mqueue: revert bump up DFLT_*MAX · tjh.dev/kernel@e6315bb

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

mqueue: revert bump up DFLT_*MAX

Mqueue limitation is slightly naieve parameter likes other ipcs because
unprivileged user can consume kernel memory by using ipcs.

Thus, too aggressive raise bring us security issue. Example, current
setting allow evil unprivileged user use 256GB (= 256 * 1024 * 1024*1024)
and it's enough large to system will belome unresponsive. Don't do that.

Instead, every admin should adjust the knobs for their own systems.

Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: Doug Ledford <dledford@redhat.com>
Acked-by: Joe Korty <joe.korty@ccur.com>
Cc: Amerigo Wang <amwang@redhat.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Dave Hansen <haveblue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

KOSAKI Motohiro and committed by

Linus Torvalds 14 years ago e6315bb1 5b5c4d1a

+3 -3

1 changed file

expand all

include

linux

ipc_namespace.h

+3 -3

include/linux/ipc_namespace.h

··· 118 118 #define DFLT_QUEUESMAX 256 119 119 #define HARD_QUEUESMAX 1024 120 120 #define MIN_MSGMAX 1 121 - #define DFLT_MSG 64U 122 - #define DFLT_MSGMAX 1024 121 + #define DFLT_MSG 10U 122 + #define DFLT_MSGMAX 10 123 123 #define HARD_MSGMAX 65536 124 124 #define MIN_MSGSIZEMAX 128 125 125 #define DFLT_MSGSIZE 8192U 126 - #define DFLT_MSGSIZEMAX (1024*1024) 126 + #define DFLT_MSGSIZEMAX 8192 127 127 #define HARD_MSGSIZEMAX (16*1024*1024) 128 128 #else 129 129 static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; }