From owner-freebsd-arch@FreeBSD.ORG  Thu May 31 12:24:25 2012
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 9B2A31065680;
	Thu, 31 May 2012 12:24:25 +0000 (UTC) (envelope-from avg@FreeBSD.org)
Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140])
	by mx1.freebsd.org (Postfix) with ESMTP id 6AD5C8FC0A;
	Thu, 31 May 2012 12:24:24 +0000 (UTC)
Received: from odyssey.starpoint.kiev.ua (alpha-e.starpoint.kiev.ua
	[212.40.38.101])
	by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id PAA01061;
	Thu, 31 May 2012 15:23:57 +0300 (EEST)
	(envelope-from avg@FreeBSD.org)
Message-ID: <4FC762DD.90101@FreeBSD.org>
Date: Thu, 31 May 2012 15:23:57 +0300
From: Andriy Gapon <avg@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:12.0) Gecko/20120503 Thunderbird/12.0.1
MIME-Version: 1.0
To: Christoph Hellwig <hch@infradead.org>, d@delphij.net,
	freebsd-arch@FreeBSD.org
References: <4FAC3EAB.6050303@delphij.net> <861umkurt8.fsf@ds4.des.no>
	<CAJ-VmokY+pgcq999NHShbq-3rK3=oeWT2WY7NmTvVdXOHZJhdg@mail.gmail.com>
	<CAF6rxgmDW21aPJ5Mp6Tbk1z02ivw4UPhSaNEX+Wiu7O0v13skA@mail.gmail.com>
	<20120517055425.GA802@infradead.org>
In-Reply-To: <20120517055425.GA802@infradead.org>
X-Enigmail-Version: 1.5pre
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: Eitan Adler <lists@eitanadler.com>, Adrian Chadd <adrian@FreeBSD.org>,
	=?ISO-8859-1?Q?Dag-Erling_Sm=F8?=, =?ISO-8859-1?Q?rgrav?= <des@des.no>
Subject: Re: Allow small amount of memory be mlock()'ed by unprivileged
	process?
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2012 12:24:25 -0000

on 17/05/2012 08:54 Christoph Hellwig said the following:
> Linux has added a RLIMIT_MEMLOCK opcode for setrlimit that allows
> controlling the amount of memory users can lock down, with a default
> of a single page for unprivilegued processes.

In fact, FreeBSD also has this rlimit and there seems to be full support for it on
both user and kernel sides.
OTOH, PRIV_VM_MLOCK privilege seems to be granted only to the super-user in the
default configuration.  And this privilege kind of defeats the limit.

Perhaps, we should/could kill the privilege and set the limit to a sufficiently
small/safe value for ordinary users?

P.S.
Some MAC code has this comment:
/*
 * Allow VM privileges; it would be nice if these were subject to
 * resource limits.
 */
case PRIV_VM_MADV_PROTECT:
case PRIV_VM_MLOCK:

In the case of PRIV_VM_MLOCK it would be nice if one hand knew what the other is
doing :-)

P.P.S.
I would really like to see RLIMIT_NICE and RLIMIT_RTPRIO in FreeBSD.

-- 
Andriy Gapon