[cgl_discussion] A question about CGL2.0 Draft Req. 6.Pin.2: limit

Mon May 12 17:58:17 PDT 2003

"Li, Adam" wrote:
> Hi all,
> 
> In OSDL Carrier Grade Linux Working Group General System Requirements,
> Release 2 Public Draft Version 2003-03-17 Page29:
> 
> 6.Pin.2: Application Pin Page: Application Pin Page Limits says: "The
> total amount of memory pinned by applications needs to be able to be
> specified. This is needed to avoid overloading a system.
> 
> Existing mlock() enforces limits based on the RLIMIT_MEMLOCK setting
> for the executing process. A global limit is needed as a complementary
> control for allowing non.root processes to pin pages.
> 
> The application will receive an error code if all requested memory
> cannot be pinned. Return conditions shall be similar to current
> mlock() behaviour."
> 
> For the mlock() implementation, I think the limit RLIMIT_MEMELOCK is
> enough for this requirement, if whenever a non-root user logs into the
> system, a process owned by the superuser will invoke setrlimit( ) to
> decrease the rlim_max and rlim_cur fields for RLIMIT_MEMLOCK. So that
> non-root process cannot lock pages above the limit.

RLIMIT_MEMLOCK is a per-process control.  The code has a hard-coded test
which tests to determine if this process will cause more than half of
RAM to be pinned.  If so, then the request is denied.

However, unless I read the code incorrectly, there is no global setting
which controls how much memory can be pinned by all users requesting
mlock calls.  It seem two users, each requesting 49% of RAM, could both
succeed with probably dire consequences for the system.

I'm a bit unclear on your mechanism about actions by the superuser. 
That seems like it could work, but seems more convoluted than simply
providing a configurable kernel setting that specified total percentage
of RAM that can be pinned (most commercial *NIXes offer this control.)

> 
>  " A global limit is needed as a complementary control for allowing
> non.root processes to pin pages." What does this "global limit" mean?
> Why do we need "global limit as a complementary control" since we
> already have RLIMIT_MEMLOCK?

See above, RLIMIT_MEMLOCK as per-process and the current implementation
are not adequate.

> 
> Could someone help me to understand this? 

Let me know if this doesn't help.  I'll look at improving the writeup of
the requirement.

> 
> Thanks a lot.
> 
> ====================================================================
> Information above represents only my personal view, not corporate.  
> Adam Li  [Li Yi]
> Intel China Software Lab
> Tel:  86-21-5257-4545-1338
> adam.li at intel.com

Peter
--
Peter R. Badovinatz aka 'Wombat' -- IBM Linux Technology Center
preferred: tabmowzo at us.ibm.com / alternate: wombat at us.ibm.com
These are my opinions and absolutely not official opinions of IBM, Corp.