On 9/27/12 7:25 PM, Simon L. B. Nielsen wrote: > On Tue, Sep 25, 2012 at 1:06 PM, Andrey Zonov <[email protected]> wrote: >> Hi, >> >> Please review this patch [1] which allows unprivileged users call >> mlock()/munlock() and mlockall()/munlockall(). >> >> AFAIK, these calls were not allowed for every-one because accounting for >> mlockall(MCL_FUTURE) was not implemented. > > I can't comment on the implementation details (don't know much about > VM system), but do you have tests to show that the new code actually > works in preventing users from mlocking more than 8MB by default? >
Sure, test is attached. So, lock only current memory: [zont@vm020 ~/mlock]$ limits -l 50m ./mlock 1 100 mlock: rss: 138Mb; allocated: 100Mb Lock only future memory: [zont@vm020 ~/mlock]$ limits -l 50m ./mlock 2 100 mlock: calloc(): Cannot allocate memory mlock: rss: 46Mb; allocated: 33Mb and fail at about 50Mb. Now lock current and future memory: [zont@vm020 ~/mlock]$ limits -l 50m ./mlock 3 100 mlock: calloc(): Cannot allocate memory mlock: rss: 49Mb; allocated: 33Mb and fail again. The numbers are rough because I use calloc() in test. To get more precise numbers test should be rewritten to use mmap() and/or sbrk(). -- Andrey Zonov
/*
* Copyright (c) 2012 Andrey Zonov
*/
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/mman.h>
#include <err.h>
#include <stdlib.h>
#include <unistd.h>
int
main(int argc, char **argv)
{
struct rusage ru;
int flags, i, num;
if (argc != 3)
errx(1,
"usage: mlock <flags> <num>\n"
"flags:\n"
" 1 = MCL_CURRENT\n"
" 2 = MCL_FUTURE\n"
" 3 = MCL_CURRENT|MCL_FUTURE");
flags = atoi(argv[1]);
num = atoi(argv[2]);
if (mlockall(flags) == -1)
err(1, "mlockall()");
for (i = 0; i < num; i++) {
if (calloc(1, 1024 * 1024) == NULL) {
warn("calloc()");
goto out;
}
}
if (munlockall() == -1) {
warn("munlockall()");
goto out;
}
out:
getrusage(RUSAGE_SELF, &ru);
warnx("rss: %ldMb; allocated: %dMb", ru.ru_maxrss/(1<<10), i);
exit(0);
}
signature.asc
Description: OpenPGP digital signature
