Fix unsafe use of ptsignal() in mi_switch().

ptsignal() has to be called with the kernel lock held. As ensuring the
locking in mi_switch() is not easy, and deferring the signaling using
the task API is not possible because of lock order issues in
mi_switch(), move the CPU time checking into a periodic timer where
the kernel can be locked without issues.

With this change, each process has a dedicated resource check timer.
The timer gets activated only when a CPU time limit is set. Because the
checking is not done as frequently as before, some precision is lost.

Use of timers adapted from FreeBSD.

OK tedu@

Reported-by: syzbot+2f5d62256e3280634623@syzkaller.appspotmail.com

1 files changed, 1 insertions, 19 deletions

diff --git a/sys/kern/sched_bsd.c b/sys/kern/sched_bsd.c
index b4de163a296..1fa5d319988 100644
--- a/sys/kern/sched_bsd.c
+++ b/sys/kern/sched_bsd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sched_bsd.c,v 1.47 2017/12/04 09:38:20 mpi Exp $	*/
+/*	$OpenBSD: sched_bsd.c,v 1.48 2019/01/06 12:59:45 visa Exp $	*/
 /*	$NetBSD: kern_synch.c,v 1.37 1996/04/22 01:38:37 christos Exp $	*/
 
 /*-
@@ -336,8 +336,6 @@ mi_switch(void)
 	struct proc *p = curproc;
 	struct proc *nextproc;
 	struct process *pr = p->p_p;
-	struct rlimit *rlim;
-	rlim_t secs;
 	struct timespec ts;
 #ifdef MULTIPROCESSOR
 	int hold_count;
@@ -382,22 +380,6 @@ mi_switch(void)
 	tuagg_unlocked(pr, p);
 
 	/*
-	 * Check if the process exceeds its cpu resource allocation.
-	 * If over max, kill it.
-	 */
-	rlim = &pr->ps_limit->pl_rlimit[RLIMIT_CPU];
-	secs = pr->ps_tu.tu_runtime.tv_sec;
-	if (secs >= rlim->rlim_cur) {
-		if (secs >= rlim->rlim_max) {
-			psignal(p, SIGKILL);
-		} else {
-			psignal(p, SIGXCPU);
-			if (rlim->rlim_cur < rlim->rlim_max)
-				rlim->rlim_cur += 5;
-		}
-	}
-
-	/*
 	 * Process is about to yield the CPU; clear the appropriate
 	 * scheduling flags.
 	 */