[ipfire-2.x.git] / src / patches / suse-2.6.27.39 / patches.suse / rlimit-memlock-64k.patch

From: Kurt Garloff <garloff@suse.de>
Subject: Increase default RLIMIT_MEMLOCK to 64k
References: bnc#329675
Patch-Mainline: mm-increase-the-default-mlock-limit-from-32k-to-64k.patch (2.6.28-rc-mm)

By default, non-privileged tasks can only mlock() a small amount of
memory to avoid a DoS attack by ordinary users. The Linux kernel
defaulted to 32k (on a 4k page size system) to accommodate the
needs of gpg.
However, newer gpg2 needs 64k in various circumstances and otherwise
fails miserably, see bnc#329675.

Change the default to 64k, and make it more agnostic to PAGE_SIZE.

Signed-off-by: Kurt Garloff <garloff@suse.de>
Signed-off-by: Nick Piggin <npiggin@suse.de>
---
Index: linux-2.6.27/include/linux/resource.h
===================================================================
--- linux-2.6.27.orig/include/linux/resource.h
+++ linux-2.6.27/include/linux/resource.h
@@ -59,10 +59,10 @@ struct rlimit {
 #define _STK_LIM	(8*1024*1024)
 
 /*
- * GPG wants 32kB of mlocked memory, to make sure pass phrases
+ * GPG2 wants 64kB of mlocked memory, to make sure pass phrases
  * and other sensitive information are never written to disk.
  */
-#define MLOCK_LIMIT	(8 * PAGE_SIZE)
+#define MLOCK_LIMIT	((PAGE_SIZE > 64*1024) ? PAGE_SIZE : 64*1024)
 
 /*
  * Due to binary compatibility, the actual resource numbers
Commit	Line	Data
2cb7cef9 BS	1	From: Kurt Garloff <garloff@suse.de>
	2	Subject: Increase default RLIMIT_MEMLOCK to 64k
	3	References: bnc#329675
	4	Patch-Mainline: mm-increase-the-default-mlock-limit-from-32k-to-64k.patch (2.6.28-rc-mm)
	5
	6	By default, non-privileged tasks can only mlock() a small amount of
	7	memory to avoid a DoS attack by ordinary users. The Linux kernel
	8	defaulted to 32k (on a 4k page size system) to accommodate the
	9	needs of gpg.
	10	However, newer gpg2 needs 64k in various circumstances and otherwise
	11	fails miserably, see bnc#329675.
	12
	13	Change the default to 64k, and make it more agnostic to PAGE_SIZE.
	14
	15	Signed-off-by: Kurt Garloff <garloff@suse.de>
	16	Signed-off-by: Nick Piggin <npiggin@suse.de>
	17	---
	18	Index: linux-2.6.27/include/linux/resource.h
	19	===================================================================
	20	--- linux-2.6.27.orig/include/linux/resource.h
	21	+++ linux-2.6.27/include/linux/resource.h
	22	@@ -59,10 +59,10 @@ struct rlimit {
	23	#define _STK_LIM (810241024)
	24
	25	/*
	26	- * GPG wants 32kB of mlocked memory, to make sure pass phrases
	27	+ * GPG2 wants 64kB of mlocked memory, to make sure pass phrases
	28	* and other sensitive information are never written to disk.
	29	*/
	30	-#define MLOCK_LIMIT (8 * PAGE_SIZE)
	31	+#define MLOCK_LIMIT ((PAGE_SIZE > 641024) ? PAGE_SIZE : 641024)
	32
	33	/*
	34	* Due to binary compatibility, the actual resource numbers