diff options
author | David Quigley <dpquigl@tycho.nsa.gov> | 2006-06-23 05:04:02 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-23 10:42:54 -0400 |
commit | 86c3a7645c05a7d06b72653aa4b2bea4e7229d1b (patch) | |
tree | ac68280e9c44dbc6ca4c88dc1e9c72a8f56be95e | |
parent | 35601547baf92d984b6e59cf3583649da04baea5 (diff) |
[PATCH] SELinux: add security_task_movememory calls to mm code
This patch inserts security_task_movememory hook calls into memory management
code to enable security modules to mediate this operation between tasks.
Since the last posting, the hook has been renamed following feedback from
Christoph Lameter.
Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Andi Kleen <ak@muc.de>
Acked-by: Christoph Lameter <clameter@sgi.com>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | mm/mempolicy.c | 5 | ||||
-rw-r--r-- | mm/migrate.c | 6 |
2 files changed, 11 insertions, 0 deletions
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 05b84acf0bb3..ec4a1a950df9 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c | |||
@@ -88,6 +88,7 @@ | |||
88 | #include <linux/proc_fs.h> | 88 | #include <linux/proc_fs.h> |
89 | #include <linux/migrate.h> | 89 | #include <linux/migrate.h> |
90 | #include <linux/rmap.h> | 90 | #include <linux/rmap.h> |
91 | #include <linux/security.h> | ||
91 | 92 | ||
92 | #include <asm/tlbflush.h> | 93 | #include <asm/tlbflush.h> |
93 | #include <asm/uaccess.h> | 94 | #include <asm/uaccess.h> |
@@ -942,6 +943,10 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode, | |||
942 | goto out; | 943 | goto out; |
943 | } | 944 | } |
944 | 945 | ||
946 | err = security_task_movememory(task); | ||
947 | if (err) | ||
948 | goto out; | ||
949 | |||
945 | err = do_migrate_pages(mm, &old, &new, | 950 | err = do_migrate_pages(mm, &old, &new, |
946 | capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); | 951 | capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); |
947 | out: | 952 | out: |
diff --git a/mm/migrate.c b/mm/migrate.c index 033a12f4c949..1c2a71aa05cd 100644 --- a/mm/migrate.c +++ b/mm/migrate.c | |||
@@ -27,6 +27,7 @@ | |||
27 | #include <linux/writeback.h> | 27 | #include <linux/writeback.h> |
28 | #include <linux/mempolicy.h> | 28 | #include <linux/mempolicy.h> |
29 | #include <linux/vmalloc.h> | 29 | #include <linux/vmalloc.h> |
30 | #include <linux/security.h> | ||
30 | 31 | ||
31 | #include "internal.h" | 32 | #include "internal.h" |
32 | 33 | ||
@@ -905,6 +906,11 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages, | |||
905 | goto out2; | 906 | goto out2; |
906 | } | 907 | } |
907 | 908 | ||
909 | err = security_task_movememory(task); | ||
910 | if (err) | ||
911 | goto out2; | ||
912 | |||
913 | |||
908 | task_nodes = cpuset_mems_allowed(task); | 914 | task_nodes = cpuset_mems_allowed(task); |
909 | 915 | ||
910 | /* Limit nr_pages so that the multiplication may not overflow */ | 916 | /* Limit nr_pages so that the multiplication may not overflow */ |