lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 4 Feb 2009 17:11:21 -0500
From:	wli@...ementarian.org
To:	Ravikiran G Thirumalai <kiran@...lex86.org>
Cc:	linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: Cannot use SHM_HUGETLB as a regular user

On Wed, Feb 04, 2009 at 02:04:28PM -0800, Ravikiran G Thirumalai wrote:
[..]
> However, setting up hugetlb_shm_group with the right gid does not work!
> Looks like hugetlb uses mlock based rlimits which cause shmget
> with SHM_HUGETLB to fail with -ENOMEM.  Setting up right rlimits for mlock
> through /etc/security/limits.conf works though (regardless of
> hugetlb_shm_group).
> I understand most oracle users use this rlimit to use largepages.
> But why does this need to be based on mlock!? We do have shmmax and shmall
> to restrict this resource.
> As I see it we have the following options to fix this inconsistency:
> 1. Do not depend on RLIMIT_MEMLOCK for hugetlb shm mappings.  If a user
>    has CAP_IPC_LOCK or if user belongs to /proc/sys/vm/hugetlb_shm_group,
>    he should be able to use shm memory according to shmmax and shmall OR
> 2. Update the hugetlbpage documentation to mention the resource limit based
>    limitation, and remove the useless /proc/sys/vm/hugetlb_shm_group sysctl
> Which one is better?  I am leaning towards 1. and have a patch ready for 1.
> but I might be missing some historical reason for using RLIMIT_MEMLOCK with
> SHM_HUGETLB.

We should do (1) because the hugetlb_shm_group and CAP_IPC_LOCK bits
should both continue to work as they did prior to RLIMIT_MEMLOCK -based
management of hugetlb. Please make sure the new RLIMIT_MEMLOCK -based
management still enables hugetlb shm when hugetlb_shm_group and
CAP_IPC_LOCK don't apply.


-- wli
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ