From owner-freebsd-current@freebsd.org  Thu Feb  2 03:31:01 2017
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B650DCCB372
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Thu,  2 Feb 2017 03:31:01 +0000 (UTC)
 (envelope-from brunolauze@msn.com)
Received: from SNT004-OMC3S16.hotmail.com (snt004-omc3s16.hotmail.com
 [65.55.90.155])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "*.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 69F35192A
 for <freebsd-current@freebsd.org>; Thu,  2 Feb 2017 03:31:01 +0000 (UTC)
 (envelope-from brunolauze@msn.com)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com ([65.55.90.136])
 by SNT004-OMC3S16.hotmail.com over TLS secured channel with Microsoft
 SMTPSVC(7.5.7601.23008); Wed, 1 Feb 2017 19:29:55 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=msn.com; s=selector1; 
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=ENRG2OCFQOfyo21gS6HXtRf1Wyb1r/abEqJTklVMdTs=;
 b=iIiP45QFOeV/aZH9VteDeHmHZvUofSJfUGbbjd3Stn7c4daObc7t5dxWeyIYnZgt1AWrvwzBX0y9alJwOjBzf9XsbOBgFu0669fs7P/oDo4dVAEGEWpiYNzgLRU7XKd0mLiqnLJJxbEIFUt8NAHBD1RiRSsk63VM5L9OkvmEKCYBgO4G0G5WrNGeK24pIFLCl2KnEKYpLMCpG5iU4cNq5wpgNPKfpuFWhl64Mr+uxYbyMgtPItUNIxWhWUAqCnPAUNjZNNUktXst+14c5RoYDJut7QbdfmfaBKn16F+C3vz3g9S9wGUzQRJDlhKeLSWQ7loWvORhPfgMv1NxhuZd3Q==
Received: from CO1NAM03FT047.eop-NAM03.prod.protection.outlook.com
 (10.152.80.58) by CO1NAM03HT015.eop-NAM03.prod.protection.outlook.com
 (10.152.80.239) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.7; Thu, 2 Feb
 2017 03:29:54 +0000
Received: from SN1PR16MB0640.namprd16.prod.outlook.com (10.152.80.52) by
 CO1NAM03FT047.mail.protection.outlook.com (10.152.81.48) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.888.7 via Frontend Transport; Thu, 2 Feb 2017 03:29:54 +0000
Received: from SN1PR16MB0640.namprd16.prod.outlook.com ([10.165.28.138]) by
 SN1PR16MB0640.namprd16.prod.outlook.com ([10.165.28.138]) with mapi id
 15.01.0845.028; Thu, 2 Feb 2017 03:29:53 +0000
From: =?iso-8859-1?Q?Bruno_Lauz=E9?= <brunolauze@msn.com>
To: Xin LI <delphij@gmail.com>
CC: freebsd-current <freebsd-current@freebsd.org>
Subject: Re: mlock and jail
Thread-Topic: mlock and jail
Thread-Index: AQHSfOM6KDHfJeZzq062UKsd7j9HtKFU7meAgAAd7J0=
Date: Thu, 2 Feb 2017 03:29:53 +0000
Message-ID: <SN1PR16MB06402B4C31A998489FE13BC4C64C0@SN1PR16MB0640.namprd16.prod.outlook.com>
References: <SN1PR16MB0640DDC0DACEF22A63E7467FC64D0@SN1PR16MB0640.namprd16.prod.outlook.com>,
 <CAGMYy3s1izaqZaFrq6Ycxr7KFq_wQEPTo=wMpObRVPbxkttJQg@mail.gmail.com>
In-Reply-To: <CAGMYy3s1izaqZaFrq6Ycxr7KFq_wQEPTo=wMpObRVPbxkttJQg@mail.gmail.com>
Accept-Language: en-CA, en-US
Content-Language: en-CA
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: gmail.com; dkim=none (message not signed)
 header.d=none;gmail.com; dmarc=none action=none header.from=msn.com;
x-incomingtopheadermarker: OriginalChecksum:81B7093006218D9C0DA62A26AF24232E0C9124FF34D5E528D82D716206D61E66;
 UpperCasedChecksum:38FCF965028D85A2FD08CD67D5FA74315C2596F98E98D869D997BB79AAD31C4B;
 SizeAsReceived:7845; Count:40
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [DhpMKF4ma3UnYr9YDxweNJmnnAABgfqK]
x-incomingheadercount: 40
x-eopattributedmessage: 0
x-microsoft-exchange-diagnostics: 1; CO1NAM03HT015;
 5:qrTzlYSq4lFVkc/bnkAxYHSX/O9Je+qTalUcvdC78pddz6NDim17bZgbWVwsh21nrArHbz5cxcptHgNaqo0hZzzOEG6cMl1XwqVAcuKt1bxqcEp7vdfGCJrtZWb9OVwbtx4UlFYKj/YOJlRRvrDS+W5XWaF/ph93iLCbkPm+cQQ=;
 24:2505oyV9oLvQW94QQZxgDOPOt2/OaHBXYOwmxUyiJdOfryU8U3vyiOb2Y1hmhPK5Rs3ocS6eMyl1Op7CmH5lTxlRCZlUeY2Uag9mrsuhR2M=;
 7:XA+AAnW8I9O2ygdOFanB21Xbo2OTG+G+Rcd6/4Cw8jmT896nQok0jd7EluddFcOm3MwgRr0f26dV+RX/k0muL4rwARb+j/8D5VacMFaRHikCv2pRLn3z3t+gqgTbsl86GqRycgkjzO7RQ34GpndDmNduvIwPzXLQbM/QHZ/aEsyEF2g+H1kG1FbaLoWHh1+jSjGBkXRP0n1QkMsytINuhecrku915z9uo7x9u4EB4tEfPofz3wY0oTdM/l/Iuqm5fTYy0mK26r/0HUOA3i24rSMtDaCBUZNzY6GJThbgQjF5h4Vq9asCd6+TuBInYtHH6RGQ80YqtkUX1QHR5JOrmKhqFkf2/plRqRP4pXAcVDIXPuGwdxEyyCNBMjM7CaVMsvGRlKfjfcMx4M4euPBl2sEhNjPpVeUxQ8eONu2MXMdGl/iM7U7r452cVYyNbLrmuLL+S3+v6OHi1NyPE6agWKAtC/VAbfm1we4IBXzlvgeFKJtSnx3VNd7ltn4SwMl9MLTAzm6Z0dO9IZi4MxeYfg==
x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(10019020)(98900005);
 DIR:OUT; SFP:1102; SCL:1; SRVR:CO1NAM03HT015;
 H:SN1PR16MB0640.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; 
x-ms-office365-filtering-correlation-id: 4bc63f60-0b9d-411b-f53f-08d44b1bc0eb
x-microsoft-antispam: UriScan:; BCL:0; PCL:0;
 RULEID:(22001)(1601124038)(5061506344)(5061507327)(1603103130)(1601125047)(1603101358)(1701031040);
 SRVR:CO1NAM03HT015; 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
 RULEID:(444111334)(432015012)(82015046); SRVR:CO1NAM03HT015; BCL:0; PCL:0;
 RULEID:; SRVR:CO1NAM03HT015; 
x-forefront-prvs: 02065A9E77
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2017 03:29:53.8190 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM03HT015
X-OriginalArrivalTime: 02 Feb 2017 03:29:55.0866 (UTC)
 FILETIME=[9FA15FA0:01D27D04]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 03:31:01 -0000

Thanks you.

The app in fact is dotnet https://github.com/dotnet/coreclr

And since it's already possible to cap overall memory with rctl ( -- jail:h=
ttpd:memoryuse:deny=3D2G/jail -- or -- jail:httpd:memorylocked:deny=3D1G/ja=
il  -- ) it seems correct to say the lock weight could only be within those=
 limits?


But right now memorylocked rctl does apply since prison is denied mlock. I =
might be missing something. Thanks for your help.


By the way, FreeBSD would gain a lot pushing for dotnet support as it did w=
ith Java in the days.

________________________________
From: Xin LI <delphij@gmail.com>
Sent: February 1, 2017 8:31:35 PM
To: Bruno Lauz=E9
Cc: freebsd-current
Subject: Re: mlock and jail

I like this idea.

Note that potentially your patch would make it possible for a jailed
root to DoS the whole system by locking too much of pages in memory.
I think it would be sensible to provide a per-jail flag to enable
doing it, or better, have some finer grained control (e.g. per jail
quota of permitted locked pages).

Why did the application want to lock pages in main memory, though?

On Wed, Feb 1, 2017 at 3:52 PM, Bruno Lauz=E9 <brunolauze@msn.com> wrote:
>
> I would like to ask if there is a reason I would have to applythe  patch =
below to make an application work in a jail.
> And who's bad? the app too intrusive or the bsd not flexible enough (allo=
w.mlock?)
>
>
> Index: sys/kern/kern_jail.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- sys/kern/kern_jail.c        (revision 313033)
> +++ sys/kern/kern_jail.c        (working copy)
> @@ -3340,6 +3340,11 @@
>         case PRIV_PROC_SETLOGINCLASS:
>                 return (0);
>
>
> +        case PRIV_VM_MADV_PROTECT:
> +        case PRIV_VM_MLOCK:
> +        case PRIV_VM_MUNLOCK:
> +                return (0);
> +
>         default:
>
>
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org=
"