On Tue, Feb 7, 2023 at 11:35 AM Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> The point of the "test_dummy_encryption" mount option is that you can just add
> it to the mount options and run existing tests, such as a full run of xfstests,
> and test all the encrypted I/O paths that way. Which is extremely useful; it
> wouldn't really be possible to properly test the encryption feature without it.
Yes, I see how useful that is, but:
> Now, it's possible that "the kernel automatically adds the key for
> test_dummy_encryption" could be implemented a bit differently. It maybe could
> be done at the last minute, when the key is being looked for due to a user
> filesystem operation, instead of during the mount itself.
Yeah, that sounds like it would be the right solution, and get rid of
the fscrypt_destroy_keyring() case in __put_super().
Hmm.
I guess the filesystem only ever sees the '->get_tree()' call, and
then never gets any "this mount succeeded" callback.
And we do have at least that
error = security_sb_set_mnt_opts(sb, fc->security, 0, NULL);
if (unlikely(error)) {
fc_drop_locked(fc);
return error;
}
error case that does fc_drop_locked() -> deactivate_locked_super() ->
put_super().
Hmm. It does get "kill_sb()", if that happens, so if
(a) the filesystem registers the keys late only in the success case
and
(b) ->kill_sb() does the fscrypt_destroy_keyring(s)
then I *think* everything would be fine, and put_super() doesn't need to do it.
Or am I missing some case?
Linus
