| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6B2BA408B38BA1478B473C31C3D2074E30989E9D84@SV-EXCHANGE1.Corp.FC.LOCAL> Date: Tue, 22 Apr 2014 13:17:15 -0700 From: Motohiro Kosaki <Motohiro.Kosaki@...fujitsu.com> To: Manfred Spraul <manfred@...orfullife.com>, Davidlohr Bueso <davidlohr.bueso@...com>, Michael Kerrisk <mtk.manpages@...il.com>, "Martin Schwidefsky" <schwidefsky@...ibm.com> CC: LKML <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>, Motohiro Kosaki JP <kosaki.motohiro@...fujitsu.com>, "gthelen@...gle.com" <gthelen@...gle.com>, "aswin@...com" <aswin@...com>, "linux-mm@...ck.org" <linux-mm@...ck.org> Subject: RE: [PATCH 4/4] ipc/shm.c: Increase the defaults for SHMALL, SHMMAX. > -----Original Message----- > From: Manfred Spraul [mailto:manfred@...orfullife.com] > Sent: Monday, April 21, 2014 10:27 AM > To: Davidlohr Bueso; Michael Kerrisk; Martin Schwidefsky > Cc: LKML; Andrew Morton; KAMEZAWA Hiroyuki; Motohiro Kosaki JP; gthelen@...gle.com; aswin@...com; linux-mm@...ck.org; > Manfred Spraul > Subject: [PATCH 4/4] ipc/shm.c: Increase the defaults for SHMALL, SHMMAX. > > System V shared memory > > a) can be abused to trigger out-of-memory conditions and the standard > measures against out-of-memory do not work: > > - it is not possible to use setrlimit to limit the size of shm segments. > > - segments can exist without association with any processes, thus > the oom-killer is unable to free that memory. > > b) is typically used for shared information - today often multiple GB. > (e.g. database shared buffers) > > The current default is a maximum segment size of 32 MB and a maximum total size of 8 GB. This is often too much for a) and not > enough for b), which means that lots of users must change the defaults. > > This patch increases the default limits (nearly) to the maximum, which is perfect for case b). The defaults are used after boot and as > the initial value for each new namespace. > > Admins/distros that need a protection against a) should reduce the limits and/or enable shm_rmid_forced. > > Further notes: > - The patch only changes default, overrides behave as before: > # sysctl kernel.shmall=33554432 > would recreate the previous limit for SHMMAX (for the current namespace). > > - Disabling sysv shm allocation is possible with: > # sysctl kernel.shmall=0 > (not a new feature, also per-namespace) > > - The limits are intentionally set to a value slightly less than ULONG_MAX, > to avoid triggering overflows in user space apps. > [not unreasonable, see http://marc.info/?l=linux-mm&m=139638334330127] > > Signed-off-by: Manfred Spraul <manfred@...orfullife.com> > Reported-by: Davidlohr Bueso <davidlohr@...com> > Cc: mtk.manpages@...il.com Acked-by: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists