From bce5f6ba340b09d8b29902add204bb95a6d3d88b Mon Sep 17 00:00:00 2001
From: Martin Hicks <mort@sgi.com>
Date: Sat, 3 Sep 2005 15:54:50 -0700
Subject: [PATCH] [PATCH] VM: add capabilites check to set_zone_reclaim

Add a capability check to sys_set_zone_reclaim().  This syscall is not
something that should be available to a user.

Signed-off-by:  Martin Hicks <mort@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---
 include/linux/capability.h | 1 +
 mm/vmscan.c                | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/include/linux/capability.h b/include/linux/capability.h
index 8d139f4acf23b..6b4618902d3dd 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -233,6 +233,7 @@ typedef __u32 kernel_cap_t;
 /* Allow enabling/disabling tagged queuing on SCSI controllers and sending
    arbitrary SCSI commands */
 /* Allow setting encryption key on loopback filesystem */
+/* Allow setting zone reclaim policy */
 
 #define CAP_SYS_ADMIN        21
 
diff --git a/mm/vmscan.c b/mm/vmscan.c
index cfffe5098d538..ab631a3c62c3c 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1375,6 +1375,9 @@ asmlinkage long sys_set_zone_reclaim(unsigned int node, unsigned int zone,
 	struct zone *z;
 	int i;
 
+	if (!capable(CAP_SYS_ADMIN))
+		return -EACCES;
+
 	if (node >= MAX_NUMNODES || !node_online(node))
 		return -EINVAL;
 
-- 
GitLab