14554080340

Committed 19 Apr 2025 11:46AM UTC coverage: 72.101% (-0.03%) from 72.13%

Build # 14554080340

Build Type

push

github

Committed by

web-flow

Commit Message

Add two new paragraphs to coding style about header files (#37188)

Coverage Stats

296880 of 411754 relevant lines covered (72.1%)

687547.52 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

92.8

/src/basic/rlimit-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <errno.h>

#include "alloc-util.h"
#include "errno-util.h"
#include "extract-word.h"
#include "fd-util.h"
#include "fileio.h"
#include "format-util.h"
#include "log.h"
#include "macro.h"
#include "process-util.h"
#include "rlimit-util.h"
#include "string-table.h"
#include "strv.h"
#include "time-util.h"

int setrlimit_closest(int resource, const struct rlimit *rlim) {
        struct rlimit highest, fixed;

        assert(rlim);

        if (setrlimit(resource, rlim) >= 0)
                return 0;

        if (errno != EPERM)
                return -errno;

        /* So we failed to set the desired setrlimit, then let's try
         * to get as close as we can */
        if (getrlimit(resource, &highest) < 0)
                return -errno;

        /* If the hard limit is unbounded anyway, then the EPERM had other reasons, let's propagate the original EPERM
         * then */
        if (highest.rlim_max == RLIM_INFINITY)
                return -EPERM;

        fixed = (struct rlimit) {
                .rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max),
                .rlim_max = MIN(rlim->rlim_max, highest.rlim_max),
        };

        /* Shortcut things if we wouldn't change anything. */
        if (fixed.rlim_cur == highest.rlim_cur &&
            fixed.rlim_max == highest.rlim_max)
                return 0;

        log_debug("Failed at setting rlimit " RLIM_FMT " for resource RLIMIT_%s. Will attempt setting value " RLIM_FMT " instead.", rlim->rlim_max, rlimit_to_string(resource), fixed.rlim_max);

        return RET_NERRNO(setrlimit(resource, &fixed));
}

int setrlimit_closest_all(const struct rlimit *const *rlim, int *which_failed) {
        int r;

        assert(rlim);

        /* On failure returns the limit's index that failed in *which_failed, but only if non-NULL */

        for (int i = 0; i < _RLIMIT_MAX; i++) {
                if (!rlim[i])
                        continue;

                r = setrlimit_closest(i, rlim[i]);
                if (r < 0) {
                        if (which_failed)
                                *which_failed = i;

                        return r;
                }
        }

        if (which_failed)
                *which_failed = -1;

        return 0;
}

static int rlimit_parse_u64(const char *val, rlim_t *ret) {
        uint64_t u;
        int r;

        assert(val);
        assert(ret);

        if (streq(val, "infinity")) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        /* setrlimit(2) suggests rlim_t is always 64-bit on Linux. */
        assert_cc(sizeof(rlim_t) == sizeof(uint64_t));

        r = safe_atou64(val, &u);
        if (r < 0)
                return r;
        if (u >= (uint64_t) RLIM_INFINITY)
                return -ERANGE;

        *ret = (rlim_t) u;
        return 0;
}

static int rlimit_parse_size(const char *val, rlim_t *ret) {
        uint64_t u;
        int r;

        assert(val);
        assert(ret);

        if (streq(val, "infinity")) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        r = parse_size(val, 1024, &u);
        if (r < 0)
                return r;
        if (u >= (uint64_t) RLIM_INFINITY)
                return -ERANGE;

        *ret = (rlim_t) u;
        return 0;
}

static int rlimit_parse_sec(const char *val, rlim_t *ret) {
        uint64_t u;
        usec_t t;
        int r;

        assert(val);
        assert(ret);

        if (streq(val, "infinity")) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        r = parse_sec(val, &t);
        if (r < 0)
                return r;
        if (t == USEC_INFINITY) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        u = (uint64_t) DIV_ROUND_UP(t, USEC_PER_SEC);
        if (u >= (uint64_t) RLIM_INFINITY)
                return -ERANGE;

        *ret = (rlim_t) u;
        return 0;
}

static int rlimit_parse_usec(const char *val, rlim_t *ret) {
        usec_t t;
        int r;

        assert(val);
        assert(ret);

        if (streq(val, "infinity")) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        r = parse_time(val, &t, 1);
        if (r < 0)
                return r;
        if (t == USEC_INFINITY) {
                *ret = RLIM_INFINITY;
                return 0;
        }

        *ret = (rlim_t) t;
        return 0;
}

static int rlimit_parse_nice(const char *val, rlim_t *ret) {
        uint64_t rl;
        int r;

        /* So, Linux is weird. The range for RLIMIT_NICE is 40..1, mapping to the nice levels -20..19. However, the
         * RLIMIT_NICE limit defaults to 0 by the kernel, i.e. a value that maps to nice level 20, which of course is
         * bogus and does not exist. In order to permit parsing the RLIMIT_NICE of 0 here we hence implement a slight
         * asymmetry: when parsing as positive nice level we permit 0..19. When parsing as negative nice level, we
         * permit -20..0. But when parsing as raw resource limit value then we also allow the special value 0.
         *
         * Yeah, Linux is quality engineering sometimes... */

        if (val[0] == '+') {

                /* Prefixed with "+": Parse as positive user-friendly nice value */
                r = safe_atou64(val + 1, &rl);
                if (r < 0)
                        return r;

                if (rl >= PRIO_MAX)
                        return -ERANGE;

                rl = 20 - rl;

        } else if (val[0] == '-') {

                /* Prefixed with "-": Parse as negative user-friendly nice value */
                r = safe_atou64(val + 1, &rl);
                if (r < 0)
                        return r;

                if (rl > (uint64_t) (-PRIO_MIN))
                        return -ERANGE;

                rl = 20 + rl;
        } else {

                /* Not prefixed: parse as raw resource limit value */
                r = safe_atou64(val, &rl);
                if (r < 0)
                        return r;

                if (rl > (uint64_t) (20 - PRIO_MIN))
                        return -ERANGE;
        }

        *ret = (rlim_t) rl;
        return 0;
}

static int (*const rlimit_parse_table[_RLIMIT_MAX])(const char *val, rlim_t *ret) = {
        [RLIMIT_CPU] = rlimit_parse_sec,
        [RLIMIT_FSIZE] = rlimit_parse_size,
        [RLIMIT_DATA] = rlimit_parse_size,
        [RLIMIT_STACK] = rlimit_parse_size,
        [RLIMIT_CORE] = rlimit_parse_size,
        [RLIMIT_RSS] = rlimit_parse_size,
        [RLIMIT_NOFILE] = rlimit_parse_u64,
        [RLIMIT_AS] = rlimit_parse_size,
        [RLIMIT_NPROC] = rlimit_parse_u64,
        [RLIMIT_MEMLOCK] = rlimit_parse_size,
        [RLIMIT_LOCKS] = rlimit_parse_u64,
        [RLIMIT_SIGPENDING] = rlimit_parse_u64,
        [RLIMIT_MSGQUEUE] = rlimit_parse_size,
        [RLIMIT_NICE] = rlimit_parse_nice,
        [RLIMIT_RTPRIO] = rlimit_parse_u64,
        [RLIMIT_RTTIME] = rlimit_parse_usec,
};

int rlimit_parse_one(int resource, const char *val, rlim_t *ret) {
        assert(val);
        assert(ret);

        if (resource < 0)
                return -EINVAL;
        if (resource >= _RLIMIT_MAX)
                return -EINVAL;

        return rlimit_parse_table[resource](val, ret);
}

int rlimit_parse(int resource, const char *val, struct rlimit *ret) {
        _cleanup_free_ char *hard = NULL, *soft = NULL;
        rlim_t hl, sl;
        int r;

        assert(val);
        assert(ret);

        r = extract_first_word(&val, &soft, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
        if (r < 0)
                return r;
        if (r == 0)
                return -EINVAL;

        r = rlimit_parse_one(resource, soft, &sl);
        if (r < 0)
                return r;

        r = extract_first_word(&val, &hard, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
        if (r < 0)
                return r;
        if (!isempty(val))
                return -EINVAL;
        if (r == 0)
                hl = sl;
        else {
                r = rlimit_parse_one(resource, hard, &hl);
                if (r < 0)
                        return r;
                if (sl > hl)
                        return -EILSEQ;
        }

        *ret = (struct rlimit) {
                .rlim_cur = sl,
                .rlim_max = hl,
        };

        return 0;
}

int rlimit_format(const struct rlimit *rl, char **ret) {
        _cleanup_free_ char *s = NULL;
        int r;

        assert(rl);
        assert(ret);

        if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY)
                r = free_and_strdup(&s, "infinity");
        else if (rl->rlim_cur >= RLIM_INFINITY)
                r = asprintf(&s, "infinity:" RLIM_FMT, rl->rlim_max);
        else if (rl->rlim_max >= RLIM_INFINITY)
                r = asprintf(&s, RLIM_FMT ":infinity", rl->rlim_cur);
        else if (rl->rlim_cur == rl->rlim_max)
                r = asprintf(&s, RLIM_FMT, rl->rlim_cur);
        else
                r = asprintf(&s, RLIM_FMT ":" RLIM_FMT, rl->rlim_cur, rl->rlim_max);
        if (r < 0)
                return -ENOMEM;

        *ret = TAKE_PTR(s);
        return 0;
}

static const char* const rlimit_table[_RLIMIT_MAX] = {
        [RLIMIT_AS]         = "AS",
        [RLIMIT_CORE]       = "CORE",
        [RLIMIT_CPU]        = "CPU",
        [RLIMIT_DATA]       = "DATA",
        [RLIMIT_FSIZE]      = "FSIZE",
        [RLIMIT_LOCKS]      = "LOCKS",
        [RLIMIT_MEMLOCK]    = "MEMLOCK",
        [RLIMIT_MSGQUEUE]   = "MSGQUEUE",
        [RLIMIT_NICE]       = "NICE",
        [RLIMIT_NOFILE]     = "NOFILE",
        [RLIMIT_NPROC]      = "NPROC",
        [RLIMIT_RSS]        = "RSS",
        [RLIMIT_RTPRIO]     = "RTPRIO",
        [RLIMIT_RTTIME]     = "RTTIME",
        [RLIMIT_SIGPENDING] = "SIGPENDING",
        [RLIMIT_STACK]      = "STACK",
};

DEFINE_STRING_TABLE_LOOKUP(rlimit, int);

int rlimit_from_string_harder(const char *s) {
        const char *suffix;

        /* The official prefix */
        suffix = startswith(s, "RLIMIT_");
        if (suffix)
                return rlimit_from_string(suffix);

        /* Our own unit file setting prefix */
        suffix = startswith(s, "Limit");
        if (suffix)
                return rlimit_from_string(suffix);

        return rlimit_from_string(s);
}

void rlimit_free_all(struct rlimit **rl) {
        free_many((void**) rl, _RLIMIT_MAX);
}

int rlimit_copy_all(struct rlimit* target[static _RLIMIT_MAX], struct rlimit* const source[static _RLIMIT_MAX]) {
        struct rlimit* copy[_RLIMIT_MAX] = {};

        assert(target);
        assert(source);

        for (int i = 0; i < _RLIMIT_MAX; i++) {
                if (!source[i])
                        continue;

                copy[i] = newdup(struct rlimit, source[i], 1);
                if (!copy[i]) {
                        rlimit_free_all(copy);
                        return -ENOMEM;
                }
        }

        memcpy(target, copy, sizeof(struct rlimit*) * _RLIMIT_MAX);
        return 0;
}

int rlimit_nofile_bump(int limit) {
        int r;

        /* Bumps the (soft) RLIMIT_NOFILE resource limit as close as possible to the specified limit. If a negative
         * limit is specified, bumps it to the maximum the kernel and the hard resource limit allows. This call should
         * be used by all our programs that might need a lot of fds, and that know how to deal with high fd numbers
         * (i.e. do not use select() — which chokes on fds >= 1024) */

        if (limit < 0)
                limit = read_nr_open();

        if (limit < 3)
                limit = 3;

        r = setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(limit));
        if (r < 0)
                return log_debug_errno(r, "Failed to set RLIMIT_NOFILE: %m");

        return 0;
}

int rlimit_nofile_safe(void) {
        struct rlimit rl;

        /* Resets RLIMIT_NOFILE's soft limit FD_SETSIZE (i.e. 1024), for compatibility with software still using
         * select() */

        if (getrlimit(RLIMIT_NOFILE, &rl) < 0)
                return log_debug_errno(errno, "Failed to query RLIMIT_NOFILE: %m");

        if (rl.rlim_cur <= FD_SETSIZE)
                return 0;

        /* So we might have inherited a hard limit that's larger than the kernel's maximum limit as stored in
         * /proc/sys/fs/nr_open. If we pass this hard limit unmodified to setrlimit(), we'll get EPERM. To
         * make sure that doesn't happen, let's limit our hard limit to the value from nr_open. */
        rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open());
        rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max);
        if (setrlimit(RLIMIT_NOFILE, &rl) < 0)
                return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur);

        return 1;
}

int pid_getrlimit(pid_t pid, int resource, struct rlimit *ret) {

        static const char * const prefix_table[_RLIMIT_MAX] = {
                [RLIMIT_CPU]        = "Max cpu time",
                [RLIMIT_FSIZE]      = "Max file size",
                [RLIMIT_DATA]       = "Max data size",
                [RLIMIT_STACK]      = "Max stack size",
                [RLIMIT_CORE]       = "Max core file size",
                [RLIMIT_RSS]        = "Max resident set",
                [RLIMIT_NPROC]      = "Max processes",
                [RLIMIT_NOFILE]     = "Max open files",
                [RLIMIT_MEMLOCK]    = "Max locked memory",
                [RLIMIT_AS]         = "Max address space",
                [RLIMIT_LOCKS]      = "Max file locks",
                [RLIMIT_SIGPENDING] = "Max pending signals",
                [RLIMIT_MSGQUEUE]   = "Max msgqueue size",
                [RLIMIT_NICE]       = "Max nice priority",
                [RLIMIT_RTPRIO]     = "Max realtime priority",
                [RLIMIT_RTTIME]     = "Max realtime timeout",
        };

        int r;

        assert(resource >= 0);
        assert(resource < _RLIMIT_MAX);
        assert(pid >= 0);
        assert(ret);

        if (pid == 0 || pid == getpid_cached())
                return RET_NERRNO(getrlimit(resource, ret));

        r = RET_NERRNO(prlimit(pid, resource, /* new_limit= */ NULL, ret));
        if (!ERRNO_IS_NEG_PRIVILEGE(r))
                return r;

        /* We don't have access? Then try to go via /proc/$PID/limits. Weirdly that's world readable in
         * contrast to querying the data via prlimit() */

        const char *p = procfs_file_alloca(pid, "limits");
        _cleanup_free_ char *limits = NULL;

        r = read_full_virtual_file(p, &limits, NULL);
        if (r < 0)
                return -EPERM; /* propagate original permission error if we can't access the limits file */

        _cleanup_strv_free_ char **l = NULL;
        l = strv_split(limits, "\n");
        if (!l)
                return -ENOMEM;

        STRV_FOREACH(i, strv_skip(l, 1)) {
                _cleanup_free_ char *soft = NULL, *hard = NULL;
                uint64_t sv, hv;
                const char *e;

                e = startswith(*i, prefix_table[resource]);
                if (!e)
                        continue;

                if (*e != ' ')
                        continue;

                e += strspn(e, WHITESPACE);

                size_t n;
                n = strcspn(e, WHITESPACE);
                if (n == 0)
                        continue;

                soft = strndup(e, n);
                if (!soft)
                        return -ENOMEM;

                e += n;
                if (*e != ' ')
                        continue;

                e += strspn(e, WHITESPACE);
                n = strcspn(e, WHITESPACE);
                if (n == 0)
                        continue;

                hard = strndup(e, n);
                if (!hard)
                        return -ENOMEM;

                if (streq(soft, "unlimited"))
                        sv = RLIM_INFINITY;
                else {
                        r = safe_atou64(soft, &sv);
                        if (r < 0)
                                return r;
                }

                if (streq(hard, "unlimited"))
                        hv = RLIM_INFINITY;
                else {
                        r = safe_atou64(hard, &hv);
                        if (r < 0)
                                return r;
                }

                *ret = (struct rlimit) {
                        .rlim_cur = sv,
                        .rlim_max = hv,
                };

                return 0;
        }

        return -ENOTRECOVERABLE;
}

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <errno.h>
4
5	#include "alloc-util.h"
6	#include "errno-util.h"
7	#include "extract-word.h"
8	#include "fd-util.h"
9	#include "fileio.h"
10	#include "format-util.h"
11	#include "log.h"
12	#include "macro.h"
13	#include "process-util.h"
14	#include "rlimit-util.h"
15	#include "string-table.h"
16	#include "strv.h"
17	#include "time-util.h"
18
19	int setrlimit_closest(int resource, const struct rlimit *rlim) {	41,827✔
20	struct rlimit highest, fixed;	41,827✔
21
22	assert(rlim);	41,827✔
23
24	if (setrlimit(resource, rlim) >= 0)	41,827✔
25	return 0;	41,827✔
26
27	if (errno != EPERM)	231✔
28	return -errno;	1✔
29
30	/* So we failed to set the desired setrlimit, then let's try
31	* to get as close as we can */
32	if (getrlimit(resource, &highest) < 0)	230✔
33	return -errno;	×
34
35	/* If the hard limit is unbounded anyway, then the EPERM had other reasons, let's propagate the original EPERM
36	* then */
37	if (highest.rlim_max == RLIM_INFINITY)	230✔
38	return -EPERM;
39
40	fixed = (struct rlimit) {	230✔
41	.rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max),	230✔
42	.rlim_max = MIN(rlim->rlim_max, highest.rlim_max),	230✔
43	};
44
45	/* Shortcut things if we wouldn't change anything. */
46	if (fixed.rlim_cur == highest.rlim_cur &&	230✔
47	fixed.rlim_max == highest.rlim_max)
48	return 0;
49
50	log_debug("Failed at setting rlimit " RLIM_FMT " for resource RLIMIT_%s. Will attempt setting value " RLIM_FMT " instead.", rlim->rlim_max, rlimit_to_string(resource), fixed.rlim_max);	116✔
51
52	return RET_NERRNO(setrlimit(resource, &fixed));	116✔
53	}
54
55	int setrlimit_closest_all(const struct rlimit const rlim, int *which_failed) {	9,627✔
56	int r;	9,627✔
57
58	assert(rlim);	9,627✔
59
60	/* On failure returns the limit's index that failed in which_failed, but only if non-NULL /
61
62	for (int i = 0; i < _RLIMIT_MAX; i++) {	163,659✔
63	if (!rlim[i])	154,032✔
64	continue;	133,301✔
65
66	r = setrlimit_closest(i, rlim[i]);	20,731✔
67	if (r < 0) {	20,731✔
68	if (which_failed)	×
69	*which_failed = i;	×
70
71	return r;	×
72	}
73	}
74
75	if (which_failed)	9,627✔
76	*which_failed = -1;	9,627✔
77
78	return 0;
79	}
80
81	static int rlimit_parse_u64(const char val, rlim_t ret) {	22,870✔
82	uint64_t u;	22,870✔
83	int r;	22,870✔
84
85	assert(val);	22,870✔
86	assert(ret);	22,870✔
87
88	if (streq(val, "infinity")) {	22,870✔
89	*ret = RLIM_INFINITY;	12✔
90	return 0;	12✔
91	}
92
93	/* setrlimit(2) suggests rlim_t is always 64-bit on Linux. */
94	assert_cc(sizeof(rlim_t) == sizeof(uint64_t));	22,858✔
95
96	r = safe_atou64(val, &u);	22,858✔
97	if (r < 0)	22,858✔
98	return r;
99	if (u >= (uint64_t) RLIM_INFINITY)	22,855✔
100	return -ERANGE;
101
102	*ret = (rlim_t) u;	22,855✔
103	return 0;	22,855✔
104	}
105
106	static int rlimit_parse_size(const char val, rlim_t ret) {	11,478✔
107	uint64_t u;	11,478✔
108	int r;	11,478✔
109
110	assert(val);	11,478✔
111	assert(ret);	11,478✔
112
113	if (streq(val, "infinity")) {	11,478✔
114	*ret = RLIM_INFINITY;	6✔
115	return 0;	6✔
116	}
117
118	r = parse_size(val, 1024, &u);	11,472✔
119	if (r < 0)	11,472✔
120	return r;
121	if (u >= (uint64_t) RLIM_INFINITY)	11,472✔
122	return -ERANGE;
123
124	*ret = (rlim_t) u;	11,472✔
125	return 0;	11,472✔
126	}
127
128	static int rlimit_parse_sec(const char val, rlim_t ret) {	15✔
129	uint64_t u;	15✔
130	usec_t t;	15✔
131	int r;	15✔
132
133	assert(val);	15✔
134	assert(ret);	15✔
135
136	if (streq(val, "infinity")) {	15✔
137	*ret = RLIM_INFINITY;	1✔
138	return 0;	1✔
139	}
140
141	r = parse_sec(val, &t);	14✔
142	if (r < 0)	14✔
143	return r;
144	if (t == USEC_INFINITY) {	14✔
145	*ret = RLIM_INFINITY;	×
146	return 0;	×
147	}
148
149	u = (uint64_t) DIV_ROUND_UP(t, USEC_PER_SEC);	14✔
150	if (u >= (uint64_t) RLIM_INFINITY)	14✔
151	return -ERANGE;
152
153	*ret = (rlim_t) u;	14✔
154	return 0;	14✔
155	}
156
157	static int rlimit_parse_usec(const char val, rlim_t ret) {	12✔
158	usec_t t;	12✔
159	int r;	12✔
160
161	assert(val);	12✔
162	assert(ret);	12✔
163
164	if (streq(val, "infinity")) {	12✔
165	*ret = RLIM_INFINITY;	3✔
166	return 0;	3✔
167	}
168
169	r = parse_time(val, &t, 1);	9✔
170	if (r < 0)	9✔
171	return r;
172	if (t == USEC_INFINITY) {	9✔
173	*ret = RLIM_INFINITY;	×
174	return 0;	×
175	}
176
177	*ret = (rlim_t) t;	9✔
178	return 0;	9✔
179	}
180
181	static int rlimit_parse_nice(const char val, rlim_t ret) {	23✔
182	uint64_t rl;	23✔
183	int r;	23✔
184
185	/* So, Linux is weird. The range for RLIMIT_NICE is 40..1, mapping to the nice levels -20..19. However, the
186	* RLIMIT_NICE limit defaults to 0 by the kernel, i.e. a value that maps to nice level 20, which of course is
187	* bogus and does not exist. In order to permit parsing the RLIMIT_NICE of 0 here we hence implement a slight
188	* asymmetry: when parsing as positive nice level we permit 0..19. When parsing as negative nice level, we
189	* permit -20..0. But when parsing as raw resource limit value then we also allow the special value 0.
190	*
191	* Yeah, Linux is quality engineering sometimes... */
192
193	if (val[0] == '+') {	23✔
194
195	/* Prefixed with "+": Parse as positive user-friendly nice value */
196	r = safe_atou64(val + 1, &rl);	4✔
197	if (r < 0)	4✔
198	return r;	23✔
199
200	if (rl >= PRIO_MAX)	4✔
201	return -ERANGE;
202
203	rl = 20 - rl;	3✔
204
205	} else if (val[0] == '-') {	19✔
206
207	/* Prefixed with "-": Parse as negative user-friendly nice value */
208	r = safe_atou64(val + 1, &rl);	4✔
209	if (r < 0)	4✔
210	return r;
211
212	if (rl > (uint64_t) (-PRIO_MIN))	4✔
213	return -ERANGE;
214
215	rl = 20 + rl;	3✔
216	} else {
217
218	/* Not prefixed: parse as raw resource limit value */
219	r = safe_atou64(val, &rl);	15✔
220	if (r < 0)	15✔
221	return r;
222
223	if (rl > (uint64_t) (20 - PRIO_MIN))	15✔
224	return -ERANGE;
225	}
226
227	*ret = (rlim_t) rl;	20✔
228	return 0;	20✔
229	}
230
231	static int (const rlimit_parse_table[_RLIMIT_MAX])(const char val, rlim_t *ret) = {
232	[RLIMIT_CPU] = rlimit_parse_sec,
233	[RLIMIT_FSIZE] = rlimit_parse_size,
234	[RLIMIT_DATA] = rlimit_parse_size,
235	[RLIMIT_STACK] = rlimit_parse_size,
236	[RLIMIT_CORE] = rlimit_parse_size,
237	[RLIMIT_RSS] = rlimit_parse_size,
238	[RLIMIT_NOFILE] = rlimit_parse_u64,
239	[RLIMIT_AS] = rlimit_parse_size,
240	[RLIMIT_NPROC] = rlimit_parse_u64,
241	[RLIMIT_MEMLOCK] = rlimit_parse_size,
242	[RLIMIT_LOCKS] = rlimit_parse_u64,
243	[RLIMIT_SIGPENDING] = rlimit_parse_u64,
244	[RLIMIT_MSGQUEUE] = rlimit_parse_size,
245	[RLIMIT_NICE] = rlimit_parse_nice,
246	[RLIMIT_RTPRIO] = rlimit_parse_u64,
247	[RLIMIT_RTTIME] = rlimit_parse_usec,
248	};
249
250	int rlimit_parse_one(int resource, const char val, rlim_t ret) {	34,398✔
251	assert(val);	34,398✔
252	assert(ret);	34,398✔
253
254	if (resource < 0)	34,398✔
255	return -EINVAL;
256	if (resource >= _RLIMIT_MAX)	34,398✔
257	return -EINVAL;
258
259	return rlimit_parse_table[resource](val, ret);	34,398✔
260	}
261
262	int rlimit_parse(int resource, const char val, struct rlimit ret) {	23,764✔
263	_cleanup_free_ char hard = NULL, soft = NULL;	23,764✔
264	rlim_t hl, sl;	23,764✔
265	int r;	23,764✔
266
267	assert(val);	23,764✔
268	assert(ret);	23,764✔
269
270	r = extract_first_word(&val, &soft, ":", EXTRACT_DONT_COALESCE_SEPARATORS);	23,764✔
271	if (r < 0)	23,764✔
272	return r;
273	if (r == 0)	23,764✔
274	return -EINVAL;
275
276	r = rlimit_parse_one(resource, soft, &sl);	23,764✔
277	if (r < 0)	23,764✔
278	return r;
279
280	r = extract_first_word(&val, &hard, ":", EXTRACT_DONT_COALESCE_SEPARATORS);	23,759✔
281	if (r < 0)	23,759✔
282	return r;
283	if (!isempty(val))	47,523✔
284	return -EINVAL;
285	if (r == 0)	23,757✔
286	hl = sl;	13,123✔
287	else {
288	r = rlimit_parse_one(resource, hard, &hl);	10,634✔
289	if (r < 0)	10,634✔
290	return r;
291	if (sl > hl)	10,633✔
292	return -EILSEQ;
293	}
294
295	*ret = (struct rlimit) {	23,754✔
296	.rlim_cur = sl,
297	.rlim_max = hl,
298	};
299
300	return 0;	23,754✔
301	}
302
303	int rlimit_format(const struct rlimit rl, char *ret) {	11,670✔
304	_cleanup_free_ char *s = NULL;	11,670✔
305	int r;	11,670✔
306
307	assert(rl);	11,670✔
308	assert(ret);	11,670✔
309
310	if (rl->rlim_cur >= RLIM_INFINITY && rl->rlim_max >= RLIM_INFINITY)	11,670✔
311	r = free_and_strdup(&s, "infinity");	3,181✔
312	else if (rl->rlim_cur >= RLIM_INFINITY)	8,489✔
313	r = asprintf(&s, "infinity:" RLIM_FMT, rl->rlim_max);	1✔
314	else if (rl->rlim_max >= RLIM_INFINITY)	8,488✔
315	r = asprintf(&s, RLIM_FMT ":infinity", rl->rlim_cur);	912✔
316	else if (rl->rlim_cur == rl->rlim_max)	7,576✔
317	r = asprintf(&s, RLIM_FMT, rl->rlim_cur);	5,119✔
318	else
319	r = asprintf(&s, RLIM_FMT ":" RLIM_FMT, rl->rlim_cur, rl->rlim_max);	2,457✔
320	if (r < 0)	11,670✔
321	return -ENOMEM;
322
323	*ret = TAKE_PTR(s);	11,670✔
324	return 0;	11,670✔
325	}
326
327	static const char* const rlimit_table[_RLIMIT_MAX] = {
328	[RLIMIT_AS] = "AS",
329	[RLIMIT_CORE] = "CORE",
330	[RLIMIT_CPU] = "CPU",
331	[RLIMIT_DATA] = "DATA",
332	[RLIMIT_FSIZE] = "FSIZE",
333	[RLIMIT_LOCKS] = "LOCKS",
334	[RLIMIT_MEMLOCK] = "MEMLOCK",
335	[RLIMIT_MSGQUEUE] = "MSGQUEUE",
336	[RLIMIT_NICE] = "NICE",
337	[RLIMIT_NOFILE] = "NOFILE",
338	[RLIMIT_NPROC] = "NPROC",
339	[RLIMIT_RSS] = "RSS",
340	[RLIMIT_RTPRIO] = "RTPRIO",
341	[RLIMIT_RTTIME] = "RTTIME",
342	[RLIMIT_SIGPENDING] = "SIGPENDING",
343	[RLIMIT_STACK] = "STACK",
344	};
345
346	DEFINE_STRING_TABLE_LOOKUP(rlimit, int);	70,536✔
347
348	int rlimit_from_string_harder(const char *s) {	54✔
349	const char *suffix;	54✔
350
351	/* The official prefix */
352	suffix = startswith(s, "RLIMIT_");	54✔
353	if (suffix)	54✔
354	return rlimit_from_string(suffix);	17✔
355
356	/* Our own unit file setting prefix */
357	suffix = startswith(s, "Limit");	37✔
358	if (suffix)	37✔
359	return rlimit_from_string(suffix);	17✔
360
361	return rlimit_from_string(s);	20✔
362	}
363
364	void rlimit_free_all(struct rlimit **rl) {	55,748✔
365	free_many((void**) rl, _RLIMIT_MAX);	55,748✔
366	}	55,748✔
367
368	int rlimit_copy_all(struct rlimit* target[static _RLIMIT_MAX], struct rlimit* const source[static _RLIMIT_MAX]) {	256✔
369	struct rlimit* copy[_RLIMIT_MAX] = {};	256✔
370
371	assert(target);	256✔
372	assert(source);	256✔
373
374	for (int i = 0; i < _RLIMIT_MAX; i++) {	4,352✔
375	if (!source[i])	4,096✔
376	continue;	3,584✔
377
378	copy[i] = newdup(struct rlimit, source[i], 1);	512✔
379	if (!copy[i]) {	512✔
380	rlimit_free_all(copy);	×
381	return -ENOMEM;	×
382	}
383	}
384
385	memcpy(target, copy, sizeof(struct rlimit) _RLIMIT_MAX);	256✔
386	return 0;	256✔
387	}
388
389	int rlimit_nofile_bump(int limit) {	20,623✔
390	int r;	20,623✔
391
392	/* Bumps the (soft) RLIMIT_NOFILE resource limit as close as possible to the specified limit. If a negative
393	* limit is specified, bumps it to the maximum the kernel and the hard resource limit allows. This call should
394	* be used by all our programs that might need a lot of fds, and that know how to deal with high fd numbers
395	* (i.e. do not use select() — which chokes on fds >= 1024) */
396
397	if (limit < 0)	20,623✔
398	limit = read_nr_open();	60✔
399
400	if (limit < 3)	20,623✔
401	limit = 3;	×
402
403	r = setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(limit));	20,623✔
404	if (r < 0)	20,623✔
405	return log_debug_errno(r, "Failed to set RLIMIT_NOFILE: %m");	×
406
407	return 0;
408	}
409
410	int rlimit_nofile_safe(void) {	18,327✔
411	struct rlimit rl;	18,327✔
412
413	/* Resets RLIMIT_NOFILE's soft limit FD_SETSIZE (i.e. 1024), for compatibility with software still using
414	* select() */
415
416	if (getrlimit(RLIMIT_NOFILE, &rl) < 0)	18,327✔
417	return log_debug_errno(errno, "Failed to query RLIMIT_NOFILE: %m");	×
418
419	if (rl.rlim_cur <= FD_SETSIZE)	18,327✔
420	return 0;
421
422	/* So we might have inherited a hard limit that's larger than the kernel's maximum limit as stored in
423	* /proc/sys/fs/nr_open. If we pass this hard limit unmodified to setrlimit(), we'll get EPERM. To
424	* make sure that doesn't happen, let's limit our hard limit to the value from nr_open. */
425	rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open());	16,440✔
426	rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max);	16,440✔
427	if (setrlimit(RLIMIT_NOFILE, &rl) < 0)	16,440✔
428	return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur);	×
429
430	return 1;
431	}
432
433	int pid_getrlimit(pid_t pid, int resource, struct rlimit *ret) {	922✔
434
435	static const char * const prefix_table[_RLIMIT_MAX] = {	922✔
436	[RLIMIT_CPU] = "Max cpu time",
437	[RLIMIT_FSIZE] = "Max file size",
438	[RLIMIT_DATA] = "Max data size",
439	[RLIMIT_STACK] = "Max stack size",
440	[RLIMIT_CORE] = "Max core file size",
441	[RLIMIT_RSS] = "Max resident set",
442	[RLIMIT_NPROC] = "Max processes",
443	[RLIMIT_NOFILE] = "Max open files",
444	[RLIMIT_MEMLOCK] = "Max locked memory",
445	[RLIMIT_AS] = "Max address space",
446	[RLIMIT_LOCKS] = "Max file locks",
447	[RLIMIT_SIGPENDING] = "Max pending signals",
448	[RLIMIT_MSGQUEUE] = "Max msgqueue size",
449	[RLIMIT_NICE] = "Max nice priority",
450	[RLIMIT_RTPRIO] = "Max realtime priority",
451	[RLIMIT_RTTIME] = "Max realtime timeout",
452	};
453
454	int r;	922✔
455
456	assert(resource >= 0);	922✔
457	assert(resource < _RLIMIT_MAX);	922✔
458	assert(pid >= 0);	922✔
459	assert(ret);	922✔
460
461	if (pid == 0 \|\| pid == getpid_cached())	922✔
462	return RET_NERRNO(getrlimit(resource, ret));	922✔
463
464	r = RET_NERRNO(prlimit(pid, resource, /* new_limit= */ NULL, ret));	922✔
465	if (!ERRNO_IS_NEG_PRIVILEGE(r))	922✔
466	return r;	882✔
467
468	/* We don't have access? Then try to go via /proc/$PID/limits. Weirdly that's world readable in
469	* contrast to querying the data via prlimit() */
470
471	const char *p = procfs_file_alloca(pid, "limits");	40✔
472	_cleanup_free_ char *limits = NULL;	40✔
473
474	r = read_full_virtual_file(p, &limits, NULL);	40✔
475	if (r < 0)	40✔
476	return -EPERM; /* propagate original permission error if we can't access the limits file */
477
478	_cleanup_strv_free_ char **l = NULL;	40✔
479	l = strv_split(limits, "\n");	40✔
480	if (!l)	40✔
481	return -ENOMEM;
482
483	STRV_FOREACH(i, strv_skip(l, 1)) {	364✔
484	_cleanup_free_ char soft = NULL, hard = NULL;	364✔
485	uint64_t sv, hv;	364✔
486	const char *e;	364✔
487
488	e = startswith(*i, prefix_table[resource]);	364✔
489	if (!e)	364✔
490	continue;	324✔
491
492	if (*e != ' ')	40✔
493	continue;	×
494
495	e += strspn(e, WHITESPACE);	40✔
496
497	size_t n;	40✔
498	n = strcspn(e, WHITESPACE);	40✔
499	if (n == 0)	40✔
500	continue;	×
501
502	soft = strndup(e, n);	40✔
503	if (!soft)	40✔
504	return -ENOMEM;
505
506	e += n;	40✔
507	if (*e != ' ')	40✔
508	continue;	×
509
510	e += strspn(e, WHITESPACE);	40✔
511	n = strcspn(e, WHITESPACE);	40✔
512	if (n == 0)	40✔
513	continue;	×
514
515	hard = strndup(e, n);	40✔
516	if (!hard)	40✔
517	return -ENOMEM;
518
519	if (streq(soft, "unlimited"))	40✔
520	sv = RLIM_INFINITY;	8✔
521	else {
522	r = safe_atou64(soft, &sv);	32✔
523	if (r < 0)	32✔
524	return r;
525	}
526
527	if (streq(hard, "unlimited"))	40✔
528	hv = RLIM_INFINITY;	9✔
529	else {
530	r = safe_atou64(hard, &hv);	31✔
531	if (r < 0)	31✔
532	return r;
533	}
534
535	*ret = (struct rlimit) {	40✔
536	.rlim_cur = sv,
537	.rlim_max = hv,
538	};
539
540	return 0;	40✔
541	}
542
543	return -ENOTRECOVERABLE;
544	}

systemd / systemd / 14554080340

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous