Imported linux-2.6.27.39 suse/xen patches.

[ipfire-2.x.git] / src / patches / suse-2.6.27.39 / patches.suse / rlimit-memlock-64k.patch

diff --git a/src/patches/suse-2.6.27.39/patches.suse/rlimit-memlock-64k.patch b/src/patches/suse-2.6.27.39/patches.suse/rlimit-memlock-64k.patch
new file mode 100644 (file)
index 0000000..c540379
--- /dev/null
+++ b/src/patches/suse-2.6.27.39/patches.suse/rlimit-memlock-64k.patch
@@ -0,0 +1,34 @@
+From: Kurt Garloff <garloff@suse.de>
+Subject: Increase default RLIMIT_MEMLOCK to 64k
+References: bnc#329675
+Patch-Mainline: mm-increase-the-default-mlock-limit-from-32k-to-64k.patch (2.6.28-rc-mm)
+
+By default, non-privileged tasks can only mlock() a small amount of
+memory to avoid a DoS attack by ordinary users. The Linux kernel
+defaulted to 32k (on a 4k page size system) to accommodate the
+needs of gpg.
+However, newer gpg2 needs 64k in various circumstances and otherwise
+fails miserably, see bnc#329675.
+
+Change the default to 64k, and make it more agnostic to PAGE_SIZE.
+
+Signed-off-by: Kurt Garloff <garloff@suse.de>
+Signed-off-by: Nick Piggin <npiggin@suse.de>
+---
+Index: linux-2.6.27/include/linux/resource.h
+===================================================================
+--- linux-2.6.27.orig/include/linux/resource.h
++++ linux-2.6.27/include/linux/resource.h
+@@ -59,10 +59,10 @@ struct rlimit {
+ #define _STK_LIM      (8*1024*1024)
+ 
+ /*
+- * GPG wants 32kB of mlocked memory, to make sure pass phrases
++ * GPG2 wants 64kB of mlocked memory, to make sure pass phrases
+  * and other sensitive information are never written to disk.
+  */
+-#define MLOCK_LIMIT   (8 * PAGE_SIZE)
++#define MLOCK_LIMIT   ((PAGE_SIZE > 64*1024) ? PAGE_SIZE : 64*1024)
+ 
+ /*
+  * Due to binary compatibility, the actual resource numbers