[patch] unprivileged mlock(2)

From: Andrey Zonov <zont@xxxxxxxxxxx>
Date: Tue, 28 Aug 2012 20:37:05 +0400

Hi,

We've got RLIMIT_MEMLOCK for years, but this limit is useless, because
only root may call mlock(2), and root may raise any limits.

I suggest patch that allows to call mlock(2) for unprivileged users.
Are there any objections to got it in tree?

--
Andrey Zonov
- Allow non-root users to call mlock(2)/munlock(2) and
mlockall(2)/munlockall(2). Now RLIMIT_MEMLOCK makes sense.
- Add sysctl security.bsd.unprivileged_mlock to deny ability of calling
mlock(2) to non-root users.

Approved by: kib (mentor)
MFC after: 2 weeks

Index: sys/vm/vm_mmap.c
===================================================================
--- sys/vm/vm_mmap.c (revision 239772)
+++ sys/vm/vm_mmap.c (working copy)
@@ -1015,6 +1015,10 @@ done2:
return (error);
}

+static int unprivileged_mlock = 1;
+SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_mlock, CTLFLAG_RW,
+ &unprivileged_mlock, 0, "Unprivileged processes may lock the memory");
+
#ifndef _SYS_SYSPROTO_H_
struct mlock_args {
const void *addr;
@@ -1035,9 +1039,11 @@ sys_mlock(td, uap)
unsigned long nsize;
int error;

- error = priv_check(td, PRIV_VM_MLOCK);
- if (error)
- return (error);
+ if (!unprivileged_mlock) {
+ error = priv_check(td, PRIV_VM_MLOCK);
+ if (error)
+ return (error);
+ }
addr = (vm_offset_t)uap->addr;
size = uap->len;
last = addr + size;
@@ -1114,9 +1120,11 @@ sys_mlockall(td, uap)
}
PROC_UNLOCK(td->td_proc);
#else
- error = priv_check(td, PRIV_VM_MLOCK);
- if (error)
- return (error);
+ if (!unprivileged_mlock) {
+ error = priv_check(td, PRIV_VM_MLOCK);
+ if (error)
+ return (error);
+ }
#endif
#ifdef RACCT
PROC_LOCK(td->td_proc);
@@ -1174,9 +1182,11 @@ sys_munlockall(td, uap)
int error;

map = &td->td_proc->p_vmspace->vm_map;
- error = priv_check(td, PRIV_VM_MUNLOCK);
- if (error)
- return (error);
+ if (!unprivileged_mlock) {
+ error = priv_check(td, PRIV_VM_MUNLOCK);
+ if (error)
+ return (error);
+ }

/* Clear the MAP_WIREFUTURE flag from this vm_map. */
vm_map_lock(map);
@@ -1215,9 +1225,11 @@ sys_munlock(td, uap)
vm_size_t size;
int error;

- error = priv_check(td, PRIV_VM_MUNLOCK);
- if (error)
- return (error);
+ if (!unprivileged_mlock) {
+ error = priv_check(td, PRIV_VM_MUNLOCK);
+ if (error)
+ return (error);
+ }
addr = (vm_offset_t)uap->addr;
size = uap->len;
last = addr + size;
Index: lib/libc/sys/mlockall.2
===================================================================
--- lib/libc/sys/mlockall.2 (revision 239772)
+++ lib/libc/sys/mlockall.2 (working copy)
@@ -72,7 +72,9 @@ limit and the per-process
.Dv RLIMIT_MEMLOCK
resource limit.
.Pp
-These calls are only available to the super-user.
+These calls are only available to the super-user, or to anyone when
+.Va security.bsd.unprivileged_mlock
+is set to 1.
.Pp
The
.Fn munlockall
Index: lib/libc/sys/mlock.2
===================================================================
--- lib/libc/sys/mlock.2 (revision 239772)
+++ lib/libc/sys/mlock.2 (working copy)
@@ -99,7 +99,9 @@ the per-process
.Li RLIMIT_MEMLOCK
resource limit.
.Pp
-These calls are only available to the super-user.
+These calls are only available to the super-user, or to anyone when
+.Va security.bsd.unprivileged_mlock
+is set to 1.
.Sh RETURN VALUES
.Rv -std
.Pp
@@ -112,7 +114,9 @@ system call
will fail if:
.Bl -tag -width Er
.It Bq Er EPERM
-The caller is not the super-user.
+The caller is not the super-user and
+.Va security.bsd.unprivileged_mlock
+is set to 0.
.It Bq Er EINVAL
The address given is not page aligned or the length is negative.
.It Bq Er EAGAIN
@@ -129,7 +133,9 @@ system call
will fail if:
.Bl -tag -width Er
.It Bq Er EPERM
-The caller is not the super-user.
+The caller is not the super-user and
+.Va security.bsd.unprivileged_mlock
+is set to 0.
.It Bq Er EINVAL
The address given is not page aligned or the length is negative.
.It Bq Er ENOMEM

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: [patch] unprivileged mlock(2)
  - From: John Baldwin
- Re: [patch] unprivileged mlock(2)
  - From: Bryan Drewery

Prev by Date: Re: Partial cacheline flush problems on ARM and MIPS
Next by Date: Re: [patch] unprivileged mlock(2)
Previous by thread: warning: cast increases required alignment of target type
Next by thread: Re: [patch] unprivileged mlock(2)
Index(es):
- Date
- Thread

Relevant Pages

Re: [patch] unprivileged mlock(2)
... +#ifdef RACCT ... -These calls are only available to the super-user. ...
(freebsd-arch)
Re: [SLE] Unable to print
... > The logic seems to be circular: only root can add or change a password, ... When run by a normal user, lppasswd will prompt for the old and ... When run by the super-user, lppasswd can add new accounts (-a ...
(SuSE)
Re: Cant NFS mount linux drive on OSX
... If you plan to write to this shared disk, ... You should be super-user (root) to be able to mount remote file system. ...
(comp.os.linux.networking)