From patchwork Mon Dec 11 16:34:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 13487634 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="WA0X5Tbu" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ABD60C2 for ; Mon, 11 Dec 2023 08:34:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1702312461; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=nsV9+0B0VQ25C7AzDesdB06lttw93Mil7/MhVPbjkO0=; b=WA0X5TbuKgNI7UPPhZezbSKKMkRpZX/Kw3/MOSURtGXTu+d9RJSA5DSRMOPmxgHZAsQ06s eOQMlN1I/Z0VVQRiBx3vpx7+szpO3v9xyO+EOMphIzZNendrMwqvhJqr6wDOcw7ZAl79ie mQlcmdY+y+3wsOTqNP3nYupnVXzzT+E= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-15-Cxh188gnO_uFafuTJl-saQ-1; Mon, 11 Dec 2023 11:34:18 -0500 X-MC-Unique: Cxh188gnO_uFafuTJl-saQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2443788D131; Mon, 11 Dec 2023 16:34:18 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 143A53C2E; Mon, 11 Dec 2023 16:34:16 +0000 (UTC) From: David Howells To: Markus Suvanto , Marc Dionne Cc: David Howells , linux-afs@lists.infradead.org, keyrings@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 0/3] afs: Fix dynamic root interaction with failing DNS lookups Date: Mon, 11 Dec 2023 16:34:09 +0000 Message-ID: <20231211163412.2766147-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: keyrings@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 Hi Markus, Marc, Here's a set of fixes to improve the interaction of arbitrary lookups in the AFS dynamic root that hit DNS lookup failures: (1) Always delete unused (particularly negative) dentries as soon as possible so that they don't prevent future lookups from retrying. (2) Fix the handling of new-style negative DNS lookups in ->lookup() to make them return ENOENT so that userspace doesn't get confused when stat succeeds but the following open on the looked up file then fails. (3) Fix key handling so that DNS lookup results are reclaimed as soon as they expire rather than sitting round either forever or for an additional 5 mins beyond a set expiry time returning EKEYEXPIRED. The patches can be found here: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes Thanks, David David Howells (3): afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry fs/afs/dynroot.c | 31 +++++++++++++++++-------------- include/linux/key-type.h | 1 + net/dns_resolver/dns_key.c | 10 +++++++++- security/keys/gc.c | 31 +++++++++++++++++++++---------- security/keys/internal.h | 8 +++++++- security/keys/key.c | 15 +++++---------- security/keys/proc.c | 2 +- 7 files changed, 61 insertions(+), 37 deletions(-)