mlock as non-root: use rlimits

From: Arjan van de Ven
Date: Fri Jun 04 2004 - 06:31:20 EST

Next message: Jens Axboe: "Re: ide errors in 7-rc1-mm1 and later"
Previous message: William Lee Irwin III: "Re: [PATCH] cpumask 5/10 rewrite cpumask.h - single bitmap based implementation"
Next in thread: Arjan van de Ven: "Re: mlock as non-root: use rlimits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

the patch below is an alternative solution for the eternal "mlock as
non-root" issue, which recently cropped up again in relation to hugetlbfs
and Oracle. The proposed solution comes down to using the MEMLOCK rlimit,
which previously was used to restrict how much memory *root* processes can
mlock as limit for non-root processes, and let root (well CAP_IPC_LOCK
processes) mlock to infinity (which was the rlimit default anyway).
The default behavior of the kernel doesn't change with this patch, but with
this patch the sysadmin can use the standard rlimit mechanism (eg via PAM
usually) to allow specific users to mlock memory, for example the oracle
database user account.

Comments?

Greetings,
Arjan van de Ven

diff -urN linux-2.6.1-1.138.2.1/fs/hugetlbfs/inode.c linux-2.6.1-1.138.2.1custom/fs/hugetlbfs/inode.c
--- linux-2.6.1-1.138.2.1/fs/hugetlbfs/inode.c 2004-01-30 15:15:50.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/fs/hugetlbfs/inode.c 2004-02-26 14:17:48.000000000 -0800
@@ -755,7 +755,7 @@
struct qstr quick_string;
char buf[16];

- if (!capable(CAP_IPC_LOCK))
+ if (!can_do_mlock())
return ERR_PTR(-EPERM);

if (!is_hugepage_mem_enough(size))
diff -urN linux-2.6.1-1.138.2.1/include/asm-alpha/resource.h linux-2.6.1-1.138.2.1custom/include/asm-alpha/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-alpha/resource.h 2004-01-08 22:59:08.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-alpha/resource.h 2004-03-02 13:45:23.000000000 -0800
@@ -39,7 +39,7 @@
{INR_OPEN, INR_OPEN}, /* RLIMIT_NOFILE */ \
{LONG_MAX, LONG_MAX}, /* RLIMIT_AS */ \
{LONG_MAX, LONG_MAX}, /* RLIMIT_NPROC */ \
- {LONG_MAX, LONG_MAX}, /* RLIMIT_MEMLOCK */ \
+ {0, 0}, /* RLIMIT_MEMLOCK */ \
{LONG_MAX, LONG_MAX}, /* RLIMIT_LOCKS */ \
}

diff -urN linux-2.6.1-1.138.2.1/include/asm-arm/resource.h linux-2.6.1-1.138.2.1custom/include/asm-arm/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-arm/resource.h 2004-01-08 22:59:56.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-arm/resource.h 2004-03-02 13:46:40.000000000 -0800
@@ -37,7 +37,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-arm26/resource.h linux-2.6.1-1.138.2.1custom/include/asm-arm26/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-arm26/resource.h 2004-01-08 22:59:04.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-arm26/resource.h 2004-03-02 13:48:39.000000000 -0800
@@ -37,7 +37,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-cris/resource.h linux-2.6.1-1.138.2.1custom/include/asm-cris/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-cris/resource.h 2004-01-08 22:59:45.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-cris/resource.h 2004-03-02 13:47:33.000000000 -0800
@@ -37,7 +37,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-h8300/resource.h linux-2.6.1-1.138.2.1custom/include/asm-h8300/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-h8300/resource.h 2004-01-08 22:59:06.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-h8300/resource.h 2004-03-02 13:49:00.000000000 -0800
@@ -37,7 +37,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-i386/resource.h linux-2.6.1-1.138.2.1custom/include/asm-i386/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-i386/resource.h 2004-01-08 22:59:09.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-i386/resource.h 2004-03-02 13:47:47.000000000 -0800
@@ -37,7 +37,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-ia64/resource.h linux-2.6.1-1.138.2.1custom/include/asm-ia64/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-ia64/resource.h 2004-01-08 22:59:55.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-ia64/resource.h 2004-03-02 13:48:07.000000000 -0800
@@ -42,7 +42,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-m68k/resource.h linux-2.6.1-1.138.2.1custom/include/asm-m68k/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-m68k/resource.h 2004-01-08 22:59:05.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-m68k/resource.h 2004-03-02 13:49:18.000000000 -0800
@@ -37,7 +37,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-parisc/resource.h linux-2.6.1-1.138.2.1custom/include/asm-parisc/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-parisc/resource.h 2004-01-08 22:59:46.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-parisc/resource.h 2004-03-02 13:50:30.000000000 -0800
@@ -37,7 +37,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-ppc/resource.h linux-2.6.1-1.138.2.1custom/include/asm-ppc/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-ppc/resource.h 2004-01-08 22:59:26.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-ppc/resource.h 2004-03-02 13:50:57.000000000 -0800
@@ -34,7 +34,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-ppc64/resource.h linux-2.6.1-1.138.2.1custom/include/asm-ppc64/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-ppc64/resource.h 2004-01-08 22:59:46.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-ppc64/resource.h 2004-03-02 13:50:44.000000000 -0800
@@ -43,7 +43,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-s390/resource.h linux-2.6.1-1.138.2.1custom/include/asm-s390/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-s390/resource.h 2004-01-08 22:59:19.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-s390/resource.h 2004-03-02 13:51:12.000000000 -0800
@@ -45,7 +45,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-sh/resource.h linux-2.6.1-1.138.2.1custom/include/asm-sh/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-sh/resource.h 2004-01-08 22:59:45.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-sh/resource.h 2004-03-02 13:51:38.000000000 -0800
@@ -37,7 +37,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-sparc/resource.h linux-2.6.1-1.138.2.1custom/include/asm-sparc/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-sparc/resource.h 2004-01-08 22:59:09.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-sparc/resource.h 2004-03-02 13:52:06.000000000 -0800
@@ -42,7 +42,7 @@
{ 0, RLIM_INFINITY}, \
{RLIM_INFINITY, RLIM_INFINITY}, \
{INR_OPEN, INR_OPEN}, {0, 0}, \
- {RLIM_INFINITY, RLIM_INFINITY}, \
+ {0, 0}, \
{RLIM_INFINITY, RLIM_INFINITY}, \
{RLIM_INFINITY, RLIM_INFINITY} \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-sparc64/resource.h linux-2.6.1-1.138.2.1custom/include/asm-sparc64/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-sparc64/resource.h 2004-01-08 22:59:06.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-sparc64/resource.h 2004-03-02 13:51:58.000000000 -0800
@@ -41,7 +41,7 @@
{ 0, RLIM_INFINITY}, \
{RLIM_INFINITY, RLIM_INFINITY}, \
{INR_OPEN, INR_OPEN}, {0, 0}, \
- {RLIM_INFINITY, RLIM_INFINITY}, \
+ {0, 0 }, \
{RLIM_INFINITY, RLIM_INFINITY}, \
{RLIM_INFINITY, RLIM_INFINITY} \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-v850/resource.h linux-2.6.1-1.138.2.1custom/include/asm-v850/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-v850/resource.h 2004-01-08 22:59:06.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-v850/resource.h 2004-03-02 13:52:59.000000000 -0800
@@ -37,7 +37,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/include/asm-x86_64/resource.h linux-2.6.1-1.138.2.1custom/include/asm-x86_64/resource.h
--- linux-2.6.1-1.138.2.1/include/asm-x86_64/resource.h 2004-01-08 22:59:47.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/include/asm-x86_64/resource.h 2004-03-02 13:53:10.000000000 -0800
@@ -37,7 +37,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { RLIM_INFINITY, RLIM_INFINITY }, \
+ { 0, 0 }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
}
diff -urN linux-2.6.1-1.138.2.1/ipc/shm.c linux-2.6.1-1.138.2.1custom/ipc/shm.c
--- linux-2.6.1-1.138.2.1/ipc/shm.c 2004-01-08 22:59:34.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/ipc/shm.c 2004-03-02 13:57:21.000000000 -0800
@@ -502,14 +502,11 @@
case SHM_LOCK:
case SHM_UNLOCK:
{
-/* Allow superuser to lock segment in memory */
-/* Should the pages be faulted in here or leave it to user? */
-/* need to determine interaction with current->swappable */
- if (!capable(CAP_IPC_LOCK)) {
+ /* Allow superuser to lock segment in memory */
+ if (!can_do_mlock()) {
err = -EPERM;
goto out;
}
-
shp = shm_lock(shmid);
if(shp==NULL) {
err = -EINVAL;
@@ -524,9 +521,11 @@
goto out_unlock;

if(cmd==SHM_LOCK) {
- if (!is_file_hugepages(shp->shm_file))
- shmem_lock(shp->shm_file, 1);
- shp->shm_flags |= SHM_LOCKED;
+ if (!is_file_hugepages(shp->shm_file)) {
+ err = shmem_lock(shp->shm_file, 1);
+ if (!err)
+ shp->shm_flags |= SHM_LOCKED;
+ }
} else {
if (!is_file_hugepages(shp->shm_file))
shmem_lock(shp->shm_file, 0);
diff -urN linux-2.6.1-1.138.2.1/ipc/util.c linux-2.6.1-1.138.2.1custom/ipc/util.c
--- linux-2.6.1-1.138.2.1/ipc/util.c 2004-01-08 22:59:26.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/ipc/util.c 2004-03-02 15:03:08.000000000 -0800
@@ -377,8 +377,11 @@
granted_mode >>= 3;
/* is there some bit set in requested_mode but not in granted_mode? */
if ((requested_mode & ~granted_mode & 0007) &&
- !capable(CAP_IPC_OWNER))
- return -1;
+ !capable(CAP_IPC_OWNER)) {
+ if (!can_do_mlock()) {
+ return -1;
+ }
+ }

return security_ipc_permission(ipcp, flag);
}
diff -urN linux-2.6.1-1.138.2.1/mm/mlock.c linux-2.6.1-1.138.2.1custom/mm/mlock.c
--- linux-2.6.1-1.138.2.1/mm/mlock.c 2004-01-08 22:59:07.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/mm/mlock.c 2004-02-24 14:19:53.000000000 -0800
@@ -57,7 +57,7 @@
struct vm_area_struct * vma, * next;
int error;

- if (on && !capable(CAP_IPC_LOCK))
+ if (on && !can_do_mlock())
return -EPERM;
len = PAGE_ALIGN(len);
end = start + len;
@@ -139,7 +139,7 @@
unsigned int def_flags;
struct vm_area_struct * vma;

- if (!capable(CAP_IPC_LOCK))
+ if (!can_do_mlock())
return -EPERM;

def_flags = 0;
diff -urN linux-2.6.1-1.138.2.1/mm/mmap.c linux-2.6.1-1.138.2.1custom/mm/mmap.c
--- linux-2.6.1-1.138.2.1/mm/mmap.c 2004-01-30 15:15:50.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/mm/mmap.c 2004-02-24 14:26:15.000000000 -0800
@@ -519,15 +519,17 @@
mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;

if (flags & MAP_LOCKED) {
- if (!capable(CAP_IPC_LOCK))
+ if (!can_do_mlock())
return -EPERM;
vm_flags |= VM_LOCKED;
}
/* mlock MCL_FUTURE? */
if (vm_flags & VM_LOCKED) {
- unsigned long locked = mm->locked_vm << PAGE_SHIFT;
+ unsigned long locked, lock_limit;
+ locked = mm->locked_vm << PAGE_SHIFT;
+ lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur;
locked += len;
- if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
+ if (locked > lock_limit && !capable(CAP_IPC_LOCK))
return -EAGAIN;
}

@@ -1360,9 +1362,11 @@
* mlock MCL_FUTURE?
*/
if (mm->def_flags & VM_LOCKED) {
- unsigned long locked = mm->locked_vm << PAGE_SHIFT;
+ unsigned long locked, lock_limit;
+ locked = mm->locked_vm << PAGE_SHIFT;
+ lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur;
locked += len;
- if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
+ if (locked > lock_limit && !capable(CAP_IPC_LOCK))
return -EAGAIN;
}

diff -urN linux-2.6.1-1.138.2.1/mm/mremap.c linux-2.6.1-1.138.2.1custom/mm/mremap.c
--- linux-2.6.1-1.138.2.1/mm/mremap.c 2004-01-30 15:15:50.000000000 -0800
+++ linux-2.6.1-1.138.2.1custom/mm/mremap.c 2004-02-24 14:28:06.000000000 -0800
@@ -377,10 +377,12 @@
goto out;
}
if (vma->vm_flags & VM_LOCKED) {
- unsigned long locked = current->mm->locked_vm << PAGE_SHIFT;
+ unsigned long locked, lock_limit;
+ locked = current->mm->locked_vm << PAGE_SHIFT;
+ lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur;
locked += new_len - old_len;
ret = -EAGAIN;
- if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
+ if (locked > lock_limit && !capable(CAP_IPC_LOCK))
goto out;
}
ret = -ENOMEM;
diff -urNp linux-530/mm/shmem.c linux-550/mm/shmem.c
--- linux-530/mm/shmem.c
+++ linux-550/mm/shmem.c
@@ -1161,17 +1161,36 @@ shmem_get_policy(struct vm_area_struct *
}
#endif

-void shmem_lock(struct file *file, int lock)
+int shmem_lock(struct file *file, int lock)
{
struct inode *inode = file->f_dentry->d_inode;
struct shmem_inode_info *info = SHMEM_I(inode);
+ struct mm_struct *mm = current->mm;
+ unsigned long lock_limit, locked;
+ int retval = -ENOMEM;

spin_lock(&info->lock);
+ if (lock && !(info->flags & VM_LOCKED)) {
+ locked = inode->i_size >> PAGE_SHIFT;
+ locked += mm->locked_vm;
+ lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur;
+ lock_limit >>= PAGE_SHIFT;
+ if ((locked > lock_limit) && !capable(CAP_IPC_LOCK))
+ goto out_nomem;
+ mm->locked_vm = locked;
+ }
+ if (!lock && (info->flags & VM_LOCKED) && mm) {
+ locked = inode->i_size >> PAGE_SHIFT;
+ mm->locked_vm -= locked;
+ }
if (lock)
info->flags |= VM_LOCKED;
else
info->flags &= ~VM_LOCKED;
+ retval = 0;
+out_nomem:
spin_unlock(&info->lock);
+ return retval;
}

static int shmem_mmap(struct file *file, struct vm_area_struct *vma)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jens Axboe: "Re: ide errors in 7-rc1-mm1 and later"
Previous message: William Lee Irwin III: "Re: [PATCH] cpumask 5/10 rewrite cpumask.h - single bitmap based implementation"
Next in thread: Arjan van de Ven: "Re: mlock as non-root: use rlimits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]