Sat Oct 3 01:30:25 2009 UTC ()
Move sched policy back to the subsystem.


(elad)
diff -r1.267 -r1.268 src/sys/kern/kern_synch.c
diff -r1.17 -r1.18 src/sys/secmodel/suser/secmodel_suser.c
cvs diff -r1.267 -r1.268 src/sys/kern/kern_synch.c (expand / switch to unified diff)

--- src/sys/kern/kern_synch.c 2009/07/19 10:11:55 1.267
+++ src/sys/kern/kern_synch.c 2009/10/03 01:30:25 1.268
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: kern_synch.c,v 1.267 2009/07/19 10:11:55 yamt Exp $ */ 1/* $NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009 4 * Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009
5 * The NetBSD Foundation, Inc. 5 * The NetBSD Foundation, Inc.
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * This code is derived from software contributed to The NetBSD Foundation 8 * This code is derived from software contributed to The NetBSD Foundation
9 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, 9 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
10 * NASA Ames Research Center, by Charles M. Hannum, Andrew Doran and 10 * NASA Ames Research Center, by Charles M. Hannum, Andrew Doran and
11 * Daniel Sieger. 11 * Daniel Sieger.
12 * 12 *
13 * Redistribution and use in source and binary forms, with or without 13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions 14 * modification, are permitted provided that the following conditions
@@ -59,27 +59,27 @@ @@ -59,27 +59,27 @@
59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
66 * SUCH DAMAGE. 66 * SUCH DAMAGE.
67 * 67 *
68 * @(#)kern_synch.c 8.9 (Berkeley) 5/19/95 68 * @(#)kern_synch.c 8.9 (Berkeley) 5/19/95
69 */ 69 */
70 70
71#include <sys/cdefs.h> 71#include <sys/cdefs.h>
72__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.267 2009/07/19 10:11:55 yamt Exp $"); 72__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $");
73 73
74#include "opt_kstack.h" 74#include "opt_kstack.h"
75#include "opt_perfctrs.h" 75#include "opt_perfctrs.h"
76#include "opt_sa.h" 76#include "opt_sa.h"
77 77
78#define __MUTEX_PRIVATE 78#define __MUTEX_PRIVATE
79 79
80#include <sys/param.h> 80#include <sys/param.h>
81#include <sys/systm.h> 81#include <sys/systm.h>
82#include <sys/proc.h> 82#include <sys/proc.h>
83#include <sys/kernel.h> 83#include <sys/kernel.h>
84#if defined(PERFCTRS) 84#if defined(PERFCTRS)
85#include <sys/pmc.h> 85#include <sys/pmc.h>
@@ -87,26 +87,27 @@ __KERNEL_RCSID(0, "$NetBSD: kern_synch.c @@ -87,26 +87,27 @@ __KERNEL_RCSID(0, "$NetBSD: kern_synch.c
87#include <sys/cpu.h> 87#include <sys/cpu.h>
88#include <sys/resourcevar.h> 88#include <sys/resourcevar.h>
89#include <sys/sched.h> 89#include <sys/sched.h>
90#include <sys/sa.h> 90#include <sys/sa.h>
91#include <sys/savar.h> 91#include <sys/savar.h>
92#include <sys/syscall_stats.h> 92#include <sys/syscall_stats.h>
93#include <sys/sleepq.h> 93#include <sys/sleepq.h>
94#include <sys/lockdebug.h> 94#include <sys/lockdebug.h>
95#include <sys/evcnt.h> 95#include <sys/evcnt.h>
96#include <sys/intr.h> 96#include <sys/intr.h>
97#include <sys/lwpctl.h> 97#include <sys/lwpctl.h>
98#include <sys/atomic.h> 98#include <sys/atomic.h>
99#include <sys/simplelock.h> 99#include <sys/simplelock.h>
 100#include <sys/kauth.h>
100 101
101#include <uvm/uvm_extern.h> 102#include <uvm/uvm_extern.h>
102 103
103#include <dev/lockstat.h> 104#include <dev/lockstat.h>
104 105
105static u_int sched_unsleep(struct lwp *, bool); 106static u_int sched_unsleep(struct lwp *, bool);
106static void sched_changepri(struct lwp *, pri_t); 107static void sched_changepri(struct lwp *, pri_t);
107static void sched_lendpri(struct lwp *, pri_t); 108static void sched_lendpri(struct lwp *, pri_t);
108static void resched_cpu(struct lwp *); 109static void resched_cpu(struct lwp *);
109 110
110syncobj_t sleep_syncobj = { 111syncobj_t sleep_syncobj = {
111 SOBJ_SLEEPQ_SORTED, 112 SOBJ_SLEEPQ_SORTED,
112 sleepq_unsleep, 113 sleepq_unsleep,
@@ -117,57 +118,111 @@ syncobj_t sleep_syncobj = { @@ -117,57 +118,111 @@ syncobj_t sleep_syncobj = {
117 118
118syncobj_t sched_syncobj = { 119syncobj_t sched_syncobj = {
119 SOBJ_SLEEPQ_SORTED, 120 SOBJ_SLEEPQ_SORTED,
120 sched_unsleep, 121 sched_unsleep,
121 sched_changepri, 122 sched_changepri,
122 sched_lendpri, 123 sched_lendpri,
123 syncobj_noowner, 124 syncobj_noowner,
124}; 125};
125 126
126callout_t sched_pstats_ch; 127callout_t sched_pstats_ch;
127unsigned sched_pstats_ticks; 128unsigned sched_pstats_ticks;
128kcondvar_t lbolt; /* once a second sleep address */ 129kcondvar_t lbolt; /* once a second sleep address */
129 130
 131kauth_listener_t sched_listener;
 132
130/* Preemption event counters */ 133/* Preemption event counters */
131static struct evcnt kpreempt_ev_crit; 134static struct evcnt kpreempt_ev_crit;
132static struct evcnt kpreempt_ev_klock; 135static struct evcnt kpreempt_ev_klock;
133static struct evcnt kpreempt_ev_immed; 136static struct evcnt kpreempt_ev_immed;
134 137
135/* 138/*
136 * During autoconfiguration or after a panic, a sleep will simply lower the 139 * During autoconfiguration or after a panic, a sleep will simply lower the
137 * priority briefly to allow interrupts, then return. The priority to be 140 * priority briefly to allow interrupts, then return. The priority to be
138 * used (safepri) is machine-dependent, thus this value is initialized and 141 * used (safepri) is machine-dependent, thus this value is initialized and
139 * maintained in the machine-dependent layers. This priority will typically 142 * maintained in the machine-dependent layers. This priority will typically
140 * be 0, or the lowest priority that is safe for use on the interrupt stack; 143 * be 0, or the lowest priority that is safe for use on the interrupt stack;
141 * it can be made higher to block network software interrupts after panics. 144 * it can be made higher to block network software interrupts after panics.
142 */ 145 */
143int safepri; 146int safepri;
144 147
 148static int
 149sched_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
 150 void *arg0, void *arg1, void *arg2, void *arg3)
 151{
 152 struct proc *p;
 153 int result;
 154
 155 result = KAUTH_RESULT_DEFER;
 156 p = arg0;
 157
 158 switch (action) {
 159 case KAUTH_PROCESS_SCHEDULER_GETPARAM:
 160 if (kauth_cred_uidmatch(cred, p->p_cred))
 161 result = KAUTH_RESULT_ALLOW;
 162 break;
 163
 164 case KAUTH_PROCESS_SCHEDULER_SETPARAM:
 165 if (kauth_cred_uidmatch(cred, p->p_cred)) {
 166 struct lwp *l;
 167 int policy;
 168 pri_t priority;
 169
 170 l = arg1;
 171 policy = (int)(unsigned long)arg2;
 172 priority = (pri_t)(unsigned long)arg3;
 173
 174 if ((policy == l->l_class ||
 175 (policy != SCHED_FIFO && policy != SCHED_RR)) &&
 176 priority <= l->l_priority)
 177 result = KAUTH_RESULT_ALLOW;
 178 }
 179
 180 break;
 181
 182 case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
 183 result = KAUTH_RESULT_ALLOW;
 184 break;
 185
 186 case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
 187 /* Privileged; we let the secmodel handle this. */
 188 break;
 189
 190 default:
 191 break;
 192 }
 193
 194 return result;
 195}
 196
145void 197void
146sched_init(void) 198sched_init(void)
147{ 199{
148 200
149 cv_init(&lbolt, "lbolt"); 201 cv_init(&lbolt, "lbolt");
150 callout_init(&sched_pstats_ch, CALLOUT_MPSAFE); 202 callout_init(&sched_pstats_ch, CALLOUT_MPSAFE);
151 callout_setfunc(&sched_pstats_ch, sched_pstats, NULL); 203 callout_setfunc(&sched_pstats_ch, sched_pstats, NULL);
152 204
153 evcnt_attach_dynamic(&kpreempt_ev_crit, EVCNT_TYPE_MISC, NULL, 205 evcnt_attach_dynamic(&kpreempt_ev_crit, EVCNT_TYPE_MISC, NULL,
154 "kpreempt", "defer: critical section"); 206 "kpreempt", "defer: critical section");
155 evcnt_attach_dynamic(&kpreempt_ev_klock, EVCNT_TYPE_MISC, NULL, 207 evcnt_attach_dynamic(&kpreempt_ev_klock, EVCNT_TYPE_MISC, NULL,
156 "kpreempt", "defer: kernel_lock"); 208 "kpreempt", "defer: kernel_lock");
157 evcnt_attach_dynamic(&kpreempt_ev_immed, EVCNT_TYPE_MISC, NULL, 209 evcnt_attach_dynamic(&kpreempt_ev_immed, EVCNT_TYPE_MISC, NULL,
158 "kpreempt", "immediate"); 210 "kpreempt", "immediate");
159 211
160 sched_pstats(NULL); 212 sched_pstats(NULL);
 213
 214 sched_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
 215 sched_listener_cb, NULL);
161} 216}
162 217
163/* 218/*
164 * OBSOLETE INTERFACE 219 * OBSOLETE INTERFACE
165 * 220 *
166 * General sleep call. Suspends the current LWP until a wakeup is 221 * General sleep call. Suspends the current LWP until a wakeup is
167 * performed on the specified identifier. The LWP will then be made 222 * performed on the specified identifier. The LWP will then be made
168 * runnable with the specified priority. Sleeps at most timo/hz seconds (0 223 * runnable with the specified priority. Sleeps at most timo/hz seconds (0
169 * means no timeout). If pri includes PCATCH flag, signals are checked 224 * means no timeout). If pri includes PCATCH flag, signals are checked
170 * before and after sleeping, else signals are not checked. Returns 0 if 225 * before and after sleeping, else signals are not checked. Returns 0 if
171 * awakened, EWOULDBLOCK if the timeout expires. If PCATCH is set and a 226 * awakened, EWOULDBLOCK if the timeout expires. If PCATCH is set and a
172 * signal needs to be delivered, ERESTART is returned if the current system 227 * signal needs to be delivered, ERESTART is returned if the current system
173 * call should be restarted if possible, and EINTR is returned if the system 228 * call should be restarted if possible, and EINTR is returned if the system
cvs diff -r1.17 -r1.18 src/sys/secmodel/suser/secmodel_suser.c (expand / switch to unified diff)

--- src/sys/secmodel/suser/secmodel_suser.c 2009/10/03 00:37:01 1.17
+++ src/sys/secmodel/suser/secmodel_suser.c 2009/10/03 01:30:25 1.18
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $ */ 1/* $NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $ */
2/*- 2/*-
3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> 3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4 * All rights reserved. 4 * All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products 14 * 3. The name of the author may not be used to endorse or promote products
@@ -28,27 +28,27 @@ @@ -28,27 +28,27 @@
28 28
29/* 29/*
30 * This file contains kauth(9) listeners needed to implement the traditional 30 * This file contains kauth(9) listeners needed to implement the traditional
31 * NetBSD superuser access restrictions. 31 * NetBSD superuser access restrictions.
32 * 32 *
33 * There are two main resources a request can be issued to: user-owned and 33 * There are two main resources a request can be issued to: user-owned and
34 * system owned. For the first, traditional Unix access checks are done, as 34 * system owned. For the first, traditional Unix access checks are done, as
35 * well as superuser checks. If needed, the request context is examined before 35 * well as superuser checks. If needed, the request context is examined before
36 * a decision is made. For the latter, usually only superuser checks are done 36 * a decision is made. For the latter, usually only superuser checks are done
37 * as normal users are not allowed to access system resources. 37 * as normal users are not allowed to access system resources.
38 */ 38 */
39 39
40#include <sys/cdefs.h> 40#include <sys/cdefs.h>
41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $"); 41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $");
42 42
43#include <sys/types.h> 43#include <sys/types.h>
44#include <sys/param.h> 44#include <sys/param.h>
45#include <sys/kauth.h> 45#include <sys/kauth.h>
46 46
47#include <sys/mutex.h> 47#include <sys/mutex.h>
48#include <sys/mount.h> 48#include <sys/mount.h>
49#include <sys/socketvar.h> 49#include <sys/socketvar.h>
50#include <sys/sysctl.h> 50#include <sys/sysctl.h>
51#include <sys/vnode.h> 51#include <sys/vnode.h>
52#include <sys/proc.h> 52#include <sys/proc.h>
53#include <sys/uidinfo.h> 53#include <sys/uidinfo.h>
54#include <sys/module.h> 54#include <sys/module.h>
@@ -613,56 +613,27 @@ secmodel_suser_process_cb(kauth_cred_t c @@ -613,56 +613,27 @@ secmodel_suser_process_cb(kauth_cred_t c
613 if (isroot) 613 if (isroot)
614 result = KAUTH_RESULT_ALLOW; 614 result = KAUTH_RESULT_ALLOW;
615 615
616 break; 616 break;
617 617
618 default: 618 default:
619 break; 619 break;
620 } 620 }
621 621
622 break; 622 break;
623 } 623 }
624 624
625 case KAUTH_PROCESS_SCHEDULER_GETPARAM: 625 case KAUTH_PROCESS_SCHEDULER_GETPARAM:
626 if (isroot || kauth_cred_uidmatch(cred, p->p_cred)) 
627 result = KAUTH_RESULT_ALLOW; 
628 
629 break; 
630 
631 case KAUTH_PROCESS_SCHEDULER_SETPARAM: 626 case KAUTH_PROCESS_SCHEDULER_SETPARAM:
632 if (isroot) 
633 result = KAUTH_RESULT_ALLOW; 
634 else if (kauth_cred_uidmatch(cred, p->p_cred)) { 
635 struct lwp *l; 
636 int policy; 
637 pri_t priority; 
638 
639 l = arg1; 
640 policy = (int)(unsigned long)arg2; 
641 priority = (pri_t)(unsigned long)arg3; 
642 
643 if ((policy == l->l_class || 
644 (policy != SCHED_FIFO && policy != SCHED_RR)) && 
645 priority <= l->l_priority) 
646 result = KAUTH_RESULT_ALLOW; 
647 } 
648 
649 break; 
650 
651 case KAUTH_PROCESS_SCHEDULER_GETAFFINITY: 
652 result = KAUTH_RESULT_ALLOW; 
653 
654 break; 
655 
656 case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: 627 case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
657 if (isroot) 628 if (isroot)
658 result = KAUTH_RESULT_ALLOW; 629 result = KAUTH_RESULT_ALLOW;
659 630
660 break; 631 break;
661 632
662 case KAUTH_PROCESS_SETID: 633 case KAUTH_PROCESS_SETID:
663 if (isroot) 634 if (isroot)
664 result = KAUTH_RESULT_ALLOW; 635 result = KAUTH_RESULT_ALLOW;
665 break; 636 break;
666 637
667 case KAUTH_PROCESS_STOPFLAG: 638 case KAUTH_PROCESS_STOPFLAG:
668 if (isroot || proc_uidmatch(cred, p->p_cred) == 0) { 639 if (isroot || proc_uidmatch(cred, p->p_cred) == 0) {