如何限制用户或应用程序使用大页面支持? [英] How to restrict users or applications from using hugepage support?

问题描述

我们部署和使用(内部自行开发的应用程序)所有这些实际上都使用大页面并使用mmap()syscall.但是我希望限制某些应用程序实际使用巨大的页面支持.可以通过对代码进行任何更改或可以实施的系统范围内的配置选项来实现此目标吗?如果需要，我不久将在syscall上更新一些代码示例.

We deploy and use (home grown applications internally) all of which actually use hugepage and uses mmap() syscall. But I would prefer to restrict some of the applications from actually using huge page support. Can this be achived by any changes in the code or any system wide config options which could be implemented ? I will shortly update with some code samples on the syscall, if required.

推荐答案

我建议在/etc/sysctl.conf中设置和使用内核可调选项vm.hugetlb_shm_group=<GID>，或者通过

I would recommend setting and using the kernel tunable option vm.hugetlb_shm_group=<GID> in /etc/sysctl.conf or manually through hugeadm command. The example below means only members of group mygroup(2341) can allocate "huge" Shared memory segment

vm.hugetlb_shm_group = 2341

注意:只有vm.hugetlb_shm_group内核可调参数中列出的组(用户的一部分)，sysctl才能使用shmget()和shmat()调用来访问HugePage.但是，任何调用mmap()的用户都可以访问HugePages.如果仅使用mmap()，则您的代码可能需要相应地进行一些更改.

Note: Only (the users part of) the group listed in vm.hugetlb_shm_group kernel tunable, sysctl will be able to use shmget() and shmat() calls to access the HugePages. However any user calling mmap() can access HugePages. Your code may require some some changes accordingly, if only using mmap().

只能将一组定义为vm.hugetlb_shm_group.在更新/etc/sysctl.conf文件中的内核参数的值之后，请重新启动计算机，或运行命令sysctl -p以使/etc/sysctl.conf文件中的更改在活动的内核内存中可用.

Only one group can be defined as the vm.hugetlb_shm_group. After updating the values of kernel parameters in the /etc/sysctl.conf file, either restart the computer, or run the command sysctl -p to make the changes in the /etc/sysctl.conf file available in the active kernel memory.

引用: hugeadm命令.

-set-shm-group =

--set-shm-group=

在/proc/sys/vm/hugetlb_shm_group中指定的组中的用户被授予对大页面的完全访问权限. sysctl带有数字gid，但是此hugeadm选项可以使用gid或组名为您设置它.

Users in the group specified in /proc/sys/vm/hugetlb_shm_group are granted full access to huge pages. The sysctl takes a numeric gid, but this hugeadm option can set it for you, using either a gid or group name.

这篇关于如何限制用户或应用程序使用大页面支持?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！