123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 |
- /* Copyright (C) 2014 Stony Brook University
- This file is part of Graphene Library OS.
- Graphene Library OS is free software: you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public License
- as published by the Free Software Foundation, either version 3 of the
- License, or (at your option) any later version.
- Graphene Library OS is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
- You should have received a copy of the GNU Lesser General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>. */
- /*
- * shim_getrlimit.c
- *
- * Implementation of system call "getrlimit" and "setrlimit".
- */
- #include <asm/resource.h>
- #include <shim_checkpoint.h>
- #include <shim_internal.h>
- #include <shim_table.h>
- #include <shim_utils.h>
- #include <shim_vma.h>
- /*
- * TODO: implement actual limitation on each resource.
- *
- * The current behavor(i.e. sys_stack_size, brk_max_size) may be subject
- * to be fixed.
- */
- #define MAX_THREADS (0x3fffffff / 2)
- #define DEFAULT_MAX_FDS (1024)
- #define MAX_MAX_FDS (65536) /* 4096: Linux initial value */
- #define MLOCK_LIMIT (64 * 1024)
- #define MQ_BYTES_MAX 819200
- static struct __kernel_rlimit64 __rlim[RLIM_NLIMITS] __attribute_migratable = {
- [RLIMIT_CPU] = {RLIM_INFINITY, RLIM_INFINITY},
- [RLIMIT_FSIZE] = {RLIM_INFINITY, RLIM_INFINITY},
- [RLIMIT_DATA] = {RLIM_INFINITY, RLIM_INFINITY},
- [RLIMIT_STACK] = {DEFAULT_SYS_STACK_SIZE, RLIM_INFINITY},
- [RLIMIT_CORE] = {0, RLIM_INFINITY},
- [RLIMIT_RSS] = {RLIM_INFINITY, RLIM_INFINITY},
- [RLIMIT_NPROC] = {MAX_THREADS, MAX_THREADS},
- [RLIMIT_NOFILE] = {DEFAULT_MAX_FDS, MAX_MAX_FDS},
- [RLIMIT_MEMLOCK] = {MLOCK_LIMIT, MLOCK_LIMIT},
- [RLIMIT_AS] = {RLIM_INFINITY, RLIM_INFINITY},
- [RLIMIT_LOCKS] = {RLIM_INFINITY, RLIM_INFINITY},
- /* [RLIMIT_SIGPENDING] = [RLIMIT_NPROC] for initial value */
- [RLIMIT_SIGPENDING] = {MAX_THREADS, MAX_THREADS},
- [RLIMIT_MSGQUEUE] = {MQ_BYTES_MAX, MQ_BYTES_MAX},
- [RLIMIT_NICE] = {0, 0},
- [RLIMIT_RTPRIO] = {0, 0},
- [RLIMIT_RTTIME] = {RLIM_INFINITY, RLIM_INFINITY},
- };
- static struct shim_lock rlimit_lock;
- int init_rlimit(void) {
- if (!create_lock(&rlimit_lock)) {
- return -ENOMEM;
- }
- return 0;
- }
- uint64_t get_rlimit_cur(int resource) {
- assert(resource >= 0 && RLIM_NLIMITS > resource);
- lock(&rlimit_lock);
- uint64_t rlim = __rlim[resource].rlim_cur;
- unlock(&rlimit_lock);
- return rlim;
- }
- void set_rlimit_cur(int resource, uint64_t rlim) {
- assert(resource >= 0 && RLIM_NLIMITS > resource);
- lock(&rlimit_lock);
- __rlim[resource].rlim_cur = rlim;
- unlock(&rlimit_lock);
- }
- int shim_do_getrlimit(int resource, struct __kernel_rlimit* rlim) {
- if (resource < 0 || RLIM_NLIMITS <= resource)
- return -EINVAL;
- if (!rlim || test_user_memory(rlim, sizeof(*rlim), true))
- return -EFAULT;
- lock(&rlimit_lock);
- rlim->rlim_cur = __rlim[resource].rlim_cur;
- rlim->rlim_max = __rlim[resource].rlim_max;
- unlock(&rlimit_lock);
- return 0;
- }
- int shim_do_setrlimit(int resource, struct __kernel_rlimit* rlim) {
- struct shim_thread* cur_thread = get_cur_thread();
- assert(cur_thread);
- if (resource < 0 || RLIM_NLIMITS <= resource)
- return -EINVAL;
- if (!rlim || test_user_memory(rlim, sizeof(*rlim), false))
- return -EFAULT;
- if (rlim->rlim_cur > rlim->rlim_max)
- return -EINVAL;
- lock(&rlimit_lock);
- if (rlim->rlim_max > __rlim[resource].rlim_max && cur_thread->euid) {
- unlock(&rlimit_lock);
- return -EPERM;
- }
- __rlim[resource].rlim_cur = rlim->rlim_cur;
- __rlim[resource].rlim_max = rlim->rlim_max;
- unlock(&rlimit_lock);
- return 0;
- }
- int shim_do_prlimit64(pid_t pid, int resource, const struct __kernel_rlimit64* new_rlim,
- struct __kernel_rlimit64* old_rlim) {
- struct shim_thread* cur_thread = get_cur_thread();
- assert(cur_thread);
- int ret = 0;
- // XXX: Do not support setting/getting the rlimit of other processes yet.
- if (pid && pid != (pid_t)cur_thread->tgid)
- return -ENOSYS;
- if (resource < 0 || RLIM_NLIMITS <= resource)
- return -EINVAL;
- if (old_rlim) {
- if (test_user_memory(old_rlim, sizeof(*old_rlim), true))
- return -EFAULT;
- }
- if (new_rlim) {
- if (test_user_memory((void*)new_rlim, sizeof(*new_rlim), false)) {
- ret = -EFAULT;
- goto out;
- }
- if (new_rlim->rlim_cur > new_rlim->rlim_max) {
- ret = -EINVAL;
- goto out;
- }
- }
- lock(&rlimit_lock);
- if (new_rlim) {
- if (new_rlim->rlim_max > __rlim[resource].rlim_max && cur_thread->euid) {
- ret = -EPERM;
- goto out;
- }
- }
- if (old_rlim)
- *old_rlim = __rlim[resource];
- if (new_rlim)
- __rlim[resource] = *new_rlim;
- out:
- unlock(&rlimit_lock);
- return ret;
- }
|