struct vm_area_struct * vma, * next;
int error;
- if (on && !capable(CAP_IPC_LOCK))
- return -EPERM;
len = PAGE_ALIGN(len);
end = start + len;
if (end < start)
unsigned long lock_limit;
int error = -ENOMEM;
+ if (!can_do_mlock())
+ return -EPERM;
+
down_write(¤t->mm->mmap_sem);
len = PAGE_ALIGN(len + (start & ~PAGE_MASK));
start &= PAGE_MASK;
lock_limit >>= PAGE_SHIFT;
/* check against resource limits */
- if (locked <= lock_limit)
+ if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
error = do_mlock(start, len, 1);
out:
up_write(¤t->mm->mmap_sem);
static int do_mlockall(int flags)
{
- int error;
- unsigned int def_flags;
struct vm_area_struct * vma;
+ unsigned int def_flags = 0;
- if (!capable(CAP_IPC_LOCK))
- return -EPERM;
-
- def_flags = 0;
if (flags & MCL_FUTURE)
def_flags = VM_LOCKED;
current->mm->def_flags = def_flags;
+ if (flags == MCL_FUTURE)
+ goto out;
- error = 0;
for (vma = current->mm->mmap; vma ; vma = vma->vm_next) {
unsigned int newflags;
/* Ignore errors */
mlock_fixup(vma, vma->vm_start, vma->vm_end, newflags);
}
- return error;
+out:
+ return 0;
}
asmlinkage long sys_mlockall(int flags)
unsigned long lock_limit;
int ret = -EINVAL;
- down_write(¤t->mm->mmap_sem);
if (!flags || (flags & ~(MCL_CURRENT | MCL_FUTURE)))
goto out;
+ ret = -EPERM;
+ if (!can_do_mlock())
+ goto out;
+
+ down_write(¤t->mm->mmap_sem);
+
lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur;
lock_limit >>= PAGE_SHIFT;
ret = -ENOMEM;
if (!vx_vmlocked_avail(current->mm, current->mm->total_vm))
goto out;
- if (current->mm->total_vm <= lock_limit)
+ if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
+ capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
-out:
up_write(¤t->mm->mmap_sem);
+out:
return ret;
}
up_write(¤t->mm->mmap_sem);
return ret;
}
+
+/*
+ * Objects with different lifetime than processes (SHM_LOCK and SHM_HUGETLB
+ * shm segments) get accounted against the user_struct instead.
+ */
+static spinlock_t shmlock_user_lock = SPIN_LOCK_UNLOCKED;
+
+int user_shm_lock(size_t size, struct user_struct *user)
+{
+ unsigned long lock_limit, locked;
+ int allowed = 0;
+
+ spin_lock(&shmlock_user_lock);
+ locked = size >> PAGE_SHIFT;
+ lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur;
+ lock_limit >>= PAGE_SHIFT;
+ if (locked + user->locked_shm > lock_limit && !capable(CAP_IPC_LOCK))
+ goto out;
+ get_uid(user);
+ user->locked_shm += locked;
+ allowed = 1;
+out:
+ spin_unlock(&shmlock_user_lock);
+ return allowed;
+}
+
+void user_shm_unlock(size_t size, struct user_struct *user)
+{
+ spin_lock(&shmlock_user_lock);
+ user->locked_shm -= (size >> PAGE_SHIFT);
+ spin_unlock(&shmlock_user_lock);
+ free_uid(user);
+}