Merge 216da0b7 (automated)

4 files changed, 307 insertions, 0 deletions

diff --git a/pkg/sentry/limits/context.go b/pkg/sentry/limits/context.go
new file mode 100644
index 000000000..9200edb52
--- /dev/null
+++ b/pkg/sentry/limits/context.go
@@ -0,0 +1,35 @@
+// Copyright 2018 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package limits
+
+import (
+	"gvisor.googlesource.com/gvisor/pkg/sentry/context"
+)
+
+// contextID is the limit package's type for context.Context.Value keys.
+type contextID int
+
+const (
+	// CtxLimits is a Context.Value key for a LimitSet.
+	CtxLimits contextID = iota
+)
+
+// FromContext returns the limits that apply to ctx.
+func FromContext(ctx context.Context) *LimitSet {
+	if v := ctx.Value(CtxLimits); v != nil {
+		return v.(*LimitSet)
+	}
+	return nil
+}
diff --git a/pkg/sentry/limits/limits.go b/pkg/sentry/limits/limits.go
new file mode 100644
index 000000000..b6c22656b
--- /dev/null
+++ b/pkg/sentry/limits/limits.go
@@ -0,0 +1,136 @@
+// Copyright 2018 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package limits provides resource limits.
+package limits
+
+import (
+	"sync"
+	"syscall"
+)
+
+// LimitType defines a type of resource limit.
+type LimitType int
+
+// Set of constants defining the different types of resource limits.
+const (
+	CPU LimitType = iota
+	FileSize
+	Data
+	Stack
+	Core
+	Rss
+	ProcessCount
+	NumberOfFiles
+	MemoryLocked
+	AS
+	Locks
+	SignalsPending
+	MessageQueueBytes
+	Nice
+	RealTimePriority
+	Rttime
+)
+
+// Infinity is a constant representing a resource with no limit.
+const Infinity = ^uint64(0)
+
+// Limit specifies a system limit.
+//
+// +stateify savable
+type Limit struct {
+	// Cur specifies the current limit.
+	Cur uint64
+	// Max specifies the maximum settable limit.
+	Max uint64
+}
+
+// LimitSet represents the Limits that correspond to each LimitType.
+//
+// +stateify savable
+type LimitSet struct {
+	mu   sync.Mutex `state:"nosave"`
+	data map[LimitType]Limit
+}
+
+// NewLimitSet creates a new, empty LimitSet.
+func NewLimitSet() *LimitSet {
+	return &LimitSet{
+		data: make(map[LimitType]Limit),
+	}
+}
+
+// GetCopy returns a clone of the LimitSet.
+func (l *LimitSet) GetCopy() *LimitSet {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	copyData := make(map[LimitType]Limit)
+	for k, v := range l.data {
+		copyData[k] = v
+	}
+	return &LimitSet{
+		data: copyData,
+	}
+}
+
+// Get returns the resource limit associated with LimitType t.
+// If no limit is provided, it defaults to an infinite limit.Infinity.
+func (l *LimitSet) Get(t LimitType) Limit {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	s, ok := l.data[t]
+	if !ok {
+		return Limit{Cur: Infinity, Max: Infinity}
+	}
+	return s
+}
+
+// GetCapped returns the current value for the limit, capped as specified.
+func (l *LimitSet) GetCapped(t LimitType, max uint64) uint64 {
+	s := l.Get(t)
+	if s.Cur == Infinity || s.Cur > max {
+		return max
+	}
+	return s.Cur
+}
+
+// SetUnchecked assigns value v to resource of LimitType t.
+func (l *LimitSet) SetUnchecked(t LimitType, v Limit) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	l.data[t] = v
+}
+
+// Set assigns value v to resource of LimitType t and returns the old value.
+// privileged should be true only when either the caller has CAP_SYS_RESOURCE
+// or when creating limits for a new kernel.
+func (l *LimitSet) Set(t LimitType, v Limit, privileged bool) (Limit, error) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+
+	// If a limit is already set, make sure the new limit doesn't
+	// exceed the previous max limit.
+	if _, ok := l.data[t]; ok {
+		// Unprivileged users can only lower their hard limits.
+		if l.data[t].Max < v.Max && !privileged {
+			return Limit{}, syscall.EPERM
+		}
+		if v.Cur > v.Max {
+			return Limit{}, syscall.EINVAL
+		}
+	}
+	old := l.data[t]
+	l.data[t] = v
+	return old, nil
+}
diff --git a/pkg/sentry/limits/limits_state_autogen.go b/pkg/sentry/limits/limits_state_autogen.go
new file mode 100755
index 000000000..b1cdb4c49
--- /dev/null
+++ b/pkg/sentry/limits/limits_state_autogen.go
@@ -0,0 +1,36 @@
+// automatically generated by stateify.
+
+package limits
+
+import (
+	"gvisor.googlesource.com/gvisor/pkg/state"
+)
+
+func (x *Limit) beforeSave() {}
+func (x *Limit) save(m state.Map) {
+	x.beforeSave()
+	m.Save("Cur", &x.Cur)
+	m.Save("Max", &x.Max)
+}
+
+func (x *Limit) afterLoad() {}
+func (x *Limit) load(m state.Map) {
+	m.Load("Cur", &x.Cur)
+	m.Load("Max", &x.Max)
+}
+
+func (x *LimitSet) beforeSave() {}
+func (x *LimitSet) save(m state.Map) {
+	x.beforeSave()
+	m.Save("data", &x.data)
+}
+
+func (x *LimitSet) afterLoad() {}
+func (x *LimitSet) load(m state.Map) {
+	m.Load("data", &x.data)
+}
+
+func init() {
+	state.Register("limits.Limit", (*Limit)(nil), state.Fns{Save: (*Limit).save, Load: (*Limit).load})
+	state.Register("limits.LimitSet", (*LimitSet)(nil), state.Fns{Save: (*LimitSet).save, Load: (*LimitSet).load})
+}
diff --git a/pkg/sentry/limits/linux.go b/pkg/sentry/limits/linux.go
new file mode 100644
index 000000000..a2b401e3d
--- /dev/null
+++ b/pkg/sentry/limits/linux.go
@@ -0,0 +1,100 @@
+// Copyright 2018 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package limits
+
+import (
+	"fmt"
+
+	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
+)
+
+// FromLinuxResource maps linux resources to sentry LimitTypes.
+var FromLinuxResource = map[int]LimitType{
+	linux.RLIMIT_CPU:        CPU,
+	linux.RLIMIT_FSIZE:      FileSize,
+	linux.RLIMIT_DATA:       Data,
+	linux.RLIMIT_STACK:      Stack,
+	linux.RLIMIT_CORE:       Core,
+	linux.RLIMIT_RSS:        Rss,
+	linux.RLIMIT_NPROC:      ProcessCount,
+	linux.RLIMIT_NOFILE:     NumberOfFiles,
+	linux.RLIMIT_MEMLOCK:    MemoryLocked,
+	linux.RLIMIT_AS:         AS,
+	linux.RLIMIT_LOCKS:      Locks,
+	linux.RLIMIT_SIGPENDING: SignalsPending,
+	linux.RLIMIT_MSGQUEUE:   MessageQueueBytes,
+	linux.RLIMIT_NICE:       Nice,
+	linux.RLIMIT_RTPRIO:     RealTimePriority,
+	linux.RLIMIT_RTTIME:     Rttime,
+}
+
+// FromLinux maps linux rlimit values to sentry Limits, being careful to handle
+// infinities.
+func FromLinux(rl uint64) uint64 {
+	if rl == linux.RLimInfinity {
+		return Infinity
+	}
+	return rl
+}
+
+// ToLinux maps sentry Limits to linux rlimit values, being careful to handle
+// infinities.
+func ToLinux(l uint64) uint64 {
+	if l == Infinity {
+		return linux.RLimInfinity
+	}
+	return l
+}
+
+// NewLinuxLimitSet returns a LimitSet whose values match the default rlimits
+// in Linux.
+func NewLinuxLimitSet() (*LimitSet, error) {
+	ls := NewLimitSet()
+	for rlt, rl := range linux.InitRLimits {
+		lt, ok := FromLinuxResource[rlt]
+		if !ok {
+			return nil, fmt.Errorf("unknown rlimit type %v", rlt)
+		}
+		ls.SetUnchecked(lt, Limit{
+			Cur: FromLinux(rl.Cur),
+			Max: FromLinux(rl.Max),
+		})
+	}
+	return ls, nil
+}
+
+// NewLinuxDistroLimitSet returns a new LimitSet whose values are typical
+// for a booted Linux distro.
+//
+// Many Linux init systems adjust the default Linux limits to values more
+// expected by the rest of the userspace. NewLinuxDistroLimitSet returns a
+// LimitSet with sensible defaults for applications that aren't starting
+// their own init system.
+func NewLinuxDistroLimitSet() (*LimitSet, error) {
+	ls, err := NewLinuxLimitSet()
+	if err != nil {
+		return nil, err
+	}
+
+	// Adjust ProcessCount to a lower value because GNU bash allocates 16
+	// bytes per proc and OOMs if this number is set too high. Value was
+	// picked arbitrarily.
+	//
+	// 1,048,576 ought to be enough for anyone.
+	l := ls.Get(ProcessCount)
+	l.Cur = 1 << 20
+	ls.Set(ProcessCount, l, true /* privileged */)
+	return ls, nil
+}