plimit.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI" /* SVr4.0 1.5 */
#define __EXTENSIONS__ /* For strtok_r */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <ctype.h>
#include <string.h>
#include <signal.h>
#include <limits.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <sys/mkdev.h>
#include <libproc.h>
#include <priv.h>
#define TRUE 1
#define FALSE 0
static int interrupt;
static char *command;
static int Fflag;
static int kbytes = FALSE;
static int mbytes = FALSE;
static char set_current[RLIM_NLIMITS];
static char set_maximum[RLIM_NLIMITS];
static struct rlimit64 rlimit[RLIM_NLIMITS];
static void intr(int);
static int parse_limits(int, char *);
static void show_limits(struct ps_prochandle *);
static int set_limits(struct ps_prochandle *);
static void
usage()
{
(void) fprintf(stderr,
"usage:\n"
" For each process, report all resource limits:\n"
"\t%s [-km] pid ...\n"
"\t-k\treport file sizes in kilobytes\n"
"\t-m\treport file/memory sizes in megabytes\n"
" For each process, set specified resource limits:\n"
"\t%s -{cdfnstv} soft,hard ... pid ...\n"
"\t-c soft,hard\tset core file size limits\n"
"\t-d soft,hard\tset data segment (heap) size limits\n"
"\t-f soft,hard\tset file size limits\n"
"\t-n soft,hard\tset file descriptor limits\n"
"\t-s soft,hard\tset stack segment size limits\n"
"\t-t soft,hard\tset CPU time limits\n"
"\t-v soft,hard\tset virtual memory size limits\n"
"\t(default units are as shown by the output of '%s pid')\n",
command, command, command);
exit(2);
}
int
main(int argc, char **argv)
{
int retc = 0;
int opt;
int errflg = 0;
int set = FALSE;
struct ps_prochandle *Pr;
if ((command = strrchr(argv[0], '/')) != NULL)
command++;
else
command = argv[0];
while ((opt = getopt(argc, argv, "Fkmc:d:f:n:s:t:v:")) != EOF) {
switch (opt) {
case 'F': /* force grabbing (no O_EXCL) */
Fflag = PGRAB_FORCE;
break;
case 'k':
kbytes = TRUE;
mbytes = FALSE;
break;
case 'm':
kbytes = FALSE;
mbytes = TRUE;
break;
case 'c': /* core file size */
set = TRUE;
errflg += parse_limits(RLIMIT_CORE, optarg);
break;
case 'd': /* data segment size */
set = TRUE;
errflg += parse_limits(RLIMIT_DATA, optarg);
break;
case 'f': /* file size */
set = TRUE;
errflg += parse_limits(RLIMIT_FSIZE, optarg);
break;
case 'n': /* file descriptors */
set = TRUE;
errflg += parse_limits(RLIMIT_NOFILE, optarg);
break;
case 's': /* stack segment size */
set = TRUE;
errflg += parse_limits(RLIMIT_STACK, optarg);
break;
case 't': /* CPU time */
set = TRUE;
errflg += parse_limits(RLIMIT_CPU, optarg);
break;
case 'v': /* virtual memory size */
set = TRUE;
errflg += parse_limits(RLIMIT_VMEM, optarg);
break;
default:
errflg = 1;
break;
}
}
argc -= optind;
argv += optind;
if (errflg || argc <= 0)
usage();
/* catch signals from terminal */
if (sigset(SIGHUP, SIG_IGN) == SIG_DFL)
(void) sigset(SIGHUP, intr);
if (sigset(SIGINT, SIG_IGN) == SIG_DFL)
(void) sigset(SIGINT, intr);
if (sigset(SIGQUIT, SIG_IGN) == SIG_DFL)
(void) sigset(SIGQUIT, intr);
(void) sigset(SIGPIPE, intr);
(void) sigset(SIGTERM, intr);
while (--argc >= 0 && !interrupt) {
psinfo_t psinfo;
char *arg;
pid_t pid;
int gret;
(void) fflush(stdout); /* process-at-a-time */
/* get the specified pid and the psinfo struct */
if ((pid = proc_arg_psinfo(arg = *argv++, PR_ARG_PIDS,
&psinfo, &gret)) == -1) {
(void) fprintf(stderr, "%s: cannot examine %s: %s\n",
command, arg, Pgrab_error(gret));
retc = 1;
} else if ((Pr = Pgrab(pid, Fflag, &gret)) != NULL) {
if (Pcreate_agent(Pr) == 0) {
if (set) {
if (set_limits(Pr) != 0)
retc = 1;
} else {
proc_unctrl_psinfo(&psinfo);
(void) printf("%d:\t%.70s\n",
(int)pid, psinfo.pr_psargs);
show_limits(Pr);
}
Pdestroy_agent(Pr);
} else {
(void) fprintf(stderr,
"%s: cannot control process %d\n",
command, (int)pid);
retc = 1;
}
Prelease(Pr, 0);
} else {
if ((gret == G_SYS || gret == G_SELF) && !set) {
proc_unctrl_psinfo(&psinfo);
(void) printf("%d:\t%.70s\n", (int)pid,
psinfo.pr_psargs);
if (gret == G_SYS)
(void) printf(" [system process]\n");
else
show_limits(NULL);
} else {
(void) fprintf(stderr,
"%s: %s: %d\n",
command, Pgrab_error(gret), (int)pid);
retc = 1;
}
}
}
if (interrupt)
retc = 1;
return (retc);
}
static void
intr(int sig)
{
interrupt = sig;
}
/* ------ begin specific code ------ */
/*
* Compute a limit, given a string:
* unlimited unlimited
* nnn k nnn kilobytes
* nnn m nnn megabytes (minutes for CPU time)
* nnn h nnn hours (for CPU time only)
* mm : ss minutes and seconds (for CPU time only)
*/
static int
limit_value(int which, char *arg, rlim64_t *limit)
{
rlim64_t value;
rlim64_t unit;
char *lastc;
if (strcmp(arg, "unlimited") == 0) {
*limit = RLIM64_INFINITY;
return (0);
}
if (which == RLIMIT_CPU && strchr(arg, ':') != NULL) {
char *minutes = strtok_r(arg, " \t:", &lastc);
char *seconds = strtok_r(NULL, " \t", &lastc);
rlim64_t sec;
if (seconds != NULL && strtok_r(NULL, " \t", &lastc) != NULL)
return (1);
value = strtoull(minutes, &lastc, 10);
if (*lastc != '\0' || value > RLIM64_INFINITY / 60)
return (1);
if (seconds == NULL || *seconds == '\0')
sec = 0;
else {
sec = strtoull(seconds, &lastc, 10);
if (*lastc != '\0' || sec > 60)
return (1);
}
value = value * 60 + sec;
if (value > RLIM64_INFINITY)
value = RLIM64_INFINITY;
*limit = value;
return (0);
}
switch (*(lastc = arg + strlen(arg) - 1)) {
case 'k':
unit = 1024;
*lastc = '\0';
break;
case 'm':
if (which == RLIMIT_CPU)
unit = 60;
else
unit = 1024 * 1024;
*lastc = '\0';
break;
case 'h':
if (which == RLIMIT_CPU)
unit = 60 * 60;
else
return (1);
*lastc = '\0';
break;
default:
switch (which) {
case RLIMIT_CPU: unit = 1; break;
case RLIMIT_FSIZE: unit = 512; break;
case RLIMIT_DATA: unit = 1024; break;
case RLIMIT_STACK: unit = 1024; break;
case RLIMIT_CORE: unit = 512; break;
case RLIMIT_NOFILE: unit = 1; break;
case RLIMIT_VMEM: unit = 1024; break;
}
break;
}
value = strtoull(arg, &lastc, 10);
if (*lastc != '\0' || value > RLIM64_INFINITY / unit)
return (1);
value *= unit;
if (value > RLIM64_INFINITY)
value = RLIM64_INFINITY;
*limit = value;
return (0);
}
static int
parse_limits(int which, char *arg)
{
char *lastc;
char *soft = strtok_r(arg, " \t,", &lastc);
char *hard = strtok_r(NULL, " \t", &lastc);
struct rlimit64 *rp = &rlimit[which];
if (hard != NULL && strtok_r(NULL, " \t", &lastc) != NULL)
return (1);
if (soft == NULL || *soft == '\0') {
rp->rlim_cur = 0;
set_current[which] = FALSE;
} else {
if (limit_value(which, soft, &rp->rlim_cur) != 0)
return (1);
set_current[which] = TRUE;
}
if (hard == NULL || *hard == '\0') {
rp->rlim_max = 0;
set_maximum[which] = FALSE;
} else {
if (limit_value(which, hard, &rp->rlim_max) != 0)
return (1);
set_maximum[which] = TRUE;
}
if (set_current[which] && set_maximum[which] &&
rp->rlim_cur > rp->rlim_max)
return (1);
return (0);
}
static void
limit_adjust(struct rlimit64 *rp, int units)
{
if (rp->rlim_cur != RLIM64_INFINITY)
rp->rlim_cur /= units;
if (rp->rlim_max != RLIM64_INFINITY)
rp->rlim_max /= units;
}
static char *
limit_values(struct rlimit64 *rp)
{
static char buffer[64];
char buf1[32];
char buf2[32];
char *s1;
char *s2;
if (rp->rlim_cur == RLIM64_INFINITY)
s1 = "unlimited";
else {
(void) sprintf(s1 = buf1, "%lld", rp->rlim_cur);
if (strlen(s1) < 8)
(void) strcat(s1, "\t");
}
if (rp->rlim_max == RLIM64_INFINITY)
s2 = "unlimited";
else {
(void) sprintf(s2 = buf2, "%lld", rp->rlim_max);
}
(void) sprintf(buffer, "%s\t%s", s1, s2);
return (buffer);
}
static void
show_limits(struct ps_prochandle *Pr)
{
struct rlimit64 rlim;
int resource;
char buf[32];
char *s;
(void) printf(" resource\t\t current\t maximum\n");
for (resource = 0; resource < RLIM_NLIMITS; resource++) {
if (pr_getrlimit64(Pr, resource, &rlim) != 0)
continue;
switch (resource) {
case RLIMIT_CPU:
s = " time(seconds)\t\t";
break;
case RLIMIT_FSIZE:
if (kbytes) {
s = " file(kbytes)\t\t";
limit_adjust(&rlim, 1024);
} else if (mbytes) {
s = " file(mbytes)\t\t";
limit_adjust(&rlim, 1024 * 1024);
} else {
s = " file(blocks)\t\t";
limit_adjust(&rlim, 512);
}
break;
case RLIMIT_DATA:
if (mbytes) {
s = " data(mbytes)\t\t";
limit_adjust(&rlim, 1024 * 1024);
} else {
s = " data(kbytes)\t\t";
limit_adjust(&rlim, 1024);
}
break;
case RLIMIT_STACK:
if (mbytes) {
s = " stack(mbytes)\t\t";
limit_adjust(&rlim, 1024 * 1024);
} else {
s = " stack(kbytes)\t\t";
limit_adjust(&rlim, 1024);
}
break;
case RLIMIT_CORE:
if (kbytes) {
s = " coredump(kbytes)\t";
limit_adjust(&rlim, 1024);
} else if (mbytes) {
s = " coredump(mbytes)\t";
limit_adjust(&rlim, 1024 * 1024);
} else {
s = " coredump(blocks)\t";
limit_adjust(&rlim, 512);
}
break;
case RLIMIT_NOFILE:
s = " nofiles(descriptors)\t";
break;
case RLIMIT_VMEM:
if (mbytes) {
s = " vmemory(mbytes)\t";
limit_adjust(&rlim, 1024 * 1024);
} else {
s = " vmemory(kbytes)\t";
limit_adjust(&rlim, 1024);
}
break;
default:
(void) sprintf(buf, " rlimit #%d\t", resource);
s = buf;
break;
}
(void) printf("%s%s\n", s, limit_values(&rlim));
}
}
static int
set_one_limit(struct ps_prochandle *Pr, int which, rlim64_t cur, rlim64_t max)
{
struct rlimit64 rlim;
int be_su = 0;
prpriv_t *old_prpriv = NULL, *new_prpriv = NULL;
priv_set_t *eset, *pset;
int ret = 0;
if (pr_getrlimit64(Pr, which, &rlim) != 0) {
(void) fprintf(stderr,
"%s: unable to get process limit for pid %d: %s\n",
command, Pstatus(Pr)->pr_pid, strerror(errno));
return (1);
}
if (!set_current[which])
cur = rlim.rlim_cur;
if (!set_maximum[which])
max = rlim.rlim_max;
if (max < cur)
max = cur;
if (max > rlim.rlim_max && Pr != NULL)
be_su = 1;
rlim.rlim_cur = cur;
rlim.rlim_max = max;
if (be_su) {
new_prpriv = proc_get_priv(Pstatus(Pr)->pr_pid);
if (new_prpriv == NULL) {
(void) fprintf(stderr,
"%s: unable to get process privileges for pid"
" %d: %s\n", command, Pstatus(Pr)->pr_pid,
strerror(errno));
return (1);
}
/*
* We only have to change the process privileges if it doesn't
* already have PRIV_SYS_RESOURCE. In addition, we want to make
* sure that we don't leave a process with elevated privileges,
* so we make sure the process dies if we exit unexpectedly.
*/
eset = (priv_set_t *)
&new_prpriv->pr_sets[new_prpriv->pr_setsize *
priv_getsetbyname(PRIV_EFFECTIVE)];
pset = (priv_set_t *)
&new_prpriv->pr_sets[new_prpriv->pr_setsize *
priv_getsetbyname(PRIV_PERMITTED)];
if (!priv_ismember(eset, PRIV_SYS_RESOURCE)) {
/* Keep track of original privileges */
old_prpriv = proc_get_priv(Pstatus(Pr)->pr_pid);
if (old_prpriv == NULL) {
free(new_prpriv);
(void) fprintf(stderr,
"%s: unable to get process privileges "
"for pid %d: %s\n", command,
Pstatus(Pr)->pr_pid, strerror(errno));
return (1);
}
(void) priv_addset(eset, PRIV_SYS_RESOURCE);
(void) priv_addset(pset, PRIV_SYS_RESOURCE);
if (Psetflags(Pr, PR_KLC) != 0 ||
Psetpriv(Pr, new_prpriv) != 0) {
(void) fprintf(stderr,
"%s: unable to set process privileges for"
" pid %d: %s\n", command,
Pstatus(Pr)->pr_pid, strerror(errno));
(void) Punsetflags(Pr, PR_KLC);
free(new_prpriv);
free(old_prpriv);
return (1);
}
}
}
if (pr_setrlimit64(Pr, which, &rlim) != 0) {
(void) fprintf(stderr,
"%s: cannot set resource limit for pid %d: %s\n",
command, Pstatus(Pr)->pr_pid, strerror(errno));
ret = 1;
}
if (old_prpriv != NULL) {
if (Psetpriv(Pr, old_prpriv) != 0) {
/*
* If this fails, we can't leave a process hanging
* around with elevated privileges, so we'll have to
* release the process from libproc, knowing that it
* will be killed (since we set PR_KLC).
*/
Pdestroy_agent(Pr);
(void) fprintf(stderr,
"%s: cannot relinquish privileges for pid %d."
" The process was killed.",
command, Pstatus(Pr)->pr_pid);
ret = 1;
}
if (Punsetflags(Pr, PR_KLC) != 0) {
(void) fprintf(stderr,
"%s: cannot relinquish privileges for pid %d."
" The process was killed.",
command, Pstatus(Pr)->pr_pid);
ret = 1;
}
free(old_prpriv);
}
if (new_prpriv != NULL)
free(new_prpriv);
return (ret);
}
static int
set_limits(struct ps_prochandle *Pr)
{
int which;
int retc = 0;
for (which = 0; which < RLIM_NLIMITS; which++) {
if (set_current[which] || set_maximum[which]) {
if (set_one_limit(Pr, which, rlimit[which].rlim_cur,
rlimit[which].rlim_max) != 0)
retc = 1;
}
}
return (retc);
}