Commit e6315bb1 authored May 31, 2012 by KOSAKI Motohiro Committed by Linus Torvalds May 31, 2012

mqueue: revert bump up DFLT_*MAX



Mqueue limitation is slightly naieve parameter likes other ipcs because
unprivileged user can consume kernel memory by using ipcs.

Thus, too aggressive raise bring us security issue.  Example, current
setting allow evil unprivileged user use 256GB (= 256 * 1024 * 1024*1024)
and it's enough large to system will belome unresponsive.  Don't do that.

Instead, every admin should adjust the knobs for their own systems.

Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: Doug Ledford <dledford@redhat.com>
Acked-by: Joe Korty <joe.korty@ccur.com>
Cc: Amerigo Wang <amwang@redhat.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Dave Hansen <haveblue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 5b5c4d1a

include/linux/ipc_namespace.h

+3 −3

Original line number	Diff line number	Diff line
		@@ -118,12 +118,12 @@ extern int mq_init_ns(struct ipc_namespace *ns);
		#define DFLT_QUEUESMAX 256
		#define HARD_QUEUESMAX 1024
		#define MIN_MSGMAX 1
		#define DFLT_MSG 64U
		#define DFLT_MSGMAX 1024
		#define DFLT_MSG 10U
		#define DFLT_MSGMAX 10
		#define HARD_MSGMAX 65536
		#define MIN_MSGSIZEMAX 128
		#define DFLT_MSGSIZE 8192U
		#define DFLT_MSGSIZEMAX (1024*1024)
		#define DFLT_MSGSIZEMAX 8192
		#define HARD_MSGSIZEMAX (1610241024)
		#else
		static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; }