Re: [PATCH 2/6] security/keys/encrypted: Clean up request_trusted_key()

On Tue, Mar 19, 2019 at 7:36 PM Mimi Zohar <zohar(a)linux.ibm.com&gt; wrote: > > On Tue, 2019-03-19 at 17:20 -0700, Dan Williams wrote: > > On Tue, Mar 19, 2019 at 5:07 PM Mimi Zohar <zohar(a)linux.ibm.com&gt; wrote: > > > > > > On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote: > > > > > > < snip > > > > > > > > +/* > > > > + * request_trusted_key - request the trusted key > > > > + * > > > > + * Trusted keys are sealed to PCRs and other metadata. Although userspace > > > > + * manages both trusted/encrypted key-types, like the encrypted key type > > > > + * data, trusted key type data is not visible decrypted from userspace. > > > > + */ > > > > +static struct key *request_trusted_key(const char *trusted_desc, > > > > + const u8 **master_key, size_t *master_keylen) > > > > +{ > > > > + struct trusted_key_payload *tpayload; > > > > + struct key_type *type; > > > > + struct key *tkey; > > > > + > > > > + type = key_type_lookup("trusted"); > > > > > > The associated key_type_put() will need to be called. > > > > Yes. > > I don't know if defining a key_type_lookup() wrapper, perhaps named > is_key_type_available(), would help. Both key_type_lookup() and > key_type_put() would be called. The existing code could then remain > the same. > Maybe, but something still needs to pin the hosting module. I think this means that the first call to key_type->instantiate() pins the hosting module, and the ->destroy() of the last key for the key_type unpins the module. It does mean that the ->destroy() method is no longer optional.