cryptsetup: reduce the chance that we will be OOM killed

cryptsetup introduced optional locking scheme that should serialize unlocking keyslots which use memory hard key derivation function (argon2). Using the serialization should prevent OOM situation in early boot while unlocking encrypted volumes.
author: Michal Sekletár <msekleta@redhat.com> 2019-11-27 14:27:58 +0100
committer: Lennart Poettering <lennart@poettering.net> 2019-11-27 18:34:36 +0100
commit: 408c81f62454684dfbff1c95ce3210d06f256e58 (patch)
tree: 4c80eed7f2f2fb9ee0a5c5648462f8034e10c366 /src/cryptsetup
parent: 6cf5c3318f55dd1cee7efba190d5b4e3848e5ecb (diff)
download: systemd-408c81f62454684dfbff1c95ce3210d06f256e58.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 553b1afb47..8723eb4c01 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -599,6 +599,12 @@ static uint32_t determine_flags(void) {
         if (arg_submit_from_crypt_cpus)
                 flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
 
+#ifdef CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF
+        /* Try to decrease the risk of OOM event if memory hard key derivation function is in use */
+        /* https://gitlab.com/cryptsetup/cryptsetup/issues/446/ */
+        flags |= CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF;
+#endif
+
         return flags;
 }
author	Michal Sekletár <msekleta@redhat.com>	2019-11-27 14:27:58 +0100
committer	Lennart Poettering <lennart@poettering.net>	2019-11-27 18:34:36 +0100
commit	408c81f62454684dfbff1c95ce3210d06f256e58 (patch)
tree	4c80eed7f2f2fb9ee0a5c5648462f8034e10c366 /src/cryptsetup
parent	6cf5c3318f55dd1cee7efba190d5b4e3848e5ecb (diff)
download	systemd-408c81f62454684dfbff1c95ce3210d06f256e58.tar.gz