Andrew, at the current time an mmap() ignores a MAP_LOCKED passed to it.
The only way we can get VM_LOCKED associated with the newly created VMA
is to have previously called mlockall() on the process which sets the
mm->def_flags != VM_LOCKED or subsequently call mlock() on the
newly created VMA.
The attached patch checks for MAP_LOCKED being passed and if so checks
the capabilities of the process. Limit checks were already in place.
-- -- Hubertus Franke (frankeh@watson.ibm.com)--------------------------------< PATCH >------------------------------ --- linux-2.5.35/mm/mmap.c Wed Sep 18 11:12:13 2002 +++ linux-2.5.35-fix/mm/mmap.c Wed Sep 18 11:44:32 2002 @@ -461,6 +461,11 @@ */ vm_flags = calc_vm_flags(prot,flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; + if (flags & MAP_LOCKED) { + if (!capable(CAP_IPC_LOCK)) + return -EPERM; + vm_flags |= VM_LOCKED; + } /* mlock MCL_FUTURE? */ if (vm_flags & VM_LOCKED) { unsigned long locked = mm->locked_vm << PAGE_SHIFT;
--------------Boundary-00=_E46NZG7A4M3X1RKLRVT1 Content-Type: text/x-diff; charset="iso-8859-1"; name="patch.2.5.35.mmap_locked" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="patch.2.5.35.mmap_locked"
--- linux-2.5.35/mm/mmap.c Wed Sep 18 11:12:13 2002 +++ linux-2.5.35-fix/mm/mmap.c Wed Sep 18 11:44:32 2002 @@ -461,6 +461,11 @@ */ vm_flags = calc_vm_flags(prot,flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; + if (flags & MAP_LOCKED) { + if (!capable(CAP_IPC_LOCK)) + return -EPERM; + vm_flags |= VM_LOCKED; + } /* mlock MCL_FUTURE? */ if (vm_flags & VM_LOCKED) { unsigned long locked = mm->locked_vm << PAGE_SHIFT;
--------------Boundary-00=_E46NZG7A4M3X1RKLRVT1--
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/