b9a53a
From 40612e4e7690c613cba7ac87b9d782724e623a39 Mon Sep 17 00:00:00 2001
b9a53a
From: =?UTF-8?q?Michal=20Sekleta=CC=81r?= <msekleta@redhat.com>
b9a53a
Date: Wed, 27 Nov 2019 14:27:58 +0100
b9a53a
Subject: [PATCH] cryptsetup: reduce the chance that we will be OOM killed
b9a53a
b9a53a
cryptsetup introduced optional locking scheme that should serialize
b9a53a
unlocking keyslots which use memory hard key derivation
b9a53a
function (argon2). Using the serialization should prevent OOM situation
b9a53a
in early boot while unlocking encrypted volumes.
b9a53a
b9a53a
(cherry picked from commit 408c81f62454684dfbff1c95ce3210d06f256e58)
b9a53a
b9a53a
Resolves: #1696602
b9a53a
---
b9a53a
 src/cryptsetup/cryptsetup.c | 6 ++++++
b9a53a
 1 file changed, 6 insertions(+)
b9a53a
b9a53a
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
b9a53a
index 4e1b3eff19..9071126c2e 100644
b9a53a
--- a/src/cryptsetup/cryptsetup.c
b9a53a
+++ b/src/cryptsetup/cryptsetup.c
b9a53a
@@ -656,6 +656,12 @@ int main(int argc, char *argv[]) {
b9a53a
                 if (arg_discards)
b9a53a
                         flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
b9a53a
 
b9a53a
+#ifdef CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF
b9a53a
+                /* Try to decrease the risk of OOM event if memory hard key derivation function is in use */
b9a53a
+                /* https://gitlab.com/cryptsetup/cryptsetup/issues/446/ */
b9a53a
+                flags |= CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF;
b9a53a
+#endif
b9a53a
+
b9a53a
                 if (arg_timeout == USEC_INFINITY)
b9a53a
                         until = 0;
b9a53a
                 else