From owner-freebsd-arch@FreeBSD.ORG Wed Aug 29 08:35:04 2012 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F5F7106573F for ; Wed, 29 Aug 2012 08:35:04 +0000 (UTC) (envelope-from andrey@zonov.org) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 77A498FC19 for ; Wed, 29 Aug 2012 08:35:03 +0000 (UTC) Received: by eaak11 with SMTP id k11so92848eaa.13 for ; Wed, 29 Aug 2012 01:35:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :x-gm-message-state; bh=eALbDMM4+prONm4e9+Kz41jtRVv4DnEnNHRJVXvhzwE=; b=Sjsi7JbF5jbG9evLaJRVWfDhj2oJNXR6aSSSU+FGC6d3NTL0dMFLxPTbZQpNFayMvm m+yVaqL6piJWhvOpTF5RfoLfWMZuVOFfS6zKdDT2YdzlTCeuNcv2yODfwlsvc3soklND JMP+3R6pVGosNo53j7cFh6rgoCt3j9PizDCqVuVIGyS4anO3Rmn/gb1iOgGDcp5RzvCE 8r3gewj2AJ3N32ELQ8WBhAkvt2JX78xshZfYktPShqN5wjRwn6kCgTIgU7NIBF5kb94W HJuUOUJtdxRXmydrK3ZDAmT593aG4rjol3cpP4cfZnCANho2wYwUaIF8g4FRXnCATjWS ld4w== Received: by 10.14.182.134 with SMTP id o6mr940753eem.26.1346229302261; Wed, 29 Aug 2012 01:35:02 -0700 (PDT) Received: from zont-osx.local (ppp95-165-143-86.pppoe.spdop.ru. [95.165.143.86]) by mx.google.com with ESMTPS id z6sm67827743eeo.6.2012.08.29.01.35.00 (version=SSLv3 cipher=OTHER); Wed, 29 Aug 2012 01:35:01 -0700 (PDT) Sender: Andrey Zonov Message-ID: <503DD433.2030108@FreeBSD.org> Date: Wed, 29 Aug 2012 12:34:59 +0400 From: Andrey Zonov User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: alc@freebsd.org References: <503CF3B1.3050604@FreeBSD.org> <503D08D6.1040004@shatow.net> <503D281A.3080107@FreeBSD.org> <503D34DB.3090000@FreeBSD.org> In-Reply-To: X-Enigmail-Version: 1.4.3 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigE2B25C00700D66F00BB7EB91" X-Gm-Message-State: ALoCoQkgEtXxtqThzxaNFW5gJSTW4nnKTC0AkD3rCGfyCwRhM+4RdhamNUl/DqYv3a13TqSZUN2N Cc: Bryan Drewery , Alan Cox , Andriy Gapon , freebsd-arch@freebsd.org Subject: Re: [patch] unprivileged mlock(2) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2012 08:35:04 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE2B25C00700D66F00BB7EB91 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 8/29/12 8:39 AM, Alan Cox wrote: > On Tue, Aug 28, 2012 at 4:15 PM, Andrey Zonov wrote:= >=20 >> On 8/29/12 12:20 AM, Andriy Gapon wrote: >>> on 28/08/2012 21:07 Bryan Drewery said the following: >>>> On 8/28/2012 11:37 AM, Andrey Zonov wrote: >>>>> Hi, >>>>> >>>>> We've got RLIMIT_MEMLOCK for years, but this limit is useless, beca= use >>>>> only root may call mlock(2), and root may raise any limits. >>>>> >>>>> I suggest patch that allows to call mlock(2) for unprivileged users= =2E >>>>> Are there any objections to got it in tree? >>>>> >>>> >>>> FYI, see previous recent thread on this here: >>>> >>>> http://lists.freebsd.org/pipermail/freebsd-arch/2012-May/012552.html= >>>> and >>>> http://lists.freebsd.org/pipermail/freebsd-arch/2012-June/012606.htm= l >>> >>> Yes, Andrey, I highly suggest that you read those threads completely.= >>> >>> Here are some observations. >>> >>> It doesn't look like mlockall and mlockall(MCL_FUTURE) in particular >> properly >>> honor RLIMIT_MEMLOCK. If this is not fixed, then it would be prematu= re >> to >>> enable the privilege for non-privileged users. >>> >> >> This should be surely fixed, but I don't know how. Any suggestions ar= e >> welcome. >> >>> I am against adding the sysctl knob. If RLIMIT_MEMLOCK limit is prop= erly >>> implemented then it is sufficient to effectively deny the privilege (= and >> with >>> much finer granularity). >>> >> >> Until all bugs around this problem will be fixed, to have such sysctl >> would be nice, and even keep it turned off to not change default >> behavior (not like in patch). >> >>> When the privilege is allowed to ordinary users, then memorylocked in= the >>> default login.conf would need to be set to something much lower than = the >> current >>> 'unlimited' :-) >>> >> >> It's not a problem to set it to a new reasonable value in the tree, bu= t >> it will be a problem to fix this everywhere. >> >>> Also, note that currently RLIMIT_MEMLOCK is abused at least in vslock= () >> (used at >>> least by sysctl's kernel side). The temporary wirings performed as a= n >>> implementation detail or side-effect should not be accounted against = the >> limit. >>> The limit is for wirings that a user makes and controls explicitly. = It >> should >>> not be applied to something that kernel does behind the scenes withou= t >> user's >>> knowledge. >>> >> >> I was surprised when I stepped on this few years ago on machine with >> thousands processes. top(8) ate 100% CPU in a forever loop, ps(1) >> didn't work, and that is because memorylocked limit was set to low. >> Later I submitted two patches which fixed kvm (r230873) and sockstat >> (r230874), but I totally agree with you here, we shouldn't check for >> limits in vslock(). >> >> > I agree with Andriy's argument for making the following change. Please= go > ahead and commit it. >=20 Thanks, I will commit it after approving from kib. But can we do better and don't lock process's memory in sysctl handlers? --=20 Andrey Zonov --------------enigE2B25C00700D66F00BB7EB91 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQPdQzAAoJEBWLemxX/CvTvJoIAI/rRlQIW7hjQYN2Bqt8lD2L ohIi67fCq8lsyGkbqBleFJCGTRpjSGKpQMT6ZD1cTjHi8WkzmJQMRO2sn7m2dBcI uCYs/LNHVf4xnNukeANGJ838jdjWPIrlEfnrh3CiPB8/BCUu05X7vKh1c6np9E7+ hcD8pJGl568Jg3Z2l+SBenbv7c6acWd4tBu2xHtnnz5x2Ly7nSZjbJ553ZbQKXlQ THH2w2GuRc4B1JYhhGWuU5n7t5W4UOWMzQUZnG4YayUTEowcqz6+4vcuEsqEJ2zd 4jwqm7G5eXxaHJ7yCPs6MPrd9JRMKYaGB2SBzAzFo95bdLkuyQCAhNoEGlsybvE= =GQxu -----END PGP SIGNATURE----- --------------enigE2B25C00700D66F00BB7EB91--