mlock - the system call that makes certain pages unpageable - has two
primary uses:
- prevent real-time processes from losing time in paging
- ensure that very sensitive data is not paged to permanent storage,
where it could linger for an indefinite time
mlock has been restricted to root, which makes sense for the first
application, but not for the second. I have prepared a trivial patch
(relative to 2.0.14) which removes this restriction, so that any user
process can lock a small amount of pages (for pass-phrases, etc.)
The max locked-in-memory size is governed by a resource limit
(RLIMIT_MEMLOCK). The default limit is 4 pages, which should suffice
for security-applications. RT programs that need more mlock-able
space, would be run under root anyway, and root, as usual, can raise
or lower limits ad lib.
The goal is to encourage programs like passwd or PGP to use mlock for
their sensitive pass-phrases.
So here's the patch, please test it and see if it breaks something.
Send comments to me, I'll report progress to the list.
Robbe
----------cut here-------------
diff -u --recursive /usr/src/linux/include/asm-alpha/resource.h linux/include/asm-alpha/resource.h
--- /usr/src/linux/include/asm-alpha/resource.h Tue Jul 9 14:04:42 1996
+++ linux/include/asm-alpha/resource.h Fri Jul 5 19:31:39 1996
@@ -31,7 +31,8 @@
{ NR_OPEN, NR_OPEN}, /* RLIMIT_NOFILE */ \
{LONG_MAX, LONG_MAX}, /* RLIMIT_AS */ \
{MAX_TASKS_PER_USER, MAX_TASKS_PER_USER}, /* RLIMIT_NPROC */ \
- {LONG_MAX, LONG_MAX}, /* RLIMIT_MEMLOCK */ \
+ {MAX_LOCKED_PAGES << PAGE_SHIFT, MAX_LOCKED_PAGES << PAGE_SHIFT}, \
+ /* RLIMIT_MEMLOCK */ \
}
#endif /* __KERNEL__ */
diff -u --recursive /usr/src/linux/include/asm-i386/resource.h linux/include/asm-i386/resource.h
--- /usr/src/linux/include/asm-i386/resource.h Tue Jul 9 14:04:39 1996
+++ linux/include/asm-i386/resource.h Thu Aug 22 21:30:18 1996
@@ -29,7 +29,7 @@
{ LONG_MAX, LONG_MAX }, \
{ MAX_TASKS_PER_USER, MAX_TASKS_PER_USER }, \
{ NR_OPEN, NR_OPEN }, \
- { LONG_MAX, LONG_MAX }, \
+ { MAX_LOCKED_PAGES << PAGE_SHIFT, MAX_LOCKED_PAGES << PAGE_SHIFT}, \
}
#endif /* __KERNEL__ */
diff -u --recursive /usr/src/linux/include/asm-m68k/resource.h linux/include/asm-m68k/resource.h
--- /usr/src/linux/include/asm-m68k/resource.h Tue Jul 9 14:04:44 1996
+++ linux/include/asm-m68k/resource.h Fri Jul 5 19:31:40 1996
@@ -29,7 +29,7 @@
{LONG_MAX, LONG_MAX}, \
{MAX_TASKS_PER_USER, MAX_TASKS_PER_USER}, \
{NR_OPEN, NR_OPEN}, \
- {LONG_MAX, LONG_MAX} \
+ {MAX_LOCKED_PAGES << PAGE_SHIFT, MAX_LOCKED_PAGES << PAGE_SHIFT}, \
}
#endif /* __KERNEL__ */
diff -u --recursive /usr/src/linux/include/asm-mips/resource.h linux/include/asm-mips/resource.h
--- /usr/src/linux/include/asm-mips/resource.h Tue Jul 9 14:04:41 1996
+++ linux/include/asm-mips/resource.h Fri Jul 5 19:31:40 1996
@@ -40,7 +40,7 @@
{LONG_MAX, LONG_MAX}, \
{LONG_MAX, LONG_MAX}, \
{MAX_TASKS_PER_USER, MAX_TASKS_PER_USER}, \
- { LONG_MAX, LONG_MAX }, \
+ {MAX_LOCKED_PAGES << PAGE_SHIFT, MAX_LOCKED_PAGES << PAGE_SHIFT}, \
}
#endif /* __KERNEL__ */
diff -u --recursive /usr/src/linux/include/asm-sparc/resource.h linux/include/asm-sparc/resource.h
--- /usr/src/linux/include/asm-sparc/resource.h Tue Jul 9 14:04:47 1996
+++ linux/include/asm-sparc/resource.h Fri Jul 5 19:31:40 1996
@@ -30,7 +30,7 @@
{LONG_MAX, LONG_MAX}, {_STK_LIM, _STK_LIM}, \
{ 0, LONG_MAX}, {LONG_MAX, LONG_MAX}, \
{MAX_TASKS_PER_USER, MAX_TASKS_PER_USER}, {NR_OPEN, NR_OPEN}, \
- {LONG_MAX, LONG_MAX}, \
+ {MAX_LOCKED_PAGES << PAGE_SHIFT, MAX_LOCKED_PAGES << PAGE_SHIFT}, \
}
#endif /* __KERNEL__ */
diff -u --recursive /usr/src/linux/include/linux/mm.h linux/include/linux/mm.h
--- /usr/src/linux/include/linux/mm.h Thu Aug 22 21:16:43 1996
+++ linux/include/linux/mm.h Thu Aug 22 21:15:51 1996
@@ -9,6 +9,8 @@
#include <linux/string.h>
+#define MAX_LOCKED_PAGES 4
+
extern unsigned long high_memory;
#include <asm/page.h>