Add a resource limit for the total number of kqueues available to the

user. Kqueue now saves the ucred of the allocating thread, to correctly decrement the counter on close. Under some specific and not real-world use scenario for kqueue, it is possible for the kqueues to consume memory proportional to the square of the number of the filedescriptors available to the process. Limit allows administrator to prevent the abuse. This is kernel-mode side of the change, with the user-mode enabling commit following. Reported and tested by: pho Discussed with: jmg Sponsored by: The FreeBSD Foundation MFC after: 2 weeks
2013-10-21 16:46:12 +00:00 · 2013-10-21 16:46:12 +00:00 · 85a0ddfd0b
commit 85a0ddfd0b
parent 9110db818a
7 changed files with 23 additions and 8 deletions
--- a/bin/sh/miscbltin.c
+++ b/bin/sh/miscbltin.c
@ -404,6 +404,9 @@ static const struct limits limits[] = {
 #endif
 #ifdef RLIMIT_NPTS
 	{ "pseudo-terminals",	(char *)0,	RLIMIT_NPTS,	   1, 'p' },
+#endif
+#ifdef RLIMIT_KQUEUES
+	{ "kqueues",		(char *)0,	RLIMIT_KQUEUES,	   1, 'k' },
 #endif
 	{ (char *) 0,		(char *)0,	0,		   0, '\0' }
 };
@ -421,7 +424,7 @@ ulimitcmd(int argc __unused, char **argv __unused)
 	struct rlimit	limit;

 	what = 'f';
-	while ((optc = nextopt("HSatfdsmcnuvlbpw")) != '\0')
+	while ((optc = nextopt("HSatfdsmcnuvlbpwk")) != '\0')
 		switch (optc) {
 		case 'H':
 			how = HARD;
--- a/etc/login.conf
+++ b/etc/login.conf
@ -42,6 +42,7 @@ default:\
 	:vmemoryuse=unlimited:\
 	:swapuse=unlimited:\
 	:pseudoterminals=unlimited:\
+	:kqueues=unlimited:\
 	:priority=0:\
 	:ignoretime@:\
 	:umask=022:
--- a/lib/libc/sys/getrlimit.2
+++ b/lib/libc/sys/getrlimit.2
@ -108,6 +108,8 @@ Please see
 for a complete description of this sysctl.
 .It Dv RLIMIT_NPTS
 The maximum number of pseudo-terminals created by this user id.
+.It Dv RLIMIT_KQUEUES
+The maximum number of kqueues created by this user id.
 .El
 .Pp
 A resource limit is specified as a soft limit and a hard limit.
--- a/lib/libutil/login_class.3
+++ b/lib/libutil/login_class.3
@ -118,6 +118,7 @@ sbsize           RLIMIT_SBSIZE
 vmemoryuse       RLIMIT_VMEM
 pseudoterminals  RLIMIT_NPTS
 swapuse          RLIMIT_SWAP
+kqueues          RLIMIT_KQUEUES
 .Ed
 .It LOGIN_SETPRIORITY
 Set the scheduling priority for the current process based on the
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@ -66,6 +66,7 @@ static struct login_res {
    { "vmemoryuse",      login_getcapsize, RLIMIT_VMEM    },
    { "pseudoterminals", login_getcapnum,  RLIMIT_NPTS    },
    { "swapuse",         login_getcapsize, RLIMIT_SWAP    },
+    { "kqueues",         login_getcapsize, RLIMIT_KQUEUES },
    { NULL,              0,                0              }
 };

--- a/usr.bin/limits/limits.c
+++ b/usr.bin/limits/limits.c
@ -89,7 +89,8 @@ static struct {
 	  { "  sbsize%-4s           %8s", " bytes\n", 1    },
 	  { "  vmemoryuse%-4s       %8s", " kB\n",    1024 },
 	  { "  pseudo-terminals%-4s %8s", "\n",       1    },
-	  { "  swapuse%-4s          %8s", " kB\n",    1024 }
+	  { "  swapuse%-4s          %8s", " kB\n",    1024 },
+	  { "  kqueues%-4s          %8s", "\n",       1    },
      }
    },
    { "sh", "unlimited", "", " -H", " -S", "",
@ -106,7 +107,8 @@ static struct {
 	  { "ulimit%s -b %s", ";\n",  1    },
 	  { "ulimit%s -v %s", ";\n",  1024 },
 	  { "ulimit%s -p %s", ";\n",  1    },
-	  { "ulimit%s -w %s", ";\n",  1024 }
+	  { "ulimit%s -w %s", ";\n",  1024 },
+	  { "ulimit%s -k %s", ";\n",  1    },
      }
    },
    { "csh", "unlimited", "", " -h", "", NULL,
@ -123,7 +125,8 @@ static struct {
 	  { "limit%s sbsize %s",          ";\n",  1    },
 	  { "limit%s vmemoryuse %s",      ";\n",  1024 },
 	  { "limit%s pseudoterminals %s", ";\n",  1    },
-	  { "limit%s swapuse %s",         ";\n",  1024 }
+	  { "limit%s swapuse %s",         ";\n",  1024 },
+	  { "limit%s kqueues %s",         ";\n",  1    },
      }
    },
    { "bash|bash2", "unlimited", "", " -H", " -S", "",
@ -157,7 +160,8 @@ static struct {
 	  { "limit%s sbsize %s",          ";\n",  1    },
 	  { "limit%s vmemoryuse %s",      ";\n",  1024 },
 	  { "limit%s pseudoterminals %s", ";\n",  1    },
-	  { "limit%s swapuse %s",         ";\n",  1024 }
+	  { "limit%s swapuse %s",         ";\n",  1024 },
+	  { "limit%s kqueues %s",         ";\n",  1    },
      }
    },
    { "ksh|pdksh", "unlimited", "", " -H", " -S", "",
@ -232,7 +236,8 @@ static struct {
    { "sbsize",		login_getcapsize },
    { "vmemoryuse",	login_getcapsize },
    { "pseudoterminals",login_getcapnum  },
-    { "swapuse",	login_getcapsize }
+    { "swapuse",	login_getcapsize },
+    { "kqueues",	login_getcapnum  },
 };

 /*
@ -647,6 +652,7 @@ resource_num(int which, int ch, const char *str)
 	case RLIMIT_NPROC:
 	case RLIMIT_NOFILE:
 	case RLIMIT_NPTS:
+	case RLIMIT_KQUEUES:
 	    res = strtoq(s, &e, 0);
 	    s = e;
 	    break;
--- a/usr.bin/procstat/procstat_rlimit.c
+++ b/usr.bin/procstat/procstat_rlimit.c
@ -46,7 +46,7 @@
 static struct {
 	const char *name;
 	const char *suffix;
-} rlimit_param[13] = {
+} rlimit_param[14] = {
 	{"cputime",          "sec"},
 	{"filesize",         "B  "},
 	{"datasize",         "B  "},
@ -60,9 +60,10 @@ static struct {
 	{"vmemoryuse",       "B  "},
 	{"pseudo-terminals", "   "},
 	{"swapuse",          "B  "},
+	{"kqueues",          "   "},
 };

-#if RLIM_NLIMITS > 13
+#if RLIM_NLIMITS > 14
 #error "Resource limits have grown. Add new entries to rlimit_param[]."
 #endif