From patchwork Mon Dec 11 21:32:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 17868 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp7350318vqy; Mon, 11 Dec 2023 13:32:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IEq2QQ4TuOQ8wjOFwbFwm303FX39+Ng8X0B1mkr1g52/0P4k31TlzndPxNuR95FUFCoDkyf X-Received: by 2002:a05:6a00:4b13:b0:6d0:93a7:dc09 with SMTP id kq19-20020a056a004b1300b006d093a7dc09mr1228467pfb.9.1702330370831; Mon, 11 Dec 2023 13:32:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702330370; cv=none; d=google.com; s=arc-20160816; b=iufz9i3xtzbaCWv53d7Rwne5ewLZhUdLkT+buiev6U2UNtffFx4yVeropVSQkh5WJL h4u652qBLouK6ArL7kwO+80kT4V2ns9oaLG1aWnyboYc0vUSKld6rvmqf/7pUZecB7H1 TravshEfD5t0W2NeVaT3xb+BDZByl9lb8At1U4Lf+kWEhyKpk/kDZHANVMwoWDFLSD1I noLlGIiEdLsolfJRageriLd4sf8+FsL+s/B/YQ5Sm1QWPSPnZXwSUlgKz5Ohy/erhp+s QX8Y0u03j8ctE+TYnWlsWPYnSCOqC1z2Qxtd9AuhgdRNu8LgsDSooIZL6O3ln6kfYFxp QjLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=W4W692KfWBl1L0qMgZ9E2R9qieSMV5xF1Y5WsFJCo/Q=; fh=amlZE/0bmUZb0iruJSnjcNGDWpcpLgWng4o3VdOIeS8=; b=TwUR98ocSS4ugQ/esjkYJUEVkPdm0KF58JgaBnpKbWScpDv05GeV8hWV09qJHj36at n2D2Q5igvj/cINL35BqxKZi6nk5amaGjqBTPPhcDaRpD5LYtEqL0xWIdAPT8P3n0ypaW KVI8l/yl0A4O5GKSvYJt6vEmUmzvUUNC8r/OHIujaabzvG6jP13Wm39uwdxR77zKg8u1 lY9YOTl/2qm7bBvaH3yv1FE5mvcAs4D1XPdrrCAxafhl+DXBPlin9191kwiX2u4rvFTe H/oZlpFsNFLPjSdTNxMtQnZqBUJfguXPXGAI2j/TITX9Q2ZrDVv0OpmsXTTcP/8C5SXC gC4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=RApMXwEw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id h15-20020a056a00218f00b006cef5bed80dsi4357219pfi.18.2023.12.11.13.32.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 13:32:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=RApMXwEw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 21019805EB2B; Mon, 11 Dec 2023 13:32:45 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344937AbjLKVcg (ORCPT + 99 others); Mon, 11 Dec 2023 16:32:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229625AbjLKVcf (ORCPT ); Mon, 11 Dec 2023 16:32:35 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42790B8 for ; Mon, 11 Dec 2023 13:32:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1702330361; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=W4W692KfWBl1L0qMgZ9E2R9qieSMV5xF1Y5WsFJCo/Q=; b=RApMXwEwoRJHiwaNvSKMpI+KqPRk6tOp0ks49NcLhy8kRGfUYX07u8JsFbdsF5bnd62YO4 /K2WFfBl6kcWKas9lnw5OABzBzm0DcfBDd8sIYYRO4ZoYyVMMwQ3JK/Kk8KchTDnxm7hc9 Z+9o9r8BXIVCUjWBOt0B1lT23cCOBg4= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-365-qAgFnwMNORan69S0adUnmw-1; Mon, 11 Dec 2023 16:32:37 -0500 X-MC-Unique: qAgFnwMNORan69S0adUnmw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E4A3828EC117; Mon, 11 Dec 2023 21:32:36 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8143A2166B31; Mon, 11 Dec 2023 21:32:35 +0000 (UTC) From: David Howells To: Markus Suvanto , Marc Dionne Cc: David Howells , linux-afs@lists.infradead.org, keyrings@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 0/3] afs: Fix dynamic root interaction with failing DNS lookups Date: Mon, 11 Dec 2023 21:32:30 +0000 Message-ID: <20231211213233.2793525-1-dhowells@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.6 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 11 Dec 2023 13:32:45 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785004001155035281 X-GMAIL-MSGID: 1785022770938009174 Hi Markus, Marc, Here's a set of fixes to improve the interaction of arbitrary lookups in the AFS dynamic root that hit DNS lookup failures[1]: (1) Always delete unused (particularly negative) dentries as soon as possible so that they don't prevent future lookups from retrying. (2) Fix the handling of new-style negative DNS lookups in ->lookup() to make them return ENOENT so that userspace doesn't get confused when stat succeeds but the following open on the looked up file then fails. (3) Fix key handling so that DNS lookup results are reclaimed as soon as they expire rather than sitting round either forever or for an additional 5 mins beyond a set expiry time returning EKEYEXPIRED. The patches can be found here: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes Thanks, David Link: https://bugzilla.kernel.org/show_bug.cgi?id=216637 [1] Link: https://lore.kernel.org/r/20231211163412.2766147-1-dhowells@redhat.com # v1 Changes ======= ver #2) - Fix signed-unsigned comparison when checking return val. David Howells (3): afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry fs/afs/dynroot.c | 31 +++++++++++++++++-------------- include/linux/key-type.h | 1 + net/dns_resolver/dns_key.c | 10 +++++++++- security/keys/gc.c | 31 +++++++++++++++++++++---------- security/keys/internal.h | 8 +++++++- security/keys/key.c | 15 +++++---------- security/keys/proc.c | 2 +- 7 files changed, 61 insertions(+), 37 deletions(-)