From owner-freebsd-arch@FreeBSD.ORG  Thu May 10 22:18:21 2012
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F3B4F106566B
	for <freebsd-arch@freebsd.org>; Thu, 10 May 2012 22:18:20 +0000 (UTC)
	(envelope-from delphij@delphij.net)
Received: from anubis.delphij.net (anubis.delphij.net
	[IPv6:2001:470:1:117::25])
	by mx1.freebsd.org (Postfix) with ESMTP id D969A8FC0C
	for <freebsd-arch@freebsd.org>; Thu, 10 May 2012 22:18:20 +0000 (UTC)
Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by anubis.delphij.net (Postfix) with ESMTPSA id 8C0E9115B4;
	Thu, 10 May 2012 15:18:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis;
	t=1336688300; bh=eAPiNMVOPiYP6dtteD7R+mgTqeCo+0UkR+os+aK4KgA=;
	h=Date:From:Reply-To:To:CC:Subject;
	b=zIqhMGnslx4ik6EIiOHEQEv5NIZnKz9sQa7gibvOH6343j28F2K7mbSddIoNoO1e4
	rjguMvoWeWTsff5TVKCfiToxaTddvpvtpyeXbEhBS5AiAc0k2nO7qq2Dt0cvGMSdLs
	Qp3X3aZhBWR4LuRfLMDRRwWSH/lYouGBKMzRAjEM=
Message-ID: <4FAC3EAB.6050303@delphij.net>
Date: Thu, 10 May 2012 15:18:19 -0700
From: Xin Li <delphij@delphij.net>
Organization: The FreeBSD Project
MIME-Version: 1.0
To: freebsd-arch@freebsd.org
X-Enigmail-Version: 1.5pre
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: d@delphij.net
Subject: Allow small amount of memory be mlock()'ed by unprivileged process?
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: d@delphij.net
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 22:18:21 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I've recently read some documents saying that some other operating
systems would allow a small amount of memory be mlock()'ed by
unprivileged process.  This feature is useful for applications that
needs the semantics, e.g. when requesting for memory that holds
sensitive information like private keys, etc.

The current implementation of ours would just return EPERM when caller
is not the superuser, and enforce a limit for privileged processes
(which is set to infinity).

Is there any concern of changing this to allow a few memory pages be
locked and remove the limit when the calling process is superuser?

Cheers,
- -- 
Xin LI <delphij@delphij.net>	https://www.delphij.net/
FreeBSD - The Power to Serve!		Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iQEcBAEBCAAGBQJPrD6rAAoJEG80Jeu8UPuzrlwIAK0e8eLvyGJgVz5E0W3Zuv+B
MnDkk33VuC8qCtHCu1a3glvFMmcmgu3firfT1cDPKOEK8wxUOcWFMNd6tkB+pMA0
2K0K2xa0VG8/dr7pbhG3yASE4A5PYMvTkLLs94Q35/BC0+mvck3lv5TZWU5mDOyg
OvynzLUT+QXPyteOPlkhYaF24O/ZrjA8xTXp+wV4pW4tJVCDrTJfohVsagIe3gpe
douPykCdO3hlWe46ovUvJ426+i0DETC/NSa0sDmYY8FksGVkovuEQD+V+t2fm40h
HyGtKRMZ95wUOea4ro35AfPzuYjkPT3JZDiWsEIMkXj4M6kADsvX/wKd24Bq1XE=
=FHpe
-----END PGP SIGNATURE-----