| Message ID | 20231212144611.3100234-1-dhowells@redhat.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | afs: Fix dynamic root interaction with failing DNS lookups | expand |
ti, 2023-12-12 kello 14:46 +0000, David Howells kirjoitti: > Hi Markus, Marc, > > Here's a set of fixes to improve the interaction of arbitrary lookups in > the AFS dynamic root that hit DNS lookup failures[1]: > > (1) Always delete unused (particularly negative) dentries as soon as > possible so that they don't prevent future lookups from retrying. > > (2) Fix the handling of new-style negative DNS lookups in ->lookup() to > make them return ENOENT so that userspace doesn't get confused when > stat succeeds but the following open on the looked up file then fails. > > (3) Fix key handling so that DNS lookup results are reclaimed as soon as > they expire rather than sitting round either forever or for an > additional 5 mins beyond a set expiry time returning EKEYEXPIRED. > > The patches can be found here: > > https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes > > Thanks, > David > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=216637 [1] > Link: https://lore.kernel.org/r/20231211163412.2766147-1-dhowells@redhat.com # v1 > Link: https://lore.kernel.org/r/20231211213233.2793525-1-dhowells@redhat.com # v2 > > Changes > ======= > ver #3) > - Rebased to v6.7-rc5 which has an additional afs patch. > - Don't add to TIME64_MAX (ie. permanent) when checking expiry time. > > ver #2) > - Fix signed-unsigned comparison when checking return val. > > David Howells (3): > afs: Fix the dynamic root's d_delete to always delete unused dentries > afs: Fix dynamic root lookup DNS check > keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on > expiry > > fs/afs/dynroot.c | 31 +++++++++++++++++-------------- > include/linux/key-type.h | 1 + > net/dns_resolver/dns_key.c | 10 +++++++++- > security/keys/gc.c | 31 +++++++++++++++++++++---------- > security/keys/internal.h | 11 ++++++++++- > security/keys/key.c | 15 +++++---------- > security/keys/proc.c | 2 +- > 7 files changed, 64 insertions(+), 37 deletions(-) > masu@t470 ~ % uname -r 6.7.0-rc5-gb946001d3bb1 This fixes my problem :) https://bugzilla.kernel.org/show_bug.cgi?id=216637 Tested-by: Markus Suvanto <markus.suvanto@gmail.com> -Markus
Hi Markus, Marc, Here's a set of fixes to improve the interaction of arbitrary lookups in the AFS dynamic root that hit DNS lookup failures[1]: (1) Always delete unused (particularly negative) dentries as soon as possible so that they don't prevent future lookups from retrying. (2) Fix the handling of new-style negative DNS lookups in ->lookup() to make them return ENOENT so that userspace doesn't get confused when stat succeeds but the following open on the looked up file then fails. (3) Fix key handling so that DNS lookup results are reclaimed as soon as they expire rather than sitting round either forever or for an additional 5 mins beyond a set expiry time returning EKEYEXPIRED. The patches can be found here: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes Thanks, David Link: https://bugzilla.kernel.org/show_bug.cgi?id=216637 [1] Link: https://lore.kernel.org/r/20231211163412.2766147-1-dhowells@redhat.com # v1 Link: https://lore.kernel.org/r/20231211213233.2793525-1-dhowells@redhat.com # v2 Changes ======= ver #3) - Rebased to v6.7-rc5 which has an additional afs patch. - Don't add to TIME64_MAX (ie. permanent) when checking expiry time. ver #2) - Fix signed-unsigned comparison when checking return val. David Howells (3): afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry fs/afs/dynroot.c | 31 +++++++++++++++++-------------- include/linux/key-type.h | 1 + net/dns_resolver/dns_key.c | 10 +++++++++- security/keys/gc.c | 31 +++++++++++++++++++++---------- security/keys/internal.h | 11 ++++++++++- security/keys/key.c | 15 +++++---------- security/keys/proc.c | 2 +- 7 files changed, 64 insertions(+), 37 deletions(-)