From: Lennart Poettering Date: Wed, 22 Apr 2020 20:49:02 +0000 (+0200) Subject: main: bump RLIMIT_MEMLOCK by physical RAM size X-Git-Tag: v246-rc1~477 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=04d1ee0f7ec7a280136ddf5f3f34d6282a50846d;p=thirdparty%2Fsystemd.git main: bump RLIMIT_MEMLOCK by physical RAM size Let's allow more memory to be locked on beefy machines than on small ones. The previous limit of 64M is the lower bound still. This effectively means on a 4GB machine we can lock 512M, which should be more than enough, but still not lock up the machine entirely under pressure. Fixes: #15053 --- diff --git a/src/core/main.c b/src/core/main.c index ae78ba549d7..b5e2ef747af 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1208,6 +1208,7 @@ static int bump_rlimit_nofile(struct rlimit *saved_rlimit) { static int bump_rlimit_memlock(struct rlimit *saved_rlimit) { struct rlimit new_rlimit; + uint64_t mm; int r; /* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even if we have CAP_IPC_LOCK which should @@ -1218,9 +1219,12 @@ static int bump_rlimit_memlock(struct rlimit *saved_rlimit) { * must be unsigned, hence this is a given, but let's make this clear here. */ assert_cc(RLIM_INFINITY > 0); + mm = physical_memory() / 8; /* Let's scale how much we allow to be locked by the amount of physical + * RAM. We allow an eigth to be locked by us, just to pick a value. */ + new_rlimit = (struct rlimit) { - .rlim_cur = MAX(HIGH_RLIMIT_MEMLOCK, saved_rlimit->rlim_cur), - .rlim_max = MAX(HIGH_RLIMIT_MEMLOCK, saved_rlimit->rlim_max), + .rlim_cur = MAX3(HIGH_RLIMIT_MEMLOCK, saved_rlimit->rlim_cur, mm), + .rlim_max = MAX3(HIGH_RLIMIT_MEMLOCK, saved_rlimit->rlim_max, mm), }; if (saved_rlimit->rlim_max >= new_rlimit.rlim_cur &&