Commit e6315bb1 authored by KOSAKI Motohiro's avatar KOSAKI Motohiro Committed by Linus Torvalds

mqueue: revert bump up DFLT_*MAX

Mqueue limitation is slightly naieve parameter likes other ipcs because
unprivileged user can consume kernel memory by using ipcs.

Thus, too aggressive raise bring us security issue.  Example, current
setting allow evil unprivileged user use 256GB (= 256 * 1024 * 1024*1024)
and it's enough large to system will belome unresponsive.  Don't do that.

Instead, every admin should adjust the knobs for their own systems.
Signed-off-by: default avatarKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: default avatarDoug Ledford <dledford@redhat.com>
Acked-by: default avatarJoe Korty <joe.korty@ccur.com>
Cc: Amerigo Wang <amwang@redhat.com>
Acked-by: default avatarSerge E. Hallyn <serue@us.ibm.com>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Dave Hansen <haveblue@us.ibm.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 5b5c4d1a
...@@ -118,12 +118,12 @@ extern int mq_init_ns(struct ipc_namespace *ns); ...@@ -118,12 +118,12 @@ extern int mq_init_ns(struct ipc_namespace *ns);
#define DFLT_QUEUESMAX 256 #define DFLT_QUEUESMAX 256
#define HARD_QUEUESMAX 1024 #define HARD_QUEUESMAX 1024
#define MIN_MSGMAX 1 #define MIN_MSGMAX 1
#define DFLT_MSG 64U #define DFLT_MSG 10U
#define DFLT_MSGMAX 1024 #define DFLT_MSGMAX 10
#define HARD_MSGMAX 65536 #define HARD_MSGMAX 65536
#define MIN_MSGSIZEMAX 128 #define MIN_MSGSIZEMAX 128
#define DFLT_MSGSIZE 8192U #define DFLT_MSGSIZE 8192U
#define DFLT_MSGSIZEMAX (1024*1024) #define DFLT_MSGSIZEMAX 8192
#define HARD_MSGSIZEMAX (16*1024*1024) #define HARD_MSGSIZEMAX (16*1024*1024)
#else #else
static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; } static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment