1994-05-24 10:09:53 +00:00
|
|
|
/*-
|
|
|
|
* Copyright (c) 1982, 1986, 1989, 1993
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
* (c) UNIX System Laboratories, Inc.
|
|
|
|
* All or some portions of this file are derived from material licensed
|
|
|
|
* to the University of California by American Telephone and Telegraph
|
|
|
|
* Co. or Unix System Laboratories, Inc. and are reproduced herein with
|
|
|
|
* the permission of UNIX System Laboratories, Inc.
|
|
|
|
*
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
* Copyright (c) 1994 Christopher G. Demetriou
|
|
|
|
* Copyright (c) 2005 Robert N. M. Watson
|
|
|
|
*
|
1994-05-24 10:09:53 +00:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by the University of
|
|
|
|
* California, Berkeley and its contributors.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
1994-09-26 21:09:15 +00:00
|
|
|
* @(#)kern_acct.c 8.1 (Berkeley) 6/14/93
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
|
2003-06-11 00:56:59 +00:00
|
|
|
#include <sys/cdefs.h>
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
2002-11-04 15:13:36 +00:00
|
|
|
#include "opt_mac.h"
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/param.h>
|
1994-09-15 19:47:47 +00:00
|
|
|
#include <sys/systm.h>
|
2006-02-03 16:37:55 +00:00
|
|
|
#include <sys/acct.h>
|
|
|
|
#include <sys/fcntl.h>
|
|
|
|
#include <sys/kernel.h>
|
2006-02-07 16:04:03 +00:00
|
|
|
#include <sys/kthread.h>
|
2001-05-01 08:13:21 +00:00
|
|
|
#include <sys/lock.h>
|
2002-11-04 15:13:36 +00:00
|
|
|
#include <sys/mac.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/mount.h>
|
2006-02-03 16:37:55 +00:00
|
|
|
#include <sys/mutex.h>
|
1994-09-26 21:09:15 +00:00
|
|
|
#include <sys/namei.h>
|
2006-02-03 16:37:55 +00:00
|
|
|
#include <sys/proc.h>
|
1994-09-26 21:09:15 +00:00
|
|
|
#include <sys/resourcevar.h>
|
2006-02-07 16:04:03 +00:00
|
|
|
#include <sys/sched.h>
|
2006-02-03 16:37:55 +00:00
|
|
|
#include <sys/sx.h>
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
#include <sys/sysent.h>
|
|
|
|
#include <sys/syslog.h>
|
|
|
|
#include <sys/sysproto.h>
|
1994-09-26 21:09:15 +00:00
|
|
|
#include <sys/tty.h>
|
2006-02-03 16:37:55 +00:00
|
|
|
#include <sys/vnode.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1994-09-26 21:09:15 +00:00
|
|
|
/*
|
|
|
|
* The routines implemented in this file are described in:
|
|
|
|
* Leffler, et al.: The Design and Implementation of the 4.3BSD
|
|
|
|
* UNIX Operating System (Addison Welley, 1989)
|
|
|
|
* on pages 62-63.
|
|
|
|
*
|
|
|
|
* Arguably, to simplify accounting operations, this mechanism should
|
|
|
|
* be replaced by one in which an accounting log file (similar to /dev/klog)
|
|
|
|
* is read by a user process, etc. However, that has its own problems.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Internal accounting functions.
|
|
|
|
* The former's operation is described in Leffler, et al., and the latter
|
|
|
|
* was provided by UCB with the 4.4BSD-Lite release
|
|
|
|
*/
|
2002-03-19 21:25:46 +00:00
|
|
|
static comp_t encode_comp_t(u_long, u_long);
|
2006-02-07 16:04:03 +00:00
|
|
|
static void acctwatch(void);
|
|
|
|
static void acct_thread(void *);
|
|
|
|
static int acct_disable(struct thread *);
|
1997-09-21 22:00:25 +00:00
|
|
|
|
1994-09-26 21:09:15 +00:00
|
|
|
/*
|
2002-07-21 15:22:56 +00:00
|
|
|
* Accounting vnode pointer, saved vnode pointer, and flags for each.
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
* acct_sx protects against changes to the active vnode and credentials
|
|
|
|
* while accounting records are being committed to disk.
|
1994-09-26 21:09:15 +00:00
|
|
|
*/
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
static int acct_suspended;
|
|
|
|
static struct vnode *acct_vp;
|
|
|
|
static struct ucred *acct_cred;
|
|
|
|
static int acct_flags;
|
|
|
|
static struct sx acct_sx;
|
1994-09-26 21:09:15 +00:00
|
|
|
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
SX_SYSINIT(acct, &acct_sx, "acct_sx");
|
2002-09-11 04:10:41 +00:00
|
|
|
|
2006-02-07 16:04:03 +00:00
|
|
|
/*
|
|
|
|
* State of the accounting kthread.
|
|
|
|
*/
|
|
|
|
static int acct_state;
|
|
|
|
|
|
|
|
#define ACCT_RUNNING 1 /* Accounting kthread is running. */
|
|
|
|
#define ACCT_EXITREQ 2 /* Accounting kthread should exit. */
|
|
|
|
|
1994-09-26 21:09:15 +00:00
|
|
|
/*
|
|
|
|
* Values associated with enabling and disabling accounting
|
|
|
|
*/
|
1995-12-14 08:32:45 +00:00
|
|
|
static int acctsuspend = 2; /* stop accounting when < 2% free space left */
|
|
|
|
SYSCTL_INT(_kern, OID_AUTO, acct_suspend, CTLFLAG_RW,
|
2000-06-26 13:52:31 +00:00
|
|
|
&acctsuspend, 0, "percentage of free disk space below which accounting stops");
|
1995-12-14 08:32:45 +00:00
|
|
|
|
|
|
|
static int acctresume = 4; /* resume when free space risen to > 4% */
|
|
|
|
SYSCTL_INT(_kern, OID_AUTO, acct_resume, CTLFLAG_RW,
|
2000-06-26 13:52:31 +00:00
|
|
|
&acctresume, 0, "percentage of free disk space above which accounting resumes");
|
1995-12-14 08:32:45 +00:00
|
|
|
|
|
|
|
static int acctchkfreq = 15; /* frequency (in seconds) to check space */
|
2006-02-07 18:59:47 +00:00
|
|
|
|
|
|
|
static int
|
|
|
|
sysctl_acct_chkfreq(SYSCTL_HANDLER_ARGS)
|
|
|
|
{
|
|
|
|
int error, value;
|
|
|
|
|
|
|
|
/* Write out the old value. */
|
|
|
|
error = SYSCTL_OUT(req, &acctchkfreq, sizeof(int));
|
|
|
|
if (error || req->newptr == NULL)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
/* Read in and verify the new value. */
|
|
|
|
error = SYSCTL_IN(req, &value, sizeof(int));
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
if (value <= 0)
|
|
|
|
return (EINVAL);
|
|
|
|
acctchkfreq = value;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
SYSCTL_PROC(_kern, OID_AUTO, acct_chkfreq, CTLTYPE_INT|CTLFLAG_RW,
|
|
|
|
&acctchkfreq, 0, sysctl_acct_chkfreq, "I",
|
|
|
|
"frequency for checking the free space");
|
1994-09-26 21:09:15 +00:00
|
|
|
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
SYSCTL_INT(_kern, OID_AUTO, acct_suspended, CTLFLAG_RD, &acct_suspended, 0,
|
|
|
|
"Accounting suspended or not");
|
|
|
|
|
1994-09-26 21:09:15 +00:00
|
|
|
/*
|
|
|
|
* Accounting system call. Written based on the specification and
|
|
|
|
* previous implementation done by Mark Tinguely.
|
2001-09-01 03:04:31 +00:00
|
|
|
*
|
|
|
|
* MPSAFE
|
1994-09-26 21:09:15 +00:00
|
|
|
*/
|
1994-05-25 09:21:21 +00:00
|
|
|
int
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
acct(struct thread *td, struct acct_args *uap)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
1994-09-26 21:09:15 +00:00
|
|
|
struct nameidata nd;
|
2006-03-28 21:26:59 +00:00
|
|
|
int error, flags, vfslocked;
|
1994-09-26 21:09:15 +00:00
|
|
|
|
|
|
|
/* Make sure that the caller is root. */
|
2002-04-01 21:31:13 +00:00
|
|
|
error = suser(td);
|
1994-10-02 17:35:40 +00:00
|
|
|
if (error)
|
2002-04-09 19:58:38 +00:00
|
|
|
return (error);
|
1994-09-26 21:09:15 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
1994-09-26 21:09:15 +00:00
|
|
|
* If accounting is to be started to a file, open that file for
|
2006-03-28 21:26:59 +00:00
|
|
|
* appending and make sure it's a 'normal'.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
2002-12-14 01:56:26 +00:00
|
|
|
if (uap->path != NULL) {
|
2006-03-28 21:26:59 +00:00
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2002-07-10 17:31:58 +00:00
|
|
|
flags = FWRITE | O_APPEND;
|
2003-07-27 17:04:56 +00:00
|
|
|
error = vn_open(&nd, &flags, 0, -1);
|
1994-10-02 17:35:40 +00:00
|
|
|
if (error)
|
2006-03-28 21:26:59 +00:00
|
|
|
return (error);
|
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-11-04 15:13:36 +00:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_system_acct(td->td_ucred, nd.ni_vp);
|
|
|
|
if (error) {
|
2005-03-01 08:56:13 +00:00
|
|
|
VOP_UNLOCK(nd.ni_vp, 0, td);
|
2002-11-04 15:13:36 +00:00
|
|
|
vn_close(nd.ni_vp, flags, td->td_ucred, td);
|
2006-03-28 21:26:59 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
return (error);
|
2002-11-04 15:13:36 +00:00
|
|
|
}
|
|
|
|
#endif
|
2001-09-12 08:38:13 +00:00
|
|
|
VOP_UNLOCK(nd.ni_vp, 0, td);
|
1994-09-26 21:09:15 +00:00
|
|
|
if (nd.ni_vp->v_type != VREG) {
|
2002-07-21 15:22:56 +00:00
|
|
|
vn_close(nd.ni_vp, flags, td->td_ucred, td);
|
2006-03-28 21:26:59 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
return (EACCES);
|
1994-09-26 21:09:15 +00:00
|
|
|
}
|
2006-03-28 21:26:59 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-11-04 15:13:36 +00:00
|
|
|
#ifdef MAC
|
|
|
|
} else {
|
|
|
|
error = mac_check_system_acct(td->td_ucred, NULL);
|
|
|
|
if (error)
|
2006-03-28 21:26:59 +00:00
|
|
|
return (error);
|
2002-11-04 15:13:36 +00:00
|
|
|
#endif
|
1994-09-26 21:09:15 +00:00
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
/*
|
|
|
|
* Disallow concurrent access to the accounting vnode while we swap
|
|
|
|
* it out, in order to prevent access after close.
|
|
|
|
*/
|
|
|
|
sx_xlock(&acct_sx);
|
2004-03-04 09:47:09 +00:00
|
|
|
|
1994-09-26 21:09:15 +00:00
|
|
|
/*
|
|
|
|
* If accounting was previously enabled, kill the old space-watcher,
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
* close the file, and (if no new file was specified, leave). Reset
|
|
|
|
* the suspended state regardless of whether accounting remains
|
|
|
|
* enabled.
|
1994-09-26 21:09:15 +00:00
|
|
|
*/
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
acct_suspended = 0;
|
2006-03-28 21:26:59 +00:00
|
|
|
if (acct_vp != NULL) {
|
|
|
|
vfslocked = VFS_LOCK_GIANT(acct_vp->v_mount);
|
2006-02-07 16:04:03 +00:00
|
|
|
error = acct_disable(td);
|
2006-03-28 21:26:59 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
}
|
2002-12-14 01:56:26 +00:00
|
|
|
if (uap->path == NULL) {
|
2006-02-07 16:04:03 +00:00
|
|
|
if (acct_state & ACCT_RUNNING) {
|
|
|
|
acct_state |= ACCT_EXITREQ;
|
|
|
|
wakeup(&acct_state);
|
|
|
|
}
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
sx_xunlock(&acct_sx);
|
2006-03-28 21:26:59 +00:00
|
|
|
return (error);
|
2002-09-12 05:00:32 +00:00
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
/*
|
1994-09-26 21:09:15 +00:00
|
|
|
* Save the new accounting file vnode, and schedule the new
|
|
|
|
* free space watcher.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
acct_vp = nd.ni_vp;
|
|
|
|
acct_cred = crhold(td->td_ucred);
|
|
|
|
acct_flags = flags;
|
2006-02-07 16:04:03 +00:00
|
|
|
if (acct_state & ACCT_RUNNING)
|
|
|
|
acct_state &= ~ACCT_EXITREQ;
|
|
|
|
else {
|
|
|
|
/*
|
|
|
|
* Try to start up an accounting kthread. We may start more
|
|
|
|
* than one, but if so the extras will commit suicide as
|
|
|
|
* soon as they start up.
|
|
|
|
*/
|
|
|
|
error = kthread_create(acct_thread, NULL, NULL, 0, 0,
|
|
|
|
"accounting");
|
|
|
|
if (error) {
|
2006-03-28 21:26:59 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(acct_vp->v_mount);
|
2006-02-07 16:04:03 +00:00
|
|
|
(void) vn_close(acct_vp, acct_flags, acct_cred, td);
|
2006-03-28 21:26:59 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2006-02-07 16:04:03 +00:00
|
|
|
crfree(acct_cred);
|
|
|
|
acct_vp = NULL;
|
|
|
|
acct_cred = NULL;
|
|
|
|
acct_flags = 0;
|
|
|
|
sx_xunlock(&acct_sx);
|
|
|
|
log(LOG_NOTICE, "Unable to start accounting thread\n");
|
2006-03-28 21:26:59 +00:00
|
|
|
return (error);
|
2006-02-07 16:04:03 +00:00
|
|
|
}
|
|
|
|
}
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
sx_xunlock(&acct_sx);
|
2003-07-16 13:20:10 +00:00
|
|
|
log(LOG_NOTICE, "Accounting enabled\n");
|
1994-09-26 21:09:15 +00:00
|
|
|
return (error);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
2006-02-07 16:04:03 +00:00
|
|
|
/*
|
|
|
|
* Disable currently in-progress accounting by closing the vnode, dropping
|
|
|
|
* our reference to the credential, and clearing the vnode's flags.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
acct_disable(struct thread *td)
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
|
|
|
sx_assert(&acct_sx, SX_XLOCKED);
|
|
|
|
error = vn_close(acct_vp, acct_flags, acct_cred, td);
|
|
|
|
crfree(acct_cred);
|
|
|
|
acct_vp = NULL;
|
|
|
|
acct_cred = NULL;
|
|
|
|
acct_flags = 0;
|
|
|
|
log(LOG_NOTICE, "Accounting disabled\n");
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
1994-09-26 21:09:15 +00:00
|
|
|
* Write out process accounting information, on process exit.
|
|
|
|
* Data to be written out is specified in Leffler, et al.
|
|
|
|
* and are enumerated below. (They're also noted in the system
|
|
|
|
* "acct.h" header file.)
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
1994-09-26 21:09:15 +00:00
|
|
|
int
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
acct_process(struct thread *td)
|
1994-09-26 21:09:15 +00:00
|
|
|
{
|
|
|
|
struct acct acct;
|
|
|
|
struct timeval ut, st, tmp;
|
2004-02-04 21:52:57 +00:00
|
|
|
struct plimit *newlim, *oldlim;
|
2004-03-04 09:47:09 +00:00
|
|
|
struct proc *p;
|
|
|
|
struct rusage *r;
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
int t, ret, vfslocked;
|
2002-09-11 04:10:41 +00:00
|
|
|
|
2005-01-08 04:45:57 +00:00
|
|
|
/*
|
|
|
|
* Lockless check of accounting condition before doing the hard
|
|
|
|
* work.
|
|
|
|
*/
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
if (acct_vp == NULL || acct_suspended)
|
2005-01-08 04:45:57 +00:00
|
|
|
return (0);
|
|
|
|
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
sx_slock(&acct_sx);
|
1994-09-26 21:09:15 +00:00
|
|
|
|
2005-01-08 04:45:57 +00:00
|
|
|
/*
|
|
|
|
* If accounting isn't enabled, don't bother. Have to check again
|
|
|
|
* once we own the lock in case we raced with disabling of accounting
|
|
|
|
* by another thread.
|
|
|
|
*/
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
if (acct_vp == NULL || acct_suspended) {
|
|
|
|
sx_sunlock(&acct_sx);
|
1994-09-26 21:09:15 +00:00
|
|
|
return (0);
|
2002-09-11 04:10:41 +00:00
|
|
|
}
|
1994-09-26 21:09:15 +00:00
|
|
|
|
2004-03-04 09:47:09 +00:00
|
|
|
p = td->td_proc;
|
|
|
|
|
1994-09-26 21:09:15 +00:00
|
|
|
/*
|
|
|
|
* Get process accounting information.
|
|
|
|
*/
|
|
|
|
|
2003-04-17 22:20:30 +00:00
|
|
|
PROC_LOCK(p);
|
1994-09-26 21:09:15 +00:00
|
|
|
/* (1) The name of the command that ran */
|
|
|
|
bcopy(p->p_comm, acct.ac_comm, sizeof acct.ac_comm);
|
|
|
|
|
|
|
|
/* (2) The amount of user and system time that was used */
|
2004-10-05 18:51:11 +00:00
|
|
|
calcru(p, &ut, &st);
|
1994-09-26 21:09:15 +00:00
|
|
|
acct.ac_utime = encode_comp_t(ut.tv_sec, ut.tv_usec);
|
|
|
|
acct.ac_stime = encode_comp_t(st.tv_sec, st.tv_usec);
|
|
|
|
|
2002-11-05 14:54:07 +00:00
|
|
|
/* (3) The elapsed time the command ran (and its starting time) */
|
2003-05-01 16:59:23 +00:00
|
|
|
tmp = boottime;
|
|
|
|
timevaladd(&tmp, &p->p_stats->p_start);
|
|
|
|
acct.ac_btime = tmp.tv_sec;
|
|
|
|
microuptime(&tmp);
|
1994-09-26 21:09:15 +00:00
|
|
|
timevalsub(&tmp, &p->p_stats->p_start);
|
|
|
|
acct.ac_etime = encode_comp_t(tmp.tv_sec, tmp.tv_usec);
|
|
|
|
|
|
|
|
/* (4) The average amount of memory used */
|
|
|
|
r = &p->p_stats->p_ru;
|
|
|
|
tmp = ut;
|
|
|
|
timevaladd(&tmp, &st);
|
|
|
|
t = tmp.tv_sec * hz + tmp.tv_usec / tick;
|
|
|
|
if (t)
|
|
|
|
acct.ac_mem = (r->ru_ixrss + r->ru_idrss + r->ru_isrss) / t;
|
|
|
|
else
|
|
|
|
acct.ac_mem = 0;
|
|
|
|
|
|
|
|
/* (5) The number of disk I/O operations done */
|
|
|
|
acct.ac_io = encode_comp_t(r->ru_inblock + r->ru_oublock, 0);
|
|
|
|
|
|
|
|
/* (6) The UID and GID of the process */
|
o Merge contents of struct pcred into struct ucred. Specifically, add the
real uid, saved uid, real gid, and saved gid to ucred, as well as the
pcred->pc_uidinfo, which was associated with the real uid, only rename
it to cr_ruidinfo so as not to conflict with cr_uidinfo, which
corresponds to the effective uid.
o Remove p_cred from struct proc; add p_ucred to struct proc, replacing
original macro that pointed.
p->p_ucred to p->p_cred->pc_ucred.
o Universally update code so that it makes use of ucred instead of pcred,
p->p_ucred instead of p->p_pcred, cr_ruidinfo instead of p_uidinfo,
cr_{r,sv}{u,g}id instead of p_*, etc.
o Remove pcred0 and its initialization from init_main.c; initialize
cr_ruidinfo there.
o Restruction many credential modification chunks to always crdup while
we figure out locking and optimizations; generally speaking, this
means moving to a structure like this:
newcred = crdup(oldcred);
...
p->p_ucred = newcred;
crfree(oldcred);
It's not race-free, but better than nothing. There are also races
in sys_process.c, all inter-process authorization, fork, exec, and
exit.
o Remove sigio->sio_ruid since sigio->sio_ucred now contains the ruid;
remove comments indicating that the old arrangement was a problem.
o Restructure exec1() a little to use newcred/oldcred arrangement, and
use improved uid management primitives.
o Clean up exit1() so as to do less work in credential cleanup due to
pcred removal.
o Clean up fork1() so as to do less work in credential cleanup and
allocation.
o Clean up ktrcanset() to take into account changes, and move to using
suser_xxx() instead of performing a direct uid==0 comparision.
o Improve commenting in various kern_prot.c credential modification
calls to better document current behavior. In a couple of places,
current behavior is a little questionable and we need to check
POSIX.1 to make sure it's "right". More commenting work still
remains to be done.
o Update credential management calls, such as crfree(), to take into
account new ruidinfo reference.
o Modify or add the following uid and gid helper routines:
change_euid()
change_egid()
change_ruid()
change_rgid()
change_svuid()
change_svgid()
In each case, the call now acts on a credential not a process, and as
such no longer requires more complicated process locking/etc. They
now assume the caller will do any necessary allocation of an
exclusive credential reference. Each is commented to document its
reference requirements.
o CANSIGIO() is simplified to require only credentials, not processes
and pcreds.
o Remove lots of (p_pcred==NULL) checks.
o Add an XXX to authorization code in nfs_lock.c, since it's
questionable, and needs to be considered carefully.
o Simplify posix4 authorization code to require only credentials, not
processes and pcreds. Note that this authorization, as well as
CANSIGIO(), needs to be updated to use the p_cansignal() and
p_cansched() centralized authorization routines, as they currently
do not take into account some desirable restrictions that are handled
by the centralized routines, as well as being inconsistent with other
similar authorization instances.
o Update libkvm to take these changes into account.
Obtained from: TrustedBSD Project
Reviewed by: green, bde, jhb, freebsd-arch, freebsd-audit
2001-05-25 16:59:11 +00:00
|
|
|
acct.ac_uid = p->p_ucred->cr_ruid;
|
|
|
|
acct.ac_gid = p->p_ucred->cr_rgid;
|
1994-09-26 21:09:15 +00:00
|
|
|
|
|
|
|
/* (7) The terminal from which the process was started */
|
2002-02-23 11:12:57 +00:00
|
|
|
SESS_LOCK(p->p_session);
|
1994-09-26 21:09:15 +00:00
|
|
|
if ((p->p_flag & P_CONTROLT) && p->p_pgrp->pg_session->s_ttyp)
|
1999-07-10 06:27:36 +00:00
|
|
|
acct.ac_tty = dev2udev(p->p_pgrp->pg_session->s_ttyp->t_dev);
|
1994-09-26 21:09:15 +00:00
|
|
|
else
|
2004-06-17 17:16:53 +00:00
|
|
|
acct.ac_tty = NODEV;
|
2002-02-23 11:12:57 +00:00
|
|
|
SESS_UNLOCK(p->p_session);
|
1994-09-26 21:09:15 +00:00
|
|
|
|
|
|
|
/* (8) The boolean flags that tell how the process terminated, etc. */
|
|
|
|
acct.ac_flag = p->p_acflag;
|
2003-04-17 22:20:30 +00:00
|
|
|
PROC_UNLOCK(p);
|
1994-09-26 21:09:15 +00:00
|
|
|
|
|
|
|
/*
|
1998-06-05 21:44:20 +00:00
|
|
|
* Eliminate any file size rlimit.
|
|
|
|
*/
|
2004-02-04 21:52:57 +00:00
|
|
|
newlim = lim_alloc();
|
|
|
|
PROC_LOCK(p);
|
|
|
|
oldlim = p->p_limit;
|
|
|
|
lim_copy(newlim, oldlim);
|
|
|
|
newlim->pl_rlimit[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
|
|
|
|
p->p_limit = newlim;
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
lim_free(oldlim);
|
1998-06-05 21:44:20 +00:00
|
|
|
|
2004-03-04 09:47:09 +00:00
|
|
|
/*
|
|
|
|
* Write the accounting information to the file.
|
|
|
|
*/
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(acct_vp->v_mount);
|
|
|
|
VOP_LEASE(acct_vp, td, acct_cred, LEASE_WRITE);
|
|
|
|
ret = vn_rdwr(UIO_WRITE, acct_vp, (caddr_t)&acct, sizeof (acct),
|
|
|
|
(off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, acct_cred, NOCRED,
|
2002-09-11 04:10:41 +00:00
|
|
|
(int *)0, td);
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
sx_sunlock(&acct_sx);
|
2002-09-11 04:10:41 +00:00
|
|
|
return (ret);
|
1994-09-26 21:09:15 +00:00
|
|
|
}
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
1994-09-26 21:09:15 +00:00
|
|
|
* Encode_comp_t converts from ticks in seconds and microseconds
|
|
|
|
* to ticks in 1/AHZ seconds. The encoding is described in
|
|
|
|
* Leffler, et al., on page 63.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
1994-09-26 21:09:15 +00:00
|
|
|
|
|
|
|
#define MANTSIZE 13 /* 13 bit mantissa. */
|
|
|
|
#define EXPSIZE 3 /* Base 8 (3 bit) exponent. */
|
|
|
|
#define MAXFRACT ((1 << MANTSIZE) - 1) /* Maximum fractional value. */
|
|
|
|
|
1995-12-14 08:32:45 +00:00
|
|
|
static comp_t
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
encode_comp_t(u_long s, u_long us)
|
1994-09-26 21:09:15 +00:00
|
|
|
{
|
|
|
|
int exp, rnd;
|
|
|
|
|
|
|
|
exp = 0;
|
|
|
|
rnd = 0;
|
|
|
|
s *= AHZ;
|
|
|
|
s += us / (1000000 / AHZ); /* Maximize precision. */
|
|
|
|
|
|
|
|
while (s > MAXFRACT) {
|
|
|
|
rnd = s & (1 << (EXPSIZE - 1)); /* Round up? */
|
|
|
|
s >>= EXPSIZE; /* Base 8 exponent == 3 bit shift. */
|
|
|
|
exp++;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If we need to round up, do it (and handle overflow correctly). */
|
|
|
|
if (rnd && (++s > MAXFRACT)) {
|
|
|
|
s >>= EXPSIZE;
|
|
|
|
exp++;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Clean it up and polish it off. */
|
|
|
|
exp <<= MANTSIZE; /* Shift the exponent into place */
|
|
|
|
exp += s; /* and add on the mantissa. */
|
|
|
|
return (exp);
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
/*
|
2002-05-16 21:28:32 +00:00
|
|
|
* Periodically check the filesystem to see if accounting
|
1994-09-26 21:09:15 +00:00
|
|
|
* should be turned on or off. Beware the case where the vnode
|
|
|
|
* has been vgone()'d out from underneath us, e.g. when the file
|
|
|
|
* system containing the accounting file has been forcibly unmounted.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
/* ARGSUSED */
|
1995-12-14 08:32:45 +00:00
|
|
|
static void
|
2006-02-07 16:04:03 +00:00
|
|
|
acctwatch(void)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
|
|
|
struct statfs sb;
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
int vfslocked;
|
|
|
|
|
2006-02-07 16:04:03 +00:00
|
|
|
sx_assert(&acct_sx, SX_XLOCKED);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If accounting was disabled before our kthread was scheduled,
|
|
|
|
* then acct_vp might be NULL. If so, just ask our kthread to
|
|
|
|
* exit and return.
|
|
|
|
*/
|
|
|
|
if (acct_vp == NULL) {
|
|
|
|
acct_state |= ACCT_EXITREQ;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If our vnode is no longer valid, tear it down and signal the
|
|
|
|
* accounting thread to die.
|
|
|
|
*/
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(acct_vp->v_mount);
|
|
|
|
if (acct_vp->v_type == VBAD) {
|
2006-02-07 16:04:03 +00:00
|
|
|
(void) acct_disable(NULL);
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2006-02-07 16:04:03 +00:00
|
|
|
acct_state |= ACCT_EXITREQ;
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
return;
|
|
|
|
}
|
2006-02-07 16:04:03 +00:00
|
|
|
|
2002-09-12 05:00:32 +00:00
|
|
|
/*
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
* Stopping here is better than continuing, maybe it will be VBAD
|
|
|
|
* next time around.
|
2003-03-13 23:07:09 +00:00
|
|
|
*/
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
if (VFS_STATFS(acct_vp->v_mount, &sb, curthread) < 0) {
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
if (acct_suspended) {
|
|
|
|
if (sb.f_bavail > (int64_t)(acctresume * sb.f_blocks /
|
|
|
|
100)) {
|
|
|
|
acct_suspended = 0;
|
1994-05-24 10:09:53 +00:00
|
|
|
log(LOG_NOTICE, "Accounting resumed\n");
|
|
|
|
}
|
1997-02-10 02:22:35 +00:00
|
|
|
} else {
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
if (sb.f_bavail <= (int64_t)(acctsuspend * sb.f_blocks /
|
|
|
|
100)) {
|
|
|
|
acct_suspended = 1;
|
1994-05-24 10:09:53 +00:00
|
|
|
log(LOG_NOTICE, "Accounting suspended\n");
|
|
|
|
}
|
1997-02-10 02:22:35 +00:00
|
|
|
}
|
2006-02-07 16:04:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The main loop for the dedicated kernel thread that periodically calls
|
|
|
|
* acctwatch().
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
acct_thread(void *dummy)
|
|
|
|
{
|
|
|
|
u_char pri;
|
|
|
|
|
|
|
|
/* This is a low-priority kernel thread. */
|
|
|
|
pri = PRI_MAX_KERN;
|
|
|
|
mtx_lock_spin(&sched_lock);
|
|
|
|
sched_prio(curthread, pri);
|
|
|
|
mtx_unlock_spin(&sched_lock);
|
|
|
|
|
|
|
|
/* If another accounting kthread is already running, just die. */
|
|
|
|
sx_xlock(&acct_sx);
|
|
|
|
if (acct_state & ACCT_RUNNING) {
|
|
|
|
sx_xunlock(&acct_sx);
|
|
|
|
kthread_exit(0);
|
|
|
|
}
|
|
|
|
acct_state |= ACCT_RUNNING;
|
|
|
|
|
|
|
|
/* Loop until we are asked to exit. */
|
|
|
|
while (!(acct_state & ACCT_EXITREQ)) {
|
|
|
|
|
|
|
|
/* Perform our periodic checks. */
|
|
|
|
acctwatch();
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We check this flag again before sleeping since the
|
|
|
|
* acctwatch() might have shut down accounting and asked us
|
|
|
|
* to exit.
|
|
|
|
*/
|
|
|
|
if (!(acct_state & ACCT_EXITREQ)) {
|
|
|
|
sx_xunlock(&acct_sx);
|
|
|
|
tsleep(&acct_state, pri, "-", acctchkfreq * hz);
|
|
|
|
sx_xlock(&acct_sx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Acknowledge the exit request and shutdown. We clear both the
|
|
|
|
* exit request and running flags.
|
|
|
|
*/
|
|
|
|
acct_state = 0;
|
Significant refactoring of the accounting code to improve locking and VFS
happiness, as well as correct other bugs:
- Replace notion of current and saved accounting credential/vnode with a
single credential/vnode and an acct_suspended flag. This simplifies the
accounting logic substantially.
- Replace acct_mtx with acct_sx, a sleepable lock held exclusively during
reconfiguration and space polling, but shared during log entry
generation. This avoids holding a mutex over sleepable VFS operations.
- Hold the sx lock over the duration of the I/O so that the vnode I/O
cannot occur after vnode close, which could occur previously if
accounting was disabled as a process exited.
- Write the accounting log entry with Giant conditionally acquired based
on the file system where the log is stored. Previously, the accounting
code relied on the caller acquiring Giant.
- Acquire Giant conditionally in the accounting callout based on the file
system where the accounting log is stored. Run the callout MPSAFE.
- Expose acct_suspended via a read-only sysctl so it is possibly to
programmatically determine whether accounting is suspended or not without
attempting to parse logs.
- Check both acct_vp and acct_suspended lock-free before entering the
accounting sx lock in acct().
- When accounting is disabled due to a VBAD vnode (i.e., forceable unmount),
generate a log message indicating accounting has been disabled.
- Correct a long-standing bug in how free space is calculated and compared
to the required space: generate and compare signed results, not unsigned
results, or negative free space will cause accounting to not be suspended
when required, or worse, incorrectly resumed once negative free space is
reached.
MFC after: 2 weeks
2005-11-12 10:45:13 +00:00
|
|
|
sx_xunlock(&acct_sx);
|
2006-02-07 16:04:03 +00:00
|
|
|
kthread_exit(0);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|