On Tue, 7 Jul 2020 08:04:00 +0000, Tal Shnaiderman wrote: > Dmitry, It looks like we got to this stage since hugepage_claim_privilege() > cannot actually detect that "Lock pages" isn't granted to the current user, > as a result we fail on the first usage of a memory management call [in this > case rte_calloc()] without indication to the reason. > > Is it possible to add an actual check that the current user is in the list of > grantees?
Thanks, I'll look into it. > Alternatively, It would be great to have this privilege added > programmatically, I tried the MSDN example in [2] but it didn't work for me > while testing, maybe Microsoft team can check if there is a way to do it? I don't think it's a good idea from security perspective if an application grants its user new privileges implicitly. Process with SeLockMemory privilege can affect overall system performance and stability. -- Dmitry Kozlyuk
