mlock(2) for ordinary users

Peter Jeremy peterjeremy at optushome.com.au
Sat Jul 22 23:55:31 UTC 2006 

On Sat, 2006-Jul-22 18:16:31 +0300, Kostik Belousov wrote:
>On Sat, Jul 22, 2006 at 03:52:37PM +0100, Robert Watson wrote:
>> particular, I have to wonder if it works at all.  The whole idea of 
>> resources limits is that you bill new use to a credential, and credit 
>> reduced use to a similar credential.

Currently, most RLIMIT_xxx parameters are per-process (the exceptions
are RLIMIT_NPROC and RLIMIT_SBSIZE - which are per-user).

>>  Probably, we're interested only in 
>> memory pinned at the request of the process, not memory pinned by the 
>> kernel on its behalf.

Should memory wired via sysctl_wire_old_buffer() count as "at the
request of the process" or "by the kernel on its behalf"?  Currently,
it's treated as the former.

The following takes "credential" as "process" since that's how wired
memory is currently billed.

>> - When pages become locked on behalf of a credential, is it correctly billed
>>   to the credential?
>>
>> - When pages become unlocked (or are released), are any credentials that 
>> have requested it be locked credited?

I believe these are true.  This is the area where I'd appreciate assistance.

>> - What happens when the credential on a process changes between when memory
>>   is locked and unlocked?

I don't think this is possible because the credential is a process.

>> - What happens if more than one credential requests the same page of memory 
>>   be locked and unlocked?

This is another area that would need further examination.

>> - Is locked memory properly credited back to the credential on process exit
>>   and other non-explicit unmapping points?

Process exit is not relevant.  I'm not sure about implicit unwiring.

>As far as I remember, RLIMIT_MEMLOCK is per-process instead of per-cred.

It is.

>As consequence, allowing mlock() for non-root users actually allow such
>user to allocate value-of(RLIMIT_MEMLOCK) * value-of(RLIMIT_NPROC).

This is no different to the other per-process resource limits.  On a
stock FreeBSD system, I can reach the system-wide FD limit with two
user processes.  I can't see that having several processes each
locking RLIMIT_MEMLOCK pages provides any real benefit to the user
so this is really just another DoS vector.

>In fact, I had to make the answers to the asked questions when I
>implemented the per-user swap limits.

I didn't realise this existed.  How do you control per-user swap?  I
can't find any reference to this in either login.conf or setrlimit(2).

-- 
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20060722/2f07e853/attachment.pgp

More information about the freebsd-arch mailing list