Since the last login.conf update geli segfaults when called as ordinary user or with sudo. fk@r500 ~ $sudo /sbin/geli attach /dev/label/test || tail -n 2 /var/log/messages Dec 30 13:37:30 r500 kernel: [5043] pid 3521 (geli), uid 0: exited on signal 11 Dec 30 13:37:42 r500 sudo: fk : TTY=pts/6 ; PWD=/home/fk ; USER=root ; COMMAND=/sbin/geli attach /dev/label/test The problem seems to be the new locked memory limit default of 64K. Executing geli from a root shell works as expected and setting vm.old_mlock=0 works around the problem. Fix: The attached patch lets geli try to set the limit to 1024K which seems to be sufficient to prevent the segmentation fault and results in a proper error message if the user lacks the required privileges. Patch attached with submission follows: How-To-Repeat: See description.
While geli should definitely be fixed to provide a meaningful error message instead of a crash, we also need to keep it working out of the box. For me, 256K seems to be enough to make it work, but I guess this is a function of the used crypto algorithms and key sizes. Can you maybe adapt the check to figure out how much memory actually needs to be mlocked? Once we come up with a better upper limit, the default in login.conf should be bumped accordingly.
on 08/02/2013 14:16 Ulrich Spörlein said the following: > While geli should definitely be fixed to provide a meaningful error > message instead of a crash, we also need to keep it working out of the > box. > > For me, 256K seems to be enough to make it work, but I guess this is a > function of the used crypto algorithms and key sizes. Can you maybe > adapt the check to figure out how much memory actually needs to be > mlocked? > > Once we come up with a better upper limit, the default in login.conf > should be bumped accordingly. > unlimited is a perfect limit. No program won't complain. -- Andriy Gapon
Ulrich Spörlein <uqs@FreeBSD.org> wrote: > While geli should definitely be fixed to provide a meaningful error > message instead of a crash, we also need to keep it working out of the > box. At least for me the problem was fixed in r248475. Fabian
State Changed From-To: open->patched Patched in r248475.
Responsible Changed From-To: freebsd-bugs->pjd pjd@ fixed this.