New issue
Advanced search Search tips

Issue 693290 link

Starred by 3 users
Status: Untriaged
Owner: ----
Cc:
hashimoto@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 347322



Sign in to add a comment

cryptohome: ext4 crypto: at restart or unmount after restart, key still in keyring

Project Member Reported by gwendal@chromium.org, Feb 17 2017 
When cryptohomed restarts, it loses it Mount object and thus does not know who is mounted.

There is a logic in service.cc to handle that situation (CleanUpStaleMounts()), but although this code cleans the mounts, it does not clean the ext4 key in direncrypt keyring:

From https://chromium-review.googlesource.com/?polygerrit=0#/c/440747/3//COMMIT_MSG@10

Without your change, unmount after restart does some cleanup, but not the keyring:
#Fresh from reboot: no mount.
cryptohome --action=status | grep -1 -e '"mounts":'
   },
   "mounts": [  ],
   "tpm": {
#direncrypt keyring empty:
keyctl show @s
Keyring
 583146726 --alswrv      0     0  keyring: _ses
 659008238 --alswrv      0     0   \_ keyring: dircrypt
#Add a mount:
cryptohome --action=mount --user=test@cr.org --password=testtest --create
Mount succeeded.
localhost ~ # mount | grep mmc
...
/dev/mmcblk0p1 on /home/chronos/user type ext4 (rw,nodev,relatime,seclabel,commit=600,data=ordered)
/dev/mmcblk0p1 on /home/user/ac25fff538277823c2e4c367f38bcf192579d9f0 type ext4 (rw,nodev,relatime,seclabel,commit=600,data=ordered)
/dev/mmcblk0p1 on /home/chronos/u-ac25fff538277823c2e4c367f38bcf192579d9f0 type ext4 (rw,nodev,relatime,seclabel,commit=600,data=ordered)
/dev/mmcblk0p1 on /home/root/ac25fff538277823c2e4c367f38bcf192579d9f0 type ext4 (rw,nodev,relatime,seclabel,commit=600,data=ordered)
#Cryptohomed aware of it:
cryptohome --action=status |  grep -1 -e '"mounts":'
   },
   "mounts": [ {
      "enterprise": false,
#Now restart cryptohomed
restart cryptohomed
cryptohomed start/running, process 4918
# Cryptohomed is not aware of mount
localhost ~ # cryptohome --action=status |  grep -1 -e '"mounts":'
   },
   "mounts": [  ],
   "tpm": {
# But mounts are [partially] present:
mount | grep mmc
...
/dev/mmcblk0p1 on /home/root/ac25fff538277823c2e4c367f38bcf192579d9f0 type ext4 (rw,nodev,relatime,seclabel,commit=600,data=ordered)
# And keyring is still populated:
 keyctl show @s
Keyring
 583146726 --alswrv      0     0  keyring: _ses
 659008238 --alswrv      0     0   \_ keyring: dircrypt
 390644998 --a-sw-v      0     0       \_ logon: ext4:dfb31a52283878ff
# unmounting works
cryptohome --action=unmount  --user=test@cr.org     
Unmount succeeded.
# Looking with mount | grep mmc, the remaining chronos related mount is gone,
# but the key is still present:
keyctl show @s
Keyring
 583146726 --alswrv      0     0  keyring: _ses
 659008238 --alswrv      0     0   \_ keyring: dircrypt
 390644998 --a-sw-v      0     0       \_ logon: ext4:dfb31a52283878ff

If you look at /var/log/messages, we tried to get rid of mounts:
2017-02-15T15:57:22.869876-08:00 WARNING cryptohomed[4918]: Stale mount /home/root/ac25fff538277823c2e4c367f38bcf192579d9f0 from /home/.shadow/ac25fff538277823c2e4c367f38bcf192579d9f0/mount/root has active holders.
2017-02-15T15:57:22.896459-08:00 WARNING cryptohomed[4918]: Lazily unmounting stale mount: /home/chronos/user from /home/.shadow/ac25fff538277823c2e4c367f38bcf192579d9f0/mount/user
2017-02-15T15:57:22.903100-08:00 WARNING cryptohomed[4918]: Lazily unmounting stale mount: /home/user/ac25fff538277823c2e4c367f38bcf192579d9f0 from /home/.shadow/ac25fff538277823c2e4c367f38bcf192579d9f0/mount/user
2017-02-15T15:57:22.909099-08:00 WARNING cryptohomed[4918]: Lazily unmounting stale mount: /home/chronos/u-ac25fff538277823c2e4c367f38bcf192579d9f0 from /home/.shadow/ac25fff538277823c2e4c367f38bcf192579d9f0/mount/user
2017-02-15T15:57:22.915099-08:00 WARNING cryptohomed[4918]: Attestation-based enterprise enrollment will not be available.
We could not fully remove the mount, but --action=unmount completed the job:
2017-02-15T15:59:59.987015-08:00 INFO cryptohomed[4918]: Cleaning up PKCS #11 token: /home/root/ac25fff538277823c2e4c367f38bcf192579d9f0/chaps
2017-02-15T15:59:59.987247-08:00 INFO chapsd[1585]: Token at /home/root/ac25fff538277823c2e4c367f38bcf192579d9f0/chaps has been removed from slot 1
2017-02-15T15:59:59.987354-08:00 WARNING cryptohomed[4918]: Lazily unmounting stale mount: /home/root/ac25fff538277823c2e4c367f38bcf192579d9f0 from /home/.shadow/ac25fff538277823c2e4c367f38bcf192579d9f0/mount/root
(excluding the keyring that was not covered).
In cryptohome code, bool Service::CleanUpStaleMounts(bool force) is used for cleanup after crash.
CleanUpStaleMounts(false) is called at Service::Initialize(),

Sign in to add a comment