Commit 43e5f1d5 authored by Eric Biggers's avatar Eric Biggers

fscrypt: improve fscrypt_destroy_keyring() documentation

Document that fscrypt_destroy_keyring() must be called after all
potentially-encrypted inodes have been evicted.

Link: https://lore.kernel.org/r/20230313221231.272498-3-ebiggers@kernel.orgSigned-off-by: default avatarEric Biggers <ebiggers@google.com>
parent ccb820dc
...@@ -207,10 +207,11 @@ static int allocate_filesystem_keyring(struct super_block *sb) ...@@ -207,10 +207,11 @@ static int allocate_filesystem_keyring(struct super_block *sb)
* Release all encryption keys that have been added to the filesystem, along * Release all encryption keys that have been added to the filesystem, along
* with the keyring that contains them. * with the keyring that contains them.
* *
* This is called at unmount time. The filesystem's underlying block device(s) * This is called at unmount time, after all potentially-encrypted inodes have
* are still available at this time; this is important because after user file * been evicted. The filesystem's underlying block device(s) are still
* accesses have been allowed, this function may need to evict keys from the * available at this time; this is important because after user file accesses
* keyslots of an inline crypto engine, which requires the block device(s). * have been allowed, this function may need to evict keys from the keyslots of
* an inline crypto engine, which requires the block device(s).
*/ */
void fscrypt_destroy_keyring(struct super_block *sb) void fscrypt_destroy_keyring(struct super_block *sb)
{ {
...@@ -227,12 +228,12 @@ void fscrypt_destroy_keyring(struct super_block *sb) ...@@ -227,12 +228,12 @@ void fscrypt_destroy_keyring(struct super_block *sb)
hlist_for_each_entry_safe(mk, tmp, bucket, mk_node) { hlist_for_each_entry_safe(mk, tmp, bucket, mk_node) {
/* /*
* Since all inodes were already evicted, every key * Since all potentially-encrypted inodes were already
* remaining in the keyring should have an empty inode * evicted, every key remaining in the keyring should
* list, and should only still be in the keyring due to * have an empty inode list, and should only still be in
* the single active ref associated with ->mk_secret. * the keyring due to the single active ref associated
* There should be no structural refs beyond the one * with ->mk_secret. There should be no structural refs
* associated with the active ref. * beyond the one associated with the active ref.
*/ */
WARN_ON(refcount_read(&mk->mk_active_refs) != 1); WARN_ON(refcount_read(&mk->mk_active_refs) != 1);
WARN_ON(refcount_read(&mk->mk_struct_refs) != 1); WARN_ON(refcount_read(&mk->mk_struct_refs) != 1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment