Re: [patch] mlock-as-nonroot revisted
From: Andrea Arcangeli
Date: Tue Aug 03 2004 - 21:15:12 EST
On Tue, Aug 03, 2004 at 10:01:12PM -0400, Rik van Riel wrote:
> On Wed, 4 Aug 2004, Andrea Arcangeli wrote:
> > On Tue, Aug 03, 2004 at 09:21:34PM -0400, Rik van Riel wrote:
> > > This is exactly why named hugetlb files are NOT included
> > > in this accounting, only the ones created through the SHM
> > > interface are.
> >
> > but you're allowing everybody to alloc all RAM in hugetlb files with
> > the change in the previos patch posted by Arjan
>
> Nope, Arjan's patch (and my incremental) touch hugetlb_zero_setup,
> which only seems to be called from ipc/shm.c
>
> Normal hugetlb file creation (through the filesystem) isn't touched
> by these patches.
it is:
diff -purN linux-2.6.7/fs/hugetlbfs/inode.c linux/fs/hugetlbfs/inode.c
--- linux-2.6.7/fs/hugetlbfs/inode.c 2004-07-29 11:36:55.744448953
+0200
+++ linux/fs/hugetlbfs/inode.c 2004-07-29 11:38:04.292595263 +0200
@@ -722,7 +722,7 @@ struct file *hugetlb_zero_setup(size_t s
struct qstr quick_string;
char buf[16];
- if (!capable(CAP_IPC_LOCK))
+ if (!can_do_mlock())
return ERR_PTR(-EPERM);
if (!is_hugepage_mem_enough(size))
this breaks local security if you set the rlimit to 1 byte (well, 1 byte
== disable_cap_mlock).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/