From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 883F9C31E40 for ; Tue, 13 Aug 2019 00:07:03 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 468FD20651; Tue, 13 Aug 2019 00:07:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sourceforge.net header.i=@sourceforge.net header.b="BDLFtCpD"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sf.net header.i=@sf.net header.b="Au4hOAlJ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 468FD20651 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=mit.edu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-f2fs-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hxKL8-0003sR-86; Tue, 13 Aug 2019 00:07:02 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1hxKL6-0003s5-Kn for linux-f2fs-devel@lists.sourceforge.net; Tue, 13 Aug 2019 00:07:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=In-Reply-To:Content-Type:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=YyG9PnbwMJNsWE4vIx/rOaDxSORnVaf5xc346PO8+XU=; b=BDLFtCpD838Q2bXO8x6ud3aF33 hUQ3XO29+5eEfgoovYVHWksjutMCQusRAljhAfWDoUpzqQ0cNs+iuiBDlhG4DhX1HEQn+3AfCl3aV a7y/k/+i8G4lARczXJ2ihksbyvsriW+cmDx07Xi7+L4qG2TD/8+XMVRBeeyeBkzO/g8Y=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To :From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=YyG9PnbwMJNsWE4vIx/rOaDxSORnVaf5xc346PO8+XU=; b=Au4hOAlJP2jfbUiNfXAlzBjlx2 nYP9/AJS9qZKeyNowlTrK+wdRbAKpu20E6Zuq5McOG1tXLnohIIGompBFIIxhpI9eq4XKKZqSX/Yo CZ0yjTF/O10as3d6EF8fPLR1eXXNp1bW2Dz5X5kAhS1ZjWW8rGWCHHKYt25Vq2DEpJXc=; Received: from outgoing-auth-1.mit.edu ([18.9.28.11] helo=outgoing.mit.edu) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1hxKL4-001k5a-SH for linux-f2fs-devel@lists.sourceforge.net; Tue, 13 Aug 2019 00:07:00 +0000 Received: from callcc.thunk.org (guestnat-104-133-9-109.corp.google.com [104.133.9.109] (may be forged)) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x7D06i57014906 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Aug 2019 20:06:46 -0400 Received: by callcc.thunk.org (Postfix, from userid 15806) id 3F35E4218EF; Mon, 12 Aug 2019 20:06:44 -0400 (EDT) Date: Mon, 12 Aug 2019 20:06:44 -0400 From: "Theodore Y. Ts'o" To: Eric Biggers Message-ID: <20190813000644.GH28705@mit.edu> References: <20190805162521.90882-1-ebiggers@kernel.org> <20190805162521.90882-11-ebiggers@kernel.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190805162521.90882-11-ebiggers@kernel.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Headers-End: 1hxKL4-001k5a-SH Subject: Re: [f2fs-dev] [PATCH v8 10/20] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Satya Tangirala , linux-api@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-fscrypt@vger.kernel.org, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-crypto@vger.kernel.org, linux-fsdevel@vger.kernel.org, Jaegeuk Kim , linux-ext4@vger.kernel.org, Paul Crowley Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net > + /* Some inodes still reference this key; try to evict them. */ > + if (try_to_lock_encrypted_files(sb, mk) != 0) > + status_flags |= > + FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY; > + } try_to_lock_encrypted_files() can return other errors besides -EBUSY; in particular sync_filesystem() can return other errors, such as -EIO or -EFSCORUPTED. In that case, I think we're better off returning the relevant status code back to the user. We will have already wiped the master key, but this situation will only happen in exceptional conditions (e.g., user has ejected the sdcard, etc.), so it's not worth it to try to undo the master key wipe to try to restore things to the pre-ioctl execution state. So I think we should capture the return code from try_to_lock_encrypted_files, and if it is EBUSY, we can set FILES_BUSY flag and return success. Otherwise, we should return the error. If you agree, please fix that up and then feel free to add: Reviewed-by: Theodore Ts'o - Ted _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel