From owner-freebsd-arch@FreeBSD.ORG Tue Aug 28 16:37:14 2012 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C960210656EC for ; Tue, 28 Aug 2012 16:37:14 +0000 (UTC) (envelope-from andrey@zonov.org) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3C7928FC19 for ; Tue, 28 Aug 2012 16:37:13 +0000 (UTC) Received: by lbbgg13 with SMTP id gg13so4000864lbb.13 for ; Tue, 28 Aug 2012 09:37:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:content-type:x-gm-message-state; bh=DrVd+LjAf2mRVnZarJralrvtrBH2ophg15zLAj2Lu2g=; b=mcGJp0EBJg/0zeIOELgPeqNl+JhzJFXTcJ4YJAZOdLVQyiSrC7QXgjQXTfb/0nRv1X YIVp4ZNpQ7vRpyZdb35osl/RQghQZJyNvDOiJrtsiK16O2BqidLQwrA9x8UGjiRCTGAd AgmHFLTi39MjkadJM7O6Cttuonf462YJ8X36depxMoCabaFhP5WtW6Dw1b9BsDK7P+Qr j2yx9w8vIWBdW65XhrtlK76O7dcsC2kRfoO3uJ3YMURvvJuC4+ZFk8pbAgHpqmtCJPRl ooQyFGSlmjeEXaeDNPg/q98N2G8lBKayNjcQhAU2a/XYYmO3CH8MgU198+Icqm1UOznB uPLA== Received: by 10.112.25.106 with SMTP id b10mr8330504lbg.28.1346171832937; Tue, 28 Aug 2012 09:37:12 -0700 (PDT) Received: from zont-osx.local (ppp95-165-143-86.pppoe.spdop.ru. [95.165.143.86]) by mx.google.com with ESMTPS id nf5sm22552302lab.3.2012.08.28.09.37.11 (version=SSLv3 cipher=OTHER); Tue, 28 Aug 2012 09:37:12 -0700 (PDT) Sender: Andrey Zonov Message-ID: <503CF3B1.3050604@FreeBSD.org> Date: Tue, 28 Aug 2012 20:37:05 +0400 From: Andrey Zonov User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: freebsd-arch@freebsd.org X-Enigmail-Version: 1.4.3 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig936FD783B61C3D5F55FA814F" X-Gm-Message-State: ALoCoQknMyswHAhzAzMVEJ7kriFlFDbBW2nXmWoFlOW6LzDZAVTGhIpb6gBtm1IJOrPsJRXhjktE Subject: [patch] unprivileged mlock(2) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2012 16:37:14 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig936FD783B61C3D5F55FA814F Content-Type: multipart/mixed; boundary="------------080705060908010301070308" This is a multi-part message in MIME format. --------------080705060908010301070308 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, We've got RLIMIT_MEMLOCK for years, but this limit is useless, because only root may call mlock(2), and root may raise any limits. I suggest patch that allows to call mlock(2) for unprivileged users. Are there any objections to got it in tree? --=20 Andrey Zonov --------------080705060908010301070308 Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0"; name="mlock.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="mlock.patch" - Allow non-root users to call mlock(2)/munlock(2) and mlockall(2)/munlockall(2). Now RLIMIT_MEMLOCK makes sense. - Add sysctl security.bsd.unprivileged_mlock to deny ability of calling mlock(2) to non-root users. Approved by: kib (mentor) MFC after: 2 weeks Index: sys/vm/vm_mmap.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sys/vm/vm_mmap.c (revision 239772) +++ sys/vm/vm_mmap.c (working copy) @@ -1015,6 +1015,10 @@ done2: return (error); } =20 +static int unprivileged_mlock =3D 1; +SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_mlock, CTLFLAG_RW, + &unprivileged_mlock, 0, "Unprivileged processes may lock the memory"= ); + #ifndef _SYS_SYSPROTO_H_ struct mlock_args { const void *addr; @@ -1035,9 +1039,11 @@ sys_mlock(td, uap) unsigned long nsize; int error; =20 - error =3D priv_check(td, PRIV_VM_MLOCK); - if (error) - return (error); + if (!unprivileged_mlock) { + error =3D priv_check(td, PRIV_VM_MLOCK); + if (error) + return (error); + } addr =3D (vm_offset_t)uap->addr; size =3D uap->len; last =3D addr + size; @@ -1114,9 +1120,11 @@ sys_mlockall(td, uap) } PROC_UNLOCK(td->td_proc); #else - error =3D priv_check(td, PRIV_VM_MLOCK); - if (error) - return (error); + if (!unprivileged_mlock) { + error =3D priv_check(td, PRIV_VM_MLOCK); + if (error) + return (error); + } #endif #ifdef RACCT PROC_LOCK(td->td_proc); @@ -1174,9 +1182,11 @@ sys_munlockall(td, uap) int error; =20 map =3D &td->td_proc->p_vmspace->vm_map; - error =3D priv_check(td, PRIV_VM_MUNLOCK); - if (error) - return (error); + if (!unprivileged_mlock) { + error =3D priv_check(td, PRIV_VM_MUNLOCK); + if (error) + return (error); + } =20 /* Clear the MAP_WIREFUTURE flag from this vm_map. */ vm_map_lock(map); @@ -1215,9 +1225,11 @@ sys_munlock(td, uap) vm_size_t size; int error; =20 - error =3D priv_check(td, PRIV_VM_MUNLOCK); - if (error) - return (error); + if (!unprivileged_mlock) { + error =3D priv_check(td, PRIV_VM_MUNLOCK); + if (error) + return (error); + } addr =3D (vm_offset_t)uap->addr; size =3D uap->len; last =3D addr + size; Index: lib/libc/sys/mlockall.2 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- lib/libc/sys/mlockall.2 (revision 239772) +++ lib/libc/sys/mlockall.2 (working copy) @@ -72,7 +72,9 @@ limit and the per-process .Dv RLIMIT_MEMLOCK resource limit. .Pp -These calls are only available to the super-user. +These calls are only available to the super-user, or to anyone when +.Va security.bsd.unprivileged_mlock +is set to 1. .Pp The .Fn munlockall Index: lib/libc/sys/mlock.2 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- lib/libc/sys/mlock.2 (revision 239772) +++ lib/libc/sys/mlock.2 (working copy) @@ -99,7 +99,9 @@ the per-process .Li RLIMIT_MEMLOCK resource limit. .Pp -These calls are only available to the super-user. +These calls are only available to the super-user, or to anyone when +.Va security.bsd.unprivileged_mlock +is set to 1. .Sh RETURN VALUES .Rv -std .Pp @@ -112,7 +114,9 @@ system call will fail if: .Bl -tag -width Er .It Bq Er EPERM -The caller is not the super-user. +The caller is not the super-user and +.Va security.bsd.unprivileged_mlock +is set to 0. .It Bq Er EINVAL The address given is not page aligned or the length is negative. .It Bq Er EAGAIN @@ -129,7 +133,9 @@ system call will fail if: .Bl -tag -width Er .It Bq Er EPERM -The caller is not the super-user. +The caller is not the super-user and +.Va security.bsd.unprivileged_mlock +is set to 0. .It Bq Er EINVAL The address given is not page aligned or the length is negative. .It Bq Er ENOMEM --------------080705060908010301070308-- --------------enig936FD783B61C3D5F55FA814F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQPPO2AAoJEBWLemxX/CvTMywIALbazyTRxENDi+KF1JZZHPEs brnI9G6kxNqKPRwP826xAdWgv/5BplizafsPUcPiyXj8OjM9NmP32gjJ8OrW2qqw 5V7Wy+pkgrPy++g43wSH//+JmTDjNlVoAH9c4dRRgVZD8sBz3zt44xTSVK657zRo w58Dpqajf4RPGysavD7W9rV0L96QmN5BvfgkPrzg1w/ykkCrJXvOgx7NRz7ZbRx8 gmT5P9puDk9JA1Kt/axdzV3wAFYcmVG0WyT8gDvMgsiGi7QC9J4k4bvC/HHl5TpJ 6YqkfptanxZIwn+XagQj+z4GPBQ5dA3Piu4zNGez149uqPBpzq9Q5CN03VS5xDM= =XUdc -----END PGP SIGNATURE----- --------------enig936FD783B61C3D5F55FA814F--