* How to estimate the upper bound of the peak memory consumption of cryptsetup itself?
@ 2022-06-16 4:43 Coiby Xu
2022-06-18 15:12 ` Milan Broz
0 siblings, 1 reply; 6+ messages in thread
From: Coiby Xu @ 2022-06-16 4:43 UTC (permalink / raw)
To: cryptsetup
Hi,
Recently, I notice cryptsetup itself consumes significant amount of
memory (~256M) when estimating the memory requirement for dumping vmcore
to a LUKS-encrypted disk,
$ time -v cryptsetup luksOpen encrypted.img volume --key-file mykey.keyfile | grep "Maximum resident set size"
Maximum resident set size (kbytes): 1309828
$ cryptsetup luksDump encrypted.img
...
Keyslots:
0: luks2
PBKDF: argon2id
Memory: 1048576
...
So is there a way to estimate the upper bound of the peak memory
consumption of cryptsetup itself without running cryptsetup?
Thanks!
--
Best regards,
Coiby
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: How to estimate the upper bound of the peak memory consumption of cryptsetup itself?
2022-06-16 4:43 How to estimate the upper bound of the peak memory consumption of cryptsetup itself? Coiby Xu
@ 2022-06-18 15:12 ` Milan Broz
2022-06-20 0:19 ` Coiby Xu
0 siblings, 1 reply; 6+ messages in thread
From: Milan Broz @ 2022-06-18 15:12 UTC (permalink / raw)
To: Coiby Xu, cryptsetup
On 16/06/2022 06:43, Coiby Xu wrote:
> Hi,
>
> Recently, I notice cryptsetup itself consumes significant amount of
> memory (~256M) when estimating the memory requirement for dumping vmcore
> to a LUKS-encrypted disk,
>
> $ time -v cryptsetup luksOpen encrypted.img volume --key-file mykey.keyfile | grep "Maximum resident set size"
> Maximum resident set size (kbytes): 1309828
> $ cryptsetup luksDump encrypted.img
> ...
> Keyslots:
> 0: luks2
> PBKDF: argon2id
> Memory: 1048576
> ...
>
>
> So is there a way to estimate the upper bound of the peak memory
> consumption of cryptsetup itself without running cryptsetup?
As you already found, the major memory consumption is by memory-hard KDF.
But this memory is used only while calculating keyslot encryption key,
it is released immediately after the Argon call is finished.
I do not think we have better estimation here.
(Another story is locking all memory, including big areas used by libc,
but that should not be problem here, I hope.)
Milan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: How to estimate the upper bound of the peak memory consumption of cryptsetup itself?
2022-06-18 15:12 ` Milan Broz
@ 2022-06-20 0:19 ` Coiby Xu
2022-06-24 9:14 ` Milan Broz
0 siblings, 1 reply; 6+ messages in thread
From: Coiby Xu @ 2022-06-20 0:19 UTC (permalink / raw)
To: Milan Broz; +Cc: cryptsetup
On Sat, Jun 18, 2022 at 05:12:56PM +0200, Milan Broz wrote:
>On 16/06/2022 06:43, Coiby Xu wrote:
>>Hi,
>>
>>Recently, I notice cryptsetup itself consumes significant amount of
>>memory (~256M) when estimating the memory requirement for dumping vmcore
>>to a LUKS-encrypted disk,
>>
>>$ time -v cryptsetup luksOpen encrypted.img volume --key-file mykey.keyfile | grep "Maximum resident set size"
>> Maximum resident set size (kbytes): 1309828
>>$ cryptsetup luksDump encrypted.img
>>...
>>Keyslots:
>> 0: luks2
>> PBKDF: argon2id
>> Memory: 1048576
>> ...
>>
>>
>>So is there a way to estimate the upper bound of the peak memory
>>consumption of cryptsetup itself without running cryptsetup?
>
>As you already found, the major memory consumption is by memory-hard KDF.
>But this memory is used only while calculating keyslot encryption key,
>it is released immediately after the Argon call is finished.
>I do not think we have better estimation here.
Thanks for the reply! Sorry I meant the way to estimate the overhead of
crypsetup itself i.e. ~256M in the above example. Previously I only take
the memory consumption by memory-hard KDF into consideration and
neglected the memory consumption of cryptsetup itself. This obviously
leads to an underestimation of the memory requirement of cryptsetup. I
need to overestimate the memory requirement a bit to make sure OOM won't
happen that's why I am asking if there is a way to estimate the
upper bound of memory requirement of cryptsetup itself.
>
>(Another story is locking all memory, including big areas used by libc,
>but that should not be problem here, I hope.)
Do you mean locking all memory first in order to know the memory
requirement?
>
>Milan
>
--
Best regards,
Coiby
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: How to estimate the upper bound of the peak memory consumption of cryptsetup itself?
2022-06-20 0:19 ` Coiby Xu
@ 2022-06-24 9:14 ` Milan Broz
2022-06-24 10:49 ` Coiby Xu
0 siblings, 1 reply; 6+ messages in thread
From: Milan Broz @ 2022-06-24 9:14 UTC (permalink / raw)
To: Coiby Xu; +Cc: cryptsetup
On 20/06/2022 02:19, Coiby Xu wrote:
> On Sat, Jun 18, 2022 at 05:12:56PM +0200, Milan Broz wrote:
>> On 16/06/2022 06:43, Coiby Xu wrote:
>>> Hi,
>>>
>>> Recently, I notice cryptsetup itself consumes significant amount of
>>> memory (~256M) when estimating the memory requirement for dumping vmcore
>>> to a LUKS-encrypted disk,
>>>
>>> $ time -v cryptsetup luksOpen encrypted.img volume --key-file mykey.keyfile | grep "Maximum resident set size"
>>> Maximum resident set size (kbytes): 1309828
>>> $ cryptsetup luksDump encrypted.img
>>> ...
>>> Keyslots:
>>> 0: luks2
>>> PBKDF: argon2id
>>> Memory: 1048576
>>> ...
>>>
>>>
>>> So is there a way to estimate the upper bound of the peak memory
>>> consumption of cryptsetup itself without running cryptsetup?
>>
>> As you already found, the major memory consumption is by memory-hard KDF.
>> But this memory is used only while calculating keyslot encryption key,
>> it is released immediately after the Argon call is finished.
>> I do not think we have better estimation here.
>
> Thanks for the reply! Sorry I meant the way to estimate the overhead of
> crypsetup itself i.e. ~256M in the above example. Previously I only take
> the memory consumption by memory-hard KDF into consideration and
> neglected the memory consumption of cryptsetup itself. This obviously
> leads to an underestimation of the memory requirement of cryptsetup. I
> need to overestimate the memory requirement a bit to make sure OOM won't
> happen that's why I am asking if there is a way to estimate the
> upper bound of memory requirement of cryptsetup itself.
There is no generic way to get a number - it depends on configuration
of the distro, libc, translations, everything that is locked including
shared libraries.
If it is about RHEL, you can perhaps know exact configuration - please
ask people in Red Hat.
>> (Another story is locking all memory, including big areas used by libc,
>> but that should not be problem here, I hope.)
>
> Do you mean locking all memory first in order to know the memory
> requirement?
We use (mlockall(MCL_CURRENT | MCL_FUTURE) so it locks all used memory
+ all future allocated memory.
Today, it is not the best option and we will probably lock only specific
region with stored keys in the future.
Milan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: How to estimate the upper bound of the peak memory consumption of cryptsetup itself?
2022-06-24 9:14 ` Milan Broz
@ 2022-06-24 10:49 ` Coiby Xu
2022-06-24 12:22 ` Milan Broz
0 siblings, 1 reply; 6+ messages in thread
From: Coiby Xu @ 2022-06-24 10:49 UTC (permalink / raw)
To: Milan Broz; +Cc: cryptsetup
On Fri, Jun 24, 2022 at 11:14:37AM +0200, Milan Broz wrote:
>On 20/06/2022 02:19, Coiby Xu wrote:
>>On Sat, Jun 18, 2022 at 05:12:56PM +0200, Milan Broz wrote:
>>>On 16/06/2022 06:43, Coiby Xu wrote:
>>>>Hi,
>>>>
>>>>Recently, I notice cryptsetup itself consumes significant amount of
>>>>memory (~256M) when estimating the memory requirement for dumping vmcore
>>>>to a LUKS-encrypted disk,
>>>>
>>>>$ time -v cryptsetup luksOpen encrypted.img volume --key-file mykey.keyfile | grep "Maximum resident set size"
>>>> Maximum resident set size (kbytes): 1309828
>>>>$ cryptsetup luksDump encrypted.img
>>>>...
>>>>Keyslots:
>>>> 0: luks2
>>>> PBKDF: argon2id
>>>> Memory: 1048576
>>>> ...
>>>>
>>>>
>>>>So is there a way to estimate the upper bound of the peak memory
>>>>consumption of cryptsetup itself without running cryptsetup?
>>>
>>>As you already found, the major memory consumption is by memory-hard KDF.
>>>But this memory is used only while calculating keyslot encryption key,
>>>it is released immediately after the Argon call is finished.
>>>I do not think we have better estimation here.
>>
>>Thanks for the reply! Sorry I meant the way to estimate the overhead of
>>crypsetup itself i.e. ~256M in the above example. Previously I only take
>>the memory consumption by memory-hard KDF into consideration and
>>neglected the memory consumption of cryptsetup itself. This obviously
>>leads to an underestimation of the memory requirement of cryptsetup. I
>>need to overestimate the memory requirement a bit to make sure OOM won't
>>happen that's why I am asking if there is a way to estimate the
>>upper bound of memory requirement of cryptsetup itself.
>
>There is no generic way to get a number - it depends on configuration
>of the distro, libc, translations, everything that is locked including
>shared libraries.
>
>If it is about RHEL, you can perhaps know exact configuration - please
>ask people in Red Hat.
Provided the configuration, is there an golden algorithm or a formula to
get the number? If it doesn't exist and I need to do some tests to get
an empirical number, are there any big factors I need to be aware of?
>
>>>(Another story is locking all memory, including big areas used by libc,
>>>but that should not be problem here, I hope.)
>>
>>Do you mean locking all memory first in order to know the memory
>>requirement?
>
>We use (mlockall(MCL_CURRENT | MCL_FUTURE) so it locks all used memory
>+ all future allocated memory.
>
>Today, it is not the best option and we will probably lock only specific
>region with stored keys in the future.
Thanks for the explanation!
>
>Milan
>
--
Best regards,
Coiby
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: How to estimate the upper bound of the peak memory consumption of cryptsetup itself?
2022-06-24 10:49 ` Coiby Xu
@ 2022-06-24 12:22 ` Milan Broz
0 siblings, 0 replies; 6+ messages in thread
From: Milan Broz @ 2022-06-24 12:22 UTC (permalink / raw)
To: Coiby Xu; +Cc: cryptsetup
On 24/06/2022 12:49, Coiby Xu wrote:
>>> Thanks for the reply! Sorry I meant the way to estimate the overhead of
>>> crypsetup itself i.e. ~256M in the above example. Previously I only take
>>> the memory consumption by memory-hard KDF into consideration and
>>> neglected the memory consumption of cryptsetup itself. This obviously
>>> leads to an underestimation of the memory requirement of cryptsetup. I
>>> need to overestimate the memory requirement a bit to make sure OOM won't
>>> happen that's why I am asking if there is a way to estimate the
>>> upper bound of memory requirement of cryptsetup itself.
>>
>> There is no generic way to get a number - it depends on configuration
>> of the distro, libc, translations, everything that is locked including
>> shared libraries.
>>
>> If it is about RHEL, you can perhaps know exact configuration - please
>> ask people in Red Hat.
>
> Provided the configuration, is there an golden algorithm or a formula to
> get the number? If it doesn't exist and I need to do some tests to get
> an empirical number, are there any big factors I need to be aware of?
Think about current locales, OpenSSL policy and many other things.
(The major I remember was locking all libc loaded translations in memory.)
So really, the only answer here would be ... 42 :)
You can try to measure it. Not sure if it is reliable.
Usually people want to know this for some weird scenarios like kdump
or so - this is definitely not something upstream can help with.
Milan
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-06-24 12:23 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-16 4:43 How to estimate the upper bound of the peak memory consumption of cryptsetup itself? Coiby Xu
2022-06-18 15:12 ` Milan Broz
2022-06-20 0:19 ` Coiby Xu
2022-06-24 9:14 ` Milan Broz
2022-06-24 10:49 ` Coiby Xu
2022-06-24 12:22 ` Milan Broz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).