From: Johan Borkhuis <j.borkhuis@domain.hid>
To: Eric Noulard <eric.noulard@domain.hid>
Cc: Xenomai help <xenomai@xenomai.org>
Subject: Re: [Xenomai-help] Fwd: Xenomai and mlockall
Date: Tue, 26 Jun 2007 08:10:59 +0200 [thread overview]
Message-ID: <4680ADF3.9050102@domain.hid> (raw)
In-Reply-To: <cbe23c50706250905r38f1471ak72d82bc58c31b259@domain.hid>
Eric Noulard wrote:
> 2007/6/25, Johan Borkhuis <j.borkhuis@domain.hid>:
>
>> I am trying to run my Xenomai application as non-root. I disabled
>> XENO_OPT_SECURITY_ACCESS to allow non-root users to run Xenomai
>> applications. However, this causes my application to exit with the error:
>>
>> Xenomai: process memory not locked (missing mlockall?)
>>
>> Is there a way to avoid this error? I am running on an embedded system
>> without swap and without disk, so there is no real need for mlock or
>> mlockall.
>>
>
> I may be wrong but even on embedded system without
> mlockall(MCL_FUTURE) how can you be sure the memory you get from from
> a dynamically allocated memory (malloc/calloc etc...) is
> currently allocated in PHYSICAL memory?
>
I disabled swap, and also I don't have a physical disc connected to the
system. The system boots from a TFTP server, and the root file system is
mounted using NFS. So I think I can be pretty sure that all allocated
memory is in physical memory :-)
>> Is there a way to "tweak" the CAP_IPC_LOCK capability of the system or
>> the task so that I can run mlockall call,
>>
>
> May be you can use 'sudo' to run the task?
>
That is a possibility, but I prefer application to run as a regular user
and not as root.
I did find another way/hack around this problem. After looking in the
kernel I found out that the maximum amount of locked memory is limited
to 32 kbyte (= 8 pages) for a regular user (see also "ulimit -a") and
this limit is hard-coded into the kernel. My application asked to lock
just over 600 pages, so this was not allowed
After increasing this allowed amount to a much larger value the mlockall
succeeded and the application runs OK:
==============
--- linux-2.6.14/include/linux/resource.h 2005-10-28 02:02:08.000000000
+0200
+++ linux-2.6.14-mot/include/linux/resource.h 2007-06-25
15:46:16.622475000 +0200
@@ -59,7 +59,7 @@
* GPG wants 32kB of mlocked memory, to make sure pass phrases
* and other sensitive information are never written to disk.
*/
-#define MLOCK_LIMIT (8 * PAGE_SIZE)
+#define MLOCK_LIMIT (4096 * PAGE_SIZE)
/*
* Due to binary compatibility, the actual resource numbers
==============
Kind regards,
Johan Borkhuis
next prev parent reply other threads:[~2007-06-26 6:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-25 13:00 [Xenomai-help] Xenomai and mlockall Johan Borkhuis
[not found] ` <cbe23c50706250904i57afbc0xfbce52fdb9dccc66@domain.hid>
2007-06-25 16:05 ` [Xenomai-help] Fwd: " Eric Noulard
2007-06-26 6:10 ` Johan Borkhuis [this message]
2007-06-25 18:04 ` [Xenomai-help] " Paul
2007-06-26 7:26 ` Philippe Gerum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4680ADF3.9050102@domain.hid \
--to=j.borkhuis@domain.hid \
--cc=eric.noulard@domain.hid \
--cc=xenomai@xenomai.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.