On Tue, Oct 10, 2023 at 04:40:16PM -0400, Josef Bacik wrote: > Currently we wipe the mk->mk_secret when we remove the master key, and > we use this status to tell everybody whether or not the master key is > available for use. > > With extent based encryption we're going to need to keep the secret > around until the inode is evicted, so we need a different mechanism to > tell everybody that the key is currently unusable. > > Accomplish this with a mk_flags member in the master key, and update the > is_master_key_secret_present() helper to return the status of this bit. > Update the removal and adding helpers to manipulate this bit and use it > as the source of truth about whether or not the key is available for > use. > > Signed-off-by: Josef Bacik <josef@xxxxxxxxxxxxxx> > --- > fs/crypto/fscrypt_private.h | 17 ++++++++--------- > fs/crypto/hooks.c | 2 +- > fs/crypto/keyring.c | 20 ++++++++++++++------ > fs/crypto/keysetup.c | 4 ++-- > 4 files changed, 25 insertions(+), 18 deletions(-) Thanks, this patch seems like it's on the right track. There are a lot of little things that need to be updated to be consistent, though. I'm also thinking we should do it the other way around, where we explicitly mark the key as "present", matching the terminology used in the UAPI for FS_IOC_GET_ENCRYPTION_KEY_STATUS. I also noticed two bugs: BIT(0) should be 0, and the code in add_existing_master_key() is racy. Can you take a look at the patch "fscrypt: track master key presence separately from secret" (https://lore.kernel.org/r/20231015061055.62673-1-ebiggers@xxxxxxxxxx) I just sent out? It's a replacement for this one. - Eric