2004-11-03 13:51:07 +00:00
|
|
|
.\" Hey Emacs! This file is -*- nroff -*- source.
|
|
|
|
.\"
|
2004-11-25 14:39:43 +00:00
|
|
|
.\" Copyright (C) Michael Kerrisk, 2004
|
|
|
|
.\" using some material drawn from earlier man pages
|
|
|
|
.\" written by Thomas Kuhn, Copyright 1996
|
2004-11-03 13:51:07 +00:00
|
|
|
.\"
|
|
|
|
.\" This is free documentation; you can redistribute it and/or
|
|
|
|
.\" modify it under the terms of the GNU General Public License as
|
|
|
|
.\" published by the Free Software Foundation; either version 2 of
|
|
|
|
.\" the License, or (at your option) any later version.
|
|
|
|
.\"
|
|
|
|
.\" The GNU General Public License's references to "object code"
|
|
|
|
.\" and "executables" are to be interpreted as the output of any
|
|
|
|
.\" document formatting or typesetting system, including
|
|
|
|
.\" intermediate and printed output.
|
|
|
|
.\"
|
|
|
|
.\" This manual is distributed in the hope that it will be useful,
|
|
|
|
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
.\" GNU General Public License for more details.
|
|
|
|
.\"
|
|
|
|
.\" You should have received a copy of the GNU General Public
|
|
|
|
.\" License along with this manual; if not, write to the Free
|
2004-11-25 14:39:43 +00:00
|
|
|
.\" Software Foundation, Inc., 59 Temple Place, Suite 330,
|
|
|
|
.\" Boston, MA 02111, USA.
|
2004-11-25 13:33:38 +00:00
|
|
|
.\"
|
2006-07-21 00:12:36 +00:00
|
|
|
.TH MLOCK 2 2006-02-04 "Linux 2.6.15" "Linux Programmer's Manual"
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NAME
|
2004-11-25 14:39:43 +00:00
|
|
|
mlock, munlock, mlockall, munlockall \- lock and unlock memory
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH SYNOPSIS
|
|
|
|
.nf
|
|
|
|
.B #include <sys/mman.h>
|
|
|
|
.sp
|
|
|
|
\fBint mlock(const void *\fIaddr\fB, size_t \fIlen\fB);
|
2004-11-25 14:39:43 +00:00
|
|
|
.sp
|
|
|
|
\fBint munlock(const void *\fIaddr\fB, size_t \fIlen\fB);
|
|
|
|
.sp
|
|
|
|
\fBint mlockall(int \fIflags\fB);
|
|
|
|
.sp
|
|
|
|
\fBint munlockall(void);
|
2004-11-03 13:51:07 +00:00
|
|
|
.fi
|
|
|
|
.SH DESCRIPTION
|
2004-11-25 14:39:43 +00:00
|
|
|
.BR mlock ()
|
|
|
|
and
|
|
|
|
.BR mlockall ()
|
|
|
|
respectively lock part or all of the calling process's virtual address
|
|
|
|
space into RAM, preventing that memory from being paged to the
|
|
|
|
swap area.
|
|
|
|
.BR munlock ()
|
|
|
|
and
|
|
|
|
.BR munlockall ()
|
|
|
|
perform the converse operation,
|
|
|
|
respectively unlocking part or all of the calling process's virtual
|
2004-12-13 07:23:31 +00:00
|
|
|
address space, so that pages in the specified virtual address range may
|
|
|
|
once more to be swapped out if required by the kernel memory manager.
|
|
|
|
Memory locking and unlocking are performed in units of whole pages.
|
2004-11-25 14:39:43 +00:00
|
|
|
.SS "mlock() and munlock()"
|
|
|
|
.BR mlock ()
|
|
|
|
locks pages in the address range starting at
|
2004-11-03 13:51:07 +00:00
|
|
|
.I addr
|
2004-11-25 14:39:43 +00:00
|
|
|
and continuing for
|
2004-11-03 13:51:07 +00:00
|
|
|
.I len
|
2004-11-25 14:39:43 +00:00
|
|
|
bytes.
|
|
|
|
All pages that contain a part of the specified address range are
|
|
|
|
guaranteed to be resident in RAM when the call returns successfully;
|
|
|
|
the pages are guaranteed to stay in RAM until later unlocked.
|
|
|
|
|
|
|
|
.BR munlock ()
|
|
|
|
unlocks pages in the address range starting at
|
|
|
|
.I addr
|
|
|
|
and continuing for
|
|
|
|
.I len
|
|
|
|
bytes.
|
|
|
|
After this call, all pages that contain a part of the specified
|
|
|
|
memory range can be moved to external swap space again by the kernel.
|
|
|
|
.SS "mlockall() and munlockall()"
|
|
|
|
.BR mlockall ()
|
|
|
|
locks all pages mapped into the address space of the
|
|
|
|
calling process. This includes the pages of the code, data and stack
|
|
|
|
segment, as well as shared libraries, user space kernel data, shared
|
|
|
|
memory, and memory\-mapped files. All mapped pages are guaranteed
|
|
|
|
to be resident in RAM when the call returns successfully;
|
|
|
|
the pages are guaranteed to stay in RAM until later unlocked.
|
2004-11-03 13:51:07 +00:00
|
|
|
|
2004-11-25 14:39:43 +00:00
|
|
|
The
|
|
|
|
.I flags
|
|
|
|
argument is constructed as the bitwise OR of one or more of the
|
|
|
|
following constants:
|
|
|
|
.TP 1.2i
|
|
|
|
.B MCL_CURRENT
|
|
|
|
Lock all pages which are currently mapped into the address space of
|
|
|
|
the process.
|
|
|
|
.TP
|
|
|
|
.B MCL_FUTURE
|
|
|
|
Lock all pages which will become mapped into the address space of the
|
|
|
|
process in the future. These could be for instance new pages required
|
|
|
|
by a growing heap and stack as well as new memory mapped files or
|
|
|
|
shared memory regions.
|
|
|
|
.PP
|
|
|
|
If
|
|
|
|
.B MCL_FUTURE
|
2004-12-01 09:43:35 +00:00
|
|
|
has been specified, then a later system call (e.g.,
|
|
|
|
.BR mmap (2),
|
|
|
|
.BR sbrk (2),
|
|
|
|
.BR malloc (3)),
|
|
|
|
may fail if it would cause the number of locked bytes to exceed
|
|
|
|
the permitted maximum (see below).
|
|
|
|
In the same circumstances, stack growth may likewise fail:
|
|
|
|
the kernel will deny stack expansion and deliver a
|
|
|
|
.BR SIGSEGV
|
|
|
|
signal to the process.
|
2004-11-25 14:39:43 +00:00
|
|
|
|
|
|
|
.BR munlockall ()
|
|
|
|
unlocks all pages mapped into the address space of the
|
|
|
|
calling process.
|
|
|
|
.SH "NOTES"
|
2004-11-03 13:51:07 +00:00
|
|
|
Memory locking has two main applications: real-time algorithms and
|
|
|
|
high-security data processing. Real-time applications require
|
|
|
|
deterministic timing, and, like scheduling, paging is one major cause
|
|
|
|
of unexpected program execution delays. Real-time applications will
|
2004-11-25 14:39:43 +00:00
|
|
|
usually also switch to a real-time scheduler with
|
|
|
|
.BR sched_setscheduler (2).
|
2004-11-03 13:51:07 +00:00
|
|
|
Cryptographic security software often handles critical bytes like
|
|
|
|
passwords or secret keys as data structures. As a result of paging,
|
|
|
|
these secrets could be transferred onto a persistent swap store medium,
|
|
|
|
where they might be accessible to the enemy long after the security
|
|
|
|
software has erased the secrets in RAM and terminated.
|
|
|
|
(But be aware that the suspend mode on laptops and some desktop
|
|
|
|
computers will save a copy of the system's RAM to disk, regardless
|
|
|
|
of memory locks.)
|
|
|
|
|
2004-11-25 14:39:43 +00:00
|
|
|
Real-time processes that are using
|
|
|
|
.BR mlockall ()
|
|
|
|
to prevent delays on page faults should reserve enough
|
|
|
|
locked stack pages before entering the time-critical section,
|
|
|
|
so that no page fault can be caused by function calls.
|
|
|
|
This can be achieved by calling a function that allocates a
|
|
|
|
sufficiently large automatic variable (an array) and writes to the
|
|
|
|
memory occupied by this array in order to touch these stack pages.
|
|
|
|
This way, enough pages will be mapped for the stack and can be
|
|
|
|
locked into RAM. The dummy writes ensure that not even copy-on-write
|
|
|
|
page faults can occur in the critical section.
|
|
|
|
|
|
|
|
Memory locks are not inherited by a child created via
|
|
|
|
.BR fork (2)
|
|
|
|
and are automatically removed (unlocked) during an
|
|
|
|
.BR execve (2)
|
|
|
|
or when the process terminates.
|
|
|
|
|
|
|
|
The memory lock on an address range is automatically removed
|
|
|
|
if the address range is unmapped via
|
|
|
|
.BR munmap (2).
|
|
|
|
|
2004-11-03 13:51:07 +00:00
|
|
|
Memory locks do not stack, i.e., pages which have been locked several times
|
|
|
|
by calls to
|
2004-11-25 14:39:43 +00:00
|
|
|
.BR mlock ()
|
2004-11-03 13:51:07 +00:00
|
|
|
or
|
2004-11-25 14:39:43 +00:00
|
|
|
.BR mlockall ()
|
2004-11-03 13:51:07 +00:00
|
|
|
will be unlocked by a single call to
|
2004-11-25 14:39:43 +00:00
|
|
|
.BR munlock ()
|
2004-11-03 13:51:07 +00:00
|
|
|
for the corresponding range or by
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR munlockall ().
|
2004-11-03 13:51:07 +00:00
|
|
|
Pages which are mapped to several locations or by several processes stay
|
|
|
|
locked into RAM as long as they are locked at least at one location or by
|
|
|
|
at least one process.
|
2004-11-25 14:39:43 +00:00
|
|
|
.SH "LINUX NOTES"
|
|
|
|
Under Linux,
|
|
|
|
.BR mlock ()
|
2004-11-03 13:51:07 +00:00
|
|
|
and
|
2004-11-25 14:39:43 +00:00
|
|
|
.BR munlock ()
|
|
|
|
automatically round
|
2004-11-03 13:51:07 +00:00
|
|
|
.I addr
|
2004-11-25 14:39:43 +00:00
|
|
|
down to the nearest page boundary.
|
2006-08-03 13:57:17 +00:00
|
|
|
However, POSIX.1-2001 allows an implementation to require that
|
2004-11-03 13:51:07 +00:00
|
|
|
.I addr
|
|
|
|
is page aligned, so portable applications should ensure this.
|
2004-11-25 14:39:43 +00:00
|
|
|
.SS "Limits and permissions"
|
|
|
|
In Linux 2.6.8 and earlier,
|
|
|
|
a process must be privileged
|
|
|
|
.RB ( CAP_IPC_LOCK )
|
|
|
|
in order to lock memory and the
|
|
|
|
.B RLIMIT_MEMLOCK
|
|
|
|
soft resource limit defines a limit on how much memory the process may lock.
|
2004-11-25 13:33:38 +00:00
|
|
|
|
2004-11-25 14:39:43 +00:00
|
|
|
Since Linux 2.6.9, no limits are placed on the amount of memory
|
|
|
|
that a privileged process can lock and the
|
|
|
|
.B RLIMIT_MEMLOCK
|
|
|
|
soft resource limit instead defines a limit on how much memory an
|
|
|
|
unprivileged process may lock.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "RETURN VALUE"
|
2004-11-25 14:39:43 +00:00
|
|
|
On success these system calls return 0.
|
|
|
|
On error, \-1 is returned,
|
2004-11-03 13:51:07 +00:00
|
|
|
.I errno
|
|
|
|
is set appropriately, and no changes are made to any locks in the
|
|
|
|
address space of the process.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
2004-11-25 14:39:43 +00:00
|
|
|
.B ENOMEM
|
|
|
|
(Linux 2.6.9 and later) the caller had a non-zero
|
|
|
|
.B RLIMIT_MEMLOCK
|
|
|
|
soft resource limit, but tried to lock more memory than the limit
|
|
|
|
permitted.
|
|
|
|
This limit is not enforced if the process is privileged
|
|
|
|
.RB ( CAP_IPC_LOCK ).
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B ENOMEM
|
2004-11-25 14:39:43 +00:00
|
|
|
(Linux 2.4 and earlier) the calling process tried to lock more than
|
|
|
|
half of RAM.
|
2004-12-01 09:43:35 +00:00
|
|
|
.\" In the case of mlock(), this check is somewhat buggy: it doesn't
|
|
|
|
.\" take into account whether the to-be-locked range overlaps with
|
|
|
|
.\" already locked pages. Thus, suppose we allocate
|
|
|
|
.\" (num_physpages / 4 + 1) of memory, and lock those pages once using
|
|
|
|
.\" mlock(), and then lock the *same* page range a second time.
|
|
|
|
.\" In the case, the second mlock() call will fail, since the check
|
|
|
|
.\" calculates that the process is trying to lock (num_physpages / 2 + 2)
|
|
|
|
.\" pages, which of course is not true. (MTK, Nov 04, kernel 2.4.28)
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B EPERM
|
2004-11-25 14:39:43 +00:00
|
|
|
(Linux 2.6.9 and later) the caller was not privileged
|
|
|
|
.RB ( CAP_IPC_LOCK )
|
|
|
|
and its
|
|
|
|
.B RLIMIT_MEMLOCK
|
|
|
|
soft resource limit was 0.
|
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
(Linux 2.6.8 and earlier)
|
2004-11-03 13:51:07 +00:00
|
|
|
The calling process has insufficient privilege to call
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR munlockall ().
|
2004-11-03 13:51:07 +00:00
|
|
|
Under Linux the
|
|
|
|
.B CAP_IPC_LOCK
|
|
|
|
capability is required.
|
2004-11-25 14:39:43 +00:00
|
|
|
.\"SVr4 documents an additional EAGAIN error code.
|
2004-11-03 13:51:07 +00:00
|
|
|
.LP
|
2004-11-25 14:39:43 +00:00
|
|
|
For
|
|
|
|
.BR mlock ()
|
|
|
|
and
|
|
|
|
.BR munlock ():
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.B EINVAL
|
|
|
|
.I len
|
|
|
|
was negative.
|
2004-11-25 14:39:43 +00:00
|
|
|
.TP
|
|
|
|
.B EINVAL
|
|
|
|
(Not on Linux)
|
|
|
|
.I addr
|
|
|
|
was not a multiple of the page size.
|
|
|
|
.TP
|
|
|
|
.B ENOMEM
|
|
|
|
Some of the specified address range does not correspond to mapped
|
|
|
|
pages in the address space of the process.
|
|
|
|
.LP
|
|
|
|
For
|
|
|
|
.BR mlockall ():
|
|
|
|
.TP
|
|
|
|
.B EINVAL
|
|
|
|
Unknown \fIflags\fP were specified.
|
|
|
|
.LP
|
|
|
|
For
|
|
|
|
.BR munlockall ():
|
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
(Linux 2.6.8 and earlier) The caller was not privileged
|
|
|
|
.RB ( CAP_IPC_LOCK ).
|
|
|
|
.SH "BUGS"
|
|
|
|
In the 2.4 series Linux kernels up to and including 2.4.17,
|
|
|
|
a bug caused the
|
|
|
|
.BR mlockall ()
|
|
|
|
.B MCL_FUTURE
|
|
|
|
flag to be inherited across a
|
|
|
|
.BR fork (2).
|
|
|
|
This was rectified in kernel 2.4.18.
|
2006-02-03 20:56:21 +00:00
|
|
|
|
|
|
|
Since kernel 2.6.9, if a privileged process calls
|
|
|
|
.I mlockall(MCL_FUTURE)
|
|
|
|
and later drops privileges (loses the
|
|
|
|
.B CAP_IPC_LOCK
|
|
|
|
capability by, for example,
|
|
|
|
setting its effective UID to a non-zero value),
|
|
|
|
then subsequent memory allocations (e.g.,
|
|
|
|
.BR mmap (2),
|
|
|
|
.BR brk (2))
|
|
|
|
will fail if the
|
|
|
|
.B RLIMIT_MEMLOCK
|
|
|
|
resource limit is encountered.
|
|
|
|
.\" See the following LKML thread:
|
|
|
|
.\" http://marc.theaimsgroup.com/?l=linux-kernel&m=113801392825023&w=2
|
|
|
|
.\" "Rationale for RLIMIT_MEMLOCK"
|
|
|
|
.\" 23 Jan 2006
|
2004-11-25 14:39:43 +00:00
|
|
|
.SH AVAILABILITY
|
|
|
|
On POSIX systems on which
|
|
|
|
.BR mlock ()
|
|
|
|
and
|
|
|
|
.BR munlock ()
|
|
|
|
are available,
|
|
|
|
.B _POSIX_MEMLOCK_RANGE
|
2005-10-27 11:14:15 +00:00
|
|
|
is defined in <unistd.h> and the number of bytes in a page
|
|
|
|
can be determined from the constant
|
2004-11-25 14:39:43 +00:00
|
|
|
.B PAGESIZE
|
2005-10-27 11:14:15 +00:00
|
|
|
(if defined) in <limits.h> or by calling
|
|
|
|
.IR sysconf(_SC_PAGESIZE) .
|
2004-11-25 14:39:43 +00:00
|
|
|
|
|
|
|
On POSIX systems on which
|
|
|
|
.BR mlockall ()
|
|
|
|
and
|
|
|
|
.BR munlockall ()
|
|
|
|
are available,
|
|
|
|
.B _POSIX_MEMLOCK
|
|
|
|
is defined in <unistd.h> to a value greater than 0. (See also
|
|
|
|
.BR sysconf (3).)
|
2006-08-03 13:57:17 +00:00
|
|
|
.\" POSIX.1-2001: It shall be defined to -1 or 0 or 200112L.
|
2004-11-25 14:39:43 +00:00
|
|
|
.\" -1: unavailable, 0: ask using sysconf().
|
|
|
|
.\" glibc defines it to 1.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "CONFORMING TO"
|
2004-11-25 14:39:43 +00:00
|
|
|
POSIX.1-2001, SVr4
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "SEE ALSO"
|
2004-11-25 14:39:43 +00:00
|
|
|
.BR mmap (2),
|
|
|
|
.BR shmctl (2),
|
2004-11-03 13:51:07 +00:00
|
|
|
.BR setrlimit (2),
|
2004-11-25 14:39:43 +00:00
|
|
|
.BR sysconf (3),
|
2004-11-03 13:51:07 +00:00
|
|
|
.BR capabilities (7)
|