From owner-p4-projects@FreeBSD.ORG Sat Jan 29 12:48:40 2011 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 68EDF106566B; Sat, 29 Jan 2011 12:48:40 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2909C1065672 for ; Sat, 29 Jan 2011 12:48:40 +0000 (UTC) (envelope-from trasz@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 176B58FC12 for ; Sat, 29 Jan 2011 12:48:40 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.4/8.14.4) with ESMTP id p0TCmd5e015366 for ; Sat, 29 Jan 2011 12:48:39 GMT (envelope-from trasz@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.4/8.14.4/Submit) id p0TCmd2u015363 for perforce@freebsd.org; Sat, 29 Jan 2011 12:48:39 GMT (envelope-from trasz@freebsd.org) Date: Sat, 29 Jan 2011 12:48:39 GMT Message-Id: <201101291248.p0TCmd2u015363@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to trasz@freebsd.org using -f From: Edward Tomasz Napierala To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 188308 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Jan 2011 12:48:40 -0000 http://p4web.freebsd.org/@@188308?ac=10 Change 188308 by trasz@trasz_victim on 2011/01/29 12:48:07 In addition to preventing one from adding per-process rules for system processes, also don't link other rules to system processes. Also, we don't need to PROC_LOCK() just to change for P_SYSTEM. Affected files ... .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#24 edit Differences ... ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_rctl.c#24 (text+ko) ==== @@ -935,16 +935,6 @@ rusage_is_sloppy(rule->rr_resource)) return (EINVAL); - if (rule->rr_subject_type == RCTL_SUBJECT_TYPE_PROCESS) { - p = rule->rr_subject.rs_proc; - PROC_LOCK(p); - if (p->p_flag & P_SYSTEM) { - PROC_UNLOCK(p); - return (EINVAL); - } - PROC_UNLOCK(p); - } - /* * Make sure there are no duplicated rules. Also, for the "deny" * rules, remove ones differing only by "amount". @@ -961,6 +951,12 @@ case RCTL_SUBJECT_TYPE_PROCESS: p = rule->rr_subject.rs_proc; KASSERT(p != NULL, ("rctl_rule_add: NULL proc")); + /* + * No resource limits for system processes. + */ + if (p->p_flag & P_SYSTEM) + return (EINVAL); + rctl_container_add_rule(p->p_container, rule); /* * In case of per-process rule, we don't have anything more @@ -997,6 +993,8 @@ */ sx_assert(&allproc_lock, SA_LOCKED); FOREACH_PROC_IN_SYSTEM(p) { + if (p->p_flag & P_SYSTEM) + continue; cred = p->p_ucred; switch (rule->rr_subject_type) { case RCTL_SUBJECT_TYPE_USER: @@ -1233,13 +1231,10 @@ error = EINVAL; goto out; } - PROC_LOCK(p); if (p->p_flag & P_SYSTEM) { - PROC_UNLOCK(p); error = EINVAL; goto out; } - PROC_UNLOCK(p); outputsbuf = rctl_container_to_sbuf(p->p_container, 0); break; case RCTL_SUBJECT_TYPE_USER: