[cgl_discussion] A question about CGL2.0 Draft Req. 6.Pin.2: limit
Peter Badovinatz
tabmowzo at us.ibm.com
Mon May 12 17:58:17 PDT 2003
"Li, Adam" wrote:
> Hi all,
>
> In OSDL Carrier Grade Linux Working Group General System Requirements,
> Release 2 Public Draft Version 2003-03-17 Page29:
>
> 6.Pin.2: Application Pin Page: Application Pin Page Limits says: "The
> total amount of memory pinned by applications needs to be able to be
> specified. This is needed to avoid overloading a system.
>
> Existing mlock() enforces limits based on the RLIMIT_MEMLOCK setting
> for the executing process. A global limit is needed as a complementary
> control for allowing non.root processes to pin pages.
>
> The application will receive an error code if all requested memory
> cannot be pinned. Return conditions shall be similar to current
> mlock() behaviour."
>
> For the mlock() implementation, I think the limit RLIMIT_MEMELOCK is
> enough for this requirement, if whenever a non-root user logs into the
> system, a process owned by the superuser will invoke setrlimit( ) to
> decrease the rlim_max and rlim_cur fields for RLIMIT_MEMLOCK. So that
> non-root process cannot lock pages above the limit.
RLIMIT_MEMLOCK is a per-process control. The code has a hard-coded test
which tests to determine if this process will cause more than half of
RAM to be pinned. If so, then the request is denied.
However, unless I read the code incorrectly, there is no global setting
which controls how much memory can be pinned by all users requesting
mlock calls. It seem two users, each requesting 49% of RAM, could both
succeed with probably dire consequences for the system.
I'm a bit unclear on your mechanism about actions by the superuser.
That seems like it could work, but seems more convoluted than simply
providing a configurable kernel setting that specified total percentage
of RAM that can be pinned (most commercial *NIXes offer this control.)
>
> " A global limit is needed as a complementary control for allowing
> non.root processes to pin pages." What does this "global limit" mean?
> Why do we need "global limit as a complementary control" since we
> already have RLIMIT_MEMLOCK?
See above, RLIMIT_MEMLOCK as per-process and the current implementation
are not adequate.
>
> Could someone help me to understand this?
Let me know if this doesn't help. I'll look at improving the writeup of
the requirement.
>
> Thanks a lot.
>
> ====================================================================
> Information above represents only my personal view, not corporate.
> Adam Li [Li Yi]
> Intel China Software Lab
> Tel: 86-21-5257-4545-1338
> adam.li at intel.com
Peter
--
Peter R. Badovinatz aka 'Wombat' -- IBM Linux Technology Center
preferred: tabmowzo at us.ibm.com / alternate: wombat at us.ibm.com
These are my opinions and absolutely not official opinions of IBM, Corp.
More information about the cgl_discussion
mailing list