Red Hat Bugzilla – Bug 1481047
blkdev_issue_zeroout on dm-crypt container could cause OOM and kernel panic
Last modified: 2017-08-22 09:39:05 EDT
Description of problem:
When one attempts to zero out a dm-crypt container with blkdiscard -z, OOM and kernel panic could occur.
Apparently the reason is, when the bio chain of zero pages reaches the dm layer, dm-crypt does not know to split the chain but instead it try to allocate memory for the whole chain/request for encryption/conversion, so if the size of that is larger than the available memory, OOM, and in extreme cases, kernel panic could occur:
blkdev_issue_zeroout is the block layer function called:
This should be the method involved:
Version-Release number of selected component (if applicable):
kernel 4.12.3 (Arch Linux core/linux)
Steps to Reproduce:
1. cryptsetup open /dev/(disk/partition) rand --type plain --key-file /dev/random
2. blkdiscard -z /dev/(disk/partition)
Created attachment 1312799 [details]
Another test case that shows the problem (1/2)
You can see that there are 2713M available and I am making a zero out request of 2560M.
Created attachment 1312800 [details]
Another test case that shows the problem (2/2)
You can see the available memory can at least go down to as low as 273M (while 2713 - 2560 = 153M). Memory are released bit by bit as the zero pages get converted/encrypted and written to the disk, apparently.
There is a dm-crypt patch by Mikulas that should fix the issue