No longer mlock() ntpd pages by default in memory thus allowing its

pages to page as necessary.

To restore historic BSD behaviour add the following to ntp.conf:
	rlimit memlock 32

Discussed on:	freebsd-current@ between Sept 6-9, 2019
Reported by:	Users using ASLR with stack gap != 0
Reviewed by:	ian, kib, rgrimes (all previous versions)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D21581

UPDATING

@@ -26,6 +26,12 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW:
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20190913:
+	ntpd no longer by default locks its pages in memory, allowing them
+	to be paged out by the kernel. Use rlimit memlock to restore
+	historic BSD behaviour. For example, add "rlimit memlock 32"
+	to ntp.conf to lock up to 32 MB of ntpd address space in memory.
+
 20190823:
 	Several of ping6's options have been renamed for better consistency
 	with ping.  If you use any of -ARWXaghmrtwx, you must update your

usr.sbin/ntp/config.h

@@ -287,7 +287,7 @@
 #define DEFAULT_HZ 100
 
 /* Default number of megabytes for RLIMIT_MEMLOCK */
-#define DFLT_RLIMIT_MEMLOCK 32
+#define DFLT_RLIMIT_MEMLOCK -1
 
 /* Default number of 4k pages for RLIMIT_STACK */
 #define DFLT_RLIMIT_STACK 50

usr.sbin/ntp/ntpd/ntp.conf

@@ -102,3 +102,11 @@ restrict ::1
 # Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db.
 #leapfile "/etc/ntp/leap-seconds"
 leapfile "/var/db/ntpd.leap-seconds.list"
+
+# Specify the number of megabytes of memory that should be allocated and
+# locked. -1 (default) means "do not lock the process into memory".
+# 0 means "lock whatever memory the process wants into memory". Any other
+# number means to lock up to that number of megabytes into memory.
+# 0 may result in a segfault when ASLR with stack gap randomization
+# is enabled.
+#rlimit memlock 32