From patchwork Mon Dec 11 21:32:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 13488099 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="L3qMu6zG" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27AFED0 for ; Mon, 11 Dec 2023 13:32:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1702330362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=W4W692KfWBl1L0qMgZ9E2R9qieSMV5xF1Y5WsFJCo/Q=; b=L3qMu6zG+0HEeJJFxdT9ZAlvk7lMRDdv+wPYhfNGqaW6/dAr3EfQc5NpVBg5czwgmL9Z1/ 9CiEshW3uz+AHxQCQWM0qU8t7DKodKbiCCubM2wazYQZI288So1apiW3dXPVcS7SQQ6gbL Gf+wRuck/GC5kH2c6Sj3ydxjPJRPr7o= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-365-qAgFnwMNORan69S0adUnmw-1; Mon, 11 Dec 2023 16:32:37 -0500 X-MC-Unique: qAgFnwMNORan69S0adUnmw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E4A3828EC117; Mon, 11 Dec 2023 21:32:36 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8143A2166B31; Mon, 11 Dec 2023 21:32:35 +0000 (UTC) From: David Howells To: Markus Suvanto , Marc Dionne Cc: David Howells , linux-afs@lists.infradead.org, keyrings@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 0/3] afs: Fix dynamic root interaction with failing DNS lookups Date: Mon, 11 Dec 2023 21:32:30 +0000 Message-ID: <20231211213233.2793525-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.6 Hi Markus, Marc, Here's a set of fixes to improve the interaction of arbitrary lookups in the AFS dynamic root that hit DNS lookup failures[1]: (1) Always delete unused (particularly negative) dentries as soon as possible so that they don't prevent future lookups from retrying. (2) Fix the handling of new-style negative DNS lookups in ->lookup() to make them return ENOENT so that userspace doesn't get confused when stat succeeds but the following open on the looked up file then fails. (3) Fix key handling so that DNS lookup results are reclaimed as soon as they expire rather than sitting round either forever or for an additional 5 mins beyond a set expiry time returning EKEYEXPIRED. The patches can be found here: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes Thanks, David Link: https://bugzilla.kernel.org/show_bug.cgi?id=216637 [1] Link: https://lore.kernel.org/r/20231211163412.2766147-1-dhowells@redhat.com # v1 Changes ======= ver #2) - Fix signed-unsigned comparison when checking return val. David Howells (3): afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry fs/afs/dynroot.c | 31 +++++++++++++++++-------------- include/linux/key-type.h | 1 + net/dns_resolver/dns_key.c | 10 +++++++++- security/keys/gc.c | 31 +++++++++++++++++++++---------- security/keys/internal.h | 8 +++++++- security/keys/key.c | 15 +++++---------- security/keys/proc.c | 2 +- 7 files changed, 61 insertions(+), 37 deletions(-)