Issue
We deploy and use (home grown applications internally) all of which actually use hugepages and the mmap() syscall. But I would prefer to restrict some of the applications from actually using huge page support. Can this be achieved by any changes in the code or any system wide config options which could be implemented?
Solution
I would recommend setting and using the kernel tunable option vm.hugetlb_shm_group=<GID> in /etc/sysctl.conf or manually through hugeadm command. The example below means only members of group mygroup(2341) can allocate "huge" Shared memory segment
vm.hugetlb_shm_group = 2341
Note: Only (the users part of) the group listed in vm.hugetlb_shm_group kernel tunable, sysctl will be able to use shmget() and shmat() calls to access the HugePages. However any user calling mmap() can access HugePages. Your code may require some some changes accordingly, if only using mmap().
Only one group can be defined as the vm.hugetlb_shm_group. After updating the values of kernel parameters in the /etc/sysctl.conf file, either restart the computer, or run the command sysctl -p to make the changes in the /etc/sysctl.conf file available in the active kernel memory.
Refer: hugeadm command.
--set-shm-group=
Users in the group specified in /proc/sys/vm/hugetlb_shm_group are granted full access to huge pages. The sysctl takes a numeric gid, but this hugeadm option can set it for you, using either a gid or group name.
Answered By - askb Answer Checked By - Marie Seifert (WPSolving Admin)