67 lines
2.3 KiB
Diff
67 lines
2.3 KiB
Diff
From ee88832841e82a407c9df44a82b87270ec0d492b Mon Sep 17 00:00:00 2001
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
Date: Tue, 30 Jun 2020 17:34:47 +0100
|
|
Subject: [PATCH] lib: Increase default memsize to 1280 (RHBZ#1837765).
|
|
|
|
Argon2 is the default LUKS Password-Based Key Derivation Function
|
|
(PBKDF) for some new guests such as RHEL 8.2 and Fedora. It is
|
|
designed to be "memory hard", meaning that by design it requires large
|
|
amounts of memory, making it expensive to brute-force. Unfortunately
|
|
the default for guests which had more than a few GB of RAM at install
|
|
time is to require about 1 GB of RAM to decrypt the block device,
|
|
which is considerably larger than the default available in the
|
|
libguestfs appliance.
|
|
|
|
To make it possible to open these encrypted disks we need to make the
|
|
appliance larger. This could be done as a one-off, and the current
|
|
workaround is simply to set LIBGUESTFS_MEMSIZE=2048 or a similar
|
|
amount. However since we don't know in advance whether we could be
|
|
dealing with an encrypted disk, partition, etc. or what PBKDF it uses,
|
|
the only way to deal with this in all circumstances is to increase the
|
|
default memsize. This commit increases it quite a lot (768 -> 1280)
|
|
which is unfortunate.
|
|
|
|
Note as there is some confusion on this point: Since libguestfs does
|
|
not attempt to decrypt disks in parallel, you only need ~ 1GB in
|
|
total, not per encrypted disk.
|
|
|
|
For a reproducer, see:
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1837765#c14
|
|
|
|
(cherry picked from commit 224f373043302845122bf701ffc6e3416e0168fa)
|
|
---
|
|
lib/guestfs-internal.h | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h
|
|
index 75b8a5c8e..30553d7c0 100644
|
|
--- a/lib/guestfs-internal.h
|
|
+++ b/lib/guestfs-internal.h
|
|
@@ -94,7 +94,7 @@
|
|
* creating device nodes.
|
|
*/
|
|
#ifdef __powerpc__
|
|
-# define DEFAULT_MEMSIZE 1024
|
|
+# define DEFAULT_MEMSIZE 1280
|
|
#endif
|
|
|
|
/* Kernel 3.19 is unable to uncompress the initramfs on aarch64 unless
|
|
@@ -103,12 +103,12 @@
|
|
* common on aarch64, treat this like the ppc case above.
|
|
*/
|
|
#ifdef __aarch64__
|
|
-# define DEFAULT_MEMSIZE 1024
|
|
+# define DEFAULT_MEMSIZE 1280
|
|
#endif
|
|
|
|
/* The default and minimum memory size for most users. */
|
|
#ifndef DEFAULT_MEMSIZE
|
|
-# define DEFAULT_MEMSIZE 768
|
|
+# define DEFAULT_MEMSIZE 1280
|
|
#endif
|
|
#ifndef MIN_MEMSIZE
|
|
# define MIN_MEMSIZE 256
|
|
--
|
|
2.18.4
|
|
|