On Thu, 14 Oct 2021 at 20:48:51 +0200, Marc Lehmann wrote: > I reported this from another system, but both were recently upgraded to > bullseye. > > I know because I use kvm to see if the machine will actually boot (Cthus > the different memory setup) and the kvm in bullseye has a bug that makes > this very hard (remote display makes it freeze randomly), and I had to > work around this bug, so I know it was not buster.
Could still be an older initramfs image though. If you're able to reproduce this please run `cryptsetup --version` directly afterwards (i.e., at initramfs stage if that's where the issue appears). >> Looking at the upstream git log, I found >> 206b70c837f29c8b34cb0d80ae496870550ec50c >> which fixes https://gitlab.com/cryptsetup/cryptsetup/-/issues/488 which looks >> really familiar :-) > > It looks very similar. It is not the message I got with -v, which > specifically had the error number (3) in it somewhere, but maybe thats > because it ran out of memory in a different place. My reproducer (with cryptsetup 2.1.0) does have “Command failed with code -3 (out of memory)” with ‘-v’: (initramfs) free total used free shared buff/cache available Mem: 493060 29808 363896 40 99356 364040 Swap: 0 0 0 (initramfs) cryptsetup luksDump /dev/vda5 […] Keyslots: 0: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 Cipher key: 512 bits PBKDF: argon2i Time cost: 4 Memory: 605915 Threads: 2 […] (initramfs) cryptsetup luksOpen /dev/vda5 --keyfile-size=32 --key-file=/dev/urandom --test-passphrase (initramfs) echo $? 3 (initramfs) cryptsetup luksOpen -v /dev/vda5 --keyfile-size=32 --key-file=/dev/urandom --test-passphrase Command failed with code -3 (out of memory). (initramfs) cryptsetup luksOpen --debug /dev/vda5 --keyfile-size=32 --key-file=/dev/urandom --test-passphrase # cryptsetup 2.1.0 processing "cryptsetup luksOpen --debug /dev/vda5 --keyfile-size=32 --key-file=/dev/urandom --test-passphrase" # Running command open. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating context for crypt device /dev/vda5. # Trying to open and read device /dev/vda5 with direct-io. # Initialising device-mapper backend library. # Trying to load any crypt type from device /dev/vda5. # Crypto backend (OpenSSL 1.1.1d 10 Sep 2019) initialized in cryptsetup library version 2.1.0. # Detected kernel Linux 4.19.0-18-amd64 x86_64. # Loading LUKS2 header (repair disabled). # Opening lock resource file /run/cryptsetup/L_254:5 # Acquiring read lock for device /dev/vda5. # Verifying read lock handle for device /dev/vda5. # Device /dev/vda5 READ lock taken. # Trying to read primary LUKS2 header at offset 0x0. # Opening locked device /dev/vda5 # Veryfing locked device handle (bdev) # LUKS2 header version 2 of size 16384 bytes, checksum sha256. # Checksum:e3d5da875cd56c8d48144ec6ef85229a8bdf52ad42a6c8b98a3b72ad32ece6de (on-disk) # Checksum:e3d5da875cd56c8d48144ec6ef85229a8bdf52ad42a6c8b98a3b72ad32ece6de (in-memory) # Trying to read secondary LUKS2 header at offset 0x4000. # Opening locked device /dev/vda5 # Veryfing locked device handle (bdev) # LUKS2 header version 2 of size 16384 bytes, checksum sha256. # Checksum:af4ba03f7cdd87c763d505ae21b76c475fb072428949c8a87e94e15bbe54339b (on-disk) # Checksum:af4ba03f7cdd87c763d505ae21b76c475fb072428949c8a87e94e15bbe54339b (in-memory) # Device size 3781165056, offset 16777216. # Device /dev/vda5 READ lock released. # Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2. # Not enough physical memory detected, PBKDF max memory decreased from 1048576kB to 246530kB. # PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 246530, parallel_threads 2. # Checking volume passphrase using token -1. # File descriptor passphrase entry requested. # Checking volume passphrase [keyslot -1] using passphrase. # Keyslot 0 priority 1 != 2 (required), skipped. # Trying to open LUKS2 keyslot 0. # Keyslot 0 (luks2) open failed with -12. # Releasing crypt device /dev/vda5 context. # Releasing device-mapper backend. # Unlocking memory. Command failed with code -3 (out of memory). However, after upgrading (and rebuilding the initramfs) I get “Not enough available memory to open a keyslot.” instead of having to pass ‘-v’, ‘--debug’ or inspect the return code. -- Guilhem.
signature.asc
Description: PGP signature
