pool/cryptsetup
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
82af2dfa2d
cryptsetup/cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
Pedro Monreal Gonzalez 82af2dfa2d Accepting request 1098511 from home:pmonrealgonzalez:branches:security 
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
  * Check for physical memory available also in PBKDF benchmark.
  * Try to avoid OOM killer on low-memory systems without swap.
  * Use only half of detected free memory on systems without swap.
  * Add patches:
    - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
    - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
    - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch

OBS-URL: https://build.opensuse.org/request/show/1098511
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=190
2023-07-13 11:20:07 +00:00

42 lines
1.4 KiB
Diff
Raw Blame History

From 6721d3a8b29b13fe88aeeaefe09d457e99d1c6fa Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Mon, 17 Apr 2023 13:41:17 +0200
Subject: [PATCH] Use only half of detected free memory on systems without
swap.
As tests shows, limiting used Argon2 memory to free memory on
systems without swap is still not enough.
Use just half of it, this should bring needed margin while
still use Argon2.
Note, for very-low memory constrained systems user should
avoid memory-hard PBKDF (IOW manually select PBKDF2), we
do not do this automatically.
---
lib/utils_pbkdf.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
Index: cryptsetup-2.6.1/lib/utils_pbkdf.c
===================================================================
--- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c
+++ cryptsetup-2.6.1/lib/utils_pbkdf.c
@@ -76,10 +76,17 @@ uint32_t pbkdf_adjusted_phys_memory_kb(v
memory_kb /= 2;
/*
- * Never use more that available free space on system without swap.
+ * Never use more that half of available free memory on system without swap.
*/
if (!crypt_swapavailable()) {
free_kb = crypt_getphysmemoryfree_kb();
+
+ /*
+ * Using exactly free memory causes OOM too, use only half of the value.
+ * Ignore small values (< 64MB), user should use PBKDF2 in such environment.
+ */
+ free_kb /= 2;
+
if (free_kb > (64 * 1024) && free_kb < memory_kb)
return free_kb;
}
Reference in New Issue View Git Blame Copy Permalink