[thirdparty/systemd.git] / src / basic / rlimit-util.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <errno.h>
#include <sys/resource.h>

#include "alloc-util.h"
#include "extract-word.h"
#include "format-util.h"
#include "macro.h"
#include "missing.h"
#include "rlimit-util.h"
#include "string-table.h"
#include "time-util.h"

int setrlimit_closest(int resource, const struct rlimit *rlim) {
        struct rlimit highest, fixed;

        assert(rlim);

        if (setrlimit(resource, rlim) >= 0)
                return 0;

        if (errno != EPERM)
                return -errno;

        /* So we failed to set the desired setrlimit, then let's try
         * to get as close as we can */
        if (getrlimit(resource, &highest) < 0)
                return -errno;

        /* If the hard limit is unbounded anyway, then the EPERM had other reasons, let's propagate the original EPERM
         * then */
        if (highest.rlim_max == RLIM_INFINITY)
                return -EPERM;

        fixed.rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max);
        fixed.rlim_max = MIN(rlim->rlim_max, highest.rlim_max);

        if (setrlimit(resource, &fixed) < 0)
                return -errno;

        return 0;
}

int setrlimit_closest_all(const struct rlimit *const *rlim, int *which_failed) {
        int i, r;

        assert(rlim);

        /* On failure returns the limit's index that failed in *which_failed, but only if non-NULL */

        for (i = 0; i < _RLIMIT_MAX; i++) {
                if (!rlim[i])
                        continue;

                r = setrlimit_closest(i, rlim[i]);
                if (r < 0) {
                        if (which_failed)
                                *which_failed = i;

                        return r;
                }
        }

        if (which_failed)
                *which_failed = -1;

        return 0;
}

static int rlimit_parse_u64(const char *val, rlim_t *ret) {
        uint64_t u;
        int r;

        assert(val);
        assert(ret);

        if (streq(val, "infinity")) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        /* setrlimit(2) suggests rlim_t is always 64bit on Linux. */
        assert_cc(sizeof(rlim_t) == sizeof(uint64_t));

        r = safe_atou64(val, &u);
        if (r < 0)
                return r;
        if (u >= (uint64_t) RLIM_INFINITY)
                return -ERANGE;

        *ret = (rlim_t) u;
        return 0;
}

static int rlimit_parse_size(const char *val, rlim_t *ret) {
        uint64_t u;
        int r;

        assert(val);
        assert(ret);

        if (streq(val, "infinity")) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        r = parse_size(val, 1024, &u);
        if (r < 0)
                return r;
        if (u >= (uint64_t) RLIM_INFINITY)
                return -ERANGE;

        *ret = (rlim_t) u;
        return 0;
}

static int rlimit_parse_sec(const char *val, rlim_t *ret) {
        uint64_t u;
        usec_t t;
        int r;

        assert(val);
        assert(ret);

        if (streq(val, "infinity")) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        r = parse_sec(val, &t);
        if (r < 0)
                return r;
        if (t == USEC_INFINITY) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        u = (uint64_t) DIV_ROUND_UP(t, USEC_PER_SEC);
        if (u >= (uint64_t) RLIM_INFINITY)
                return -ERANGE;

        *ret = (rlim_t) u;
        return 0;
}

static int rlimit_parse_usec(const char *val, rlim_t *ret) {
        usec_t t;
        int r;

        assert(val);
        assert(ret);

        if (streq(val, "infinity")) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        r = parse_time(val, &t, 1);
        if (r < 0)
                return r;
        if (t == USEC_INFINITY) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        *ret = (rlim_t) t;
        return 0;
}

static int rlimit_parse_nice(const char *val, rlim_t *ret) {
        uint64_t rl;
        int r;

        /* So, Linux is weird. The range for RLIMIT_NICE is 40..1, mapping to the nice levels -20..19. However, the
         * RLIMIT_NICE limit defaults to 0 by the kernel, i.e. a value that maps to nice level 20, which of course is
         * bogus and does not exist. In order to permit parsing the RLIMIT_NICE of 0 here we hence implement a slight
         * asymmetry: when parsing as positive nice level we permit 0..19. When parsing as negative nice level, we
         * permit -20..0. But when parsing as raw resource limit value then we also allow the special value 0.
         *
         * Yeah, Linux is quality engineering sometimes... */

        if (val[0] == '+') {

                /* Prefixed with "+": Parse as positive user-friendly nice value */
                r = safe_atou64(val + 1, &rl);
                if (r < 0)
                        return r;

                if (rl >= PRIO_MAX)
                        return -ERANGE;

                rl = 20 - rl;

        } else if (val[0] == '-') {

                /* Prefixed with "-": Parse as negative user-friendly nice value */
                r = safe_atou64(val + 1, &rl);
                if (r < 0)
                        return r;

                if (rl > (uint64_t) (-PRIO_MIN))
                        return -ERANGE;

                rl = 20 + rl;
        } else {

                /* Not prefixed: parse as raw resource limit value */
                r = safe_atou64(val, &rl);
                if (r < 0)
                        return r;

                if (rl > (uint64_t) (20 - PRIO_MIN))
                        return -ERANGE;
        }

        *ret = (rlim_t) rl;
        return 0;
}

static int (*const rlimit_parse_table[_RLIMIT_MAX])(const char *val, rlim_t *ret) = {
        [RLIMIT_CPU] = rlimit_parse_sec,
        [RLIMIT_FSIZE] = rlimit_parse_size,
        [RLIMIT_DATA] = rlimit_parse_size,
        [RLIMIT_STACK] = rlimit_parse_size,
        [RLIMIT_CORE] = rlimit_parse_size,
        [RLIMIT_RSS] = rlimit_parse_size,
        [RLIMIT_NOFILE] = rlimit_parse_u64,
        [RLIMIT_AS] = rlimit_parse_size,
        [RLIMIT_NPROC] = rlimit_parse_u64,
        [RLIMIT_MEMLOCK] = rlimit_parse_size,
        [RLIMIT_LOCKS] = rlimit_parse_u64,
        [RLIMIT_SIGPENDING] = rlimit_parse_u64,
        [RLIMIT_MSGQUEUE] = rlimit_parse_size,
        [RLIMIT_NICE] = rlimit_parse_nice,
        [RLIMIT_RTPRIO] = rlimit_parse_u64,
        [RLIMIT_RTTIME] = rlimit_parse_usec,
};

int rlimit_parse_one(int resource, const char *val, rlim_t *ret) {
        assert(val);
        assert(ret);

        if (resource < 0)
                return -EINVAL;
        if (resource >= _RLIMIT_MAX)
                return -EINVAL;

        return rlimit_parse_table[resource](val, ret);
}

int rlimit_parse(int resource, const char *val, struct rlimit *ret) {
        _cleanup_free_ char *hard = NULL, *soft = NULL;
        rlim_t hl, sl;
        int r;

        assert(val);
        assert(ret);

        r = extract_first_word(&val, &soft, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
        if (r < 0)
                return r;
        if (r == 0)
                return -EINVAL;

        r = rlimit_parse_one(resource, soft, &sl);
        if (r < 0)
                return r;

        r = extract_first_word(&val, &hard, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
        if (r < 0)
                return r;
        if (!isempty(val))
                return -EINVAL;
        if (r == 0)
                hl = sl;
        else {
                r = rlimit_parse_one(resource, hard, &hl);
                if (r < 0)
                        return r;
                if (sl > hl)
                        return -EILSEQ;
        }

        *ret = (struct rlimit) {
                .rlim_cur = sl,
                .rlim_max = hl,
        };

        return 0;
}

int rlimit_format(const struct rlimit *rl, char **ret) {
        char *s = NULL;

        assert(rl);
        assert(ret);

        if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY)
                s = strdup("infinity");
        else if (rl->rlim_cur >= RLIM_INFINITY)
                (void) asprintf(&s, "infinity:" RLIM_FMT, rl->rlim_max);
        else if (rl->rlim_max >= RLIM_INFINITY)
                (void) asprintf(&s, RLIM_FMT ":infinity", rl->rlim_cur);
        else if (rl->rlim_cur == rl->rlim_max)
                (void) asprintf(&s, RLIM_FMT, rl->rlim_cur);
        else
                (void) asprintf(&s, RLIM_FMT ":" RLIM_FMT, rl->rlim_cur, rl->rlim_max);

        if (!s)
                return -ENOMEM;

        *ret = s;
        return 0;
}

static const char* const rlimit_table[_RLIMIT_MAX] = {
        [RLIMIT_AS]         = "AS",
        [RLIMIT_CORE]       = "CORE",
        [RLIMIT_CPU]        = "CPU",
        [RLIMIT_DATA]       = "DATA",
        [RLIMIT_FSIZE]      = "FSIZE",
        [RLIMIT_LOCKS]      = "LOCKS",
        [RLIMIT_MEMLOCK]    = "MEMLOCK",
        [RLIMIT_MSGQUEUE]   = "MSGQUEUE",
        [RLIMIT_NICE]       = "NICE",
        [RLIMIT_NOFILE]     = "NOFILE",
        [RLIMIT_NPROC]      = "NPROC",
        [RLIMIT_RSS]        = "RSS",
        [RLIMIT_RTPRIO]     = "RTPRIO",
        [RLIMIT_RTTIME]     = "RTTIME",
        [RLIMIT_SIGPENDING] = "SIGPENDING",
        [RLIMIT_STACK]      = "STACK",
};

DEFINE_STRING_TABLE_LOOKUP(rlimit, int);

int rlimit_from_string_harder(const char *s) {
        const char *suffix;

        /* The official prefix */
        suffix = startswith(s, "RLIMIT_");
        if (suffix)
                return rlimit_from_string(suffix);

        /* Our own unit file setting prefix */
        suffix = startswith(s, "Limit");
        if (suffix)
                return rlimit_from_string(suffix);

        return rlimit_from_string(s);
}

void rlimit_free_all(struct rlimit **rl) {
        int i;

        if (!rl)
                return;

        for (i = 0; i < _RLIMIT_MAX; i++)
                rl[i] = mfree(rl[i]);
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
78f22b97	2
11c3a366 TA	3	#include <errno.h>
	4	#include <sys/resource.h>
	5
d0a7c5f6 LP	6	#include "alloc-util.h"
d0a7c5f6 LP	7	#include "extract-word.h"
f97b34a6	8	#include "format-util.h"
93cc7779	9	#include "macro.h"
78f22b97 LP	10	#include "missing.h"
78f22b97 LP	11	#include "rlimit-util.h"
8b43440b	12	#include "string-table.h"
d0a7c5f6	13	#include "time-util.h"
78f22b97 LP	14
	15	int setrlimit_closest(int resource, const struct rlimit *rlim) {
	16	struct rlimit highest, fixed;
	17
	18	assert(rlim);
	19
	20	if (setrlimit(resource, rlim) >= 0)
	21	return 0;
	22
	23	if (errno != EPERM)
	24	return -errno;
	25
	26	/* So we failed to set the desired setrlimit, then let's try
	27	* to get as close as we can */
c4ad3f43 LP	28	if (getrlimit(resource, &highest) < 0)
c4ad3f43 LP	29	return -errno;
78f22b97	30
114c55f2 LP	31	/* If the hard limit is unbounded anyway, then the EPERM had other reasons, let's propagate the original EPERM
	32	* then */
	33	if (highest.rlim_max == RLIM_INFINITY)
	34	return -EPERM;
	35
78f22b97 LP	36	fixed.rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max);
	37	fixed.rlim_max = MIN(rlim->rlim_max, highest.rlim_max);
	38
	39	if (setrlimit(resource, &fixed) < 0)
	40	return -errno;
	41
	42	return 0;
	43	}
	44
34a5df58 LP	45	int setrlimit_closest_all(const struct rlimit const rlim, int *which_failed) {
	46	int i, r;
	47
	48	assert(rlim);
	49
	50	/* On failure returns the limit's index that failed in which_failed, but only if non-NULL /
	51
	52	for (i = 0; i < _RLIMIT_MAX; i++) {
	53	if (!rlim[i])
	54	continue;
	55
	56	r = setrlimit_closest(i, rlim[i]);
	57	if (r < 0) {
	58	if (which_failed)
	59	*which_failed = i;
	60
	61	return r;
	62	}
	63	}
	64
	65	if (which_failed)
	66	*which_failed = -1;
	67
	68	return 0;
	69	}
	70
d0a7c5f6 LP	71	static int rlimit_parse_u64(const char val, rlim_t ret) {
	72	uint64_t u;
	73	int r;
	74
	75	assert(val);
	76	assert(ret);
	77
	78	if (streq(val, "infinity")) {
	79	*ret = RLIM_INFINITY;
	80	return 0;
	81	}
	82
	83	/* setrlimit(2) suggests rlim_t is always 64bit on Linux. */
	84	assert_cc(sizeof(rlim_t) == sizeof(uint64_t));
	85
	86	r = safe_atou64(val, &u);
	87	if (r < 0)
	88	return r;
	89	if (u >= (uint64_t) RLIM_INFINITY)
	90	return -ERANGE;
	91
	92	*ret = (rlim_t) u;
	93	return 0;
	94	}
	95
	96	static int rlimit_parse_size(const char val, rlim_t ret) {
	97	uint64_t u;
	98	int r;
	99
	100	assert(val);
	101	assert(ret);
	102
	103	if (streq(val, "infinity")) {
	104	*ret = RLIM_INFINITY;
	105	return 0;
	106	}
	107
	108	r = parse_size(val, 1024, &u);
	109	if (r < 0)
	110	return r;
	111	if (u >= (uint64_t) RLIM_INFINITY)
	112	return -ERANGE;
	113
	114	*ret = (rlim_t) u;
	115	return 0;
	116	}
	117
	118	static int rlimit_parse_sec(const char val, rlim_t ret) {
	119	uint64_t u;
	120	usec_t t;
	121	int r;
	122
	123	assert(val);
	124	assert(ret);
	125
	126	if (streq(val, "infinity")) {
	127	*ret = RLIM_INFINITY;
	128	return 0;
	129	}
	130
	131	r = parse_sec(val, &t);
	132	if (r < 0)
	133	return r;
	134	if (t == USEC_INFINITY) {
135	*ret = RLIM_INFINITY;
136	return 0;
137	}
138
139	u = (uint64_t) DIV_ROUND_UP(t, USEC_PER_SEC);
140	if (u >= (uint64_t) RLIM_INFINITY)
141	return -ERANGE;
142
143	*ret = (rlim_t) u;
144	return 0;
145	}
146
147	static int rlimit_parse_usec(const char val, rlim_t ret) {
148	usec_t t;
149	int r;
150
151	assert(val);
152	assert(ret);
153
154	if (streq(val, "infinity")) {
155	*ret = RLIM_INFINITY;
156	return 0;
157	}
158
159	r = parse_time(val, &t, 1);
160	if (r < 0)
161	return r;
162	if (t == USEC_INFINITY) {
163	*ret = RLIM_INFINITY;
164	return 0;
165	}
166
167	*ret = (rlim_t) t;
168	return 0;
169	}
170
29857001 LP	171	static int rlimit_parse_nice(const char val, rlim_t ret) {
	172	uint64_t rl;
	173	int r;
	174
	175	/* So, Linux is weird. The range for RLIMIT_NICE is 40..1, mapping to the nice levels -20..19. However, the
	176	* RLIMIT_NICE limit defaults to 0 by the kernel, i.e. a value that maps to nice level 20, which of course is
	177	* bogus and does not exist. In order to permit parsing the RLIMIT_NICE of 0 here we hence implement a slight
	178	* asymmetry: when parsing as positive nice level we permit 0..19. When parsing as negative nice level, we
	179	* permit -20..0. But when parsing as raw resource limit value then we also allow the special value 0.
	180	*
	181	* Yeah, Linux is quality engineering sometimes... */
	182
	183	if (val[0] == '+') {
	184
	185	/* Prefixed with "+": Parse as positive user-friendly nice value */
	186	r = safe_atou64(val + 1, &rl);
	187	if (r < 0)
	188	return r;
	189
	190	if (rl >= PRIO_MAX)
	191	return -ERANGE;
	192
	193	rl = 20 - rl;
	194
	195	} else if (val[0] == '-') {
	196
	197	/* Prefixed with "-": Parse as negative user-friendly nice value */
	198	r = safe_atou64(val + 1, &rl);
	199	if (r < 0)
	200	return r;
	201
	202	if (rl > (uint64_t) (-PRIO_MIN))
	203	return -ERANGE;
	204
	205	rl = 20 + rl;
	206	} else {
	207
	208	/* Not prefixed: parse as raw resource limit value */
	209	r = safe_atou64(val, &rl);
	210	if (r < 0)
	211	return r;
	212
	213	if (rl > (uint64_t) (20 - PRIO_MIN))
	214	return -ERANGE;
	215	}
	216
	217	*ret = (rlim_t) rl;
	218	return 0;
	219	}
	220
d0a7c5f6 LP	221	static int (const rlimit_parse_table[_RLIMIT_MAX])(const char val, rlim_t *ret) = {
	222	[RLIMIT_CPU] = rlimit_parse_sec,
	223	[RLIMIT_FSIZE] = rlimit_parse_size,
	224	[RLIMIT_DATA] = rlimit_parse_size,
	225	[RLIMIT_STACK] = rlimit_parse_size,
	226	[RLIMIT_CORE] = rlimit_parse_size,
	227	[RLIMIT_RSS] = rlimit_parse_size,
	228	[RLIMIT_NOFILE] = rlimit_parse_u64,
	229	[RLIMIT_AS] = rlimit_parse_size,
	230	[RLIMIT_NPROC] = rlimit_parse_u64,
	231	[RLIMIT_MEMLOCK] = rlimit_parse_size,
	232	[RLIMIT_LOCKS] = rlimit_parse_u64,
	233	[RLIMIT_SIGPENDING] = rlimit_parse_u64,
	234	[RLIMIT_MSGQUEUE] = rlimit_parse_size,
29857001	235	[RLIMIT_NICE] = rlimit_parse_nice,
d0a7c5f6 LP	236	[RLIMIT_RTPRIO] = rlimit_parse_u64,
	237	[RLIMIT_RTTIME] = rlimit_parse_usec,
	238	};
	239
	240	int rlimit_parse_one(int resource, const char val, rlim_t ret) {
	241	assert(val);
	242	assert(ret);
	243
	244	if (resource < 0)
	245	return -EINVAL;
	246	if (resource >= _RLIMIT_MAX)
	247	return -EINVAL;
	248
	249	return rlimit_parse_table[resource](val, ret);
	250	}
	251
	252	int rlimit_parse(int resource, const char val, struct rlimit ret) {
	253	_cleanup_free_ char hard = NULL, soft = NULL;
	254	rlim_t hl, sl;
	255	int r;
	256
	257	assert(val);
	258	assert(ret);
	259
	260	r = extract_first_word(&val, &soft, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
	261	if (r < 0)
	262	return r;
	263	if (r == 0)
	264	return -EINVAL;
	265
	266	r = rlimit_parse_one(resource, soft, &sl);
	267	if (r < 0)
	268	return r;
	269
	270	r = extract_first_word(&val, &hard, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
	271	if (r < 0)
	272	return r;
	273	if (!isempty(val))
	274	return -EINVAL;
	275	if (r == 0)
	276	hl = sl;
	277	else {
	278	r = rlimit_parse_one(resource, hard, &hl);
	279	if (r < 0)
	280	return r;
	281	if (sl > hl)
	282	return -EILSEQ;
	283	}
	284
	285	*ret = (struct rlimit) {
	286	.rlim_cur = sl,
	287	.rlim_max = hl,
	288	};
	289
	290	return 0;
	291	}
	292
99d4f5e5 LP	293	int rlimit_format(const struct rlimit rl, char *ret) {
	294	char *s = NULL;
	295
	296	assert(rl);
	297	assert(ret);
	298
	299	if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY)
	300	s = strdup("infinity");
	301	else if (rl->rlim_cur >= RLIM_INFINITY)
	302	(void) asprintf(&s, "infinity:" RLIM_FMT, rl->rlim_max);
	303	else if (rl->rlim_max >= RLIM_INFINITY)
	304	(void) asprintf(&s, RLIM_FMT ":infinity", rl->rlim_cur);
	305	else if (rl->rlim_cur == rl->rlim_max)
	306	(void) asprintf(&s, RLIM_FMT, rl->rlim_cur);
	307	else
	308	(void) asprintf(&s, RLIM_FMT ":" RLIM_FMT, rl->rlim_cur, rl->rlim_max);
	309
	310	if (!s)
	311	return -ENOMEM;
	312
	313	*ret = s;
	314	return 0;
	315	}
	316
78f22b97	317	static const char* const rlimit_table[_RLIMIT_MAX] = {
6550c24c LP	318	[RLIMIT_AS] = "AS",
	319	[RLIMIT_CORE] = "CORE",
	320	[RLIMIT_CPU] = "CPU",
	321	[RLIMIT_DATA] = "DATA",
	322	[RLIMIT_FSIZE] = "FSIZE",
	323	[RLIMIT_LOCKS] = "LOCKS",
	324	[RLIMIT_MEMLOCK] = "MEMLOCK",
	325	[RLIMIT_MSGQUEUE] = "MSGQUEUE",
	326	[RLIMIT_NICE] = "NICE",
	327	[RLIMIT_NOFILE] = "NOFILE",
	328	[RLIMIT_NPROC] = "NPROC",
	329	[RLIMIT_RSS] = "RSS",
	330	[RLIMIT_RTPRIO] = "RTPRIO",
	331	[RLIMIT_RTTIME] = "RTTIME",
	332	[RLIMIT_SIGPENDING] = "SIGPENDING",
	333	[RLIMIT_STACK] = "STACK",
78f22b97 LP	334	};
	335
	336	DEFINE_STRING_TABLE_LOOKUP(rlimit, int);
6550c24c LP	337
	338	int rlimit_from_string_harder(const char *s) {
	339	const char *suffix;
	340
	341	/* The official prefix */
	342	suffix = startswith(s, "RLIMIT_");
	343	if (suffix)
	344	return rlimit_from_string(suffix);
	345
	346	/* Our own unit file setting prefix */
	347	suffix = startswith(s, "Limit");
	348	if (suffix)
	349	return rlimit_from_string(suffix);
	350
	351	return rlimit_from_string(s);
	352	}
31ce987c LP	353
	354	void rlimit_free_all(struct rlimit **rl) {
	355	int i;
	356
	357	if (!rl)
	358	return;
	359
	360	for (i = 0; i < _RLIMIT_MAX; i++)
	361	rl[i] = mfree(rl[i]);
	362	}