From owner-freebsd-arch@FreeBSD.ORG  Mon Jun  3 13:23:21 2013
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: arch@FreeBSD.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id BA2D363B
 for <arch@FreeBSD.org>; Mon,  3 Jun 2013 13:23:21 +0000 (UTC)
 (envelope-from glebius@FreeBSD.org)
Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10])
 by mx1.freebsd.org (Postfix) with ESMTP id 49C1D1CDA
 for <arch@FreeBSD.org>; Mon,  3 Jun 2013 13:23:20 +0000 (UTC)
Received: from cell.glebius.int.ru (localhost [127.0.0.1])
 by cell.glebius.int.ru (8.14.6/8.14.6) with ESMTP id r53DNKHi085481;
 Mon, 3 Jun 2013 17:23:20 +0400 (MSK)
 (envelope-from glebius@FreeBSD.org)
Received: (from glebius@localhost)
 by cell.glebius.int.ru (8.14.6/8.14.6/Submit) id r53DNKGX085480;
 Mon, 3 Jun 2013 17:23:20 +0400 (MSK)
 (envelope-from glebius@FreeBSD.org)
X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to
 glebius@FreeBSD.org using -f
Date: Mon, 3 Jun 2013 17:23:20 +0400
From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Andre Oppermann <oppermann@networx.ch>
Subject: Re: aio_mlock(2) system call
Message-ID: <20130603132320.GP67170@glebius.int.ru>
References: <20130603100618.GH67170@FreeBSD.org> <51AC9748.5070908@networx.ch>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <51AC9748.5070908@networx.ch>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: arch@FreeBSD.org
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jun 2013 13:23:21 -0000

On Mon, Jun 03, 2013 at 03:16:56PM +0200, Andre Oppermann wrote:
A> >    This patch brings a new system call - aio_mlock(2). The idea is
A> > quite clear from its name: it performs mlock(2), which can take
A> > a long time if pages aren't resident, under aio(4) control.
A> >
A> >    The patch is quite simple, and non-desctructive. Here it is
A> > for your review.
A> 
A> I didn't immediately see something about permissions to prevent normal
A> users from easily exhausting all kernel memory.
A> 
A> Since this is likely to be only used on dedicated servers it may be
A> sufficient to have a global sysctl allowing its use for non-root users.

The aio thread uses credentials of the process that issued aio_mlock(),
thus in terms of security semantics are equal to direct mlock() syscall.

-- 
Totus tuus, Glebius.