Re: [Jack-Devel] debian jack/pulse support [ was : Re: JACK in Chrome !! ]

Prev	Next Index
Date	Thu, 17 Jan 2013 14:38:34 +0100
From	David Henningsson <[hidden] at canonical dot com>
To	Paul Davis <[hidden] at linuxaudiosystems dot com>
Cc	JACK <[hidden] at lists dot jackaudio dot org>
In-Reply-To	Paul Davis Re: [Jack-Devel] debian jack/pulse support [ was : Re: JACK in Chrome !! ]

On 01/17/2013 01:48 PM, Paul Davis wrote:
>
>
>
> On Thu, Jan 17, 2013 at 7:33 AM, David Henningsson
> <[hidden]
> <mailto:[hidden]>> wrote:
>
>     On 01/17/2013 12:57 PM, Paul Davis wrote:
>
>
>
>         that document includes this line:
>
>         "This can be necessary for running low-latency audio without
>         drop-outs,
>         but is bad from a security and stability point of view, as a process
>         running with real-time privileges can lock up the entire system
>         completely. "
>
>         this is no longer true. it is trivial to configure the amount of
>         time
>         that RT-scheduled tasks can consume. it can no longer be used as an
>         explanation of why RT scheduling is problematic.
>
>
>     I'm not a security expert, so excuse me if these are stupid
>     questions, but...
>
>     First, I tried to look this up on
>     http://jackaudio.org/linux_rt___config
>     <http://jackaudio.org/linux_rt_config> but I saw no such documentation.
>
>
> from my experience to date, all distros come with this already
> configured because it is the default in the kernel. the kernel reserves
> a (small) amount of time for non RT-scheduled tasks.
>
> we also have not documented it for two additional reasons:
>
>     (1) we don't want to suggest that users should be messing with these
> kernel parameters
>     (2) confusion about cgroups, which has been made worse by different
> distributions (initially, at least) doing very different things with cgroups
>
>     Second, your argument seems to apply to RT scheduling only - what
>     about memlock?
>
>
> memlock cannot cause the machine to lock up. it can cause other
> problems, but they are more akin to a swap storm than a lock up, and
> like RT scheduling, the amount that the user can lock can be finely
> controlled (though it would be nice if the syntax for the relevant files
> allowed expressions like "80%" rather than fixed amounts of space.
>
>     Third, if you were a maintainer of an general purpose distro, that
>     should be able to do everything from pro-audio, consumer audio,
>     gaming, run on laptops with decent battery life, to multi-user ssh
>     and web servers and all that, how do you recommend we set RT and
>     memlock privileges for the user by default?
>
>
> at this point in time, i personally can see absolutely no reason why a
> regular user should not have access to RT scheduling or memlock if the
> kernel and PAM (or equivalent) are normally and appropriately
> configured. give the user the ability to memlock 75% of the system RAM,
> make sure that the RT scheduling parameters reserve 5% of the CPU for
> non-RT tasks. done.
>

Thanks for your answers. I'm not knowledgeable enough to tell if you're 
right or wrong, but I just brought it up on the ubuntu-devel mailinglist 
to see what other people have to say about it.

https://lists.ubuntu.com/archives/ubuntu-devel/2013-January/036336.html


-- 
David Henningsson, Canonical Ltd.
https://launchpad.net/~diwic

Prev	Next Index

1358429926.14764_0.ltw:2,a <50F7FEDA.9030004 at canonical dot com>