[Bug 205752] New: EPERM not returned by mlock when the calling process has no privilege
https://bugzilla.novell.com/show_bug.cgi?id=205752 Summary: EPERM not returned by mlock when the calling process has no privilege Product: SUSE Linux 10.1 Version: Final Platform: i386 OS/Version: SuSE Linux 10.1 Status: NEW Severity: Normal Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: yxu@novell.com QAContact: qa@suse.de While working on LTP: testcases/open_posix_testsuite/conformance/interfaces/mlock/12_1.c, from the test intention, mlock should fail with EPERM if the calling process does not have the appropriate privilege to perform the requested operation as written in POSIX. But EPERM is not returned, so I think it was not implemented in linux/mm/mlock.c file. I modified mm/mlock.c file, then built a new kernel and test it again with the new kernel, and the test PASS. Here is the patch: --- /usr/src/linux/mm/mlock.c.orig 2006-09-14 16:49:01.000000000 +0200 +++ /usr/src/linux/mm/mlock.c 2006-09-14 15:08:24.000000000 +0200 @@ -130,6 +130,9 @@ asmlinkage long sys_mlock(unsigned long if (!can_do_mlock()) return -EPERM; + if (!capable(CAP_IPC_LOCK)) + return -EPERM; + down_write(¤t->mm->mmap_sem); len = PAGE_ALIGN(len + (start & ~PAGE_MASK)); start &= PAGE_MASK; @@ -196,6 +199,9 @@ asmlinkage long sys_mlockall(int flags) if (!can_do_mlock()) goto out; + if (!capable(CAP_IPC_LOCK)) + goto out; + down_write(¤t->mm->mmap_sem); lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; mlock-EPERM.patch lines 1-22/22 (END) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205752 lmb@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |yxu@novell.com ------- Comment #1 from lmb@novell.com 2006-09-19 05:22 MST ------- POSIX says it _may_ fail with EPERM, not that it _should_. But, here's the code of can_do_mlock(), which is called just before your check: static inline int can_do_mlock(void) { if (capable(CAP_IPC_LOCK)) return 1; if (current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur != 0) return 1; return 0; } So, the CAP_IPC_LOCK _is_ checked already, and EPERM returned in that case. I cannot see how your patch could make a difference here - are you sure the testcase is valid? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205752 yxu@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|yxu@novell.com | ------- Comment #2 from yxu@novell.com 2006-09-19 08:49 MST ------- what if (!capable(CAP_IPC_LOCK) && (current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur != 0)) ? In the testcase(see attachment), RLIMIT_MEMLOCK is 8. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205752 ------- Comment #3 from yxu@novell.com 2006-09-19 08:50 MST ------- Created an attachment (id=99072) --> (https://bugzilla.novell.com/attachment.cgi?id=99072&action=view) the testcase -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=205752 yxu@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #4 from yxu@novell.com 2006-09-19 09:24 MST ------- I just read from http://www.die.net/doc/linux/man/man2/mlock.2.html it says "EPERM(Linux 2.6.9 and later) the caller was not privileged (CAP_IPC_LOCK) and its RLIMIT_MEMLOCK soft resource limit was 0." I tested it, it is fine. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com