diff --git a/bin/sh/miscbltin.c b/bin/sh/miscbltin.c --- a/bin/sh/miscbltin.c +++ b/bin/sh/miscbltin.c @@ -483,6 +483,9 @@ #endif #ifdef RLIMIT_UMTXP { "umtx shared locks", (char *)0, RLIMIT_UMTXP, 1, 'o' }, +#endif +#ifdef RLIMIT_PIPEBUF + { "pipebuf", (char *)0, RLIMIT_PIPEBUF, 1024, 'y' }, #endif { (char *) 0, (char *)0, 0, 0, '\0' } }; diff --git a/lib/libsys/getrlimit.2 b/lib/libsys/getrlimit.2 --- a/lib/libsys/getrlimit.2 +++ b/lib/libsys/getrlimit.2 @@ -84,6 +84,16 @@ The maximum number of simultaneous processes for this user id. .It Dv RLIMIT_NPTS The maximum number of pseudo-terminals this user id is allowed to create. +.It Dv RLIMIT_PIPEBUF +The maximum total size of in-kernel buffers for two-directional pipes/fifos +this user id is allowed to consume. +The buffers for kernel FIFOs created on the first open of a filesystem +object created by +.Pq Xr mkfifo 2 +are also accounted to the user ID of the process opening it, +not the FIFO's filesystem owner. +Despite somewhat unexpected, this is in fact fair, since user of the fifo +is not necessary its creator. .It Dv RLIMIT_RSS When there is memory pressure and swap is available, prioritize eviction of a process' resident pages beyond this amount (in bytes). @@ -112,6 +122,9 @@ Please see .Xr tuning 7 for a complete description of this sysctl. +.It Dv RLIMIT_UMTXP +The limit of the number of process-shared posix thread library objects +allocated by user id. .It Dv RLIMIT_VMEM An alias for .Dv RLIMIT_AS . diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5 --- a/lib/libutil/login.conf.5 +++ b/lib/libutil/login.conf.5 @@ -204,6 +204,7 @@ .It "pseudoterminals number Maximum number of pseudo-terminals." .It "swapuse size Maximum swap space size limit." .It "umtxp number Maximum number of process-shared pthread locks." +.It "pipebuf" size Maximum size of pipe buffers." .El .Pp These resource limit entries actually specify both the maximum diff --git a/lib/libutil/login_class.3 b/lib/libutil/login_class.3 --- a/lib/libutil/login_class.3 +++ b/lib/libutil/login_class.3 @@ -118,6 +118,7 @@ swapuse RLIMIT_SWAP kqueues RLIMIT_KQUEUES umtxp RLIMIT_UMTXP +pipebuf RLIMIT_PIPEBUF .Ed .It LOGIN_SETPRIORITY Set the scheduling priority for the current process based on the diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c --- a/lib/libutil/login_class.c +++ b/lib/libutil/login_class.c @@ -65,6 +65,7 @@ { "swapuse", login_getcapsize, RLIMIT_SWAP }, { "kqueues", login_getcapsize, RLIMIT_KQUEUES }, { "umtxp", login_getcapnum, RLIMIT_UMTXP }, + { "pipebuf", login_getcapnum, RLIMIT_PIPEBUF }, { NULL, 0, 0 } }; diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -1607,3 +1607,10 @@ return (chglimit(uip, &uip->ui_umtxcnt, diff, max, "umtxcnt")); } + +int +chgpipecnt(struct uidinfo *uip, int diff, rlim_t max) +{ + + return (chglimit(uip, &uip->ui_pipecnt, diff, max, "pipecnt")); +} diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c --- a/sys/kern/sys_pipe.c +++ b/sys/kern/sys_pipe.c @@ -375,6 +375,7 @@ #endif rpipe = &pp->pp_rpipe; wpipe = &pp->pp_wpipe; + pp->pp_owner = crhold(td->td_ucred); knlist_init_mtx(&rpipe->pipe_sel.si_note, PIPE_MTX(rpipe)); knlist_init_mtx(&wpipe->pipe_sel.si_note, PIPE_MTX(wpipe)); @@ -408,6 +409,7 @@ fail: knlist_destroy(&rpipe->pipe_sel.si_note); knlist_destroy(&wpipe->pipe_sel.si_note); + crfree(pp->pp_owner); #ifdef MAC mac_pipe_destroy(pp); #endif @@ -574,9 +576,20 @@ size = round_page(size); buffer = (caddr_t) vm_map_min(pipe_map); + if (!chgpipecnt(cpipe->pipe_pair->pp_owner->cr_ruidinfo, + size, lim_cur(curthread, RLIMIT_PIPEBUF))) { + if (cpipe->pipe_buffer.buffer == NULL && + size > SMALL_PIPE_SIZE) { + size = SMALL_PIPE_SIZE; + goto retry; + } + return (ENOMEM); + } + error = vm_map_find(pipe_map, NULL, 0, (vm_offset_t *)&buffer, size, 0, VMFS_ANY_SPACE, VM_PROT_RW, VM_PROT_RW, 0); if (error != KERN_SUCCESS) { + chgpipecnt(cpipe->pipe_pair->pp_owner->cr_ruidinfo, -size, 0); if (cpipe->pipe_buffer.buffer == NULL && size > SMALL_PIPE_SIZE) { size = SMALL_PIPE_SIZE; @@ -1645,6 +1658,8 @@ if (cpipe->pipe_buffer.buffer != NULL) { atomic_subtract_long(&amountpipekva, cpipe->pipe_buffer.size); + chgpipecnt(cpipe->pipe_pair->pp_owner->cr_uidinfo, + cpipe->pipe_buffer.size, 0); vm_map_remove(pipe_map, (vm_offset_t)cpipe->pipe_buffer.buffer, (vm_offset_t)cpipe->pipe_buffer.buffer + cpipe->pipe_buffer.size); @@ -1731,6 +1746,7 @@ */ if (ppipe->pipe_present == PIPE_FINALIZED) { PIPE_UNLOCK(cpipe); + crfree(cpipe->pipe_pair->pp_owner); #ifdef MAC mac_pipe_destroy(pp); #endif diff --git a/sys/sys/pipe.h b/sys/sys/pipe.h --- a/sys/sys/pipe.h +++ b/sys/sys/pipe.h @@ -136,6 +136,7 @@ struct pipe pp_wpipe; struct mtx pp_mtx; struct label *pp_label; + struct ucred *pp_owner; /* to dec pipe usage count */ }; #define PIPE_MTX(pipe) (&(pipe)->pipe_pair->pp_mtx) diff --git a/sys/sys/resource.h b/sys/sys/resource.h --- a/sys/sys/resource.h +++ b/sys/sys/resource.h @@ -114,8 +114,9 @@ #define RLIMIT_SWAP 12 /* swap used */ #define RLIMIT_KQUEUES 13 /* kqueues allocated */ #define RLIMIT_UMTXP 14 /* process-shared umtx */ +#define RLIMIT_PIPEBUF 15 /* pipes/fifos buffers */ -#define RLIM_NLIMITS 15 /* number of resource limits */ +#define RLIM_NLIMITS 16 /* number of resource limits */ #define RLIM_INFINITY ((rlim_t)(((__uint64_t)1 << 63) - 1)) #define RLIM_SAVED_MAX RLIM_INFINITY diff --git a/sys/sys/resourcevar.h b/sys/sys/resourcevar.h --- a/sys/sys/resourcevar.h +++ b/sys/sys/resourcevar.h @@ -121,6 +121,7 @@ long ui_ptscnt; /* (b) number of pseudo-terminals */ long ui_kqcnt; /* (b) number of kqueues */ long ui_umtxcnt; /* (b) number of shared umtxs */ + long ui_pipecnt; /* (b) consumption of pipe buffers */ uid_t ui_uid; /* (a) uid */ u_int ui_ref; /* (b) reference count */ #ifdef RACCT @@ -142,6 +143,7 @@ rlim_t maxval); int chgptscnt(struct uidinfo *uip, int diff, rlim_t maxval); int chgumtxcnt(struct uidinfo *uip, int diff, rlim_t maxval); +int chgpipecnt(struct uidinfo *uip, int diff, rlim_t max); int kern_proc_setrlimit(struct thread *td, struct proc *p, u_int which, struct rlimit *limp); struct plimit diff --git a/usr.bin/limits/limits.c b/usr.bin/limits/limits.c --- a/usr.bin/limits/limits.c +++ b/usr.bin/limits/limits.c @@ -91,6 +91,7 @@ { " swapuse%-4s %8s", " kB\n", 1024 }, { " kqueues%-4s %8s", "\n", 1 }, { " umtxp%-4s %8s", "\n", 1 }, + { " pipebuf%-4s %8s", " kB\n", 1024 }, } }, { "sh", "unlimited", "", " -H", " -S", "", @@ -110,6 +111,7 @@ { "ulimit%s -w %s", ";\n", 1024 }, { "ulimit%s -k %s", ";\n", 1 }, { "ulimit%s -o %s", ";\n", 1 }, + { "ulimit%s -y %s", ";\n", 1024 }, } }, { "csh", "unlimited", "", " -h", "", NULL, @@ -242,6 +244,7 @@ { "swapuse", login_getcapsize }, { "kqueues", login_getcapnum }, { "umtxp", login_getcapnum }, + { "pipebuf", login_getcapnum }, }; /* @@ -252,7 +255,7 @@ * to be modified accordingly! */ -#define RCS_STRING "tfdscmlunbvpwko" +#define RCS_STRING "tfdscmlunbvpwkoy" static rlim_t resource_num(int which, int ch, const char *str); static void usage(void) __dead2; @@ -660,6 +663,7 @@ case RLIMIT_NPTS: case RLIMIT_KQUEUES: case RLIMIT_UMTXP: + case RLIMIT_PIPEBUF: res = strtoq(s, &e, 0); s = e; break; diff --git a/usr.bin/login/login.conf b/usr.bin/login/login.conf --- a/usr.bin/login/login.conf +++ b/usr.bin/login/login.conf @@ -44,6 +44,7 @@ :pseudoterminals=unlimited:\ :kqueues=unlimited:\ :umtxp=unlimited:\ + :pipebuf=unlimited:\ :priority=0:\ :ignoretime@:\ :umask=022:\ diff --git a/usr.bin/procstat/procstat_rlimit.c b/usr.bin/procstat/procstat_rlimit.c --- a/usr.bin/procstat/procstat_rlimit.c +++ b/usr.bin/procstat/procstat_rlimit.c @@ -47,7 +47,7 @@ static struct { const char *name; const char *suffix; -} rlimit_param[15] = { +} rlimit_param[] = { {"cputime", "sec"}, {"filesize", "B "}, {"datasize", "B "}, @@ -63,11 +63,11 @@ {"swapuse", "B "}, {"kqueues", " "}, {"umtxp", " "}, + {"pipebuf", "B "}, }; -#if RLIM_NLIMITS > 15 -#error "Resource limits have grown. Add new entries to rlimit_param[]." -#endif +_Static_assert(nitems(rlimit_param) == RLIM_NLIMITS, + "Resource limits have grown. Add new entries to rlimit_param[]."); static const char * humanize_rlimit(int indx, rlim_t limit)