]> www.pilppa.org Git - linux-2.6-omap-h63xx.git/blob - security/lowmem.c
Merge current mainline tree into linux-omap tree
[linux-2.6-omap-h63xx.git] / security / lowmem.c
1 #include <linux/module.h>
2 #include <linux/kernel.h>
3 #include <linux/mman.h>
4 #include <linux/init.h>
5 #include <linux/security.h>
6 #include <linux/sysctl.h>
7 #include <linux/swap.h>
8 #include <linux/kobject.h>
9 #include <linux/pagemap.h>
10 #include <linux/hugetlb.h>
11 #include <linux/sysfs.h>
12
13 #define MY_NAME "lowmem"
14
15 #define LOWMEM_MAX_UIDS 8
16
17 enum {
18         VM_LOWMEM_DENY = 1,
19         VM_LOWMEM_LEVEL1_NOTIFY,
20         VM_LOWMEM_LEVEL2_NOTIFY,
21         VM_LOWMEM_NR_DECAY_PAGES,
22         VM_LOWMEM_ALLOWED_UIDS,
23         VM_LOWMEM_ALLOWED_PAGES,
24         VM_LOWMEM_USED_PAGES,
25 };
26
27 static unsigned int deny_percentage;
28 static unsigned int l1_notify, l2_notify;
29 static unsigned int nr_decay_pages;
30 static unsigned long allowed_pages;
31 static long used_pages;
32 static unsigned int allowed_uids[LOWMEM_MAX_UIDS];
33 static unsigned int minuid = 1;
34 static unsigned int maxuid = 65535;
35
36 static ctl_table lowmem_table[] = {
37         {
38                 .ctl_name = VM_LOWMEM_DENY,
39                 .procname = "lowmem_deny_watermark",
40                 .data = &deny_percentage,
41                 .maxlen = sizeof(unsigned int),
42                 .mode = 0644,
43                 .child = NULL,
44                 .proc_handler = &proc_dointvec,
45                 .strategy = &sysctl_intvec,
46         }, {
47                 .ctl_name = VM_LOWMEM_LEVEL1_NOTIFY,
48                 .procname = "lowmem_notify_low",
49                 .data = &l1_notify,
50                 .maxlen = sizeof(unsigned int),
51                 .mode = 0644,
52                 .child = NULL,
53                 .proc_handler = &proc_dointvec,
54                 .strategy = &sysctl_intvec,
55         }, {
56                 .ctl_name = VM_LOWMEM_LEVEL2_NOTIFY,
57                 .procname = "lowmem_notify_high",
58                 .data = &l2_notify,
59                 .maxlen = sizeof(unsigned int),
60                 .mode = 0644,
61                 .child = NULL,
62                 .proc_handler = &proc_dointvec,
63                 .strategy = &sysctl_intvec,
64         }, {
65                 .ctl_name = VM_LOWMEM_NR_DECAY_PAGES,
66                 .procname = "lowmem_nr_decay_pages",
67                 .data = &nr_decay_pages,
68                 .maxlen = sizeof(unsigned int),
69                 .mode = 0644,
70                 .child = NULL,
71                 .proc_handler = &proc_dointvec_minmax,
72                 .strategy = &sysctl_intvec,
73         }, {
74                 .ctl_name = VM_LOWMEM_ALLOWED_UIDS,
75                 .procname = "lowmem_allowed_uids",
76                 .data = &allowed_uids,
77                 .maxlen = LOWMEM_MAX_UIDS * sizeof(unsigned int),
78                 .mode = 0644,
79                 .child = NULL,
80                 .proc_handler = &proc_dointvec_minmax,
81                 .strategy = &sysctl_intvec,
82                 .extra1 = &minuid,
83                 .extra2 = &maxuid,
84         }, {
85                 .ctl_name = VM_LOWMEM_ALLOWED_PAGES,
86                 .procname = "lowmem_allowed_pages",
87                 .data = &allowed_pages,
88                 .maxlen = sizeof(unsigned long),
89                 .mode = 0444,
90                 .child = NULL,
91                 .proc_handler = &proc_dointvec_minmax,
92                 .strategy = &sysctl_intvec,
93         }, {
94                 .ctl_name = VM_LOWMEM_USED_PAGES,
95                 .procname = "lowmem_used_pages",
96                 .data = &used_pages,
97                 .maxlen = sizeof(long),
98                 .mode = 0444,
99                 .child = NULL,
100                 .proc_handler = &proc_dointvec_minmax,
101                 .strategy = &sysctl_intvec,
102         }, {
103                 .ctl_name = 0
104         }
105 };
106
107 static ctl_table lowmem_root_table[] = {
108         {
109                 .ctl_name = CTL_VM,
110                 .procname = "vm",
111                 .mode = 0555,
112                 .child = lowmem_table,
113         }, {
114                 .ctl_name = 0
115         }
116 };
117
118 #define KERNEL_ATTR_RO(_name) \
119 static struct subsys_attribute _name##_attr = __ATTR_RO(_name)
120
121 static int low_watermark_reached, high_watermark_reached;
122
123 static ssize_t low_watermark_show(struct subsystem *subsys, char *page)
124 {
125         return sprintf(page, "%u\n", low_watermark_reached);
126 }
127
128 static ssize_t high_watermark_show(struct subsystem *subsys, char *page)
129 {
130         return sprintf(page, "%u\n", high_watermark_reached);
131 }
132
133 KERNEL_ATTR_RO(low_watermark);
134 KERNEL_ATTR_RO(high_watermark);
135
136 static void low_watermark_state(int new_state)
137 {
138         int changed = 0;
139
140         if (low_watermark_reached != new_state) {
141                 low_watermark_reached = new_state;
142                 changed = 1;
143         }
144
145         if (changed)
146                 sysfs_notify(&kernel_subsys.kset.kobj, NULL, "low_watermark");
147 }
148
149 static void high_watermark_state(int new_state)
150 {
151         int changed = 0;
152
153         if (high_watermark_reached != new_state) {
154                 high_watermark_reached = new_state;
155                 changed = 1;
156         }
157
158         if (changed)
159                 sysfs_notify(&kernel_subsys.kset.kobj, NULL, "high_watermark");
160 }
161
162 static int low_vm_enough_memory(long pages)
163 {
164         unsigned long free, allowed;
165         long deny_threshold, level1, level2, used;
166         int cap_sys_admin = 0, notify;
167
168         if (cap_capable(current, CAP_SYS_ADMIN) == 0)
169                 cap_sys_admin = 1;
170
171         /* We activate ourselves only after both parameters have been
172          * configured. */
173         if (deny_percentage == 0 || l1_notify == 0 || l2_notify == 0)
174                 return __vm_enough_memory(pages, cap_sys_admin);
175
176         allowed = totalram_pages - hugetlb_total_pages();
177         deny_threshold = allowed * deny_percentage / 100;
178         level1 = allowed * l1_notify / 100;
179         level2 = allowed * l2_notify / 100;
180
181         vm_acct_memory(pages);
182
183         /* Easily freed pages when under VM pressure or direct reclaim */
184         free = global_page_state(NR_FILE_PAGES);
185         free += nr_swap_pages;
186         free += global_page_state(NR_SLAB_RECLAIMABLE);
187
188         used = allowed - free;
189         if (unlikely(used < 0))
190                 used = 0;
191
192         /* The hot path, plenty of memory */
193         if (likely(used < level1))
194                 goto enough_memory;
195
196         /* No luck, lets make it more expensive and try again.. */
197         used -= nr_free_pages();
198
199         if (used >= deny_threshold) {
200                 int i;
201
202                 allowed_pages = allowed;
203                 used_pages = used;
204                 low_watermark_state(1);
205                 high_watermark_state(1);
206                 /* Memory allocations by root are always allowed */
207                 if (cap_sys_admin)
208                         return 0;
209
210                 /* uids from allowed_uids vector are also allowed no matter what */
211                 for (i = 0; i < LOWMEM_MAX_UIDS && allowed_uids[i]; i++)
212                         if (current->uid == allowed_uids[i])
213                                 return 0;
214
215                 vm_unacct_memory(pages);
216                 if (printk_ratelimit()) {
217                         printk(MY_NAME ": denying memory allocation to process %d (%s)\n",
218                                current->pid, current->comm);
219                 }
220                 return -ENOMEM;
221         }
222
223 enough_memory:
224         /* See if we need to notify level 1 */
225         low_watermark_state(used >= level1);
226
227         /*
228          * In the level 2 notification case things are more complicated,
229          * as the level that we drop the state and send a notification
230          * should be lower than when it is first triggered. Having this
231          * on the same watermark level ends up bouncing back and forth
232          * when applications are being stupid.
233          */
234         notify = used >= level2;
235         if (notify || used + nr_decay_pages < level2)
236                 high_watermark_state(notify);
237
238         /* We have plenty of memory */
239         allowed_pages = allowed;
240         used_pages = used;
241         return 0;
242 }
243
244 static struct security_operations lowmem_security_ops = {
245         /* Use the capability functions for some of the hooks */
246         .ptrace = cap_ptrace,
247         .capget = cap_capget,
248         .capset_check = cap_capset_check,
249         .capset_set = cap_capset_set,
250         .capable = cap_capable,
251
252         .bprm_apply_creds = cap_bprm_apply_creds,
253         .bprm_set_security = cap_bprm_set_security,
254
255         .task_post_setuid = cap_task_post_setuid,
256         .task_reparent_to_init = cap_task_reparent_to_init,
257         .vm_enough_memory = low_vm_enough_memory,
258 };
259
260 static struct ctl_table_header *lowmem_table_header;
261 /* flag to keep track of how we were registered */
262 static int secondary;
263
264 static struct attribute *lowmem_attrs[] = {
265         &low_watermark_attr.attr,
266         &high_watermark_attr.attr,
267         NULL,
268 };
269
270 static struct attribute_group lowmem_attr_group = {
271         .attrs  = lowmem_attrs,
272 };
273
274 static int __init lowmem_init(void)
275 {
276         int r;
277
278         /* register ourselves with the security framework */
279         if (register_security(&lowmem_security_ops)) {
280                 printk(KERN_ERR MY_NAME ": Failure registering with the kernel\n");
281                 /* try registering with primary module */
282                 if (mod_reg_security(MY_NAME, &lowmem_security_ops)) {
283                         printk(KERN_ERR ": Failure registering with the primary"
284                                "security module.\n");
285                         return -EINVAL;
286                 }
287                 secondary = 1;
288         }
289
290         /* initialize the uids vector */
291         memset(allowed_uids, 0, sizeof(allowed_uids));
292
293         lowmem_table_header = register_sysctl_table(lowmem_root_table);
294         if (unlikely(!lowmem_table_header))
295                 return -EPERM;
296
297         kernel_subsys.kset.kobj.kset = &kernel_subsys.kset;
298
299         r = sysfs_create_group(&kernel_subsys.kset.kobj,
300                                &lowmem_attr_group);
301         if (unlikely(r))
302                 return r;
303
304         printk(KERN_INFO MY_NAME ": Module initialized.\n");
305
306         return 0;
307 }
308
309 static void __exit lowmem_exit(void)
310 {
311         /* remove ourselves from the security framework */
312         if (secondary) {
313                 if (mod_unreg_security(MY_NAME, &lowmem_security_ops))
314                         printk(KERN_ERR MY_NAME ": Failure unregistering "
315                                "with the primary security module.\n");
316         } else {
317                 if (unregister_security(&lowmem_security_ops)) {
318                         printk(KERN_ERR MY_NAME ": Failure unregistering "
319                                "with the kernel.\n");
320                 }
321         }
322
323         unregister_sysctl_table(lowmem_table_header);
324
325         sysfs_remove_group(&kernel_subsys.kset.kobj, &lowmem_attr_group);
326
327         printk(KERN_INFO MY_NAME ": Module removed.\n");
328 }
329
330 module_init(lowmem_init);
331 module_exit(lowmem_exit);
332
333 MODULE_DESCRIPTION("Low watermark LSM module");
334 MODULE_LICENSE("GPL");