mirror of
https://github.com/systemd/systemd.git
synced 2024-10-28 11:55:44 +03:00
cryptsetup-generator: set high OOM score for systemd-cryptsetup instances
With new LUKS2 header format it is possible to use Argon2 key derivation function. This function is "memory-hard" hence keyslot unlocking can potentially use a lot of RAM as this increases resistance to massively parallel GPU based password cracking. However, when multiple systemd-cryptsetup binaries run at the same time it is very likely that system using Argon2 (e.g. Fedora 30) will encounter memory-pressure during early boot, following OOM killing spree. This patch aims to lower the damage done by OOM killer and sets OOMScore for systemd-cryptsetup units to 500. Hopefully OOM killer will then shoot us down and leave rest of the system services alone.
This commit is contained in:
parent
e8413b651b
commit
48da47eeca
@ -265,6 +265,7 @@ static int create_disk(
|
||||
"RemainAfterExit=yes\n"
|
||||
"TimeoutSec=0\n" /* the binary handles timeouts anyway */
|
||||
"KeyringMode=shared\n" /* make sure we can share cached keys among instances */
|
||||
"OOMScoreAdjust=500\n" /* unlocking can allocate a lot of memory if Argon2 is used */
|
||||
"ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
|
||||
"ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
|
||||
name_escaped, u_escaped, strempty(password_escaped), strempty(filtered_escaped),
|
||||
|
Loading…
Reference in New Issue
Block a user