From: Eric Biggers <ebiggers@kernel.org>
To: Luis Henriques <lhenriques@suse.de>
Cc: fstests@vger.kernel.org
Subject: Re: [PATCH] generic/581: remove extra escape character from awk line
Date: Tue, 28 Nov 2023 09:37:34 -0800 [thread overview]
Message-ID: <20231128173734.GD1148@sol.localdomain> (raw)
In-Reply-To: <87plzurmib.fsf@suse.de>
On Tue, Nov 28, 2023 at 02:16:44PM +0000, Luis Henriques wrote:
> >
> > Yeah, looking closer it makes sense. Sorry for the noise. I'm currently
> > investigating a test failure (which I can't reproduce locally) where
> > 'orig_key' unexpectedly is set to '1' and makes the test fail because it
> > was supposed to be '0'. That's when this caught my attention. Anyway,
> > I'll go look somewhere else.
>
> OK, I'm not 100% sure yet, but I've an idea about what's going on with
> this test failure.
>
> I _think_ that even after the following is done in the test:
>
> _user_do_rm_enckey $SCRATCH_MNT $keyid
> _scratch_cycle_mount
>
> the key garbage collector may not have finish running. And then, when we
> read '/proc/key-users', we can race against key_user_put(), which needs
> key_user_lock, which is also grabbed while the proc file seq_operations
> are run.
>
> Eric, does this make any sense? There is a loop in the test to wait for
> invalidated keys, but I believe it's not relevant anymore since commit
> d7e7b9af104c ("fscrypt: stop using keyrings subsystem for
> fscrypt_master_key"). But I might be misunderstanding the code.
Thanks for looking into this! I had noticed this test is still flaky on arm64
but haven't had a chance to look into it. Yes, it's probably related to the key
garbage collector again. The test needs to wait for the fscrypt "user" keys
(key_type_fscrypt_user in the kernel) to be released from the quota. I think
that loop in the test does not have the intended effect because it waits for
"invalidated" keys, but the fscrypt "user" keys (which are charged to the quota)
are never invalidated; they're just released normally. There used to be another
key (in the "keyrings" subsystem sense of the word "key") associated with each
fscrypt key, and that key was indeed invalidated, but that's no longer the case.
Maybe there's a better way to wait for the key garbage collector to finish.
Or the kernel could be changed to make releasing the key quota be synchronous.
Unfortunately the keyrings subsystem doesn't seem to work that way, and fscrypt
is tying into the key quota from the keyrings subsystem, so it is subject to its
limitations. But maybe there's a way to do it.
- Eric
next prev parent reply other threads:[~2023-11-28 17:37 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-22 17:03 [PATCH] generic/581: remove extra escape character from awk line Luis Henriques
2023-11-22 23:16 ` Eric Biggers
2023-11-23 11:46 ` Luís Henriques
2023-11-28 14:16 ` Luis Henriques
2023-11-28 17:37 ` Eric Biggers [this message]
2023-11-28 18:25 ` Luis Henriques
2023-12-05 17:28 ` Luis Henriques
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231128173734.GD1148@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=lhenriques@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.