aio_mlock(2) system call
Gleb Smirnoff
glebius at FreeBSD.org
Mon Jun 3 13:23:21 UTC 2013
On Mon, Jun 03, 2013 at 03:16:56PM +0200, Andre Oppermann wrote:
A> > This patch brings a new system call - aio_mlock(2). The idea is
A> > quite clear from its name: it performs mlock(2), which can take
A> > a long time if pages aren't resident, under aio(4) control.
A> >
A> > The patch is quite simple, and non-desctructive. Here it is
A> > for your review.
A>
A> I didn't immediately see something about permissions to prevent normal
A> users from easily exhausting all kernel memory.
A>
A> Since this is likely to be only used on dedicated servers it may be
A> sufficient to have a global sysctl allowing its use for non-root users.
The aio thread uses credentials of the process that issued aio_mlock(),
thus in terms of security semantics are equal to direct mlock() syscall.
--
Totus tuus, Glebius.
More information about the freebsd-arch
mailing list