|
Packit |
7cfc04 |
.\" Copyright (C) Michael Kerrisk, 2004
|
|
Packit |
7cfc04 |
.\" using some material drawn from earlier man pages
|
|
Packit |
7cfc04 |
.\" written by Thomas Kuhn, Copyright 1996
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" %%%LICENSE_START(GPLv2+_DOC_FULL)
|
|
Packit |
7cfc04 |
.\" This is free documentation; you can redistribute it and/or
|
|
Packit |
7cfc04 |
.\" modify it under the terms of the GNU General Public License as
|
|
Packit |
7cfc04 |
.\" published by the Free Software Foundation; either version 2 of
|
|
Packit |
7cfc04 |
.\" the License, or (at your option) any later version.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" The GNU General Public License's references to "object code"
|
|
Packit |
7cfc04 |
.\" and "executables" are to be interpreted as the output of any
|
|
Packit |
7cfc04 |
.\" document formatting or typesetting system, including
|
|
Packit |
7cfc04 |
.\" intermediate and printed output.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" This manual is distributed in the hope that it will be useful,
|
|
Packit |
7cfc04 |
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
7cfc04 |
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
7cfc04 |
.\" GNU General Public License for more details.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" You should have received a copy of the GNU General Public
|
|
Packit |
7cfc04 |
.\" License along with this manual; if not, see
|
|
Packit |
7cfc04 |
.\" <http://www.gnu.org/licenses/>.
|
|
Packit |
7cfc04 |
.\" %%%LICENSE_END
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.TH MLOCK 2 2018-02-02 "Linux" "Linux Programmer's Manual"
|
|
Packit |
7cfc04 |
.SH NAME
|
|
Packit |
7cfc04 |
mlock, mlock2, munlock, mlockall, munlockall \- lock and unlock memory
|
|
Packit |
7cfc04 |
.SH SYNOPSIS
|
|
Packit |
7cfc04 |
.nf
|
|
Packit |
7cfc04 |
.B #include <sys/mman.h>
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BI "int mlock(const void *" addr ", size_t " len );
|
|
Packit |
7cfc04 |
.BI "int mlock2(const void *" addr ", size_t " len ", int " flags );
|
|
Packit |
7cfc04 |
.BI "int munlock(const void *" addr ", size_t " len );
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BI "int mlockall(int " flags );
|
|
Packit |
7cfc04 |
.B int munlockall(void);
|
|
Packit |
7cfc04 |
.fi
|
|
Packit |
7cfc04 |
.SH DESCRIPTION
|
|
Packit |
7cfc04 |
.BR mlock (),
|
|
Packit |
7cfc04 |
.BR mlock2 (),
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
lock part or all of the calling process's virtual address
|
|
Packit |
7cfc04 |
space into RAM, preventing that memory from being paged to the
|
|
Packit |
7cfc04 |
swap area.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BR munlock ()
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR munlockall ()
|
|
Packit |
7cfc04 |
perform the converse operation,
|
|
Packit |
7cfc04 |
unlocking part or all of the calling process's virtual
|
|
Packit |
7cfc04 |
address space, so that pages in the specified virtual address range may
|
|
Packit |
7cfc04 |
once more to be swapped out if required by the kernel memory manager.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Memory locking and unlocking are performed in units of whole pages.
|
|
Packit |
7cfc04 |
.SS mlock(), mlock2(), and munlock()
|
|
Packit |
7cfc04 |
.BR mlock ()
|
|
Packit |
7cfc04 |
locks pages in the address range starting at
|
|
Packit |
7cfc04 |
.I addr
|
|
Packit |
7cfc04 |
and continuing for
|
|
Packit |
7cfc04 |
.I len
|
|
Packit |
7cfc04 |
bytes.
|
|
Packit |
7cfc04 |
All pages that contain a part of the specified address range are
|
|
Packit |
7cfc04 |
guaranteed to be resident in RAM when the call returns successfully;
|
|
Packit |
7cfc04 |
the pages are guaranteed to stay in RAM until later unlocked.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BR mlock2 ()
|
|
Packit |
7cfc04 |
.\" commit a8ca5d0ecbdde5cc3d7accacbd69968b0c98764e
|
|
Packit |
7cfc04 |
.\" commit de60f5f10c58d4f34b68622442c0e04180367f3f
|
|
Packit |
7cfc04 |
.\" commit b0f205c2a3082dd9081f9a94e50658c5fa906ff1
|
|
Packit |
7cfc04 |
also locks pages in the specified range starting at
|
|
Packit |
7cfc04 |
.I addr
|
|
Packit |
7cfc04 |
and continuing for
|
|
Packit |
7cfc04 |
.I len
|
|
Packit |
7cfc04 |
bytes.
|
|
Packit |
7cfc04 |
However, the state of the pages contained in that range after the call
|
|
Packit |
7cfc04 |
returns successfully will depend on the value in the
|
|
Packit |
7cfc04 |
.I flags
|
|
Packit |
7cfc04 |
argument.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.I flags
|
|
Packit |
7cfc04 |
argument can be either 0 or the following constant:
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B MLOCK_ONFAULT
|
|
Packit |
7cfc04 |
Lock pages that are currently resident and mark the entire range so
|
|
Packit |
7cfc04 |
that the remaining nonresident pages locked when they are populated
|
|
Packit |
7cfc04 |
by a page fault.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
If
|
|
Packit |
7cfc04 |
.I flags
|
|
Packit |
7cfc04 |
is 0,
|
|
Packit |
7cfc04 |
.BR mlock2 ()
|
|
Packit |
7cfc04 |
behaves exactly the same as
|
|
Packit |
7cfc04 |
.BR mlock ().
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BR munlock ()
|
|
Packit |
7cfc04 |
unlocks pages in the address range starting at
|
|
Packit |
7cfc04 |
.I addr
|
|
Packit |
7cfc04 |
and continuing for
|
|
Packit |
7cfc04 |
.I len
|
|
Packit |
7cfc04 |
bytes.
|
|
Packit |
7cfc04 |
After this call, all pages that contain a part of the specified
|
|
Packit |
7cfc04 |
memory range can be moved to external swap space again by the kernel.
|
|
Packit |
7cfc04 |
.SS mlockall() and munlockall()
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
locks all pages mapped into the address space of the
|
|
Packit |
7cfc04 |
calling process.
|
|
Packit |
7cfc04 |
This includes the pages of the code, data and stack
|
|
Packit |
7cfc04 |
segment, as well as shared libraries, user space kernel data, shared
|
|
Packit |
7cfc04 |
memory, and memory-mapped files.
|
|
Packit |
7cfc04 |
All mapped pages are guaranteed
|
|
Packit |
7cfc04 |
to be resident in RAM when the call returns successfully;
|
|
Packit |
7cfc04 |
the pages are guaranteed to stay in RAM until later unlocked.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.I flags
|
|
Packit |
7cfc04 |
argument is constructed as the bitwise OR of one or more of the
|
|
Packit |
7cfc04 |
following constants:
|
|
Packit |
7cfc04 |
.TP 1.2i
|
|
Packit |
7cfc04 |
.B MCL_CURRENT
|
|
Packit |
7cfc04 |
Lock all pages which are currently mapped into the address space of
|
|
Packit |
7cfc04 |
the process.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B MCL_FUTURE
|
|
Packit |
7cfc04 |
Lock all pages which will become mapped into the address space of the
|
|
Packit |
7cfc04 |
process in the future.
|
|
Packit |
7cfc04 |
These could be, for instance, new pages required
|
|
Packit |
7cfc04 |
by a growing heap and stack as well as new memory-mapped files or
|
|
Packit |
7cfc04 |
shared memory regions.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.BR MCL_ONFAULT " (since Linux 4.4)"
|
|
Packit |
7cfc04 |
Used together with
|
|
Packit |
7cfc04 |
.BR MCL_CURRENT ,
|
|
Packit |
7cfc04 |
.BR MCL_FUTURE ,
|
|
Packit |
7cfc04 |
or both.
|
|
Packit |
7cfc04 |
Mark all current (with
|
|
Packit |
7cfc04 |
.BR MCL_CURRENT )
|
|
Packit |
7cfc04 |
or future (with
|
|
Packit |
7cfc04 |
.BR MCL_FUTURE )
|
|
Packit |
7cfc04 |
mappings to lock pages when they are faulted in.
|
|
Packit |
7cfc04 |
When used with
|
|
Packit |
7cfc04 |
.BR MCL_CURRENT ,
|
|
Packit |
7cfc04 |
all present pages are locked, but
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
will not fault in non-present pages.
|
|
Packit |
7cfc04 |
When used with
|
|
Packit |
7cfc04 |
.BR MCL_FUTURE ,
|
|
Packit |
7cfc04 |
all future mappings will be marked to lock pages when they are faulted
|
|
Packit |
7cfc04 |
in, but they will not be populated by the lock when the mapping is
|
|
Packit |
7cfc04 |
created.
|
|
Packit |
7cfc04 |
.B MCL_ONFAULT
|
|
Packit |
7cfc04 |
must be used with either
|
|
Packit |
7cfc04 |
.B MCL_CURRENT
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
.B MCL_FUTURE
|
|
Packit |
7cfc04 |
or both.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
If
|
|
Packit |
7cfc04 |
.B MCL_FUTURE
|
|
Packit |
7cfc04 |
has been specified, then a later system call (e.g.,
|
|
Packit |
7cfc04 |
.BR mmap (2),
|
|
Packit |
7cfc04 |
.BR sbrk (2),
|
|
Packit |
7cfc04 |
.BR malloc (3)),
|
|
Packit |
7cfc04 |
may fail if it would cause the number of locked bytes to exceed
|
|
Packit |
7cfc04 |
the permitted maximum (see below).
|
|
Packit |
7cfc04 |
In the same circumstances, stack growth may likewise fail:
|
|
Packit |
7cfc04 |
the kernel will deny stack expansion and deliver a
|
|
Packit |
7cfc04 |
.B SIGSEGV
|
|
Packit |
7cfc04 |
signal to the process.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BR munlockall ()
|
|
Packit |
7cfc04 |
unlocks all pages mapped into the address space of the
|
|
Packit |
7cfc04 |
calling process.
|
|
Packit |
7cfc04 |
.SH RETURN VALUE
|
|
Packit |
7cfc04 |
On success, these system calls return 0.
|
|
Packit |
7cfc04 |
On error, \-1 is returned,
|
|
Packit |
7cfc04 |
.I errno
|
|
Packit |
7cfc04 |
is set appropriately, and no changes are made to any locks in the
|
|
Packit |
7cfc04 |
address space of the process.
|
|
Packit |
7cfc04 |
.SH ERRORS
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B ENOMEM
|
|
Packit |
7cfc04 |
(Linux 2.6.9 and later) the caller had a nonzero
|
|
Packit |
7cfc04 |
.B RLIMIT_MEMLOCK
|
|
Packit |
7cfc04 |
soft resource limit, but tried to lock more memory than the limit
|
|
Packit |
7cfc04 |
permitted.
|
|
Packit |
7cfc04 |
This limit is not enforced if the process is privileged
|
|
Packit |
7cfc04 |
.RB ( CAP_IPC_LOCK ).
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B ENOMEM
|
|
Packit |
7cfc04 |
(Linux 2.4 and earlier) the calling process tried to lock more than
|
|
Packit |
7cfc04 |
half of RAM.
|
|
Packit |
7cfc04 |
.\" In the case of mlock(), this check is somewhat buggy: it doesn't
|
|
Packit |
7cfc04 |
.\" take into account whether the to-be-locked range overlaps with
|
|
Packit |
7cfc04 |
.\" already locked pages. Thus, suppose we allocate
|
|
Packit |
7cfc04 |
.\" (num_physpages / 4 + 1) of memory, and lock those pages once using
|
|
Packit |
7cfc04 |
.\" mlock(), and then lock the *same* page range a second time.
|
|
Packit |
7cfc04 |
.\" In the case, the second mlock() call will fail, since the check
|
|
Packit |
7cfc04 |
.\" calculates that the process is trying to lock (num_physpages / 2 + 2)
|
|
Packit |
7cfc04 |
.\" pages, which of course is not true. (MTK, Nov 04, kernel 2.4.28)
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B EPERM
|
|
Packit |
7cfc04 |
The caller is not privileged, but needs privilege
|
|
Packit |
7cfc04 |
.RB ( CAP_IPC_LOCK )
|
|
Packit |
7cfc04 |
to perform the requested operation.
|
|
Packit |
7cfc04 |
.\"SVr4 documents an additional EAGAIN error code.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
For
|
|
Packit |
7cfc04 |
.BR mlock (),
|
|
Packit |
7cfc04 |
.BR mlock2 (),
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR munlock ():
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B EAGAIN
|
|
Packit |
7cfc04 |
Some or all of the specified address range could not be locked.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B EINVAL
|
|
Packit |
7cfc04 |
The result of the addition
|
|
Packit |
7cfc04 |
.IR addr + len
|
|
Packit |
7cfc04 |
was less than
|
|
Packit |
7cfc04 |
.IR addr
|
|
Packit |
7cfc04 |
(e.g., the addition may have resulted in an overflow).
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B EINVAL
|
|
Packit |
7cfc04 |
(Not on Linux)
|
|
Packit |
7cfc04 |
.I addr
|
|
Packit |
7cfc04 |
was not a multiple of the page size.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B ENOMEM
|
|
Packit |
7cfc04 |
Some of the specified address range does not correspond to mapped
|
|
Packit |
7cfc04 |
pages in the address space of the process.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B ENOMEM
|
|
Packit |
7cfc04 |
Locking or unlocking a region would result in the total number of
|
|
Packit |
7cfc04 |
mappings with distinct attributes (e.g., locked versus unlocked)
|
|
Packit |
7cfc04 |
exceeding the allowed maximum.
|
|
Packit |
7cfc04 |
.\" I.e., the number of VMAs would exceed the 64kB maximum
|
|
Packit |
7cfc04 |
(For example, unlocking a range in the middle of a currently locked
|
|
Packit |
7cfc04 |
mapping would result in three mappings:
|
|
Packit |
7cfc04 |
two locked mappings at each end and an unlocked mapping in the middle.)
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
For
|
|
Packit |
7cfc04 |
.BR mlock2 ():
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B EINVAL
|
|
Packit |
7cfc04 |
Unknown \fIflags\fP were specified.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
For
|
|
Packit |
7cfc04 |
.BR mlockall ():
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B EINVAL
|
|
Packit |
7cfc04 |
Unknown \fIflags\fP were specified or
|
|
Packit |
7cfc04 |
.B MCL_ONFAULT
|
|
Packit |
7cfc04 |
was specified without either
|
|
Packit |
7cfc04 |
.B MCL_FUTURE
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
.BR MCL_CURRENT .
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
For
|
|
Packit |
7cfc04 |
.BR munlockall ():
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B EPERM
|
|
Packit |
7cfc04 |
(Linux 2.6.8 and earlier) The caller was not privileged
|
|
Packit |
7cfc04 |
.RB ( CAP_IPC_LOCK ).
|
|
Packit |
7cfc04 |
.SH VERSIONS
|
|
Packit |
7cfc04 |
.BR mlock2 ()
|
|
Packit |
7cfc04 |
is available since Linux 4.4;
|
|
Packit |
7cfc04 |
glibc support was added in version 2.27.
|
|
Packit |
7cfc04 |
.SH CONFORMING TO
|
|
Packit |
7cfc04 |
POSIX.1-2001, POSIX.1-2008, SVr4.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
mlock2 ()
|
|
Packit |
7cfc04 |
is Linux specific.
|
|
Packit |
7cfc04 |
.SH AVAILABILITY
|
|
Packit |
7cfc04 |
On POSIX systems on which
|
|
Packit |
7cfc04 |
.BR mlock ()
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR munlock ()
|
|
Packit |
7cfc04 |
are available,
|
|
Packit |
7cfc04 |
.B _POSIX_MEMLOCK_RANGE
|
|
Packit |
7cfc04 |
is defined in \fI<unistd.h>\fP and the number of bytes in a page
|
|
Packit |
7cfc04 |
can be determined from the constant
|
|
Packit |
7cfc04 |
.B PAGESIZE
|
|
Packit |
7cfc04 |
(if defined) in \fI<limits.h>\fP or by calling
|
|
Packit |
7cfc04 |
.IR sysconf(_SC_PAGESIZE) .
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
On POSIX systems on which
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR munlockall ()
|
|
Packit |
7cfc04 |
are available,
|
|
Packit |
7cfc04 |
.B _POSIX_MEMLOCK
|
|
Packit |
7cfc04 |
is defined in \fI<unistd.h>\fP to a value greater than 0.
|
|
Packit |
7cfc04 |
(See also
|
|
Packit |
7cfc04 |
.BR sysconf (3).)
|
|
Packit |
7cfc04 |
.\" POSIX.1-2001: It shall be defined to -1 or 0 or 200112L.
|
|
Packit |
7cfc04 |
.\" -1: unavailable, 0: ask using sysconf().
|
|
Packit |
7cfc04 |
.\" glibc defines it to 1.
|
|
Packit |
7cfc04 |
.SH NOTES
|
|
Packit |
7cfc04 |
Memory locking has two main applications: real-time algorithms and
|
|
Packit |
7cfc04 |
high-security data processing.
|
|
Packit |
7cfc04 |
Real-time applications require
|
|
Packit |
7cfc04 |
deterministic timing, and, like scheduling, paging is one major cause
|
|
Packit |
7cfc04 |
of unexpected program execution delays.
|
|
Packit |
7cfc04 |
Real-time applications will
|
|
Packit |
7cfc04 |
usually also switch to a real-time scheduler with
|
|
Packit |
7cfc04 |
.BR sched_setscheduler (2).
|
|
Packit |
7cfc04 |
Cryptographic security software often handles critical bytes like
|
|
Packit |
7cfc04 |
passwords or secret keys as data structures.
|
|
Packit |
7cfc04 |
As a result of paging,
|
|
Packit |
7cfc04 |
these secrets could be transferred onto a persistent swap store medium,
|
|
Packit |
7cfc04 |
where they might be accessible to the enemy long after the security
|
|
Packit |
7cfc04 |
software has erased the secrets in RAM and terminated.
|
|
Packit |
7cfc04 |
(But be aware that the suspend mode on laptops and some desktop
|
|
Packit |
7cfc04 |
computers will save a copy of the system's RAM to disk, regardless
|
|
Packit |
7cfc04 |
of memory locks.)
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Real-time processes that are using
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
to prevent delays on page faults should reserve enough
|
|
Packit |
7cfc04 |
locked stack pages before entering the time-critical section,
|
|
Packit |
7cfc04 |
so that no page fault can be caused by function calls.
|
|
Packit |
7cfc04 |
This can be achieved by calling a function that allocates a
|
|
Packit |
7cfc04 |
sufficiently large automatic variable (an array) and writes to the
|
|
Packit |
7cfc04 |
memory occupied by this array in order to touch these stack pages.
|
|
Packit |
7cfc04 |
This way, enough pages will be mapped for the stack and can be
|
|
Packit |
7cfc04 |
locked into RAM.
|
|
Packit |
7cfc04 |
The dummy writes ensure that not even copy-on-write
|
|
Packit |
7cfc04 |
page faults can occur in the critical section.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Memory locks are not inherited by a child created via
|
|
Packit |
7cfc04 |
.BR fork (2)
|
|
Packit |
7cfc04 |
and are automatically removed (unlocked) during an
|
|
Packit |
7cfc04 |
.BR execve (2)
|
|
Packit |
7cfc04 |
or when the process terminates.
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
.B MCL_FUTURE
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.B MCL_FUTURE | MCL_ONFAULT
|
|
Packit |
7cfc04 |
settings are not inherited by a child created via
|
|
Packit |
7cfc04 |
.BR fork (2)
|
|
Packit |
7cfc04 |
and are cleared during an
|
|
Packit |
7cfc04 |
.BR execve (2).
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Note that
|
|
Packit |
7cfc04 |
.BR fork (2)
|
|
Packit |
7cfc04 |
will prepare the address space for a copy-on-write operation.
|
|
Packit |
7cfc04 |
The consequence is that any write access that follows will cause
|
|
Packit |
7cfc04 |
a page fault that in turn may cause high latencies for a real-time process.
|
|
Packit |
7cfc04 |
Therefore, it is crucial not to invoke
|
|
Packit |
7cfc04 |
.BR fork (2)
|
|
Packit |
7cfc04 |
after an
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
.BR mlock ()
|
|
Packit |
7cfc04 |
operation\(emnot even from a thread which runs at a low priority within
|
|
Packit |
7cfc04 |
a process which also has a thread running at elevated priority.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The memory lock on an address range is automatically removed
|
|
Packit |
7cfc04 |
if the address range is unmapped via
|
|
Packit |
7cfc04 |
.BR munmap (2).
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Memory locks do not stack, that is, pages which have been locked several times
|
|
Packit |
7cfc04 |
by calls to
|
|
Packit |
7cfc04 |
.BR mlock (),
|
|
Packit |
7cfc04 |
.BR mlock2 (),
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
will be unlocked by a single call to
|
|
Packit |
7cfc04 |
.BR munlock ()
|
|
Packit |
7cfc04 |
for the corresponding range or by
|
|
Packit |
7cfc04 |
.BR munlockall ().
|
|
Packit |
7cfc04 |
Pages which are mapped to several locations or by several processes stay
|
|
Packit |
7cfc04 |
locked into RAM as long as they are locked at least at one location or by
|
|
Packit |
7cfc04 |
at least one process.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
If a call to
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
which uses the
|
|
Packit |
7cfc04 |
.B MCL_FUTURE
|
|
Packit |
7cfc04 |
flag is followed by another call that does not specify this flag, the
|
|
Packit |
7cfc04 |
changes made by the
|
|
Packit |
7cfc04 |
.B MCL_FUTURE
|
|
Packit |
7cfc04 |
call will be lost.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.BR mlock2 ()
|
|
Packit |
7cfc04 |
.B MLOCK_ONFAULT
|
|
Packit |
7cfc04 |
flag and the
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
.B MCL_ONFAULT
|
|
Packit |
7cfc04 |
flag allow efficient memory locking for applications that deal with
|
|
Packit |
7cfc04 |
large mappings where only a (small) portion of pages in the mapping are touched.
|
|
Packit |
7cfc04 |
In such cases, locking all of the pages in a mapping would incur
|
|
Packit |
7cfc04 |
a significant penalty for memory locking.
|
|
Packit |
7cfc04 |
.SS Linux notes
|
|
Packit |
7cfc04 |
Under Linux,
|
|
Packit |
7cfc04 |
.BR mlock (),
|
|
Packit |
7cfc04 |
.BR mlock2 (),
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR munlock ()
|
|
Packit |
7cfc04 |
automatically round
|
|
Packit |
7cfc04 |
.I addr
|
|
Packit |
7cfc04 |
down to the nearest page boundary.
|
|
Packit |
7cfc04 |
However, the POSIX.1 specification of
|
|
Packit |
7cfc04 |
.BR mlock ()
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR munlock ()
|
|
Packit |
7cfc04 |
allows an implementation to require that
|
|
Packit |
7cfc04 |
.I addr
|
|
Packit |
7cfc04 |
is page aligned, so portable applications should ensure this.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.I VmLck
|
|
Packit |
7cfc04 |
field of the Linux-specific
|
|
Packit |
7cfc04 |
.I /proc/[pid]/status
|
|
Packit |
7cfc04 |
file shows how many kilobytes of memory the process with ID
|
|
Packit |
7cfc04 |
.I PID
|
|
Packit |
7cfc04 |
has locked using
|
|
Packit |
7cfc04 |
.BR mlock (),
|
|
Packit |
7cfc04 |
.BR mlock2 (),
|
|
Packit |
7cfc04 |
.BR mlockall (),
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR mmap (2)
|
|
Packit |
7cfc04 |
.BR MAP_LOCKED .
|
|
Packit |
7cfc04 |
.SS Limits and permissions
|
|
Packit |
7cfc04 |
In Linux 2.6.8 and earlier,
|
|
Packit |
7cfc04 |
a process must be privileged
|
|
Packit |
7cfc04 |
.RB ( CAP_IPC_LOCK )
|
|
Packit |
7cfc04 |
in order to lock memory and the
|
|
Packit |
7cfc04 |
.B RLIMIT_MEMLOCK
|
|
Packit |
7cfc04 |
soft resource limit defines a limit on how much memory the process may lock.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Since Linux 2.6.9, no limits are placed on the amount of memory
|
|
Packit |
7cfc04 |
that a privileged process can lock and the
|
|
Packit |
7cfc04 |
.B RLIMIT_MEMLOCK
|
|
Packit |
7cfc04 |
soft resource limit instead defines a limit on how much memory an
|
|
Packit |
7cfc04 |
unprivileged process may lock.
|
|
Packit |
7cfc04 |
.SH BUGS
|
|
Packit |
7cfc04 |
In Linux 4.8 and earlier,
|
|
Packit |
7cfc04 |
a bug in the kernel's accounting of locked memory for unprivileged processes
|
|
Packit |
7cfc04 |
(i.e., without
|
|
Packit |
7cfc04 |
.BR CAP_IPC_LOCK )
|
|
Packit |
7cfc04 |
meant that if the region specified by
|
|
Packit |
7cfc04 |
.I addr
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.I len
|
|
Packit |
7cfc04 |
overlapped an existing lock,
|
|
Packit |
7cfc04 |
then the already locked bytes in the overlapping region were counted twice
|
|
Packit |
7cfc04 |
when checking against the limit.
|
|
Packit |
7cfc04 |
Such double accounting could incorrectly calculate a "total locked memory"
|
|
Packit |
7cfc04 |
value for the process that exceeded the
|
|
Packit |
7cfc04 |
.BR RLIMIT_MEMLOCK
|
|
Packit |
7cfc04 |
limit, with the result that
|
|
Packit |
7cfc04 |
.BR mlock ()
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR mlock2()
|
|
Packit |
7cfc04 |
would fail on requests that should have succeeded.
|
|
Packit |
7cfc04 |
This bug was fixed
|
|
Packit |
7cfc04 |
.\" commit 0cf2f6f6dc605e587d2c1120f295934c77e810e8
|
|
Packit |
7cfc04 |
in Linux 4.9
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
In the 2.4 series Linux kernels up to and including 2.4.17,
|
|
Packit |
7cfc04 |
a bug caused the
|
|
Packit |
7cfc04 |
.BR mlockall ()
|
|
Packit |
7cfc04 |
.B MCL_FUTURE
|
|
Packit |
7cfc04 |
flag to be inherited across a
|
|
Packit |
7cfc04 |
.BR fork (2).
|
|
Packit |
7cfc04 |
This was rectified in kernel 2.4.18.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Since kernel 2.6.9, if a privileged process calls
|
|
Packit |
7cfc04 |
.I mlockall(MCL_FUTURE)
|
|
Packit |
7cfc04 |
and later drops privileges (loses the
|
|
Packit |
7cfc04 |
.B CAP_IPC_LOCK
|
|
Packit |
7cfc04 |
capability by, for example,
|
|
Packit |
7cfc04 |
setting its effective UID to a nonzero value),
|
|
Packit |
7cfc04 |
then subsequent memory allocations (e.g.,
|
|
Packit |
7cfc04 |
.BR mmap (2),
|
|
Packit |
7cfc04 |
.BR brk (2))
|
|
Packit |
7cfc04 |
will fail if the
|
|
Packit |
7cfc04 |
.B RLIMIT_MEMLOCK
|
|
Packit |
7cfc04 |
resource limit is encountered.
|
|
Packit |
7cfc04 |
.\" See the following LKML thread:
|
|
Packit |
7cfc04 |
.\" http://marc.theaimsgroup.com/?l=linux-kernel&m=113801392825023&w=2
|
|
Packit |
7cfc04 |
.\" "Rationale for RLIMIT_MEMLOCK"
|
|
Packit |
7cfc04 |
.\" 23 Jan 2006
|
|
Packit |
7cfc04 |
.SH SEE ALSO
|
|
Packit |
7cfc04 |
.BR mincore (2),
|
|
Packit |
7cfc04 |
.BR mmap (2),
|
|
Packit |
7cfc04 |
.BR setrlimit (2),
|
|
Packit |
7cfc04 |
.BR shmctl (2),
|
|
Packit |
7cfc04 |
.BR sysconf (3),
|
|
Packit |
7cfc04 |
.BR proc (5),
|
|
Packit |
7cfc04 |
.BR capabilities (7)
|
|
Packit |
7cfc04 |
.SH COLOPHON
|
|
Packit |
7cfc04 |
This page is part of release 4.15 of the Linux
|
|
Packit |
7cfc04 |
.I man-pages
|
|
Packit |
7cfc04 |
project.
|
|
Packit |
7cfc04 |
A description of the project,
|
|
Packit |
7cfc04 |
information about reporting bugs,
|
|
Packit |
7cfc04 |
and the latest version of this page,
|
|
Packit |
7cfc04 |
can be found at
|
|
Packit |
7cfc04 |
\%https://www.kernel.org/doc/man\-pages/.
|