Hi Wli,
I tested your patch. But that is not solving the problem.
If the code change to user_shm_lock() is not a good solution, could
you please suggest a method so that the normal user is able to allocate
the huge pages, if his gid is added to /proc/sys/vm/hugetlb_shm_group
Thanks
Ciju
William Lee Irwin III wrote:
On Wed, Nov 14, 2007 at 09:31:41AM -0600, aglitke wrote:
... if the user's locked limit (ulimit -l) is set to unlimited, allowed
(above) is set to 1. In that case, the second part of that if() is
bypassed, and the function grants permission. Therefore, the easy
solution is to make sure your user's lock_limit is RLIM_INFINITY.
This function deserves a minor cleanup and a bit more commenting.
Reading user->locked_shm within shmlock_user_lock would be nice, too.
Maybe something like this (untested, uncompiled) would do.
-- wli
diff --git a/mm/mlock.c b/mm/mlock.c
index 7b26560..5f51792 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -234,6 +234,12 @@ asmlinkage long sys_munlockall(void)
/*
* Objects with different lifetime than processes (SHM_LOCK and SHM_HUGETLB
* shm segments) get accounted against the user_struct instead.
+ * First, user_shm_lock() checks that the user has permission to lock
+ * enough memory; then if so, the locked shm is accounted to the user's
+ * system-wide state. shmlock_user_lock protects the per-user field
+ * tracking how much locked_shm is in use within the struct user_struct.
+ * shmlock_user_lock is taken early to guard the read-only check that
+ * user->locked_shm is in-bounds against updates to user->locked_shm.
*/
static DEFINE_SPINLOCK(shmlock_user_lock);
@@ -242,19 +248,22 @@ int user_shm_lock(size_t size, struct user_struct *user)
unsigned long lock_limit, locked;
int allowed = 0;
+ spin_lock(&shmlock_user_lock);
locked = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
if (lock_limit == RLIM_INFINITY)
allowed = 1;
- lock_limit >>= PAGE_SHIFT;
- spin_lock(&shmlock_user_lock);
- if (!allowed &&
- locked + user->locked_shm > lock_limit && !capable(CAP_IPC_LOCK))
- goto out;
- get_uid(user);
- user->locked_shm += locked;
- allowed = 1;
-out:
+ else {
+ lock_limit >>= PAGE_SHIFT;
+ if (locked + user->locked_shm <= lock_limit)
+ allowed = 1;
+ else if (capable(CAP_IPC_LOCK))
+ allowed = 1;
+ }
+ if (allowed) {
+ get_uid(user);
+ user->locked_shm += locked;
+ }
spin_unlock(&shmlock_user_lock);
return allowed;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
