On Tue, Apr 08, 2025 at 07:01:47PM +0300, Jarkko Sakkinen wrote:
On Mon, Apr 07, 2025 at 03:58:01PM +0300, Jarkko Sakkinen wrote:
From: Jarkko Sakkinen jarkko.sakkinen@opinsys.com
Add an isolated list of unreferenced keys to be queued for deletion, and try to pin the keys in the garbage collector before processing anything. Skip unpinnable keys.
Use this list for blocking the reaping process during the teardown:
- First off, the keys added to `keys_graveyard` are snapshotted, and the list is flushed. This the very last step in `key_put()`.
- `key_put()` reaches zero. This will mark key as busy for the garbage collector.
- `key_garbage_collector()` will try to increase refcount, which won't go above zero. Whenever this happens, the key will be skipped.
Cc: stable@vger.kernel.org # v6.1+ Signed-off-by: Jarkko Sakkinen jarkko.sakkinen@opinsys.com
This version is my master branch now:
https://web.git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/l...
For the time being not in next.
I just updated it to my -next, so probably tomorrow will be in linux-next.
I believe this is absolutely right thing to do but please be aware of this (now it is *knowingly* applied) and ping me for any issues.
Summaery: it sets walls against using struct key in the middle of destruction (e.g. when key_put() is accessing it after zero refcount, GC should never touch it).
BR, Jarkko