kms: Add semaphore to limit concurrency

generateCipher is memory heavy, so to avoid OOM situations, a semaphore
is added to limit concurrency here.

Fixes: ceph#3472
Signed-off-by: Michael Fritch <mfritch@suse.com>

go.mod

@@ -45,6 +45,7 @@ require (
 	k8s.io/pod-security-admission v0.0.0
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	sigs.k8s.io/controller-runtime v0.17.2
+	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
 )
 
 require (

go.sum

@@ -1935,11 +1935,13 @@ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

internal/kms/secretskms.go

@@ -29,6 +29,7 @@ import (
 	"github.com/ceph/ceph-csi/internal/util/k8s"
 
 	"golang.org/x/crypto/scrypt"
+	"golang.org/x/sync/semaphore"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -48,6 +49,8 @@ const (
 	metadataSecretNamespaceKey = "secretNamespace"
 )
 
+var scryptSem = semaphore.NewWeighted(int64(1))
+
 // secretsKMS is default KMS implementation that means no KMS is in use.
 type secretsKMS struct {
 	integratedDEK
@@ -271,6 +274,13 @@ func (kms secretsMetadataKMS) GetSecret(volumeID string) (string, error) {
 // generateCipher returns a AEAD cipher based on a passphrase and salt
 // (volumeID). The cipher can then be used to encrypt/decrypt the DEK.
 func generateCipher(passphrase, salt string) (cipher.AEAD, error) {
+	// Note: This is memory heavy!
+	// Acquire blocks concurrent access so that only 1 worker can call scrypt.Key at a time.
+	if err := scryptSem.Acquire(context.TODO(), 1); err != nil {
+		return nil, err
+	}
+	defer scryptSem.Release(1)
+
 	key, err := scrypt.Key([]byte(passphrase), []byte(salt), 32768, 8, 1, 32)
 	if err != nil {
 		return nil, err

internal/kms/secretskms_test.go

@@ -62,6 +62,27 @@ func TestGenerateCipher(t *testing.T) {
 	assert.NotNil(t, aead)
 }
 
+func TestGenerateCipherConcurrent(t *testing.T) {
+	t.Parallel()
+	// nolint:gosec // this passphrase is intentionally hardcoded
+	passphrase := "my-cool-luks-passphrase"
+	salt := "unique-id-for-the-volume"
+
+	runGenerateCipher := func(passphrase string, salt string) {
+		aead, err := generateCipher(passphrase, salt)
+		assert.NoError(t, err)
+		assert.NotNil(t, aead)
+	}
+
+	for i := 0; i < 5; i++ {
+		go runGenerateCipher(passphrase, salt)
+	}
+
+	for i := 0; i < 5; i++ {
+		runGenerateCipher(passphrase, salt)
+	}
+}
+
 func TestInitSecretsMetadataKMS(t *testing.T) {
 	t.Parallel()
 	args := ProviderInitArgs{

vendor/modules.txt

@@ -681,6 +681,9 @@ golang.org/x/net/websocket
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
+# golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
+## explicit
+golang.org/x/sync/semaphore
 # golang.org/x/sync v0.5.0
 ## explicit; go 1.18
 golang.org/x/sync/singleflight