X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/b0d623f7f2ae71ed96e60569f61f9a9a27016e80..c18c124eaa464aaaa5549e99e5a70fc9cbb50944:/bsd/kern/kern_resource.c diff --git a/bsd/kern/kern_resource.c b/bsd/kern/kern_resource.c index b51c4ecbe..2900cd52b 100644 --- a/bsd/kern/kern_resource.c +++ b/bsd/kern/kern_resource.c @@ -97,22 +97,42 @@ #include #include #include /* for thread_policy_set( ) */ -#include #include #include #include /* for absolutetime_to_microtime() */ -#include /* for TRAFFIC_MGT_SO_BACKGROUND */ +#include /* for TRAFFIC_MGT_SO_* */ #include /* for struct socket */ #include +#include +#include + int donice(struct proc *curp, struct proc *chgp, int n); int dosetrlimit(struct proc *p, u_int which, struct rlimit *limp); -static int do_background_thread(struct proc *curp, int priority); +int uthread_get_background_state(uthread_t); +static void do_background_socket(struct proc *p, thread_t thread); +static int do_background_thread(struct proc *curp, thread_t thread, int priority); +static int do_background_proc(struct proc *curp, struct proc *targetp, int priority); +static int set_gpudeny_proc(struct proc *curp, struct proc *targetp, int priority); +static int proc_set_darwin_role(proc_t curp, proc_t targetp, int priority); +static int proc_get_darwin_role(proc_t curp, proc_t targetp, int *priority); +static int get_background_proc(struct proc *curp, struct proc *targetp, int *priority); +void proc_apply_task_networkbg_internal(proc_t, thread_t); +void proc_restore_task_networkbg_internal(proc_t, thread_t); +int proc_pid_rusage(int pid, int flavor, user_addr_t buf, int32_t *retval); +void gather_rusage_info(proc_t p, rusage_info_current *ru, int flavor); +int fill_task_rusage(task_t task, rusage_info_current *ri); +void fill_task_billed_usage(task_t task, rusage_info_current *ri); +int fill_task_io_rusage(task_t task, rusage_info_current *ri); +int fill_task_qos_rusage(task_t task, rusage_info_current *ri); +static void rusage_info_conversion(rusage_info_t ri_info, rusage_info_current *ri_current, int flavor); + +int proc_get_rusage(proc_t p, int flavor, user_addr_t buffer, __unused int is_zombie); rlim_t maxdmap = MAXDSIZ; /* XXX */ -rlim_t maxsmap = MAXSSIZ - PAGE_SIZE; /* XXX */ +rlim_t maxsmap = MAXSSIZ - PAGE_MAX_SIZE; /* XXX */ /* * Limits on the number of open files per process, and the number @@ -122,10 +142,10 @@ rlim_t maxsmap = MAXSSIZ - PAGE_SIZE; /* XXX */ */ __private_extern__ int maxfilesperproc = OPEN_MAX; /* per-proc open files limit */ -SYSCTL_INT( _kern, KERN_MAXPROCPERUID, maxprocperuid, CTLFLAG_RW, +SYSCTL_INT(_kern, KERN_MAXPROCPERUID, maxprocperuid, CTLFLAG_RW | CTLFLAG_LOCKED, &maxprocperuid, 0, "Maximum processes allowed per userid" ); -SYSCTL_INT( _kern, KERN_MAXFILESPERPROC, maxfilesperproc, CTLFLAG_RW, +SYSCTL_INT(_kern, KERN_MAXFILESPERPROC, maxfilesperproc, CTLFLAG_RW | CTLFLAG_LOCKED, &maxfilesperproc, 0, "Maximum files allowed open per process" ); /* Args and fn for proc_iteration callback used in setpriority */ @@ -157,6 +177,8 @@ getpriority(struct proc *curp, struct getpriority_args *uap, int32_t *retval) struct proc *p; int low = PRIO_MAX + 1; kauth_cred_t my_cred; + int refheld = 0; + int error = 0; /* would also test (uap->who < 0), but id_t is unsigned */ if (uap->who > 0x7fffffff) @@ -216,24 +238,50 @@ getpriority(struct proc *curp, struct getpriority_args *uap, int32_t *retval) break; - case PRIO_DARWIN_THREAD: { - thread_t thread; - struct uthread *ut; - + case PRIO_DARWIN_THREAD: /* we currently only support the current thread */ - if (uap->who != 0) { + if (uap->who != 0) return (EINVAL); + + low = proc_get_task_policy(current_task(), current_thread(), TASK_POLICY_INTERNAL, TASK_POLICY_DARWIN_BG); + + break; + + case PRIO_DARWIN_PROCESS: + if (uap->who == 0) { + p = curp; + } else { + p = proc_find(uap->who); + if (p == PROC_NULL) + break; + refheld = 1; } - - thread = current_thread(); - ut = get_bsdthread_info(thread); - low = 0; - if ( (ut->uu_flag & UT_BACKGROUND) != 0 ) { - low = 1; + error = get_background_proc(curp, p, &low); + + if (refheld) + proc_rele(p); + if (error) + return (error); + break; + + case PRIO_DARWIN_ROLE: + if (uap->who == 0) { + p = curp; + } else { + p = proc_find(uap->who); + if (p == PROC_NULL) + break; + refheld = 1; } + + error = proc_get_darwin_role(curp, p, &low); + + if (refheld) + proc_rele(p); + if (error) + return (error); break; - } default: return (EINVAL); @@ -295,7 +343,7 @@ ppgrp_donice_callback(proc_t p, void * arg) */ /* ARGSUSED */ int -setpriority(struct proc *curp, struct setpriority_args *uap, __unused int32_t *retval) +setpriority(struct proc *curp, struct setpriority_args *uap, int32_t *retval) { struct proc *p; int found = 0, error = 0; @@ -365,11 +413,62 @@ setpriority(struct proc *curp, struct setpriority_args *uap, __unused int32_t *r case PRIO_DARWIN_THREAD: { /* we currently only support the current thread */ - if (uap->who != 0) { + if (uap->who != 0) return (EINVAL); + + error = do_background_thread(curp, current_thread(), uap->prio); + found++; + break; + } + + case PRIO_DARWIN_PROCESS: { + if (uap->who == 0) + p = curp; + else { + p = proc_find(uap->who); + if (p == 0) + break; + refheld = 1; + } + + error = do_background_proc(curp, p, uap->prio); + + found++; + if (refheld != 0) + proc_rele(p); + break; + } + + case PRIO_DARWIN_GPU: { + if (uap->who == 0) + return (EINVAL); + + p = proc_find(uap->who); + if (p == PROC_NULL) + break; + + error = set_gpudeny_proc(curp, p, uap->prio); + + found++; + proc_rele(p); + break; + } + + case PRIO_DARWIN_ROLE: { + if (uap->who == 0) { + p = curp; + } else { + p = proc_find(uap->who); + if (p == PROC_NULL) + break; + refheld = 1; } - error = do_background_thread(curp, uap->prio); + + error = proc_set_darwin_role(curp, p, uap->prio); + found++; + if (refheld != 0) + proc_rele(p); break; } @@ -378,6 +477,10 @@ setpriority(struct proc *curp, struct setpriority_args *uap, __unused int32_t *r } if (found == 0) return (ESRCH); + if (error == EIDRM) { + *retval = -2; + error = 0; + } return (error); } @@ -398,9 +501,9 @@ donice(struct proc *curp, struct proc *chgp, int n) ucred = kauth_cred_proc_ref(curp); my_cred = kauth_cred_proc_ref(chgp); - if (suser(ucred, NULL) && ucred->cr_ruid && + if (suser(ucred, NULL) && kauth_cred_getruid(ucred) && kauth_cred_getuid(ucred) != kauth_cred_getuid(my_cred) && - ucred->cr_ruid != kauth_cred_getuid(my_cred)) { + kauth_cred_getruid(ucred) != kauth_cred_getuid(my_cred)) { error = EPERM; goto out; } @@ -427,88 +530,346 @@ out: return (error); } -/* - * do_background_thread - * Returns: 0 Success - * XXX - todo - does this need a MACF hook? - */ static int -do_background_thread(struct proc *curp, int priority) +set_gpudeny_proc(struct proc *curp, struct proc *targetp, int priority) { - int i; - thread_t thread; - struct uthread *ut; - thread_precedence_policy_data_t policy; - struct filedesc *fdp; - struct fileproc *fp; - - thread = current_thread(); - ut = get_bsdthread_info(thread); + int error = 0; + kauth_cred_t ucred; + kauth_cred_t target_cred; - if ( (priority & PRIO_DARWIN_BG) == 0 ) { - /* turn off backgrounding of thread */ - if ( (ut->uu_flag & UT_BACKGROUND) == 0 ) { - /* already off */ - return(0); - } + ucred = kauth_cred_get(); + target_cred = kauth_cred_proc_ref(targetp); + + /* TODO: Entitlement instead of uid check */ + + if (!kauth_cred_issuser(ucred) && kauth_cred_getruid(ucred) && + kauth_cred_getuid(ucred) != kauth_cred_getuid(target_cred) && + kauth_cred_getruid(ucred) != kauth_cred_getuid(target_cred)) { + error = EPERM; + goto out; + } + + if (curp == targetp) { + error = EPERM; + goto out; + } + +#if CONFIG_MACF + error = mac_proc_check_sched(curp, targetp); + if (error) + goto out; +#endif + + switch (priority) { + case PRIO_DARWIN_GPU_DENY: + task_set_gpu_denied(proc_task(targetp), TRUE); + break; + case PRIO_DARWIN_GPU_ALLOW: + task_set_gpu_denied(proc_task(targetp), FALSE); + break; + default: + error = EINVAL; + goto out; + } + +out: + kauth_cred_unref(&target_cred); + return (error); + +} + +static int +proc_set_darwin_role(proc_t curp, proc_t targetp, int priority) +{ + int error = 0; + uint32_t flagsp; + + kauth_cred_t ucred, target_cred; + + ucred = kauth_cred_get(); + target_cred = kauth_cred_proc_ref(targetp); + + if (!kauth_cred_issuser(ucred) && kauth_cred_getruid(ucred) && + kauth_cred_getuid(ucred) != kauth_cred_getuid(target_cred) && + kauth_cred_getruid(ucred) != kauth_cred_getuid(target_cred)) { + error = EPERM; + goto out; + } + + if (curp != targetp) { +#if CONFIG_MACF + if ((error = mac_proc_check_sched(curp, targetp))) + goto out; +#endif + } + + proc_get_darwinbgstate(proc_task(targetp), &flagsp); + if ((flagsp & PROC_FLAG_APPLICATION) != PROC_FLAG_APPLICATION) { + error = ENOTSUP; + goto out; + } + + integer_t role = 0; + + switch (priority) { + case PRIO_DARWIN_ROLE_DEFAULT: + role = TASK_UNSPECIFIED; + break; + case PRIO_DARWIN_ROLE_UI_FOCAL: + role = TASK_FOREGROUND_APPLICATION; + break; + case PRIO_DARWIN_ROLE_UI: + role = TASK_BACKGROUND_APPLICATION; + break; + case PRIO_DARWIN_ROLE_NON_UI: + role = TASK_NONUI_APPLICATION; + break; + default: + error = EINVAL; + goto out; + } + + proc_set_task_policy(proc_task(targetp), THREAD_NULL, + TASK_POLICY_ATTRIBUTE, TASK_POLICY_ROLE, role); + +out: + kauth_cred_unref(&target_cred); + return (error); +} + +static int +proc_get_darwin_role(proc_t curp, proc_t targetp, int *priority) +{ + int error = 0; + int role = 0; + + kauth_cred_t ucred, target_cred; + + ucred = kauth_cred_get(); + target_cred = kauth_cred_proc_ref(targetp); + + if (!kauth_cred_issuser(ucred) && kauth_cred_getruid(ucred) && + kauth_cred_getuid(ucred) != kauth_cred_getuid(target_cred) && + kauth_cred_getruid(ucred) != kauth_cred_getuid(target_cred)) { + error = EPERM; + goto out; + } + + if (curp != targetp) { +#if CONFIG_MACF + if ((error = mac_proc_check_sched(curp, targetp))) + goto out; +#endif + } + + role = proc_get_task_policy(proc_task(targetp), THREAD_NULL, + TASK_POLICY_ATTRIBUTE, TASK_POLICY_ROLE); + + switch (role) { + case TASK_FOREGROUND_APPLICATION: + *priority = PRIO_DARWIN_ROLE_UI_FOCAL; + break; + case TASK_BACKGROUND_APPLICATION: + *priority = PRIO_DARWIN_ROLE_UI; + break; + case TASK_NONUI_APPLICATION: + *priority = PRIO_DARWIN_ROLE_NON_UI; + break; + case TASK_UNSPECIFIED: + default: + *priority = PRIO_DARWIN_ROLE_DEFAULT; + break; + } + +out: + kauth_cred_unref(&target_cred); + return (error); +} + + +static int +get_background_proc(struct proc *curp, struct proc *targetp, int *priority) +{ + int external = 0; + int error = 0; + kauth_cred_t ucred, target_cred; + + ucred = kauth_cred_get(); + target_cred = kauth_cred_proc_ref(targetp); + + if (!kauth_cred_issuser(ucred) && kauth_cred_getruid(ucred) && + kauth_cred_getuid(ucred) != kauth_cred_getuid(target_cred) && + kauth_cred_getruid(ucred) != kauth_cred_getuid(target_cred)) { + error = EPERM; + goto out; + } + + external = (curp == targetp) ? TASK_POLICY_INTERNAL : TASK_POLICY_EXTERNAL; - /* clear background bit in thread and disable disk IO throttle */ - ut->uu_flag &= ~UT_BACKGROUND; - ut->uu_iopol_disk = IOPOL_NORMAL; + *priority = proc_get_task_policy(current_task(), THREAD_NULL, external, TASK_POLICY_DARWIN_BG); - /* reset thread priority (we did not save previous value) */ - policy.importance = 0; - thread_policy_set( thread, THREAD_PRECEDENCE_POLICY, - (thread_policy_t)&policy, - THREAD_PRECEDENCE_POLICY_COUNT ); +out: + kauth_cred_unref(&target_cred); + return (error); +} + +static int +do_background_proc(struct proc *curp, struct proc *targetp, int priority) +{ +#if !CONFIG_MACF +#pragma unused(curp) +#endif + int error = 0; + kauth_cred_t ucred; + kauth_cred_t target_cred; + int external; + int enable; + + ucred = kauth_cred_get(); + target_cred = kauth_cred_proc_ref(targetp); + + if (!kauth_cred_issuser(ucred) && kauth_cred_getruid(ucred) && + kauth_cred_getuid(ucred) != kauth_cred_getuid(target_cred) && + kauth_cred_getruid(ucred) != kauth_cred_getuid(target_cred)) + { + error = EPERM; + goto out; + } + +#if CONFIG_MACF + error = mac_proc_check_sched(curp, targetp); + if (error) + goto out; +#endif + + external = (curp == targetp) ? TASK_POLICY_INTERNAL : TASK_POLICY_EXTERNAL; + + switch (priority) { + case PRIO_DARWIN_BG: + enable = TASK_POLICY_ENABLE; + break; + case PRIO_DARWIN_NONUI: + /* ignored for compatibility */ + goto out; + default: + /* TODO: EINVAL if priority != 0 */ + enable = TASK_POLICY_DISABLE; + break; + } + + proc_set_task_policy(proc_task(targetp), THREAD_NULL, external, TASK_POLICY_DARWIN_BG, enable); + +out: + kauth_cred_unref(&target_cred); + return (error); +} +static void +do_background_socket(struct proc *p, thread_t thread) +{ +#if SOCKETS + struct filedesc *fdp; + struct fileproc *fp; + int i, background; + + proc_fdlock(p); + + if (thread != THREAD_NULL) + background = proc_get_effective_thread_policy(thread, TASK_POLICY_ALL_SOCKETS_BG); + else + background = proc_get_effective_task_policy(proc_task(p), TASK_POLICY_ALL_SOCKETS_BG); + + if (background) { + /* + * For PRIO_DARWIN_PROCESS (thread is NULL), simply mark + * the sockets with the background flag. There's nothing + * to do here for the PRIO_DARWIN_THREAD case. + */ + if (thread == THREAD_NULL) { + fdp = p->p_fd; + + for (i = 0; i < fdp->fd_nfiles; i++) { + struct socket *sockp; + + fp = fdp->fd_ofiles[i]; + if (fp == NULL || (fdp->fd_ofileflags[i] & UF_RESERVED) != 0 || + FILEGLOB_DTYPE(fp->f_fglob) != DTYPE_SOCKET) { + continue; + } + sockp = (struct socket *)fp->f_fglob->fg_data; + socket_set_traffic_mgt_flags(sockp, TRAFFIC_MGT_SO_BACKGROUND); + sockp->so_background_thread = NULL; + } + } + } else { /* disable networking IO throttle. * NOTE - It is a known limitation of the current design that we * could potentially clear TRAFFIC_MGT_SO_BACKGROUND bit for * sockets created by other threads within this process. */ - proc_fdlock(curp); - fdp = curp->p_fd; + fdp = p->p_fd; for ( i = 0; i < fdp->fd_nfiles; i++ ) { - struct socket *sockp; - + struct socket *sockp; + fp = fdp->fd_ofiles[ i ]; - if ( fp == NULL || (fdp->fd_ofileflags[ i ] & UF_RESERVED) != 0 || - fp->f_fglob->fg_type != DTYPE_SOCKET ) { + if ( fp == NULL || (fdp->fd_ofileflags[ i ] & UF_RESERVED) != 0 || + FILEGLOB_DTYPE(fp->f_fglob) != DTYPE_SOCKET ) { continue; } sockp = (struct socket *)fp->f_fglob->fg_data; - if ( sockp->so_background_thread != thread ) { + /* skip if only clearing this thread's sockets */ + if ((thread) && (sockp->so_background_thread != thread)) { continue; } - sockp->so_traffic_mgt_flags &= ~TRAFFIC_MGT_SO_BACKGROUND; + socket_clear_traffic_mgt_flags(sockp, TRAFFIC_MGT_SO_BACKGROUND); sockp->so_background_thread = NULL; } - proc_fdunlock(curp); + } - return(0); + proc_fdunlock(p); +#else +#pragma unused(p, thread) +#endif +} + + +/* + * do_background_thread + * Returns: 0 Success + * EPERM Tried to background while in vfork + * XXX - todo - does this need a MACF hook? + */ +static int +do_background_thread(struct proc *curp, thread_t thread, int priority) +{ + struct uthread *ut; + int enable, external; + int rv = 0; + + ut = get_bsdthread_info(thread); + + /* Backgrounding is unsupported for threads in vfork */ + if ((ut->uu_flag & UT_VFORK) != 0) + return(EPERM); + + if (thread_is_static_param(thread)) { + return(EPERM); } - - /* background this thread */ - if ( (ut->uu_flag & UT_BACKGROUND) != 0 ) { - /* already backgrounded */ - return(0); + + /* Not allowed to combine QoS and DARWIN_BG, doing so strips the QoS */ + if (thread_has_qos_policy(thread)) { + thread_remove_qos_policy(thread); + rv = EIDRM; } - /* tag thread as background and throttle disk IO */ - ut->uu_flag |= UT_BACKGROUND; - ut->uu_iopol_disk = IOPOL_THROTTLE; + /* TODO: Fail if someone passes something besides 0 or PRIO_DARWIN_BG */ + enable = (priority == PRIO_DARWIN_BG) ? TASK_POLICY_ENABLE : TASK_POLICY_DISABLE; + external = (current_thread() == thread) ? TASK_POLICY_INTERNAL : TASK_POLICY_EXTERNAL; - policy.importance = INT_MIN; - thread_policy_set( thread, THREAD_PRECEDENCE_POLICY, - (thread_policy_t)&policy, - THREAD_PRECEDENCE_POLICY_COUNT ); - - /* throttle networking IO happens in socket( ) syscall. - * If UT_BACKGROUND is set in the current thread then - * TRAFFIC_MGT_SO_BACKGROUND socket option is set. - */ - return(0); + proc_set_task_policy_thread(curp->task, thread_tid(thread), external, + TASK_POLICY_DARWIN_BG, enable); + + return rv; } @@ -654,12 +1015,7 @@ dosetrlimit(struct proc *p, u_int which, struct rlimit *limp) size = round_page_64(limp->rlim_cur); size -= round_page_64(alimp->rlim_cur); -#if STACK_GROWTH_UP - /* go to top of current stack */ - addr = p->user_stack + round_page_64(alimp->rlim_cur); -#else /* STACK_GROWTH_UP */ addr = p->user_stack - round_page_64(limp->rlim_cur); -#endif /* STACK_GROWTH_UP */ kr = mach_vm_protect(current_map(), addr, size, FALSE, VM_PROT_DEFAULT); @@ -681,28 +1037,6 @@ dosetrlimit(struct proc *p, u_int which, struct rlimit *limp) */ cur_sp = thread_adjuserstack(current_thread(), 0); -#if STACK_GROWTH_UP - if (cur_sp >= p->user_stack && - cur_sp < (p->user_stack + - round_page_64(alimp->rlim_cur))) { - /* current stack pointer is in main stack */ - if (cur_sp >= (p->user_stack + - round_page_64(limp->rlim_cur))) { - /* - * New limit would cause - * current usage to be invalid: - * reject new limit. - */ - error = EINVAL; - goto out; - } - } else { - /* not on the main stack: reject */ - error = EINVAL; - goto out; - } - -#else /* STACK_GROWTH_UP */ if (cur_sp <= p->user_stack && cur_sp > (p->user_stack - round_page_64(alimp->rlim_cur))) { @@ -722,16 +1056,11 @@ dosetrlimit(struct proc *p, u_int which, struct rlimit *limp) error = EINVAL; goto out; } -#endif /* STACK_GROWTH_UP */ size = round_page_64(alimp->rlim_cur); size -= round_page_64(limp->rlim_cur); -#if STACK_GROWTH_UP - addr = p->user_stack + round_page_64(limp->rlim_cur); -#else /* STACK_GROWTH_UP */ addr = p->user_stack - round_page_64(alimp->rlim_cur); -#endif /* STACK_GROWTH_UP */ kr = mach_vm_protect(current_map(), addr, size, @@ -753,7 +1082,7 @@ dosetrlimit(struct proc *p, u_int which, struct rlimit *limp) * because historically, people have been able to attempt to * set RLIM_INFINITY to get "whatever the maximum is". */ - if ( is_suser() ) { + if ( kauth_cred_issuser(kauth_cred_get()) ) { if (limp->rlim_cur != alimp->rlim_cur && limp->rlim_cur > (rlim_t)maxfiles) { if (posix) { @@ -787,7 +1116,7 @@ dosetrlimit(struct proc *p, u_int which, struct rlimit *limp) * systemwide resource; all others are limited to * maxprocperuid (presumably less than maxproc). */ - if ( is_suser() ) { + if ( kauth_cred_issuser(kauth_cred_get()) ) { if (limp->rlim_cur > (rlim_t)maxproc) limp->rlim_cur = maxproc; if (limp->rlim_max > (rlim_t)maxproc) @@ -855,15 +1184,15 @@ calcru(struct proc *p, struct timeval *up, struct timeval *sp, struct timeval *i task = p->task; if (task) { - task_basic_info_32_data_t tinfo; + mach_task_basic_info_data_t tinfo; task_thread_times_info_data_t ttimesinfo; task_events_info_data_t teventsinfo; mach_msg_type_number_t task_info_count, task_ttimes_count; mach_msg_type_number_t task_events_count; struct timeval ut,st; - task_info_count = TASK_BASIC_INFO_32_COUNT; - task_info(task, TASK_BASIC2_INFO_32, + task_info_count = MACH_TASK_BASIC_INFO_COUNT; + task_info(task, MACH_TASK_BASIC_INFO, (task_info_t)&tinfo, &task_info_count); ut.tv_sec = tinfo.user_time.seconds; ut.tv_usec = tinfo.user_time.microseconds; @@ -899,7 +1228,7 @@ calcru(struct proc *p, struct timeval *up, struct timeval *sp, struct timeval *i if (p->p_stats->p_ru.ru_nivcsw < 0) p->p_stats->p_ru.ru_nivcsw = 0; - p->p_stats->p_ru.ru_maxrss = tinfo.resident_size; + p->p_stats->p_ru.ru_maxrss = tinfo.resident_size_max; } } @@ -970,6 +1299,31 @@ ruadd(struct rusage *ru, struct rusage *ru2) *ip++ += *ip2++; } +/* + * Add the rusage stats of child in parent. + * + * It adds rusage statistics of child process and statistics of all its + * children to its parent. + * + * Note: proc lock of parent should be held while calling this function. + */ +void +update_rusage_info_child(struct rusage_info_child *ri, rusage_info_current *ri_current) +{ + ri->ri_child_user_time += (ri_current->ri_user_time + + ri_current->ri_child_user_time); + ri->ri_child_system_time += (ri_current->ri_system_time + + ri_current->ri_child_system_time); + ri->ri_child_pkg_idle_wkups += (ri_current->ri_pkg_idle_wkups + + ri_current->ri_child_pkg_idle_wkups); + ri->ri_child_interrupt_wkups += (ri_current->ri_interrupt_wkups + + ri_current->ri_child_interrupt_wkups); + ri->ri_child_pageins += (ri_current->ri_pageins + + ri_current->ri_child_pageins); + ri->ri_child_elapsed_abstime += ((ri_current->ri_proc_exit_abstime - + ri_current->ri_proc_start_abstime) + ri_current->ri_child_elapsed_abstime); +} + void proc_limitget(proc_t p, int which, struct rlimit * limp) { @@ -1075,7 +1429,6 @@ proc_limitreplace(proc_t p) return(0); } - /* * iopolicysys * @@ -1088,99 +1441,536 @@ proc_limitreplace(proc_t p) * EINVAL Invalid command or invalid policy arguments * */ + +static int +iopolicysys_disk(struct proc *p, int cmd, int scope, int policy, struct _iopol_param_t *iop_param); +static int +iopolicysys_vfs(struct proc *p, int cmd, int scope, int policy, struct _iopol_param_t *iop_param); + int -iopolicysys(__unused struct proc *p, __unused struct iopolicysys_args *uap, __unused int32_t *retval) +iopolicysys(struct proc *p, struct iopolicysys_args *uap, int32_t *retval) { - int error = 0; - thread_t thread = THREAD_NULL; - int *policy; - struct uthread *ut = NULL; + int error = 0; struct _iopol_param_t iop_param; if ((error = copyin(uap->arg, &iop_param, sizeof(iop_param))) != 0) - goto exit; + goto out; - if (iop_param.iop_iotype != IOPOL_TYPE_DISK) { - error = EINVAL; - goto exit; + switch (iop_param.iop_iotype) { + case IOPOL_TYPE_DISK: + error = iopolicysys_disk(p, uap->cmd, iop_param.iop_scope, iop_param.iop_policy, &iop_param); + if (error == EIDRM) { + *retval = -2; + error = 0; + } + if (error) + goto out; + break; + case IOPOL_TYPE_VFS_HFS_CASE_SENSITIVITY: + error = iopolicysys_vfs(p, uap->cmd, iop_param.iop_scope, iop_param.iop_policy, &iop_param); + if (error) + goto out; + break; + default: + error = EINVAL; + goto out; } - switch (iop_param.iop_scope) { - case IOPOL_SCOPE_PROCESS: - policy = &p->p_iopol_disk; - break; - case IOPOL_SCOPE_THREAD: - thread = current_thread(); - ut = get_bsdthread_info(thread); - policy = &ut->uu_iopol_disk; - break; - default: - error = EINVAL; - goto exit; + /* Individual iotype handlers are expected to update iop_param, if requested with a GET command */ + if (uap->cmd == IOPOL_CMD_GET) { + error = copyout((caddr_t)&iop_param, uap->arg, sizeof(iop_param)); + if (error) + goto out; } - - switch(uap->cmd) { - case IOPOL_CMD_SET: - switch (iop_param.iop_policy) { - case IOPOL_DEFAULT: - case IOPOL_NORMAL: - case IOPOL_THROTTLE: - case IOPOL_PASSIVE: - proc_lock(p); - *policy = iop_param.iop_policy; - proc_unlock(p); + +out: + return (error); +} + +static int +iopolicysys_disk(struct proc *p __unused, int cmd, int scope, int policy, struct _iopol_param_t *iop_param) +{ + int error = 0; + thread_t thread; + int policy_flavor; + + /* Validate scope */ + switch (scope) { + case IOPOL_SCOPE_PROCESS: + thread = THREAD_NULL; + policy_flavor = TASK_POLICY_IOPOL; + break; + + case IOPOL_SCOPE_THREAD: + thread = current_thread(); + policy_flavor = TASK_POLICY_IOPOL; + + /* Not allowed to combine QoS and (non-PASSIVE) IO policy, doing so strips the QoS */ + if (cmd == IOPOL_CMD_SET && thread_has_qos_policy(thread)) { + switch (policy) { + case IOPOL_DEFAULT: + case IOPOL_PASSIVE: + break; + case IOPOL_UTILITY: + case IOPOL_THROTTLE: + case IOPOL_IMPORTANT: + case IOPOL_STANDARD: + if (!thread_is_static_param(thread)) { + thread_remove_qos_policy(thread); + /* + * This is not an error case, this is to return a marker to user-space that + * we stripped the thread of its QoS class. + */ + error = EIDRM; + break; + } + /* otherwise, fall through to the error case. */ + default: + error = EINVAL; + goto out; + } + } + break; + + case IOPOL_SCOPE_DARWIN_BG: + thread = THREAD_NULL; + policy_flavor = TASK_POLICY_DARWIN_BG_IOPOL; break; + default: error = EINVAL; - goto exit; + goto out; + } + + /* Validate policy */ + if (cmd == IOPOL_CMD_SET) { + switch (policy) { + case IOPOL_DEFAULT: + if (scope == IOPOL_SCOPE_DARWIN_BG) { + /* the current default BG throttle level is UTILITY */ + policy = IOPOL_UTILITY; + } else { + policy = IOPOL_IMPORTANT; + } + break; + case IOPOL_UTILITY: + /* fall-through */ + case IOPOL_THROTTLE: + /* These levels are OK */ + break; + case IOPOL_IMPORTANT: + /* fall-through */ + case IOPOL_STANDARD: + /* fall-through */ + case IOPOL_PASSIVE: + if (scope == IOPOL_SCOPE_DARWIN_BG) { + /* These levels are invalid for BG */ + error = EINVAL; + goto out; + } else { + /* OK for other scopes */ + } + break; + default: + error = EINVAL; + goto out; } - break; - case IOPOL_CMD_GET: - switch (*policy) { - case IOPOL_DEFAULT: - case IOPOL_NORMAL: - case IOPOL_THROTTLE: - case IOPOL_PASSIVE: - iop_param.iop_policy = *policy; + } + + /* Perform command */ + switch(cmd) { + case IOPOL_CMD_SET: + proc_set_task_policy(current_task(), thread, + TASK_POLICY_INTERNAL, policy_flavor, + policy); + break; + case IOPOL_CMD_GET: + policy = proc_get_task_policy(current_task(), thread, + TASK_POLICY_INTERNAL, policy_flavor); + + iop_param->iop_policy = policy; + break; + default: + error = EINVAL; /* unknown command */ break; - default: // in-kernel - // this should never happen - printf("%s: unknown I/O policy %d\n", __func__, *policy); - // restore to default value - *policy = IOPOL_DEFAULT; - iop_param.iop_policy = *policy; + } + +out: + return (error); +} + +static int +iopolicysys_vfs(struct proc *p, int cmd, int scope, int policy, struct _iopol_param_t *iop_param) +{ + int error = 0; + + /* Validate scope */ + switch (scope) { + case IOPOL_SCOPE_PROCESS: + /* Only process OK */ + break; + default: + error = EINVAL; + goto out; + } + + /* Validate policy */ + if (cmd == IOPOL_CMD_SET) { + switch (policy) { + case IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT: + /* fall-through */ + case IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE: + /* These policies are OK */ + break; + default: + error = EINVAL; + goto out; } + } + + /* Perform command */ + switch(cmd) { + case IOPOL_CMD_SET: + if (0 == kauth_cred_issuser(kauth_cred_get())) { + error = EPERM; + goto out; + } + + switch (policy) { + case IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT: + OSBitAndAtomic16(~((uint32_t)P_VFS_IOPOLICY_FORCE_HFS_CASE_SENSITIVITY), &p->p_vfs_iopolicy); + break; + case IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE: + OSBitOrAtomic16((uint32_t)P_VFS_IOPOLICY_FORCE_HFS_CASE_SENSITIVITY, &p->p_vfs_iopolicy); + break; + default: + error = EINVAL; + goto out; + } + + break; + case IOPOL_CMD_GET: + iop_param->iop_policy = (p->p_vfs_iopolicy & P_VFS_IOPOLICY_FORCE_HFS_CASE_SENSITIVITY) + ? IOPOL_VFS_HFS_CASE_SENSITIVITY_FORCE_CASE_SENSITIVE + : IOPOL_VFS_HFS_CASE_SENSITIVITY_DEFAULT; + break; + default: + error = EINVAL; /* unknown command */ + break; + } + +out: + return (error); +} + +/* BSD call back function for task_policy */ +void proc_apply_task_networkbg(void * bsd_info, thread_t thread); + +void +proc_apply_task_networkbg(void * bsd_info, thread_t thread) +{ + assert(bsd_info != PROC_NULL); + + pid_t pid = proc_pid((proc_t)bsd_info); + + proc_t p = proc_find(pid); + + if (p != PROC_NULL) { + assert(p == (proc_t)bsd_info); + + do_background_socket(p, thread); + proc_rele(p); + } +} + +void +gather_rusage_info(proc_t p, rusage_info_current *ru, int flavor) +{ + struct rusage_info_child *ri_child; + + assert(p->p_stats != NULL); + switch(flavor) { + + case RUSAGE_INFO_V3: + fill_task_qos_rusage(p->task, ru); + fill_task_billed_usage(p->task, ru); + /* fall through */ + + case RUSAGE_INFO_V2: + fill_task_io_rusage(p->task, ru); + /* fall through */ + + case RUSAGE_INFO_V1: + /* + * p->p_stats->ri_child statistics are protected under proc lock. + */ + proc_lock(p); - error = copyout((caddr_t)&iop_param, uap->arg, sizeof(iop_param)); + ri_child = &(p->p_stats->ri_child); + ru->ri_child_user_time = ri_child->ri_child_user_time; + ru->ri_child_system_time = ri_child->ri_child_system_time; + ru->ri_child_pkg_idle_wkups = ri_child->ri_child_pkg_idle_wkups; + ru->ri_child_interrupt_wkups = ri_child->ri_child_interrupt_wkups; + ru->ri_child_pageins = ri_child->ri_child_pageins; + ru->ri_child_elapsed_abstime = ri_child->ri_child_elapsed_abstime; + + proc_unlock(p); + /* fall through */ + + case RUSAGE_INFO_V0: + proc_getexecutableuuid(p, (unsigned char *)&ru->ri_uuid, sizeof (ru->ri_uuid)); + fill_task_rusage(p->task, ru); + ru->ri_proc_start_abstime = p->p_stats->ps_start; + } +} + +static void +rusage_info_conversion(rusage_info_t ri_info, rusage_info_current *ri_current, int flavor) +{ + struct rusage_info_v0 *ri_v0; + struct rusage_info_v1 *ri_v1; + struct rusage_info_v2 *ri_v2; + + switch (flavor) { + + case RUSAGE_INFO_V2: + ri_v2 = (struct rusage_info_v2 *)ri_info; + ri_v2->ri_diskio_bytesread = ri_current->ri_diskio_bytesread; + ri_v2->ri_diskio_byteswritten = ri_current->ri_diskio_byteswritten; + /* fall through */ + + case RUSAGE_INFO_V1: + ri_v1 = (struct rusage_info_v1 *)ri_info; + ri_v1->ri_child_user_time = ri_current->ri_child_user_time; + ri_v1->ri_child_system_time = ri_current->ri_child_system_time; + ri_v1->ri_child_pkg_idle_wkups = ri_current->ri_child_pkg_idle_wkups; + ri_v1->ri_child_interrupt_wkups = ri_current->ri_child_interrupt_wkups; + ri_v1->ri_child_pageins = ri_current->ri_child_pageins; + ri_v1->ri_child_elapsed_abstime = ri_current->ri_child_elapsed_abstime; + /* fall through */ + + case RUSAGE_INFO_V0: + ri_v0 = (struct rusage_info_v0 *)ri_info; + memcpy(&ri_v0->ri_uuid[0], &ri_current->ri_uuid[0], sizeof(ri_v0->ri_uuid)); + ri_v0->ri_user_time = ri_current->ri_user_time; + ri_v0->ri_system_time = ri_current->ri_system_time; + ri_v0->ri_pkg_idle_wkups = ri_current->ri_pkg_idle_wkups; + ri_v0->ri_interrupt_wkups = ri_current->ri_interrupt_wkups; + ri_v0->ri_pageins = ri_current->ri_pageins; + ri_v0->ri_wired_size = ri_current->ri_wired_size; + ri_v0->ri_resident_size = ri_current->ri_resident_size; + ri_v0->ri_phys_footprint = ri_current->ri_phys_footprint; + ri_v0->ri_proc_start_abstime = ri_current->ri_proc_start_abstime; + ri_v0->ri_proc_exit_abstime = ri_current->ri_proc_exit_abstime; + break; + default: - error = EINVAL; // unknown command break; } +} - exit: - *retval = error; - return (error); + +int +proc_get_rusage(proc_t p, int flavor, user_addr_t buffer, __unused int is_zombie) +{ + struct rusage_info_v0 ri_v0; + struct rusage_info_v1 ri_v1; + struct rusage_info_v2 ri_v2; + struct rusage_info_v3 ri_v3; + + rusage_info_current ri_current; + + int error = 0; + + switch (flavor) { + case RUSAGE_INFO_V0: + /* + * If task is still alive, collect info from the live task itself. + * Otherwise, look to the cached info in the zombie proc. + */ + if (p->p_ru == NULL) { + gather_rusage_info(p, &ri_current, flavor); + ri_current.ri_proc_exit_abstime = 0; + rusage_info_conversion(&ri_v0, &ri_current, flavor); + } else { + rusage_info_conversion(&ri_v0, &p->p_ru->ri, flavor); + } + error = copyout(&ri_v0, buffer, sizeof (ri_v0)); + break; + + case RUSAGE_INFO_V1: + /* + * If task is still alive, collect info from the live task itself. + * Otherwise, look to the cached info in the zombie proc. + */ + if (p->p_ru == NULL) { + gather_rusage_info(p, &ri_current, flavor); + ri_current.ri_proc_exit_abstime = 0; + rusage_info_conversion(&ri_v1, &ri_current, flavor); + } else { + rusage_info_conversion(&ri_v1, &p->p_ru->ri, flavor); + } + error = copyout(&ri_v1, buffer, sizeof (ri_v1)); + break; + + case RUSAGE_INFO_V2: + /* + * If task is still alive, collect info from the live task itself. + * Otherwise, look to the cached info in the zombie proc. + */ + if (p->p_ru == NULL) { + gather_rusage_info(p, &ri_current, flavor); + ri_current.ri_proc_exit_abstime = 0; + rusage_info_conversion(&ri_v2, &ri_current, flavor); + } else { + rusage_info_conversion(&ri_v2, &p->p_ru->ri, flavor); + } + error = copyout(&ri_v2, buffer, sizeof (ri_v2)); + break; + + case RUSAGE_INFO_V3: + /* + * If task is still alive, collect info from the live task itself. + * Otherwise, look to the cached info in the zombie proc. + */ + if (p->p_ru == NULL) { + gather_rusage_info(p, &ri_v3, flavor); + ri_v3.ri_proc_exit_abstime = 0; + } else { + ri_v3 = p->p_ru->ri; + } + error = copyout(&ri_v3, buffer, sizeof (ri_v3)); + break; + + default: + error = EINVAL; + break; + } + + return (error); } +static int +mach_to_bsd_rv(int mach_rv) +{ + int bsd_rv = 0; -boolean_t thread_is_io_throttled(void); + switch (mach_rv) { + case KERN_SUCCESS: + bsd_rv = 0; + break; + case KERN_INVALID_ARGUMENT: + bsd_rv = EINVAL; + break; + default: + panic("unknown error %#x", mach_rv); + } -boolean_t -thread_is_io_throttled(void) { + return bsd_rv; +} - int policy; - struct uthread *ut; +/* + * Resource limit controls + * + * uap->flavor available flavors: + * + * RLIMIT_WAKEUPS_MONITOR + */ +int +proc_rlimit_control(__unused struct proc *p, struct proc_rlimit_control_args *uap, __unused int32_t *retval) +{ + proc_t targetp; + int error = 0; + struct proc_rlimit_control_wakeupmon wakeupmon_args; + uint32_t cpumon_flags; + uint32_t cpulimits_flags; + kauth_cred_t my_cred, target_cred; + + /* -1 implicitly means our own process (perhaps even the current thread for per-thread attributes) */ + if (uap->pid == -1) { + targetp = proc_self(); + } else { + targetp = proc_find(uap->pid); + } - policy = current_proc()->p_iopol_disk; + /* proc_self() can return NULL for an exiting process */ + if (targetp == PROC_NULL) { + return (ESRCH); + } - ut = get_bsdthread_info(current_thread()); + my_cred = kauth_cred_get(); + target_cred = kauth_cred_proc_ref(targetp); - if (ut->uu_iopol_disk != IOPOL_DEFAULT) - policy = ut->uu_iopol_disk; + if (!kauth_cred_issuser(my_cred) && kauth_cred_getruid(my_cred) && + kauth_cred_getuid(my_cred) != kauth_cred_getuid(target_cred) && + kauth_cred_getruid(my_cred) != kauth_cred_getuid(target_cred)) { + proc_rele(targetp); + kauth_cred_unref(&target_cred); + return (EACCES); + } - if (policy == IOPOL_THROTTLE) - return TRUE; + switch (uap->flavor) { + case RLIMIT_WAKEUPS_MONITOR: + if ((error = copyin(uap->arg, &wakeupmon_args, sizeof (wakeupmon_args))) != 0) { + break; + } + if ((error = mach_to_bsd_rv(task_wakeups_monitor_ctl(targetp->task, &wakeupmon_args.wm_flags, + &wakeupmon_args.wm_rate))) != 0) { + break; + } + error = copyout(&wakeupmon_args, uap->arg, sizeof (wakeupmon_args)); + break; + case RLIMIT_CPU_USAGE_MONITOR: + cpumon_flags = uap->arg; // XXX temporarily stashing flags in argp (12592127) + error = mach_to_bsd_rv(task_cpu_usage_monitor_ctl(targetp->task, &cpumon_flags)); + break; + case RLIMIT_THREAD_CPULIMITS: + cpulimits_flags = (uint32_t)uap->arg; // only need a limited set of bits, pass in void * argument + + if (uap->pid != -1) { + error = EINVAL; + break; + } + + uint8_t percent = 0; + uint32_t ms_refill = 0; + uint64_t ns_refill; - return FALSE; + percent = (uint8_t)(cpulimits_flags & 0xffU); /* low 8 bits for percent */ + ms_refill = (cpulimits_flags >> 8) & 0xffffff; /* next 24 bits represent ms refill value */ + if (percent >= 100) { + error = EINVAL; + break; + } + + ns_refill = ((uint64_t)ms_refill) * NSEC_PER_MSEC; + + error = mach_to_bsd_rv(thread_set_cpulimit(THREAD_CPULIMIT_BLOCK, percent, ns_refill)); + break; + default: + error = EINVAL; + break; + } + + proc_rele(targetp); + kauth_cred_unref(&target_cred); + + /* + * Return value from this function becomes errno to userland caller. + */ + return (error); +} + +/* + * Return the current amount of CPU consumed by this thread (in either user or kernel mode) + */ +int thread_selfusage(struct proc *p __unused, struct thread_selfusage_args *uap __unused, uint64_t *retval) +{ + uint64_t runtime; + + runtime = thread_get_runtime_self(); + *retval = runtime; + + return (0); }