=0:\ :ignoretime@:\ :umask=022: Modified: head/lib/libc/sys/getrlimit.2 ============================================================================== --- head/lib/libc/sys/getrlimit.2 Mon Oct 21 16:44:53 2013 (r256849) +++ head/lib/libc/sys/getrlimit.2 Mon Oct 21 16:46:12 2013 (r256850) @@ -108,6 +108,8 @@ Please see for a complete description of this sysctl. .It Dv RLIMIT_NPTS The maximum number of pseudo-terminals created by this user id. +.It Dv RLIMIT_KQUEUES +The maximum number of kqueues created by this user id. .El .Pp A resource limit is specified as a soft limit and a hard limit. Modified: head/lib/libutil/login_class.3 ============================================================================== --- head/lib/libutil/login_class.3 Mon Oct 21 16:44:53 2013 (r256849) +++ head/lib/libutil/login_class.3 Mon Oct 21 16:46:12 2013 (r256850) @@ -118,6 +118,7 @@ sbsize RLIMIT_SBSIZE vmemoryuse RLIMIT_VMEM pseudoterminals RLIMIT_NPTS swapuse RLIMIT_SWAP +kqueues RLIMIT_KQUEUES .Ed .It LOGIN_SETPRIORITY Set the scheduling priority for the current process based on the Modified: head/lib/libutil/login_class.c ============================================================================== --- head/lib/libutil/login_class.c Mon Oct 21 16:44:53 2013 (r256849) +++ head/lib/libutil/login_class.c Mon Oct 21 16:46:12 2013 (r256850) @@ -66,6 +66,7 @@ static struct login_res { { "vmemoryuse", login_getcapsize, RLIMIT_VMEM }, { "pseudoterminals", login_getcapnum, RLIMIT_NPTS }, { "swapuse", login_getcapsize, RLIMIT_SWAP }, + { "kqueues", login_getcapsize, RLIMIT_KQUEUES }, { NULL, 0, 0 } }; Modified: head/usr.bin/limits/limits.c ============================================================================== --- head/usr.bin/limits/limits.c Mon Oct 21 16:44:53 2013 (r256849) +++ head/usr.bin/limits/limits.c Mon Oct 21 16:46:12 2013 (r256850) @@ -89,7 +89,8 @@ static struct { { " sbsize%-4s %8s", " bytes\n", 1 }, { " vmemoryuse%-4s %8s", " kB\n", 1024 }, { " pseudo-terminals%-4s %8s", "\n", 1 }, - { " swapuse%-4s %8s", " kB\n", 1024 } + { " swapuse%-4s %8s", " kB\n", 1024 }, + { " kqueues%-4s %8s", "\n", 1 }, } }, { "sh", "unlimited", "", " -H", " -S", "", @@ -106,7 +107,8 @@ static struct { { "ulimit%s -b %s", ";\n", 1 }, { "ulimit%s -v %s", ";\n", 1024 }, { "ulimit%s -p %s", ";\n", 1 }, - { "ulimit%s -w %s", ";\n", 1024 } + { "ulimit%s -w %s", ";\n", 1024 }, + { "ulimit%s -k %s", ";\n", 1 }, } }, { "csh", "unlimited", "", " -h", "", NULL, @@ -123,7 +125,8 @@ static struct { { "limit%s sbsize %s", ";\n", 1 }, { "limit%s vmemoryuse %s", ";\n", 1024 }, { "limit%s pseudoterminals %s", ";\n", 1 }, - { "limit%s swapuse %s", ";\n", 1024 } + { "limit%s swapuse %s", ";\n", 1024 }, + { "limit%s kqueues %s", ";\n", 1 }, } }, { "bash|bash2", "unlimited", "", " -H", " -S", "", @@ -157,7 +160,8 @@ static struct { { "limit%s sbsize %s", ";\n", 1 }, { "limit%s vmemoryuse %s", ";\n", 1024 }, { "limit%s pseudoterminals %s", ";\n", 1 }, - { "limit%s swapuse %s", ";\n", 1024 } + { "limit%s swapuse %s", ";\n", 1024 }, + { "limit%s kqueues %s", ";\n", 1 }, } }, { "ksh|pdksh", "unlimited", "", " -H", " -S", "", @@ -232,7 +236,8 @@ static struct { { "sbsize", login_getcapsize }, { "vmemoryuse", login_getcapsize }, { "pseudoterminals",login_getcapnum }, - { "swapuse", login_getcapsize } + { "swapuse", login_getcapsize }, + { "kqueues", login_getcapnum }, }; /* @@ -647,6 +652,7 @@ resource_num(int which, int ch, const ch case RLIMIT_NPROC: case RLIMIT_NOFILE: case RLIMIT_NPTS: + case RLIMIT_KQUEUES: res = strtoq(s, &e, 0); s = e; break; Modified: head/usr.bin/procstat/procstat_rlimit.c ============================================================================== --- head/usr.bin/procstat/procstat_rlimit.c Mon Oct 21 16:44:53 2013 (r256849) +++ head/usr.bin/procstat/procstat_rlimit.c Mon Oct 21 16:46:12 2013 (r256850) @@ -46,7 +46,7 @@ static struct { const char *name; const char *suffix; -} rlimit_param[13] = { +} rlimit_param[14] = { {"cputime", "sec"}, {"filesize", "B "}, {"datasize", "B "}, @@ -60,9 +60,10 @@ static struct { {"vmemoryuse", "B "}, {"pseudo-terminals", " "}, {"swapuse", "B "}, + {"kqueues", " "}, }; -#if RLIM_NLIMITS > 13 +#if RLIM_NLIMITS > 14 #error "Resource limits have grown. Add new entries to rlimit_param[]." #endif