[20.10 FEAT] Increase the crashkernel setting if the root volume is luks2-encrypted
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
kdump-tools (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Groovy |
Invalid
|
Undecided
|
Unassigned | ||
makedumpfile (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Won't Fix
|
Undecided
|
Unassigned | ||
Groovy |
Won't Fix
|
Undecided
|
Thadeu Lima de Souza Cascardo |
Bug Description
Description:
In case the volume containing the root filesystem is encrypted using LUKS2 the memory used while unlocking the volume may exceed the size allocated to the kdump kernel. This will lead to a failure while processing kdump and the dump file will not be stored. Unfortunately, this condition may not be detected by a client before a problem occurs.
The request is to have the kdump package installation script check for LUKS2 encryption (more precisely for Argon2i PBKDF, which is the root cause of the high memory usage). If the condition is met, the installation procedure should increase the crashkernel parameter to a higher value (>=512M)or issue a warning, if the system memory is insufficient to reserve enough crashkernel memory.
Business Case:
Pervasive Encryption and Secure Execution require encryption of the filesystems in order to keep customer data secure at all times. With the increasing usage of these technologies, the number of kdump will rise too, typically at inconvenient times, when the kdump is triggered due to a real customer issue.
With the suggested change, the number of customer complaints and effort to handle them will be reduced.
tags: | added: architecture-s39064 bugnameltc-185824 severity-high targetmilestone-inin2010 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
information type: | Private → Public |
Changed in ubuntu-z-systems: | |
status: | Incomplete → Triaged |
Changed in ubuntu-z-systems: | |
status: | Triaged → Incomplete |
tags: | added: patch |
Changed in ubuntu-z-systems: | |
status: | Incomplete → In Progress |
Changed in makedumpfile (Ubuntu): | |
status: | In Progress → Invalid |
Changed in kdump-tools (Ubuntu Focal): | |
status: | New → Invalid |
Changed in kdump-tools (Ubuntu Groovy): | |
status: | New → Invalid |
no longer affects: | linux (Ubuntu) |
no longer affects: | linux (Ubuntu Focal) |
no longer affects: | linux (Ubuntu Groovy) |
Changed in kdump-tools (Ubuntu): | |
status: | New → Invalid |
Changed in kdump-tools (Ubuntu): | |
status: | Invalid → Fix Committed |
Changed in makedumpfile (Ubuntu Groovy): | |
status: | In Progress → Won't Fix |
Changed in kdump-tools (Ubuntu): | |
status: | Fix Committed → In Progress |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Released |
Changed in makedumpfile (Ubuntu Focal): | |
status: | In Progress → Won't Fix |
After discussing this it turned out that the crashkernel increase is not only be needed for 20.10, but also for 20.04 (because both support secure execution) - hence I added the target series for focal and gorilla.
The question is whether it should really be checked if LUKS2 encryption (or even Argon2i PBKDF) is in use, or if instead the setting should generally be increased to 512M?