Date: Thu, 17 Jan 2013 15:00:22 +0100 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: Konstantin Belousov <kostikbel@gmail.com> Cc: Andrey Zonov <zont@FreeBSD.org>, svn-src-all@freebsd.org, Andriy Gapon <avg@freebsd.org> Subject: bin/174831: geli segfaults with the new locked memory limit default (was: svn commit: r245415 - stable/9/etc) Message-ID: <20130117150022.24373166@fabiankeil.de> In-Reply-To: <20130115212014.GD2522@kib.kiev.ua> References: <201301141058.r0EAwK4q044423@svn.freebsd.org> <20130114122640.152cb041@fabiankeil.de> <50F4464A.7000903@FreeBSD.org> <20130114200914.7f3272d2@fabiankeil.de> <50F5AB7B.6090903@FreeBSD.org> <20130115212014.GD2522@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/7Vrf98vwCKV1FbgNXG+feJf Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Konstantin Belousov <kostikbel@gmail.com> wrote: > On Tue, Jan 15, 2013 at 11:18:19PM +0400, Andrey Zonov wrote: > > On 1/14/13 11:09 PM, Fabian Keil wrote: > > > Andrey Zonov <zont@FreeBSD.org> wrote: > > >=20 > > >> On 1/14/13 3:26 PM, Fabian Keil wrote: > > >>> Andrey Zonov <zont@FreeBSD.org> wrote: > > >>> > > >>>> Author: zont > > >>>> Date: Mon Jan 14 10:58:20 2013 > > >>>> New Revision: 245415 > > >>>> URL: http://svnweb.freebsd.org/changeset/base/245415 > > >>>> > > >>>> Log: > > >>>> MFC r244383: > > >>>> - Set memorylocked limit to 64Kb for default login class. > > >>>> This prevents unprivileged users to lock too much memory. > > >>> > > >>> Note that this causes geli segfaults when using sudo: > > >>> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D174831 > > >>> > > >> > > >> The change should not affect stable, because new behavior was turned= off > > >> in stable. > > >=20 > > > It's not exactly obvious, but by "this" I was referring to the change > > > in CURRENT. > > >=20 > >=20 > > The solution which you proposed was refused by kib@ (add to CC) when I > > proposed it earlier. > The limits purpose is to limit some resource usage. Having applications > that override the limits contradicts the user intent of keeping the > limits working. My "user intent" when running applications with sudo is that they do whatever is necessary to get the job done. geli usually only runs for a couple of seconds, there usually aren't lots of parallel geli executions and the limit will only be increased if geli is running with root privileges. I agree that applications shouldn't blindly increase limits without reason, but in this case I think a good reason exists. > As a workaround, you could set the limit for your user account. Or I could continue to use the patch ... The main problem I see here is that the user has to figure out the cause of the problem before a workaround can be applied. "pid 3521 (geli), uid 0: exited on signal 11" looks like a common application bug and gdb isn't particular useful to diagnose the problem either. > As a solution, change the offending application to only mlock() > the sensitive pages. E.g. gnupg already does this, probably because > it is portable. I agree that only mlock()ing the sensitive pages is a nice idea in theory. gnupg is an interesting example because it isn't able to lock the memory either: fk@r500 ~ $echo blafasel | gpg --encrypt -o /dev/null gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/documentation/faqs.html for more infor= mation The excerpt from gnupg-1.4.13/util/secmem.c's lock_pool(): if( uid ) { errno =3D EPERM; err =3D errno; } else { err =3D mlock( p, n ); if( err && errno ) err =3D errno; } n is 32768 here, but if I disable the now-bogus uid check or run gpg with sudo, mlock() returns -1 anyway and errno is ENOENT (like before the mlock() call). Apparently the mlock()ing even fails when gpg's s-bit is set now, although I'm reasonably sure that this used to work in the past (at least it suppressed the warning). Fabian --Sig_/7Vrf98vwCKV1FbgNXG+feJf Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlD4BAEACgkQBYqIVf93VJ09CwCgvBbwHzSsDBe8YllERYJPIicr qJIAoMcdKvkbnkadPTOW8OXlQ0E7XRJr =zlj8 -----END PGP SIGNATURE----- --Sig_/7Vrf98vwCKV1FbgNXG+feJf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130117150022.24373166>