Date: Fri, 28 Sep 2012 17:24:43 +0400 From: Andrey Zonov <zont@FreeBSD.org> To: "Simon L. B. Nielsen" <simon@FreeBSD.org> Cc: freebsd-security@freebsd.org Subject: Re: [patch] unprivileged mlock(2) Message-ID: <5065A51B.6010905@FreeBSD.org> In-Reply-To: <CAC8HS2G84_t5G0KrwEhkwhfRWY%2B6Cck8vQYRJnv3vQOsBPPD_g@mail.gmail.com> References: <50619E5D.3010503@FreeBSD.org> <CAC8HS2G84_t5G0KrwEhkwhfRWY%2B6Cck8vQYRJnv3vQOsBPPD_g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig113F7C254FA28DBDFF7833B6 Content-Type: multipart/mixed; boundary="------------090508050401040600020903" This is a multi-part message in MIME format. --------------090508050401040600020903 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 9/27/12 7:25 PM, Simon L. B. Nielsen wrote: > On Tue, Sep 25, 2012 at 1:06 PM, Andrey Zonov <zont@freebsd.org> wrote:= >> Hi, >> >> Please review this patch [1] which allows unprivileged users call >> mlock()/munlock() and mlockall()/munlockall(). >> >> AFAIK, these calls were not allowed for every-one because accounting f= or >> mlockall(MCL_FUTURE) was not implemented. >=20 > I can't comment on the implementation details (don't know much about > VM system), but do you have tests to show that the new code actually > works in preventing users from mlocking more than 8MB by default? >=20 Sure, test is attached. So, lock only current memory: [zont@vm020 ~/mlock]$ limits -l 50m ./mlock 1 100 mlock: rss: 138Mb; allocated: 100Mb Lock only future memory: [zont@vm020 ~/mlock]$ limits -l 50m ./mlock 2 100 mlock: calloc(): Cannot allocate memory mlock: rss: 46Mb; allocated: 33Mb and fail at about 50Mb. Now lock current and future memory: [zont@vm020 ~/mlock]$ limits -l 50m ./mlock 3 100 mlock: calloc(): Cannot allocate memory mlock: rss: 49Mb; allocated: 33Mb and fail again. The numbers are rough because I use calloc() in test. To get more precise numbers test should be rewritten to use mmap() and/or sbrk(). --=20 Andrey Zonov --------------090508050401040600020903 Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0"; name="mlock.c" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="mlock.c" LyoKICogQ29weXJpZ2h0IChjKSAyMDEyIEFuZHJleSBab25vdgogKi8KCiNpbmNsdWRlIDxz eXMvdHlwZXMuaD4KI2luY2x1ZGUgPHN5cy90aW1lLmg+CiNpbmNsdWRlIDxzeXMvcmVzb3Vy Y2UuaD4KI2luY2x1ZGUgPHN5cy9tbWFuLmg+CiNpbmNsdWRlIDxlcnIuaD4KI2luY2x1ZGUg PHN0ZGxpYi5oPgojaW5jbHVkZSA8dW5pc3RkLmg+CgppbnQKbWFpbihpbnQgYXJnYywgY2hh ciAqKmFyZ3YpCnsKCXN0cnVjdCBydXNhZ2UgcnU7CglpbnQgZmxhZ3MsIGksIG51bTsKCglp ZiAoYXJnYyAhPSAzKQoJCWVycngoMSwKCQkgICAgInVzYWdlOiBtbG9jayA8ZmxhZ3M+IDxu dW0+XG4iCgkJICAgICJmbGFnczpcbiIKCQkgICAgIgkxID0gTUNMX0NVUlJFTlRcbiIKCQkg ICAgIgkyID0gTUNMX0ZVVFVSRVxuIgoJCSAgICAiCTMgPSBNQ0xfQ1VSUkVOVHxNQ0xfRlVU VVJFIik7CgoJZmxhZ3MgPQlhdG9pKGFyZ3ZbMV0pOwoJbnVtID0gYXRvaShhcmd2WzJdKTsK CglpZiAobWxvY2thbGwoZmxhZ3MpID09IC0xKQoJCWVycigxLCAibWxvY2thbGwoKSIpOwoJ Zm9yIChpID0gMDsgaSA8IG51bTsgaSsrKSB7CgkJaWYgKGNhbGxvYygxLCAxMDI0ICogMTAy NCkgPT0gTlVMTCkgewoJCQl3YXJuKCJjYWxsb2MoKSIpOwoJCQlnb3RvIG91dDsKCQl9Cgl9 CglpZiAobXVubG9ja2FsbCgpID09IC0xKSB7CgkJd2FybigibXVubG9ja2FsbCgpIik7CgkJ Z290byBvdXQ7Cgl9CgpvdXQ6CglnZXRydXNhZ2UoUlVTQUdFX1NFTEYsICZydSk7Cgl3YXJu eCgicnNzOiAlbGRNYjsgYWxsb2NhdGVkOiAlZE1iIiwgcnUucnVfbWF4cnNzLygxPDwxMCks IGkpOwoKCWV4aXQoMCk7Cn0K --------------090508050401040600020903-- --------------enig113F7C254FA28DBDFF7833B6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJQZaUdAAoJEBWLemxX/CvTLyUH/3Vpg5KgRzTwPHPEw9EGSAMG ju3TiZLWPM7P+ogJtL4CaFP8iTCiFzLpYX37vuv46pgYwn5hRV+8sEJWjksKBfhS FUgKKeQfBwZT1XSppuc2QPCxsvL/ToN/EIRe09TVVJao334ZQMqiBi4HbffE2iaI ZY/NVEdZInOui/FJhOi3mxpxm4nZSvut2E8KMiwusLJXakgTMTrsIt07EZiMCQxN WmT1fvJxgcRH3YS+oeEhxmJlu6r38lX5WV7UiP2nrNWvjYJuYTNT+Fz3BJP1tTZN jgmnQiICQT8fqQZIETluyHws+h6UX5Wr6DgfYC2eSUpzIRITWS1BESGmDST9Xlc= =qkma -----END PGP SIGNATURE----- --------------enig113F7C254FA28DBDFF7833B6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5065A51B.6010905>