| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190813000644.GH28705@mit.edu>
Date: Mon, 12 Aug 2019 20:06:44 -0400
From: "Theodore Y. Ts'o" <tytso@....edu>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-fscrypt@...r.kernel.org, linux-ext4@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net,
linux-mtd@...ts.infradead.org, linux-fsdevel@...r.kernel.org,
linux-crypto@...r.kernel.org, keyrings@...r.kernel.org,
linux-api@...r.kernel.org, Satya Tangirala <satyat@...gle.com>,
Paul Crowley <paulcrowley@...gle.com>,
Jaegeuk Kim <jaegeuk@...nel.org>
Subject: Re: [PATCH v8 10/20] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
> + /* Some inodes still reference this key; try to evict them. */
> + if (try_to_lock_encrypted_files(sb, mk) != 0)
> + status_flags |=
> + FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY;
> + }
try_to_lock_encrypted_files() can return other errors besides -EBUSY;
in particular sync_filesystem() can return other errors, such as -EIO
or -EFSCORUPTED. In that case, I think we're better off returning the
relevant status code back to the user. We will have already wiped the
master key, but this situation will only happen in exceptional
conditions (e.g., user has ejected the sdcard, etc.), so it's not
worth it to try to undo the master key wipe to try to restore things
to the pre-ioctl execution state.
So I think we should capture the return code from
try_to_lock_encrypted_files, and if it is EBUSY, we can set FILES_BUSY
flag and return success. Otherwise, we should return the error.
If you agree, please fix that up and then feel free to add:
Reviewed-by: Theodore Ts'o <tytso@....edu>
- Ted
Powered by blists - more mailing lists