Add global serialization lock for memory hard PBKDF.

This is very ugly workaround for situation when multiple
devices are being activated in parallel (systemd crypttab)
and system  instead of returning ENOMEM use OOM killer
to randomly kill processes.

This flag is intended to be used only in very specific situations.

1 files changed, 12 insertions, 1 deletions

diff --git a/man/cryptsetup.8 b/man/cryptsetup.8
index 1537b453..65b5f0c8 100644
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -276,7 +276,8 @@ the command prompts for it interactively.
 \fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
 \-\-keyfile\-size, \-\-readonly, \-\-test\-passphrase,
 \-\-allow\-discards, \-\-header, \-\-key-slot, \-\-master\-key\-file, \-\-token\-id,
-\-\-token\-only, \-\-disable\-keyring, \-\-disable\-locks, \-\-type, \-\-refresh].
+\-\-token\-only, \-\-disable\-keyring, \-\-disable\-locks, \-\-type, \-\-refresh,
+\-\-serialize\-memory\-hard\-pbkdf].
 .PP
 \fIluksSuspend\fR <name>
 .IP
@@ -1284,6 +1285,16 @@ See \fITCRYPT\fR section for more info.
 Use a custom Personal Iteration Multiplier (PIM) for VeraCrypt device.
 See \fITCRYPT\fR section for more info.
 .TP
+.B "\-\-serialize\-memory\-hard\-pbkdf"
+Use a global lock to serialize unlocking of keyslots using memory-hard PBKDF.
+
+\fBNOTE:\fR This is (ugly) workaround for a specific situation when multiple
+devices are activated in parallel and system instead of reporting out of memory
+starts unconditionally stop processes using out-of-memory killer.
+
+\fBDO NOT USE\fR this switch until you are implementing boot environment
+with parallel devices activation!
+.TP
 .B "\-\-version"
 Show the program version.
 .TP