Out of memory due to mlock

[user-none]

s2n_realloc call mlock. s2n_free does not call munlock. This can lead to an out of memory condition.

According to https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_MRG/1.3/html/Realtime_Reference_Guide/sect-Realtime_Reference_Guide-Memory_allocation-Using_mlock_to_avoid_memory_faults.html munlock is necessary when freeing the locked memory.

According to http://www.freebsd.org/cgi/man.cgi?query=mlock "Unlocking is performed explicitly by munlock() or implicitly by a call to munmap()"

Testing on Ubuntu 14.04.2 LTS continued use of mlock without a corresponding munlock after (can also be done before but I don't think it should) free will not allow the memory to be reused.

[user-none]

Looks unlock might not be enough. mlock is controlled by RLIMIT_MEMLOCK (ulimit -l). Ubuntu is setting this to 64 KB (even for root). If the total locked memory exceeds this mlock will fail.

Increasing the limit will avoid this problem. However, this may not be feasible in all situations.

Also, the FreeBSD documentation above says that use of mlock can be restricted to super-user only.

This relates to this OpenVPN bug, https://community.openvpn.net/openvpn/ticket/293 also discussed at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406895

[user-none]

Test case https://gist.github.com/user-none/6c627e97f65a31c5bc1e . keeps calling s2n_config_new until an out of memory error occurs. As stated n the gist valgrind showed 34,977 bytes allocated.

Commenting out the mlock if statement in utils/s2n_mem.c the test passes.

[colmmacc]

Is it that the limit may not even be raised for/by root? On my system I can raise the limit arbitrarily, but I'm also running a custom kernel and am not certain what parts are custom.

[user-none]

Root can raise the limit. On Ubuntu by default only root can raise the limit. It is also possible to have it raised permanently the same as other limits.

Think of s2n being used in s client application like a we browser. Any one wanting to use the application will need to reconfigure the OS. Personally, if I were told I needed to start changing OS level settings in order to use something like a web browser I'd look for a different web browser.

Not everyone may be able to raise the limit. A university computer lab for example. Students would not have access to make this change.

On Friday, July 3, 2015, Colm MacCárthaigh notifications@github.com wrote:

Is it that the limit may not even be raised for/by root? On my system I can raise the limit arbitrarily, but I'm also running a custom kernel and am not certain what parts are custom.

— Reply to this email directly or view it on GitHub https://github.com/awslabs/s2n/issues/108#issuecomment-118234021.

[user-none]

@BigBoneDaddy root can change the limit permanently for users but it still needs to be done manually.

Also, don't forget that this prevents the applications memory from being written to swap. So even with the limit removed you can still have an out of memory condition if physical memory is exhausted even when it wouldn't happen because swap is available.

On Friday, July 3, 2015, BigBoneDaddy notifications@github.com wrote:

@user-none https://github.com/user-none Good points I would NEVER run my internet web browser as root too that would be insane in the membrane!

— Reply to this email directly or view it on GitHub https://github.com/awslabs/s2n/issues/108#issuecomment-118328801.

[raycoll]

I think #200 #195 should fix this. You can set the env var S2N_DONT_MLOCK if you aren't interested/able to increase the memlock limit.