Re: [patch] mm: recheck lock rlim after f_op->mmap() method

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Andrew Morton <akpm@linux-foundation.org>
To: Dmitry Monakhov <dmonakhov@sw.ru>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Nick Piggin <nickpiggin@yahoo.com.au>,
	Hugh Dickins <hugh@veritas.com>
Subject: Re: [patch] mm: recheck lock rlim after f_op->mmap() method
Date: Fri, 13 Jul 2007 01:13:32 -0700	[thread overview]
Message-ID: <20070713011332.2550c5e1.akpm@linux-foundation.org> (raw)
In-Reply-To: <20070709184917.GA8720@dnb.sw.ru>

On Mon, 9 Jul 2007 22:49:17 +0400 Dmitry Monakhov <dmonakhov@sw.ru> wrote:

> Some device drivers can change vm_flags in their f_op->mmap
> method. In order to be on the safe side we have to recheck
> lock rlimit. Now we have to check lock rlimit from two places,
> let's move this common code to helper functon.
> 
> Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
> ---
>  mm/mmap.c |   33 ++++++++++++++++++++++++++-------
>  1 files changed, 26 insertions(+), 7 deletions(-)
> 
> diff --git a/mm/mmap.c b/mm/mmap.c
> index 906ed40..5c89f1d 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -885,6 +885,18 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
>  }
>  #endif /* CONFIG_PROC_FS */
>  
> +static int check_lock_limit(unsigned long delta, struct mm_struct* mm)
> +{
> +	unsigned long locked, lock_limit;
> +	locked = delta >> PAGE_SHIFT;
> +	locked += mm->locked_vm;
> +	lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
> +	lock_limit >>= PAGE_SHIFT;
> +	if (locked > lock_limit && !capable(CAP_IPC_LOCK))
> +		return -EAGAIN;
> +	return 0;
> +}
> +
>  /*
>   * The caller must hold down_write(current->mm->mmap_sem).
>   */
> @@ -954,13 +966,9 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
>  	}
>  	/* mlock MCL_FUTURE? */
>  	if (vm_flags & VM_LOCKED) {
> -		unsigned long locked, lock_limit;
> -		locked = len >> PAGE_SHIFT;
> -		locked += mm->locked_vm;
> -		lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
> -		lock_limit >>= PAGE_SHIFT;
> -		if (locked > lock_limit && !capable(CAP_IPC_LOCK))
> -			return -EAGAIN;
> +		error = check_lock_limit(len, mm);
> +		if (error)
> +			return error;
>  	}
>  
>  	inode = file ? file->f_path.dentry->d_inode : NULL;
> @@ -1101,6 +1109,17 @@ munmap_back:
>  		error = file->f_op->mmap(file, vma);
>  		if (error)
>  			goto unmap_and_free_vma;
> +		
> +		if (vma->vm_flags & VM_LOCKED
> +				&& !(vm_flags & VM_LOCKED)) {
> +		/*
> +		 * VM_LOCKED was added in f_op->mmap() method,
> +		 * so we have to recheck limit.
> +		 */
> +			error = check_lock_limit(len, mm);
> +			if (error)
> +				goto unmap_and_free_vma;
> +		}

Worried.  As far as the filesytem is concerned, its mmap has succeeded.

But now we're taking the unmap_and_free_vma path _after_ ->mmap() has
"succeeded".  So we will now tell userspace that the mmap syscall has
failed, even though the fs thinks it succeeded, if you follow me.  And this
is a new thing.  

Could it cause bad things to happen?  Well, if filesystems had a
file_operations.munmap() then yeah, we should have called that in your new
code.  But filesystems don't have a ->munmap() method.

Still.  Can we think of any way in which this change could lead to resource
leaks or to any other such problems?

next prev parent reply	other threads:[~2007-07-13  8:14 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-09 18:49 [patch] mm: recheck lock rlim after f_op->mmap() method Dmitry Monakhov
2007-07-10 17:27 ` Hugh Dickins
2007-07-10 17:53   ` Dmitry Monakhov
2007-07-10 19:48     ` Hugh Dickins
2007-07-11  8:39   ` Jes Sorensen
2007-07-11 18:24     ` Hugh Dickins
2007-07-11  9:32   ` Christoph Hellwig
2007-07-11 10:12     ` Dmitry Monakhov
2007-07-11 10:14       ` Christoph Hellwig
2007-07-11 18:03         ` Hugh Dickins
2007-07-13  9:53           ` Christoph Hellwig
2007-07-13  8:13 ` Andrew Morton [this message]
2007-07-13 13:02   ` Hugh Dickins

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070713011332.2550c5e1.akpm@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=dmonakhov@sw.ru \
    --cc=hugh@veritas.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nickpiggin@yahoo.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox