From fd888e850cf413955483bfb993aeeea5ea611289 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 10:06:26 +0200 Subject: Adding debian version 2:2.6.1-4~deb12u2. Signed-off-by: Daniel Baumann --- ...-detected-free-memory-on-systems-without-.patch | 43 ++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch (limited to 'debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch') diff --git a/debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch b/debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch new file mode 100644 index 0000000..caf47ce --- /dev/null +++ b/debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch @@ -0,0 +1,43 @@ +From: Milan Broz +Date: Mon, 17 Apr 2023 13:41:17 +0200 +Subject: Use only half of detected free memory on systems without swap. + +As tests shows, limiting used Argon2 memory to free memory on +systems without swap is still not enough. +Use just half of it, this should bring needed margin while +still use Argon2. + +Note, for very-low memory constrained systems user should +avoid memory-hard PBKDF (IOW manually select PBKDF2), we +do not do this automatically. + +Origin: https://gitlab.com/cryptsetup/cryptsetup/-/commit/6721d3a8b29b13fe88aeeaefe09d457e99d1c6fa +Bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/802#note_1328592911 +Bug-Debian: https://bugs.debian.org/1028250 +--- + lib/utils_pbkdf.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c +index b2d4fa0..7399bd2 100644 +--- a/lib/utils_pbkdf.c ++++ b/lib/utils_pbkdf.c +@@ -76,10 +76,17 @@ uint32_t pbkdf_adjusted_phys_memory_kb(void) + memory_kb /= 2; + + /* +- * Never use more that available free space on system without swap. ++ * Never use more that half of available free memory on system without swap. + */ + if (!crypt_swapavailable()) { + free_kb = crypt_getphysmemoryfree_kb(); ++ ++ /* ++ * Using exactly free memory causes OOM too, use only half of the value. ++ * Ignore small values (< 64MB), user should use PBKDF2 in such environment. ++ */ ++ free_kb /= 2; ++ + if (free_kb > (64 * 1024) && free_kb < memory_kb) + return free_kb; + } -- cgit v1.2.3