On Thu, Jul 21, 2022 at 02:59:29PM +0200, Christoph Hellwig wrote: > Hi Eric, > > fscrypt is the last major user of request_queues in file system code. > A lot of this would be easy to fix, and I have some pending patches, > but the major roadblocker is that the fscrypt_blk_crypto_key tries > to hold it's own refefrences to the request_queue. The reason for > that is documented in the code, as in that the master key can outlive > the super_block. But can you explain why we need to do that? I > think evicting the key on unmount would be very much the expected > behavior. With that we could rework how fscrypt interacts with the > file systems for inline encryption and avoid the nasty returning > of the devics in the get_devices method. See my draft patch below, > for which I'm stuck at how to find a super_block for the evict side, > which seems to require larger logic changes. Yes, evicting the blk-crypto keys at unmount is the expected behavior. And it basically is the actual behavior as well, but as currently implemented there can be a slight delay. There are two reasons for the delay, both probably solvable. The first is that ->s_master_keys isn't released until __put_super(). It probably should be moved earlier, maybe to generic_shutdown_super(). The second reason is that the keyrings subsystem is being used to keep track of the superblock's master keys (for several reasons, such as integrating with the key quotas), and a side effect of that we get the delay of the keyring's subsystem garbage collector before the destroy callbacks of the keys actually run. That delays the eviction of the blk-crypto keys. To avoid that, I think we could go through and evict all the blk_crypto_keys (i.e. call fscrypt_destroy_prepared_key() on the fscrypt_prepared_keys embedded in each fscrypt_master_key) during the unmount itself, separating it from the destruction of the key objects from the keyring subsystem's perspective. That could happen in the moved call to fscrypt_sb_free(). I don't remember any specific reason why this wasn't done originally. blk-crypto support was added later on, so when it was added I think we just defaulted to keeping the same lifecycle for everything as before. - Eric
