Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Paul Davis <paul <at> linuxaudiosystems.com>
Subject: Re: debian jack/pulse support [ was : Re: JACK in Chrome !! ]
Newsgroups: gmane.comp.audio.jackit
Date: Thursday 17th January 2013 12:48:05 UTC (over 4 years ago)
On Thu, Jan 17, 2013 at 7:33 AM, David Henningsson <
[email protected]> wrote:

> On 01/17/2013 12:57 PM, Paul Davis wrote:
>
>>
>>
>> that document includes this line:
>>
>> "This can be necessary for running low-latency audio without drop-outs,
>> but is bad from a security and stability point of view, as a process
>> running with real-time privileges can lock up the entire system
>> completely. "
>>
>> this is no longer true. it is trivial to configure the amount of time
>> that RT-scheduled tasks can consume. it can no longer be used as an
>> explanation of why RT scheduling is problematic.
>>
>
> I'm not a security expert, so excuse me if these are stupid questions,
> but...
>
> First, I tried to look this up on http://jackaudio.org/linux_rt_**config<http://jackaudio.org/linux_rt_config>but
I saw no such documentation.
>

from my experience to date, all distros come with this already configured
because it is the default in the kernel. the kernel reserves a (small)
amount of time for non RT-scheduled tasks.

we also have not documented it for two additional reasons:

   (1) we don't want to suggest that users should be messing with these
kernel parameters
   (2) confusion about cgroups, which has been made worse by different
distributions (initially, at least) doing very different things with
cgroups


> Second, your argument seems to apply to RT scheduling only - what about
> memlock?
>

memlock cannot cause the machine to lock up. it can cause other problems,
but they are more akin to a swap storm than a lock up, and like RT
scheduling, the amount that the user can lock can be finely controlled
(though it would be nice if the syntax for the relevant files allowed
expressions like "80%" rather than fixed amounts of space.


> Third, if you were a maintainer of an general purpose distro, that should
> be able to do everything from pro-audio, consumer audio, gaming, run on
> laptops with decent battery life, to multi-user ssh and web servers and
all
> that, how do you recommend we set RT and memlock privileges for the user
by
> default?
>

at this point in time, i personally can see absolutely no reason why a
regular user should not have access to RT scheduling or memlock if the
kernel and PAM (or equivalent) are normally and appropriately configured.
give the user the ability to memlock 75% of the system RAM, make sure that
the RT scheduling parameters reserve 5% of the CPU for non-RT tasks. done.
 
CD: 18ms