Date: Sun, 16 Sep 2012 21:53:39 +0400 From: Andrey Zonov <zont@FreeBSD.org> To: Andriy Gapon <avg@FreeBSD.org> Cc: freebsd-arch@FreeBSD.org Subject: Re: [patch] unprivileged mlock(2) Message-ID: <50561223.7060709@FreeBSD.org> In-Reply-To: <5046F4E0.6000606@FreeBSD.org> References: <503DD433.2030108@FreeBSD.org> <201208290906.q7T96C9j032802@gw.catspoiler.org> <20120829092318.GW33100@deviant.kiev.zoral.com.ua> <503F2D24.8050103@FreeBSD.org> <50463026.8000506@FreeBSD.org> <504653CD.2000707@FreeBSD.org> <5046F4E0.6000606@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigEE218ED8847BBCE1EBCDBCD9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 9/5/12 10:44 AM, Andriy Gapon wrote: > on 04/09/2012 22:17 Andrey Zonov said the following: >> On 9/4/12 8:45 PM, Andriy Gapon wrote: >>> on 30/08/2012 12:06 Andrey Zonov said the following: >>>> Hi, >>>> >>>> So, I've got the first version of the patch (attached) which fixes=20 >>>> memory locked limit checking and accounting. >>> >>> Andrey, >>> >>> your mlock.patch looks good to me, but I haven't verified pieces unde= r >>> RACCT. Please try to get a review from a person who is knee-deep in t= he >>> VM code like alc or your mentor. >>> >> >> Thanks for review! >> >>> The code should also be sent for vetoing to security@. Not sure if y= ou >>> would get a review there, but absence of nays would be good. >>> >>> When the code is ready to be committed, please remember about=20 >>> memorylocked=3Dunlimited in the default entry of the default login.co= nf. A >>> big warning about it will have to be posted (in UPDATING and >>> current@/stable@ at the very least). >>> >> >> After that amd(8), geli(8) and watchdogd(8) will be broken, because th= ey=20 >> call mlockall(2). ntpd(8) won't, it already raises its RLIMIT_MEMLOCK= =2E I >> will prepare patches for raising limits if there is no other solution.= >=20 > Thanks for working on this. > BTW, I am not sure why those applications would get broken... > We could/should still have memorylocked=3Dunlimited for the 'root' clas= s. > Or is it about something else? >=20 Hmm, I thought that root login class commented out. >>> Thank you very much for doing this work. >>> >>> P.S. It would probably make sense to provide some HTTP home for this= >>> patch as well. >>> >> >> Updated patch is here [1]. >> >> [1] http://people.freebsd.org/~zont/mlock1.patch >> >=20 > Thank you! > One additional thing - we probably should retire PRIV_VM_MLOCK and > PRIV_VM_MUNLOCK. That would include making changes to > sys/i386/ibcs2/ibcs2_misc.c and sys/ofed/drivers/infiniband/core/umem.c= =2E >=20 They are useful for jails as trasz@ mentioned on IRC. > P.S. PRIV_VM_MUNLOCK _privilege_ feels a little bit weird. I wonder wh= at was > the intended use for it (if any)... >=20 So, here is the second version of the patch [1]. [1] http://people.freebsd.org/~zont/mlock2.patch --=20 Andrey Zonov --------------enigEE218ED8847BBCE1EBCDBCD9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQVhImAAoJEBWLemxX/CvTN0kH/RNV4ZLnUJLNAmiV/ckXP6DV qtkhHOrxIR13FDT73U+Ff47KckAL9JbI4xZ7jBAin7A2Km/X56IKkvUuCCaloL/r vJz62F77O/B+Hh+bPe3Ad6hfym6LKNxbYGLLqHr7f8aRJpGvpHQfZohyJNnviOcz qUD0VNvRbnppcPoNEJ4VUkpgOxV3DoJ9qNFQOSN47ruz+b1iIPnd8ZOl0lybVqVt 0x7MIhvtpl/3rI89PTc4RmqdA71GObFJ8Cmm+sewxARedK+EdP/MwcmzOnCQmrfI FyG4JTlBsYPdq97cklIpEJ09yzkAaayBa8rqC/nuoNs1ANKE+eZ7h8gm3/PKazM= =wjMX -----END PGP SIGNATURE----- --------------enigEE218ED8847BBCE1EBCDBCD9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50561223.7060709>