From owner-freebsd-arch@FreeBSD.ORG Mon Sep 17 12:37:27 2012 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 40AB61065672; Mon, 17 Sep 2012 12:37:27 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200]) by mx1.freebsd.org (Postfix) with ESMTP id AFEF48FC08; Mon, 17 Sep 2012 12:37:26 +0000 (UTC) Received: from skuns.kiev.zoral.com.ua (localhost [127.0.0.1]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id q8HCbVYc059312; Mon, 17 Sep 2012 15:37:31 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.5/8.14.5) with ESMTP id q8HCbJtB037079; Mon, 17 Sep 2012 15:37:19 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.5/8.14.5/Submit) id q8HCbJ0n037078; Mon, 17 Sep 2012 15:37:19 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Mon, 17 Sep 2012 15:37:19 +0300 From: Konstantin Belousov To: Andrey Zonov Message-ID: <20120917123719.GS37286@deviant.kiev.zoral.com.ua> References: <503DD433.2030108@FreeBSD.org> <201208290906.q7T96C9j032802@gw.catspoiler.org> <20120829092318.GW33100@deviant.kiev.zoral.com.ua> <503F2D24.8050103@FreeBSD.org> <50463026.8000506@FreeBSD.org> <504653CD.2000707@FreeBSD.org> <5046F4E0.6000606@FreeBSD.org> <50561223.7060709@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/Z3Qj54wC++taHdq" Content-Disposition: inline In-Reply-To: <50561223.7060709@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: Andriy Gapon , freebsd-arch@freebsd.org Subject: Re: [patch] unprivileged mlock(2) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Sep 2012 12:37:27 -0000 --/Z3Qj54wC++taHdq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 16, 2012 at 09:53:39PM +0400, Andrey Zonov wrote: > On 9/5/12 10:44 AM, Andriy Gapon wrote: > > on 04/09/2012 22:17 Andrey Zonov said the following: > >> On 9/4/12 8:45 PM, Andriy Gapon wrote: > >>> on 30/08/2012 12:06 Andrey Zonov said the following: > >>>> Hi, > >>>> > >>>> So, I've got the first version of the patch (attached) which fixes= =20 > >>>> memory locked limit checking and accounting. > >>> > >>> Andrey, > >>> > >>> your mlock.patch looks good to me, but I haven't verified pieces under > >>> RACCT. Please try to get a review from a person who is knee-deep in t= he > >>> VM code like alc or your mentor. > >>> > >> > >> Thanks for review! > >> > >>> The code should also be sent for vetoing to security@. Not sure if y= ou > >>> would get a review there, but absence of nays would be good. > >>> > >>> When the code is ready to be committed, please remember about=20 > >>> memorylocked=3Dunlimited in the default entry of the default login.co= nf. A > >>> big warning about it will have to be posted (in UPDATING and > >>> current@/stable@ at the very least). > >>> > >> > >> After that amd(8), geli(8) and watchdogd(8) will be broken, because th= ey=20 > >> call mlockall(2). ntpd(8) won't, it already raises its RLIMIT_MEMLOCK= =2E I > >> will prepare patches for raising limits if there is no other solution. > >=20 > > Thanks for working on this. > > BTW, I am not sure why those applications would get broken... > > We could/should still have memorylocked=3Dunlimited for the 'root' clas= s. > > Or is it about something else? > >=20 >=20 > Hmm, I thought that root login class commented out. >=20 > >>> Thank you very much for doing this work. > >>> > >>> P.S. It would probably make sense to provide some HTTP home for this > >>> patch as well. > >>> > >> > >> Updated patch is here [1]. > >> > >> [1] http://people.freebsd.org/~zont/mlock1.patch > >> > >=20 > > Thank you! > > One additional thing - we probably should retire PRIV_VM_MLOCK and > > PRIV_VM_MUNLOCK. That would include making changes to > > sys/i386/ibcs2/ibcs2_misc.c and sys/ofed/drivers/infiniband/core/umem.c. > >=20 >=20 > They are useful for jails as trasz@ mentioned on IRC. >=20 > > P.S. PRIV_VM_MUNLOCK _privilege_ feels a little bit weird. I wonder wh= at was > > the intended use for it (if any)... > >=20 >=20 > So, here is the second version of the patch [1]. >=20 > [1] http://people.freebsd.org/~zont/mlock2.patch In priv_check_cred(), s/to unprivileged/for unprivileged/. In vm_mmap(), on RLIMIT_VMEM failure, racct change shall be rolled back. I am not sure why e.g. sys_obreak() forces racct limits instead of obeing. --/Z3Qj54wC++taHdq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlBXGX8ACgkQC3+MBN1Mb4jV1wCcCsv+7MaaB8EUqYJer+Hdx48z E+YAoPN1PxTSYwnFt/ae+XizRl+D97c1 =MriE -----END PGP SIGNATURE----- --/Z3Qj54wC++taHdq--