1

I would execute a mlockall on a real-time process to lock the memory pages that does no have root privileges. Since the user ulimit for max locked memory is really low (and it is ok due to security considerations), I would lock the memory via another process spawned by root user.

Unfortunately, mlockall has this signature:

int mlockall(int flags);

So, it works only if it is called directly by the target process. There exists a way (e.g. another syscall) to lock the memory of another process? Something like:

int mlockall(int flags, pid_t pid);
Community
  • 1
  • 1
ocirocir
  • 3,543
  • 2
  • 24
  • 34
  • Possible duplicate of [LINUX: How to lock the pages of a process in memory](http://stackoverflow.com/questions/12520499/linux-how-to-lock-the-pages-of-a-process-in-memory) – Michael Foukarakis Dec 07 '16 at 12:42
  • Injecting code with gdb is really a bad solution, it should be better to have a syscall or other mechanism that do not involve code injection. – ocirocir Dec 07 '16 at 12:50
  • How about starting the real-time process with necessary privileges, and using a small dynamic library to set the resource limits, process priority, and lock memory, *and* drop the privileges, before the actual process' `main()` starts? You do need one helper program (setuid) and the dynamic library, but they really should be quite straightforward to implement. Interested? – Nominal Animal Dec 07 '16 at 13:23
  • @RicoRico, you can always create that syscall yourself, maybe submit it upstream. – Michael Foukarakis Dec 07 '16 at 13:29

1 Answers1

2

I write a new system call in order to fill the gap.

I attached the patch to the kernel-mm mailing list, you can find it here

ocirocir
  • 3,543
  • 2
  • 24
  • 34