xref: /freebsd/sys/kern/kern_racct.c (revision 5bd73b51076b5cb5a2c9810f76c1d7ed20c4460e)
1 /*-
2  * Copyright (c) 2010 The FreeBSD Foundation
3  * All rights reserved.
4  *
5  * This software was developed by Edward Tomasz Napierala under sponsorship
6  * from the FreeBSD Foundation.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * $FreeBSD$
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 #include "opt_sched.h"
36 
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/eventhandler.h>
40 #include <sys/jail.h>
41 #include <sys/kernel.h>
42 #include <sys/kthread.h>
43 #include <sys/lock.h>
44 #include <sys/loginclass.h>
45 #include <sys/malloc.h>
46 #include <sys/mutex.h>
47 #include <sys/proc.h>
48 #include <sys/racct.h>
49 #include <sys/resourcevar.h>
50 #include <sys/sbuf.h>
51 #include <sys/sched.h>
52 #include <sys/sdt.h>
53 #include <sys/smp.h>
54 #include <sys/sx.h>
55 #include <sys/sysctl.h>
56 #include <sys/sysent.h>
57 #include <sys/sysproto.h>
58 #include <sys/umtx.h>
59 #include <machine/smp.h>
60 
61 #ifdef RCTL
62 #include <sys/rctl.h>
63 #endif
64 
65 #ifdef RACCT
66 
67 FEATURE(racct, "Resource Accounting");
68 
69 /*
70  * Do not block processes that have their %cpu usage <= pcpu_threshold.
71  */
72 static int pcpu_threshold = 1;
73 
74 SYSCTL_NODE(_kern, OID_AUTO, racct, CTLFLAG_RW, 0, "Resource Accounting");
75 SYSCTL_UINT(_kern_racct, OID_AUTO, pcpu_threshold, CTLFLAG_RW, &pcpu_threshold,
76     0, "Processes with higher %cpu usage than this value can be throttled.");
77 
78 /*
79  * How many seconds it takes to use the scheduler %cpu calculations.  When a
80  * process starts, we compute its %cpu usage by dividing its runtime by the
81  * process wall clock time.  After RACCT_PCPU_SECS pass, we use the value
82  * provided by the scheduler.
83  */
84 #define RACCT_PCPU_SECS		3
85 
86 static struct mtx racct_lock;
87 MTX_SYSINIT(racct_lock, &racct_lock, "racct lock", MTX_DEF);
88 
89 static uma_zone_t racct_zone;
90 
91 static void racct_sub_racct(struct racct *dest, const struct racct *src);
92 static void racct_sub_cred_locked(struct ucred *cred, int resource,
93 		uint64_t amount);
94 static void racct_add_cred_locked(struct ucred *cred, int resource,
95 		uint64_t amount);
96 
97 SDT_PROVIDER_DEFINE(racct);
98 SDT_PROBE_DEFINE3(racct, kernel, rusage, add, "struct proc *", "int",
99     "uint64_t");
100 SDT_PROBE_DEFINE3(racct, kernel, rusage, add__failure,
101     "struct proc *", "int", "uint64_t");
102 SDT_PROBE_DEFINE3(racct, kernel, rusage, add__cred, "struct ucred *",
103     "int", "uint64_t");
104 SDT_PROBE_DEFINE3(racct, kernel, rusage, add__force, "struct proc *",
105     "int", "uint64_t");
106 SDT_PROBE_DEFINE3(racct, kernel, rusage, set, "struct proc *", "int",
107     "uint64_t");
108 SDT_PROBE_DEFINE3(racct, kernel, rusage, set__failure,
109     "struct proc *", "int", "uint64_t");
110 SDT_PROBE_DEFINE3(racct, kernel, rusage, sub, "struct proc *", "int",
111     "uint64_t");
112 SDT_PROBE_DEFINE3(racct, kernel, rusage, sub__cred, "struct ucred *",
113     "int", "uint64_t");
114 SDT_PROBE_DEFINE1(racct, kernel, racct, create, "struct racct *");
115 SDT_PROBE_DEFINE1(racct, kernel, racct, destroy, "struct racct *");
116 SDT_PROBE_DEFINE2(racct, kernel, racct, join, "struct racct *",
117     "struct racct *");
118 SDT_PROBE_DEFINE2(racct, kernel, racct, join__failure,
119     "struct racct *", "struct racct *");
120 SDT_PROBE_DEFINE2(racct, kernel, racct, leave, "struct racct *",
121     "struct racct *");
122 
123 int racct_types[] = {
124 	[RACCT_CPU] =
125 		RACCT_IN_MILLIONS,
126 	[RACCT_DATA] =
127 		RACCT_RECLAIMABLE | RACCT_INHERITABLE | RACCT_DENIABLE,
128 	[RACCT_STACK] =
129 		RACCT_RECLAIMABLE | RACCT_INHERITABLE | RACCT_DENIABLE,
130 	[RACCT_CORE] =
131 		RACCT_DENIABLE,
132 	[RACCT_RSS] =
133 		RACCT_RECLAIMABLE,
134 	[RACCT_MEMLOCK] =
135 		RACCT_RECLAIMABLE | RACCT_DENIABLE,
136 	[RACCT_NPROC] =
137 		RACCT_RECLAIMABLE | RACCT_DENIABLE,
138 	[RACCT_NOFILE] =
139 		RACCT_RECLAIMABLE | RACCT_INHERITABLE | RACCT_DENIABLE,
140 	[RACCT_VMEM] =
141 		RACCT_RECLAIMABLE | RACCT_INHERITABLE | RACCT_DENIABLE,
142 	[RACCT_NPTS] =
143 		RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY,
144 	[RACCT_SWAP] =
145 		RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY,
146 	[RACCT_NTHR] =
147 		RACCT_RECLAIMABLE | RACCT_DENIABLE,
148 	[RACCT_MSGQQUEUED] =
149 		RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY,
150 	[RACCT_MSGQSIZE] =
151 		RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY,
152 	[RACCT_NMSGQ] =
153 		RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY,
154 	[RACCT_NSEM] =
155 		RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY,
156 	[RACCT_NSEMOP] =
157 		RACCT_RECLAIMABLE | RACCT_INHERITABLE | RACCT_DENIABLE,
158 	[RACCT_NSHM] =
159 		RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY,
160 	[RACCT_SHMSIZE] =
161 		RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY,
162 	[RACCT_WALLCLOCK] =
163 		RACCT_IN_MILLIONS,
164 	[RACCT_PCTCPU] =
165 		RACCT_DECAYING | RACCT_DENIABLE | RACCT_IN_MILLIONS };
166 
167 static const fixpt_t RACCT_DECAY_FACTOR = 0.3 * FSCALE;
168 
169 #ifdef SCHED_4BSD
170 /*
171  * Contains intermediate values for %cpu calculations to avoid using floating
172  * point in the kernel.
173  * ccpu_exp[k] = FSCALE * (ccpu/FSCALE)^k = FSCALE * exp(-k/20)
174  * It is needed only for the 4BSD scheduler, because in ULE, the ccpu equals to
175  * zero so the calculations are more straightforward.
176  */
177 fixpt_t ccpu_exp[] = {
178 	[0] = FSCALE * 1,
179 	[1] = FSCALE * 0.95122942450071400909,
180 	[2] = FSCALE * 0.90483741803595957316,
181 	[3] = FSCALE * 0.86070797642505780722,
182 	[4] = FSCALE * 0.81873075307798185866,
183 	[5] = FSCALE * 0.77880078307140486824,
184 	[6] = FSCALE * 0.74081822068171786606,
185 	[7] = FSCALE * 0.70468808971871343435,
186 	[8] = FSCALE * 0.67032004603563930074,
187 	[9] = FSCALE * 0.63762815162177329314,
188 	[10] = FSCALE * 0.60653065971263342360,
189 	[11] = FSCALE * 0.57694981038048669531,
190 	[12] = FSCALE * 0.54881163609402643262,
191 	[13] = FSCALE * 0.52204577676101604789,
192 	[14] = FSCALE * 0.49658530379140951470,
193 	[15] = FSCALE * 0.47236655274101470713,
194 	[16] = FSCALE * 0.44932896411722159143,
195 	[17] = FSCALE * 0.42741493194872666992,
196 	[18] = FSCALE * 0.40656965974059911188,
197 	[19] = FSCALE * 0.38674102345450120691,
198 	[20] = FSCALE * 0.36787944117144232159,
199 	[21] = FSCALE * 0.34993774911115535467,
200 	[22] = FSCALE * 0.33287108369807955328,
201 	[23] = FSCALE * 0.31663676937905321821,
202 	[24] = FSCALE * 0.30119421191220209664,
203 	[25] = FSCALE * 0.28650479686019010032,
204 	[26] = FSCALE * 0.27253179303401260312,
205 	[27] = FSCALE * 0.25924026064589150757,
206 	[28] = FSCALE * 0.24659696394160647693,
207 	[29] = FSCALE * 0.23457028809379765313,
208 	[30] = FSCALE * 0.22313016014842982893,
209 	[31] = FSCALE * 0.21224797382674305771,
210 	[32] = FSCALE * 0.20189651799465540848,
211 	[33] = FSCALE * 0.19204990862075411423,
212 	[34] = FSCALE * 0.18268352405273465022,
213 	[35] = FSCALE * 0.17377394345044512668,
214 	[36] = FSCALE * 0.16529888822158653829,
215 	[37] = FSCALE * 0.15723716631362761621,
216 	[38] = FSCALE * 0.14956861922263505264,
217 	[39] = FSCALE * 0.14227407158651357185,
218 	[40] = FSCALE * 0.13533528323661269189,
219 	[41] = FSCALE * 0.12873490358780421886,
220 	[42] = FSCALE * 0.12245642825298191021,
221 	[43] = FSCALE * 0.11648415777349695786,
222 	[44] = FSCALE * 0.11080315836233388333,
223 	[45] = FSCALE * 0.10539922456186433678,
224 	[46] = FSCALE * 0.10025884372280373372,
225 	[47] = FSCALE * 0.09536916221554961888,
226 	[48] = FSCALE * 0.09071795328941250337,
227 	[49] = FSCALE * 0.08629358649937051097,
228 	[50] = FSCALE * 0.08208499862389879516,
229 	[51] = FSCALE * 0.07808166600115315231,
230 	[52] = FSCALE * 0.07427357821433388042,
231 	[53] = FSCALE * 0.07065121306042958674,
232 	[54] = FSCALE * 0.06720551273974976512,
233 	[55] = FSCALE * 0.06392786120670757270,
234 	[56] = FSCALE * 0.06081006262521796499,
235 	[57] = FSCALE * 0.05784432087483846296,
236 	[58] = FSCALE * 0.05502322005640722902,
237 	[59] = FSCALE * 0.05233970594843239308,
238 	[60] = FSCALE * 0.04978706836786394297,
239 	[61] = FSCALE * 0.04735892439114092119,
240 	[62] = FSCALE * 0.04504920239355780606,
241 	[63] = FSCALE * 0.04285212686704017991,
242 	[64] = FSCALE * 0.04076220397836621516,
243 	[65] = FSCALE * 0.03877420783172200988,
244 	[66] = FSCALE * 0.03688316740124000544,
245 	[67] = FSCALE * 0.03508435410084502588,
246 	[68] = FSCALE * 0.03337326996032607948,
247 	[69] = FSCALE * 0.03174563637806794323,
248 	[70] = FSCALE * 0.03019738342231850073,
249 	[71] = FSCALE * 0.02872463965423942912,
250 	[72] = FSCALE * 0.02732372244729256080,
251 	[73] = FSCALE * 0.02599112877875534358,
252 	[74] = FSCALE * 0.02472352647033939120,
253 	[75] = FSCALE * 0.02351774585600910823,
254 	[76] = FSCALE * 0.02237077185616559577,
255 	[77] = FSCALE * 0.02127973643837716938,
256 	[78] = FSCALE * 0.02024191144580438847,
257 	[79] = FSCALE * 0.01925470177538692429,
258 	[80] = FSCALE * 0.01831563888873418029,
259 	[81] = FSCALE * 0.01742237463949351138,
260 	[82] = FSCALE * 0.01657267540176124754,
261 	[83] = FSCALE * 0.01576441648485449082,
262 	[84] = FSCALE * 0.01499557682047770621,
263 	[85] = FSCALE * 0.01426423390899925527,
264 	[86] = FSCALE * 0.01356855901220093175,
265 	[87] = FSCALE * 0.01290681258047986886,
266 	[88] = FSCALE * 0.01227733990306844117,
267 	[89] = FSCALE * 0.01167856697039544521,
268 	[90] = FSCALE * 0.01110899653824230649,
269 	[91] = FSCALE * 0.01056720438385265337,
270 	[92] = FSCALE * 0.01005183574463358164,
271 	[93] = FSCALE * 0.00956160193054350793,
272 	[94] = FSCALE * 0.00909527710169581709,
273 	[95] = FSCALE * 0.00865169520312063417,
274 	[96] = FSCALE * 0.00822974704902002884,
275 	[97] = FSCALE * 0.00782837754922577143,
276 	[98] = FSCALE * 0.00744658307092434051,
277 	[99] = FSCALE * 0.00708340892905212004,
278 	[100] = FSCALE * 0.00673794699908546709,
279 	[101] = FSCALE * 0.00640933344625638184,
280 	[102] = FSCALE * 0.00609674656551563610,
281 	[103] = FSCALE * 0.00579940472684214321,
282 	[104] = FSCALE * 0.00551656442076077241,
283 	[105] = FSCALE * 0.00524751839918138427,
284 	[106] = FSCALE * 0.00499159390691021621,
285 	[107] = FSCALE * 0.00474815099941147558,
286 	[108] = FSCALE * 0.00451658094261266798,
287 	[109] = FSCALE * 0.00429630469075234057,
288 	[110] = FSCALE * 0.00408677143846406699,
289 };
290 #endif
291 
292 #define	CCPU_EXP_MAX	110
293 
294 /*
295  * This function is analogical to the getpcpu() function in the ps(1) command.
296  * They should both calculate in the same way so that the racct %cpu
297  * calculations are consistent with the values showed by the ps(1) tool.
298  * The calculations are more complex in the 4BSD scheduler because of the value
299  * of the ccpu variable.  In ULE it is defined to be zero which saves us some
300  * work.
301  */
302 static uint64_t
303 racct_getpcpu(struct proc *p, u_int pcpu)
304 {
305 	u_int swtime;
306 #ifdef SCHED_4BSD
307 	fixpt_t pctcpu, pctcpu_next;
308 #endif
309 #ifdef SMP
310 	struct pcpu *pc;
311 	int found;
312 #endif
313 	fixpt_t p_pctcpu;
314 	struct thread *td;
315 
316 	/*
317 	 * If the process is swapped out, we count its %cpu usage as zero.
318 	 * This behaviour is consistent with the userland ps(1) tool.
319 	 */
320 	if ((p->p_flag & P_INMEM) == 0)
321 		return (0);
322 	swtime = (ticks - p->p_swtick) / hz;
323 
324 	/*
325 	 * For short-lived processes, the sched_pctcpu() returns small
326 	 * values even for cpu intensive processes.  Therefore we use
327 	 * our own estimate in this case.
328 	 */
329 	if (swtime < RACCT_PCPU_SECS)
330 		return (pcpu);
331 
332 	p_pctcpu = 0;
333 	FOREACH_THREAD_IN_PROC(p, td) {
334 		if (td == PCPU_GET(idlethread))
335 			continue;
336 #ifdef SMP
337 		found = 0;
338 		STAILQ_FOREACH(pc, &cpuhead, pc_allcpu) {
339 			if (td == pc->pc_idlethread) {
340 				found = 1;
341 				break;
342 			}
343 		}
344 		if (found)
345 			continue;
346 #endif
347 		thread_lock(td);
348 #ifdef SCHED_4BSD
349 		pctcpu = sched_pctcpu(td);
350 		/* Count also the yet unfinished second. */
351 		pctcpu_next = (pctcpu * ccpu_exp[1]) >> FSHIFT;
352 		pctcpu_next += sched_pctcpu_delta(td);
353 		p_pctcpu += max(pctcpu, pctcpu_next);
354 #else
355 		/*
356 		 * In ULE the %cpu statistics are updated on every
357 		 * sched_pctcpu() call.  So special calculations to
358 		 * account for the latest (unfinished) second are
359 		 * not needed.
360 		 */
361 		p_pctcpu += sched_pctcpu(td);
362 #endif
363 		thread_unlock(td);
364 	}
365 
366 #ifdef SCHED_4BSD
367 	if (swtime <= CCPU_EXP_MAX)
368 		return ((100 * (uint64_t)p_pctcpu * 1000000) /
369 		    (FSCALE - ccpu_exp[swtime]));
370 #endif
371 
372 	return ((100 * (uint64_t)p_pctcpu * 1000000) / FSCALE);
373 }
374 
375 static void
376 racct_add_racct(struct racct *dest, const struct racct *src)
377 {
378 	int i;
379 
380 	mtx_assert(&racct_lock, MA_OWNED);
381 
382 	/*
383 	 * Update resource usage in dest.
384 	 */
385 	for (i = 0; i <= RACCT_MAX; i++) {
386 		KASSERT(dest->r_resources[i] >= 0,
387 		    ("%s: resource %d propagation meltdown: dest < 0",
388 		    __func__, i));
389 		KASSERT(src->r_resources[i] >= 0,
390 		    ("%s: resource %d propagation meltdown: src < 0",
391 		    __func__, i));
392 		dest->r_resources[i] += src->r_resources[i];
393 	}
394 }
395 
396 static void
397 racct_sub_racct(struct racct *dest, const struct racct *src)
398 {
399 	int i;
400 
401 	mtx_assert(&racct_lock, MA_OWNED);
402 
403 	/*
404 	 * Update resource usage in dest.
405 	 */
406 	for (i = 0; i <= RACCT_MAX; i++) {
407 		if (!RACCT_IS_SLOPPY(i) && !RACCT_IS_DECAYING(i)) {
408 			KASSERT(dest->r_resources[i] >= 0,
409 			    ("%s: resource %d propagation meltdown: dest < 0",
410 			    __func__, i));
411 			KASSERT(src->r_resources[i] >= 0,
412 			    ("%s: resource %d propagation meltdown: src < 0",
413 			    __func__, i));
414 			KASSERT(src->r_resources[i] <= dest->r_resources[i],
415 			    ("%s: resource %d propagation meltdown: src > dest",
416 			    __func__, i));
417 		}
418 		if (RACCT_CAN_DROP(i)) {
419 			dest->r_resources[i] -= src->r_resources[i];
420 			if (dest->r_resources[i] < 0) {
421 				KASSERT(RACCT_IS_SLOPPY(i) ||
422 				    RACCT_IS_DECAYING(i),
423 				    ("%s: resource %d usage < 0", __func__, i));
424 				dest->r_resources[i] = 0;
425 			}
426 		}
427 	}
428 }
429 
430 void
431 racct_create(struct racct **racctp)
432 {
433 
434 	SDT_PROBE(racct, kernel, racct, create, racctp, 0, 0, 0, 0);
435 
436 	KASSERT(*racctp == NULL, ("racct already allocated"));
437 
438 	*racctp = uma_zalloc(racct_zone, M_WAITOK | M_ZERO);
439 }
440 
441 static void
442 racct_destroy_locked(struct racct **racctp)
443 {
444 	int i;
445 	struct racct *racct;
446 
447 	SDT_PROBE(racct, kernel, racct, destroy, racctp, 0, 0, 0, 0);
448 
449 	mtx_assert(&racct_lock, MA_OWNED);
450 	KASSERT(racctp != NULL, ("NULL racctp"));
451 	KASSERT(*racctp != NULL, ("NULL racct"));
452 
453 	racct = *racctp;
454 
455 	for (i = 0; i <= RACCT_MAX; i++) {
456 		if (RACCT_IS_SLOPPY(i))
457 			continue;
458 		if (!RACCT_IS_RECLAIMABLE(i))
459 			continue;
460 		KASSERT(racct->r_resources[i] == 0,
461 		    ("destroying non-empty racct: "
462 		    "%ju allocated for resource %d\n",
463 		    racct->r_resources[i], i));
464 	}
465 	uma_zfree(racct_zone, racct);
466 	*racctp = NULL;
467 }
468 
469 void
470 racct_destroy(struct racct **racct)
471 {
472 
473 	mtx_lock(&racct_lock);
474 	racct_destroy_locked(racct);
475 	mtx_unlock(&racct_lock);
476 }
477 
478 /*
479  * Increase consumption of 'resource' by 'amount' for 'racct'
480  * and all its parents.  Differently from other cases, 'amount' here
481  * may be less than zero.
482  */
483 static void
484 racct_alloc_resource(struct racct *racct, int resource,
485     uint64_t amount)
486 {
487 
488 	mtx_assert(&racct_lock, MA_OWNED);
489 	KASSERT(racct != NULL, ("NULL racct"));
490 
491 	racct->r_resources[resource] += amount;
492 	if (racct->r_resources[resource] < 0) {
493 		KASSERT(RACCT_IS_SLOPPY(resource) || RACCT_IS_DECAYING(resource),
494 		    ("%s: resource %d usage < 0", __func__, resource));
495 		racct->r_resources[resource] = 0;
496 	}
497 
498 	/*
499 	 * There are some cases where the racct %cpu resource would grow
500 	 * beyond 100%.
501 	 * For example in racct_proc_exit() we add the process %cpu usage
502 	 * to the ucred racct containers.  If too many processes terminated
503 	 * in a short time span, the ucred %cpu resource could grow too much.
504 	 * Also, the 4BSD scheduler sometimes returns for a thread more than
505 	 * 100% cpu usage.  So we set a boundary here to 100%.
506 	 */
507 	if ((resource == RACCT_PCTCPU) &&
508 	    (racct->r_resources[RACCT_PCTCPU] > 100 * 1000000))
509 		racct->r_resources[RACCT_PCTCPU] = 100 * 1000000;
510 }
511 
512 static int
513 racct_add_locked(struct proc *p, int resource, uint64_t amount)
514 {
515 #ifdef RCTL
516 	int error;
517 #endif
518 
519 	SDT_PROBE(racct, kernel, rusage, add, p, resource, amount, 0, 0);
520 
521 	/*
522 	 * We need proc lock to dereference p->p_ucred.
523 	 */
524 	PROC_LOCK_ASSERT(p, MA_OWNED);
525 
526 #ifdef RCTL
527 	error = rctl_enforce(p, resource, amount);
528 	if (error && RACCT_IS_DENIABLE(resource)) {
529 		SDT_PROBE(racct, kernel, rusage, add__failure, p, resource,
530 		    amount, 0, 0);
531 		return (error);
532 	}
533 #endif
534 	racct_alloc_resource(p->p_racct, resource, amount);
535 	racct_add_cred_locked(p->p_ucred, resource, amount);
536 
537 	return (0);
538 }
539 
540 /*
541  * Increase allocation of 'resource' by 'amount' for process 'p'.
542  * Return 0 if it's below limits, or errno, if it's not.
543  */
544 int
545 racct_add(struct proc *p, int resource, uint64_t amount)
546 {
547 	int error;
548 
549 	mtx_lock(&racct_lock);
550 	error = racct_add_locked(p, resource, amount);
551 	mtx_unlock(&racct_lock);
552 	return (error);
553 }
554 
555 static void
556 racct_add_cred_locked(struct ucred *cred, int resource, uint64_t amount)
557 {
558 	struct prison *pr;
559 
560 	SDT_PROBE(racct, kernel, rusage, add__cred, cred, resource, amount,
561 	    0, 0);
562 
563 	racct_alloc_resource(cred->cr_ruidinfo->ui_racct, resource, amount);
564 	for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent)
565 		racct_alloc_resource(pr->pr_prison_racct->prr_racct, resource,
566 		    amount);
567 	racct_alloc_resource(cred->cr_loginclass->lc_racct, resource, amount);
568 }
569 
570 /*
571  * Increase allocation of 'resource' by 'amount' for credential 'cred'.
572  * Doesn't check for limits and never fails.
573  *
574  * XXX: Shouldn't this ever return an error?
575  */
576 void
577 racct_add_cred(struct ucred *cred, int resource, uint64_t amount)
578 {
579 
580 	mtx_lock(&racct_lock);
581 	racct_add_cred_locked(cred, resource, amount);
582 	mtx_unlock(&racct_lock);
583 }
584 
585 /*
586  * Increase allocation of 'resource' by 'amount' for process 'p'.
587  * Doesn't check for limits and never fails.
588  */
589 void
590 racct_add_force(struct proc *p, int resource, uint64_t amount)
591 {
592 
593 	SDT_PROBE(racct, kernel, rusage, add__force, p, resource, amount, 0, 0);
594 
595 	/*
596 	 * We need proc lock to dereference p->p_ucred.
597 	 */
598 	PROC_LOCK_ASSERT(p, MA_OWNED);
599 
600 	mtx_lock(&racct_lock);
601 	racct_alloc_resource(p->p_racct, resource, amount);
602 	mtx_unlock(&racct_lock);
603 	racct_add_cred(p->p_ucred, resource, amount);
604 }
605 
606 static int
607 racct_set_locked(struct proc *p, int resource, uint64_t amount)
608 {
609 	int64_t old_amount, decayed_amount;
610 	int64_t diff_proc, diff_cred;
611 #ifdef RCTL
612 	int error;
613 #endif
614 
615 	SDT_PROBE(racct, kernel, rusage, set, p, resource, amount, 0, 0);
616 
617 	/*
618 	 * We need proc lock to dereference p->p_ucred.
619 	 */
620 	PROC_LOCK_ASSERT(p, MA_OWNED);
621 
622 	old_amount = p->p_racct->r_resources[resource];
623 	/*
624 	 * The diffs may be negative.
625 	 */
626 	diff_proc = amount - old_amount;
627 	if (RACCT_IS_DECAYING(resource)) {
628 		/*
629 		 * Resources in per-credential racct containers may decay.
630 		 * If this is the case, we need to calculate the difference
631 		 * between the new amount and the proportional value of the
632 		 * old amount that has decayed in the ucred racct containers.
633 		 */
634 		decayed_amount = old_amount * RACCT_DECAY_FACTOR / FSCALE;
635 		diff_cred = amount - decayed_amount;
636 	} else
637 		diff_cred = diff_proc;
638 #ifdef notyet
639 	KASSERT(diff_proc >= 0 || RACCT_CAN_DROP(resource),
640 	    ("%s: usage of non-droppable resource %d dropping", __func__,
641 	     resource));
642 #endif
643 #ifdef RCTL
644 	if (diff_proc > 0) {
645 		error = rctl_enforce(p, resource, diff_proc);
646 		if (error && RACCT_IS_DENIABLE(resource)) {
647 			SDT_PROBE(racct, kernel, rusage, set__failure, p,
648 			    resource, amount, 0, 0);
649 			return (error);
650 		}
651 	}
652 #endif
653 	racct_alloc_resource(p->p_racct, resource, diff_proc);
654 	if (diff_cred > 0)
655 		racct_add_cred_locked(p->p_ucred, resource, diff_cred);
656 	else if (diff_cred < 0)
657 		racct_sub_cred_locked(p->p_ucred, resource, -diff_cred);
658 
659 	return (0);
660 }
661 
662 /*
663  * Set allocation of 'resource' to 'amount' for process 'p'.
664  * Return 0 if it's below limits, or errno, if it's not.
665  *
666  * Note that decreasing the allocation always returns 0,
667  * even if it's above the limit.
668  */
669 int
670 racct_set(struct proc *p, int resource, uint64_t amount)
671 {
672 	int error;
673 
674 	mtx_lock(&racct_lock);
675 	error = racct_set_locked(p, resource, amount);
676 	mtx_unlock(&racct_lock);
677 	return (error);
678 }
679 
680 static void
681 racct_set_force_locked(struct proc *p, int resource, uint64_t amount)
682 {
683 	int64_t old_amount, decayed_amount;
684 	int64_t diff_proc, diff_cred;
685 
686 	SDT_PROBE(racct, kernel, rusage, set, p, resource, amount, 0, 0);
687 
688 	/*
689 	 * We need proc lock to dereference p->p_ucred.
690 	 */
691 	PROC_LOCK_ASSERT(p, MA_OWNED);
692 
693 	old_amount = p->p_racct->r_resources[resource];
694 	/*
695 	 * The diffs may be negative.
696 	 */
697 	diff_proc = amount - old_amount;
698 	if (RACCT_IS_DECAYING(resource)) {
699 		/*
700 		 * Resources in per-credential racct containers may decay.
701 		 * If this is the case, we need to calculate the difference
702 		 * between the new amount and the proportional value of the
703 		 * old amount that has decayed in the ucred racct containers.
704 		 */
705 		decayed_amount = old_amount * RACCT_DECAY_FACTOR / FSCALE;
706 		diff_cred = amount - decayed_amount;
707 	} else
708 		diff_cred = diff_proc;
709 
710 	racct_alloc_resource(p->p_racct, resource, diff_proc);
711 	if (diff_cred > 0)
712 		racct_add_cred_locked(p->p_ucred, resource, diff_cred);
713 	else if (diff_cred < 0)
714 		racct_sub_cred_locked(p->p_ucred, resource, -diff_cred);
715 }
716 
717 void
718 racct_set_force(struct proc *p, int resource, uint64_t amount)
719 {
720 	mtx_lock(&racct_lock);
721 	racct_set_force_locked(p, resource, amount);
722 	mtx_unlock(&racct_lock);
723 }
724 
725 /*
726  * Returns amount of 'resource' the process 'p' can keep allocated.
727  * Allocating more than that would be denied, unless the resource
728  * is marked undeniable.  Amount of already allocated resource does
729  * not matter.
730  */
731 uint64_t
732 racct_get_limit(struct proc *p, int resource)
733 {
734 
735 #ifdef RCTL
736 	return (rctl_get_limit(p, resource));
737 #else
738 	return (UINT64_MAX);
739 #endif
740 }
741 
742 /*
743  * Returns amount of 'resource' the process 'p' can keep allocated.
744  * Allocating more than that would be denied, unless the resource
745  * is marked undeniable.  Amount of already allocated resource does
746  * matter.
747  */
748 uint64_t
749 racct_get_available(struct proc *p, int resource)
750 {
751 
752 #ifdef RCTL
753 	return (rctl_get_available(p, resource));
754 #else
755 	return (UINT64_MAX);
756 #endif
757 }
758 
759 /*
760  * Returns amount of the %cpu resource that process 'p' can add to its %cpu
761  * utilization.  Adding more than that would lead to the process being
762  * throttled.
763  */
764 static int64_t
765 racct_pcpu_available(struct proc *p)
766 {
767 
768 #ifdef RCTL
769 	return (rctl_pcpu_available(p));
770 #else
771 	return (INT64_MAX);
772 #endif
773 }
774 
775 /*
776  * Decrease allocation of 'resource' by 'amount' for process 'p'.
777  */
778 void
779 racct_sub(struct proc *p, int resource, uint64_t amount)
780 {
781 
782 	SDT_PROBE(racct, kernel, rusage, sub, p, resource, amount, 0, 0);
783 
784 	/*
785 	 * We need proc lock to dereference p->p_ucred.
786 	 */
787 	PROC_LOCK_ASSERT(p, MA_OWNED);
788 	KASSERT(RACCT_CAN_DROP(resource),
789 	    ("%s: called for non-droppable resource %d", __func__, resource));
790 
791 	mtx_lock(&racct_lock);
792 	KASSERT(amount <= p->p_racct->r_resources[resource],
793 	    ("%s: freeing %ju of resource %d, which is more "
794 	     "than allocated %jd for %s (pid %d)", __func__, amount, resource,
795 	    (intmax_t)p->p_racct->r_resources[resource], p->p_comm, p->p_pid));
796 
797 	racct_alloc_resource(p->p_racct, resource, -amount);
798 	racct_sub_cred_locked(p->p_ucred, resource, amount);
799 	mtx_unlock(&racct_lock);
800 }
801 
802 static void
803 racct_sub_cred_locked(struct ucred *cred, int resource, uint64_t amount)
804 {
805 	struct prison *pr;
806 
807 	SDT_PROBE(racct, kernel, rusage, sub__cred, cred, resource, amount,
808 	    0, 0);
809 
810 #ifdef notyet
811 	KASSERT(RACCT_CAN_DROP(resource),
812 	    ("%s: called for resource %d which can not drop", __func__,
813 	     resource));
814 #endif
815 
816 	racct_alloc_resource(cred->cr_ruidinfo->ui_racct, resource, -amount);
817 	for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent)
818 		racct_alloc_resource(pr->pr_prison_racct->prr_racct, resource,
819 		    -amount);
820 	racct_alloc_resource(cred->cr_loginclass->lc_racct, resource, -amount);
821 }
822 
823 /*
824  * Decrease allocation of 'resource' by 'amount' for credential 'cred'.
825  */
826 void
827 racct_sub_cred(struct ucred *cred, int resource, uint64_t amount)
828 {
829 
830 	mtx_lock(&racct_lock);
831 	racct_sub_cred_locked(cred, resource, amount);
832 	mtx_unlock(&racct_lock);
833 }
834 
835 /*
836  * Inherit resource usage information from the parent process.
837  */
838 int
839 racct_proc_fork(struct proc *parent, struct proc *child)
840 {
841 	int i, error = 0;
842 
843 	/*
844 	 * Create racct for the child process.
845 	 */
846 	racct_create(&child->p_racct);
847 
848 	PROC_LOCK(parent);
849 	PROC_LOCK(child);
850 	mtx_lock(&racct_lock);
851 
852 #ifdef RCTL
853 	error = rctl_proc_fork(parent, child);
854 	if (error != 0)
855 		goto out;
856 #endif
857 
858 	/* Init process cpu time. */
859 	child->p_prev_runtime = 0;
860 	child->p_throttled = 0;
861 
862 	/*
863 	 * Inherit resource usage.
864 	 */
865 	for (i = 0; i <= RACCT_MAX; i++) {
866 		if (parent->p_racct->r_resources[i] == 0 ||
867 		    !RACCT_IS_INHERITABLE(i))
868 			continue;
869 
870 		error = racct_set_locked(child, i,
871 		    parent->p_racct->r_resources[i]);
872 		if (error != 0)
873 			goto out;
874 	}
875 
876 	error = racct_add_locked(child, RACCT_NPROC, 1);
877 	error += racct_add_locked(child, RACCT_NTHR, 1);
878 
879 out:
880 	mtx_unlock(&racct_lock);
881 	PROC_UNLOCK(child);
882 	PROC_UNLOCK(parent);
883 
884 	if (error != 0)
885 		racct_proc_exit(child);
886 
887 	return (error);
888 }
889 
890 /*
891  * Called at the end of fork1(), to handle rules that require the process
892  * to be fully initialized.
893  */
894 void
895 racct_proc_fork_done(struct proc *child)
896 {
897 
898 #ifdef RCTL
899 	PROC_LOCK(child);
900 	mtx_lock(&racct_lock);
901 	rctl_enforce(child, RACCT_NPROC, 0);
902 	rctl_enforce(child, RACCT_NTHR, 0);
903 	mtx_unlock(&racct_lock);
904 	PROC_UNLOCK(child);
905 #endif
906 }
907 
908 void
909 racct_proc_exit(struct proc *p)
910 {
911 	int i;
912 	uint64_t runtime;
913 	struct timeval wallclock;
914 	uint64_t pct_estimate, pct;
915 
916 	PROC_LOCK(p);
917 	/*
918 	 * We don't need to calculate rux, proc_reap() has already done this.
919 	 */
920 	runtime = cputick2usec(p->p_rux.rux_runtime);
921 #ifdef notyet
922 	KASSERT(runtime >= p->p_prev_runtime, ("runtime < p_prev_runtime"));
923 #else
924 	if (runtime < p->p_prev_runtime)
925 		runtime = p->p_prev_runtime;
926 #endif
927 	microuptime(&wallclock);
928 	timevalsub(&wallclock, &p->p_stats->p_start);
929 	if (wallclock.tv_sec > 0 || wallclock.tv_usec > 0) {
930 		pct_estimate = (1000000 * runtime * 100) /
931 		    ((uint64_t)wallclock.tv_sec * 1000000 +
932 		    wallclock.tv_usec);
933 	} else
934 		pct_estimate = 0;
935 	pct = racct_getpcpu(p, pct_estimate);
936 
937 	mtx_lock(&racct_lock);
938 	racct_set_locked(p, RACCT_CPU, runtime);
939 	racct_add_cred_locked(p->p_ucred, RACCT_PCTCPU, pct);
940 
941 	for (i = 0; i <= RACCT_MAX; i++) {
942 		if (p->p_racct->r_resources[i] == 0)
943 			continue;
944 	    	if (!RACCT_IS_RECLAIMABLE(i))
945 			continue;
946 		racct_set_locked(p, i, 0);
947 	}
948 
949 	mtx_unlock(&racct_lock);
950 	PROC_UNLOCK(p);
951 
952 #ifdef RCTL
953 	rctl_racct_release(p->p_racct);
954 #endif
955 	racct_destroy(&p->p_racct);
956 }
957 
958 /*
959  * Called after credentials change, to move resource utilisation
960  * between raccts.
961  */
962 void
963 racct_proc_ucred_changed(struct proc *p, struct ucred *oldcred,
964     struct ucred *newcred)
965 {
966 	struct uidinfo *olduip, *newuip;
967 	struct loginclass *oldlc, *newlc;
968 	struct prison *oldpr, *newpr, *pr;
969 
970 	PROC_LOCK_ASSERT(p, MA_NOTOWNED);
971 
972 	newuip = newcred->cr_ruidinfo;
973 	olduip = oldcred->cr_ruidinfo;
974 	newlc = newcred->cr_loginclass;
975 	oldlc = oldcred->cr_loginclass;
976 	newpr = newcred->cr_prison;
977 	oldpr = oldcred->cr_prison;
978 
979 	mtx_lock(&racct_lock);
980 	if (newuip != olduip) {
981 		racct_sub_racct(olduip->ui_racct, p->p_racct);
982 		racct_add_racct(newuip->ui_racct, p->p_racct);
983 	}
984 	if (newlc != oldlc) {
985 		racct_sub_racct(oldlc->lc_racct, p->p_racct);
986 		racct_add_racct(newlc->lc_racct, p->p_racct);
987 	}
988 	if (newpr != oldpr) {
989 		for (pr = oldpr; pr != NULL; pr = pr->pr_parent)
990 			racct_sub_racct(pr->pr_prison_racct->prr_racct,
991 			    p->p_racct);
992 		for (pr = newpr; pr != NULL; pr = pr->pr_parent)
993 			racct_add_racct(pr->pr_prison_racct->prr_racct,
994 			    p->p_racct);
995 	}
996 	mtx_unlock(&racct_lock);
997 
998 #ifdef RCTL
999 	rctl_proc_ucred_changed(p, newcred);
1000 #endif
1001 }
1002 
1003 void
1004 racct_move(struct racct *dest, struct racct *src)
1005 {
1006 
1007 	mtx_lock(&racct_lock);
1008 
1009 	racct_add_racct(dest, src);
1010 	racct_sub_racct(src, src);
1011 
1012 	mtx_unlock(&racct_lock);
1013 }
1014 
1015 static void
1016 racct_proc_throttle(struct proc *p)
1017 {
1018 	struct thread *td;
1019 #ifdef SMP
1020 	int cpuid;
1021 #endif
1022 
1023 	PROC_LOCK_ASSERT(p, MA_OWNED);
1024 
1025 	/*
1026 	 * Do not block kernel processes.  Also do not block processes with
1027 	 * low %cpu utilization to improve interactivity.
1028 	 */
1029 	if (((p->p_flag & (P_SYSTEM | P_KTHREAD)) != 0) ||
1030 	    (p->p_racct->r_resources[RACCT_PCTCPU] <= pcpu_threshold))
1031 		return;
1032 	p->p_throttled = 1;
1033 
1034 	FOREACH_THREAD_IN_PROC(p, td) {
1035 		thread_lock(td);
1036 		switch (td->td_state) {
1037 		case TDS_RUNQ:
1038 			/*
1039 			 * If the thread is on the scheduler run-queue, we can
1040 			 * not just remove it from there.  So we set the flag
1041 			 * TDF_NEEDRESCHED for the thread, so that once it is
1042 			 * running, it is taken off the cpu as soon as possible.
1043 			 */
1044 			td->td_flags |= TDF_NEEDRESCHED;
1045 			break;
1046 		case TDS_RUNNING:
1047 			/*
1048 			 * If the thread is running, we request a context
1049 			 * switch for it by setting the TDF_NEEDRESCHED flag.
1050 			 */
1051 			td->td_flags |= TDF_NEEDRESCHED;
1052 #ifdef SMP
1053 			cpuid = td->td_oncpu;
1054 			if ((cpuid != NOCPU) && (td != curthread))
1055 				ipi_cpu(cpuid, IPI_AST);
1056 #endif
1057 			break;
1058 		default:
1059 			break;
1060 		}
1061 		thread_unlock(td);
1062 	}
1063 }
1064 
1065 static void
1066 racct_proc_wakeup(struct proc *p)
1067 {
1068 	PROC_LOCK_ASSERT(p, MA_OWNED);
1069 
1070 	if (p->p_throttled) {
1071 		p->p_throttled = 0;
1072 		wakeup(p->p_racct);
1073 	}
1074 }
1075 
1076 static void
1077 racct_decay_resource(struct racct *racct, void * res, void* dummy)
1078 {
1079 	int resource;
1080 	int64_t r_old, r_new;
1081 
1082 	resource = *(int *)res;
1083 	r_old = racct->r_resources[resource];
1084 
1085 	/* If there is nothing to decay, just exit. */
1086 	if (r_old <= 0)
1087 		return;
1088 
1089 	mtx_lock(&racct_lock);
1090 	r_new = r_old * RACCT_DECAY_FACTOR / FSCALE;
1091 	racct->r_resources[resource] = r_new;
1092 	mtx_unlock(&racct_lock);
1093 }
1094 
1095 static void
1096 racct_decay(int resource)
1097 {
1098 	ui_racct_foreach(racct_decay_resource, &resource, NULL);
1099 	loginclass_racct_foreach(racct_decay_resource, &resource, NULL);
1100 	prison_racct_foreach(racct_decay_resource, &resource, NULL);
1101 }
1102 
1103 static void
1104 racctd(void)
1105 {
1106 	struct thread *td;
1107 	struct proc *p;
1108 	struct timeval wallclock;
1109 	uint64_t runtime;
1110 	uint64_t pct, pct_estimate;
1111 
1112 	for (;;) {
1113 		racct_decay(RACCT_PCTCPU);
1114 
1115 		sx_slock(&allproc_lock);
1116 
1117 		LIST_FOREACH(p, &zombproc, p_list) {
1118 			PROC_LOCK(p);
1119 			racct_set(p, RACCT_PCTCPU, 0);
1120 			PROC_UNLOCK(p);
1121 		}
1122 
1123 		FOREACH_PROC_IN_SYSTEM(p) {
1124 			PROC_LOCK(p);
1125 			if (p->p_state != PRS_NORMAL) {
1126 				PROC_UNLOCK(p);
1127 				continue;
1128 			}
1129 
1130 			microuptime(&wallclock);
1131 			timevalsub(&wallclock, &p->p_stats->p_start);
1132 			PROC_SLOCK(p);
1133 			FOREACH_THREAD_IN_PROC(p, td)
1134 				ruxagg(p, td);
1135 			runtime = cputick2usec(p->p_rux.rux_runtime);
1136 			PROC_SUNLOCK(p);
1137 #ifdef notyet
1138 			KASSERT(runtime >= p->p_prev_runtime,
1139 			    ("runtime < p_prev_runtime"));
1140 #else
1141 			if (runtime < p->p_prev_runtime)
1142 				runtime = p->p_prev_runtime;
1143 #endif
1144 			p->p_prev_runtime = runtime;
1145 			if (wallclock.tv_sec > 0 || wallclock.tv_usec > 0) {
1146 				pct_estimate = (1000000 * runtime * 100) /
1147 				    ((uint64_t)wallclock.tv_sec * 1000000 +
1148 				    wallclock.tv_usec);
1149 			} else
1150 				pct_estimate = 0;
1151 			pct = racct_getpcpu(p, pct_estimate);
1152 			mtx_lock(&racct_lock);
1153 			racct_set_force_locked(p, RACCT_PCTCPU, pct);
1154 			racct_set_locked(p, RACCT_CPU, runtime);
1155 			racct_set_locked(p, RACCT_WALLCLOCK,
1156 			    (uint64_t)wallclock.tv_sec * 1000000 +
1157 			    wallclock.tv_usec);
1158 			mtx_unlock(&racct_lock);
1159 			PROC_UNLOCK(p);
1160 		}
1161 
1162 		/*
1163 		 * To ensure that processes are throttled in a fair way, we need
1164 		 * to iterate over all processes again and check the limits
1165 		 * for %cpu resource only after ucred racct containers have been
1166 		 * properly filled.
1167 		 */
1168 		FOREACH_PROC_IN_SYSTEM(p) {
1169 			PROC_LOCK(p);
1170 			if (p->p_state != PRS_NORMAL) {
1171 				PROC_UNLOCK(p);
1172 				continue;
1173 			}
1174 
1175 			if (racct_pcpu_available(p) <= 0)
1176 				racct_proc_throttle(p);
1177 			else if (p->p_throttled)
1178 				racct_proc_wakeup(p);
1179 			PROC_UNLOCK(p);
1180 		}
1181 		sx_sunlock(&allproc_lock);
1182 		pause("-", hz);
1183 	}
1184 }
1185 
1186 static struct kproc_desc racctd_kp = {
1187 	"racctd",
1188 	racctd,
1189 	NULL
1190 };
1191 SYSINIT(racctd, SI_SUB_RACCTD, SI_ORDER_FIRST, kproc_start, &racctd_kp);
1192 
1193 static void
1194 racct_init(void)
1195 {
1196 
1197 	racct_zone = uma_zcreate("racct", sizeof(struct racct),
1198 	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
1199 	/*
1200 	 * XXX: Move this somewhere.
1201 	 */
1202 	prison0.pr_prison_racct = prison_racct_find("0");
1203 }
1204 SYSINIT(racct, SI_SUB_RACCT, SI_ORDER_FIRST, racct_init, NULL);
1205 
1206 #endif /* !RACCT */
1207