On Fri, Apr 08, 2022 at 08:54:02PM +0200, David Hildenbrand wrote: > RLIMIT_MEMLOCK was the obvious candidate, but as we discovered int he > past already with secretmem, it's not 100% that good of a fit (unmovable > is worth than mlocked). But it gets the job done for now at least. No, it doesn't. There are too many different interpretations how MELOCK is supposed to work eg VFIO accounts per-process so hostile users can just fork to go past it. RDMA is per-process but uses a different counter, so you can double up iouring is per-user and users a 3rd counter, so it can triple up on the above two > So I'm open for alternative to limit the amount of unmovable memory we > might allocate for user space, and then we could convert seretmem as well. I think it has to be cgroup based considering where we are now :\ Jason
