X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=mm%2Fmlock.c;h=16b3bf844bf7050161355a3891db81a64c947ad1;hb=c7b5ebbddf7bcd3651947760f423e3783bbe6573;hp=861c7a3b084ec00589c0e6e4dab9e07a59047159;hpb=a2c21200f1c81b08cb55e417b68150bba439b646;p=linux-2.6.git diff --git a/mm/mlock.c b/mm/mlock.c index 861c7a3b0..16b3bf844 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -62,8 +62,6 @@ static int do_mlock(unsigned long start, size_t len, int on) struct vm_area_struct * vma, * next; int error; - if (on && !capable(CAP_IPC_LOCK)) - return -EPERM; len = PAGE_ALIGN(len); end = start + len; if (end < start) @@ -109,6 +107,9 @@ asmlinkage long sys_mlock(unsigned long start, size_t len) unsigned long lock_limit; int error = -ENOMEM; + if (!can_do_mlock()) + return -EPERM; + down_write(¤t->mm->mmap_sem); len = PAGE_ALIGN(len + (start & ~PAGE_MASK)); start &= PAGE_MASK; @@ -122,7 +123,7 @@ asmlinkage long sys_mlock(unsigned long start, size_t len) lock_limit >>= PAGE_SHIFT; /* check against resource limits */ - if (locked <= lock_limit) + if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); out: up_write(¤t->mm->mmap_sem); @@ -143,19 +144,15 @@ asmlinkage long sys_munlock(unsigned long start, size_t len) static int do_mlockall(int flags) { - int error; - unsigned int def_flags; struct vm_area_struct * vma; + unsigned int def_flags = 0; - if (!capable(CAP_IPC_LOCK)) - return -EPERM; - - def_flags = 0; if (flags & MCL_FUTURE) def_flags = VM_LOCKED; current->mm->def_flags = def_flags; + if (flags == MCL_FUTURE) + goto out; - error = 0; for (vma = current->mm->mmap; vma ; vma = vma->vm_next) { unsigned int newflags; @@ -166,7 +163,8 @@ static int do_mlockall(int flags) /* Ignore errors */ mlock_fixup(vma, vma->vm_start, vma->vm_end, newflags); } - return error; +out: + return 0; } asmlinkage long sys_mlockall(int flags) @@ -174,20 +172,26 @@ asmlinkage long sys_mlockall(int flags) unsigned long lock_limit; int ret = -EINVAL; - down_write(¤t->mm->mmap_sem); if (!flags || (flags & ~(MCL_CURRENT | MCL_FUTURE))) goto out; + ret = -EPERM; + if (!can_do_mlock()) + goto out; + + down_write(¤t->mm->mmap_sem); + lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur; lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; if (!vx_vmlocked_avail(current->mm, current->mm->total_vm)) goto out; - if (current->mm->total_vm <= lock_limit) + if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) || + capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); -out: up_write(¤t->mm->mmap_sem); +out: return ret; } @@ -200,3 +204,36 @@ asmlinkage long sys_munlockall(void) up_write(¤t->mm->mmap_sem); return ret; } + +/* + * Objects with different lifetime than processes (SHM_LOCK and SHM_HUGETLB + * shm segments) get accounted against the user_struct instead. + */ +static spinlock_t shmlock_user_lock = SPIN_LOCK_UNLOCKED; + +int user_shm_lock(size_t size, struct user_struct *user) +{ + unsigned long lock_limit, locked; + int allowed = 0; + + spin_lock(&shmlock_user_lock); + locked = size >> PAGE_SHIFT; + lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur; + lock_limit >>= PAGE_SHIFT; + if (locked + user->locked_shm > lock_limit && !capable(CAP_IPC_LOCK)) + goto out; + get_uid(user); + user->locked_shm += locked; + allowed = 1; +out: + spin_unlock(&shmlock_user_lock); + return allowed; +} + +void user_shm_unlock(size_t size, struct user_struct *user) +{ + spin_lock(&shmlock_user_lock); + user->locked_shm -= (size >> PAGE_SHIFT); + spin_unlock(&shmlock_user_lock); + free_uid(user); +}