On 22.11.21 18:55, Andrew Dona-Couch wrote: > Forgive me for jumping in to an already overburdened thread. But can > someone pushing back on this clearly explain the issue with applying > this patch? It will allow unprivileged users to easily and even "accidentally" allocate more unmovable memory than it should in some environments. Such limits exist for a reason. And there are ways for admins/distros to tweak these limits if they know what they are doing. > > The only concerns I've heard are that it doesn't go far enough. That > another strategy (that everyone seems to agree would be a fair bit more > effort) could potentially achieve the same goal and then some. Isn't > that exactly what's meant by "don't let perfection be the enemy of the > good"? The saying is not talking about literal perfection -- the idea is > that you make progress where you can, and that incremental progress and > broader changes are not necessarily in conflict. > > This tiny patch could be a step in the right direction. Why does this > thread need dozens of replies? Because it does something controversial. Send controversial patches, receive many opinions, it's that simple. This is not a step into the right direction. This is all just trying to hide the fact that we're exposing FOLL_LONGTERM usage to random unprivileged users. Maybe we could instead try getting rid of FOLL_LONGTERM usage and the memlock limit in io_uring altogether, for example, by using mmu notifiers. But I'm no expert on the io_uring code. -- Thanks, David / dhildenb
