diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:06:26 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:06:26 +0000 |
| commit | fd888e850cf413955483bfb993aeeea5ea611289 (patch) | |
| tree | 6148fed3d1f30272c48403f4cdefa59c2b7e1513 /debian/patches/Print-warning-when-keyslot-requires-more-memory-than-avai.patch | |
| parent | Adding upstream version 2:2.6.1. (diff) | |
| download | cryptsetup-debian.tar.xz cryptsetup-debian.zip | |
Adding debian version 2:2.6.1-4~deb12u2.debian/2%2.6.1-4_deb12u2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
| -rw-r--r-- | debian/patches/Print-warning-when-keyslot-requires-more-memory-than-avai.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/debian/patches/Print-warning-when-keyslot-requires-more-memory-than-avai.patch b/debian/patches/Print-warning-when-keyslot-requires-more-memory-than-avai.patch new file mode 100644 index 0000000..91bab91 --- /dev/null +++ b/debian/patches/Print-warning-when-keyslot-requires-more-memory-than-avai.patch @@ -0,0 +1,49 @@ +From: Milan Broz <gmazyland@gmail.com> +Date: Tue, 28 Feb 2023 14:18:10 +0100 +Subject: Print warning when keyslot requires more memory than available + +This warning is displayed only if maximum memory was adjusted: +no swap, not enough memory, but is not printed if user set keyslot +memory cost above default limit intentionally. + +In the latter case we have to check all available memory and guess +if swap is enough - this is not job af cryptsetup and also +it should not excessively parse any /sys files during keyslot open. + +Origin: https://gitlab.com/cryptsetup/cryptsetup/-/commit/27f8e5c08f0e0054225c9a2b1eda5b4200d4565b +Bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/802#note_1287298872 +Bug-Debian: https://bugs.debian.org/1032734 +--- + lib/luks2/luks2_keyslot_luks2.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c +index 491dcad..3be1135 100644 +--- a/lib/luks2/luks2_keyslot_luks2.c ++++ b/lib/luks2/luks2_keyslot_luks2.c +@@ -307,7 +307,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd, + char *volume_key, size_t volume_key_len) + { + struct volume_key *derived_key = NULL; +- struct crypt_pbkdf_type pbkdf; ++ struct crypt_pbkdf_type pbkdf, *cd_pbkdf; + char *AfKey = NULL; + size_t AFEKSize; + const char *af_hash = NULL; +@@ -360,6 +360,16 @@ static int luks2_keyslot_get_key(struct crypt_device *cd, + goto out; + } + ++ /* ++ * Print warning when keyslot requires more memory than available ++ * (if maximum memory was adjusted - no swap, not enough memory), ++ * but be silent if user set keyslot memory cost above default limit intentionally. ++ */ ++ cd_pbkdf = crypt_get_pbkdf(cd); ++ if (cd_pbkdf->max_memory_kb && pbkdf.max_memory_kb > cd_pbkdf->max_memory_kb && ++ pbkdf.max_memory_kb <= DEFAULT_LUKS2_MEMORY_KB) ++ log_std(cd, _("Warning: keyslot operation could fail as it requires more than available memory.\n")); ++ + /* + * If requested, serialize unlocking for memory-hard KDF. Usually NOOP. + */ |