|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
kernel/2903: [Patch] Implement real time resource limits
Date: Sat Aug 24 2002 - 11:56:14 EDT
>Number: 2903 >Category: kernel >Synopsis: [Patch] Implement real time resource limits >Confidential: no >Severity: non-critical >Priority: low >Responsible: bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: net >Arrival-Date: Thu Nov 07 13:13:06 MST 2002 >Closed-Date: >Last-Modified: >Originator: Jedi/Sector One >Release: -current >Organization: >Environment: System : OpenBSD 3.1 Architecture: OpenBSD.i386 Machine : i386
>Description:
RLIMIT_TIME is an extension to enforce limits on the real (human, not CPU) time a process can grab.
It is handy to automatically remove dead processes left by users, buggy CGI scripts waiting forever and taking all Apache slots for nothing, etc.
The kernel patch itself it trivial.
Other patches included here :
- 'humantime' keyword for csh's "limit" built-in (+ man page)
- same thing for ksh's "ulimit" built-in (+ man page)
- RLIMIT_TIME->RLIMIT_INFINITY for sendmail and passwd
- "time" resource for login_cap.
- getrlimit() man page update.
- New RlimitTime directive for Apache (+ HTML doc)
Everything tested with today's -current, working.
>How-To-Repeat:
-
>Fix:
- bin/csh/csh.1 Tue Nov 13 14:59:53 2001
+++ bin/csh/csh.1.new Sat Aug 24 16:42:57 2002
@@ -1839,6 +1839,9 @@
.Ar cputime (the maximum number of cpu-seconds to be used by each process), +.Ar time +(the maximum +number of real seconds to be used by each process), .Ar filesize (the largest single file that can be created), .Ar datasize - bin/csh/func.c Sun Jun 9 07:47:05 2002
+++ bin/csh/func.c.new Sat Aug 24 17:07:58 2002
@@ -1156,6 +1156,7 @@
{ RLIMIT_MEMLOCK, "memorylocked", 1024, "kbytes" }, { RLIMIT_NPROC, "maxproc", 1, "" }, { RLIMIT_NOFILE, "openfiles", 1, "" }, + { RLIMIT_TIME, "humantime", 1, "seconds" }, { -1, NULL, 0, NULL } };
@@ -1235,17 +1236,17 @@
}
switch (*cp) {
case ':':
- if (lp->limconst != RLIMIT_CPU)
+ if (lp->limconst != RLIMIT_CPU && lp->limconst != RLIMIT_TIME)
goto badscal;
return ((RLIM_TYPE) (f * 60.0 + atof(short2str(cp + 1))));
case 'h':
- if (lp->limconst != RLIMIT_CPU)
+ if (lp->limconst != RLIMIT_CPU && lp->limconst != RLIMIT_TIME)
goto badscal;
limtail(cp, "hours");
f *= 3600.0;
break;
case 'm':
- if (lp->limconst == RLIMIT_CPU) {
+ if (lp->limconst == RLIMIT_CPU || lp->limconst == RLIMIT_TIME) {
limtail(cp, "minutes");
f *= 60.0;
break;
@@ -1255,19 +1256,19 @@
f *= 1024.0 * 1024.0;
break;
case 's':
- if (lp->limconst != RLIMIT_CPU)
+ if (lp->limconst != RLIMIT_CPU && lp->limconst != RLIMIT_TIME)
goto badscal;
limtail(cp, "seconds");
break;
case 'M':
- if (lp->limconst == RLIMIT_CPU)
+ if (lp->limconst == RLIMIT_CPU || lp->limconst == RLIMIT_TIME)
goto badscal;
*cp = 'm';
limtail(cp, "megabytes");
f *= 1024.0 * 1024.0;
break;
case 'k':
- if (lp->limconst == RLIMIT_CPU)
+ if (lp->limconst == RLIMIT_CPU || lp->limconst == RLIMIT_TIME)
goto badscal;
limtail(cp, "kbytes");
f *= 1024.0;
@@ -1314,7 +1315,7 @@
if (limit == RLIM_INFINITY)
(void) fprintf(cshout, "unlimited");
- else if (lp->limconst == RLIMIT_CPU) + else if (lp->limconst == RLIMIT_CPU || lp->limconst == RLIMIT_TIME)
psecs((long) limit);
else
(void) fprintf(cshout, "%ld %s", (long) (limit / lp->limdiv),
--- bin/ksh/c_ulimit.c Sun Jun 9 07:47:05 2002
+++ bin/ksh/c_ulimit.c.new Sat Aug 24 17:14:01 2002
@@ -56,6 +56,9 @@
#ifdef RLIMIT_CPU
{ "time(cpu-seconds)", RLIMIT, RLIMIT_CPU, RLIMIT_CPU, 1, 't' }, #endif
+#ifdef RLIMIT_TIME
+ { "humantime(seconds)", RLIMIT, RLIMIT_TIME, RLIMIT_TIME, 1, 'T' },
+#endif
#ifdef RLIMIT_FSIZE
{ "file(blocks)", RLIMIT, RLIMIT_FSIZE, RLIMIT_FSIZE, 512, 'f' },
#else /* RLIMIT_FSIZE */
--- bin/ksh/ksh.1tbl Mon Sep 24 21:14:49 2001
+++ bin/ksh/ksh.1tbl.new Sat Aug 24 16:44:53 2002
@@ -4018,6 +4018,11 @@
.Ar n
.Tn CPU
seconds to be used by each process.
+.It Fl T Ar n +Impose a real time limit of +.Ar n +.Tn human +seconds to be used by each process.
.El
.Pp
As far as
--- gnu/usr.sbin/sendmail/sendmail/conf.c Wed Jun 26 06:48:33 2002 +++ gnu/usr.sbin/sendmail/sendmail/conf.c.new Sat Aug 24 16:59:50 2002
@@ -3682,6 +3682,7 @@
lim.rlim_cur = lim.rlim_max = RLIM_INFINITY; (void) setrlimit(RLIMIT_CPU, &lim); + (void) setrlimit(RLIMIT_TIME, &lim); (void) setrlimit(RLIMIT_FSIZE, &lim); # ifdef RLIMIT_NOFILE lim.rlim_cur = lim.rlim_max = FD_SETSIZE; --- lib/libc/gen/login_cap.c Thu Jun 27 12:21:13 2002 +++ lib/libc/gen/login_cap.c.new Sat Aug 24 17:01:23 2002
@@ -492,6 +492,7 @@
char * name; } r_list[] = { { RLIMIT_CPU, CTIME, "cputime", }, + { RLIMIT_TIME, CTIME, "time", }, { RLIMIT_FSIZE, CSIZE, "filesize", }, { RLIMIT_DATA, CSIZE, "datasize", }, { RLIMIT_STACK, CSIZE, "stacksize", }, --- lib/libc/sys/getrlimit.2 Wed Oct 18 07:11:47 2000 +++ lib/libc/sys/getrlimit.2.new Sat Aug 24 16:51:32 2002
@@ -68,6 +68,9 @@
.It Li RLIMIT_CPU
The maximum amount of cpu time (in seconds) to be used by each process.
+.It Li RLIMIT_TIME +The maximum amount of human time (in seconds) to be used by +each process.
.It Li RLIMIT_DATA
The maximum size (in bytes) of the data segment for a process; this defines how far a program may extend its break with the
--- lib/libutil/passwd.c Wed Jul 31 23:53:12 2002 +++ lib/libutil/passwd.c.new Sat Aug 24 17:02:09 2002
@@ -354,6 +354,7 @@
/* Unlimited resource limits. */ rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY; (void)setrlimit(RLIMIT_CPU, &rlim); + (void)setrlimit(RLIMIT_TIME, &rlim); (void)setrlimit(RLIMIT_FSIZE, &rlim); (void)setrlimit(RLIMIT_STACK, &rlim); (void)setrlimit(RLIMIT_DATA, &rlim); --- sys/kern/kern_synch.c Wed Jul 24 19:58:27 2002 +++ sys/kern/kern_synch.c.new Sat Aug 24 16:31:52 2002
@@ -737,7 +737,21 @@
if (rlim->rlim_cur < rlim->rlim_max) rlim->rlim_cur += 5; } - } + } else { + rlim = &p->p_rlimit[RLIMIT_TIME]; + if (rlim->rlim_cur != RLIM_INFINITY) { + s = time.tv_sec - p->p_stats->p_start.tv_sec; + if (s >= rlim->rlim_cur) { + if (s >= rlim->rlim_max) + psignal(p, SIGKILL); + else { + psignal(p, SIGXCPU); + if (rlim->rlim_cur < rlim->rlim_max) + rlim->rlim_cur += 5; + } + } + } + } if (s > 10 * 60 && p->p_ucred->cr_uid && p->p_nice == NZERO) { p->p_nice = NZERO + 4; resetpriority(p); --- sys/sys/resource.h Thu Mar 14 02:26:52 2002 +++ sys/sys/resource.h.new Sat Aug 24 13:06:52 2002
@@ -89,8 +89,9 @@
#define RLIMIT_MEMLOCK 6 /* locked-in-memory address space */ #define RLIMIT_NPROC 7 /* number of processes */ #define RLIMIT_NOFILE 8 /* number of open files */ +#define RLIMIT_TIME 9 /* user time */ -#define RLIM_NLIMITS 9 /* number of resource limits */ +#define RLIM_NLIMITS 10 /* number of resource limits */ #define RLIM_INFINITY (((u_quad_t)1 << 63) - 1) --- usr.sbin/httpd/htdocs/manual/mod/core.html.fr Fri Mar 29 03:07:42 2002 +++ usr.sbin/httpd/htdocs/manual/mod/core.html.fr.new Sat Aug 24 17:26:41 2002
@@ -145,6 +145,8 @@
@@ -3150,6 +3152,50 @@
La limite de ressources CPU est exprimée en secondes
par processus.
+
+ Voir aussi
RLimitMEM ou RLimitNPROC.
+
+
+ Directive RLimitTime
+
+ Syntaxe
+ : RLimitTime # ou 'max' [# ou
+ 'max']
+ Défaut : Non
+ précisé; utilise le défaut du
+ système d'exploitation
+ Contexte : configuration
+ serveur, hôte virtuel
+ Statut
+ : noyau
+ Compatibilité :
+ RLimitCPU n'est disponible que sous OpenBSD.
+
+ Accepte 1 ou 2 parametères. Le premier
+ paramètre indique la limite logicielle pour tous les
+ processus et le second paramètre la limite
+ supérieure en termes de ressources. Chacun des
+ paramètres peut être exprimé par un nombre,
+ ou max pour indiquer au serveur que la limite est
+ celle imposée par le système d'exploitation. La
+ limite supérieure en ressource ne peut être
+ atteinte que si le serveur tourne sous root, ou
+ éventuellement pendant la phase de démarrage.
+
+ Ceci est valide pour les processus lancés par les
+ processus fils d'Apache pour le traitement des requêtes
+ et non pour les processus fils d'Apache eux-mêmes. Cela
+ inclut les scripts CGI, les commandes exec SSI, mais pas les
+ processus lancés par le processu Apache père tels
+ que les traces.
+
+ <p>La limite de temps (en temps humain et non CPU) est + exprimée en secondes par processus.</p>
Voir aussi
RLimitMEM ou RLimitNPROC.
--- usr.sbin/httpd/htdocs/manual/mod/core.html.html Fri Jul 19 23:30:52 2002
+++ usr.sbin/httpd/htdocs/manual/mod/core.html.html.new Sat Aug 24 17:27:51 2002
@@ -147,6 +147,8 @@
@@ -3060,6 +3062,46 @@
CPU resource limits are expressed in seconds per process.
+See also RLimitMEM or RLimitNPROC.
++ +
RLimitTime directive
+ + Syntax: RLimitTime + number|max [number|max]+ Default: Unset; uses + operating system defaults
+ Context: server config, virtual + host
+ Status: core
+ Compatibility: RLimitTime is + only available on OpenBSD + +
Takes 1 or 2 parameters. The first parameter sets the soft + resource limit for all processes and the second parameter sets
+ the maximum resource limit. Either parameter can be a number, + ormax to indicate to the server that the limit
+ should be set to the maximum allowed by the operating system
+ configuration. Raising the maximum resource limit requires that
+ the server is running as root, or in the initial startup
+ phase.
+
+ This applies to processes forked off from Apache children + servicing requests, not the Apache children themselves. This + includes CGI scripts and SSI exec commands, but not any + processes forked off from the Apache parent such as piped + logs.
+ +Human-time resource limits are expressed in seconds per
+ process.</p>
+
See also
RLimitMEM or RLimitNPROC.
--- usr.sbin/httpd/htdocs/manual/mod/directives.html.de Tue Feb 12 08:56:25 2002
+++ usr.sbin/httpd/htdocs/manual/mod/directives.html.de.new Sat Aug 24 17:22:53 2002
@@ -202,6 +202,7 @@
@@ -479,6 +479,8 @@
<li>RLimitCPU</li>
+ <li>RLimitTime</li> +
<li>RLimitMEM</li>
@@ -474,6 +474,8 @@
href="mod_rewrite.html#RewriteRule">RewriteRule
@@ -480,6 +480,8 @@
href="mod_rewrite.html#RewriteRule">RewriteRule
@@ -477,6 +477,8 @@
<li>RLimitCPU</li>
+ <li>RLimitTime</li> +
<li>RLimitMEM</li>
@@ -249,6 +249,7 @@
LimitRequestLine
RLimitCPU
+ RLimitTime
RLimitMEM
RLimitNPROC
@@ -284,6 +284,7 @@
LimitRequestLine
RLimitCPU
+ RLimitTime
RLimitMEM
RLimitNPROC
@@ -251,6 +251,7 @@
LimitRequestLine
RLimitCPU
+ RLimitTime
RLimitMEM
RLimitNPROC
| Do you need more help? |  |
@@ -250,6 +250,7 @@
LimitRequestLine
RLimitCPU
+ RLimitTime
RLimitMEM
RLimitNPROC
@@ -278,6 +278,9 @@
#ifdef RLIMIT_CPU
struct rlimit *limit_cpu;
#endif
+#ifdef RLIMIT_TIME
+ struct rlimit *limit_time;
+#endif
#if defined (RLIMIT_DATA) || defined (RLIMIT_VMEM) || defined(RLIMIT_AS)
struct rlimit *limit_mem;
#endif
--- usr.sbin/httpd/src/main/http_core.c Fri Jul 19 23:30:53 2002
+++ usr.sbin/httpd/src/main/http_core.c.new Sat Aug 24 16:49:04 2002
@@ -143,6 +143,9 @@
#ifdef RLIMIT_CPU
conf->limit_cpu = NULL;
#endif
+#ifdef RLIMIT_TIME
+ conf->limit_time = NULL;
+#endif
#if defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_AS)
conf->limit_mem = NULL;
#endif
@@ -276,6 +279,11 @@
conf->limit_cpu = new->limit_cpu;
}
#endif
+#ifdef RLIMIT_TIME
+ if (new->limit_time) {
+ conf->limit_time = new->limit_time;
+ }
+#endif
#if defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_AS)
if (new->limit_mem) {
conf->limit_mem = new->limit_mem;
@@ -2503,7 +2511,7 @@
}
-#if defined(RLIMIT_CPU) || defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_NPROC) || defined(RLIMIT_AS) +#if defined(RLIMIT_CPU) || defined(RLIMIT_TIME) || defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_NPROC) || defined(RLIMIT_AS) static void set_rlimit(cmd_parms *cmd, struct rlimit **plimit, const char *arg,
const char * arg2, int type)
{
@@ -2559,7 +2567,7 @@
}
#endif
-#if !defined (RLIMIT_CPU) || !(defined (RLIMIT_DATA) || defined (RLIMIT_VMEM) || defined(RLIMIT_AS)) || !defined (RLIMIT_NPROC) +#if !defined (RLIMIT_CPU) || defined (RLIMIT_TIME) || !(defined (RLIMIT_DATA) || defined (RLIMIT_VMEM) || defined(RLIMIT_AS)) || !defined (RLIMIT_NPROC) static const char *no_set_limit(cmd_parms *cmd, core_dir_config *conf,
char *arg, char *arg2)
{
@@ -2578,6 +2586,15 @@
}
#endif
+#ifdef RLIMIT_TIME
+static const char *set_limit_time(cmd_parms *cmd, core_dir_config *conf,
+ char *arg, char *arg2)
+{
+ set_rlimit(cmd, &conf->limit_time, arg, arg2, RLIMIT_TIME);
+ return NULL;
+}
+#endif
+
#if defined (RLIMIT_DATA) || defined (RLIMIT_VMEM) || defined(RLIMIT_AS) static const char *set_limit_mem(cmd_parms *cmd, core_dir_config *conf,
char *arg, char * arg2)
@@ -3381,6 +3398,13 @@
no_set_limit, NULL,
#endif
OR_ALL, TAKE12, "Soft/hard limits for max CPU usage in seconds" },
+{ "RLimitTime",
+#ifdef RLIMIT_TIME
+ set_limit_time, (void*)XtOffsetOf(core_dir_config, limit_time),
+#else
+ no_set_limit, NULL,
+#endif
+ OR_ALL, TAKE12, "Soft/hard limits for max human time in seconds" },
{ "RLimitMEM",
#if defined (RLIMIT_DATA) || defined (RLIMIT_VMEM) || defined (RLIMIT_AS) set_limit_mem, (void*)XtOffsetOf(core_dir_config, limit_mem),
--- usr.sbin/httpd/src/main/util_script.c Fri Mar 29 03:07:44 2002 +++ usr.sbin/httpd/src/main/util_script.c.new Sat Aug 24 16:49:53 2002
@@ -751,6 +751,14 @@
} }
#endif
+#ifdef RLIMIT_TIME
+ if (conf->limit_time != NULL) {
+ if ((setrlimit(RLIMIT_TIME, conf->limit_time)) != 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
+ "setrlimit: failed to set max real time limit");
+ }
+ }
+#endif
#ifdef RLIMIT_NPROC
if (conf->limit_nproc != NULL) {
if ((setrlimit(RLIMIT_NPROC, conf->limit_nproc)) != 0) {
>Release-Note:
>Audit-Trail:
>Unformatted: Received on Thu Nov 7 16:06:54 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:29:36 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |