You can always look mlock/munlock up manually in the sys_call_table, but
the kernel code has to run within the context of a task AND run with
euid==0 (setuid root or as root user). This seems to be annoying and to
open up many security holes (I'm paranoid about setuid root programs).
A new kernel interface which either 1) allowed a user to have X
pages at most per user locked, or that 2) allowed X pages for all non root
users at most to be locked would be a feasible solution to this, instead of
having to have euid==0. It seems that not limiting users with m(un)lock
could probably be used for some sort of DoS attack
(lock a bunch of useless junk into memory so nothing else can get
memory to run ...). Either 1) or 2) would limit this, and
do so without adding security issues. Whatever is implemented, there
should be a fixed amount of unlockable memory so things can
swapped in to be ran.
Anyhow, below is a snippet of how I actually looked mlock/munlock up
in kernel space. I use it in a driver that I have, to do dma to user space
(with a busmaster pci card based using the AMC S5933 chip).
----------8<---------------8<--------------------
#include <asm/unistd.h>
typedef int (*mlock_t)(unsigned long start, size_t len);
typedef int (*munlock_t)(unsigned long start, size_t len);
extern void *sys_call_table;
static mlock_t mlock;
static munlock_t munlock;
/*
* figure out addresses for mlock and munlock (e.g. sys_mlock
* and sys_unlock functions), as they're not exported, and we'll
* need them later.
*/
mlock = ((mlock_t *) &sys_call_table)[__NR_mlock];
munlock = ((munlock_t *) &sys_call_table)[__NR_munlock];
----------8<---------------8<--------------------
Regards,
Christopher Boyd
--- Chrisotopher W. Boyd <cboyd@pobox.com> Web Page: http://www.pobox.com/~cboyd/ University of Texas at Austin PGP Key ID 0x18037059 ICQ UIN# 13185314 My views don't necessarily reflect those of anybody else.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/