From: Rik van Riel <riel@redhat.com>
Since various gnupg users have indicated that gpg wants to mlock 32kB of
memory, I created the patch below that increases the default mlock ulimit
to 32kB.
This is no security problem because it's trivial for processes to lock way
more memory than this in page tables, network buffers, etc. In fact, since
this patch allows gnupg to mlock to prevent passphrase data from being
swapped out, the security people will probably like it ;)
This gets the new per-user mlock limit a bit more testing, too.
Signed-off-by: Rik van Riel <riel@redhat.com>
DESC
increase mlock limit to 32k cleanup
EDESC
From: Rik van Riel <riel@redhat.com>
Here you are. The following patch replaces the numbers with
a define called MLOCK_LIMIT.
Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---
25-akpm/include/asm-alpha/resource.h | 2 +-
25-akpm/include/asm-arm/resource.h | 2 +-
25-akpm/include/asm-arm26/resource.h | 2 +-
25-akpm/include/asm-cris/resource.h | 2 +-
25-akpm/include/asm-h8300/resource.h | 2 +-
25-akpm/include/asm-i386/resource.h | 2 +-
25-akpm/include/asm-ia64/resource.h | 2 +-
25-akpm/include/asm-m68k/resource.h | 2 +-
25-akpm/include/asm-mips/resource.h | 2 +-
25-akpm/include/asm-parisc/resource.h | 2 +-
25-akpm/include/asm-ppc/resource.h | 2 +-
25-akpm/include/asm-ppc64/resource.h | 2 +-
25-akpm/include/asm-s390/resource.h | 2 +-
25-akpm/include/asm-sh/resource.h | 2 +-
25-akpm/include/asm-sparc/resource.h | 2 +-
25-akpm/include/asm-sparc64/resource.h | 2 +-
25-akpm/include/asm-v850/resource.h | 2 +-
25-akpm/include/asm-x86_64/resource.h | 2 +-
25-akpm/include/linux/resource.h | 6 ++++++
19 files changed, 24 insertions(+), 18 deletions(-)
diff -puN include/asm-alpha/resource.h~increase-mlock-limit-to-32k include/asm-alpha/resource.h
--- 25/include/asm-alpha/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-alpha/resource.h Mon Aug 16 16:23:35 2004
@@ -41,7 +41,7 @@
{INR_OPEN, INR_OPEN}, /* RLIMIT_NOFILE */ \
{LONG_MAX, LONG_MAX}, /* RLIMIT_AS */ \
{LONG_MAX, LONG_MAX}, /* RLIMIT_NPROC */ \
- {0, 0 }, /* RLIMIT_MEMLOCK */ \
+ {MLOCK_LIMIT, MLOCK_LIMIT }, /* RLIMIT_MEMLOCK */ \
{LONG_MAX, LONG_MAX}, /* RLIMIT_LOCKS */ \
{MAX_SIGPENDING, MAX_SIGPENDING}, /* RLIMIT_SIGPENDING */ \
{MQ_BYTES_MAX, MQ_BYTES_MAX}, /* RLIMIT_MSGQUEUE */ \
diff -puN include/asm-arm26/resource.h~increase-mlock-limit-to-32k include/asm-arm26/resource.h
--- 25/include/asm-arm26/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-arm26/resource.h Mon Aug 16 16:23:35 2004
@@ -39,7 +39,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING}, \
diff -puN include/asm-arm/resource.h~increase-mlock-limit-to-32k include/asm-arm/resource.h
--- 25/include/asm-arm/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-arm/resource.h Mon Aug 16 16:23:35 2004
@@ -39,7 +39,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING}, \
diff -puN include/asm-cris/resource.h~increase-mlock-limit-to-32k include/asm-cris/resource.h
--- 25/include/asm-cris/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-cris/resource.h Mon Aug 16 16:23:35 2004
@@ -39,7 +39,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-h8300/resource.h~increase-mlock-limit-to-32k include/asm-h8300/resource.h
--- 25/include/asm-h8300/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-h8300/resource.h Mon Aug 16 16:23:35 2004
@@ -39,7 +39,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-i386/resource.h~increase-mlock-limit-to-32k include/asm-i386/resource.h
--- 25/include/asm-i386/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-i386/resource.h Mon Aug 16 16:23:35 2004
@@ -40,7 +40,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-ia64/resource.h~increase-mlock-limit-to-32k include/asm-ia64/resource.h
--- 25/include/asm-ia64/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-ia64/resource.h Mon Aug 16 16:23:35 2004
@@ -46,7 +46,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-m68k/resource.h~increase-mlock-limit-to-32k include/asm-m68k/resource.h
--- 25/include/asm-m68k/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-m68k/resource.h Mon Aug 16 16:23:35 2004
@@ -39,7 +39,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-parisc/resource.h~increase-mlock-limit-to-32k include/asm-parisc/resource.h
--- 25/include/asm-parisc/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-parisc/resource.h Mon Aug 16 16:23:35 2004
@@ -39,7 +39,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-ppc64/resource.h~increase-mlock-limit-to-32k include/asm-ppc64/resource.h
--- 25/include/asm-ppc64/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-ppc64/resource.h Mon Aug 16 16:23:35 2004
@@ -45,7 +45,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-ppc/resource.h~increase-mlock-limit-to-32k include/asm-ppc/resource.h
--- 25/include/asm-ppc/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-ppc/resource.h Mon Aug 16 16:23:35 2004
@@ -36,7 +36,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-s390/resource.h~increase-mlock-limit-to-32k include/asm-s390/resource.h
--- 25/include/asm-s390/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-s390/resource.h Mon Aug 16 16:23:35 2004
@@ -47,7 +47,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-sh/resource.h~increase-mlock-limit-to-32k include/asm-sh/resource.h
--- 25/include/asm-sh/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-sh/resource.h Mon Aug 16 16:23:35 2004
@@ -39,7 +39,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-sparc64/resource.h~increase-mlock-limit-to-32k include/asm-sparc64/resource.h
--- 25/include/asm-sparc64/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-sparc64/resource.h Mon Aug 16 16:23:35 2004
@@ -43,7 +43,7 @@
{ 0, RLIM_INFINITY}, \
{RLIM_INFINITY, RLIM_INFINITY}, \
{INR_OPEN, INR_OPEN}, {0, 0}, \
- {0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT}, \
{RLIM_INFINITY, RLIM_INFINITY}, \
{RLIM_INFINITY, RLIM_INFINITY}, \
{MAX_SIGPENDING, MAX_SIGPENDING}, \
diff -puN include/asm-sparc/resource.h~increase-mlock-limit-to-32k include/asm-sparc/resource.h
--- 25/include/asm-sparc/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-sparc/resource.h Mon Aug 16 16:23:35 2004
@@ -44,7 +44,7 @@
{ 0, RLIM_INFINITY}, \
{RLIM_INFINITY, RLIM_INFINITY}, \
{INR_OPEN, INR_OPEN}, {0, 0}, \
- {0, 0}, \
+ {MLOCK_LIMIT, MLOCK_LIMIT}, \
{RLIM_INFINITY, RLIM_INFINITY}, \
{RLIM_INFINITY, RLIM_INFINITY}, \
{MAX_SIGPENDING, MAX_SIGPENDING}, \
diff -puN include/asm-v850/resource.h~increase-mlock-limit-to-32k include/asm-v850/resource.h
--- 25/include/asm-v850/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-v850/resource.h Mon Aug 16 16:23:35 2004
@@ -39,7 +39,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-x86_64/resource.h~increase-mlock-limit-to-32k include/asm-x86_64/resource.h
--- 25/include/asm-x86_64/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004
+++ 25-akpm/include/asm-x86_64/resource.h Mon Aug 16 16:23:35 2004
@@ -39,7 +39,7 @@
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ 0, 0 }, \
{ INR_OPEN, INR_OPEN }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/asm-mips/resource.h~increase-mlock-limit-to-32k include/asm-mips/resource.h
--- 25/include/asm-mips/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:35 2004
+++ 25-akpm/include/asm-mips/resource.h Mon Aug 16 16:23:35 2004
@@ -53,7 +53,7 @@
{ INR_OPEN, INR_OPEN }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
- { 0, 0 }, \
+ { MLOCK_LIMIT, MLOCK_LIMIT }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ RLIM_INFINITY, RLIM_INFINITY }, \
{ MAX_SIGPENDING, MAX_SIGPENDING }, \
diff -puN include/linux/resource.h~increase-mlock-limit-to-32k include/linux/resource.h
--- 25/include/linux/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:35 2004
+++ 25-akpm/include/linux/resource.h Mon Aug 16 16:23:35 2004
@@ -56,6 +56,12 @@ struct rlimit {
#define _STK_LIM (8*1024*1024)
/*
+ * GPG wants 32kB of mlocked memory, to make sure pass phrases
+ * and other sensitive information are never written to disk.
+ */
+#define MLOCK_LIMIT (32*1024)
+
+/*
* Due to binary compatibility, the actual resource numbers
* may be different for different linux versions..
*/
_