[Devel] [PATCH vz9] mempolicy: prohibit all NUMA API syscalls in VE

Nikita Yushchenko nikita.yushchenko at virtuozzo.com
Fri Jan 28 13:35:52 MSK 2022


Commit 031743575525 ("mempolicy: Prohibit VE processes numa binding
syscalls") partially prohibits NUMA API, but is incomplete.

This patch prohibits all syscalls documented in numa(7) inside VE.

Also, for consistency, all these prohibit operations are moved to the
very beginning of the syscall handlers. This also ensures that -ENOSYS
and not other error is returned.

Fixes: 031743575525 ("mempolicy: Prohibit VE processes numa binding syscalls")
Signed-off-by: Nikita Yushchenko <nikita.yushchenko at virtuozzo.com>
Feature: prohibit NUMA API inside VE
---
 mm/mempolicy.c | 15 ++++++++++++---
 mm/migrate.c   |  6 ++++++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index fb58cc4cf81b..b4d8f047cf74 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1491,9 +1491,6 @@ static long kernel_set_mempolicy(int mode, const unsigned long __user *nmask,
 	int lmode = mode;
 	int err;
 
-	if (!ve_is_super(get_exec_env()))
-		return -ENOSYS;
-
 	err = sanitize_mpol_flags(&lmode, &mode_flags);
 	if (err)
 		return err;
@@ -1508,6 +1505,9 @@ static long kernel_set_mempolicy(int mode, const unsigned long __user *nmask,
 SYSCALL_DEFINE3(set_mempolicy, int, mode, const unsigned long __user *, nmask,
 		unsigned long, maxnode)
 {
+	if (!ve_is_super(get_exec_env()))
+		return -ENOSYS;
+
 	return kernel_set_mempolicy(mode, nmask, maxnode);
 }
 
@@ -1641,6 +1641,9 @@ SYSCALL_DEFINE5(get_mempolicy, int __user *, policy,
 		unsigned long __user *, nmask, unsigned long, maxnode,
 		unsigned long, addr, unsigned long, flags)
 {
+	if (!ve_is_super(get_exec_env()))
+		return -ENOSYS;
+
 	return kernel_get_mempolicy(policy, nmask, maxnode, addr, flags);
 }
 
@@ -1686,6 +1689,9 @@ COMPAT_SYSCALL_DEFINE3(set_mempolicy, int, mode, compat_ulong_t __user *, nmask,
 	unsigned long nr_bits, alloc_size;
 	DECLARE_BITMAP(bm, MAX_NUMNODES);
 
+	if (!ve_is_super(get_exec_env()))
+		return -ENOSYS;
+
 	nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES);
 	alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8;
 
@@ -1736,6 +1742,9 @@ COMPAT_SYSCALL_DEFINE4(migrate_pages, compat_pid_t, pid,
 	unsigned long nr_bits;
 	unsigned long size;
 
+	if (!ve_is_super(get_exec_env()))
+		return -ENOSYS;
+
 	nr_bits = min_t(unsigned long, maxnode - 1, MAX_NUMNODES);
 	size = ALIGN(nr_bits, BITS_PER_LONG) / 8;
 	if (old_nodes) {
diff --git a/mm/migrate.c b/mm/migrate.c
index 0d18e8e6d1c9..b51417854f22 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -1941,6 +1941,9 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
 		const int __user *, nodes,
 		int __user *, status, int, flags)
 {
+	if (!ve_is_super(get_exec_env()))
+		return -ENOSYS;
+
 	return kernel_move_pages(pid, nr_pages, pages, nodes, status, flags);
 }
 
@@ -1954,6 +1957,9 @@ COMPAT_SYSCALL_DEFINE6(move_pages, pid_t, pid, compat_ulong_t, nr_pages,
 	const void __user * __user *pages;
 	int i;
 
+	if (!ve_is_super(get_exec_env()))
+		return -ENOSYS;
+
 	pages = compat_alloc_user_space(nr_pages * sizeof(void *));
 	for (i = 0; i < nr_pages; i++) {
 		compat_uptr_t p;
-- 
2.30.2



More information about the Devel mailing list