1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1980, 1986, 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37 #include <sys/cdefs.h>
38 #include "opt_param.h"
39 #include "opt_msgbuf.h"
40 #include "opt_maxphys.h"
41 #include "opt_maxusers.h"
42
43 #include <sys/param.h>
44 #include <sys/_maxphys.h>
45 #include <sys/systm.h>
46 #include <sys/buf.h>
47 #include <sys/kernel.h>
48 #include <sys/limits.h>
49 #include <sys/msgbuf.h>
50 #include <sys/sysctl.h>
51 #include <sys/proc.h>
52 #include <sys/vnode.h>
53
54 #include <vm/vm.h>
55 #include <vm/vm_param.h>
56 #include <vm/pmap.h>
57
58 /*
59 * System parameter formulae.
60 */
61
62 #ifndef HZ
63 # define HZ 1000
64 # ifndef HZ_VM
65 # define HZ_VM 100
66 # endif
67 #else
68 # ifndef HZ_VM
69 # define HZ_VM HZ
70 # endif
71 #endif
72 /* See the comments in init_param2() for these. */
73 #define NPROC (20 + 16 * maxusers)
74 #ifndef MAXFILES
75 #define MAXFILES (40 + 32 * maxusers)
76 #endif
77 #ifndef NBUF
78 #define NBUF 0
79 #endif
80
81 static int sysctl_kern_vm_guest(SYSCTL_HANDLER_ARGS);
82
83 int hz; /* system clock's frequency */
84 int tick; /* usec per tick (1000000 / hz) */
85 time_t tick_seconds_max; /* max hz * seconds an integer can hold */
86 struct bintime tick_bt; /* bintime per tick (1s / hz) */
87 sbintime_t tick_sbt;
88 int maxusers; /* base tunable */
89 int maxproc; /* maximum # of processes */
90 int maxprocperuid; /* max # of procs per user */
91 int maxfiles; /* sys. wide open files limit */
92 int maxfilesperproc; /* per-proc open files limit */
93 int msgbufsize; /* size of kernel message buffer */
94 int nbuf; /* number of bcache bufs */
95 int bio_transient_maxcnt;
96 int ngroups_max; /* max # groups per process */
97 int nswbuf;
98 pid_t pid_max = PID_MAX;
99 u_long maxswzone; /* max swmeta KVA storage */
100 u_long maxbcache; /* max buffer cache KVA storage */
101 u_long maxpipekva; /* Limit on pipe KVA */
102 u_long maxphys; /* max raw I/O transfer size */
103 int vm_guest = VM_GUEST_NO; /* Running as virtual machine guest? */
104 u_long maxtsiz; /* max text size */
105 u_long dfldsiz; /* initial data size limit */
106 u_long maxdsiz; /* max data size */
107 u_long dflssiz; /* initial stack size limit */
108 u_long maxssiz; /* max stack size */
109 u_long sgrowsiz; /* amount to grow stack */
110
111 SYSCTL_INT(_kern, OID_AUTO, hz, CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &hz, 0,
112 "Number of clock ticks per second");
113 SYSCTL_INT(_kern, OID_AUTO, hz_max, CTLFLAG_RD, SYSCTL_NULL_INT_PTR, HZ_MAXIMUM,
114 "Maximum hz value supported");
115 SYSCTL_INT(_kern, OID_AUTO, hz_min, CTLFLAG_RD, SYSCTL_NULL_INT_PTR, HZ_MINIMUM,
116 "Minimum hz value supported");
117 SYSCTL_INT(_kern, OID_AUTO, nbuf, CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &nbuf, 0,
118 "Number of buffers in the buffer cache");
119 SYSCTL_INT(_kern, OID_AUTO, nswbuf, CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &nswbuf, 0,
120 "Number of swap buffers");
121 SYSCTL_INT(_kern, OID_AUTO, msgbufsize, CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &msgbufsize, 0,
122 "Size of the kernel message buffer");
123 SYSCTL_LONG(_kern, OID_AUTO, maxswzone, CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &maxswzone, 0,
124 "Maximum memory for swap metadata");
125 SYSCTL_LONG(_kern, OID_AUTO, maxbcache, CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &maxbcache, 0,
126 "Maximum value of vfs.maxbufspace");
127 SYSCTL_INT(_kern, OID_AUTO, bio_transient_maxcnt, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
128 &bio_transient_maxcnt, 0,
129 "Maximum number of transient BIOs mappings");
130 SYSCTL_ULONG(_kern, OID_AUTO, maxtsiz, CTLFLAG_RWTUN | CTLFLAG_NOFETCH, &maxtsiz, 0,
131 "Maximum text size");
132 SYSCTL_ULONG(_kern, OID_AUTO, dfldsiz, CTLFLAG_RWTUN | CTLFLAG_NOFETCH, &dfldsiz, 0,
133 "Initial data size limit");
134 SYSCTL_ULONG(_kern, OID_AUTO, maxdsiz, CTLFLAG_RWTUN | CTLFLAG_NOFETCH, &maxdsiz, 0,
135 "Maximum data size");
136 SYSCTL_ULONG(_kern, OID_AUTO, dflssiz, CTLFLAG_RWTUN | CTLFLAG_NOFETCH, &dflssiz, 0,
137 "Initial stack size limit");
138 SYSCTL_ULONG(_kern, OID_AUTO, maxssiz, CTLFLAG_RWTUN | CTLFLAG_NOFETCH, &maxssiz, 0,
139 "Maximum stack size");
140 SYSCTL_ULONG(_kern, OID_AUTO, sgrowsiz, CTLFLAG_RWTUN | CTLFLAG_NOFETCH, &sgrowsiz, 0,
141 "Amount to grow stack on a stack fault");
142 SYSCTL_PROC(_kern, OID_AUTO, vm_guest,
143 CTLFLAG_RD | CTLTYPE_STRING | CTLFLAG_MPSAFE, NULL, 0,
144 sysctl_kern_vm_guest, "A",
145 "Virtual machine guest detected?");
146
147 /*
148 * The elements of this array are ordered based upon the values of the
149 * corresponding enum VM_GUEST members.
150 */
151 static const char *const vm_guest_sysctl_names[] = {
152 [VM_GUEST_NO] = "none",
153 [VM_GUEST_VM] = "generic",
154 [VM_GUEST_XEN] = "xen",
155 [VM_GUEST_HV] = "hv",
156 [VM_GUEST_VMWARE] = "vmware",
157 [VM_GUEST_KVM] = "kvm",
158 [VM_GUEST_BHYVE] = "bhyve",
159 [VM_GUEST_VBOX] = "vbox",
160 [VM_GUEST_PARALLELS] = "parallels",
161 [VM_GUEST_NVMM] = "nvmm",
162 };
163 _Static_assert(nitems(vm_guest_sysctl_names) == VM_GUEST_LAST,
164 "new vm guest type not added to vm_guest_sysctl_names");
165
166 /*
167 * Boot time overrides that are not scaled against main memory
168 */
169 void
init_param1(void)170 init_param1(void)
171 {
172
173 TSENTER();
174
175 /*
176 * arm64 and riscv currently hard-code the thread0 kstack size
177 * to KSTACK_PAGES, ignoring the tunable.
178 */
179 TUNABLE_INT_FETCH("kern.kstack_pages", &kstack_pages);
180
181 hz = -1;
182 TUNABLE_INT_FETCH("kern.hz", &hz);
183 if (hz == -1)
184 hz = vm_guest > VM_GUEST_NO ? HZ_VM : HZ;
185
186 /* range check the "hz" value */
187 if (__predict_false(hz < HZ_MINIMUM))
188 hz = HZ_MINIMUM;
189 else if (__predict_false(hz > HZ_MAXIMUM))
190 hz = HZ_MAXIMUM;
191
192 tick = 1000000 / hz;
193 tick_sbt = SBT_1S / hz;
194 tick_bt = sbttobt(tick_sbt);
195 tick_seconds_max = INT_MAX / hz;
196
197 /*
198 * Arrange for ticks to wrap 10 minutes after boot to help catch
199 * sign problems sooner.
200 */
201 ticksl = INT_MAX - (hz * 10 * 60);
202
203 vn_lock_pair_pause_max = hz / 100;
204 if (vn_lock_pair_pause_max == 0)
205 vn_lock_pair_pause_max = 1;
206
207 #ifdef VM_SWZONE_SIZE_MAX
208 maxswzone = VM_SWZONE_SIZE_MAX;
209 #endif
210 TUNABLE_LONG_FETCH("kern.maxswzone", &maxswzone);
211 #ifdef VM_BCACHE_SIZE_MAX
212 maxbcache = VM_BCACHE_SIZE_MAX;
213 #endif
214 TUNABLE_LONG_FETCH("kern.maxbcache", &maxbcache);
215 msgbufsize = MSGBUF_SIZE;
216 TUNABLE_INT_FETCH("kern.msgbufsize", &msgbufsize);
217
218 maxtsiz = MAXTSIZ;
219 TUNABLE_ULONG_FETCH("kern.maxtsiz", &maxtsiz);
220 dfldsiz = DFLDSIZ;
221 TUNABLE_ULONG_FETCH("kern.dfldsiz", &dfldsiz);
222 maxdsiz = MAXDSIZ;
223 TUNABLE_ULONG_FETCH("kern.maxdsiz", &maxdsiz);
224 dflssiz = DFLSSIZ;
225 TUNABLE_ULONG_FETCH("kern.dflssiz", &dflssiz);
226 maxssiz = MAXSSIZ;
227 TUNABLE_ULONG_FETCH("kern.maxssiz", &maxssiz);
228 sgrowsiz = SGROWSIZ;
229 TUNABLE_ULONG_FETCH("kern.sgrowsiz", &sgrowsiz);
230
231 /*
232 * Let the administrator set {NGROUPS_MAX}.
233 *
234 * Values less than NGROUPS_MAX would violate POSIX/SuS (see the
235 * specification for <limits.h>, paragraph "Runtime Increasable
236 * Values").
237 *
238 * On the other hand, INT_MAX would result in an overflow for the common
239 * 'ngroups_max + 1' computation (to obtain the size of the internal
240 * groups array, its first element being reserved for the effective
241 * GID). Also, the number of allocated bytes for the group array must
242 * not overflow on 32-bit machines. For all these reasons, we limit the
243 * number of supplementary groups to some very high number that we
244 * expect will never be reached in all practical uses and ensures we
245 * avoid the problems just exposed, even if 'gid_t' was to be enlarged
246 * by a magnitude.
247 */
248 ngroups_max = NGROUPS_MAX;
249 TUNABLE_INT_FETCH("kern.ngroups", &ngroups_max);
250 if (ngroups_max < NGROUPS_MAX)
251 ngroups_max = NGROUPS_MAX;
252 else {
253 const int ngroups_max_max = (1 << 24) - 1;
254
255 if (ngroups_max > ngroups_max_max)
256 ngroups_max = ngroups_max_max;
257 }
258
259 /*
260 * Only allow to lower the maximal pid.
261 * Prevent setting up a non-bootable system if pid_max is too low.
262 */
263 TUNABLE_INT_FETCH("kern.pid_max", &pid_max);
264 if (pid_max > PID_MAX)
265 pid_max = PID_MAX;
266 else if (pid_max < 300)
267 pid_max = 300;
268
269 TUNABLE_INT_FETCH("vfs.unmapped_buf_allowed", &unmapped_buf_allowed);
270 TSEXIT();
271 }
272
273 /*
274 * Boot time overrides that are scaled against main memory
275 */
276 void
init_param2(long physpages)277 init_param2(long physpages)
278 {
279 long maxproc_clamp, maxfiles_clamp;
280
281 TSENTER();
282 /* Base parameters */
283 maxusers = MAXUSERS;
284 TUNABLE_INT_FETCH("kern.maxusers", &maxusers);
285 if (maxusers == 0) {
286 maxusers = pgtok(physpages) / (2 * 1024);
287 if (maxusers < 32)
288 maxusers = 32;
289 #ifdef VM_MAX_AUTOTUNE_MAXUSERS
290 if (maxusers > VM_MAX_AUTOTUNE_MAXUSERS)
291 maxusers = VM_MAX_AUTOTUNE_MAXUSERS;
292 #endif
293 /*
294 * Scales down the function in which maxusers grows once
295 * we hit 384 (16MB to get a new "user").
296 */
297 if (maxusers > 384)
298 maxusers = 384 + ((maxusers - 384) / 8);
299 }
300
301 /*
302 * The following can be overridden after boot via sysctl. Note: unless
303 * overridden, these macros are ultimately based on 'maxusers'. Limit
304 * maxproc so that kmap entries cannot be exhausted by processes. The
305 * default for 'maxproc' linearly scales as 16 times 'maxusers' (so,
306 * linearly with 8 processes per MB up to 768MB, then 1 process per MB;
307 * overridable by a tunable), and is then clamped at 21 + 1/3 processes
308 * per MB (which never happens by default as long as physical memory is
309 * > ~1.5MB).
310 */
311 maxproc = NPROC;
312 TUNABLE_INT_FETCH("kern.maxproc", &maxproc);
313 maxproc_clamp = pgtok(physpages) / (3 * 1024 / 64);
314 if (maxproc > maxproc_clamp)
315 maxproc = maxproc_clamp;
316 if (maxproc > pid_max)
317 maxproc = pid_max;
318 maxprocperuid = (maxproc * 9) / 10;
319
320 /*
321 * 'maxfiles' by default is set to 32 files per MB (overridable by
322 * a tunable), and is then clamped at 64 files per MB (which thus never
323 * happens by default). (The default MAXFILES is for all practical
324 * purposes not used, as it gives a lower value than 32 files per MB as
325 * soon as there is more than ~2.5MB of memory.)
326 */
327 maxfiles = imax(MAXFILES, pgtok(physpages) / (1024 / 32));
328 TUNABLE_INT_FETCH("kern.maxfiles", &maxfiles);
329 maxfiles_clamp = pgtok(physpages) / (1024 / 64);
330 if (maxfiles > maxfiles_clamp)
331 maxfiles = maxfiles_clamp;
332 maxfilesperproc = (maxfiles / 10) * 9;
333 TUNABLE_INT_FETCH("kern.maxfilesperproc", &maxfilesperproc);
334
335 /*
336 * Cannot be changed after boot.
337 */
338 nbuf = NBUF;
339 TUNABLE_INT_FETCH("kern.nbuf", &nbuf);
340 TUNABLE_INT_FETCH("kern.bio_transient_maxcnt", &bio_transient_maxcnt);
341 maxphys = MAXPHYS;
342 TUNABLE_ULONG_FETCH("kern.maxphys", &maxphys);
343 if (maxphys == 0) {
344 maxphys = MAXPHYS;
345 } else if (__bitcountl(maxphys) != 1) { /* power of two */
346 if (flsl(maxphys) == NBBY * sizeof(maxphys))
347 maxphys = MAXPHYS;
348 else
349 maxphys = 1UL << flsl(maxphys);
350 }
351 if (maxphys < PAGE_SIZE)
352 maxphys = MAXPHYS;
353
354 /*
355 * Physical buffers are pre-allocated buffers (struct buf) that
356 * are used as temporary holders for I/O, such as paging I/O.
357 */
358 TUNABLE_INT_FETCH("kern.nswbuf", &nswbuf);
359
360 /*
361 * The default for maxpipekva is min(1/64 of the kernel address space,
362 * max(1/64 of main memory, 512KB)). See sys_pipe.c for more details.
363 */
364 maxpipekva = ptoa(physpages / 64);
365 TUNABLE_LONG_FETCH("kern.ipc.maxpipekva", &maxpipekva);
366 if (maxpipekva < 512 * 1024)
367 maxpipekva = 512 * 1024;
368 if (maxpipekva > (VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS) / 64)
369 maxpipekva = (VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS) /
370 64;
371 TSEXIT();
372 }
373
374 /*
375 * Sysctl stringifying handler for kern.vm_guest.
376 */
377 static int
sysctl_kern_vm_guest(SYSCTL_HANDLER_ARGS)378 sysctl_kern_vm_guest(SYSCTL_HANDLER_ARGS)
379 {
380 return (SYSCTL_OUT_STR(req, vm_guest_sysctl_names[vm_guest]));
381 }
382