On Thu, 16 Oct 2008 09:43:19 +0200
Kurt Garloff <garloff@xxxxxxx> wrote:
> By default, non-privileged tasks can only mlock() a small amount of
> memory to avoid a DoS attack by ordinary users. The Linux kernel
> defaulted to 32k (on a 4k page size system) to accommodate the
> needs of gpg.
> However, newer gpg2 needs 64k in various circumstances and otherwise
> fails miserably, see bnc#329675.
>
> Change the default to 64k, and make it more agnostic to PAGE_SIZE.
>
> Signed-off-by: Kurt Garloff <garloff@xxxxxxx>
> Signed-off-by: Nick Piggin <npiggin@xxxxxxx>
> ---
> Index: linux-2.6.27/include/linux/resource.h
> ===================================================================
> --- linux-2.6.27.orig/include/linux/resource.h
> +++ linux-2.6.27/include/linux/resource.h
> @@ -59,10 +59,10 @@ struct rlimit {
> #define _STK_LIM (8*1024*1024)
>
> /*
> - * GPG wants 32kB of mlocked memory, to make sure pass phrases
> + * GPG2 wants 64kB of mlocked memory, to make sure pass phrases
> * and other sensitive information are never written to disk.
> */
> -#define MLOCK_LIMIT (8 * PAGE_SIZE)
> +#define MLOCK_LIMIT ((PAGE_SIZE > 64*1024) ? PAGE_SIZE : 64*1024)
I dunno. Is there really much point in chasing userspace changes like
this?
Worst case, we end up releasing distributions which work properly on
newer kernels and which fail to work properly on older kernels.
I suspect that it would be better to set the default to zero and
*force* userspace to correctly tune whatever-kernel-they're-running-on
to match their requirements.
--
To unsubscribe from this list: send the line "unsubscribe linux-arch" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
