Re: [garloff@xxxxxxx: [PATCH 1/1] default mlock limit 32k->64k]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Andrew,

On Thu, Oct 16, 2008 at 03:48:16PM -0700, Andrew Morton wrote:
> On Thu, 16 Oct 2008 09:43:19 +0200 Kurt Garloff <garloff@xxxxxxx> wrote:
> > Index: linux-2.6.27/include/linux/resource.h
> > ===================================================================
> > --- linux-2.6.27.orig/include/linux/resource.h
> > +++ linux-2.6.27/include/linux/resource.h
> > @@ -59,10 +59,10 @@ struct rlimit {
> >  #define _STK_LIM	(8*1024*1024)
> >  
> >  /*
> > - * GPG wants 32kB of mlocked memory, to make sure pass phrases
> > + * GPG2 wants 64kB of mlocked memory, to make sure pass phrases
> >   * and other sensitive information are never written to disk.
> >   */
> > -#define MLOCK_LIMIT	(8 * PAGE_SIZE)
> > +#define MLOCK_LIMIT	((PAGE_SIZE > 64*1024) ? PAGE_SIZE : 64*1024)
> 
> I dunno.  Is there really much point in chasing userspace changes like
> this?

If there were many apps that would need it and that would have
contradicting or fast changing requirements, I would certainly
not wanna chase that.

We're lucky here that gpg/gpg2 is the only unprivileged user
of locked memory and that the requirement does not really change
often. We've had gpg1 with 32k need since 1999 and now gpg2 with
a 64k need.

Accommodating that seems like a pragmatic thing to do. Will ensure
good defaults for a broad set of users.

> Worst case, we end up releasing distributions which work properly on
> newer kernels and which fail to work properly on older kernels.

I know a number of users that run new kernels below old distributions
but few that do the opposite.
The failure mode in this specific case is not obscure at all, so I'm
not worried: 
can't lock memory: Cannot allocate memory
Warning: using insecure memory!

> I suspect that it would be better to set the default to zero and
> *force* userspace to correctly tune whatever-kernel-they're-running-on
> to match their requirements.

That's feasible, though I think distributions are not today
preconfigured to do that. Turning your argument around:
It would it a bit harder to run new kernels on old distros.
(Which I believe is worse -- we need testers!)

Best,
-- 
Kurt Garloff, VP Business Development -- OPS, Novell Inc.

Attachment: pgpWlU6nVOGIG.pgp
Description: PGP signature

[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux