From owner-p4-projects@FreeBSD.ORG Thu Jul 8 18:20:53 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 8545A1065677; Thu, 8 Jul 2010 18:20:53 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 483101065674 for ; Thu, 8 Jul 2010 18:20:53 +0000 (UTC) (envelope-from trasz@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 3595D8FC15 for ; Thu, 8 Jul 2010 18:20:53 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o68IKrxi092618 for ; Thu, 8 Jul 2010 18:20:53 GMT (envelope-from trasz@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o68IKrMH092616 for perforce@freebsd.org; Thu, 8 Jul 2010 18:20:53 GMT (envelope-from trasz@freebsd.org) Date: Thu, 8 Jul 2010 18:20:53 GMT Message-Id: <201007081820.o68IKrMH092616@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to trasz@freebsd.org using -f From: Edward Tomasz Napierala To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 180653 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jul 2010 18:20:53 -0000 http://p4web.freebsd.org/@@180653?ac=10 Change 180653 by trasz@trasz_victim on 2010/07/08 18:20:09 Add proper error handling to hrl_proc_fork(). Affected files ... .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_container.c#11 edit .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#81 edit .. //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#46 edit Differences ... ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_container.c#11 (text+ko) ==== @@ -377,6 +377,9 @@ rusage_set(p, RUSAGE_PTY, 0); mtx_lock(&container_lock); +#ifdef HRL + hrl_proc_exit(p); +#endif container_destroy(&p->p_container); mtx_unlock(&container_lock); } @@ -442,6 +445,14 @@ } } +#ifdef HRL + error = hrl_proc_fork(parent, child); + if (error) { + container_destroy(&child->p_container); + goto out; + } +#endif + out: mtx_unlock(&container_lock); PROC_UNLOCK(child); ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#81 (text+ko) ==== @@ -1525,7 +1525,7 @@ container_leave(&p->p_container, &olduip->ui_container); error = container_join(&p->p_container, &newuip->ui_container); - KASSERT(error == 0, ("hrl_proc_init: better error handling needed")); + KASSERT(error == 0, ("hrl_proc_ucred_changing: better error handling needed")); } if (newlc != oldlc) { LIST_FOREACH(link, &newlc->lc_container.c_rule_links, hrl_next) { @@ -1535,7 +1535,7 @@ container_leave(&p->p_container, &oldlc->lc_container); error = container_join(&p->p_container, &newlc->lc_container); - KASSERT(error == 0, ("hrl_proc_init: better error handling needed")); + KASSERT(error == 0, ("hrl_proc_ucred_changing: better error handling needed")); } if (newpr != oldpr) { LIST_FOREACH(link, &newpr->pr_container.c_rule_links, hrl_next) { @@ -1545,7 +1545,7 @@ container_leave(&p->p_container, &oldpr->pr_container); error = container_join(&p->p_container, &newpr->pr_container); - KASSERT(error == 0, ("hrl_proc_init: better error handling needed")); + KASSERT(error == 0, ("hrl_proc_ucred_changing: better error handling needed")); } mtx_unlock(&container_lock); @@ -1554,16 +1554,13 @@ /* * Assign HRL rules to the newly created process. */ -static void -hrl_proc_fork(void *arg __unused, struct proc *parent, struct proc *child, - int flags __unused) +int +hrl_proc_fork(struct proc *parent, struct proc *child) { int error; struct hrl_rule_link *link; struct hrl_rule *rule; - PROC_LOCK(parent); - PROC_LOCK(child); mtx_lock(&container_lock); /* @@ -1574,29 +1571,41 @@ LIST_FOREACH(link, &parent->p_container.c_rule_links, hrl_next) { if (link->hrl_rule->hr_subject_type == HRL_SUBJECT_TYPE_PROCESS) { rule = hrl_rule_duplicate(link->hrl_rule, M_NOWAIT); - KASSERT(rule != NULL, ("XXX: better error handling needed")); + if (rule == NULL) + goto fail; KASSERT(rule->hr_subject.hs_proc == parent, ("rule->hr_subject.hs_proc == parent")); rule->hr_subject.hs_proc = child; error = hrl_container_add_rule_locked(&child->p_container, rule); - KASSERT(error == 0, ("XXX: better error handling needed")); hrl_rule_release(rule); + if (error) + goto fail; } else { error = hrl_container_add_rule_locked(&child->p_container, link->hrl_rule); - KASSERT(error == 0, ("XXX: better error handling needed")); + if (error) + goto fail; } } mtx_unlock(&container_lock); - PROC_UNLOCK(child); - PROC_UNLOCK(parent); + return (0); + +fail: + while (!LIST_EMPTY(&child->p_container.c_rule_links)) { + link = LIST_FIRST(&child->p_container.c_rule_links); + LIST_REMOVE(link, hrl_next); + hrl_rule_release(link->hrl_rule); + uma_zfree(hrl_rule_link_zone, link); + } + mtx_unlock(&container_lock); + return (EAGAIN); } /* * Go through the process' limits, freeing them. */ -static void -hrl_proc_exit(void *arg __unused, struct proc *p) +void +hrl_proc_exit(struct proc *p) { struct hrl_rule_link *link; @@ -1618,10 +1627,6 @@ NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); hrl_rule_zone = uma_zcreate("hrl_rule", sizeof(struct hrl_rule), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); - EVENTHANDLER_REGISTER(process_fork, hrl_proc_fork, NULL, - EVENTHANDLER_PRI_ANY); - EVENTHANDLER_REGISTER(process_exit, hrl_proc_exit, NULL, - EVENTHANDLER_PRI_ANY); } #else /* !HRL */ ==== //depot/projects/soc2009/trasz_limits/sys/sys/hrl.h#46 (text+ko) ==== @@ -122,7 +122,8 @@ int hrl_enforce_proc(struct proc *p, int resource, uint64_t amount); const char *hrl_resource_name(int resource); - +int hrl_proc_fork(struct proc *parent, struct proc *child); +void hrl_proc_exit(struct proc *p); #else /* !_KERNEL */ /*