|
 |
da373f |
From ee88832841e82a407c9df44a82b87270ec0d492b Mon Sep 17 00:00:00 2001
|
|
|
da373f |
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
|
da373f |
Date: Tue, 30 Jun 2020 17:34:47 +0100
|
|
|
da373f |
Subject: [PATCH] lib: Increase default memsize to 1280 (RHBZ#1837765).
|
|
|
da373f |
|
|
|
da373f |
Argon2 is the default LUKS Password-Based Key Derivation Function
|
|
|
da373f |
(PBKDF) for some new guests such as RHEL 8.2 and Fedora. It is
|
|
|
da373f |
designed to be "memory hard", meaning that by design it requires large
|
|
|
da373f |
amounts of memory, making it expensive to brute-force. Unfortunately
|
|
|
da373f |
the default for guests which had more than a few GB of RAM at install
|
|
|
da373f |
time is to require about 1 GB of RAM to decrypt the block device,
|
|
|
da373f |
which is considerably larger than the default available in the
|
|
|
da373f |
libguestfs appliance.
|
|
|
da373f |
|
|
|
da373f |
To make it possible to open these encrypted disks we need to make the
|
|
|
da373f |
appliance larger. This could be done as a one-off, and the current
|
|
|
da373f |
workaround is simply to set LIBGUESTFS_MEMSIZE=2048 or a similar
|
|
|
da373f |
amount. However since we don't know in advance whether we could be
|
|
|
da373f |
dealing with an encrypted disk, partition, etc. or what PBKDF it uses,
|
|
|
da373f |
the only way to deal with this in all circumstances is to increase the
|
|
|
da373f |
default memsize. This commit increases it quite a lot (768 -> 1280)
|
|
|
da373f |
which is unfortunate.
|
|
|
da373f |
|
|
|
da373f |
Note as there is some confusion on this point: Since libguestfs does
|
|
|
da373f |
not attempt to decrypt disks in parallel, you only need ~ 1GB in
|
|
|
da373f |
total, not per encrypted disk.
|
|
|
da373f |
|
|
|
da373f |
For a reproducer, see:
|
|
|
da373f |
https://bugzilla.redhat.com/show_bug.cgi?id=1837765#c14
|
|
|
da373f |
|
|
|
da373f |
(cherry picked from commit 224f373043302845122bf701ffc6e3416e0168fa)
|
|
|
da373f |
---
|
|
|
da373f |
lib/guestfs-internal.h | 6 +++---
|
|
|
da373f |
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
da373f |
|
|
|
da373f |
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
|
|
|
da373f |
index 75b8a5c8e..30553d7c0 100644
|
|
|
da373f |
--- a/lib/guestfs-internal.h
|
|
|
da373f |
+++ b/lib/guestfs-internal.h
|
|
|
da373f |
@@ -94,7 +94,7 @@
|
|
|
da373f |
* creating device nodes.
|
|
|
da373f |
*/
|
|
|
da373f |
#ifdef __powerpc__
|
|
|
da373f |
-# define DEFAULT_MEMSIZE 1024
|
|
|
da373f |
+# define DEFAULT_MEMSIZE 1280
|
|
|
da373f |
#endif
|
|
|
da373f |
|
|
|
da373f |
/* Kernel 3.19 is unable to uncompress the initramfs on aarch64 unless
|
|
|
da373f |
@@ -103,12 +103,12 @@
|
|
|
da373f |
* common on aarch64, treat this like the ppc case above.
|
|
|
da373f |
*/
|
|
|
da373f |
#ifdef __aarch64__
|
|
|
da373f |
-# define DEFAULT_MEMSIZE 1024
|
|
|
da373f |
+# define DEFAULT_MEMSIZE 1280
|
|
|
da373f |
#endif
|
|
|
da373f |
|
|
|
da373f |
/* The default and minimum memory size for most users. */
|
|
|
da373f |
#ifndef DEFAULT_MEMSIZE
|
|
|
da373f |
-# define DEFAULT_MEMSIZE 768
|
|
|
da373f |
+# define DEFAULT_MEMSIZE 1280
|
|
|
da373f |
#endif
|
|
|
da373f |
#ifndef MIN_MEMSIZE
|
|
|
da373f |
# define MIN_MEMSIZE 256
|
|
|
da373f |
--
|
|
|
da373f |
2.18.4
|
|
|
da373f |
|