From: Harlan Stenn Date: Wed, 23 Sep 2015 10:29:51 +0000 (+0000) Subject: More updates for bug 2817. Harlan Stenn. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a4a144173dfd067259593f0245d087d9c830202;p=thirdparty%2Fntp.git More updates for bug 2817. Harlan Stenn. bk: 56027f1fgGkzsvTYQwbdPldH6_FsDg --- diff --git a/ChangeLog b/ChangeLog index b5c2197ed..8b955ec6b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -118,6 +118,7 @@ fixed formatting. Tomasz Flendrich * Fix progname definition in unity runner scripts. Harlan Stenn. * Clean trailing whitespace in tests/ntpd/Makefile.am. Harlan Stenn. * Update the patch for bug 2817. Harlan Stenn. +* More updates for bug 2817. Harlan Stenn. --- (4.2.8p3) 2015/06/29 Released by Harlan Stenn diff --git a/html/miscopt.html b/html/miscopt.html index ac32419df..c6190222b 100644 --- a/html/miscopt.html +++ b/html/miscopt.html @@ -11,7 +11,7 @@ giffrom Pogo, Walt Kelly

We have three, now looking for more.

Last update: - 29-Jun-2015 05:56 + 23-Sep-2015 10:20 UTC


Related Links

@@ -105,7 +105,7 @@
memlock Nmegabytes
-
Specify the number of megabytes of memory that can be allocated. Probably only available under Linux, this option is useful when dropping root (the -i option). The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
+
Specify the number of megabytes of memory that should be allocated and locked. Probably only available under Linux, this option may be useful when dropping root (the -i option). The default is 32 megabytes on non-Linux machines, and -1 under Linux. -1 means "do not lock the process into memory". 0 means "lock whatever memory the process wants into memory".
stacksize N4kPages
Specifies the maximum size of the process stack on systems with the mlockall() function. Defaults to 50 4k pages (200 4k pages in OpenBSD).
filenum Nfiledescriptors
diff --git a/include/ntp_config.h b/include/ntp_config.h index a74cd552b..bd8f595d9 100644 --- a/include/ntp_config.h +++ b/include/ntp_config.h @@ -46,8 +46,8 @@ extern int cmdline_server_count; extern char ** cmdline_servers; -/* set to zero if admin doesn't want memory locked */ -extern int do_memlock; +/* set to zero if we're not locking memory */ +extern int cur_memlock; typedef struct int_range_tag { int first; diff --git a/ntpd/invoke-ntp.conf.texi b/ntpd/invoke-ntp.conf.texi index 8c8a8a6d2..c1df1693b 100644 --- a/ntpd/invoke-ntp.conf.texi +++ b/ntpd/invoke-ntp.conf.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) # -# It has been AutoGen-ed July 26, 2015 at 06:23:38 AM by AutoGen 5.18.5 +# It has been AutoGen-ed September 23, 2015 at 10:15:09 AM by AutoGen 5.18.5 # From the definitions ntp.conf.def # and the template file agtexi-file.tpl @end ignore @@ -1837,7 +1837,7 @@ re-associate accordingly. Some administrators prefer to avoid running @code{ntpd(1ntpdmdoc)} continuously and run either -@code{ntpdate(8)} +@code{sntp(1sntpmdoc)} or @code{ntpd(1ntpdmdoc)} @code{-q} @@ -2578,12 +2578,15 @@ pulses will not be suppressed. @item @code{rlimit} @code{[@code{memlock} @kbd{Nmegabytes} | @code{stacksize} @kbd{N4kPages} @code{filenum} @kbd{Nfiledescriptors}]} @table @asis @item @code{memlock} @kbd{Nmegabytes} -Specify the number of megabytes of memory that can be allocated. -Probably only available under Linux, this option is useful +Specify the number of megabytes of memory that should be +allocated and locked. +Probably only available under Linux, this option may be useful when dropping root (the @code{-i} option). -The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory. +The default is 32 megabytes on non-Linux machines, and -1 under Linux. +-1 means "do not lock the process into memory". +0 means "lock whatever memory the process wants into memory". @item @code{stacksize} @kbd{N4kPages} Specifies the maximum size of the process stack on systems with the @code{mlockall()} diff --git a/ntpd/ntp.conf.5man b/ntpd/ntp.conf.5man index a57a27dbd..350f09dc1 100644 --- a/ntpd/ntp.conf.5man +++ b/ntpd/ntp.conf.5man @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp.conf 5man "26 Jul 2015" "4.2.8p3" "File Formats" +.TH ntp.conf 5man "23 Sep 2015" "4.2.8p3" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed July 26, 2015 at 06:23:41 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed September 23, 2015 at 10:22:45 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .SH NAME @@ -2080,7 +2080,7 @@ re-associate accordingly. Some administrators prefer to avoid running \fCntpd\f[]\fR(1ntpdmdoc)\f[] continuously and run either -\fCntpdate\f[]\fR(8)\f[] +\fCsntp\f[]\fR(1sntpmdoc)\f[] or \fCntpd\f[]\fR(1ntpdmdoc)\f[] \f\*[B-Font]\-q\f[] @@ -2897,12 +2897,15 @@ pulses will not be suppressed. .RS .TP 7 .NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] -Specify the number of megabytes of memory that can be allocated. -Probably only available under Linux, this option is useful +Specify the number of megabytes of memory that should be +allocated and locked. +Probably only available under Linux, this option may be useful when dropping root (the \f\*[B-Font]\-i\f[] option). -The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory. +The default is 32 megabytes on non-Linux machines, and \-1 under Linux. +-1 means "do not lock the process into memory". +0 means "lock whatever memory the process wants into memory". .TP 7 .NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] Specifies the maximum size of the process stack on systems with the diff --git a/ntpd/ntp.conf.5mdoc b/ntpd/ntp.conf.5mdoc index 7cd5513a1..a5b250d1b 100644 --- a/ntpd/ntp.conf.5mdoc +++ b/ntpd/ntp.conf.5mdoc @@ -1,9 +1,9 @@ -.Dd July 26 2015 +.Dd September 23 2015 .Dt NTP_CONF 5mdoc File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed July 26, 2015 at 06:23:35 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed September 23, 2015 at 10:15:06 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -1903,7 +1903,7 @@ re\-associate accordingly. Some administrators prefer to avoid running .Xr ntpd 1ntpdmdoc continuously and run either -.Xr ntpdate 8 +.Xr sntp 1sntpmdoc or .Xr ntpd 1ntpdmdoc .Fl q @@ -2725,12 +2725,15 @@ pulses will not be suppressed. .Xc .Bl -tag -width indent .It Cm memlock Ar Nmegabytes -Specify the number of megabytes of memory that can be allocated. -Probably only available under Linux, this option is useful +Specify the number of megabytes of memory that should be +allocated and locked. +Probably only available under Linux, this option may be useful when dropping root (the .Fl i option). -The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory. +The default is 32 megabytes on non\-Linux machines, and \-1 under Linux. +-1 means "do not lock the process into memory". +0 means "lock whatever memory the process wants into memory". .It Cm stacksize Ar N4kPages Specifies the maximum size of the process stack on systems with the .Fn mlockall diff --git a/ntpd/ntp.conf.def b/ntpd/ntp.conf.def index 9aeb211b4..43835bc76 100644 --- a/ntpd/ntp.conf.def +++ b/ntpd/ntp.conf.def @@ -2727,12 +2727,15 @@ pulses will not be suppressed. .Xc .Bl -tag -width indent .It Cm memlock Ar Nmegabytes -Specify the number of megabytes of memory that can be allocated. -Probably only available under Linux, this option is useful +Specify the number of megabytes of memory that should be +allocated and locked. +Probably only available under Linux, this option may be useful when dropping root (the .Fl i option). -The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory. +The default is 32 megabytes on non-Linux machines, and -1 under Linux. +-1 means "do not lock the process into memory". +0 means "lock whatever memory the process wants into memory". .It Cm stacksize Ar N4kPages Specifies the maximum size of the process stack on systems with the .Fn mlockall diff --git a/ntpd/ntp.conf.man.in b/ntpd/ntp.conf.man.in index 9db0c59e0..b9468e344 100644 --- a/ntpd/ntp.conf.man.in +++ b/ntpd/ntp.conf.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp.conf 5 "26 Jul 2015" "4.2.8p3" "File Formats" +.TH ntp.conf 5 "23 Sep 2015" "4.2.8p3" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed July 26, 2015 at 06:23:41 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed September 23, 2015 at 10:22:45 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .SH NAME @@ -2080,7 +2080,7 @@ re-associate accordingly. Some administrators prefer to avoid running \fCntpd\f[]\fR(@NTPD_MS@)\f[] continuously and run either -\fCntpdate\f[]\fR(8)\f[] +\fCsntp\f[]\fR(@SNTP_MS@)\f[] or \fCntpd\f[]\fR(@NTPD_MS@)\f[] \f\*[B-Font]\-q\f[] @@ -2897,12 +2897,15 @@ pulses will not be suppressed. .RS .TP 7 .NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] -Specify the number of megabytes of memory that can be allocated. -Probably only available under Linux, this option is useful +Specify the number of megabytes of memory that should be +allocated and locked. +Probably only available under Linux, this option may be useful when dropping root (the \f\*[B-Font]\-i\f[] option). -The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory. +The default is 32 megabytes on non-Linux machines, and \-1 under Linux. +-1 means "do not lock the process into memory". +0 means "lock whatever memory the process wants into memory". .TP 7 .NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] Specifies the maximum size of the process stack on systems with the diff --git a/ntpd/ntp.conf.mdoc.in b/ntpd/ntp.conf.mdoc.in index b1dbd8050..b6f648fb8 100644 --- a/ntpd/ntp.conf.mdoc.in +++ b/ntpd/ntp.conf.mdoc.in @@ -1,9 +1,9 @@ -.Dd July 26 2015 +.Dd September 23 2015 .Dt NTP_CONF 5 File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed July 26, 2015 at 06:23:35 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed September 23, 2015 at 10:15:06 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -1903,7 +1903,7 @@ re\-associate accordingly. Some administrators prefer to avoid running .Xr ntpd @NTPD_MS@ continuously and run either -.Xr ntpdate 8 +.Xr sntp @SNTP_MS@ or .Xr ntpd @NTPD_MS@ .Fl q @@ -2725,12 +2725,15 @@ pulses will not be suppressed. .Xc .Bl -tag -width indent .It Cm memlock Ar Nmegabytes -Specify the number of megabytes of memory that can be allocated. -Probably only available under Linux, this option is useful +Specify the number of megabytes of memory that should be +allocated and locked. +Probably only available under Linux, this option may be useful when dropping root (the .Fl i option). -The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory. +The default is 32 megabytes on non\-Linux machines, and \-1 under Linux. +-1 means "do not lock the process into memory". +0 means "lock whatever memory the process wants into memory". .It Cm stacksize Ar N4kPages Specifies the maximum size of the process stack on systems with the .Fn mlockall diff --git a/ntpd/ntp_config.c b/ntpd/ntp_config.c index 197900f62..85a8265f8 100644 --- a/ntpd/ntp_config.c +++ b/ntpd/ntp_config.c @@ -53,13 +53,21 @@ #include "ntp_parser.h" #include "ntpd-opts.h" +/* Bug 2817 */ +#if defined(HAVE_SYS_MMAN_H) +# include +#endif /* list of servers from command line for config_peers() */ int cmdline_server_count; char ** cmdline_servers; -/* set to zero if admin doesn't want memory locked */ -int do_memlock = 1; +/* Current state of memory locking: + * -1: default + * 0: memory locking disabled + * 1: Memory locking enabled + */ +int cur_memlock = -1; /* * "logconfig" building blocks @@ -2613,18 +2621,32 @@ config_rlimit( break; case T_Memlock: - if (rlimit_av->value.i != 0) { + /* What if we HAVE_OPT(SAVECONFIGQUIT) ? */ + if (rlimit_av->value.i == -1) { + if (cur_memlock != 0) { + if (-1 == munlockall()) { + msyslog(LOG_ERR, "munlockall() failed: %m"); + } + } + cur_memlock = 0; + } else if (rlimit_av->value.i >= 0) { #if defined(RLIMIT_MEMLOCK) + if (cur_memlock != 1) { + if (-1 == mlockall(MCL_CURRENT|MCL_FUTURE)) { + msyslog(LOG_ERR, "mlockall() failed: %m"); + } + } ntp_rlimit(RLIMIT_MEMLOCK, (rlim_t)(rlimit_av->value.i * 1024 * 1024), 1024 * 1024, "MB"); + cur_memlock = 1; #else /* STDERR as well would be fine... */ msyslog(LOG_WARNING, "'rlimit memlock' specified but is not available on this system."); #endif /* RLIMIT_MEMLOCK */ } else { - do_memlock = 0; + msyslog(LOG_WARNING, "'rlimit memlock' value of %d is unexpected!", rlimit_av->value.i); } break; diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c index 6c4fcc2e6..2604f6464 100644 --- a/ntpd/ntpd.c +++ b/ntpd/ntpd.c @@ -785,7 +785,7 @@ ntpdmain( */ getconfig(argc, argv); - if (do_memlock) { + if (-1 == cur_memlock && -1 != DFLT_RLIMIT_MEMLOCK) { # if defined(HAVE_MLOCKALL) /* * lock the process into memory diff --git a/sntp/m4/ntp_rlimit.m4 b/sntp/m4/ntp_rlimit.m4 index 3be1adefc..48d26dd3c 100644 --- a/sntp/m4/ntp_rlimit.m4 +++ b/sntp/m4/ntp_rlimit.m4 @@ -31,7 +31,7 @@ case "$ntp_cv_rlimit_memlock" in AC_SUBST([HAVE_RLIMIT_MEMLOCK]) case "$host" in *-*-*linux*) - ntp_dflt_rlimit_memlock="0" ;; + ntp_dflt_rlimit_memlock="-1" ;; *) ntp_dflt_rlimit_memlock="32" ;; esac HAVE_RLIMIT_MEMLOCK=" memlock $ntp_dflt_rlimit_memlock" ;; @@ -103,7 +103,7 @@ AC_ARG_WITH( [memlock], [AS_HELP_STRING( [--with-memlock], - [? =32 (0 on linux) megabytes] + [? =32 (-1 on linux) megabytes] )], [ans=$withval], [ans=yes]