Package: release.debian.org Severity: normal Tags: bookworm User: release.debian.org@packages.debian.org Usertags: pu Control: affects -1 + src:cryptsetup Dear Release Team, [ Reason ] It was discovered that the upstream patch mitigating #1028250 was incomplete: `cryptsetup luksFormat` still caused OOM on some memory constrained systems. This was fixed upstream in a new MR, which is backported in sid in 2:2.6.1-4. Unfortunately the version (like -3) is barred from entering testing due to a dependency on libargon2-1-udeb ≥0~20190702+dfsg, hence the request to go via t-p-u instead. See https://bugs.debian.org/1032235#107 . [ Impact ] Running `cryptsetup luksFormat` might OOM on systems with ≤1G RAM when the memory pressure exceeds 50%. Concretely, that means one might not be able to relying use the “encrypted LVM” partitioning scheme from the graphical installer on such systems. [ Tests ] * DEP-8 tests, incl. full upstream test suite and cryptroot tests. * Comparison of memory costs between releases from d-i depending on the amount of RAM: https://bugs.debian.org/1028250#78 . [ Risks ] The change only affets systems with <2G RAM, and among those only the ones without swap area. That includes low-memory rescue systems and d-i, but not “normal systems”. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [x] the issue is verified as fixed in unstable [ Changes ] Backport upstream MR https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/498 : + 7893c33d: Check for physical memory available also in PBKDF benchmark. + 6721d3a8: Use only half of detected free memory on systems without swap. [ Other info ] CC'ing kibi for d-i-ack. -- Guilhem.
diffstat for cryptsetup-2.6.1 cryptsetup-2.6.1
changelog | 14 +
patches/Check-for-physical-memory-available-also-in-PBKDF-benchma.patch | 74 ++++++++++
patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch | 43 +++++
patches/series | 2
4 files changed, 133 insertions(+)
diff -Nru cryptsetup-2.6.1/debian/changelog cryptsetup-2.6.1/debian/changelog
--- cryptsetup-2.6.1/debian/changelog 2023-03-26 19:18:59.000000000 +0200
+++ cryptsetup-2.6.1/debian/changelog 2023-04-21 00:54:29.000000000 +0200
@@ -1,3 +1,17 @@
+cryptsetup (2:2.6.1-4~deb12u1) bookworm; urgency=medium
+
+ * Rebuild for Bookworm.
+
+ -- Guilhem Moulin <guilhem@debian.org> Fri, 21 Apr 2023 00:54:29 +0200
+
+cryptsetup (2:2.6.1-4) unstable; urgency=medium
+
+ * Backport upstream MR !498, see #1028250:
+ + 7893c33d: Check for physical memory available also in PBKDF benchmark.
+ + 6721d3a8: Use only half of detected free memory on systems without swap.
+
+ -- Guilhem Moulin <guilhem@debian.org> Thu, 20 Apr 2023 23:46:08 +0200
+
cryptsetup (2:2.6.1-3~deb12u1) bookworm; urgency=medium
* Rebuild for Bookworm.
diff -Nru cryptsetup-2.6.1/debian/patches/Check-for-physical-memory-available-also-in-PBKDF-benchma.patch cryptsetup-2.6.1/debian/patches/Check-for-physical-memory-available-also-in-PBKDF-benchma.patch
--- cryptsetup-2.6.1/debian/patches/Check-for-physical-memory-available-also-in-PBKDF-benchma.patch 1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-2.6.1/debian/patches/Check-for-physical-memory-available-also-in-PBKDF-benchma.patch 2023-04-21 00:54:29.000000000 +0200
@@ -0,0 +1,74 @@
+From: Milan Broz <gmazyland@gmail.com>
+Date: Mon, 3 Apr 2023 13:31:16 +0200
+Subject: Check for physical memory available also in PBKDF benchmark.
+
+Origin: https://gitlab.com/cryptsetup/cryptsetup/-/commit/7893c33d71cde09e240234c484c6c468f22c2fe7
+Bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/802#note_1328592911
+Bug-Debian: https://bugs.debian.org/1028250
+---
+ lib/internal.h | 1 +
+ lib/utils_benchmark.c | 9 +++++++++
+ lib/utils_pbkdf.c | 4 ++--
+ 3 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/lib/internal.h b/lib/internal.h
+index 98095fa..f261cae 100644
+--- a/lib/internal.h
++++ b/lib/internal.h
+@@ -89,6 +89,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
+ struct crypt_pbkdf_type *pbkdf,
+ size_t volume_key_size);
+ const char *crypt_get_cipher_spec(struct crypt_device *cd);
++uint32_t pbkdf_adjusted_phys_memory_kb(void);
+
+ /* Device backend */
+ struct device;
+diff --git a/lib/utils_benchmark.c b/lib/utils_benchmark.c
+index 728e4df..a0326ce 100644
+--- a/lib/utils_benchmark.c
++++ b/lib/utils_benchmark.c
+@@ -101,6 +101,7 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd,
+ {
+ int r, priority;
+ const char *kdf_opt;
++ uint32_t memory_kb;
+
+ if (!pbkdf || (!password && password_size))
+ return -EINVAL;
+@@ -113,6 +114,14 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd,
+
+ log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt);
+
++ memory_kb = pbkdf_adjusted_phys_memory_kb();
++ if (memory_kb < pbkdf->max_memory_kb) {
++ log_dbg(cd, "Not enough physical memory detected, "
++ "PBKDF max memory decreased from %dkB to %dkB.",
++ pbkdf->max_memory_kb, memory_kb);
++ pbkdf->max_memory_kb = memory_kb;
++ }
++
+ crypt_process_priority(cd, &priority, true);
+ r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size,
+ salt, salt_size, volume_key_size, pbkdf->time_ms,
+diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c
+index d8f41c7..b2d4fa0 100644
+--- a/lib/utils_pbkdf.c
++++ b/lib/utils_pbkdf.c
+@@ -61,7 +61,7 @@ const struct crypt_pbkdf_type *crypt_get_pbkdf_type_params(const char *pbkdf_typ
+ return NULL;
+ }
+
+-static uint32_t adjusted_phys_memory(void)
++uint32_t pbkdf_adjusted_phys_memory_kb(void)
+ {
+ uint64_t free_kb, memory_kb = crypt_getphysmemory_kb();
+
+@@ -258,7 +258,7 @@ int init_pbkdf_type(struct crypt_device *cd,
+ }
+
+ if (cd_pbkdf->max_memory_kb) {
+- memory_kb = adjusted_phys_memory();
++ memory_kb = pbkdf_adjusted_phys_memory_kb();
+ if (cd_pbkdf->max_memory_kb > memory_kb) {
+ log_dbg(cd, "Not enough physical memory detected, "
+ "PBKDF max memory decreased from %dkB to %dkB.",
diff -Nru cryptsetup-2.6.1/debian/patches/series cryptsetup-2.6.1/debian/patches/series
--- cryptsetup-2.6.1/debian/patches/series 2023-03-26 19:18:59.000000000 +0200
+++ cryptsetup-2.6.1/debian/patches/series 2023-04-21 00:54:29.000000000 +0200
@@ -1,2 +1,4 @@
Try-to-avoid-OOM-killer-on-low-memory-systems-without-swa.patch
Print-warning-when-keyslot-requires-more-memory-than-avai.patch
+Check-for-physical-memory-available-also-in-PBKDF-benchma.patch
+Use-only-half-of-detected-free-memory-on-systems-without-.patch
diff -Nru cryptsetup-2.6.1/debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch cryptsetup-2.6.1/debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch
--- cryptsetup-2.6.1/debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch 1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-2.6.1/debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch 2023-04-21 00:54:29.000000000 +0200
@@ -0,0 +1,43 @@
+From: Milan Broz <gmazyland@gmail.com>
+Date: Mon, 17 Apr 2023 13:41:17 +0200
+Subject: Use only half of detected free memory on systems without swap.
+
+As tests shows, limiting used Argon2 memory to free memory on
+systems without swap is still not enough.
+Use just half of it, this should bring needed margin while
+still use Argon2.
+
+Note, for very-low memory constrained systems user should
+avoid memory-hard PBKDF (IOW manually select PBKDF2), we
+do not do this automatically.
+
+Origin: https://gitlab.com/cryptsetup/cryptsetup/-/commit/6721d3a8b29b13fe88aeeaefe09d457e99d1c6fa
+Bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/802#note_1328592911
+Bug-Debian: https://bugs.debian.org/1028250
+---
+ lib/utils_pbkdf.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c
+index b2d4fa0..7399bd2 100644
+--- a/lib/utils_pbkdf.c
++++ b/lib/utils_pbkdf.c
+@@ -76,10 +76,17 @@ uint32_t pbkdf_adjusted_phys_memory_kb(void)
+ memory_kb /= 2;
+
+ /*
+- * Never use more that available free space on system without swap.
++ * Never use more that half of available free memory on system without swap.
+ */
+ if (!crypt_swapavailable()) {
+ free_kb = crypt_getphysmemoryfree_kb();
++
++ /*
++ * Using exactly free memory causes OOM too, use only half of the value.
++ * Ignore small values (< 64MB), user should use PBKDF2 in such environment.
++ */
++ free_kb /= 2;
++
+ if (free_kb > (64 * 1024) && free_kb < memory_kb)
+ return free_kb;
+ }
Attachment:
signature.asc
Description: PGP signature