src/basic/rlimit-util.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 /***
   3   Copyright 2010 Lennart Poettering
   4 ***/
   5
   6 #include <errno.h>
   7 #include <sys/resource.h>
   8
   9 #include "alloc-util.h"
  10 #include "extract-word.h"
  11 #include "format-util.h"
  12 #include "macro.h"
  13 #include "missing.h"
  14 #include "rlimit-util.h"
  15 #include "string-table.h"
  16 #include "time-util.h"
  17
  18 int setrlimit_closest(int resource, const struct rlimit *rlim) {
  19         struct rlimit highest, fixed;
  20
  21         assert(rlim);
  22
  23         if (setrlimit(resource, rlim) >= 0)
  24                 return 0;
  25
  26         if (errno != EPERM)
  27                 return -errno;
  28
  29         /* So we failed to set the desired setrlimit, then let's try
  30          * to get as close as we can */
  31         if (getrlimit(resource, &highest) < 0)
  32                 return -errno;
  33
  34         /* If the hard limit is unbounded anyway, then the EPERM had other reasons, let's propagate the original EPERM
  35          * then */
  36         if (highest.rlim_max == RLIM_INFINITY)
  37                 return -EPERM;
  38
  39         fixed.rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max);
  40         fixed.rlim_max = MIN(rlim->rlim_max, highest.rlim_max);
  41
  42         if (setrlimit(resource, &fixed) < 0)
  43                 return -errno;
  44
  45         return 0;
  46 }
  47
  48 int setrlimit_closest_all(const struct rlimit *const *rlim, int *which_failed) {
  49         int i, r;
  50
  51         assert(rlim);
  52
  53         /* On failure returns the limit's index that failed in *which_failed, but only if non-NULL */
  54
  55         for (i = 0; i < _RLIMIT_MAX; i++) {
  56                 if (!rlim[i])
  57                         continue;
  58
  59                 r = setrlimit_closest(i, rlim[i]);
  60                 if (r < 0) {
  61                         if (which_failed)
  62                                 *which_failed = i;
  63
  64                         return r;
  65                 }
  66         }
  67
  68         if (which_failed)
  69                 *which_failed = -1;
  70
  71         return 0;
  72 }
  73
  74 static int rlimit_parse_u64(const char *val, rlim_t *ret) {
  75         uint64_t u;
  76         int r;
  77
  78         assert(val);
  79         assert(ret);
  80
  81         if (streq(val, "infinity")) {
  82                 *ret = RLIM_INFINITY;
  83                 return 0;
  84         }
  85
  86         /* setrlimit(2) suggests rlim_t is always 64bit on Linux. */
  87         assert_cc(sizeof(rlim_t) == sizeof(uint64_t));
  88
  89         r = safe_atou64(val, &u);
  90         if (r < 0)
  91                 return r;
  92         if (u >= (uint64_t) RLIM_INFINITY)
  93                 return -ERANGE;
  94
  95         *ret = (rlim_t) u;
  96         return 0;
  97 }
  98
  99 static int rlimit_parse_size(const char *val, rlim_t *ret) {
 100         uint64_t u;
 101         int r;
 102
 103         assert(val);
 104         assert(ret);
 105
 106         if (streq(val, "infinity")) {
 107                 *ret = RLIM_INFINITY;
 108                 return 0;
 109         }
 110
 111         r = parse_size(val, 1024, &u);
 112         if (r < 0)
 113                 return r;
 114         if (u >= (uint64_t) RLIM_INFINITY)
 115                 return -ERANGE;
 116
 117         *ret = (rlim_t) u;
 118         return 0;
 119 }
 120
 121 static int rlimit_parse_sec(const char *val, rlim_t *ret) {
 122         uint64_t u;
 123         usec_t t;
 124         int r;
 125
 126         assert(val);
 127         assert(ret);
 128
 129         if (streq(val, "infinity")) {
 130                 *ret = RLIM_INFINITY;
 131                 return 0;
 132         }
 133
 134         r = parse_sec(val, &t);
 135         if (r < 0)
 136                 return r;
 137         if (t == USEC_INFINITY) {
 138                 *ret = RLIM_INFINITY;
 139                 return 0;
 140         }
 141
 142         u = (uint64_t) DIV_ROUND_UP(t, USEC_PER_SEC);
 143         if (u >= (uint64_t) RLIM_INFINITY)
 144                 return -ERANGE;
 145
 146         *ret = (rlim_t) u;
 147         return 0;
 148 }
 149
 150 static int rlimit_parse_usec(const char *val, rlim_t *ret) {
 151         usec_t t;
 152         int r;
 153
 154         assert(val);
 155         assert(ret);
 156
 157         if (streq(val, "infinity")) {
 158                 *ret = RLIM_INFINITY;
 159                 return 0;
 160         }
 161
 162         r = parse_time(val, &t, 1);
 163         if (r < 0)
 164                 return r;
 165         if (t == USEC_INFINITY) {
 166                 *ret = RLIM_INFINITY;
 167                 return 0;
 168         }
 169
 170         *ret = (rlim_t) t;
 171         return 0;
 172 }
 173
 174 static int rlimit_parse_nice(const char *val, rlim_t *ret) {
 175         uint64_t rl;
 176         int r;
 177
 178         /* So, Linux is weird. The range for RLIMIT_NICE is 40..1, mapping to the nice levels -20..19. However, the
 179          * RLIMIT_NICE limit defaults to 0 by the kernel, i.e. a value that maps to nice level 20, which of course is
 180          * bogus and does not exist. In order to permit parsing the RLIMIT_NICE of 0 here we hence implement a slight
 181          * asymmetry: when parsing as positive nice level we permit 0..19. When parsing as negative nice level, we
 182          * permit -20..0. But when parsing as raw resource limit value then we also allow the special value 0.
 183          *
 184          * Yeah, Linux is quality engineering sometimes... */
 185
 186         if (val[0] == '+') {
 187
 188                 /* Prefixed with "+": Parse as positive user-friendly nice value */
 189                 r = safe_atou64(val + 1, &rl);
 190                 if (r < 0)
 191                         return r;
 192
 193                 if (rl >= PRIO_MAX)
 194                         return -ERANGE;
 195
 196                 rl = 20 - rl;
 197
 198         } else if (val[0] == '-') {
 199
 200                 /* Prefixed with "-": Parse as negative user-friendly nice value */
 201                 r = safe_atou64(val + 1, &rl);
 202                 if (r < 0)
 203                         return r;
 204
 205                 if (rl > (uint64_t) (-PRIO_MIN))
 206                         return -ERANGE;
 207
 208                 rl = 20 + rl;
 209         } else {
 210
 211                 /* Not prefixed: parse as raw resource limit value */
 212                 r = safe_atou64(val, &rl);
 213                 if (r < 0)
 214                         return r;
 215
 216                 if (rl > (uint64_t) (20 - PRIO_MIN))
 217                         return -ERANGE;
 218         }
 219
 220         *ret = (rlim_t) rl;
 221         return 0;
 222 }
 223
 224 static int (*const rlimit_parse_table[_RLIMIT_MAX])(const char *val, rlim_t *ret) = {
 225         [RLIMIT_CPU] = rlimit_parse_sec,
 226         [RLIMIT_FSIZE] = rlimit_parse_size,
 227         [RLIMIT_DATA] = rlimit_parse_size,
 228         [RLIMIT_STACK] = rlimit_parse_size,
 229         [RLIMIT_CORE] = rlimit_parse_size,
 230         [RLIMIT_RSS] = rlimit_parse_size,
 231         [RLIMIT_NOFILE] = rlimit_parse_u64,
 232         [RLIMIT_AS] = rlimit_parse_size,
 233         [RLIMIT_NPROC] = rlimit_parse_u64,
 234         [RLIMIT_MEMLOCK] = rlimit_parse_size,
 235         [RLIMIT_LOCKS] = rlimit_parse_u64,
 236         [RLIMIT_SIGPENDING] = rlimit_parse_u64,
 237         [RLIMIT_MSGQUEUE] = rlimit_parse_size,
 238         [RLIMIT_NICE] = rlimit_parse_nice,
 239         [RLIMIT_RTPRIO] = rlimit_parse_u64,
 240         [RLIMIT_RTTIME] = rlimit_parse_usec,
 241 };
 242
 243 int rlimit_parse_one(int resource, const char *val, rlim_t *ret) {
 244         assert(val);
 245         assert(ret);
 246
 247         if (resource < 0)
 248                 return -EINVAL;
 249         if (resource >= _RLIMIT_MAX)
 250                 return -EINVAL;
 251
 252         return rlimit_parse_table[resource](val, ret);
 253 }
 254
 255 int rlimit_parse(int resource, const char *val, struct rlimit *ret) {
 256         _cleanup_free_ char *hard = NULL, *soft = NULL;
 257         rlim_t hl, sl;
 258         int r;
 259
 260         assert(val);
 261         assert(ret);
 262
 263         r = extract_first_word(&val, &soft, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
 264         if (r < 0)
 265                 return r;
 266         if (r == 0)
 267                 return -EINVAL;
 268
 269         r = rlimit_parse_one(resource, soft, &sl);
 270         if (r < 0)
 271                 return r;
 272
 273         r = extract_first_word(&val, &hard, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
 274         if (r < 0)
 275                 return r;
 276         if (!isempty(val))
 277                 return -EINVAL;
 278         if (r == 0)
 279                 hl = sl;
 280         else {
 281                 r = rlimit_parse_one(resource, hard, &hl);
 282                 if (r < 0)
 283                         return r;
 284                 if (sl > hl)
 285                         return -EILSEQ;
 286         }
 287
 288         *ret = (struct rlimit) {
 289                 .rlim_cur = sl,
 290                 .rlim_max = hl,
 291         };
 292
 293         return 0;
 294 }
 295
 296 int rlimit_format(const struct rlimit *rl, char **ret) {
 297         char *s = NULL;
 298
 299         assert(rl);
 300         assert(ret);
 301
 302         if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY)
 303                 s = strdup("infinity");
 304         else if (rl->rlim_cur >= RLIM_INFINITY)
 305                 (void) asprintf(&s, "infinity:" RLIM_FMT, rl->rlim_max);
 306         else if (rl->rlim_max >= RLIM_INFINITY)
 307                 (void) asprintf(&s, RLIM_FMT ":infinity", rl->rlim_cur);
 308         else if (rl->rlim_cur == rl->rlim_max)
 309                 (void) asprintf(&s, RLIM_FMT, rl->rlim_cur);
 310         else
 311                 (void) asprintf(&s, RLIM_FMT ":" RLIM_FMT, rl->rlim_cur, rl->rlim_max);
 312
 313         if (!s)
 314                 return -ENOMEM;
 315
 316         *ret = s;
 317         return 0;
 318 }
 319
 320 static const char* const rlimit_table[_RLIMIT_MAX] = {
 321         [RLIMIT_AS]         = "AS",
 322         [RLIMIT_CORE]       = "CORE",
 323         [RLIMIT_CPU]        = "CPU",
 324         [RLIMIT_DATA]       = "DATA",
 325         [RLIMIT_FSIZE]      = "FSIZE",
 326         [RLIMIT_LOCKS]      = "LOCKS",
 327         [RLIMIT_MEMLOCK]    = "MEMLOCK",
 328         [RLIMIT_MSGQUEUE]   = "MSGQUEUE",
 329         [RLIMIT_NICE]       = "NICE",
 330         [RLIMIT_NOFILE]     = "NOFILE",
 331         [RLIMIT_NPROC]      = "NPROC",
 332         [RLIMIT_RSS]        = "RSS",
 333         [RLIMIT_RTPRIO]     = "RTPRIO",
 334         [RLIMIT_RTTIME]     = "RTTIME",
 335         [RLIMIT_SIGPENDING] = "SIGPENDING",
 336         [RLIMIT_STACK]      = "STACK",
 337 };
 338
 339 DEFINE_STRING_TABLE_LOOKUP(rlimit, int);
 340
 341 int rlimit_from_string_harder(const char *s) {
 342         const char *suffix;
 343
 344         /* The official prefix */
 345         suffix = startswith(s, "RLIMIT_");
 346         if (suffix)
 347                 return rlimit_from_string(suffix);
 348
 349         /* Our own unit file setting prefix */
 350         suffix = startswith(s, "Limit");
 351         if (suffix)
 352                 return rlimit_from_string(suffix);
 353
 354         return rlimit_from_string(s);
 355 }
 356
 357 void rlimit_free_all(struct rlimit **rl) {
 358         int i;
 359
 360         if (!rl)
 361                 return;
 362
 363         for (i = 0; i < _RLIMIT_MAX; i++)
 364                 rl[i] = mfree(rl[i]);
 365 }