Re: [PATCH] Increase the default RLIMIT_MEMLOCK
From: Chris Wright
Date: Thu May 01 2008 - 21:13:27 EST
* Andrew Morton (akpm@xxxxxxxxxxxxxxxxxxxx) wrote:
> > --- include/linux/resource.h.orig 2008-04-27 21:15:47.000000000 +0200
> > +++ include/linux/resource.h 2008-04-27 21:23:06.000000000 +0200
> > @@ -58,10 +58,11 @@
> > #define _STK_LIM (8*1024*1024)
> >
> > /*
> > - * GPG wants 32kB of mlocked memory, to make sure pass phrases
> > - * and other sensitive information are never written to disk.
> > + * The biggest widespread mlocked memory consumer is
> > + * gnome-keyring-manager. It needs 256kB to make sure SSH/GPG
> > + * passphrases and network passwords are never written to disk.
> > */
> > -#define MLOCK_LIMIT (8 * PAGE_SIZE)
> > +#define MLOCK_LIMIT (64 * PAGE_SIZE)
>
> gee, it seems rather arbitrary. Perhaps we should have set it to zero on
> day one to _force_ distributors to set an appropriate RLIMIT_MEMLOCK in
> init.
Yes, it is fairly arbitrary. The motivation was gpg, but in fact when
the patchset started gpg had already changed from 1 page to 8 pages.
http://thread.gmane.org/gmane.linux.kernel/222613/focus=222681
> We can do this of course, but does it actually help anything? Perhaps it's
> actually a bad thing, permitting userspace developers to rely upon kernel
> defaults rather than setting things they way they should be set?
We don't want to keep changing at whim of random apps, agreed. Feels
like a distro issue, since kernel can't even know what apps might run,
and using 8 pages was just a courtesy hint to distros.
thanks,
-chris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/