From: Rik van Riel Here is the last agreed-on patch that lets normal users mlock pages up to their rlimit. This patch addresses all the issues brought up by Chris and Andrea. Signed-off-by: Rik van Riel DESC mlock-as-user fixes EDESC From: Chris Wright Couple more nits. The default lockable amount is one page now (first patch is was 0). Why don't we keep it as 0, with the CAP_IPC_LOCK overrides in place? That way nothing is changed from user perspective, and the rest of the policy can be done by userspace as it should. This patch breaks in one scenario. When ulimit == 0, process has CAP_IPC_LOCK, and does SHM_LOCK. The subsequent unlock or destroy will corrupt the locked_shm count. It's also inconsistent in handling user_can_mlock/CAP_IPC_LOCK interaction betwen shm_lock and shm_hugetlb. SHM_HUGETLB can now only be done by the shm_group or CAP_IPC_LOCK. Not any can_do_mlock() user. Double check of can_do_mlock isn't needed in SHM_LOCK path. Interface names user_can_mlock and user_substract_mlock could be better. Incremental update below. Ran some simple sanity tests on this plus my patch below and didn't find any problems. * Make default RLIM_MEMLOCK limit 0. * Move CAP_IPC_LOCK check into user_can_mlock to be consistent and fix but with ulimit == 0 && CAP_IPC_LOCK with SHM_LOCK. * Allow can_do_mlock() user to try SHM_HUGETLB setup. * Remove unecessary extra can_do_mlock() test in shmem_lock(). * Rename user_can_mlock to user_shm_lock and user_subtract_mlock to user_shm_unlock. * Use user instead of current->user to fit in 80 cols on SHM_LOCK. Signed-off-by: Andrew Morton --- 25-akpm/fs/hugetlbfs/inode.c | 12 +++++++-- 25-akpm/include/asm-alpha/resource.h | 2 - 25-akpm/include/asm-arm/resource.h | 2 - 25-akpm/include/asm-arm26/resource.h | 2 - 25-akpm/include/asm-cris/resource.h | 2 - 25-akpm/include/asm-h8300/resource.h | 2 - 25-akpm/include/asm-i386/resource.h | 2 - 25-akpm/include/asm-ia64/resource.h | 2 - 25-akpm/include/asm-m68k/resource.h | 2 - 25-akpm/include/asm-parisc/resource.h | 2 - 25-akpm/include/asm-ppc/resource.h | 2 - 25-akpm/include/asm-ppc64/resource.h | 2 - 25-akpm/include/asm-s390/resource.h | 2 - 25-akpm/include/asm-sh/resource.h | 2 - 25-akpm/include/asm-sparc/resource.h | 2 - 25-akpm/include/asm-sparc64/resource.h | 2 - 25-akpm/include/asm-v850/resource.h | 2 - 25-akpm/include/asm-x86_64/resource.h | 2 - 25-akpm/include/linux/mm.h | 13 +++++++++- 25-akpm/include/linux/sched.h | 1 25-akpm/include/linux/shm.h | 1 25-akpm/ipc/shm.c | 36 +++++++++++++++++----------- 25-akpm/kernel/user.c | 4 ++- 25-akpm/mm/mlock.c | 41 +++++++++++++++++++++++++++++---- 25-akpm/mm/mmap.c | 14 +++++++---- 25-akpm/mm/mremap.c | 6 +++- 25-akpm/mm/shmem.c | 15 +++++++++--- 27 files changed, 127 insertions(+), 50 deletions(-) diff -puN fs/hugetlbfs/inode.c~mlock-as-user-for-268-rc2-mm2 fs/hugetlbfs/inode.c --- 25/fs/hugetlbfs/inode.c~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/fs/hugetlbfs/inode.c Mon Aug 16 16:23:19 2004 @@ -734,12 +734,13 @@ static unsigned long hugetlbfs_counter(v static int can_do_hugetlb_shm(void) { return likely(capable(CAP_IPC_LOCK) || - in_group_p(sysctl_hugetlb_shm_group)); + in_group_p(sysctl_hugetlb_shm_group) || + can_do_mlock()); } struct file *hugetlb_zero_setup(size_t size) { - int error; + int error = -ENOMEM; struct file *file; struct inode *inode; struct dentry *dentry, *root; @@ -752,6 +753,9 @@ struct file *hugetlb_zero_setup(size_t s if (!is_hugepage_mem_enough(size)) return ERR_PTR(-ENOMEM); + if (!user_shm_lock(size, current->user)) + return ERR_PTR(-ENOMEM); + root = hugetlbfs_vfsmount->mnt_root; snprintf(buf, 16, "%lu", hugetlbfs_counter()); quick_string.name = buf; @@ -759,7 +763,7 @@ struct file *hugetlb_zero_setup(size_t s quick_string.hash = 0; dentry = d_alloc(root, &quick_string); if (!dentry) - return ERR_PTR(-ENOMEM); + goto out_shm_unlock; error = -ENFILE; file = get_empty_filp(); @@ -786,6 +790,8 @@ out_file: put_filp(file); out_dentry: dput(dentry); +out_shm_unlock: + user_shm_unlock(size, current->user); return ERR_PTR(error); } diff -puN include/asm-alpha/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-alpha/resource.h --- 25/include/asm-alpha/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-alpha/resource.h Mon Aug 16 16:23:19 2004 @@ -41,7 +41,7 @@ {INR_OPEN, INR_OPEN}, /* RLIMIT_NOFILE */ \ {LONG_MAX, LONG_MAX}, /* RLIMIT_AS */ \ {LONG_MAX, LONG_MAX}, /* RLIMIT_NPROC */ \ - {LONG_MAX, LONG_MAX}, /* RLIMIT_MEMLOCK */ \ + {0, 0 }, /* RLIMIT_MEMLOCK */ \ {LONG_MAX, LONG_MAX}, /* RLIMIT_LOCKS */ \ {MAX_SIGPENDING, MAX_SIGPENDING}, /* RLIMIT_SIGPENDING */ \ {MQ_BYTES_MAX, MQ_BYTES_MAX}, /* RLIMIT_MSGQUEUE */ \ diff -puN include/asm-arm26/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-arm26/resource.h --- 25/include/asm-arm26/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-arm26/resource.h Mon Aug 16 16:23:19 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING}, \ diff -puN include/asm-arm/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-arm/resource.h --- 25/include/asm-arm/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-arm/resource.h Mon Aug 16 16:23:19 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING}, \ diff -puN include/asm-cris/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-cris/resource.h --- 25/include/asm-cris/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-cris/resource.h Mon Aug 16 16:23:19 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-h8300/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-h8300/resource.h --- 25/include/asm-h8300/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-h8300/resource.h Mon Aug 16 16:23:19 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-i386/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-i386/resource.h --- 25/include/asm-i386/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-i386/resource.h Mon Aug 16 16:23:19 2004 @@ -40,7 +40,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-ia64/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-ia64/resource.h --- 25/include/asm-ia64/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-ia64/resource.h Mon Aug 16 16:23:19 2004 @@ -46,7 +46,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-m68k/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-m68k/resource.h --- 25/include/asm-m68k/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-m68k/resource.h Mon Aug 16 16:23:19 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-parisc/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-parisc/resource.h --- 25/include/asm-parisc/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-parisc/resource.h Mon Aug 16 16:23:19 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-ppc64/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-ppc64/resource.h --- 25/include/asm-ppc64/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-ppc64/resource.h Mon Aug 16 16:23:19 2004 @@ -45,7 +45,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-ppc/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-ppc/resource.h --- 25/include/asm-ppc/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-ppc/resource.h Mon Aug 16 16:23:19 2004 @@ -36,7 +36,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-s390/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-s390/resource.h --- 25/include/asm-s390/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-s390/resource.h Mon Aug 16 16:23:19 2004 @@ -47,7 +47,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-sh/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-sh/resource.h --- 25/include/asm-sh/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-sh/resource.h Mon Aug 16 16:23:19 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-sparc64/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-sparc64/resource.h --- 25/include/asm-sparc64/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-sparc64/resource.h Mon Aug 16 16:23:19 2004 @@ -43,7 +43,7 @@ { 0, RLIM_INFINITY}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {INR_OPEN, INR_OPEN}, {0, 0}, \ - {RLIM_INFINITY, RLIM_INFINITY}, \ + {0, 0 }, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {MAX_SIGPENDING, MAX_SIGPENDING}, \ diff -puN include/asm-sparc/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-sparc/resource.h --- 25/include/asm-sparc/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-sparc/resource.h Mon Aug 16 16:23:19 2004 @@ -44,7 +44,7 @@ { 0, RLIM_INFINITY}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {INR_OPEN, INR_OPEN}, {0, 0}, \ - {RLIM_INFINITY, RLIM_INFINITY}, \ + {0, 0}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {MAX_SIGPENDING, MAX_SIGPENDING}, \ diff -puN include/asm-v850/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-v850/resource.h --- 25/include/asm-v850/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-v850/resource.h Mon Aug 16 16:23:19 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-x86_64/resource.h~mlock-as-user-for-268-rc2-mm2 include/asm-x86_64/resource.h --- 25/include/asm-x86_64/resource.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/asm-x86_64/resource.h Mon Aug 16 16:23:19 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { RLIM_INFINITY, RLIM_INFINITY }, \ + { 0, 0 }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/linux/mm.h~mlock-as-user-for-268-rc2-mm2 include/linux/mm.h --- 25/include/linux/mm.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/linux/mm.h Mon Aug 16 16:23:19 2004 @@ -502,9 +502,20 @@ int shmem_set_policy(struct vm_area_stru struct mempolicy *shmem_get_policy(struct vm_area_struct *vma, unsigned long addr); struct file *shmem_file_setup(char * name, loff_t size, unsigned long flags); -void shmem_lock(struct file * file, int lock); +int shmem_lock(struct file *file, int lock, struct user_struct *user); int shmem_zero_setup(struct vm_area_struct *); +static inline int can_do_mlock(void) +{ + if (capable(CAP_IPC_LOCK)) + return 1; + if (current->rlim[RLIMIT_MEMLOCK].rlim_cur != 0) + return 1; + return 0; +} +extern int user_shm_lock(size_t, struct user_struct *); +extern void user_shm_unlock(size_t, struct user_struct *); + /* * Parameter block passed down to zap_pte_range in exceptional cases. */ diff -puN include/linux/sched.h~mlock-as-user-for-268-rc2-mm2 include/linux/sched.h --- 25/include/linux/sched.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/linux/sched.h Mon Aug 16 16:23:12 2004 @@ -332,6 +332,7 @@ struct user_struct { atomic_t sigpending; /* How many pending signals does this user have? */ /* protected by mq_lock */ unsigned long mq_bytes; /* How many bytes can be allocated to mqueue? */ + unsigned long locked_shm; /* How many pages of mlocked shm ? */ /* Hash table maintenance information */ struct list_head uidhash_list; diff -puN include/linux/shm.h~mlock-as-user-for-268-rc2-mm2 include/linux/shm.h --- 25/include/linux/shm.h~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/include/linux/shm.h Mon Aug 16 16:23:12 2004 @@ -84,6 +84,7 @@ struct shmid_kernel /* private to the ke time_t shm_ctim; pid_t shm_cprid; pid_t shm_lprid; + struct user_struct *mlock_user; }; /* shm_mode upper byte flags */ diff -puN ipc/shm.c~mlock-as-user-for-268-rc2-mm2 ipc/shm.c --- 25/ipc/shm.c~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/ipc/shm.c Mon Aug 16 16:23:19 2004 @@ -114,7 +114,10 @@ static void shm_destroy (struct shmid_ke shm_rmid (shp->id); shm_unlock(shp); if (!is_file_hugepages(shp->shm_file)) - shmem_lock(shp->shm_file, 0); + shmem_lock(shp->shm_file, 0, shp->mlock_user); + else + user_shm_unlock(shp->shm_file->f_dentry->d_inode->i_size, + shp->mlock_user); fput (shp->shm_file); security_shm_free(shp); ipc_rcu_putref(shp); @@ -190,6 +193,7 @@ static int newseg (key_t key, int shmflg shp->shm_perm.key = key; shp->shm_flags = (shmflg & S_IRWXUGO); + shp->mlock_user = NULL; shp->shm_perm.security = NULL; error = security_shm_alloc(shp); @@ -198,9 +202,11 @@ static int newseg (key_t key, int shmflg return error; } - if (shmflg & SHM_HUGETLB) + if (shmflg & SHM_HUGETLB) { + /* hugetlb_zero_setup takes care of mlock user accounting */ file = hugetlb_zero_setup(size); - else { + shp->mlock_user = current->user; + } else { sprintf (name, "SYSV%08x", key); file = shmem_file_setup(name, size, VM_ACCOUNT); } @@ -504,14 +510,11 @@ asmlinkage long sys_shmctl (int shmid, i case SHM_LOCK: case SHM_UNLOCK: { -/* Allow superuser to lock segment in memory */ -/* Should the pages be faulted in here or leave it to user? */ -/* need to determine interaction with current->swappable */ - if (!capable(CAP_IPC_LOCK)) { + /* Allow superuser to lock segment in memory */ + if (!can_do_mlock() && cmd == SHM_LOCK) { err = -EPERM; goto out; } - shp = shm_lock(shmid); if(shp==NULL) { err = -EINVAL; @@ -526,13 +529,18 @@ asmlinkage long sys_shmctl (int shmid, i goto out_unlock; if(cmd==SHM_LOCK) { - if (!is_file_hugepages(shp->shm_file)) - shmem_lock(shp->shm_file, 1); - shp->shm_flags |= SHM_LOCKED; - } else { - if (!is_file_hugepages(shp->shm_file)) - shmem_lock(shp->shm_file, 0); + struct user_struct * user = current->user; + if (!is_file_hugepages(shp->shm_file)) { + err = shmem_lock(shp->shm_file, 1, user); + if (!err) { + shp->shm_flags |= SHM_LOCKED; + shp->mlock_user = user; + } + } + } else if (!is_file_hugepages(shp->shm_file)) { + shmem_lock(shp->shm_file, 0, shp->mlock_user); shp->shm_flags &= ~SHM_LOCKED; + shp->mlock_user = NULL; } shm_unlock(shp); goto out; diff -puN kernel/user.c~mlock-as-user-for-268-rc2-mm2 kernel/user.c --- 25/kernel/user.c~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/kernel/user.c Mon Aug 16 16:23:12 2004 @@ -32,7 +32,8 @@ struct user_struct root_user = { .processes = ATOMIC_INIT(1), .files = ATOMIC_INIT(0), .sigpending = ATOMIC_INIT(0), - .mq_bytes = 0 + .mq_bytes = 0, + .locked_shm = 0, }; /* @@ -113,6 +114,7 @@ struct user_struct * alloc_uid(uid_t uid atomic_set(&new->sigpending, 0); new->mq_bytes = 0; + new->locked_shm = 0; /* * Before adding this, check whether we raced diff -puN mm/mlock.c~mlock-as-user-for-268-rc2-mm2 mm/mlock.c --- 25/mm/mlock.c~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/mm/mlock.c Mon Aug 16 16:23:19 2004 @@ -60,7 +60,7 @@ static int do_mlock(unsigned long start, struct vm_area_struct * vma, * next; int error; - if (on && !capable(CAP_IPC_LOCK)) + if (on && !can_do_mlock()) return -EPERM; len = PAGE_ALIGN(len); end = start + len; @@ -118,7 +118,7 @@ asmlinkage long sys_mlock(unsigned long lock_limit >>= PAGE_SHIFT; /* check against resource limits */ - if (locked <= lock_limit) + if ( (locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); up_write(¤t->mm->mmap_sem); return error; @@ -142,7 +142,7 @@ static int do_mlockall(int flags) unsigned int def_flags; struct vm_area_struct * vma; - if (!capable(CAP_IPC_LOCK)) + if (!can_do_mlock()) return -EPERM; def_flags = 0; @@ -177,7 +177,7 @@ asmlinkage long sys_mlockall(int flags) lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; - if (current->mm->total_vm <= lock_limit) + if ((current->mm->total_vm <= lock_limit) || capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); out: up_write(¤t->mm->mmap_sem); @@ -193,3 +193,36 @@ asmlinkage long sys_munlockall(void) up_write(¤t->mm->mmap_sem); return ret; } + +/* + * Objects with different lifetime than processes (SHM_LOCK and SHM_HUGETLB + * shm segments) get accounted against the user_struct instead. + */ +static spinlock_t shmlock_user_lock = SPIN_LOCK_UNLOCKED; + +int user_shm_lock(size_t size, struct user_struct *user) +{ + unsigned long lock_limit, locked; + int allowed = 0; + + spin_lock(&shmlock_user_lock); + locked = size >> PAGE_SHIFT; + lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur; + lock_limit >>= PAGE_SHIFT; + if (locked + user->locked_shm > lock_limit && !capable(CAP_IPC_LOCK)) + goto out; + get_uid(user); + user->locked_shm += locked; + allowed = 1; +out: + spin_unlock(&shmlock_user_lock); + return allowed; +} + +void user_shm_unlock(size_t size, struct user_struct *user) +{ + spin_lock(&shmlock_user_lock); + user->locked_shm -= (size >> PAGE_SHIFT); + spin_unlock(&shmlock_user_lock); + free_uid(user); +} diff -puN mm/mmap.c~mlock-as-user-for-268-rc2-mm2 mm/mmap.c --- 25/mm/mmap.c~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/mm/mmap.c Mon Aug 16 16:23:12 2004 @@ -797,15 +797,17 @@ unsigned long do_mmap_pgoff(struct file mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; if (flags & MAP_LOCKED) { - if (!capable(CAP_IPC_LOCK)) + if (!can_do_mlock()) return -EPERM; vm_flags |= VM_LOCKED; } /* mlock MCL_FUTURE? */ if (vm_flags & VM_LOCKED) { - unsigned long locked = mm->locked_vm << PAGE_SHIFT; + unsigned long locked, lock_limit; + locked = mm->locked_vm << PAGE_SHIFT; + lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur; locked += len; - if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur) + if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } @@ -1724,9 +1726,11 @@ unsigned long do_brk(unsigned long addr, * mlock MCL_FUTURE? */ if (mm->def_flags & VM_LOCKED) { - unsigned long locked = mm->locked_vm << PAGE_SHIFT; + unsigned long locked, lock_limit; + locked = mm->locked_vm << PAGE_SHIFT; + lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur; locked += len; - if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur) + if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } diff -puN mm/mremap.c~mlock-as-user-for-268-rc2-mm2 mm/mremap.c --- 25/mm/mremap.c~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/mm/mremap.c Mon Aug 16 16:23:12 2004 @@ -324,10 +324,12 @@ unsigned long do_mremap(unsigned long ad goto out; } if (vma->vm_flags & VM_LOCKED) { - unsigned long locked = current->mm->locked_vm << PAGE_SHIFT; + unsigned long locked, lock_limit; + locked = current->mm->locked_vm << PAGE_SHIFT; + lock_limit = current->rlim[RLIMIT_MEMLOCK].rlim_cur; locked += new_len - old_len; ret = -EAGAIN; - if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur) + if (locked > lock_limit && !capable(CAP_IPC_LOCK)) goto out; } ret = -ENOMEM; diff -puN mm/shmem.c~mlock-as-user-for-268-rc2-mm2 mm/shmem.c --- 25/mm/shmem.c~mlock-as-user-for-268-rc2-mm2 Mon Aug 16 16:23:12 2004 +++ 25-akpm/mm/shmem.c Mon Aug 16 16:23:19 2004 @@ -1151,17 +1151,26 @@ shmem_get_policy(struct vm_area_struct * } #endif -void shmem_lock(struct file *file, int lock) +int shmem_lock(struct file *file, int lock, struct user_struct *user) { struct inode *inode = file->f_dentry->d_inode; struct shmem_inode_info *info = SHMEM_I(inode); + int retval = -ENOMEM; spin_lock(&info->lock); - if (lock) + if (lock && !(info->flags & VM_LOCKED)) { + if (!user_shm_lock(inode->i_size, user)) + goto out_nomem; info->flags |= VM_LOCKED; - else + } + if (!lock && (info->flags & VM_LOCKED) && user) { + user_shm_unlock(inode->i_size, user); info->flags &= ~VM_LOCKED; + } + retval = 0; +out_nomem: spin_unlock(&info->lock); + return retval; } static int shmem_mmap(struct file *file, struct vm_area_struct *vma) _