Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.6:Update
kdump.25799
kdump-calibrate-Add-LUKS2-Argon2-requirements-t...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File kdump-calibrate-Add-LUKS2-Argon2-requirements-to-the-reser.patch of Package kdump.25799
From: Petr Tesarik <ptesarik@suse.com> Date: Mon, 1 Mar 2021 12:29:50 +0100 Subject: calibrate: Add LUKS2 Argon2 requirements to the reservation References: bsc#1180513 Upstream: merged Git-commit: 3aa70633444ecd0f3fbd213a15b64c78f64bcd6b The Argon2 key derivation function (default for LUKS2 devices) usually requires a lot of RAM, which must be available in the kdump panic environment if such a device is needed to save the dump. Signed-off-by: Petr Tesarik <ptesarik@suse.com> References: jsc#SLE-13779 --- kdumptool/calibrate.cc | 111 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) --- a/kdumptool/calibrate.cc +++ b/kdumptool/calibrate.cc @@ -31,6 +31,9 @@ #include "configuration.h" #include "util.h" #include "fileutil.h" +#include "mounts.h" +#include "process.h" +#include "rootdirurl.h" // All calculations are in KiB @@ -928,6 +931,69 @@ unsigned long long MemMap::find(unsigned } //}}} +//{{{ CryptInfo ---------------------------------------------------------------- + +/** + * Given a LUKS crypto device, dump the header using 'cryptinfo' and + * parse the output looking for maximum memory requirements. + */ +class CryptInfo { + unsigned long m_memory; + + public: + CryptInfo(std::string const& device); + + /** + * Get memory requirements. + * + * @return Maximum memory in KiB needed to open the device + */ + unsigned long memory(void) const + { return m_memory; } +}; + +// ----------------------------------------------------------------------------- +CryptInfo::CryptInfo(std::string const& device) + : m_memory(0) +{ + Debug::debug()->trace("CryptInfo::CryptInfo(%s)", device.c_str()); + + ProcessFilter p; + + StringVector args; + args.push_back("luksDump"); + args.push_back(device); + + std::ostringstream stdoutStream, stderrStream; + p.setStdout(&stdoutStream); + p.setStderr(&stderrStream); + int ret = p.execute("cryptsetup", args); + if (ret != 0) { + KString error = stderrStream.str(); + throw KError("cryptsetup failed: " + error.trim()); + } + + KString out = stdoutStream.str(); + size_t pos = 0; + while (pos < out.length()) { + size_t end = out.find_first_of("\r\n", pos); + size_t sep = out.find(':', pos); + if (sep < end) { + KString key = out.substr(pos, sep - pos); + if (key.trim() == "Memory") { + KString val = out.substr(sep + 1, end - sep - 1); + unsigned long memory = Stringutil::string2llong(val.trim()); + Debug::debug()->dbg("Crypto device %s needs %lu KiB", + device.c_str(), memory); + if (memory > m_memory) + m_memory = memory; + } + } + pos = out.find_first_not_of("\r\n", end); + } +} + +//}}} //{{{ Calibrate ---------------------------------------------------------------- // ----------------------------------------------------------------------------- @@ -996,6 +1062,51 @@ void Calibrate::execute() required += DEF_FRAMEBUFFER_KB; } + // LUKS Argon2 hash requires a lot of memory + try { + FilesystemTypeMap map; + + if (config->KDUMP_COPY_KERNEL.value()) { + try { + map.addPath("/boot"); + } catch (KError) { + // ignore device resolution failures + } + } + + std::istringstream iss(config->KDUMP_SAVEDIR.value()); + std::string elem; + while (iss >> elem) { + RootDirURL url(elem, std::string()); + if (url.getProtocol() == RootDirURL::PROT_FILE) { + try { + map.addPath(url.getRealPath()); + } catch (KError) { + // ignore device resolution failures + } + } + } + + unsigned long crypto_mem = 0; + StringStringMap devices = map.devices(); + for (StringStringMap::iterator it = devices.begin(); + it != devices.end(); + ++it) { + if (it->second == "crypto_LUKS") { + CryptInfo info(it->first); + if (crypto_mem < info.memory()) + crypto_mem = info.memory(); + } + } + required += crypto_mem; + + Debug::debug()->dbg("Adding %lu KiB for crypto devices", + crypto_mem); + } catch (KError e) { + Debug::debug()->dbg("Cannot check encrypted volumes: %s", e.what()); + // Fall back to no allocation + } + // Add space for constant slabs try { SlabInfos slab;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor