[PATCH] increase per-user mlock limit default to 32k

Since various gnupg users have indicated that gpg wants to mlock 32kB of
memory, I created the patch below that increases the default mlock ulimit
to 32kB.

This is no security problem because it's trivial for processes to lock way
more memory than this in page tables, network buffers, etc.  In fact, since
this patch allows gnupg to mlock to prevent passphrase data from being
swapped out, the security people will probably like it ;)

This gets the new per-user mlock limit a bit more testing, too.

Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/include/asm-alpha/resource.h b/include/asm-alpha/resource.h
index 2b0f4bcf2644c2e65ee07a5010faf8d17abcb114..bfacb0aa27b53a1c03b001249e3ccd735f61e52b 100644 (file)
--- a/include/asm-alpha/resource.h
+++ b/include/asm-alpha/resource.h
@@ -41,7 +41,7 @@
     {INR_OPEN, INR_OPEN},                      /* RLIMIT_NOFILE */     \
     {LONG_MAX, LONG_MAX},                      /* RLIMIT_AS */         \
     {LONG_MAX, LONG_MAX},                      /* RLIMIT_NPROC */      \
-    {0,        0       },                      /* RLIMIT_MEMLOCK */    \
+    {MLOCK_LIMIT, MLOCK_LIMIT },               /* RLIMIT_MEMLOCK */    \
     {LONG_MAX, LONG_MAX},                      /* RLIMIT_LOCKS */      \
     {MAX_SIGPENDING, MAX_SIGPENDING},          /* RLIMIT_SIGPENDING */ \
     {MQ_BYTES_MAX, MQ_BYTES_MAX},              /* RLIMIT_MSGQUEUE */   \

diff --git a/include/asm-arm/resource.h b/include/asm-arm/resource.h
index 323167464b9767b67ab9d032ebc55a08c3e8fc61..354afada3807a78cdf95b23cb79dfa878f7d4ce1 100644 (file)
--- a/include/asm-arm/resource.h
+++ b/include/asm-arm/resource.h
@@ -39,7 +39,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },       \
        { 0,             0             },       \
        { INR_OPEN,      INR_OPEN      },       \
-       { 0,             0             },       \
+       { MLOCK_LIMIT,   MLOCK_LIMIT   },       \
        { RLIM_INFINITY, RLIM_INFINITY },       \
        { RLIM_INFINITY, RLIM_INFINITY },       \
        { MAX_SIGPENDING, MAX_SIGPENDING},      \

diff --git a/include/asm-arm26/resource.h b/include/asm-arm26/resource.h
index 28a05990277d85b4da6f7e97602cc0c61dc7129b..354afada3807a78cdf95b23cb79dfa878f7d4ce1 100644 (file)
--- a/include/asm-arm26/resource.h
+++ b/include/asm-arm26/resource.h
@@ -39,7 +39,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },       \
        { 0,             0             },       \
        { INR_OPEN,      INR_OPEN      },       \
-       { 0,             0             },       \
+       { MLOCK_LIMIT,   MLOCK_LIMIT   },       \
        { RLIM_INFINITY, RLIM_INFINITY },       \
        { RLIM_INFINITY, RLIM_INFINITY },       \
        { MAX_SIGPENDING, MAX_SIGPENDING},      \

diff --git a/include/asm-cris/resource.h b/include/asm-cris/resource.h
index 606a4c9a95798423e674de59a92968d33a568ad2..7a83ad536124ed9a0eec9e6b079f577e8804fff2 100644 (file)
--- a/include/asm-cris/resource.h
+++ b/include/asm-cris/resource.h
@@ -39,7 +39,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-h8300/resource.h b/include/asm-h8300/resource.h
index 65cf2c6962f26766bac12f91b409b256459e1ff5..2031e3ce4bfda5e2fb9ed135766bb1c7cc977f7a 100644 (file)
--- a/include/asm-h8300/resource.h
+++ b/include/asm-h8300/resource.h
@@ -39,7 +39,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-i386/resource.h b/include/asm-i386/resource.h
index 47bdff24d040d2ad5a5adcbd40b2e307f0cc27e1..5c3505a4a52e2e21d9842659ef54078f3af304f4 100644 (file)
--- a/include/asm-i386/resource.h
+++ b/include/asm-i386/resource.h
@@ -40,7 +40,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-ia64/resource.h b/include/asm-ia64/resource.h
index c0a403a8a42e0640948abe944535f998766db471..52a737eabf2434d9aa10d2863d279d69d07e32d3 100644 (file)
--- a/include/asm-ia64/resource.h
+++ b/include/asm-ia64/resource.h
@@ -46,7 +46,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-m68k/resource.h b/include/asm-m68k/resource.h
index 51ef4bbb8e6ad001758803268ec9851b49e6250b..92a8ff5c82941ebe6f00b4591a1a3aad03ba7a8d 100644 (file)
--- a/include/asm-m68k/resource.h
+++ b/include/asm-m68k/resource.h
@@ -39,7 +39,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-mips/resource.h b/include/asm-mips/resource.h
index 2453e0d1c35c7190906038626dcd001d19d9ea70..62e1ce0282f8dc351b4d3df9c9c44497fe249e1b 100644 (file)
--- a/include/asm-mips/resource.h
+++ b/include/asm-mips/resource.h
@@ -53,7 +53,7 @@
        { INR_OPEN,      INR_OPEN      },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
-       { 0,             0             },               \
+       { MLOCK_LIMIT,     MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-parisc/resource.h b/include/asm-parisc/resource.h
index ac9de533eb622f0b567db969c5a360dd62e37065..491f29e49239655c5e6a58cfe2f317566aef82b6 100644 (file)
--- a/include/asm-parisc/resource.h
+++ b/include/asm-parisc/resource.h
@@ -39,7 +39,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-ppc/resource.h b/include/asm-ppc/resource.h
index a8392167ae6e67d6b6bd5356e7e7ce060e1e3985..2953d9bdc8c57aca214add29808357088b15034d 100644 (file)
--- a/include/asm-ppc/resource.h
+++ b/include/asm-ppc/resource.h
@@ -36,7 +36,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-ppc64/resource.h b/include/asm-ppc64/resource.h
index d23ea5ba1b9b06a272e4a51a1a8521b73161a4d5..f5d6b2e8c659f2dcc118ae5253b3f934f06a91f7 100644 (file)
--- a/include/asm-ppc64/resource.h
+++ b/include/asm-ppc64/resource.h
@@ -45,7 +45,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-s390/resource.h b/include/asm-s390/resource.h
index 837ed3ab12756230d5426d8a5714d35d210d3410..05720dbdfe89f4e44d9af2801aef07e91c507337 100644 (file)
--- a/include/asm-s390/resource.h
+++ b/include/asm-s390/resource.h
@@ -47,7 +47,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        { INR_OPEN, INR_OPEN },                         \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-sh/resource.h b/include/asm-sh/resource.h
index 690f83a92b2102cdd8516212d5d22c8b963aaf5a..bf6152e115614ff2e8c20a09d53803a0daebd8c9 100644 (file)
--- a/include/asm-sh/resource.h
+++ b/include/asm-sh/resource.h
@@ -39,7 +39,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-sparc/resource.h b/include/asm-sparc/resource.h
index 098bfa7145f807ef3781f4076ef057992af796c0..d4fb2b4d3b9f25896c9d62e33401c64dcb71c4ba 100644 (file)
--- a/include/asm-sparc/resource.h
+++ b/include/asm-sparc/resource.h
@@ -44,7 +44,7 @@
     {       0, RLIM_INFINITY},         \
     {RLIM_INFINITY, RLIM_INFINITY},    \
     {INR_OPEN, INR_OPEN}, {0, 0},      \
-    {0,             0},        \
+    {MLOCK_LIMIT,   MLOCK_LIMIT},      \
     {RLIM_INFINITY, RLIM_INFINITY},    \
     {RLIM_INFINITY, RLIM_INFINITY},    \
     {MAX_SIGPENDING, MAX_SIGPENDING},  \

diff --git a/include/asm-sparc64/resource.h b/include/asm-sparc64/resource.h
index 60afa3362b7fda5155b3cd9b14b3625a59ed6d70..f33d38bccab2e66e736b0fde07810042ef4eb790 100644 (file)
--- a/include/asm-sparc64/resource.h
+++ b/include/asm-sparc64/resource.h
@@ -43,7 +43,7 @@
     {       0, RLIM_INFINITY},         \
     {RLIM_INFINITY, RLIM_INFINITY},    \
     {INR_OPEN, INR_OPEN}, {0, 0},      \
-    {0,             0            },    \
+    {  MLOCK_LIMIT,   MLOCK_LIMIT},    \
     {RLIM_INFINITY, RLIM_INFINITY},    \
     {RLIM_INFINITY, RLIM_INFINITY},    \
     {MAX_SIGPENDING, MAX_SIGPENDING},  \

diff --git a/include/asm-v850/resource.h b/include/asm-v850/resource.h
index 0b757f33dd92106c7ed875330e4c5399fd042eb4..adcbbb8963696f0f908a12c314167b271ef28e97 100644 (file)
--- a/include/asm-v850/resource.h
+++ b/include/asm-v850/resource.h
@@ -39,7 +39,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/asm-x86_64/resource.h b/include/asm-x86_64/resource.h
index 4ed168acafb8e94a54e82bdabc755e6b317cd2af..f1b71c3209340895393e716686b4d96299a521fb 100644 (file)
--- a/include/asm-x86_64/resource.h
+++ b/include/asm-x86_64/resource.h
@@ -39,7 +39,7 @@
        { RLIM_INFINITY, RLIM_INFINITY },               \
        {             0,             0 },               \
        {      INR_OPEN,     INR_OPEN  },               \
-       {             0,             0 },               \
+       {   MLOCK_LIMIT,   MLOCK_LIMIT },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { RLIM_INFINITY, RLIM_INFINITY },               \
        { MAX_SIGPENDING, MAX_SIGPENDING },             \

diff --git a/include/linux/resource.h b/include/linux/resource.h
index 94494789e0af5c146b1a9d12436fcd8aa1361c2e..b930c9cb77271039e5a77a811bb6e5677418b158 100644 (file)
--- a/include/linux/resource.h
+++ b/include/linux/resource.h
@@ -55,6 +55,12 @@ struct rlimit {
  */
 #define _STK_LIM       (8*1024*1024)
 
+/*
+ * GPG wants 32kB of mlocked memory, to make sure pass phrases
+ * and other sensitive information are never written to disk.
+ */
+#define MLOCK_LIMIT    (32*1024)
+
 /*
  * Due to binary compatibility, the actual resource numbers
  * may be different for different linux versions..