Why even accept ramdisk=<size> or limit the size at all? Since
the new ramdisk won't waste space unless it is actually used,
there is no reason to have the parameter. If the intent is to
protect against root doing 'cat /dev/zero >> /dev/ram0', then
you won't protect a 4 MB system anyway. With this one, I think
root should be allowed to shoot himself in the foot (with
water-gun until foot rots off). Real protection would be to
limit total ramdisk+mlocked memory to 75%.