From: Ray Bryant <raybry@sgi.com>
To: Hirokazu Takahashi <taka@valinux.co.jp>,
Marcelo Tosatti <marcelo.tosatti@cyclades.com>,
Andi Kleen <ak@suse.de>, Dave Hansen <haveblue@us.ibm.com>
Cc: Christoph Hellwig <hch@infradead.org>,
linux-mm <linux-mm@kvack.org>, Nathan Scott <nathans@sgi.com>,
Ray Bryant <raybry@austin.rr.com>,
lhms-devel@lists.sourceforge.net, Ray Bryant <raybry@sgi.com>,
Paul Jackson <pj@sgi.com>,
clameter@sgi.com
Subject: [PATCH 2.6.13-rc1 10/11] mm: manual page migration-rc4 -- sys_migrate_pages-permissions-check-rc4.patch
Date: Fri, 1 Jul 2005 15:41:42 -0700 (PDT) [thread overview]
Message-ID: <20050701224142.542.12529.51416@jackhammer.engr.sgi.com> (raw)
In-Reply-To: <20050701224038.542.60558.44109@jackhammer.engr.sgi.com>
Add permissions checking to migrate_pages() system call.
The basic idea is that if you could send an arbitary
signal to a process then you are allowed to migrate
that process, or if the calling process has capability
CAP_SYS_ADMIN. The permissions check is based
on that in check_kill_permission() in kernel/signal.c.
Signed-off-by: Ray Bryant <raybry@sgi.com>
include/linux/capability.h | 2 ++
mm/mmigrate.c | 12 ++++++++++++
2 files changed, 14 insertions(+)
Index: linux-2.6.12-rc5-mhp1-page-migration-export/include/linux/capability.h
===================================================================
--- linux-2.6.12-rc5-mhp1-page-migration-export.orig/include/linux/capability.h 2005-06-24 11:02:20.000000000 -0700
+++ linux-2.6.12-rc5-mhp1-page-migration-export/include/linux/capability.h 2005-06-24 11:02:30.000000000 -0700
@@ -233,6 +233,8 @@ typedef __u32 kernel_cap_t;
/* Allow enabling/disabling tagged queuing on SCSI controllers and sending
arbitrary SCSI commands */
/* Allow setting encryption key on loopback filesystem */
+/* Allow using the migrate_pages() system call to migrate a process's pages
+ from one set of NUMA nodes to another */
#define CAP_SYS_ADMIN 21
Index: linux-2.6.12-rc5-mhp1-page-migration-export/mm/mmigrate.c
===================================================================
--- linux-2.6.12-rc5-mhp1-page-migration-export.orig/mm/mmigrate.c 2005-06-24 11:02:20.000000000 -0700
+++ linux-2.6.12-rc5-mhp1-page-migration-export/mm/mmigrate.c 2005-06-24 11:02:30.000000000 -0700
@@ -15,6 +15,8 @@
#include <linux/module.h>
#include <linux/swap.h>
#include <linux/pagemap.h>
+#include <linux/sched.h>
+#include <linux/capability.h>
#include <linux/init.h>
#include <linux/highmem.h>
#include <linux/writeback.h>
@@ -734,6 +736,16 @@ sys_migrate_pages(pid_t pid, __u32 count
task = find_task_by_pid(pid);
if (task) {
task_lock(task);
+ /* does this task have permission to migrate that task?
+ * (ala check_kill_permission() ) */
+ if ((current->euid ^ task->suid) && (current->euid ^ task->uid)
+ && (current->uid ^ task->suid) && (current->uid ^ task->uid)
+ && !capable(CAP_SYS_ADMIN)) {
+ ret = -EPERM;
+ task_unlock(task);
+ read_unlock(&tasklist_lock);
+ goto out;
+ }
mm = task->mm;
if (mm) {
atomic_inc(&mm->mm_users);
--
Best Regards,
Ray
-----------------------------------------------
Ray Bryant raybry@sgi.com
The box said: "Requires Windows 98 or better",
so I installed Linux.
-----------------------------------------------
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org"> aart@kvack.org </a>
next prev parent reply other threads:[~2005-07-02 0:32 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-01 22:40 [PATCH 2.6.13-rc1 0/11] mm: manual page migration-rc4 -- overview Ray Bryant
2005-07-01 22:40 ` [PATCH 2.6.13-rc1 1/11] mm: hirokazu-steal_page_from_lru.patch Ray Bryant
2005-07-01 22:40 ` [PATCH 2.6.13-rc1 2/11] mm: manual page migration-rc4 -- xfs-migrate-page-rc4.patch Ray Bryant
2005-07-01 22:40 ` [PATCH 2.6.13-rc1 3/11] mm: manual page migration-rc4 -- add-node_map-arg-to-try_to_migrate_pages-rc4.patch Ray Bryant
2005-07-01 22:41 ` [PATCH 2.6.13-rc1 4/11] mm: manual page migration-rc4 -- add-sys_migrate_pages-rc4.patch Ray Bryant
2005-07-01 22:41 ` [PATCH 2.6.13-rc1 5/11] mm: manual page migration-rc4 -- sys_migrate_pages-mempolicy-migration-rc4.patch Ray Bryant
2005-07-01 22:41 ` [PATCH 2.6.13-rc1 6/11] mm: manual page migration-rc4 -- sys_migrate_pages-mempolicy-migration-shared-policy-fixup-rc4.patch Ray Bryant
2005-07-01 22:41 ` [PATCH 2.6.13-rc1 7/11] mm: manual page migration-rc4 -- add-mempolicy-control-rc4.patch Ray Bryant
2005-07-01 22:41 ` [PATCH 2.6.13-rc1 8/11] mm: manual page migration-rc4 -- sys_migrate_pages-migration-selection-rc4.patch Ray Bryant
2005-07-01 22:41 ` [PATCH 2.6.13-rc1 9/11] mm: manual page migration-rc4 -- sys_migrate_pages-cpuset-support-rc4.patch Ray Bryant
2005-07-01 22:41 ` Ray Bryant [this message]
2005-07-01 22:41 ` [PATCH 2.6.13-rc1 11/11] mm: manual page migration-rc4 -- N1.2-add-nodemap-to-try_to_migrate_pages-call.patch Ray Bryant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050701224142.542.12529.51416@jackhammer.engr.sgi.com \
--to=raybry@sgi.com \
--cc=ak@suse.de \
--cc=clameter@sgi.com \
--cc=haveblue@us.ibm.com \
--cc=hch@infradead.org \
--cc=lhms-devel@lists.sourceforge.net \
--cc=linux-mm@kvack.org \
--cc=marcelo.tosatti@cyclades.com \
--cc=nathans@sgi.com \
--cc=pj@sgi.com \
--cc=raybry@austin.rr.com \
--cc=taka@valinux.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox