picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

cryptsetup: reduce the chance that we will be OOM killed

Browse source 
cryptsetup introduced optional locking scheme that should serialize
unlocking keyslots which use memory hard key derivation
function (argon2). Using the serialization should prevent OOM situation
in early boot while unlocking encrypted volumes.
This commit is contained in:
Michal Sekletár 2019-11-27 14:27:58 +01:00 committed by Lennart Poettering
parent 6cf5c3318f
commit 408c81f624
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/cryptsetup/cryptsetup.c
View file

@ -599,6 +599,12 @@ static uint32_t determine_flags(void) {
if (arg_submit_from_crypt_cpus)
flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
#ifdef CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF
/* Try to decrease the risk of OOM event if memory hard key derivation function is in use */
/* https://gitlab.com/cryptsetup/cryptsetup/issues/446/ */
flags |= CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF;
#endif
return flags;
}