User: Password:
|
|
Subscribe / Log in / New account

[PATCH] nice and rt-prio rlimits

From:  Linux Kernel Mailing List <linux-kernel-AT-vger.kernel.org>
To:  bk-commits-head-AT-vger.kernel.org
Subject:  [PATCH] nice and rt-prio rlimits
Date:  Sun, 1 May 2005 10:06:23 -0700

tree bf6463200dc7e14f266b7f12807c7cbfbb6700c2
parent 9fc1427a01a9df3605e219c6de0c59c4639209a1
author Matt Mackall <mpm@selenic.com> Sun, 01 May 2005 22:59:00 -0700
committer Linus Torvalds <torvalds@ppc970.osdl.org> Sun, 01 May 2005 22:59:00
-0700

[PATCH] nice and rt-prio rlimits

Add a pair of rlimits for allowing non-root tasks to raise nice and rt
priorities. Defaults to traditional behavior. Originally written by
Chris Wright.

The patch implements a simple rlimit ceiling for the RT (and nice) priorities
a task can set.  The rlimit defaults to 0, meaning no change in behavior by
default.  A value of 50 means RT priority levels 1-50 are allowed.  A value of
100 means all 99 privilege levels from 1 to 99 are allowed.  CAP_SYS_NICE is
blanket permission.

(akpm: see http://www.uwsg.iu.edu/hypermail/linux/kernel/0503.1/1921... for
tips on integrating this with PAM).

Signed-off-by: Matt Mackall <mpm@selenic.com>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

 asm-generic/resource.h |    7 ++++++-
 linux/sched.h          |    1 +
 sched.c                |   25 +++++++++++++++++++------
 sys.c                  |    2 +-
 4 files changed, 27 insertions(+), 8 deletions(-)

Index: include/asm-generic/resource.h
===================================================================
--- 1b8b5f3644bd5e2288bc35df1b83e9b1904cd945/include/asm-generic/resource.h  (mode:100644
sha1:b1fcda9eac23d3b21ffe19135c6f4d529b4989bc)
+++ bf6463200dc7e14f266b7f12807c7cbfbb6700c2/include/asm-generic/resource.h  (mode:100644
sha1:cfe3692b23e580a01ccf0ad7a9102e854c8be792)
@@ -41,8 +41,11 @@
 #define RLIMIT_LOCKS		10	/* maximum file locks held */
 #define RLIMIT_SIGPENDING	11	/* max number of pending signals */
 #define RLIMIT_MSGQUEUE		12	/* maximum bytes in POSIX mqueues */
+#define RLIMIT_NICE		13	/* max nice prio allowed to raise to
+					   0-39 for nice level 19 .. -20 */
+#define RLIMIT_RTPRIO		14	/* maximum realtime priority */
 
-#define RLIM_NLIMITS		13
+#define RLIM_NLIMITS		15
 
 /*
  * SuS says limits have to be unsigned.
@@ -81,6 +84,8 @@
 	[RLIMIT_LOCKS]		= {  RLIM_INFINITY,  RLIM_INFINITY },	\
 	[RLIMIT_SIGPENDING]	= { 		0,	       0 },	\
 	[RLIMIT_MSGQUEUE]	= {   MQ_BYTES_MAX,   MQ_BYTES_MAX },	\
+	[RLIMIT_NICE]		= { 0, 0 },				\
+	[RLIMIT_RTPRIO]		= { 0, 0 },				\
 }
 
 #endif	/* __KERNEL__ */
Index: include/linux/sched.h
===================================================================
--- 1b8b5f3644bd5e2288bc35df1b83e9b1904cd945/include/linux/sched.h  (mode:100644
sha1:1cced971232c6fae4cbfd5148d491a7e75caf01f)
+++ bf6463200dc7e14f266b7f12807c7cbfbb6700c2/include/linux/sched.h  (mode:100644
sha1:8960f99ea12800632e193263b52c0af2ece0eae5)
@@ -845,6 +845,7 @@ extern void sched_idle_next(void);
 extern void set_user_nice(task_t *p, long nice);
 extern int task_prio(const task_t *p);
 extern int task_nice(const task_t *p);
+extern int can_nice(const task_t *p, const int nice);
 extern int task_curr(const task_t *p);
 extern int idle_cpu(int cpu);
 extern int sched_setscheduler(struct task_struct *, int, struct sched_param
*);
Index: kernel/sched.c
===================================================================
--- 1b8b5f3644bd5e2288bc35df1b83e9b1904cd945/kernel/sched.c  (mode:100644
sha1:9bb7489ee64509eca180fe3cfe755db49b153702)
+++ bf6463200dc7e14f266b7f12807c7cbfbb6700c2/kernel/sched.c  (mode:100644
sha1:5dadcc6df7dd111b94473877da3b69ae2176094a)
@@ -3223,6 +3223,19 @@ out_unlock:
 
 EXPORT_SYMBOL(set_user_nice);
 
+/*
+ * can_nice - check if a task can reduce its nice value
+ * @p: task
+ * @nice: nice value
+ */
+int can_nice(const task_t *p, const int nice)
+{
+	/* convert nice value [19,-20] to rlimit style value [0,39] */
+	int nice_rlim = 19 - nice;
+	return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur ||
+		capable(CAP_SYS_NICE));
+}
+
 #ifdef __ARCH_WANT_SYS_NICE
 
 /*
@@ -3242,12 +3255,8 @@ asmlinkage long sys_nice(int increment)
 	 * We don't have to worry. Conceptually one call occurs first
 	 * and we have a single winner.
 	 */
-	if (increment < 0) {
-		if (!capable(CAP_SYS_NICE))
-			return -EPERM;
-		if (increment < -40)
-			increment = -40;
-	}
+	if (increment < -40)
+		increment = -40;
 	if (increment > 40)
 		increment = 40;
 
@@ -3257,6 +3266,9 @@ asmlinkage long sys_nice(int increment)
 	if (nice > 19)
 		nice = 19;
 
+	if (increment < 0 && !can_nice(current, nice))
+		return -EPERM;
+
 	retval = security_task_setnice(current, nice);
 	if (retval)
 		return retval;
@@ -3372,6 +3384,7 @@ recheck:
 		return -EINVAL;
 
 	if ((policy == SCHED_FIFO || policy == SCHED_RR) &&
+	    param->sched_priority > p->signal->rlim[RLIMIT_RTPRIO].rlim_cur &&
 	    !capable(CAP_SYS_NICE))
 		return -EPERM;
 	if ((current->euid != p->euid) && (current->euid != p->uid) &&
Index: kernel/sys.c
===================================================================
--- 1b8b5f3644bd5e2288bc35df1b83e9b1904cd945/kernel/sys.c  (mode:100644
sha1:df2ddcc6863bcfd55ae808699eaf24852740047e)
+++ bf6463200dc7e14f266b7f12807c7cbfbb6700c2/kernel/sys.c  (mode:100644
sha1:7f43d6e62c7a05641e6b54fcbb9ffda74a8ffcbb)
@@ -227,7 +227,7 @@ static int set_one_prio(struct task_stru
 		error = -EPERM;
 		goto out;
 	}
-	if (niceval < task_nice(p) && !capable(CAP_SYS_NICE)) {
+	if (niceval < task_nice(p) && !can_nice(p, niceval)) {
 		error = -EACCES;
 		goto out;
 	}
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


(Log in to post comments)


Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds