Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1314684pxb;
        Thu, 28 Oct 2021 01:10:22 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxEhsE87s+2ilK8VDNXI2hK6vFZKPoG9URFGxQe69MjR3eilrhQpGjg7FBcQX2qyF73mfo9
X-Received: by 2002:a05:6a00:a8e:b0:47b:a658:7f4d with SMTP id b14-20020a056a000a8e00b0047ba6587f4dmr2724375pfl.82.1635408622139;
        Thu, 28 Oct 2021 01:10:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1635408622; cv=none;
        d=google.com; s=arc-20160816;
        b=LCOsWFdW5tB5sx9wajXtdKomtRqQO0lQu4Tsa0mJpr7vH100Bd8fme0NDOcO4nZ1EW
         jPn7VX3rk4Aatwl3jA65P65GQuydN3QOIkbfF9TviGWKJ3VjQQn8zpxk0uAYtmFl1cBu
         lc1K+ykrKO6ouDBXht4h0X3f/dMSe42WVo+CPbURQ4bXjOngL1PD78e1z4lnK3oIspCa
         GryVrq6gKa5uXp961z2iLqiloa7sXiMhQ8txw3V7MpaQc4jCbqRc/+ASwVOonkNOR1S8
         qDDXIaEIKgMdV6fukQxaQhbnBvZPO5Ty0O5gLYFUiFQDCMdpVz+/SSTiioda6QJUDYG4
         n+Jg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=ZvZCJVuHX1kdtjJ4rxf8UDdnwoMvm6VexH1bwaTv270=;
        b=lqoU2tI7Y4N/70opmWXhDSikjBy2J2nprAEWICW5oiElUQLqYQbX4ghJXLPI1dllcM
         FqGqOnSdu6rgRIt4Zk5Q5UhbGyHQsak3GmAVWYu0kW/NpBTuowo7dGzV8TE4Tiz2yQIX
         b/Uh1QClgChkFjZTboRcWVnSQF2ZePaUo5QxVoiVw6HFoRPjfDJ0crefOmAQVofwgeEO
         f3gAJwD24n0Sn2+jY1KXPJ9m5hWDB5atTH27VEjNdH0C5AlfFHFIKIilmLPxKPzLMbnV
         IGzoUdjQktGVAeysVK4ufTl+cRHJIZowoniiGOsE91IMkbKBONafLyxWTNQlf9sGJxHa
         ByhA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@cmpwn.com header.s=key1 header.b=QfaZMLJy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cmpwn.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id qe2si9579587pjb.129.2021.10.28.01.10.09;
        Thu, 28 Oct 2021 01:10:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@cmpwn.com header.s=key1 header.b=QfaZMLJy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cmpwn.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229985AbhJ1IK4 (ORCPT <rfc822;m15259695263@gmail.com>
        + 99 others); Thu, 28 Oct 2021 04:10:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56926 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229626AbhJ1IKz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 28 Oct 2021 04:10:55 -0400
Received: from out10.migadu.com (out10.migadu.com [IPv6:2001:41d0:2:e8e3::])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D081DC061570;
        Thu, 28 Oct 2021 01:08:20 -0700 (PDT)
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpwn.com; s=key1;
        t=1635408499;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding;
        bh=ZvZCJVuHX1kdtjJ4rxf8UDdnwoMvm6VexH1bwaTv270=;
        b=QfaZMLJyeQRs44fTwoBALQer/jqyU/AAhwcF4IkLbIRHlBopkYQMZYx10tkG/6+zvcI0Xa
        j+fqD6jtlr/AmsYJ39VvsSC+DOvs+VB/hIzxel7ABaGbk1+JFYQVv5R9wt7TsDIYscA0Yc
        q3vEJsbMKeGN0ItGaVuN/TE3ZJwHzgDpsC2F/DerxctjxatFoRQYOeYNFdjsceeyT8zSmI
        5CH86ZLa93U8kgmF0sEn0htGncZihQkK8ChPzqP/V8D5sqKgntwhHcTjx023RMKTilcPv0
        RkYbjLgO16uy9K/L91MHu+0I89daD0lZOiqrBHHf9jQVVZpEUByjxQkSnkFDNA==
From:   Drew DeVault <sir@cmpwn.com>
To:     linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
        io-uring@vger.kernel.org
Cc:     Drew DeVault <sir@cmpwn.com>, Jens Axboe <axboe@kernel.dk>,
        Pavel Begunkov <asml.silence@gmail.com>
Subject: [PATCH] Increase default MLOCK_LIMIT to 8 MiB
Date:   Thu, 28 Oct 2021 10:08:13 +0200
Message-Id: <20211028080813.15966-1-sir@cmpwn.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Migadu-Flow: FLOW_OUT
X-Migadu-Auth-User: sir@cmpwn.com
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This limit has not been updated since 2008, when it was increased to 64
KiB at the request of GnuPG. Until recently, the main use-cases for this
feature were (1) preventing sensitive memory from being swapped, as in
GnuPG's use-case; and (2) real-time use-cases. In the first case, little
memory is called for, and in the second case, the user is generally in a
position to increase it if they need more.

The introduction of IOURING_REGISTER_BUFFERS adds a third use-case:
preparing fixed buffers for high-performance I/O. This use-case will
take as much of this memory as it can get, but is still limited to 64
KiB by default, which is very little. This increases the limit to 8 MB,
which was chosen fairly arbitrarily as a more generous, but still
conservative, default value.
---
It is also possible to raise this limit in userspace. This is easily
done, for example, in the use-case of a network daemon: systemd, for
instance, provides for this via LimitMEMLOCK in the service file; OpenRC
via the rc_ulimit variables. However, there is no established userspace
facility for configuring this outside of daemons: end-user applications
do not presently have access to a convenient means of raising their
limits.

The buck, as it were, stops with the kernel. It's much easier to address
it here than it is to bring it to hundreds of distributions, and it can
only realistically be relied upon to be high-enough by end-user software
if it is more-or-less ubiquitous. Most distros don't change this
particular rlimit from the kernel-supplied default value, so a change
here will easily provide that ubiquity.

 include/uapi/linux/resource.h | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/include/uapi/linux/resource.h b/include/uapi/linux/resource.h
index 74ef57b38f9f..c858c3c85fae 100644
--- a/include/uapi/linux/resource.h
+++ b/include/uapi/linux/resource.h
@@ -66,10 +66,17 @@ struct rlimit64 {
 #define _STK_LIM	(8*1024*1024)
 
 /*
- * GPG2 wants 64kB of mlocked memory, to make sure pass phrases
- * and other sensitive information are never written to disk.
+ * Limit the amount of locked memory by some sane default:
+ * root can always increase this limit if needed.
+ *
+ * The main use-cases are (1) preventing sensitive memory
+ * from being swapped; (2) real-time operations; (3) via
+ * IOURING_REGISTER_BUFFERS.
+ *
+ * The first two don't need much. The latter will take as
+ * much as it can get. 8MB is a reasonably sane default.
  */
-#define MLOCK_LIMIT	((PAGE_SIZE > 64*1024) ? PAGE_SIZE : 64*1024)
+#define MLOCK_LIMIT	((PAGE_SIZE > 8*1024*1024) ? PAGE_SIZE : 8*1024*1024)
 
 /*
  * Due to binary compatibility, the actual resource numbers
-- 
2.33.1