Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation

Roland Dreier <[email protected]> wrote:
>
>     Andrew> How does the driver detect process exit?
> 
> I already answered earlier but just to be clear: registration goes
> through a character device, and all regions are cleaned up in the
> ->release() of that device.

yup.

> I don't currently have any code accounting against RLIMIT_MEMLOCK or
> testing CAP_FOO, but I have no problem adding whatever is thought
> appropriate.  Userspace also has control over the permissions and
> owner/group of the /dev node.

I guess device node permissions won't be appropriate here, if only because
it sounds like everyone will go and set them to 0666.

RLIMIT_MEMLOCK sounds like the appropriate mechanism.  We cannot rely upon
userspace running mlock(), so perhaps it is appropriate to run sys_mlock()
in-kernel because that gives us the appropriate RLIMIT_MEMLOCK checking.

However an hostile app can just go and run munlock() and then allocate
some more pinned-by-get_user_pages() memory.

umm, how about we

- force the special pages into a separate vma

- run get_user_pages() against it all

- use RLIMIT_MEMLOCK accounting to check whether the user is allowed to
  do this thing

- undo the RMLIMIT_MEMLOCK accounting in ->release

This will all interact with user-initiated mlock/munlock in messy ways. 
Maybe a new kernel-internal vma->vm_flag which works like VM_LOCKED but is
unaffected by mlock/munlock activity is needed.

A bit of generalisation in do_mlock() should suit?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Roland Dreier <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Timur Tabi <[email protected]>

• References:
  • [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Roland Dreier <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Troy Benjegerdes <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Roland Dreier <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Troy Benjegerdes <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Roland Dreier <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Troy Benjegerdes <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Roland Dreier <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Andrew Morton <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Timur Tabi <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Christoph Hellwig <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Timur Tabi <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Andrew Morton <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Roland Dreier <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Andrew Morton <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Roland Dreier <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Andrew Morton <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Timur Tabi <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Andrew Morton <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Roland Dreier <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Andrew Morton <[email protected]>
  • Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
    • From: Roland Dreier <[email protected]>

• Prev by Date: Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
• Next by Date: Re: Re-routing packets via netfilter (ip_rt_bug)
• Previous by thread: Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
• Next by thread: Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]