[Xenomai-help] Xenomai and mlockall

[Xenomai-help] Xenomai and mlockall

[Johan Borkhuis]

I am trying to run my Xenomai application as non-root. I disabled 
XENO_OPT_SECURITY_ACCESS to allow non-root users to run Xenomai 
applications. However, this causes my application to exit with the error:

Xenomai: process memory not locked (missing mlockall?)

Is there a way to avoid this error? I am running on an embedded system 
without swap and without disk, so there is no real need for mlock or 
mlockall.

Is there a way to "tweak" the CAP_IPC_LOCK capability of the system or 
the task so that I can run mlockall call, or is there a way to disable 
this check on Xenomai?

Kind regards,
    Johan Borkhuis

[Xenomai-help] Fwd: Xenomai and mlockall

[Eric Noulard]

Sorry forgot to send to the list

---------- Forwarded message ----------
From: Eric Noulard <eric.noulard@domain.hid>
Date: 25 juin 2007 18:04
Subject: Re: [Xenomai-help] Xenomai and mlockall
To: Johan Borkhuis <j.borkhuis@domain.hid>


2007/6/25, Johan Borkhuis <j.borkhuis@domain.hid>:
> I am trying to run my Xenomai application as non-root. I disabled
> XENO_OPT_SECURITY_ACCESS to allow non-root users to run Xenomai
> applications. However, this causes my application to exit with the error:
>
> Xenomai: process memory not locked (missing mlockall?)
>
> Is there a way to avoid this error? I am running on an embedded system
> without swap and without disk, so there is no real need for mlock or
> mlockall.

I may be wrong but even on embedded system without
mlockall(MCL_FUTURE) how can you be sure the memory you get from from
a dynamically allocated memory (malloc/calloc etc...) is
currently allocated in PHYSICAL memory?

Usually linux is lazy and it gives you "real" memory when
you hit the memory page.

> Is there a way to "tweak" the CAP_IPC_LOCK capability of the system or
> the task so that I can run mlockall call,

May be you can use 'sudo' to run the task?

> or is there a way to disable this check on Xenomai?

I am not able to answer this one :))

--
Erk


-- 
Erk

Re: [Xenomai-help] Fwd: Xenomai and mlockall

[Johan Borkhuis]

Eric Noulard wrote:
> 2007/6/25, Johan Borkhuis <j.borkhuis@domain.hid>:
>   
>> I am trying to run my Xenomai application as non-root. I disabled
>> XENO_OPT_SECURITY_ACCESS to allow non-root users to run Xenomai
>> applications. However, this causes my application to exit with the error:
>>
>> Xenomai: process memory not locked (missing mlockall?)
>>
>> Is there a way to avoid this error? I am running on an embedded system
>> without swap and without disk, so there is no real need for mlock or
>> mlockall.
>>     
>
> I may be wrong but even on embedded system without
> mlockall(MCL_FUTURE) how can you be sure the memory you get from from
> a dynamically allocated memory (malloc/calloc etc...) is
> currently allocated in PHYSICAL memory?
>   
I disabled swap, and also I don't have a physical disc connected to the 
system. The system boots from a TFTP server, and the root file system is 
mounted using NFS. So I think I can be pretty sure that all allocated 
memory is in physical memory :-)

>> Is there a way to "tweak" the CAP_IPC_LOCK capability of the system or
>> the task so that I can run mlockall call,
>>     
>
> May be you can use 'sudo' to run the task?
>   

That is a possibility, but I prefer application to run as a regular user 
and not as root.

I did find another way/hack around this problem. After looking in the 
kernel I found out that the maximum amount of locked memory is limited 
to 32 kbyte (= 8 pages) for a regular user (see also "ulimit -a") and 
this limit is hard-coded into the kernel. My application asked to lock 
just over 600 pages, so this was not allowed
After increasing this allowed amount to a much larger value the mlockall 
succeeded and the application runs OK:

==============
--- linux-2.6.14/include/linux/resource.h 2005-10-28 02:02:08.000000000 
+0200
+++ linux-2.6.14-mot/include/linux/resource.h 2007-06-25 
15:46:16.622475000 +0200
@@ -59,7 +59,7 @@
* GPG wants 32kB of mlocked memory, to make sure pass phrases
* and other sensitive information are never written to disk.
*/
-#define MLOCK_LIMIT (8 * PAGE_SIZE)
+#define MLOCK_LIMIT (4096 * PAGE_SIZE)

/*
* Due to binary compatibility, the actual resource numbers
==============

Kind regards,
Johan Borkhuis

Re: [Xenomai-help] Xenomai and mlockall

[Paul]

[-- Attachment #1: Type: text/plain, Size: 379 bytes --]

On Monday 25 June 2007 14:00, Johan Borkhuis wrote:
> Is there a way to "tweak" the CAP_IPC_LOCK capability of the system or
> the task so that I can run mlockall call, or is there a way to disable
> this check on Xenomai?

See attached source - It needs to be linked to libcap. Once compiled, set 
user/group to root along with the sticky flag (chmod a+s).


Regards, Paul.





[-- Attachment #2: capabilities_demo.c --]
[-- Type: text/x-csrc, Size: 3064 bytes --]

/********************************************************************
*
* Description: capabilities_demo.c
*
*	Based on trivial-periodic.c from Xenomai's examples/native
*       directory - Additional material for dropping root privileges
*       and communicating with a kernel task subject to the following
*       statement:
*
* Author: Paul Corner <paul_c@domain.hid>
* Created on: Thu Mar 29 12:21:00 BST 2007
* License: GPL Ver. 2
*    
* Copyright (c) 2007 Paul Corner <paul_c@domain.hid>  All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*
********************************************************************/

#include "autoconf.h"
#include <stdlib.h>
#include <stdio.h>
#include <signal.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/mman.h>

#include <native/task.h>
#include <native/heap.h>
#include <native/timer.h>

#define TASK_PRIO 10

void catch_signal(int sig)
{
}


#if HAVE_LIBCAP
#include <sys/capability.h>
#include <sys/prctl.h>
#endif

void set_security(void)
{
#if HAVE_LIBCAP
    cap_t cap;

    /* Running as root - No need to drop anything. */
    if (getuid() == 0)
        return;

    /* Do a `chown root` and `chmod a+s` to allow non-root use */
    if (geteuid() != 0) {
	printf("suid not set - aborting");
	exit(-EPERM);
    }

    /* keep root capabilities in the transition to non-root user */
    prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
    setuid(getuid());

    /* drop all privs except CAP_SYS_NICE (for Xenomai), CAP_IPC_LOCK       
        (for mlockall), and CAP_SYS_RAWIO (for ioperm/iopl) for all
        current and future ops - Note: If all IO is done in kernel space,
        CAP_SYS_RAWIO can be dropped. */
    cap = cap_from_text("CAP_SYS_RAWIO,CAP_IPC_LOCK,CAP_SYS_NICE+ep");
    if (errno)
	perror("cap_from_text failed");
    if (cap_set_proc(cap) < 0) {
	perror("Failed to drop root privileges, aborting");
	exit(-EPERM);
    }

    cap_free(cap);
#endif
    return;
}

RT_HEAP driver_heap;

int main(int argc, char *argv[])
{
    int err = 0;
    int t, k, s;
    void* mem = NULL;
    struct driver_info *info;
    struct driver_data *data;
    RT_HEAP_INFO heap_info;

    signal(SIGTERM, catch_signal);
    signal(SIGINT, catch_signal);

    set_security();

    /* Avoids memory swapping for this program */
    mlockall(MCL_CURRENT | MCL_FUTURE);
    rt_task_create(&demo_task, "trivial", 0, TASK_PRIO, 0);
    rt_task_start(&demo_task, &demo, NULL);

    pause();

    return err;
}

Re: [Xenomai-help] Xenomai and mlockall

[Philippe Gerum]

On Mon, 2007-06-25 at 15:00 +0200, Johan Borkhuis wrote:
> I am trying to run my Xenomai application as non-root. I disabled 
> XENO_OPT_SECURITY_ACCESS to allow non-root users to run Xenomai 
> applications. However, this causes my application to exit with the error:
> 
> Xenomai: process memory not locked (missing mlockall?)
> 
> Is there a way to avoid this error? I am running on an embedded system 
> without swap and without disk, so there is no real need for mlock or 
> mlockall.
> 

swap is not the only source of page faults, ondemand application/library
loading is another one.

> Is there a way to "tweak" the CAP_IPC_LOCK capability of the system or 
> the task so that I can run mlockall call, or is there a way to disable 
> this check on Xenomai?

No way to disable it, since doing so would basically make your system
dysfunctional by risking page faults while not running over a regular
Linux context (i.e. Xenomai's primary domain).

IOW, you do want mlockall() to be in effect for Xenomai apps.

Hint: If you think some process is overconsuming locked memory, you may
want to have a look at /proc/<pid>/maps for the process in question, and
check the size of the various segments listed there, and especially the
stack related one.

> 
> Kind regards,
>     Johan Borkhuis
> 
> _______________________________________________
> Xenomai-help mailing list
> Xenomai-help@domain.hid
> https://mail.gna.org/listinfo/xenomai-help
-- 
Philippe.

Re: [Xenomai-help] Xenomai and mlockall

[Fillod Stephane]

Philippe Gerum wrote:
> On Mon, 2007-06-25 at 15:00 +0200, Johan Borkhuis wrote: 
>> I am trying to run my Xenomai application as non-root. I disabled 
>> XENO_OPT_SECURITY_ACCESS to allow non-root users to run Xenomai 
>> applications. However, this causes my application to exit with the
error:
[...]
>> Is there a way to "tweak" the CAP_IPC_LOCK capability of the system
or 
>> the task so that I can run mlockall call, or is there a way to
disable 
>> this check on Xenomai?
>
>No way to disable it, since doing so would basically make your system
>dysfunctional by risking page faults while not running over a regular
>Linux context (i.e. Xenomai's primary domain).

I think Johan was not asking to disable the mlockall, but to allow some
non-root user to be able to do it. He found his solution anyway, which
is worth an entry in the FAQ.

Since it is going to be a FAQ for those people in embedded business,
some
tricks to allow non-root operation of mlockall, SCHED_FIFO, etc., would
be 
useful. For example, you may hack the commoncap in linux/security/, 
or a better solution would be to rely on realtime-lsm[1][2], thanks to 
the audio folks.

[1] http://sourceforge.net/projects/realtime-lsm/
[2] http://lwn.net/Articles/110346/


Best Regards,
-- 
Stephane