use cryptsetup_pre_wrapper ld-system-preload-disable

to work around issue with hardened malloc slowing down cryptsetup https://forums.whonix.org/t/hardened-malloc-hardened-memory-allocator/7474/106
Kicksecure · Nov 13, 2020 · c65edf1 · c65edf1
1 parent 0042c35
commit c65edf1
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 5 deletions.
diff --git a/debian/control b/debian/control
@@ -13,7 +13,7 @@ Standards-Version: 4.3.0
 
 Package: swap-file-creator
 Architecture: all
-Depends: cryptsetup-bin, pv, xxd, ${misc:Depends}
+Depends: helper-scripts, cryptsetup-bin, pv, xxd, ${misc:Depends}
 Recommends: haveged, jitterentropy-rngd
 Description: Adds encrypted swap file to the system
  On every boot, creates a new encrypted swapfile with a random password.

diff --git a/etc/default/swap-file-creator b/etc/default/swap-file-creator
@@ -32,6 +32,11 @@
 ## shred extra options
 #SHRED_EXTRA=""
 
+## Wrapper in front of `cryptsetup`.
+## https://forums.whonix.org/t/hardened-malloc-hardened-memory-allocator/7474/106
+## defaults to:
+#cryptsetup_pre_wrapper="ld-system-preload-disable"
+
 ## Swap file crypt format command.
 ## No change required unless you know what you are doing.
 ## defaults to:

diff --git a/usr/share/swap-file-creator/common b/usr/share/swap-file-creator/common
@@ -59,6 +59,7 @@ sanity_tests() {
    command -v pv >/dev/null 2>&1
    command -v losetup >/dev/null 2>&1
    command -v cryptsetup >/dev/null 2>&1
+   command -v ld-system-preload-disable >/dev/null 2>&1
    command -v mkdir >/dev/null 2>&1
    command -v rm >/dev/null 2>&1
    command -v touch >/dev/null 2>&1
@@ -94,6 +95,7 @@ fi
 [ -n "$MAPPER" ] || MAPPER="swapfile"
 [ -n "$MAPPER_FULL" ] || MAPPER_FULL="/dev/mapper/$MAPPER"
 [ -n "$RUN_FOLDER" ] || RUN_FOLDER="/run/$NAME"
+[ -n "$cryptsetup_pre_wrapper" ] || cryptsetup_pre_wrapper="ld-system-preload-disable"
 [ -n "$CRYPTSETUP_FORMAT" ] || CRYPTSETUP_FORMAT="cryptsetup --batch-mode --pbkdf pbkdf2 --hash sha512 -c aes-xts-plain64 --key-size 512 luksFormat"
 [ -n "$SHRED_ON_STOP" ] || SHRED_ON_STOP="no"
 [ -n "$SHRED_OPTS" ] || SHRED_OPTS="--verbose --iterations=1"

diff --git a/usr/share/swap-file-creator/stop b/usr/share/swap-file-creator/stop
@@ -14,8 +14,8 @@ do_stop() {
       swapoff "$MAPPER_FULL" >/dev/null 2>&1 || true
    fi
 
-   if cryptsetup --batch-mode status "$MAPPER" >/dev/null 2>&1 ; then
-      cryptsetup --batch-mode luksClose "$MAPPER" >/dev/null 2>&1 || true
+   if $cryptsetup_pre_wrapper cryptsetup --batch-mode status "$MAPPER" >/dev/null 2>&1 ; then
+      $cryptsetup_pre_wrapper cryptsetup --batch-mode luksClose "$MAPPER" >/dev/null 2>&1 || true
    fi
 
    if [ -f "$RUN_FOLDER/loop" ]; then

diff --git a/usr/share/swap-file-creator/swap-file-creator b/usr/share/swap-file-creator/swap-file-creator
@@ -87,8 +87,8 @@ Try increasing RANDOM_PASSWORD_TIMEOUT in /etc/default/swap-file-creator."
       fi
    fi
 
-   echo "$RANDOM_PASSWORD" | $CRYPTSETUP_FORMAT "$loop"
-   echo "$RANDOM_PASSWORD" | cryptsetup --batch-mode luksOpen "$loop" "$MAPPER" $CRYPTSETUP_LUKSOPEN_EXTRA
+   echo "$RANDOM_PASSWORD" | $cryptsetup_pre_wrapper $CRYPTSETUP_FORMAT "$loop"
+   echo "$RANDOM_PASSWORD" | $cryptsetup_pre_wrapper cryptsetup --batch-mode luksOpen "$loop" "$MAPPER" $CRYPTSETUP_LUKSOPEN_EXTRA
 
    chown --recursive root:root "$MAPPER_FULL"
    chmod --recursive 0600 "$MAPPER_FULL"