Date: Tue, 28 Aug 2012 20:37:05 +0400 From: Andrey Zonov <zont@FreeBSD.org> To: freebsd-arch@freebsd.org Subject: [patch] unprivileged mlock(2) Message-ID: <503CF3B1.3050604@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig936FD783B61C3D5F55FA814F
Content-Type: multipart/mixed; boundary="------------080705060908010301070308"
This is a multi-part message in MIME format.
--------------080705060908010301070308
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi,
We've got RLIMIT_MEMLOCK for years, but this limit is useless, because
only root may call mlock(2), and root may raise any limits.
I suggest patch that allows to call mlock(2) for unprivileged users.
Are there any objections to got it in tree?
--=20
Andrey Zonov
--------------080705060908010301070308
Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0";
name="mlock.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="mlock.patch"
- Allow non-root users to call mlock(2)/munlock(2) and
mlockall(2)/munlockall(2). Now RLIMIT_MEMLOCK makes sense.
- Add sysctl security.bsd.unprivileged_mlock to deny ability of calling
mlock(2) to non-root users.
Approved by: kib (mentor)
MFC after: 2 weeks
Index: sys/vm/vm_mmap.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- sys/vm/vm_mmap.c (revision 239772)
+++ sys/vm/vm_mmap.c (working copy)
@@ -1015,6 +1015,10 @@ done2:
return (error);
}
=20
+static int unprivileged_mlock =3D 1;
+SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_mlock, CTLFLAG_RW,
+ &unprivileged_mlock, 0, "Unprivileged processes may lock the memory"=
);
+
#ifndef _SYS_SYSPROTO_H_
struct mlock_args {
const void *addr;
@@ -1035,9 +1039,11 @@ sys_mlock(td, uap)
unsigned long nsize;
int error;
=20
- error =3D priv_check(td, PRIV_VM_MLOCK);
- if (error)
- return (error);
+ if (!unprivileged_mlock) {
+ error =3D priv_check(td, PRIV_VM_MLOCK);
+ if (error)
+ return (error);
+ }
addr =3D (vm_offset_t)uap->addr;
size =3D uap->len;
last =3D addr + size;
@@ -1114,9 +1120,11 @@ sys_mlockall(td, uap)
}
PROC_UNLOCK(td->td_proc);
#else
- error =3D priv_check(td, PRIV_VM_MLOCK);
- if (error)
- return (error);
+ if (!unprivileged_mlock) {
+ error =3D priv_check(td, PRIV_VM_MLOCK);
+ if (error)
+ return (error);
+ }
#endif
#ifdef RACCT
PROC_LOCK(td->td_proc);
@@ -1174,9 +1182,11 @@ sys_munlockall(td, uap)
int error;
=20
map =3D &td->td_proc->p_vmspace->vm_map;
- error =3D priv_check(td, PRIV_VM_MUNLOCK);
- if (error)
- return (error);
+ if (!unprivileged_mlock) {
+ error =3D priv_check(td, PRIV_VM_MUNLOCK);
+ if (error)
+ return (error);
+ }
=20
/* Clear the MAP_WIREFUTURE flag from this vm_map. */
vm_map_lock(map);
@@ -1215,9 +1225,11 @@ sys_munlock(td, uap)
vm_size_t size;
int error;
=20
- error =3D priv_check(td, PRIV_VM_MUNLOCK);
- if (error)
- return (error);
+ if (!unprivileged_mlock) {
+ error =3D priv_check(td, PRIV_VM_MUNLOCK);
+ if (error)
+ return (error);
+ }
addr =3D (vm_offset_t)uap->addr;
size =3D uap->len;
last =3D addr + size;
Index: lib/libc/sys/mlockall.2
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- lib/libc/sys/mlockall.2 (revision 239772)
+++ lib/libc/sys/mlockall.2 (working copy)
@@ -72,7 +72,9 @@ limit and the per-process
.Dv RLIMIT_MEMLOCK
resource limit.
.Pp
-These calls are only available to the super-user.
+These calls are only available to the super-user, or to anyone when
+.Va security.bsd.unprivileged_mlock
+is set to 1.
.Pp
The
.Fn munlockall
Index: lib/libc/sys/mlock.2
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- lib/libc/sys/mlock.2 (revision 239772)
+++ lib/libc/sys/mlock.2 (working copy)
@@ -99,7 +99,9 @@ the per-process
.Li RLIMIT_MEMLOCK
resource limit.
.Pp
-These calls are only available to the super-user.
+These calls are only available to the super-user, or to anyone when
+.Va security.bsd.unprivileged_mlock
+is set to 1.
.Sh RETURN VALUES
.Rv -std
.Pp
@@ -112,7 +114,9 @@ system call
will fail if:
.Bl -tag -width Er
.It Bq Er EPERM
-The caller is not the super-user.
+The caller is not the super-user and
+.Va security.bsd.unprivileged_mlock
+is set to 0.
.It Bq Er EINVAL
The address given is not page aligned or the length is negative.
.It Bq Er EAGAIN
@@ -129,7 +133,9 @@ system call
will fail if:
.Bl -tag -width Er
.It Bq Er EPERM
-The caller is not the super-user.
+The caller is not the super-user and
+.Va security.bsd.unprivileged_mlock
+is set to 0.
.It Bq Er EINVAL
The address given is not page aligned or the length is negative.
.It Bq Er ENOMEM
--------------080705060908010301070308--
--------------enig936FD783B61C3D5F55FA814F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJQPPO2AAoJEBWLemxX/CvTMywIALbazyTRxENDi+KF1JZZHPEs
brnI9G6kxNqKPRwP826xAdWgv/5BplizafsPUcPiyXj8OjM9NmP32gjJ8OrW2qqw
5V7Wy+pkgrPy++g43wSH//+JmTDjNlVoAH9c4dRRgVZD8sBz3zt44xTSVK657zRo
w58Dpqajf4RPGysavD7W9rV0L96QmN5BvfgkPrzg1w/ykkCrJXvOgx7NRz7ZbRx8
gmT5P9puDk9JA1Kt/axdzV3wAFYcmVG0WyT8gDvMgsiGi7QC9J4k4bvC/HHl5TpJ
6YqkfptanxZIwn+XagQj+z4GPBQ5dA3Piu4zNGez149uqPBpzq9Q5CN03VS5xDM=
=XUdc
-----END PGP SIGNATURE-----
--------------enig936FD783B61C3D5F55FA814F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?503CF3B1.3050604>