]>
Commit | Line | Data |
---|---|---|
2cb7cef9 BS |
1 | From: Kurt Garloff <garloff@suse.de> |
2 | Subject: Increase default RLIMIT_MEMLOCK to 64k | |
3 | References: bnc#329675 | |
4 | Patch-Mainline: mm-increase-the-default-mlock-limit-from-32k-to-64k.patch (2.6.28-rc-mm) | |
5 | ||
6 | By default, non-privileged tasks can only mlock() a small amount of | |
7 | memory to avoid a DoS attack by ordinary users. The Linux kernel | |
8 | defaulted to 32k (on a 4k page size system) to accommodate the | |
9 | needs of gpg. | |
10 | However, newer gpg2 needs 64k in various circumstances and otherwise | |
11 | fails miserably, see bnc#329675. | |
12 | ||
13 | Change the default to 64k, and make it more agnostic to PAGE_SIZE. | |
14 | ||
15 | Signed-off-by: Kurt Garloff <garloff@suse.de> | |
16 | Signed-off-by: Nick Piggin <npiggin@suse.de> | |
17 | --- | |
18 | Index: linux-2.6.27/include/linux/resource.h | |
19 | =================================================================== | |
20 | --- linux-2.6.27.orig/include/linux/resource.h | |
21 | +++ linux-2.6.27/include/linux/resource.h | |
22 | @@ -59,10 +59,10 @@ struct rlimit { | |
23 | #define _STK_LIM (8*1024*1024) | |
24 | ||
25 | /* | |
26 | - * GPG wants 32kB of mlocked memory, to make sure pass phrases | |
27 | + * GPG2 wants 64kB of mlocked memory, to make sure pass phrases | |
28 | * and other sensitive information are never written to disk. | |
29 | */ | |
30 | -#define MLOCK_LIMIT (8 * PAGE_SIZE) | |
31 | +#define MLOCK_LIMIT ((PAGE_SIZE > 64*1024) ? PAGE_SIZE : 64*1024) | |
32 | ||
33 | /* | |
34 | * Due to binary compatibility, the actual resource numbers |