On Fri, Jul 22, 2022 at 01:28:57AM -0700, Eric Biggers wrote: > Yes, evicting the blk-crypto keys at unmount is the expected behavior. > And it basically is the actual behavior as well, but as currently > implemented there can be a slight delay. There are two reasons for the > delay, both probably solvable. > > The first is that ->s_master_keys isn't released until __put_super(). > It probably should be moved earlier, maybe to generic_shutdown_super(). Yes, this does sound like a good idea. > The second reason is that the keyrings subsystem is being used to keep > track of the superblock's master keys (for several reasons, such as > integrating with the key quotas), and a side effect of that we get the > delay of the keyring's subsystem garbage collector before the destroy > callbacks of the keys actually run. That delays the eviction of the > blk-crypto keys. > > To avoid that, I think we could go through and evict all the > blk_crypto_keys (i.e. call fscrypt_destroy_prepared_key() on the > fscrypt_prepared_keys embedded in each fscrypt_master_key) during the > unmount itself, separating it from the destruction of the key objects > from the keyring subsystem's perspective. That could happen in the > moved call to fscrypt_sb_free(). I'll give this a try. What would be a good test suite or set of tests to make sure I don't break fscrypt operation?
|