d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Add a sysctl to allow non-root users the ability to set idle

Browse Source 
priorities.

- While here fix up some style nits.

Discussed with: cperciva (breifly)
Reviewed by:	pjd (earlier version)
Reviewed by:	bde
Approved by:	jhb
MFC after:	1 month
This commit is contained in:
Eitan Adler 2011-12-13 14:00:27 +00:00
parent 53627e400f
commit 9910b854c6
1 changed files with 33 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
sys/kern/kern_resource.c
View File

@ -56,6 +56,7 @@ __FBSDID("$FreeBSD$");
#include <sys/sched.h> #include <sys/sched.h>
#include <sys/sx.h> #include <sys/sx.h>
#include <sys/syscallsubr.h> #include <sys/syscallsubr.h>
#include <sys/sysctl.h>
#include <sys/sysent.h> #include <sys/sysent.h>
#include <sys/time.h> #include <sys/time.h>
#include <sys/umtx.h> #include <sys/umtx.h>
@ -273,6 +274,10 @@ donice(struct thread *td, struct proc *p, int n)
return (0); return (0);
} }
static int unprivileged_idprio;
SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_idprio, CTLFLAG_RW,
&unprivileged_idprio, 0, "Allow non-root users to set an idle priority");
/* /*
* Set realtime priority for LWP. * Set realtime priority for LWP.
*/ */
@ -321,18 +326,26 @@ sys_rtprio_thread(struct thread *td, struct rtprio_thread_args *uap)
break; break;
/* Disallow setting rtprio in most cases if not superuser. */ /* Disallow setting rtprio in most cases if not superuser. */
/*
* Realtime priority has to be restricted for reasons which should be /*
* obvious. However, for idle priority, there is a potential for * Realtime priority has to be restricted for reasons which
* system deadlock if an idleprio process gains a lock on a resource * should be obvious. However, for idleprio processes, there is
* that other processes need (and the idleprio process can't run * a potential for system deadlock if an idleprio process gains
* due to a CPU-bound normal process). Fix me! XXX * a lock on a resource that other processes need (and the
*/ * idleprio process can't run due to a CPU-bound normal
#if 0 * process). Fix me! XXX
if (RTP_PRIO_IS_REALTIME(rtp.type)) { *
#else * This problem is not only related to idleprio process.
if (rtp.type != RTP_PRIO_NORMAL) { * A user level program can obtain a file lock and hold it
#endif * indefinitely. Additionally, without idleprio processes it is
* still conceivable that a program with low priority will never
* get to run. In short, allowing this feature might make it
* easier to lock a resource indefinitely, but it is not the
* only thing that makes it possible.
*/
if (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_REALTIME ||
(RTP_PRIO_BASE(rtp.type) == RTP_PRIO_IDLE &&
unprivileged_idprio == 0)) {
error = priv_check(td, PRIV_SCHED_RTPRIO); error = priv_check(td, PRIV_SCHED_RTPRIO);
if (error) if (error)
break; break;
@ -417,19 +430,14 @@ sys_rtprio(td, uap)
if ((error = p_cansched(td, p)) || (error = cierror)) if ((error = p_cansched(td, p)) || (error = cierror))
break; break;
/* Disallow setting rtprio in most cases if not superuser. */ /*
/* * Disallow setting rtprio in most cases if not superuser.
* Realtime priority has to be restricted for reasons which should be * See the comment in sys_rtprio_thread about idprio
* obvious. However, for idle priority, there is a potential for * threads holding a lock.
* system deadlock if an idleprio process gains a lock on a resource */
* that other processes need (and the idleprio process can't run if (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_REALTIME ||
* due to a CPU-bound normal process). Fix me! XXX (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_IDLE &&
*/ !unprivileged_idprio)) {
#if 0
if (RTP_PRIO_IS_REALTIME(rtp.type)) {
#else
if (rtp.type != RTP_PRIO_NORMAL) {
#endif
error = priv_check(td, PRIV_SCHED_RTPRIO); error = priv_check(td, PRIV_SCHED_RTPRIO);
if (error) if (error)
break; break;