linux-fscrypt.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Guenter Roeck <groeck@google.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Doug Anderson <dianders@chromium.org>,
	Gwendal Grignou <gwendal@chromium.org>, Chao Yu <chao@kernel.org>,
	Ryo Hashimoto <hashimoto@chromium.org>,
	Vadim Sukhomlinov <sukhomlinov@google.com>,
	Guenter Roeck <groeck@chromium.org>,
	Andrey Pronin <apronin@chromium.org>,
	linux-doc@vger.kernel.org,
	Andreas Dilger <adilger.kernel@dilger.ca>,
	"Theodore Y. Ts'o" <tytso@mit.edu>,
	Jonathan Corbet <corbet@lwn.net>,
	LKML <linux-kernel@vger.kernel.org>,
	Jaegeuk Kim <jaegeuk@kernel.org>,
	linux-fscrypt@vger.kernel.org,
	linux-ext4 <linux-ext4@vger.kernel.org>,
	linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [PATCH] Revert "ext4 crypto: fix to check feature status before get policy"
Date: Sat, 2 Nov 2019 15:10:17 -0700	[thread overview]
Message-ID: <CABXOdTeu3KdT=arT+AKAOiPPM0U45krUfmDx6NH5nmDZ0pPa=A@mail.gmail.com> (raw)
In-Reply-To: <CABXOdTddU2Kn8hJyofAC9eofZHAA4ddBhjNXc8GwC5dm3beMZA@mail.gmail.com>

On Fri, Nov 1, 2019 at 11:17 AM Guenter Roeck <groeck@google.com> wrote:
[ ... ]
> > Ah, I think I found it:
> >
> > https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/2cbdedd5eca0a57d9596671a99da5fab8e60722b/sys-apps/upstart/files/upstart-1.2-dircrypto.patch
> >
> > The init process does EXT4_IOC_GET_ENCRYPTION_POLICY on /, and if the error is
> > EOPNOTSUPP, it skips creating the "dircrypto" keyring.  So then cryptohome can't
> > add keys later.  (Note the error message you got, "Error adding dircrypto key".)
> >
> > So it looks like the kernel patch broke both that and
> > ext4_dir_encryption_supported().
> >
>
> ext4_dir_encryption_supported() was already changed to use the sysfs
> file, and changing the upstart code to check the sysfs file does
> indeed fix the problem for good. I'll do some more tests and push the
> necessary changes into our code base if I don't hit some other issue.
>

This change is now in our code base:

https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/5c5b06fded399013b9cce3d504c3d968ee84ab8b

If the revert has not made it upstream, I would suggest to hold it off
for the time being. I'll do more testing next week, but as it looks
like it may no longer be needed, at least not from a Chrome OS
perspective.

Guenter

  reply	other threads:[~2019-11-02 22:10 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-30 17:06 [PATCH] Revert "ext4 crypto: fix to check feature status before get policy" Douglas Anderson
2019-10-30 17:37 ` Eric Biggers
2019-10-30 17:51   ` Doug Anderson
2019-10-30 19:02     ` Eric Biggers
2019-10-30 20:57       ` Eric Biggers
2019-10-30 21:59         ` Doug Anderson
2019-10-31 17:52           ` Doug Anderson
2019-11-01  4:36             ` Eric Biggers
2019-11-01 13:32               ` Guenter Roeck
2019-11-01 18:17               ` Guenter Roeck
2019-11-02 22:10                 ` Guenter Roeck [this message]
2019-11-03 13:19                   ` Theodore Y. Ts'o
2019-11-04  7:45       ` Chao Yu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CABXOdTeu3KdT=arT+AKAOiPPM0U45krUfmDx6NH5nmDZ0pPa=A@mail.gmail.com' \
    --to=groeck@google.com \
    --cc=adilger.kernel@dilger.ca \
    --cc=apronin@chromium.org \
    --cc=chao@kernel.org \
    --cc=corbet@lwn.net \
    --cc=dianders@chromium.org \
    --cc=ebiggers@kernel.org \
    --cc=groeck@chromium.org \
    --cc=gwendal@chromium.org \
    --cc=hashimoto@chromium.org \
    --cc=jaegeuk@kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sukhomlinov@google.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).