Re: [PATCH 00/10] Patches for fixing the lowmem module

Re: [PATCH 00/10] Patches for fixing the lowmem module

[Felipe Balbi]

On Thu, Sep 11, 2008 at 07:20:32PM +0300, ext Viktor Rosendahl wrote:
> 
> Hello,
> 
> Currently the lowmem module doesn't compile. Here are some patches
> that will fix a bug, make some improvements and even make it compile.
> 
>  security/lowmem.c |  258 ++++++++++++++++++++++++++++++++----------------------
>  1 file changed, 154 insertions(+), 104 deletions(-)

This series should be going to LKML, l-o will get it when merging
upstream I'd say.

-- 
balbi

[PATCH 00/10] Patches for fixing the lowmem module

[Viktor Rosendahl]

Hello,

Currently the lowmem module doesn't compile. Here are some patches
that will fix a bug, make some improvements and even make it compile.

 security/lowmem.c |  258 ++++++++++++++++++++++++++++++++----------------------
 1 file changed, 154 insertions(+), 104 deletions(-)

best regards,

Viktor

[PATCH 01/10] Security: Kernel OOM-killer and allocation denial use different rules

[Viktor Rosendahl]

From: Henrik Saari <henrik.saari@nokia.com>

Security: Kernel OOM-killer and allocation denial use different rules

Original patch created by Leonid Moiseichuk <leonid.moiseichuk@nokia.com>

Fixes the issue with the oom killer and lowmem module being inconsistent;
processes that are important enough to be protected from the oom killer should
not be denied memory either.

Signed-off-by: Henrik Saari <henrik.saari@nokia.com>
Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
---
 security/lowmem.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/security/lowmem.c b/security/lowmem.c
index a627d51..113be75 100644
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -9,6 +9,7 @@
 #include <linux/pagemap.h>
 #include <linux/hugetlb.h>
 #include <linux/sysfs.h>
+#include <linux/oom.h>
 
 #define MY_NAME "lowmem"
 
@@ -207,6 +208,10 @@ static int low_vm_enough_memory(long pages)
 		if (cap_sys_admin)
 			return 0;
 
+		/* OOM unkillable process is allowed to consume memory */
+		if (current->oomkilladj == OOM_DISABLE)
+			return 0;
+
 		/* uids from allowed_uids vector are also allowed no matter what */
 		for (i = 0; i < LOWMEM_MAX_UIDS && allowed_uids[i]; i++)
 			if (current->uid == allowed_uids[i])
-- 
1.5.6.3

[PATCH 02/10] lowmem: remove unecessary usage of proc_dointvec_minmax()

[Viktor Rosendahl]

As far as I can understand, using proc_dointvec_minmax() instead of
proc_dointvec only makes sense if you supply the min and/or max values in the
extra1 and extra2 fields of the struct.

Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
---
 security/lowmem.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/lowmem.c b/security/lowmem.c
index 113be75..a965676 100644
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -69,7 +69,7 @@ static ctl_table lowmem_table[] = {
 		.maxlen = sizeof(unsigned int),
 		.mode = 0644,
 		.child = NULL,
-		.proc_handler = &proc_dointvec_minmax,
+		.proc_handler = &proc_dointvec,
 		.strategy = &sysctl_intvec,
 	}, {
 		.ctl_name = VM_LOWMEM_ALLOWED_UIDS,
@@ -89,7 +89,7 @@ static ctl_table lowmem_table[] = {
 		.maxlen = sizeof(unsigned long),
 		.mode = 0444,
 		.child = NULL,
-		.proc_handler = &proc_dointvec_minmax,
+		.proc_handler = &proc_dointvec,
 		.strategy = &sysctl_intvec,
 	}, {
 		.ctl_name = VM_LOWMEM_USED_PAGES,
@@ -98,7 +98,7 @@ static ctl_table lowmem_table[] = {
 		.maxlen = sizeof(long),
 		.mode = 0444,
 		.child = NULL,
-		.proc_handler = &proc_dointvec_minmax,
+		.proc_handler = &proc_dointvec,
 		.strategy = &sysctl_intvec,
 	}, {
 		.ctl_name = 0
-- 
1.5.6.3

[PATCH 03/10] lowmem: get rid of the percentages

[Viktor Rosendahl]

The purpose of this patch is to get rid of the lame percentage calculations in
lowmem.c. Currently, the limits (measured in pages) are calculated from
percentages every time somebody from userspace requests some memory. With this
patch, the limits are in pages and furthermore, they are specified as minimum
amount of "free pages", instead of as maximum amount of "used pages". "Free"
means free pages or such pages that can easily be freed by the VM system.

This patch changes the names of the lowmem sysctl limits in /proc/sys/vm:
lowmem_deny_watermark  	     => lowmem_deny_watermark_pages
lowmem_notify_low	     => lowmem_notify_low_pages
lowmem_notify_high 	     => lowmem_notify_high_pages

The following read only value disappears:
lowmem_used_pages

The following read only value is introduced:
lowmem_free_pages

The old value can be calculated from userspace with the following pseudocode:

if lowmem_free_pages < lowmem_allowed_pages
   lowmem_used_pages = lowmem_allowed_pages - lowmem_free_pages
else
   lowmem_used_pages = 0;

Note that the value of lowmem_free_pages is only accurate when the system is
rather low on memory (otherwise it's a bit too pessimistic), this was true also
for the lowmem_used_pages metric.

Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
---
 security/lowmem.c |   82 +++++++++++++++++++++++-----------------------------
 1 files changed, 36 insertions(+), 46 deletions(-)

diff --git a/security/lowmem.c b/security/lowmem.c
index a965676..2dc0c4a 100644
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -16,48 +16,48 @@
 #define LOWMEM_MAX_UIDS 8
 
 enum {
-	VM_LOWMEM_DENY = 1,
-	VM_LOWMEM_LEVEL1_NOTIFY,
-	VM_LOWMEM_LEVEL2_NOTIFY,
+	VM_LOWMEM_DENY_PAGES = 1,
+	VM_LOWMEM_NOTIFY_LOW_PAGES,
+	VM_LOWMEM_NOTIFY_HIGH_PAGES,
 	VM_LOWMEM_NR_DECAY_PAGES,
 	VM_LOWMEM_ALLOWED_UIDS,
 	VM_LOWMEM_ALLOWED_PAGES,
-	VM_LOWMEM_USED_PAGES,
+	VM_LOWMEM_FREE_PAGES,
 };
 
-static unsigned int deny_percentage;
-static unsigned int l1_notify, l2_notify;
+static long deny_pages;
+static long notify_low_pages, notify_high_pages;
 static unsigned int nr_decay_pages;
 static unsigned long allowed_pages;
-static long used_pages;
+static unsigned long lowmem_free_pages;
 static unsigned int allowed_uids[LOWMEM_MAX_UIDS];
 static unsigned int minuid = 1;
 static unsigned int maxuid = 65535;
 
 static ctl_table lowmem_table[] = {
 	{
-		.ctl_name = VM_LOWMEM_DENY,
-		.procname = "lowmem_deny_watermark",
-		.data = &deny_percentage,
-		.maxlen = sizeof(unsigned int),
+		.ctl_name = VM_LOWMEM_DENY_PAGES,
+		.procname = "lowmem_deny_watermark_pages",
+		.data = &deny_pages,
+		.maxlen = sizeof(long),
 		.mode = 0644,
 		.child = NULL,
 		.proc_handler = &proc_dointvec,
 		.strategy = &sysctl_intvec,
 	}, {
-		.ctl_name = VM_LOWMEM_LEVEL1_NOTIFY,
-		.procname = "lowmem_notify_low",
-		.data = &l1_notify,
-		.maxlen = sizeof(unsigned int),
+		.ctl_name = VM_LOWMEM_NOTIFY_LOW_PAGES,
+		.procname = "lowmem_notify_low_pages",
+		.data = &notify_low_pages,
+		.maxlen = sizeof(long),
 		.mode = 0644,
 		.child = NULL,
 		.proc_handler = &proc_dointvec,
 		.strategy = &sysctl_intvec,
 	}, {
-		.ctl_name = VM_LOWMEM_LEVEL2_NOTIFY,
-		.procname = "lowmem_notify_high",
-		.data = &l2_notify,
-		.maxlen = sizeof(unsigned int),
+		.ctl_name = VM_LOWMEM_NOTIFY_HIGH_PAGES,
+		.procname = "lowmem_notify_high_pages",
+		.data = &notify_high_pages,
+		.maxlen = sizeof(long),
 		.mode = 0644,
 		.child = NULL,
 		.proc_handler = &proc_dointvec,
@@ -92,10 +92,10 @@ static ctl_table lowmem_table[] = {
 		.proc_handler = &proc_dointvec,
 		.strategy = &sysctl_intvec,
 	}, {
-		.ctl_name = VM_LOWMEM_USED_PAGES,
-		.procname = "lowmem_used_pages",
-		.data = &used_pages,
-		.maxlen = sizeof(long),
+		.ctl_name = VM_LOWMEM_FREE_PAGES,
+		.procname = "lowmem_free_pages",
+		.data = &lowmem_free_pages,
+		.maxlen = sizeof(unsigned long),
 		.mode = 0444,
 		.child = NULL,
 		.proc_handler = &proc_dointvec,
@@ -163,21 +163,18 @@ static void high_watermark_state(int new_state)
 static int low_vm_enough_memory(long pages)
 {
 	unsigned long free, allowed;
-	long deny_threshold, level1, level2, used;
 	int cap_sys_admin = 0, notify;
 
 	if (cap_capable(current, CAP_SYS_ADMIN) == 0)
 		cap_sys_admin = 1;
 
+	allowed = totalram_pages - hugetlb_total_pages();
+	allowed_pages = allowed;
+
 	/* We activate ourselves only after both parameters have been
 	 * configured. */
-	if (deny_percentage == 0 || l1_notify == 0 || l2_notify == 0)
-		return __vm_enough_memory(pages, cap_sys_admin);
-
-	allowed = totalram_pages - hugetlb_total_pages();
-	deny_threshold = allowed * deny_percentage / 100;
-	level1 = allowed * l1_notify / 100;
-	level2 = allowed * l2_notify / 100;
+	if (deny_pages == 0 || notify_low_pages == 0 || notify_high_pages == 0)
+		return  __vm_enough_memory(pages, cap_sys_admin);
 
 	vm_acct_memory(pages);
 
@@ -186,22 +183,16 @@ static int low_vm_enough_memory(long pages)
 	free += nr_swap_pages;
 	free += global_page_state(NR_SLAB_RECLAIMABLE);
 
-	used = allowed - free;
-	if (unlikely(used < 0))
-		used = 0;
-
-	/* The hot path, plenty of memory */
-	if (likely(used < level1))
+	if (likely(free > notify_low_pages))
 		goto enough_memory;
 
 	/* No luck, lets make it more expensive and try again.. */
-	used -= nr_free_pages();
+	free += nr_free_pages();
 
-	if (used >= deny_threshold) {
+	if (free < deny_pages) {
 		int i;
 
-		allowed_pages = allowed;
-		used_pages = used;
+		lowmem_free_pages = free;
 		low_watermark_state(1);
 		high_watermark_state(1);
 		/* Memory allocations by root are always allowed */
@@ -227,7 +218,7 @@ static int low_vm_enough_memory(long pages)
 
 enough_memory:
 	/* See if we need to notify level 1 */
-	low_watermark_state(used >= level1);
+	low_watermark_state(free < notify_low_pages);
 
 	/*
 	 * In the level 2 notification case things are more complicated,
@@ -236,13 +227,12 @@ enough_memory:
 	 * on the same watermark level ends up bouncing back and forth
 	 * when applications are being stupid.
 	 */
-	notify = used >= level2;
-	if (notify || used + nr_decay_pages < level2)
+	notify = free < notify_high_pages;
+	if (notify || free - nr_decay_pages > notify_high_pages)
 		high_watermark_state(notify);
 
 	/* We have plenty of memory */
-	allowed_pages = allowed;
-	used_pages = used;
+	lowmem_free_pages = free;
 	return 0;
 }
 
-- 
1.5.6.3

[PATCH 04/10] lowmem: remove an unecessary local variable

[Viktor Rosendahl]

This "changed" variable is kind of deprecated. We used to have a spinlock
[which was later deemed unecessary] around the first if clause in the
*_watermark_state() functions; the variable was needed in order to move the
operation in the second if clause out of the lock section.

Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
---
 security/lowmem.c |   14 ++------------
 1 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/security/lowmem.c b/security/lowmem.c
index 2dc0c4a..183c57f 100644
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -136,28 +136,18 @@ KERNEL_ATTR_RO(high_watermark);
 
 static void low_watermark_state(int new_state)
 {
-	int changed = 0;
-
 	if (low_watermark_reached != new_state) {
 		low_watermark_reached = new_state;
-		changed = 1;
-	}
-
-	if (changed)
 		sysfs_notify(&kernel_subsys.kset.kobj, NULL, "low_watermark");
+	}
 }
 
 static void high_watermark_state(int new_state)
 {
-	int changed = 0;
-
 	if (high_watermark_reached != new_state) {
 		high_watermark_reached = new_state;
-		changed = 1;
-	}
-
-	if (changed)
 		sysfs_notify(&kernel_subsys.kset.kobj, NULL, "high_watermark");
+	}
 }
 
 static int low_vm_enough_memory(long pages)
-- 
1.5.6.3

[PATCH 05/10] lowmem: sysfs has changed

[Viktor Rosendahl]

Currently, the lowmem module doesn't even compile because the kernel API has
changed. This patch will unbreak the sysfs related code.

Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
---
 security/lowmem.c |   18 +++++++++---------
 1 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/security/lowmem.c b/security/lowmem.c
index 183c57f..a5b6088 100644
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -117,16 +117,18 @@ static ctl_table lowmem_root_table[] = {
 };
 
 #define KERNEL_ATTR_RO(_name) \
-static struct subsys_attribute _name##_attr = __ATTR_RO(_name)
+static struct kobj_attribute _name##_attr = __ATTR_RO(_name)
 
 static int low_watermark_reached, high_watermark_reached;
 
-static ssize_t low_watermark_show(struct subsystem *subsys, char *page)
+static ssize_t low_watermark_show(struct kobject *kobj,
+				  struct kobj_attribute *attr, char *page)
 {
 	return sprintf(page, "%u\n", low_watermark_reached);
 }
 
-static ssize_t high_watermark_show(struct subsystem *subsys, char *page)
+static ssize_t high_watermark_show(struct kobject *kobj,
+				   struct kobj_attribute *attr, char *page)
 {
 	return sprintf(page, "%u\n", high_watermark_reached);
 }
@@ -138,7 +140,7 @@ static void low_watermark_state(int new_state)
 {
 	if (low_watermark_reached != new_state) {
 		low_watermark_reached = new_state;
-		sysfs_notify(&kernel_subsys.kset.kobj, NULL, "low_watermark");
+		sysfs_notify(kernel_kobj, NULL, "low_watermark");
 	}
 }
 
@@ -146,7 +148,7 @@ static void high_watermark_state(int new_state)
 {
 	if (high_watermark_reached != new_state) {
 		high_watermark_reached = new_state;
-		sysfs_notify(&kernel_subsys.kset.kobj, NULL, "high_watermark");
+		sysfs_notify(kernel_kobj, NULL, "high_watermark");
 	}
 }
 
@@ -279,9 +281,7 @@ static int __init lowmem_init(void)
 	if (unlikely(!lowmem_table_header))
 		return -EPERM;
 
-	kernel_subsys.kset.kobj.kset = &kernel_subsys.kset;
-
-	r = sysfs_create_group(&kernel_subsys.kset.kobj,
+	r = sysfs_create_group(kernel_kobj,
 			       &lowmem_attr_group);
 	if (unlikely(r))
 		return r;
@@ -307,7 +307,7 @@ static void __exit lowmem_exit(void)
 
 	unregister_sysctl_table(lowmem_table_header);
 
-	sysfs_remove_group(&kernel_subsys.kset.kobj, &lowmem_attr_group);
+	sysfs_remove_group(kernel_kobj, &lowmem_attr_group);
 
 	printk(KERN_INFO MY_NAME ": Module removed.\n");
 }
-- 
1.5.6.3

[PATCH 06/10] lowmem: update memory management functions for the new kernel

[Viktor Rosendahl]

These functions now require an additional argument, so let's add it.

Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
---
 security/lowmem.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/lowmem.c b/security/lowmem.c
index a5b6088..939901c 100644
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -152,7 +152,7 @@ static void high_watermark_state(int new_state)
 	}
 }
 
-static int low_vm_enough_memory(long pages)
+static int low_vm_enough_memory(struct mm_struct *mm, long pages)
 {
 	unsigned long free, allowed;
 	int cap_sys_admin = 0, notify;
@@ -166,7 +166,7 @@ static int low_vm_enough_memory(long pages)
 	/* We activate ourselves only after both parameters have been
 	 * configured. */
 	if (deny_pages == 0 || notify_low_pages == 0 || notify_high_pages == 0)
-		return  __vm_enough_memory(pages, cap_sys_admin);
+		return  __vm_enough_memory(mm, pages, cap_sys_admin);
 
 	vm_acct_memory(pages);
 
-- 
1.5.6.3

[PATCH 07/10] lowmem: Security modules can no longer be removed.

[Viktor Rosendahl]

The unregister_security() and mod_unreg_security() functions were removed
because the upstream developers believe that it should not be possible to remove
security modules, "It is used only by out-of-tree modules, which are often
binary-only, illegal, abusive of the API and dangerous, e.g.  silently
re-vectoring SELinux."

Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
---
 security/lowmem.c |   22 ----------------------
 1 files changed, 0 insertions(+), 22 deletions(-)

diff --git a/security/lowmem.c b/security/lowmem.c
index 939901c..87f6cec 100644
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -291,29 +291,7 @@ static int __init lowmem_init(void)
 	return 0;
 }
 
-static void __exit lowmem_exit(void)
-{
-	/* remove ourselves from the security framework */
-	if (secondary) {
-		if (mod_unreg_security(MY_NAME, &lowmem_security_ops))
-			printk(KERN_ERR MY_NAME ": Failure unregistering "
-			       "with the primary security module.\n");
-	} else {
-		if (unregister_security(&lowmem_security_ops)) {
-			printk(KERN_ERR MY_NAME ": Failure unregistering "
-			       "with the kernel.\n");
-		}
-	}
-
-	unregister_sysctl_table(lowmem_table_header);
-
-	sysfs_remove_group(kernel_kobj, &lowmem_attr_group);
-
-	printk(KERN_INFO MY_NAME ": Module removed.\n");
-}
-
 module_init(lowmem_init);
-module_exit(lowmem_exit);
 
 MODULE_DESCRIPTION("Low watermark LSM module");
 MODULE_LICENSE("GPL");
-- 
1.5.6.3

[PATCH 08/10] lowmem: add compatibility code

[Viktor Rosendahl]

This is a patch that will reintroduce the old sysctl lowmem variables as read
only values in /proc/sys/vm. Some parts of the userland (at least libosso) are
reading these and it would probably greatly ease the transition to the new
scheme with memory limits in pages. We can revert this ugly patch when userland
has moved to the new scheme.

Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
---
 security/lowmem.c |   94 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 94 insertions(+), 0 deletions(-)

diff --git a/security/lowmem.c b/security/lowmem.c
index 87f6cec..56f1f6e 100644
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -23,6 +23,10 @@ enum {
 	VM_LOWMEM_ALLOWED_UIDS,
 	VM_LOWMEM_ALLOWED_PAGES,
 	VM_LOWMEM_FREE_PAGES,
+	VM_LOWMEM_DENY,
+	VM_LOWMEM_LEVEL1_NOTIFY,
+	VM_LOWMEM_LEVEL2_NOTIFY,
+	VM_LOWMEM_USED_PAGES
 };
 
 static long deny_pages;
@@ -33,6 +37,22 @@ static unsigned long lowmem_free_pages;
 static unsigned int allowed_uids[LOWMEM_MAX_UIDS];
 static unsigned int minuid = 1;
 static unsigned int maxuid = 65535;
+static unsigned int deny_percentage;
+static unsigned int l1_notify, l2_notify;
+static long used_pages;
+
+static int
+proc_dointvec_used(ctl_table *table, int write, struct file *filp,
+			void __user *buffer, size_t *lenp, loff_t *ppos);
+static int
+proc_dointvec_l1_notify(ctl_table *table, int write, struct file *filp,
+			void __user *buffer, size_t *lenp, loff_t *ppos);
+static int
+proc_dointvec_l2_notify(ctl_table *table, int write, struct file *filp,
+			void __user *buffer, size_t *lenp, loff_t *ppos);
+static int
+proc_dointvec_deny(ctl_table *table, int write, struct file *filp,
+			void __user *buffer, size_t *lenp, loff_t *ppos);
 
 static ctl_table lowmem_table[] = {
 	{
@@ -45,6 +65,42 @@ static ctl_table lowmem_table[] = {
 		.proc_handler = &proc_dointvec,
 		.strategy = &sysctl_intvec,
 	}, {
+		.ctl_name = VM_LOWMEM_DENY,
+		.procname = "lowmem_deny_watermark",
+		.data = &deny_percentage,
+		.maxlen = sizeof(unsigned int),
+		.mode = 0444,
+		.child = NULL,
+		.proc_handler = &proc_dointvec_deny,
+		.strategy = &sysctl_intvec,
+	}, {
+		.ctl_name = VM_LOWMEM_LEVEL1_NOTIFY,
+		.procname = "lowmem_notify_low",
+		.data = &l1_notify,
+		.maxlen = sizeof(unsigned int),
+		.mode = 0444,
+		.child = NULL,
+		.proc_handler = &proc_dointvec_l1_notify,
+		.strategy = &sysctl_intvec,
+	}, {
+		.ctl_name = VM_LOWMEM_LEVEL2_NOTIFY,
+		.procname = "lowmem_notify_high",
+		.data = &l2_notify,
+		.maxlen = sizeof(unsigned int),
+		.mode = 0444,
+		.child = NULL,
+		.proc_handler = &proc_dointvec_l2_notify,
+		.strategy = &sysctl_intvec,
+	}, {
+		.ctl_name = VM_LOWMEM_USED_PAGES,
+		.procname = "lowmem_used_pages",
+		.data = &used_pages,
+		.maxlen = sizeof(long),
+		.mode = 0444,
+		.child = NULL,
+		.proc_handler = &proc_dointvec_used,
+		.strategy = &sysctl_intvec,
+	}, {
 		.ctl_name = VM_LOWMEM_NOTIFY_LOW_PAGES,
 		.procname = "lowmem_notify_low_pages",
 		.data = &notify_low_pages,
@@ -121,6 +177,44 @@ static struct kobj_attribute _name##_attr = __ATTR_RO(_name)
 
 static int low_watermark_reached, high_watermark_reached;
 
+static int
+proc_dointvec_l1_notify(ctl_table *table, int write, struct file *filp,
+			void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+	l1_notify =
+	100 - (100 * notify_low_pages + allowed_pages / 2) / allowed_pages;
+	return proc_dointvec(table, write, filp, buffer, lenp, ppos);
+}
+
+static int
+proc_dointvec_l2_notify(ctl_table *table, int write, struct file *filp,
+			void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+	l2_notify =
+	100 - (100 * notify_high_pages + allowed_pages / 2) / allowed_pages;
+	return proc_dointvec(table, write, filp, buffer, lenp, ppos);
+}
+
+static int
+proc_dointvec_deny(ctl_table *table, int write, struct file *filp,
+			void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+	deny_percentage =
+	100 - (100 * deny_pages + allowed_pages / 2) / allowed_pages;
+	return proc_dointvec(table, write, filp, buffer, lenp, ppos);
+}
+
+static int
+proc_dointvec_used(ctl_table *table, int write, struct file *filp,
+			void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+	if (lowmem_free_pages > 0 && allowed_pages > lowmem_free_pages)
+		used_pages = allowed_pages - lowmem_free_pages;
+	else
+		used_pages = 0;
+	return proc_dointvec(table, write, filp, buffer, lenp, ppos);
+}
+
 static ssize_t low_watermark_show(struct kobject *kobj,
 				  struct kobj_attribute *attr, char *page)
 {
-- 
1.5.6.3

[PATCH 09/10] lowmem: Fix split of ptrace

[Viktor Rosendahl]

A previous commit split the ptrace member into two. Thus we need to update the
lowmem module accordingly.

Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
---
 security/lowmem.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/security/lowmem.c b/security/lowmem.c
index 56f1f6e..b986070 100644
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -324,7 +324,8 @@ enough_memory:
 
 static struct security_operations lowmem_security_ops = {
 	/* Use the capability functions for some of the hooks */
-	.ptrace = cap_ptrace,
+	.ptrace_may_access = cap_ptrace_may_access,
+	.ptrace_traceme = cap_ptrace_traceme,
 	.capget = cap_capget,
 	.capset_check = cap_capset_check,
 	.capset_set = cap_capset_set,
-- 
1.5.6.3

[PATCH 10/10] lowmem: Remove the possibility to stack the module

[Viktor Rosendahl]

The mod_reg_security() function that is used to stack modules has been removed:
"LSMs wishing to stack capability as a secondary module should do so
explicitly". Thus, let's remove the possibility to stack in the init function.
The functionality could probably be reintroduced later if somebody has time to
implement it.

Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
---
 security/lowmem.c |   10 +---------
 1 files changed, 1 insertions(+), 9 deletions(-)

diff --git a/security/lowmem.c b/security/lowmem.c
index b986070..ae78a53 100644
--- a/security/lowmem.c
+++ b/security/lowmem.c
@@ -340,8 +340,6 @@ static struct security_operations lowmem_security_ops = {
 };
 
 static struct ctl_table_header *lowmem_table_header;
-/* flag to keep track of how we were registered */
-static int secondary;
 
 static struct attribute *lowmem_attrs[] = {
 	&low_watermark_attr.attr,
@@ -360,13 +358,7 @@ static int __init lowmem_init(void)
 	/* register ourselves with the security framework */
 	if (register_security(&lowmem_security_ops)) {
 		printk(KERN_ERR MY_NAME ": Failure registering with the kernel\n");
-		/* try registering with primary module */
-		if (mod_reg_security(MY_NAME, &lowmem_security_ops)) {
-			printk(KERN_ERR ": Failure registering with the primary"
-			       "security module.\n");
-			return -EINVAL;
-		}
-		secondary = 1;
+		return -EINVAL;
 	}
 
 	/* initialize the uids vector */
-- 
1.5.6.3

Re: [PATCH 00/10] Patches for fixing the lowmem module

[Felipe Balbi]

On Thu, Sep 11, 2008 at 07:55:29PM +0300, Viktor Rosendahl wrote:
> On Thu, 2008-09-11 at 19:17 +0300, Felipe Balbi wrote:
> > On Thu, Sep 11, 2008 at 07:20:32PM +0300, ext Viktor Rosendahl wrote:
> > > 
> > > Hello,
> > > 
> > > Currently the lowmem module doesn't compile. Here are some patches
> > > that will fix a bug, make some improvements and even make it compile.
> > > 
> > >  security/lowmem.c |  258 ++++++++++++++++++++++++++++++++----------------------
> > >  1 file changed, 154 insertions(+), 104 deletions(-)
> > 
> > This series should be going to LKML, l-o will get it when merging
> > upstream I'd say.
> > 
> 
> The only problem is that currently the lowmem module doesn't exist in
> mainline. My guess is that the lowmem module would need quite a bit of
> more work before it would be accepted in mainline, if at all. 
> 
> It will probably take some time before we get it into mainline, so I
> suggest that these patches are meged into linux-omap now.

Hmm... got it ;-)

It's yet another piece of code that never made its way to mainline :-)

-- 
balbi

Re: [PATCH 00/10] Patches for fixing the lowmem module

[Viktor Rosendahl]

On Thu, 2008-09-11 at 19:17 +0300, Felipe Balbi wrote:
> On Thu, Sep 11, 2008 at 07:20:32PM +0300, ext Viktor Rosendahl wrote:
> > 
> > Hello,
> > 
> > Currently the lowmem module doesn't compile. Here are some patches
> > that will fix a bug, make some improvements and even make it compile.
> > 
> >  security/lowmem.c |  258 ++++++++++++++++++++++++++++++++----------------------
> >  1 file changed, 154 insertions(+), 104 deletions(-)
> 
> This series should be going to LKML, l-o will get it when merging
> upstream I'd say.
> 

The only problem is that currently the lowmem module doesn't exist in
mainline. My guess is that the lowmem module would need quite a bit of
more work before it would be accepted in mainline, if at all. 

It will probably take some time before we get it into mainline, so I
suggest that these patches are meged into linux-omap now.

best regards,

Viktor

Re: [PATCH 00/10] Patches for fixing the lowmem module

[Tony Lindgren]

* Felipe Balbi <felipe.balbi@nokia.com> [080911 09:48]:
> On Thu, Sep 11, 2008 at 07:55:29PM +0300, Viktor Rosendahl wrote:
> > On Thu, 2008-09-11 at 19:17 +0300, Felipe Balbi wrote:
> > > On Thu, Sep 11, 2008 at 07:20:32PM +0300, ext Viktor Rosendahl wrote:
> > > > 
> > > > Hello,
> > > > 
> > > > Currently the lowmem module doesn't compile. Here are some patches
> > > > that will fix a bug, make some improvements and even make it compile.
> > > > 
> > > >  security/lowmem.c |  258 ++++++++++++++++++++++++++++++++----------------------
> > > >  1 file changed, 154 insertions(+), 104 deletions(-)
> > > 
> > > This series should be going to LKML, l-o will get it when merging
> > > upstream I'd say.
> > > 
> > 
> > The only problem is that currently the lowmem module doesn't exist in
> > mainline. My guess is that the lowmem module would need quite a bit of
> > more work before it would be accepted in mainline, if at all. 
> > 
> > It will probably take some time before we get it into mainline, so I
> > suggest that these patches are meged into linux-omap now.
> 
> Hmm... got it ;-)
> 
> It's yet another piece of code that never made its way to mainline :-)

Still, how about posting it to LKML? Other people may be interested in
it too. And you'll find out what would have to be fixed to get it
integrated.

Anyways, pushing to l-o tree today.

Tony

Re: [PATCH 00/10] Patches for fixing the lowmem module

[Viktor Rosendahl]

On Fri, 2008-09-12 at 11:14 -0700, ext Tony Lindgren wrote:

> Still, how about posting it to LKML? Other people may be interested in
> it too. And you'll find out what would have to be fixed to get it
> integrated.

I don't really know what criteria mainline has but I am under the
impression that adding new entries to /proc [like the current lowmem
code does] would not be that popular.

Another issue is that we are thinking that it would be desirable to
still make some modifications to the interface. ABI changes are probably
not that popular in mainline so it could be benefical to make those
modifications before trying to push it there.

Anyways, I am kind of busy right now but I will try to find the time to
reshuffle the code within the next couple of weeks.

best regards,

Viktor