Possible race condition in crypto migration during shutdown |
|||
Issue descriptionIf the ecryptfs->ext4-crypto migration is running when the device shuts down, the migration will fail (due to files not being found) and signal any dbus clients that it failed. If chrome has not yet shutdown and is still listening to this signal, it may attempt to remove the profile, causing some data loss. Investigate the order of things to see if this is currently a plausible scenario, and come up with a solution to prevent it from happening now or in the future.
,
May 31 2017
Do you happen to know where cryptohomed is notified? I can't find any mechanism by which it would know about shutdown today (outside of trying to catch SIGTERM). I'm also not yet clear where the unmount dbus call is coming from yet. But yes, the core of this bug is that cryptohome (and the migration process) should gracefully handle shutdown. Its just not yet clear how to do that.
,
May 31 2017
,
May 31 2017
As far as I can tell nobody has actually hit this race condition yet (and I've not been able to do so myself), so I'm not sure its related to 719266 (i.e. its not currently impacting either users or UMA stats).
,
Jun 1 2017
hashimoto@ pointed me to /usr/share/cros/init/ui-post-stop where unmount is being called via the cryptohome command line. Since it is guaranteed to be called after the UI is stopped, this race condition should be impossible. However, we're still planning to stop the migration at unmount for safety. |
|||
►
Sign in to add a comment |
|||
Comment 1 by uekawa@chromium.org
, May 31 2017