Switch to volume key keyring helpers.

And do not access volume key internals bearing information whether the key payload was uploaded in kernel keyring or not.
2025-12-05 16:00:05 +01:00 · 2025-02-04 15:45:18 +01:00
parent 15c4a410fd
commit 0a6ee8633a
2 changed files with 8 additions and 17 deletions
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
@@ -2894,8 +2894,7 @@ int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr
 		tgt = &dmdc.segment;
 		while (tgt) {
 			if (tgt->type == DM_CRYPT)
-				crypt_unlink_key_by_description_from_thread_keyring(cd, crypt_volume_key_description(tgt->u.crypt.vk),
+				crypt_volume_key_drop_kernel_key(cd, tgt->u.crypt.vk);
 					LOGON_KEY);
 			tgt = tgt->next;
 		}
 	}
@@ -2930,8 +2929,7 @@ int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr
 				tgt = &dmdc.segment;
 				while (tgt) {
 					if (tgt->type == DM_CRYPT)
-						crypt_unlink_key_by_description_from_thread_keyring(cd, crypt_volume_key_description(tgt->u.crypt.vk),
+						crypt_volume_key_drop_kernel_key(cd, tgt->u.crypt.vk);
 							LOGON_KEY);
 					tgt = tgt->next;
 				}
 			}
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -7468,8 +7468,6 @@ int crypt_volume_key_keyring(struct crypt_device *cd __attribute__((unused)), in
 /* internal only */
 int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key *vk)
 {
 	key_serial_t kid;
 	if (!vk || !cd)
 		return -EINVAL;
@@ -7481,18 +7479,14 @@ int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key
 	log_dbg(cd, "Loading key (type logon, name %s) in thread keyring.",
 		crypt_volume_key_description(vk));
-	kid = keyring_add_key_in_thread_keyring(LOGON_KEY, crypt_volume_key_description(vk),
+	if (crypt_volume_key_upload_kernel_key(vk)) {
-						crypt_volume_key_get_key(vk),
+		crypt_set_key_in_keyring(cd, 1);
-						crypt_volume_key_length(vk));
+		return 0;
-	if (kid < 0) {
+	} else {
 		log_dbg(cd, "keyring_add_key_in_thread_keyring failed (error %d)", errno);
 		log_err(cd, _("Failed to load key in kernel keyring."));
-	} else {
+		return -EINVAL;
 		crypt_set_key_in_keyring(cd, 1);
 		crypt_volume_key_set_uploaded(vk);
 	}
 	return kid < 0 ? -EINVAL : 0;
 }
 /* internal only */
@@ -7683,8 +7677,7 @@ void crypt_drop_uploaded_keyring_key(struct crypt_device *cd, struct volume_key
 	struct volume_key *vk = vks;
 	while (vk) {
-		if (crypt_volume_key_is_uploaded(vk))
+		crypt_volume_key_drop_uploaded_kernel_key(cd, vk);
 			crypt_unlink_key_by_description_from_thread_keyring(cd, crypt_volume_key_description(vk), LOGON_KEY);
 		vk = crypt_volume_key_next(vk);
 	}
 }