[pkg-cryptsetup-devel] Bug#1032734: OOM when unlocking encrypted root in initramfs
Cyril Brulebois
kibi at debian.org
Sat Mar 11 14:16:01 GMT 2023
Control: severity -1 serious
Hi Guilhem,
Guilhem Moulin <guilhem at debian.org> (2023-03-11):
> On Sat, 11 Mar 2023 at 08:26:27 -0500, Jérôme Charaoui wrote:
> > Today I upgraded a small KVM machine with a LUKS2 encrypted root and 1GiB of
> > RAM to bookworm, and was very surprised to be confronted with an OOM
> > immediately upon entering my LUKS password in the initramfs prompt:
> > […]
> > The problem appears to be perhaps related to #924560, but in this instance,
> > the issue causing an unbootable system post-upgrade.
>
> No, this is related to #1028250 and https://gitlab.com/cryptsetup/cryptsetup/-/issues/802#note_1287298872 .
> Don't think we can do anything in src:cryptsetup for existing volumes
> unfortunately. You might need to manually lower the parameters of your
> PBKDF.
Existing systems failing to boot after an upgrade doesn't seem to be
“only” important to me…
> Lowering the severity, because this shouldn't block the transition of -2
> into bookworm (which fixes an unrelated and arguably much more severe RC
> bug).
That's not really how RC bugs work: bugs aren't less RC because it makes
sense for a specific version to migrate…
Either the bug appeared specifically in the version it was filed against,
and it makes sense to block the migration since that's a new RC bug in
that particular version, and the RC-ness stays.
Or the bug was already there in the version currently in testing, and that
means that's not a regression, and the RC-ness stays. You only need to
record the bug as also being found in the previous version (possibly
plural) to make sure britney knows it's not a regression.
> See also the d-i errata for Bookworm Alpha 2. I'm also not certain that
> #-1 is RC, after all Debian's memory requirements have consistently
> increased since the start of the project, so IMHO one has to accept that
> hardware might need to be dusted up on upgrade. Compare
>
> https://www.debian.org/releases/potato/i386/ch-hardware-req.en.html §2.3 with
> https://www.debian.org/releases/bullseye/amd64/ch03s04.en.html §3.4
Sure, we can discuss the severity of the bug I filed. But #1032734 really
can't be “just” important.
Cheers,
--
Cyril Brulebois (kibi at debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20230311/8deab2b1/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list