Date: Tue, 28 Aug 2012 20:37:05 +0400 From: Andrey Zonov <zont@FreeBSD.org> To: freebsd-arch@freebsd.org Subject: [patch] unprivileged mlock(2) Message-ID: <503CF3B1.3050604@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig936FD783B61C3D5F55FA814F Content-Type: multipart/mixed; boundary="------------080705060908010301070308" This is a multi-part message in MIME format. --------------080705060908010301070308 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, We've got RLIMIT_MEMLOCK for years, but this limit is useless, because only root may call mlock(2), and root may raise any limits. I suggest patch that allows to call mlock(2) for unprivileged users. Are there any objections to got it in tree? --=20 Andrey Zonov --------------080705060908010301070308 Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0"; name="mlock.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="mlock.patch" - Allow non-root users to call mlock(2)/munlock(2) and mlockall(2)/munlockall(2). Now RLIMIT_MEMLOCK makes sense. - Add sysctl security.bsd.unprivileged_mlock to deny ability of calling mlock(2) to non-root users. Approved by: kib (mentor) MFC after: 2 weeks Index: sys/vm/vm_mmap.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sys/vm/vm_mmap.c (revision 239772) +++ sys/vm/vm_mmap.c (working copy) @@ -1015,6 +1015,10 @@ done2: return (error); } =20 +static int unprivileged_mlock =3D 1; +SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_mlock, CTLFLAG_RW, + &unprivileged_mlock, 0, "Unprivileged processes may lock the memory"= ); + #ifndef _SYS_SYSPROTO_H_ struct mlock_args { const void *addr; @@ -1035,9 +1039,11 @@ sys_mlock(td, uap) unsigned long nsize; int error; =20 - error =3D priv_check(td, PRIV_VM_MLOCK); - if (error) - return (error); + if (!unprivileged_mlock) { + error =3D priv_check(td, PRIV_VM_MLOCK); + if (error) + return (error); + } addr =3D (vm_offset_t)uap->addr; size =3D uap->len; last =3D addr + size; @@ -1114,9 +1120,11 @@ sys_mlockall(td, uap) } PROC_UNLOCK(td->td_proc); #else - error =3D priv_check(td, PRIV_VM_MLOCK); - if (error) - return (error); + if (!unprivileged_mlock) { + error =3D priv_check(td, PRIV_VM_MLOCK); + if (error) + return (error); + } #endif #ifdef RACCT PROC_LOCK(td->td_proc); @@ -1174,9 +1182,11 @@ sys_munlockall(td, uap) int error; =20 map =3D &td->td_proc->p_vmspace->vm_map; - error =3D priv_check(td, PRIV_VM_MUNLOCK); - if (error) - return (error); + if (!unprivileged_mlock) { + error =3D priv_check(td, PRIV_VM_MUNLOCK); + if (error) + return (error); + } =20 /* Clear the MAP_WIREFUTURE flag from this vm_map. */ vm_map_lock(map); @@ -1215,9 +1225,11 @@ sys_munlock(td, uap) vm_size_t size; int error; =20 - error =3D priv_check(td, PRIV_VM_MUNLOCK); - if (error) - return (error); + if (!unprivileged_mlock) { + error =3D priv_check(td, PRIV_VM_MUNLOCK); + if (error) + return (error); + } addr =3D (vm_offset_t)uap->addr; size =3D uap->len; last =3D addr + size; Index: lib/libc/sys/mlockall.2 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- lib/libc/sys/mlockall.2 (revision 239772) +++ lib/libc/sys/mlockall.2 (working copy) @@ -72,7 +72,9 @@ limit and the per-process .Dv RLIMIT_MEMLOCK resource limit. .Pp -These calls are only available to the super-user. +These calls are only available to the super-user, or to anyone when +.Va security.bsd.unprivileged_mlock +is set to 1. .Pp The .Fn munlockall Index: lib/libc/sys/mlock.2 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- lib/libc/sys/mlock.2 (revision 239772) +++ lib/libc/sys/mlock.2 (working copy) @@ -99,7 +99,9 @@ the per-process .Li RLIMIT_MEMLOCK resource limit. .Pp -These calls are only available to the super-user. +These calls are only available to the super-user, or to anyone when +.Va security.bsd.unprivileged_mlock +is set to 1. .Sh RETURN VALUES .Rv -std .Pp @@ -112,7 +114,9 @@ system call will fail if: .Bl -tag -width Er .It Bq Er EPERM -The caller is not the super-user. +The caller is not the super-user and +.Va security.bsd.unprivileged_mlock +is set to 0. .It Bq Er EINVAL The address given is not page aligned or the length is negative. .It Bq Er EAGAIN @@ -129,7 +133,9 @@ system call will fail if: .Bl -tag -width Er .It Bq Er EPERM -The caller is not the super-user. +The caller is not the super-user and +.Va security.bsd.unprivileged_mlock +is set to 0. .It Bq Er EINVAL The address given is not page aligned or the length is negative. .It Bq Er ENOMEM --------------080705060908010301070308-- --------------enig936FD783B61C3D5F55FA814F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQPPO2AAoJEBWLemxX/CvTMywIALbazyTRxENDi+KF1JZZHPEs brnI9G6kxNqKPRwP826xAdWgv/5BplizafsPUcPiyXj8OjM9NmP32gjJ8OrW2qqw 5V7Wy+pkgrPy++g43wSH//+JmTDjNlVoAH9c4dRRgVZD8sBz3zt44xTSVK657zRo w58Dpqajf4RPGysavD7W9rV0L96QmN5BvfgkPrzg1w/ykkCrJXvOgx7NRz7ZbRx8 gmT5P9puDk9JA1Kt/axdzV3wAFYcmVG0WyT8gDvMgsiGi7QC9J4k4bvC/HHl5TpJ 6YqkfptanxZIwn+XagQj+z4GPBQ5dA3Piu4zNGez149uqPBpzq9Q5CN03VS5xDM= =XUdc -----END PGP SIGNATURE----- --------------enig936FD783B61C3D5F55FA814F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?503CF3B1.3050604>