teknoraver / rpms / systemd

Forked from rpms/systemd 2 months ago
Clone

Blame SOURCES/0291-cryptsetup-reduce-the-chance-that-we-will-be-OOM-kil.patch

Brian Stinson 2593d8
From 40612e4e7690c613cba7ac87b9d782724e623a39 Mon Sep 17 00:00:00 2001
Brian Stinson 2593d8
From: =?UTF-8?q?Michal=20Sekleta=CC=81r?= <msekleta@redhat.com>
Brian Stinson 2593d8
Date: Wed, 27 Nov 2019 14:27:58 +0100
Brian Stinson 2593d8
Subject: [PATCH] cryptsetup: reduce the chance that we will be OOM killed
Brian Stinson 2593d8
Brian Stinson 2593d8
cryptsetup introduced optional locking scheme that should serialize
Brian Stinson 2593d8
unlocking keyslots which use memory hard key derivation
Brian Stinson 2593d8
function (argon2). Using the serialization should prevent OOM situation
Brian Stinson 2593d8
in early boot while unlocking encrypted volumes.
Brian Stinson 2593d8
Brian Stinson 2593d8
(cherry picked from commit 408c81f62454684dfbff1c95ce3210d06f256e58)
Brian Stinson 2593d8
Brian Stinson 2593d8
Resolves: #1696602
Brian Stinson 2593d8
---
Brian Stinson 2593d8
 src/cryptsetup/cryptsetup.c | 6 ++++++
Brian Stinson 2593d8
 1 file changed, 6 insertions(+)
Brian Stinson 2593d8
Brian Stinson 2593d8
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
Brian Stinson 2593d8
index 4e1b3eff19..9071126c2e 100644
Brian Stinson 2593d8
--- a/src/cryptsetup/cryptsetup.c
Brian Stinson 2593d8
+++ b/src/cryptsetup/cryptsetup.c
Brian Stinson 2593d8
@@ -656,6 +656,12 @@ int main(int argc, char *argv[]) {
Brian Stinson 2593d8
                 if (arg_discards)
Brian Stinson 2593d8
                         flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
Brian Stinson 2593d8
 
Brian Stinson 2593d8
+#ifdef CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF
Brian Stinson 2593d8
+                /* Try to decrease the risk of OOM event if memory hard key derivation function is in use */
Brian Stinson 2593d8
+                /* https://gitlab.com/cryptsetup/cryptsetup/issues/446/ */
Brian Stinson 2593d8
+                flags |= CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF;
Brian Stinson 2593d8
+#endif
Brian Stinson 2593d8
+
Brian Stinson 2593d8
                 if (arg_timeout == USEC_INFINITY)
Brian Stinson 2593d8
                         until = 0;
Brian Stinson 2593d8
                 else