From: Rik van Riel Since various gnupg users have indicated that gpg wants to mlock 32kB of memory, I created the patch below that increases the default mlock ulimit to 32kB. This is no security problem because it's trivial for processes to lock way more memory than this in page tables, network buffers, etc. In fact, since this patch allows gnupg to mlock to prevent passphrase data from being swapped out, the security people will probably like it ;) This gets the new per-user mlock limit a bit more testing, too. Signed-off-by: Rik van Riel DESC increase mlock limit to 32k cleanup EDESC From: Rik van Riel Here you are. The following patch replaces the numbers with a define called MLOCK_LIMIT. Signed-off-by: Rik van Riel Signed-off-by: Andrew Morton --- 25-akpm/include/asm-alpha/resource.h | 2 +- 25-akpm/include/asm-arm/resource.h | 2 +- 25-akpm/include/asm-arm26/resource.h | 2 +- 25-akpm/include/asm-cris/resource.h | 2 +- 25-akpm/include/asm-h8300/resource.h | 2 +- 25-akpm/include/asm-i386/resource.h | 2 +- 25-akpm/include/asm-ia64/resource.h | 2 +- 25-akpm/include/asm-m68k/resource.h | 2 +- 25-akpm/include/asm-mips/resource.h | 2 +- 25-akpm/include/asm-parisc/resource.h | 2 +- 25-akpm/include/asm-ppc/resource.h | 2 +- 25-akpm/include/asm-ppc64/resource.h | 2 +- 25-akpm/include/asm-s390/resource.h | 2 +- 25-akpm/include/asm-sh/resource.h | 2 +- 25-akpm/include/asm-sparc/resource.h | 2 +- 25-akpm/include/asm-sparc64/resource.h | 2 +- 25-akpm/include/asm-v850/resource.h | 2 +- 25-akpm/include/asm-x86_64/resource.h | 2 +- 25-akpm/include/linux/resource.h | 6 ++++++ 19 files changed, 24 insertions(+), 18 deletions(-) diff -puN include/asm-alpha/resource.h~increase-mlock-limit-to-32k include/asm-alpha/resource.h --- 25/include/asm-alpha/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-alpha/resource.h Mon Aug 16 16:23:35 2004 @@ -41,7 +41,7 @@ {INR_OPEN, INR_OPEN}, /* RLIMIT_NOFILE */ \ {LONG_MAX, LONG_MAX}, /* RLIMIT_AS */ \ {LONG_MAX, LONG_MAX}, /* RLIMIT_NPROC */ \ - {0, 0 }, /* RLIMIT_MEMLOCK */ \ + {MLOCK_LIMIT, MLOCK_LIMIT }, /* RLIMIT_MEMLOCK */ \ {LONG_MAX, LONG_MAX}, /* RLIMIT_LOCKS */ \ {MAX_SIGPENDING, MAX_SIGPENDING}, /* RLIMIT_SIGPENDING */ \ {MQ_BYTES_MAX, MQ_BYTES_MAX}, /* RLIMIT_MSGQUEUE */ \ diff -puN include/asm-arm26/resource.h~increase-mlock-limit-to-32k include/asm-arm26/resource.h --- 25/include/asm-arm26/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-arm26/resource.h Mon Aug 16 16:23:35 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING}, \ diff -puN include/asm-arm/resource.h~increase-mlock-limit-to-32k include/asm-arm/resource.h --- 25/include/asm-arm/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-arm/resource.h Mon Aug 16 16:23:35 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING}, \ diff -puN include/asm-cris/resource.h~increase-mlock-limit-to-32k include/asm-cris/resource.h --- 25/include/asm-cris/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-cris/resource.h Mon Aug 16 16:23:35 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-h8300/resource.h~increase-mlock-limit-to-32k include/asm-h8300/resource.h --- 25/include/asm-h8300/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-h8300/resource.h Mon Aug 16 16:23:35 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-i386/resource.h~increase-mlock-limit-to-32k include/asm-i386/resource.h --- 25/include/asm-i386/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-i386/resource.h Mon Aug 16 16:23:35 2004 @@ -40,7 +40,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-ia64/resource.h~increase-mlock-limit-to-32k include/asm-ia64/resource.h --- 25/include/asm-ia64/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-ia64/resource.h Mon Aug 16 16:23:35 2004 @@ -46,7 +46,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-m68k/resource.h~increase-mlock-limit-to-32k include/asm-m68k/resource.h --- 25/include/asm-m68k/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-m68k/resource.h Mon Aug 16 16:23:35 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-parisc/resource.h~increase-mlock-limit-to-32k include/asm-parisc/resource.h --- 25/include/asm-parisc/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-parisc/resource.h Mon Aug 16 16:23:35 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-ppc64/resource.h~increase-mlock-limit-to-32k include/asm-ppc64/resource.h --- 25/include/asm-ppc64/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-ppc64/resource.h Mon Aug 16 16:23:35 2004 @@ -45,7 +45,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-ppc/resource.h~increase-mlock-limit-to-32k include/asm-ppc/resource.h --- 25/include/asm-ppc/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-ppc/resource.h Mon Aug 16 16:23:35 2004 @@ -36,7 +36,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-s390/resource.h~increase-mlock-limit-to-32k include/asm-s390/resource.h --- 25/include/asm-s390/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-s390/resource.h Mon Aug 16 16:23:35 2004 @@ -47,7 +47,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-sh/resource.h~increase-mlock-limit-to-32k include/asm-sh/resource.h --- 25/include/asm-sh/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-sh/resource.h Mon Aug 16 16:23:35 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-sparc64/resource.h~increase-mlock-limit-to-32k include/asm-sparc64/resource.h --- 25/include/asm-sparc64/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-sparc64/resource.h Mon Aug 16 16:23:35 2004 @@ -43,7 +43,7 @@ { 0, RLIM_INFINITY}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {INR_OPEN, INR_OPEN}, {0, 0}, \ - {0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {MAX_SIGPENDING, MAX_SIGPENDING}, \ diff -puN include/asm-sparc/resource.h~increase-mlock-limit-to-32k include/asm-sparc/resource.h --- 25/include/asm-sparc/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-sparc/resource.h Mon Aug 16 16:23:35 2004 @@ -44,7 +44,7 @@ { 0, RLIM_INFINITY}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {INR_OPEN, INR_OPEN}, {0, 0}, \ - {0, 0}, \ + {MLOCK_LIMIT, MLOCK_LIMIT}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {RLIM_INFINITY, RLIM_INFINITY}, \ {MAX_SIGPENDING, MAX_SIGPENDING}, \ diff -puN include/asm-v850/resource.h~increase-mlock-limit-to-32k include/asm-v850/resource.h --- 25/include/asm-v850/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-v850/resource.h Mon Aug 16 16:23:35 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-x86_64/resource.h~increase-mlock-limit-to-32k include/asm-x86_64/resource.h --- 25/include/asm-x86_64/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:31 2004 +++ 25-akpm/include/asm-x86_64/resource.h Mon Aug 16 16:23:35 2004 @@ -39,7 +39,7 @@ { RLIM_INFINITY, RLIM_INFINITY }, \ { 0, 0 }, \ { INR_OPEN, INR_OPEN }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/asm-mips/resource.h~increase-mlock-limit-to-32k include/asm-mips/resource.h --- 25/include/asm-mips/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:35 2004 +++ 25-akpm/include/asm-mips/resource.h Mon Aug 16 16:23:35 2004 @@ -53,7 +53,7 @@ { INR_OPEN, INR_OPEN }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ - { 0, 0 }, \ + { MLOCK_LIMIT, MLOCK_LIMIT }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { RLIM_INFINITY, RLIM_INFINITY }, \ { MAX_SIGPENDING, MAX_SIGPENDING }, \ diff -puN include/linux/resource.h~increase-mlock-limit-to-32k include/linux/resource.h --- 25/include/linux/resource.h~increase-mlock-limit-to-32k Mon Aug 16 16:23:35 2004 +++ 25-akpm/include/linux/resource.h Mon Aug 16 16:23:35 2004 @@ -56,6 +56,12 @@ struct rlimit { #define _STK_LIM (8*1024*1024) /* + * GPG wants 32kB of mlocked memory, to make sure pass phrases + * and other sensitive information are never written to disk. + */ +#define MLOCK_LIMIT (32*1024) + +/* * Due to binary compatibility, the actual resource numbers * may be different for different linux versions.. */ _