Use free physical memory check for pbkdf only on small systems.

This hack tries to workaround situation when small VMs without swap causes OOM. This hack will be removed one day completely... Also remove confusing warning about possible crash. With OpenSSL Argon2 backend this behaves much better, but it still can cause OOM instead od returning ENOMEM. Anyway, the warning message causes more problems that it solves. Fixes: #896
2025-12-05 16:00:05 +01:00 · 2025-05-10 22:20:00 +02:00
parent e6f6ee9291
commit 880bbfab4d
2 changed files with 5 additions and 13 deletions
--- a/lib/luks2/luks2_keyslot_luks2.c
+++ b/lib/luks2/luks2_keyslot_luks2.c
@@ -305,7 +305,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,
 	const char *password, size_t passwordLen,
 	char *volume_key, size_t volume_key_len)
 {
-	struct crypt_pbkdf_type pbkdf, *cd_pbkdf;
+	struct crypt_pbkdf_type pbkdf;
 	char *AfKey = NULL;
 	size_t AFEKSize;
 	const char *af_hash = NULL;
@@ -360,16 +360,6 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,
 		goto out;
 	}

-	/*
-	 * Print warning when keyslot requires more memory than available
-	 * (if maximum memory was adjusted - no swap, not enough memory),
-	 * but be silent if user set keyslot memory cost above default limit intentionally.
-	 */
-	cd_pbkdf = crypt_get_pbkdf(cd);
-	if (cd_pbkdf->max_memory_kb && pbkdf.max_memory_kb > cd_pbkdf->max_memory_kb &&
-	    pbkdf.max_memory_kb <= DEFAULT_LUKS2_MEMORY_KB)
-		log_std(cd, _("Warning: keyslot operation could fail as it requires more than available memory.\n"));
-
 	/*
 	 * If requested, serialize unlocking for memory-hard KDF. Usually NOOP.
 	 */