]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/rlimit-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #18593 from keszybz/fuzz-more-systemctl-paths
[thirdparty/systemd.git] / src / basic / rlimit-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <errno.h>
4
5 #include "alloc-util.h"
6 #include "extract-word.h"
7 #include "fd-util.h"
8 #include "format-util.h"
9 #include "macro.h"
10 #include "missing_resource.h"
11 #include "rlimit-util.h"
12 #include "string-table.h"
13 #include "time-util.h"
14
15 int setrlimit_closest(int resource, const struct rlimit *rlim) {
16 struct rlimit highest, fixed;
17
18 assert(rlim);
19
20 if (setrlimit(resource, rlim) >= 0)
21 return 0;
22
23 if (errno != EPERM)
24 return -errno;
25
26 /* So we failed to set the desired setrlimit, then let's try
27 * to get as close as we can */
28 if (getrlimit(resource, &highest) < 0)
29 return -errno;
30
31 /* If the hard limit is unbounded anyway, then the EPERM had other reasons, let's propagate the original EPERM
32 * then */
33 if (highest.rlim_max == RLIM_INFINITY)
34 return -EPERM;
35
36 fixed = (struct rlimit) {
37 .rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max),
38 .rlim_max = MIN(rlim->rlim_max, highest.rlim_max),
39 };
40
41 /* Shortcut things if we wouldn't change anything. */
42 if (fixed.rlim_cur == highest.rlim_cur &&
43 fixed.rlim_max == highest.rlim_max)
44 return 0;
45
46 log_debug("Failed at setting rlimit " RLIM_FMT " for resource RLIMIT_%s. Will attempt setting value " RLIM_FMT " instead.", rlim->rlim_max, rlimit_to_string(resource), fixed.rlim_max);
47
48 if (setrlimit(resource, &fixed) < 0)
49 return -errno;
50
51 return 0;
52 }
53
54 int setrlimit_closest_all(const struct rlimit *const *rlim, int *which_failed) {
55 int r;
56
57 assert(rlim);
58
59 /* On failure returns the limit's index that failed in *which_failed, but only if non-NULL */
60
61 for (int i = 0; i < _RLIMIT_MAX; i++) {
62 if (!rlim[i])
63 continue;
64
65 r = setrlimit_closest(i, rlim[i]);
66 if (r < 0) {
67 if (which_failed)
68 *which_failed = i;
69
70 return r;
71 }
72 }
73
74 if (which_failed)
75 *which_failed = -1;
76
77 return 0;
78 }
79
80 static int rlimit_parse_u64(const char *val, rlim_t *ret) {
81 uint64_t u;
82 int r;
83
84 assert(val);
85 assert(ret);
86
87 if (streq(val, "infinity")) {
88 *ret = RLIM_INFINITY;
89 return 0;
90 }
91
92 /* setrlimit(2) suggests rlim_t is always 64bit on Linux. */
93 assert_cc(sizeof(rlim_t) == sizeof(uint64_t));
94
95 r = safe_atou64(val, &u);
96 if (r < 0)
97 return r;
98 if (u >= (uint64_t) RLIM_INFINITY)
99 return -ERANGE;
100
101 *ret = (rlim_t) u;
102 return 0;
103 }
104
105 static int rlimit_parse_size(const char *val, rlim_t *ret) {
106 uint64_t u;
107 int r;
108
109 assert(val);
110 assert(ret);
111
112 if (streq(val, "infinity")) {
113 *ret = RLIM_INFINITY;
114 return 0;
115 }
116
117 r = parse_size(val, 1024, &u);
118 if (r < 0)
119 return r;
120 if (u >= (uint64_t) RLIM_INFINITY)
121 return -ERANGE;
122
123 *ret = (rlim_t) u;
124 return 0;
125 }
126
127 static int rlimit_parse_sec(const char *val, rlim_t *ret) {
128 uint64_t u;
129 usec_t t;
130 int r;
131
132 assert(val);
133 assert(ret);
134
135 if (streq(val, "infinity")) {
136 *ret = RLIM_INFINITY;
137 return 0;
138 }
139
140 r = parse_sec(val, &t);
141 if (r < 0)
142 return r;
143 if (t == USEC_INFINITY) {
144 *ret = RLIM_INFINITY;
145 return 0;
146 }
147
148 u = (uint64_t) DIV_ROUND_UP(t, USEC_PER_SEC);
149 if (u >= (uint64_t) RLIM_INFINITY)
150 return -ERANGE;
151
152 *ret = (rlim_t) u;
153 return 0;
154 }
155
156 static int rlimit_parse_usec(const char *val, rlim_t *ret) {
157 usec_t t;
158 int r;
159
160 assert(val);
161 assert(ret);
162
163 if (streq(val, "infinity")) {
164 *ret = RLIM_INFINITY;
165 return 0;
166 }
167
168 r = parse_time(val, &t, 1);
169 if (r < 0)
170 return r;
171 if (t == USEC_INFINITY) {
172 *ret = RLIM_INFINITY;
173 return 0;
174 }
175
176 *ret = (rlim_t) t;
177 return 0;
178 }
179
180 static int rlimit_parse_nice(const char *val, rlim_t *ret) {
181 uint64_t rl;
182 int r;
183
184 /* So, Linux is weird. The range for RLIMIT_NICE is 40..1, mapping to the nice levels -20..19. However, the
185 * RLIMIT_NICE limit defaults to 0 by the kernel, i.e. a value that maps to nice level 20, which of course is
186 * bogus and does not exist. In order to permit parsing the RLIMIT_NICE of 0 here we hence implement a slight
187 * asymmetry: when parsing as positive nice level we permit 0..19. When parsing as negative nice level, we
188 * permit -20..0. But when parsing as raw resource limit value then we also allow the special value 0.
189 *
190 * Yeah, Linux is quality engineering sometimes... */
191
192 if (val[0] == '+') {
193
194 /* Prefixed with "+": Parse as positive user-friendly nice value */
195 r = safe_atou64(val + 1, &rl);
196 if (r < 0)
197 return r;
198
199 if (rl >= PRIO_MAX)
200 return -ERANGE;
201
202 rl = 20 - rl;
203
204 } else if (val[0] == '-') {
205
206 /* Prefixed with "-": Parse as negative user-friendly nice value */
207 r = safe_atou64(val + 1, &rl);
208 if (r < 0)
209 return r;
210
211 if (rl > (uint64_t) (-PRIO_MIN))
212 return -ERANGE;
213
214 rl = 20 + rl;
215 } else {
216
217 /* Not prefixed: parse as raw resource limit value */
218 r = safe_atou64(val, &rl);
219 if (r < 0)
220 return r;
221
222 if (rl > (uint64_t) (20 - PRIO_MIN))
223 return -ERANGE;
224 }
225
226 *ret = (rlim_t) rl;
227 return 0;
228 }
229
230 static int (*const rlimit_parse_table[_RLIMIT_MAX])(const char *val, rlim_t *ret) = {
231 [RLIMIT_CPU] = rlimit_parse_sec,
232 [RLIMIT_FSIZE] = rlimit_parse_size,
233 [RLIMIT_DATA] = rlimit_parse_size,
234 [RLIMIT_STACK] = rlimit_parse_size,
235 [RLIMIT_CORE] = rlimit_parse_size,
236 [RLIMIT_RSS] = rlimit_parse_size,
237 [RLIMIT_NOFILE] = rlimit_parse_u64,
238 [RLIMIT_AS] = rlimit_parse_size,
239 [RLIMIT_NPROC] = rlimit_parse_u64,
240 [RLIMIT_MEMLOCK] = rlimit_parse_size,
241 [RLIMIT_LOCKS] = rlimit_parse_u64,
242 [RLIMIT_SIGPENDING] = rlimit_parse_u64,
243 [RLIMIT_MSGQUEUE] = rlimit_parse_size,
244 [RLIMIT_NICE] = rlimit_parse_nice,
245 [RLIMIT_RTPRIO] = rlimit_parse_u64,
246 [RLIMIT_RTTIME] = rlimit_parse_usec,
247 };
248
249 int rlimit_parse_one(int resource, const char *val, rlim_t *ret) {
250 assert(val);
251 assert(ret);
252
253 if (resource < 0)
254 return -EINVAL;
255 if (resource >= _RLIMIT_MAX)
256 return -EINVAL;
257
258 return rlimit_parse_table[resource](val, ret);
259 }
260
261 int rlimit_parse(int resource, const char *val, struct rlimit *ret) {
262 _cleanup_free_ char *hard = NULL, *soft = NULL;
263 rlim_t hl, sl;
264 int r;
265
266 assert(val);
267 assert(ret);
268
269 r = extract_first_word(&val, &soft, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
270 if (r < 0)
271 return r;
272 if (r == 0)
273 return -EINVAL;
274
275 r = rlimit_parse_one(resource, soft, &sl);
276 if (r < 0)
277 return r;
278
279 r = extract_first_word(&val, &hard, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
280 if (r < 0)
281 return r;
282 if (!isempty(val))
283 return -EINVAL;
284 if (r == 0)
285 hl = sl;
286 else {
287 r = rlimit_parse_one(resource, hard, &hl);
288 if (r < 0)
289 return r;
290 if (sl > hl)
291 return -EILSEQ;
292 }
293
294 *ret = (struct rlimit) {
295 .rlim_cur = sl,
296 .rlim_max = hl,
297 };
298
299 return 0;
300 }
301
302 int rlimit_format(const struct rlimit *rl, char **ret) {
303 char *s = NULL;
304
305 assert(rl);
306 assert(ret);
307
308 if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY)
309 s = strdup("infinity");
310 else if (rl->rlim_cur >= RLIM_INFINITY)
311 (void) asprintf(&s, "infinity:" RLIM_FMT, rl->rlim_max);
312 else if (rl->rlim_max >= RLIM_INFINITY)
313 (void) asprintf(&s, RLIM_FMT ":infinity", rl->rlim_cur);
314 else if (rl->rlim_cur == rl->rlim_max)
315 (void) asprintf(&s, RLIM_FMT, rl->rlim_cur);
316 else
317 (void) asprintf(&s, RLIM_FMT ":" RLIM_FMT, rl->rlim_cur, rl->rlim_max);
318
319 if (!s)
320 return -ENOMEM;
321
322 *ret = s;
323 return 0;
324 }
325
326 static const char* const rlimit_table[_RLIMIT_MAX] = {
327 [RLIMIT_AS] = "AS",
328 [RLIMIT_CORE] = "CORE",
329 [RLIMIT_CPU] = "CPU",
330 [RLIMIT_DATA] = "DATA",
331 [RLIMIT_FSIZE] = "FSIZE",
332 [RLIMIT_LOCKS] = "LOCKS",
333 [RLIMIT_MEMLOCK] = "MEMLOCK",
334 [RLIMIT_MSGQUEUE] = "MSGQUEUE",
335 [RLIMIT_NICE] = "NICE",
336 [RLIMIT_NOFILE] = "NOFILE",
337 [RLIMIT_NPROC] = "NPROC",
338 [RLIMIT_RSS] = "RSS",
339 [RLIMIT_RTPRIO] = "RTPRIO",
340 [RLIMIT_RTTIME] = "RTTIME",
341 [RLIMIT_SIGPENDING] = "SIGPENDING",
342 [RLIMIT_STACK] = "STACK",
343 };
344
345 DEFINE_STRING_TABLE_LOOKUP(rlimit, int);
346
347 int rlimit_from_string_harder(const char *s) {
348 const char *suffix;
349
350 /* The official prefix */
351 suffix = startswith(s, "RLIMIT_");
352 if (suffix)
353 return rlimit_from_string(suffix);
354
355 /* Our own unit file setting prefix */
356 suffix = startswith(s, "Limit");
357 if (suffix)
358 return rlimit_from_string(suffix);
359
360 return rlimit_from_string(s);
361 }
362
363 void rlimit_free_all(struct rlimit **rl) {
364 int i;
365
366 if (!rl)
367 return;
368
369 for (i = 0; i < _RLIMIT_MAX; i++)
370 rl[i] = mfree(rl[i]);
371 }
372
373 int rlimit_nofile_bump(int limit) {
374 int r;
375
376 /* Bumps the (soft) RLIMIT_NOFILE resource limit as close as possible to the specified limit. If a negative
377 * limit is specified, bumps it to the maximum the kernel and the hard resource limit allows. This call should
378 * be used by all our programs that might need a lot of fds, and that know how to deal with high fd numbers
379 * (i.e. do not use select() — which chokes on fds >= 1024) */
380
381 if (limit < 0)
382 limit = read_nr_open();
383
384 if (limit < 3)
385 limit = 3;
386
387 r = setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(limit));
388 if (r < 0)
389 return log_debug_errno(r, "Failed to set RLIMIT_NOFILE: %m");
390
391 return 0;
392 }
393
394 int rlimit_nofile_safe(void) {
395 struct rlimit rl;
396
397 /* Resets RLIMIT_NOFILE's soft limit FD_SETSIZE (i.e. 1024), for compatibility with software still using
398 * select() */
399
400 if (getrlimit(RLIMIT_NOFILE, &rl) < 0)
401 return log_debug_errno(errno, "Failed to query RLIMIT_NOFILE: %m");
402
403 if (rl.rlim_cur <= FD_SETSIZE)
404 return 0;
405
406 rl.rlim_cur = FD_SETSIZE;
407 if (setrlimit(RLIMIT_NOFILE, &rl) < 0)
408 return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur);
409
410 return 1;
411 }
Unnamed repository; edit this file 'description' to name the repository.