From: Ray Bryant <raybry@sgi.com>
To: Hirokazu Takahashi <taka@valinux.co.jp>, Andi Kleen <ak@suse.de>,
Dave Hansen <haveblue@us.ibm.com>,
Marcelo Tosatti <marcelo.tosatti@cyclades.com>
Cc: Christoph Hellwig <hch@infradead.org>,
Ray Bryant <raybry@austin.rr.com>, linux-mm <linux-mm@kvack.org>,
lhms-devel@lists.sourceforge.net, Ray Bryant <raybry@sgi.com>,
Paul Jackson <pj@sgi.com>, Nathan Scott <nathans@sgi.com>
Subject: [PATCH 2.6.12-rc5 9/10] mm: manual page migration-rc3 -- sys_migrate_pages-permissions-check-rc3.patch
Date: Wed, 22 Jun 2005 09:40:07 -0700 (PDT) [thread overview]
Message-ID: <20050622164007.25515.4780.50462@tomahawk.engr.sgi.com> (raw)
In-Reply-To: <20050622163908.25515.49944.65860@tomahawk.engr.sgi.com>
Add permissions checking to migrate_pages() system call.
The basic idea is that if you could send an arbitary
signal to a process then you are allowed to migrate
that process, or if the calling process has capability
CAP_SYS_ADMIN. The permissions check is based
on that in check_kill_permission() in kernel/signal.c.
Signed-off-by: Ray Bryant <raybry@sgi.com>
--
include/linux/capability.h | 2 ++
mm/mmigrate.c | 12 ++++++++++++
2 files changed, 14 insertions(+)
Index: linux-2.6.12-rc5-mhp1-page-migration-export/include/linux/capability.h
===================================================================
--- linux-2.6.12-rc5-mhp1-page-migration-export.orig/include/linux/capability.h 2005-06-13 11:12:33.000000000 -0700
+++ linux-2.6.12-rc5-mhp1-page-migration-export/include/linux/capability.h 2005-06-13 11:13:09.000000000 -0700
@@ -233,6 +233,8 @@ typedef __u32 kernel_cap_t;
/* Allow enabling/disabling tagged queuing on SCSI controllers and sending
arbitrary SCSI commands */
/* Allow setting encryption key on loopback filesystem */
+/* Allow using the migrate_pages() system call to migrate a process's pages
+ from one set of NUMA nodes to another */
#define CAP_SYS_ADMIN 21
Index: linux-2.6.12-rc5-mhp1-page-migration-export/mm/mmigrate.c
===================================================================
--- linux-2.6.12-rc5-mhp1-page-migration-export.orig/mm/mmigrate.c 2005-06-13 11:13:04.000000000 -0700
+++ linux-2.6.12-rc5-mhp1-page-migration-export/mm/mmigrate.c 2005-06-13 11:13:09.000000000 -0700
@@ -15,6 +15,8 @@
#include <linux/module.h>
#include <linux/swap.h>
#include <linux/pagemap.h>
+#include <linux/sched.h>
+#include <linux/capability.h>
#include <linux/init.h>
#include <linux/highmem.h>
#include <linux/writeback.h>
@@ -725,6 +727,16 @@ sys_migrate_pages(pid_t pid, __u32 count
task = find_task_by_pid(pid);
if (task) {
task_lock(task);
+ /* does this task have permission to migrate that task?
+ * (ala check_kill_permission() ) */
+ if ((current->euid ^ task->suid) && (current->euid ^ task->uid)
+ && (current->uid ^ task->suid) && (current->uid ^ task->uid)
+ && !capable(CAP_SYS_ADMIN)) {
+ ret = -EPERM;
+ task_unlock(task);
+ read_unlock(&tasklist_lock);
+ goto out;
+ }
mm = task->mm;
if (mm) {
atomic_inc(&mm->mm_users);
--
Best Regards,
Ray
-----------------------------------------------
Ray Bryant raybry@sgi.com
The box said: "Requires Windows 98 or better",
so I installed Linux.
-----------------------------------------------
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org"> aart@kvack.org </a>
next prev parent reply other threads:[~2005-06-22 16:40 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-22 16:39 [PATCH 2.6.12-rc5 0/10] mm: manual page migration-rc3 -- overview Ray Bryant
2005-06-22 16:39 ` [PATCH 2.6.12-rc5 1/10] mm: hirokazu-steal_page_from_lru.patch Ray Bryant
2005-06-22 16:39 ` [PATCH 2.6.12-rc5 2/10] mm: manual page migration-rc3 -- xfs-migrate-page-rc3.patch Ray Bryant
2005-06-22 17:30 ` [Lhms-devel] " Joel Schopp
2005-06-23 4:01 ` Nathan Scott
2005-06-22 16:39 ` [PATCH 2.6.12-rc5 3/10] mm: manual page migration-rc3 -- add-node_map-arg-to-try_to_migrate_pages-rc3.patch Ray Bryant
2005-06-22 16:39 ` [PATCH 2.6.12-rc5 4/10] mm: manual page migration-rc3 -- add-sys_migrate_pages-rc3.patch Ray Bryant
2005-06-22 17:23 ` Dave Hansen
2005-06-23 1:34 ` Ray Bryant
2005-06-23 1:42 ` Dave Hansen
2005-06-25 10:32 ` Hirokazu Takahashi
2005-06-22 16:39 ` [PATCH 2.6.12-rc5 5/10] mm: manual page migration-rc3 -- sys_migrate_pages-mempolicy-migration-rc3.patch Ray Bryant
2005-06-23 1:51 ` Andi Kleen
2005-06-23 20:59 ` [Lhms-devel] " Ray Bryant
2005-06-23 21:05 ` Andi Kleen
2005-06-25 5:11 ` Ray Bryant
2005-06-22 16:39 ` [PATCH 2.6.12-rc5 6/10] mm: manual page migration-rc3 -- add-mempolicy-control-rc3.patch Ray Bryant
2005-06-22 16:39 ` [PATCH 2.6.12-rc5 7/10] mm: manual page migration-rc3 -- sys_migrate_pages-migration-selection-rc3.patch Ray Bryant
2005-06-22 16:40 ` [PATCH 2.6.12-rc5 8/10] mm: manual page migration-rc3 -- sys_migrate_pages-cpuset-support-rc3.patch Ray Bryant
2005-06-22 16:40 ` Ray Bryant [this message]
2005-06-22 16:40 ` [PATCH 2.6.12-rc5 10/10] mm: manual page migration-rc3 -- N1.2-add-nodemap-to-try_to_migrate_pages-call.patch Ray Bryant
2005-06-23 21:31 ` [PATCH 2.6.12-rc5 0/10] mm: manual page migration-rc3 -- overview Christoph Lameter
2005-06-23 23:00 ` Ray Bryant
2005-06-23 23:03 ` Christoph Lameter
2005-06-24 14:15 ` [Lhms-devel] " Ray Bryant
2005-06-24 15:41 ` Christoph Lameter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050622164007.25515.4780.50462@tomahawk.engr.sgi.com \
--to=raybry@sgi.com \
--cc=ak@suse.de \
--cc=haveblue@us.ibm.com \
--cc=hch@infradead.org \
--cc=lhms-devel@lists.sourceforge.net \
--cc=linux-mm@kvack.org \
--cc=marcelo.tosatti@cyclades.com \
--cc=nathans@sgi.com \
--cc=pj@sgi.com \
--cc=raybry@austin.rr.com \
--cc=taka@valinux.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox