提交 08334222 编写于 作者: K Kurt Garloff 提交者: Linus Torvalds

mm: increase the default mlock limit from 32k to 64k

By default, non-privileged tasks can only mlock() a small amount of
memory to avoid a DoS attack by ordinary users.  The Linux kernel
defaulted to 32k (on a 4k page size system) to accommodate the needs of
gpg.

However, newer gpg2 needs 64k in various circumstances and otherwise
fails miserably, see bnc#329675.

Change the default to 64k, and make it more agnostic to PAGE_SIZE.
Signed-off-by: NKurt Garloff <garloff@suse.de>
Signed-off-by: NNick Piggin <npiggin@suse.de>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 e946217e
...@@ -59,10 +59,10 @@ struct rlimit { ...@@ -59,10 +59,10 @@ struct rlimit {
#define _STK_LIM (8*1024*1024) #define _STK_LIM (8*1024*1024)
/* /*
* GPG wants 32kB of mlocked memory, to make sure pass phrases * GPG2 wants 64kB of mlocked memory, to make sure pass phrases
* and other sensitive information are never written to disk. * and other sensitive information are never written to disk.
*/ */
#define MLOCK_LIMIT (8 * PAGE_SIZE) #define MLOCK_LIMIT ((PAGE_SIZE > 64*1024) ? PAGE_SIZE : 64*1024)
/* /*
* Due to binary compatibility, the actual resource numbers * Due to binary compatibility, the actual resource numbers
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册