[Bug 2054390] Re: Refine proc mounts entries traversal

Mauricio Faria de Oliveira 2054390 at bugs.launchpad.net
Tue Nov 19 16:27:21 UTC 2024 

Hi Chengen,

I'm resuming the reviews for these SRUs.

At the moment, the Test Plan section is a bit vague:
Can you please clarify what is the expected output of running cryptroot? 
And IMHO it could be improved with a specific test for regressions (the key point in SRUs is to maintain stability/avoid regressions, even more so in boot-related SRUs :),
e.g., compare the results with the old/new packages, and ensure they remain the same. 

Thanks!

** Changed in: cryptsetup (Ubuntu Noble)
       Status: In Progress => Incomplete

** Description changed:

  [Impact]
  The shell's read builtin iterates through /proc/mounts one byte at a time. This becomes problematic when LDAP automount maps generate a large number of entries in /proc/mounts. It can lead to timeout issues, especially when iterating through the entries twice in the cryptroot hook.
  
  [Fix]
  Applying the following upstream commit [1] can resolve this issue.
  
  95fd4be9b4c6 d/functions: get_mnt_devno(): Speed up execution time on large /proc/mounts.
      Use awk rather than a `while read; do done` loop here as the /proc/mounts
      pseudo-file can be many thousands lines long and the shell's `read` builtin
      traverses it one read(2) at the time which cruelly slows down execution time.
  
      See https://salsa.debian.org/cryptsetup-
  team/cryptsetup/-/merge_requests/36 .
  
  [1] https://salsa.debian.org/cryptsetup-
  team/cryptsetup/-/commit/95fd4be9b4c6471e94c418101e7acfae7e1aa4fc
  
  [Test Plan]
+ (SRU team: pending changes in comment #25)
  Our primary objective is to ensure that the output remains consistent when obtaining devnos through iteration.
  1. Execute the /usr/share/initramfs-tools/hooks/cryptroot binary
  2. Confirm that the output does not include the following warning message:
  cryptsetup: WARNING: Couldn't determine root device
  
  [Where problems could occur]
  The patch exclusively modifies the method of extracting information without altering the underlying hook logic.
  It's crucial to note that the successful generation of the crypttab is contingent upon the accuracy of the information provided by the patch.
  Any inaccuracies may impede the crypttab generation process.
  
  [Other Info]
  The proposed change [1] is already applied in Oracular and Plucky.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/2054390

Title:
  Refine proc mounts entries traversal

Status in cryptsetup package in Ubuntu:
  Fix Released
Status in cryptsetup source package in Focal:
  In Progress
Status in cryptsetup source package in Jammy:
  In Progress
Status in cryptsetup source package in Mantic:
  Won't Fix
Status in cryptsetup source package in Noble:
  Incomplete
Status in cryptsetup source package in Oracular:
  Fix Released
Status in cryptsetup source package in Plucky:
  Fix Released

Bug description:
  [Impact]
  The shell's read builtin iterates through /proc/mounts one byte at a time. This becomes problematic when LDAP automount maps generate a large number of entries in /proc/mounts. It can lead to timeout issues, especially when iterating through the entries twice in the cryptroot hook.

  [Fix]
  Applying the following upstream commit [1] can resolve this issue.

  95fd4be9b4c6 d/functions: get_mnt_devno(): Speed up execution time on large /proc/mounts.
      Use awk rather than a `while read; do done` loop here as the /proc/mounts
      pseudo-file can be many thousands lines long and the shell's `read` builtin
      traverses it one read(2) at the time which cruelly slows down execution time.

      See https://salsa.debian.org/cryptsetup-
  team/cryptsetup/-/merge_requests/36 .

  [1] https://salsa.debian.org/cryptsetup-
  team/cryptsetup/-/commit/95fd4be9b4c6471e94c418101e7acfae7e1aa4fc

  [Test Plan]
  (SRU team: pending changes in comment #25)
  Our primary objective is to ensure that the output remains consistent when obtaining devnos through iteration.
  1. Execute the /usr/share/initramfs-tools/hooks/cryptroot binary
  2. Confirm that the output does not include the following warning message:
  cryptsetup: WARNING: Couldn't determine root device

  [Where problems could occur]
  The patch exclusively modifies the method of extracting information without altering the underlying hook logic.
  It's crucial to note that the successful generation of the crypttab is contingent upon the accuracy of the information provided by the patch.
  Any inaccuracies may impede the crypttab generation process.

  [Other Info]
  The proposed change [1] is already applied in Oracular and Plucky.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2054390/+subscriptions

More information about the foundations-bugs mailing list