src/basic/rlimit-util.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 /***
   3   This file is part of systemd.
   4
   5   Copyright 2010 Lennart Poettering
   6 ***/
   7
   8 #include <errno.h>
   9 #include <sys/resource.h>
  10
  11 #include "alloc-util.h"
  12 #include "extract-word.h"
  13 #include "format-util.h"
  14 #include "macro.h"
  15 #include "missing.h"
  16 #include "rlimit-util.h"
  17 #include "string-table.h"
  18 #include "time-util.h"
  19
  20 int setrlimit_closest(int resource, const struct rlimit *rlim) {
  21         struct rlimit highest, fixed;
  22
  23         assert(rlim);
  24
  25         if (setrlimit(resource, rlim) >= 0)
  26                 return 0;
  27
  28         if (errno != EPERM)
  29                 return -errno;
  30
  31         /* So we failed to set the desired setrlimit, then let's try
  32          * to get as close as we can */
  33         if (getrlimit(resource, &highest) < 0)
  34                 return -errno;
  35
  36         /* If the hard limit is unbounded anyway, then the EPERM had other reasons, let's propagate the original EPERM
  37          * then */
  38         if (highest.rlim_max == RLIM_INFINITY)
  39                 return -EPERM;
  40
  41         fixed.rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max);
  42         fixed.rlim_max = MIN(rlim->rlim_max, highest.rlim_max);
  43
  44         if (setrlimit(resource, &fixed) < 0)
  45                 return -errno;
  46
  47         return 0;
  48 }
  49
  50 int setrlimit_closest_all(const struct rlimit *const *rlim, int *which_failed) {
  51         int i, r;
  52
  53         assert(rlim);
  54
  55         /* On failure returns the limit's index that failed in *which_failed, but only if non-NULL */
  56
  57         for (i = 0; i < _RLIMIT_MAX; i++) {
  58                 if (!rlim[i])
  59                         continue;
  60
  61                 r = setrlimit_closest(i, rlim[i]);
  62                 if (r < 0) {
  63                         if (which_failed)
  64                                 *which_failed = i;
  65
  66                         return r;
  67                 }
  68         }
  69
  70         if (which_failed)
  71                 *which_failed = -1;
  72
  73         return 0;
  74 }
  75
  76 static int rlimit_parse_u64(const char *val, rlim_t *ret) {
  77         uint64_t u;
  78         int r;
  79
  80         assert(val);
  81         assert(ret);
  82
  83         if (streq(val, "infinity")) {
  84                 *ret = RLIM_INFINITY;
  85                 return 0;
  86         }
  87
  88         /* setrlimit(2) suggests rlim_t is always 64bit on Linux. */
  89         assert_cc(sizeof(rlim_t) == sizeof(uint64_t));
  90
  91         r = safe_atou64(val, &u);
  92         if (r < 0)
  93                 return r;
  94         if (u >= (uint64_t) RLIM_INFINITY)
  95                 return -ERANGE;
  96
  97         *ret = (rlim_t) u;
  98         return 0;
  99 }
 100
 101 static int rlimit_parse_size(const char *val, rlim_t *ret) {
 102         uint64_t u;
 103         int r;
 104
 105         assert(val);
 106         assert(ret);
 107
 108         if (streq(val, "infinity")) {
 109                 *ret = RLIM_INFINITY;
 110                 return 0;
 111         }
 112
 113         r = parse_size(val, 1024, &u);
 114         if (r < 0)
 115                 return r;
 116         if (u >= (uint64_t) RLIM_INFINITY)
 117                 return -ERANGE;
 118
 119         *ret = (rlim_t) u;
 120         return 0;
 121 }
 122
 123 static int rlimit_parse_sec(const char *val, rlim_t *ret) {
 124         uint64_t u;
 125         usec_t t;
 126         int r;
 127
 128         assert(val);
 129         assert(ret);
 130
 131         if (streq(val, "infinity")) {
 132                 *ret = RLIM_INFINITY;
 133                 return 0;
 134         }
 135
 136         r = parse_sec(val, &t);
 137         if (r < 0)
 138                 return r;
 139         if (t == USEC_INFINITY) {
 140                 *ret = RLIM_INFINITY;
 141                 return 0;
 142         }
 143
 144         u = (uint64_t) DIV_ROUND_UP(t, USEC_PER_SEC);
 145         if (u >= (uint64_t) RLIM_INFINITY)
 146                 return -ERANGE;
 147
 148         *ret = (rlim_t) u;
 149         return 0;
 150 }
 151
 152 static int rlimit_parse_usec(const char *val, rlim_t *ret) {
 153         usec_t t;
 154         int r;
 155
 156         assert(val);
 157         assert(ret);
 158
 159         if (streq(val, "infinity")) {
 160                 *ret = RLIM_INFINITY;
 161                 return 0;
 162         }
 163
 164         r = parse_time(val, &t, 1);
 165         if (r < 0)
 166                 return r;
 167         if (t == USEC_INFINITY) {
 168                 *ret = RLIM_INFINITY;
 169                 return 0;
 170         }
 171
 172         *ret = (rlim_t) t;
 173         return 0;
 174 }
 175
 176 static int rlimit_parse_nice(const char *val, rlim_t *ret) {
 177         uint64_t rl;
 178         int r;
 179
 180         /* So, Linux is weird. The range for RLIMIT_NICE is 40..1, mapping to the nice levels -20..19. However, the
 181          * RLIMIT_NICE limit defaults to 0 by the kernel, i.e. a value that maps to nice level 20, which of course is
 182          * bogus and does not exist. In order to permit parsing the RLIMIT_NICE of 0 here we hence implement a slight
 183          * asymmetry: when parsing as positive nice level we permit 0..19. When parsing as negative nice level, we
 184          * permit -20..0. But when parsing as raw resource limit value then we also allow the special value 0.
 185          *
 186          * Yeah, Linux is quality engineering sometimes... */
 187
 188         if (val[0] == '+') {
 189
 190                 /* Prefixed with "+": Parse as positive user-friendly nice value */
 191                 r = safe_atou64(val + 1, &rl);
 192                 if (r < 0)
 193                         return r;
 194
 195                 if (rl >= PRIO_MAX)
 196                         return -ERANGE;
 197
 198                 rl = 20 - rl;
 199
 200         } else if (val[0] == '-') {
 201
 202                 /* Prefixed with "-": Parse as negative user-friendly nice value */
 203                 r = safe_atou64(val + 1, &rl);
 204                 if (r < 0)
 205                         return r;
 206
 207                 if (rl > (uint64_t) (-PRIO_MIN))
 208                         return -ERANGE;
 209
 210                 rl = 20 + rl;
 211         } else {
 212
 213                 /* Not prefixed: parse as raw resource limit value */
 214                 r = safe_atou64(val, &rl);
 215                 if (r < 0)
 216                         return r;
 217
 218                 if (rl > (uint64_t) (20 - PRIO_MIN))
 219                         return -ERANGE;
 220         }
 221
 222         *ret = (rlim_t) rl;
 223         return 0;
 224 }
 225
 226 static int (*const rlimit_parse_table[_RLIMIT_MAX])(const char *val, rlim_t *ret) = {
 227         [RLIMIT_CPU] = rlimit_parse_sec,
 228         [RLIMIT_FSIZE] = rlimit_parse_size,
 229         [RLIMIT_DATA] = rlimit_parse_size,
 230         [RLIMIT_STACK] = rlimit_parse_size,
 231         [RLIMIT_CORE] = rlimit_parse_size,
 232         [RLIMIT_RSS] = rlimit_parse_size,
 233         [RLIMIT_NOFILE] = rlimit_parse_u64,
 234         [RLIMIT_AS] = rlimit_parse_size,
 235         [RLIMIT_NPROC] = rlimit_parse_u64,
 236         [RLIMIT_MEMLOCK] = rlimit_parse_size,
 237         [RLIMIT_LOCKS] = rlimit_parse_u64,
 238         [RLIMIT_SIGPENDING] = rlimit_parse_u64,
 239         [RLIMIT_MSGQUEUE] = rlimit_parse_size,
 240         [RLIMIT_NICE] = rlimit_parse_nice,
 241         [RLIMIT_RTPRIO] = rlimit_parse_u64,
 242         [RLIMIT_RTTIME] = rlimit_parse_usec,
 243 };
 244
 245 int rlimit_parse_one(int resource, const char *val, rlim_t *ret) {
 246         assert(val);
 247         assert(ret);
 248
 249         if (resource < 0)
 250                 return -EINVAL;
 251         if (resource >= _RLIMIT_MAX)
 252                 return -EINVAL;
 253
 254         return rlimit_parse_table[resource](val, ret);
 255 }
 256
 257 int rlimit_parse(int resource, const char *val, struct rlimit *ret) {
 258         _cleanup_free_ char *hard = NULL, *soft = NULL;
 259         rlim_t hl, sl;
 260         int r;
 261
 262         assert(val);
 263         assert(ret);
 264
 265         r = extract_first_word(&val, &soft, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
 266         if (r < 0)
 267                 return r;
 268         if (r == 0)
 269                 return -EINVAL;
 270
 271         r = rlimit_parse_one(resource, soft, &sl);
 272         if (r < 0)
 273                 return r;
 274
 275         r = extract_first_word(&val, &hard, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
 276         if (r < 0)
 277                 return r;
 278         if (!isempty(val))
 279                 return -EINVAL;
 280         if (r == 0)
 281                 hl = sl;
 282         else {
 283                 r = rlimit_parse_one(resource, hard, &hl);
 284                 if (r < 0)
 285                         return r;
 286                 if (sl > hl)
 287                         return -EILSEQ;
 288         }
 289
 290         *ret = (struct rlimit) {
 291                 .rlim_cur = sl,
 292                 .rlim_max = hl,
 293         };
 294
 295         return 0;
 296 }
 297
 298 int rlimit_format(const struct rlimit *rl, char **ret) {
 299         char *s = NULL;
 300
 301         assert(rl);
 302         assert(ret);
 303
 304         if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY)
 305                 s = strdup("infinity");
 306         else if (rl->rlim_cur >= RLIM_INFINITY)
 307                 (void) asprintf(&s, "infinity:" RLIM_FMT, rl->rlim_max);
 308         else if (rl->rlim_max >= RLIM_INFINITY)
 309                 (void) asprintf(&s, RLIM_FMT ":infinity", rl->rlim_cur);
 310         else if (rl->rlim_cur == rl->rlim_max)
 311                 (void) asprintf(&s, RLIM_FMT, rl->rlim_cur);
 312         else
 313                 (void) asprintf(&s, RLIM_FMT ":" RLIM_FMT, rl->rlim_cur, rl->rlim_max);
 314
 315         if (!s)
 316                 return -ENOMEM;
 317
 318         *ret = s;
 319         return 0;
 320 }
 321
 322 static const char* const rlimit_table[_RLIMIT_MAX] = {
 323         [RLIMIT_AS]         = "AS",
 324         [RLIMIT_CORE]       = "CORE",
 325         [RLIMIT_CPU]        = "CPU",
 326         [RLIMIT_DATA]       = "DATA",
 327         [RLIMIT_FSIZE]      = "FSIZE",
 328         [RLIMIT_LOCKS]      = "LOCKS",
 329         [RLIMIT_MEMLOCK]    = "MEMLOCK",
 330         [RLIMIT_MSGQUEUE]   = "MSGQUEUE",
 331         [RLIMIT_NICE]       = "NICE",
 332         [RLIMIT_NOFILE]     = "NOFILE",
 333         [RLIMIT_NPROC]      = "NPROC",
 334         [RLIMIT_RSS]        = "RSS",
 335         [RLIMIT_RTPRIO]     = "RTPRIO",
 336         [RLIMIT_RTTIME]     = "RTTIME",
 337         [RLIMIT_SIGPENDING] = "SIGPENDING",
 338         [RLIMIT_STACK]      = "STACK",
 339 };
 340
 341 DEFINE_STRING_TABLE_LOOKUP(rlimit, int);
 342
 343 int rlimit_from_string_harder(const char *s) {
 344         const char *suffix;
 345
 346         /* The official prefix */
 347         suffix = startswith(s, "RLIMIT_");
 348         if (suffix)
 349                 return rlimit_from_string(suffix);
 350
 351         /* Our own unit file setting prefix */
 352         suffix = startswith(s, "Limit");
 353         if (suffix)
 354                 return rlimit_from_string(suffix);
 355
 356         return rlimit_from_string(s);
 357 }
 358
 359 void rlimit_free_all(struct rlimit **rl) {
 360         int i;
 361
 362         if (!rl)
 363                 return;
 364
 365         for (i = 0; i < _RLIMIT_MAX; i++)
 366                 rl[i] = mfree(rl[i]);
 367 }