提交 86c3a764 编写于 作者: D David Quigley 提交者: Linus Torvalds

[PATCH] SELinux: add security_task_movememory calls to mm code

This patch inserts security_task_movememory hook calls into memory management
code to enable security modules to mediate this operation between tasks.

Since the last posting, the hook has been renamed following feedback from
Christoph Lameter.
Signed-off-by: NDavid Quigley <dpquigl@tycho.nsa.gov>
Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: NJames Morris <jmorris@namei.org>
Cc: Andi Kleen <ak@muc.de>
Acked-by: NChristoph Lameter <clameter@sgi.com>
Acked-by: NChris Wright <chrisw@sous-sol.org>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
上级 35601547
...@@ -88,6 +88,7 @@ ...@@ -88,6 +88,7 @@
#include <linux/proc_fs.h> #include <linux/proc_fs.h>
#include <linux/migrate.h> #include <linux/migrate.h>
#include <linux/rmap.h> #include <linux/rmap.h>
#include <linux/security.h>
#include <asm/tlbflush.h> #include <asm/tlbflush.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
...@@ -942,6 +943,10 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode, ...@@ -942,6 +943,10 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode,
goto out; goto out;
} }
err = security_task_movememory(task);
if (err)
goto out;
err = do_migrate_pages(mm, &old, &new, err = do_migrate_pages(mm, &old, &new,
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
out: out:
......
...@@ -27,6 +27,7 @@ ...@@ -27,6 +27,7 @@
#include <linux/writeback.h> #include <linux/writeback.h>
#include <linux/mempolicy.h> #include <linux/mempolicy.h>
#include <linux/vmalloc.h> #include <linux/vmalloc.h>
#include <linux/security.h>
#include "internal.h" #include "internal.h"
...@@ -905,6 +906,11 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages, ...@@ -905,6 +906,11 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages,
goto out2; goto out2;
} }
err = security_task_movememory(task);
if (err)
goto out2;
task_nodes = cpuset_mems_allowed(task); task_nodes = cpuset_mems_allowed(task);
/* Limit nr_pages so that the multiplication may not overflow */ /* Limit nr_pages so that the multiplication may not overflow */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册