From 8cc7d4928198f843fa6d790a615405140fc992d3 Mon Sep 17 00:00:00 2001
From: Kent Overstreet <kent.overstreet@gmail.com>
Date: Thu, 19 May 2022 15:59:37 -0400
Subject: [PATCH] cmd_unlock: Add -k argument to specify keyring

This adds a new argument (-k) to cmd_unlock for specifying the keyring
to add to. The default is user, but user_session and session can also be
specified.

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
---
 .bcachefs_revision     |  2 +-
 cmd_key.c              | 10 ++++++++--
 cmd_migrate.c          |  2 +-
 crypto.c               | 23 +++++++++++++++++------
 crypto.h               |  2 +-
 libbcachefs/checksum.c |  2 +-
 libbcachefs/lru.c      |  6 +++---
 libbcachefs/lru.h      |  2 +-
 libbcachefs/recovery.c |  9 ++-------
 9 files changed, 35 insertions(+), 23 deletions(-)

diff --git a/.bcachefs_revision b/.bcachefs_revision
index 9aed74e1..c1cb5fdb 100644
--- a/.bcachefs_revision
+++ b/.bcachefs_revision
@@ -1 +1 @@
-c4ca278a540bd2f99864f198a6ec9b4cb1f1fd44
+40eaef7e8049b75ff7e5da42227295c754d9c906
diff --git a/cmd_key.c b/cmd_key.c
index 6052cb00..b1d1bd02 100644
--- a/cmd_key.c
+++ b/cmd_key.c
@@ -14,20 +14,26 @@ static void unlock_usage(void)
 	     "\n"
 	     "Options:\n"
 	     "  -c                     Check if a device is encrypted\n"
+	     "  -k (session|user|user_session)\n"
+	     "                         Keyring to add to (default: user)\n"
 	     "  -h                     Display this help and exit\n"
 	     "Report bugs to <linux-bcache@vger.kernel.org>");
 }
 
 int cmd_unlock(int argc, char *argv[])
 {
+	const char *keyring = "user";
 	bool check = false;
 	int opt;
 
-	while ((opt = getopt(argc, argv, "ch")) != -1)
+	while ((opt = getopt(argc, argv, "ck:h")) != -1)
 		switch (opt) {
 		case 'c':
 			check = true;
 			break;
+		case 'k':
+			keyring = strdup(optarg);
+			break;
 		case 'h':
 			unlock_usage();
 			exit(EXIT_SUCCESS);
@@ -59,7 +65,7 @@ int cmd_unlock(int argc, char *argv[])
 
 	char *passphrase = read_passphrase("Enter passphrase: ");
 
-	bch2_add_key(sb.sb, passphrase);
+	bch2_add_key(sb.sb, "user", keyring, passphrase);
 
 	bch2_free_super(&sb);
 	memzero_explicit(passphrase, strlen(passphrase));
diff --git a/cmd_migrate.c b/cmd_migrate.c
index b67fc02d..a553319b 100644
--- a/cmd_migrate.c
+++ b/cmd_migrate.c
@@ -691,7 +691,7 @@ static int migrate_fs(const char		*fs_path,
 	u64 sb_offset = le64_to_cpu(sb->layout.sb_offset[0]);
 
 	if (format_opts.passphrase)
-		bch2_add_key(sb, format_opts.passphrase);
+		bch2_add_key(sb, "user", "user", format_opts.passphrase);
 
 	free(sb);
 
diff --git a/crypto.c b/crypto.c
index 43753a3e..4e4d15a9 100644
--- a/crypto.c
+++ b/crypto.c
@@ -133,10 +133,23 @@ void bch2_passphrase_check(struct bch_sb *sb, const char *passphrase,
 		die("incorrect passphrase");
 }
 
-void bch2_add_key(struct bch_sb *sb, const char *passphrase)
+void bch2_add_key(struct bch_sb *sb,
+		  const char *type,
+		  const char *keyring_str,
+		  const char *passphrase)
 {
 	struct bch_key passphrase_key;
 	struct bch_encrypted_key sb_key;
+	int keyring;
+
+	if (!strcmp(keyring_str, "session"))
+		keyring = KEY_SPEC_SESSION_KEYRING;
+	else if (!strcmp(keyring_str, "user"))
+		keyring = KEY_SPEC_USER_KEYRING;
+	else if (!strcmp(keyring_str, "user_session"))
+		keyring = KEY_SPEC_USER_SESSION_KEYRING;
+	else
+		die("unknown keyring %s", keyring_str);
 
 	bch2_passphrase_check(sb, passphrase,
 			      &passphrase_key,
@@ -147,12 +160,10 @@ void bch2_add_key(struct bch_sb *sb, const char *passphrase)
 
 	char *description = mprintf("bcachefs:%s", uuid);
 
-	if (add_key("logon", description,
+	if (add_key(type,
+		    description,
 		    &passphrase_key, sizeof(passphrase_key),
-		    KEY_SPEC_USER_KEYRING) < 0 ||
-	    add_key("user", description,
-		    &passphrase_key, sizeof(passphrase_key),
-		    KEY_SPEC_USER_KEYRING) < 0)
+		    keyring) < 0)
 		die("add_key error: %m");
 
 	memzero_explicit(description, strlen(description));
diff --git a/crypto.h b/crypto.h
index 7f523c05..baea6d86 100644
--- a/crypto.h
+++ b/crypto.h
@@ -15,7 +15,7 @@ struct bch_key derive_passphrase(struct bch_sb_field_crypt *, const char *);
 bool bch2_sb_is_encrypted(struct bch_sb *);
 void bch2_passphrase_check(struct bch_sb *, const char *,
 			   struct bch_key *, struct bch_encrypted_key *);
-void bch2_add_key(struct bch_sb *, const char *);
+void bch2_add_key(struct bch_sb *, const char *, const char *, const char *);
 void bch_sb_crypt_init(struct bch_sb *sb, struct bch_sb_field_crypt *,
 		       const char *);
 
diff --git a/libbcachefs/checksum.c b/libbcachefs/checksum.c
index 425582f6..50157b40 100644
--- a/libbcachefs/checksum.c
+++ b/libbcachefs/checksum.c
@@ -424,7 +424,7 @@ static int __bch2_request_key(char *key_description, struct bch_key *key)
 	const struct user_key_payload *ukp;
 	int ret;
 
-	keyring_key = request_key(&key_type_logon, key_description, NULL);
+	keyring_key = request_key(&key_type_user, key_description, NULL);
 	if (IS_ERR(keyring_key))
 		return PTR_ERR(keyring_key);
 
diff --git a/libbcachefs/lru.c b/libbcachefs/lru.c
index ce23b383..d2783317 100644
--- a/libbcachefs/lru.c
+++ b/libbcachefs/lru.c
@@ -130,7 +130,7 @@ int bch2_lru_change(struct btree_trans *trans, u64 id, u64 idx,
 }
 
 static int bch2_check_lru_key(struct btree_trans *trans,
-			      struct btree_iter *lru_iter, bool initial)
+			      struct btree_iter *lru_iter)
 {
 	struct bch_fs *c = trans->c;
 	struct btree_iter iter;
@@ -193,7 +193,7 @@ fsck_err:
 	return ret;
 }
 
-int bch2_check_lrus(struct bch_fs *c, bool initial)
+int bch2_check_lrus(struct bch_fs *c)
 {
 	struct btree_trans trans;
 	struct btree_iter iter;
@@ -207,7 +207,7 @@ int bch2_check_lrus(struct bch_fs *c, bool initial)
 		ret = __bch2_trans_do(&trans, NULL, NULL,
 				      BTREE_INSERT_NOFAIL|
 				      BTREE_INSERT_LAZY_RW,
-			bch2_check_lru_key(&trans, &iter, initial));
+			bch2_check_lru_key(&trans, &iter));
 		if (ret)
 			break;
 	}
diff --git a/libbcachefs/lru.h b/libbcachefs/lru.h
index bfe38a67..3decb7b1 100644
--- a/libbcachefs/lru.h
+++ b/libbcachefs/lru.h
@@ -14,6 +14,6 @@ int bch2_lru_delete(struct btree_trans *, u64, u64, u64, struct bkey_s_c);
 int bch2_lru_set(struct btree_trans *, u64, u64, u64 *);
 int bch2_lru_change(struct btree_trans *, u64, u64, u64, u64 *, struct bkey_s_c);
 
-int bch2_check_lrus(struct bch_fs *, bool);
+int bch2_check_lrus(struct bch_fs *);
 
 #endif /* _BCACHEFS_LRU_H */
diff --git a/libbcachefs/recovery.c b/libbcachefs/recovery.c
index ff483ff3..36ab2e3b 100644
--- a/libbcachefs/recovery.c
+++ b/libbcachefs/recovery.c
@@ -1256,24 +1256,19 @@ use_clean:
 
 		bch_info(c, "checking lrus");
 		err = "error checking lrus";
-		ret = bch2_check_lrus(c, true);
+		ret = bch2_check_lrus(c);
 		if (ret)
 			goto err;
 		bch_verbose(c, "done checking lrus");
-
 		set_bit(BCH_FS_CHECK_LRUS_DONE, &c->flags);
 
 		bch_info(c, "checking alloc to lru refs");
 		err = "error checking alloc to lru refs";
 		ret = bch2_check_alloc_to_lru_refs(c);
-		if (ret)
-			goto err;
-		set_bit(BCH_FS_CHECK_ALLOC_TO_LRU_REFS_DONE, &c->flags);
-
-		ret = bch2_check_lrus(c, true);
 		if (ret)
 			goto err;
 		bch_verbose(c, "done checking alloc to lru refs");
+		set_bit(BCH_FS_CHECK_ALLOC_TO_LRU_REFS_DONE, &c->flags);
 	} else {
 		set_bit(BCH_FS_MAY_GO_RW, &c->flags);
 		set_bit(BCH_FS_INITIAL_GC_DONE, &c->flags);