[cgl_discussion] A question about CGL2.0 Draft Req. 6.Pin.2: limit

Peter Badovinatz tabmowzo at us.ibm.com
Tue May 13 09:48:12 PDT 2003


"Li, Adam" wrote:
> Thank Peter for the clarification. 
> 
> So the "global limit" in the requirement means "global setting which
> controls how much memory can be pinned by all users requesting mlock
> calls."  And RLIMIT_MEMLOCK can limit a single non-root process from
> locking too much pages.

Strictly speaking, since only root users can today call mlock(),
RLIMIT_MEMLOCK therefore limits only single root processes.

> 
> Still some other questions:
> 
> 1. The wording in the requirement "A global limit is needed as a
> complementary control for allowing non.root processes to pin pages."
> _non root_ here seems a little confusing (since this global limit
> affects both root and non root processes).

See above statement, goal is that we want a method where non-root users
can pin their pages.  IF non-root users can pin pages, we want a global
limit that limits the total amount of RAM that can be pinned by all
requestors (root and non-root).  

> 
> 2. In requirement: 6.Pin.1 : Application Pin Page: No root, the
>    requirement says:
> 
> a. "A configuration capability needs to exist to allow the system to
> determine eligible applications for pinning pages".  Does the
> "configuration capability" mean a new capability different from
> "CAP_IPC_LOCK"?

Not necessarily.  It seems that CAP_IPC_LOCK already controls/allows
mlock(), what is needed is to formalize use of that control against
non-root processes.  The configuration utility is essentially just the
program or config file that allows one to specify the processes to be
given the capability.

The way I read the code it seems that CAP_IPC_LOCK is what is checked
NOW, so what is missing is the ability to specify which non-root
processes get that capability set and how.

> 
> b. And in the same requirement: "The configuration capability should
> provide a control that specifies the maximum percentage of system
> memory that can be pinned via this capability".  What is the
> relationship between the "configuration capability" and the "global
> limit (which controls how much memory can be pinned by all users
> requesting mlock calls)"?
> 
> Are the two "configuration capability" in "a" and "b" the same? If
> they are the same, does that mean if a process has such a capability,
> it can both eligible for pinning pages and specifying the maximum
> memory that can be locked (Seems does not make sense).

No, they are different.  The global limit is simply a kernel parameter
that can be configured to specify total amount of RAM that can be pinned
at one time.  This can be set and controlled via the same mechanisms as
kernel parameters today -- config files, /proc values, system calls,
etc.  This would remain under control of root.

The "list" of non-root processes allowed to pin pages is separate from
this and in fact, has nothing to do with setting the maximum pin amount.

> 
> Thanks and sorry for so many questions.

Obviously more clarification needed in the requirements writeup.

Thanks for taking a look!

> 
> --adam
>  
> ====================================================================
> Information above represents only my personal view, not corporate.  
> Adam Li  [Li Yi]
> Intel China Software Lab
> Tel:  86-21-5257-4545-1338
> adam.li at intel.com
>
> Information above represents only my personal view, not corporate.
> Adam Li  [Li Yi]
> Intel China Software Lab
> Tel:  86-21-5257-4545-1338
> adam.li at intel.com
> 
> > -----Original Message-----
> > From: Peter Badovinatz [mailto:tabmowzo at us.ibm.com]
> > Sent: 2003?5?13? 8:58
> > To: Li, Adam
> > Cc: OSDL CGL Discussion
> > Subject: Re: [cgl_discussion] A question about CGL2.0 Draft
> > Req. 6.Pin.2: limit
> >
> >
> > "Li, Adam" wrote:
> > > Hi all,
> > >
> > > In OSDL Carrier Grade Linux Working Group General System
> > Requirements,
> > > Release 2 Public Draft Version 2003-03-17 Page29:
> > >
> > > 6.Pin.2: Application Pin Page: Application Pin Page Limits
> > says: "The
> > > total amount of memory pinned by applications needs to be able to be
> > > specified. This is needed to avoid overloading a system.
> > >
> > > Existing mlock() enforces limits based on the RLIMIT_MEMLOCK setting
> > > for the executing process. A global limit is needed as a
> > complementary
> > > control for allowing non.root processes to pin pages.
> > >
> > > The application will receive an error code if all requested memory
> > > cannot be pinned. Return conditions shall be similar to current
> > > mlock() behaviour."
> > >
> > > For the mlock() implementation, I think the limit RLIMIT_MEMELOCK is
> > > enough for this requirement, if whenever a non-root user
> > logs into the
> > > system, a process owned by the superuser will invoke setrlimit( ) to
> > > decrease the rlim_max and rlim_cur fields for
> > RLIMIT_MEMLOCK. So that
> > > non-root process cannot lock pages above the limit.
> >
> > RLIMIT_MEMLOCK is a per-process control.  The code has a
> > hard-coded test
> > which tests to determine if this process will cause more than half of
> > RAM to be pinned.  If so, then the request is denied.
> >
> > However, unless I read the code incorrectly, there is no
> > global setting
> > which controls how much memory can be pinned by all users requesting
> > mlock calls.  It seem two users, each requesting 49% of RAM,
> > could both
> > succeed with probably dire consequences for the system.
> >
> > I'm a bit unclear on your mechanism about actions by the superuser.
> > That seems like it could work, but seems more convoluted than simply
> > providing a configurable kernel setting that specified total
> > percentage
> > of RAM that can be pinned (most commercial *NIXes offer this control.)
> >
> > >
> > >  " A global limit is needed as a complementary control for allowing
> > > non.root processes to pin pages." What does this "global
> > limit" mean?
> > > Why do we need "global limit as a complementary control" since we
> > > already have RLIMIT_MEMLOCK?
> >
> > See above, RLIMIT_MEMLOCK as per-process and the current
> > implementation
> > are not adequate.
> >
> > >
> > > Could someone help me to understand this?
> >
> > Let me know if this doesn't help.  I'll look at improving the
> > writeup of
> > the requirement.
> >
> > >
> > > Thanks a lot.
> > >
> > > ====================================================================
> > > Information above represents only my personal view, not corporate.
> > > Adam Li  [Li Yi]
> > > Intel China Software Lab
> > > Tel:  86-21-5257-4545-1338
> > > adam.li at intel.com
> >
> > Peter
> > --
> > Peter R. Badovinatz aka 'Wombat' -- IBM Linux Technology Center
> > preferred: tabmowzo at us.ibm.com / alternate: wombat at us.ibm.com
> > These are my opinions and absolutely not official opinions of
> > IBM, Corp.
> >
> 
> _______________________________________________
> cgl_discussion mailing list
> cgl_discussion at lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/cgl_discussion

--
Peter R. Badovinatz aka 'Wombat' -- IBM Linux Technology Center
preferred: tabmowzo at us.ibm.com / alternate: wombat at us.ibm.com
These are my opinions and absolutely not official opinions of IBM, Corp.



More information about the cgl_discussion mailing list