feat(mm)：添加mlock系列的系统调用

[kaleidoscope416]

概述

本 PR 实现了 Linux 兼容的 mlock/munlock/mlockall/munlockall 系列系统调用，用于防止关键内存页面被换出到交换空间。这是数据库、加密应用等需要保证内存持久性的场景的重要功能。

相关 Commits (按时间顺序):

• faf59f0 - 设置 RLIMIT_MEMLOCK 默认值
• 5b55c44 - MADV_DONTNEED 与 VM_LOCKED 互斥检查等
• 3ea434d - 删去冗余接口和逻辑
• 48c854d - 完成锁定物理页的逻辑
• 913a80a - 加入单元测试
• 19581f7 - 减去一个锁
• 6894c04 - 单独定义常量

---

主要功能

1. 核心系统调用

• mlock(addr, len) - 锁定指定内存区域中已映射页面
• mlock2(addr, len, flags) - 支持 MLOCK_ONFAULT 标志的锁定，锁定指定内存区域中已映射页面，延迟锁定指定内存区域中未映射页面
• munlock(addr, len) - 解锁指定内存区域
• mlockall(flags) - 锁定所有内存（支持 MCL_CURRENT 和 MCL_FUTURE）
• munlockall() - 解锁所有内存

2. 页面管理

• 页面级引用计数: 使用 Page::mlock_count 跟踪锁定次数
• 标志管理:
  • PG_MLOCKED - 标记页面已锁定
  • PG_UNEVICTABLE - 防止页面被换出
• 大页支持: 正确处理 2MB/1GB 大页的子页锁定

3. 资源限制

• RLIMIT_MEMLOCK 检查: 限制进程可锁定的内存总量
• 默认值: 64KB（与 Linux x86_64 一致）
• CAP_IPC_LOCK: 框架已预留（TODO: 实现权限检查）

4. VMA 管理

• VM_LOCKED 标志: 标记 VMA 中的页面应被锁定
• VM_LOCKONFAULT 标志: 延迟锁定，仅在缺页时锁定
• fork 语义: 正确实现 - 子进程不继承锁定状态

---

Note

Introduces Linux-compatible memory locking with proper accounting and limits.

• Add kernel/src/mm/mlock.rs with mlock_page/munlock_page, page-table walking (incl. huge-page subpages), and can_do_mlock
• New syscalls: mlock, mlock2 (MLOCK_ONFAULT), mlockall (MCL_CURRENT|MCL_FUTURE|MCL_ONFAULT), munlock, munlockall; validate ranges, align, CAP/RLIMIT checks
• AddressSpace/VMA: track locked_vm and def_flags; implement mlock/munlock/mlockall/munlockall; apply VM_LOCKED/VM_LOCKONFAULT; do not inherit locks on fork
• Page layer: add PG_MLOCKED, use PG_UNEVICTABLE, and per-page mlock_count
• Fault handling: when VM_LOCKONFAULT set, lock anon pages on demand in do_anonymous_page
• madvise: return EINVAL for MADV_DONTNEED on VM_LOCKED VMAs
• mmap/mremap: enforce RLIMIT_MEMLOCK for MAP_LOCKED and locked VMA expansion, returning EPERM/EAGAIN/ENOMEM as appropriate
• Process: set default RLIMIT_MEMLOCK to 64KB
• Tests: add user/apps/c_unitest/test_mlock.c; whitelist mlock_test

^{Written by Cursor Bugbot for commit a4aa5ad. This will update automatically on new commits. Configure here.}

[fslongjin]

bugbot run

[cursor]

Unused import x86::current accidentally added

Low Severity

The import use x86::current; is added but never used anywhere in the file. The current() calls in this file refer to AddressSpace::current() and self.is_current() methods, not the x86 crate's current module. This appears to be accidentally committed code.

 

[kaleidoscope416]

bugbot run

[cursor]

Skipping Bugbot: Unable to authenticate your request. Please make sure Bugbot is properly installed and configured for this repository.

[fslongjin]

bugbot run

[kaleidoscope416]

bugbot run

[cursor]

Skipping Bugbot: Unable to authenticate your request. Please make sure Bugbot is properly installed and configured for this repository.

[kaleidoscope416]

https://github.com/codex review

[kaleidoscope416]

@codex review

[chatgpt-codex-connector]

To use Codex here, create a Codex account and connect to github.

[kaleidoscope416]

@codex review

[chatgpt-codex-connector]

To use Codex here, create a Codex account and connect to github.

[fslongjin]

@claude review

[dragonos-community-ai-pr-reviewer]

Claude finished @fslongjin's task in 8m 46s —— View job

---

Code Review for PR #1619: feat(mm): 添加mlock系列的系统调用

I'm reviewing the mlock system call implementation. Let me examine the changes and provide feedback.

Todo List:

• Analyze PR description and existing review comments
• Examine key implementation files
• Check for bugs and issues mentioned in previous reviews
• Review new mlock.rs module
• Review syscall implementations
• Review VMA and page management changes
• Test integration and edge cases
• Provide comprehensive review feedback

Summary

This PR implements Linux-compatible mlock, mlock2, munlock, mlockall, and munlockall system calls with proper resource accounting, page locking, and RLIMIT_MEMLOCK enforcement. The implementation is comprehensive and follows Linux semantics.

Bug Fix Status

I've examined the 15 issues identified by Cursor Bugbot. Most have been addressed in the current code:

✅ Fixed issues:

1. mlockall fails to update locked_vm counter - Now updates locked_vm with VMA size
2. munlock unconditionally decrements causing potential underflow - Checks was_locked before decrementing
3. mlock double-counts already-locked pages - Checks was_locked before incrementing
4. Unused import x86::current - Appears removed
5. mlock2 syscall missing RLIMIT_MEMLOCK enforcement - Now includes RLIMIT check
6. mlockall syscall missing RLIMIT_MEMLOCK enforcement - Includes RLIMIT check for MCL_CURRENT
7. mmap with MAP_LOCKED fails to update locked_vm - Now updates locked_vm and checks RLIMIT
8. mlockall accepts empty flags - Validates at least MCL_CURRENT or MCL_FUTURE
9. TOCTOU race condition in VMA flag update - Mitigated by holding address space write lock
10. Huge page locking uses wrong physical address offset - Fixed with offset_in_entry
11. Missing address page alignment - Fixed in mlock, mlock2, and munlock
12. mlock2 missing address alignment - Now includes alignment logic
13. mlockall locked_vm accounting uses wrong count - Uses VMA size not mapped page count
14. Missing RLIMIT check for MCL_FUTURE mmap locking - RLIMIT check added for def_flags
15. munlock_page never clears PG_UNEVICTABLE flag - Now checks map_count() == 0

Code Quality

The implementation is well-documented with Linux references, follows Rust safety patterns, and includes comprehensive error handling. The use of atomic counters, proper locking, and page table walking is correct.

Suggestions

1. Error propagation: Some syscall handlers return SystemError but could benefit from more specific error codes in edge cases.
2. Edge case testing: While test_mlock.c is comprehensive, consider adding tests for:
   • Concurrent mlock/munlock operations
   • RLIMIT_MEMLOCK exhaustion scenarios
   • MCL_FUTURE with subsequent mmap failures
3. Page flag consistency: Ensure PG_UNEVICTABLE is always cleared when page is unmapped and mlock_count reaches zero.
4. Potential unwrap panics: The few unwrap() calls after entry.present() checks are safe, but consider using expect() with descriptive messages.

Overall

This is a high-quality implementation of a critical OS feature. The code addresses the previously identified security and correctness issues. The PR is ready for merge pending successful CI tests.

Recommended action: Approve after CI passes.

---

CI Status: All checks passed ✅ (branch: feat/mlock)

Review performed by Claude via Claude Code

[fslongjin]

这个pr有太多代码冗余了，并且封装程度也不够。
还有，在ucontext原有函数里面，加了一大段相对独立的内容，这种也要提取出来。
并且ucontext.rs太长了，最好把你在里面新增的逻辑提取到mlock.rs