With the new Linux Kernel Crypto API User Space Interface and its underlying socket interface, the current default value for `net.core.optmem_max` can be exhausted pretty quick. On 32 bit systems it is not even enough for sending 16 IOVECs at once to the socket interface.
To provide consumers of this new user space interface a sufficient and reasonable maximum ancillary buffer size per socket by default, the limit is increased to four times of the previous setting: * 32 bit systems: from 10240 bytes to 40960 bytes * 64 bit systems: from 20480 bytes to 81920 bytes This allows for sending 32/64 (32/64 bit) parallel IOVECs at once to the socket interface, which should be enough for use in real world applications. Signed-off-by: Björn Esser <besse...@fedoraproject.org> --- Index: linux-4.15/net/core/sock.c =================================================================== --- linux-4.15.orig/net/core/sock.c +++ linux-4.15/net/core/sock.c @@ -316,7 +316,7 @@ __u32 sysctl_wmem_default __read_mostly __u32 sysctl_rmem_default __read_mostly = SK_RMEM_MAX; /* Maximal space eaten by iovec or ancillary data plus some space */ -int sysctl_optmem_max __read_mostly = sizeof(unsigned long)*(2*UIO_MAXIOV+512); +int sysctl_optmem_max __read_mostly = sizeof(unsigned long)*4*(2*UIO_MAXIOV+512); EXPORT_SYMBOL(sysctl_optmem_max); int sysctl_tstamp_allow_data __read_mostly = 1;
signature.asc
Description: This is a digitally signed message part
