diff options
author | Michal Sekletár <msekleta@redhat.com> | 2019-11-27 14:27:58 +0100 |
---|---|---|
committer | The Plumber <50238977+systemd-rhel-bot@users.noreply.github.com> | 2019-12-05 15:21:37 +0100 |
commit | 40612e4e7690c613cba7ac87b9d782724e623a39 (patch) | |
tree | f05facfa0e8f4f2dec64d4d547953dbaa8fb23ed | |
parent | cf1a9df1171273fc1ed3f977b5ec52aba27674bf (diff) | |
download | systemd-40612e4e7690c613cba7ac87b9d782724e623a39.tar.gz |
cryptsetup: reduce the chance that we will be OOM killed
cryptsetup introduced optional locking scheme that should serialize
unlocking keyslots which use memory hard key derivation
function (argon2). Using the serialization should prevent OOM situation
in early boot while unlocking encrypted volumes.
(cherry picked from commit 408c81f62454684dfbff1c95ce3210d06f256e58)
Resolves: #1696602
-rw-r--r-- | src/cryptsetup/cryptsetup.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 4e1b3eff19..9071126c2e 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -656,6 +656,12 @@ int main(int argc, char *argv[]) { if (arg_discards) flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; +#ifdef CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF + /* Try to decrease the risk of OOM event if memory hard key derivation function is in use */ + /* https://gitlab.com/cryptsetup/cryptsetup/issues/446/ */ + flags |= CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF; +#endif + if (arg_timeout == USEC_INFINITY) until = 0; else |