From patchwork Thu Dec 21 13:45:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 18427 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2483:b0:fb:cd0c:d3e with SMTP id q3csp428063dyi; Thu, 21 Dec 2023 06:02:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IE4cmeucvmfn0HSI+KBUcQXp5/BGM0yvKgohE3+d4Gl3Kmly6XSngzCe20sZnzmofHbTs3U X-Received: by 2002:a05:6a00:181c:b0:6d9:3200:a1b8 with SMTP id y28-20020a056a00181c00b006d93200a1b8mr5688926pfa.26.1703167330506; Thu, 21 Dec 2023 06:02:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703167330; cv=none; d=google.com; s=arc-20160816; b=UqvAZq8RKS1GX1Ilvha6BJZhIq82jnH0wv59OqSlf8cQiibYz8Ziw0rUCFYTYysNQd VIbI0iJtGzuWvInxONwUO4HTDLZlrrrjxTzsClRWEuCNqcohoTHCPJVk4kssBFuMMUai eIwnk1se1tea2vh4RZhjM3VAsq8k3Uakl7n6gfa1p8RK7v8bo/WKc+culPmO5ARuQnZ3 eVeMprurztssV/mVQa6T7obohqYSqXm5GHyC7sbAFJTZWaOFJXRuMk6Fc6ZvR9ghBOvd A4xIXfX9DQHxNhzJmz8AGrTKcUn1sYFmyON45oIN9QKUdbwMDYTsWgYJ/yhG0fmpjGdw PDmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=rlyXAqOlyS384Hk8kpuBXYflRK12oBrIJ43cpC5VRV8=; fh=amlZE/0bmUZb0iruJSnjcNGDWpcpLgWng4o3VdOIeS8=; b=NHHIyxJTxu7taG+L12P+ELMrzO52UKLwwQIwqXqo173ZhUb4prrQoWSnhg7aw6WyWC hBmutPjZ5P2dk5pwOUQQivEg3LgQXCw3YxXxT7GH5TKlU/Kbp0uXPkNKXRFItOoSlBOc AcZlN/fShAV41rhCwMmbv1bgCHYtmCI7bsqDpULSPOuktHJUYwhdAkJ2gNKyvpU9EZYs MUblsoyoRGUJNmQBO+1PjF7FukMBrswMMie/JiUXicllOK9vXziEBxfHLk98eR1u0SWv l0g2S/CTOYjcKYUKv587RH8PNMNxR+sZCy4h+L+jQg53aLBFnunZBjt5+LkqLCHV87eX 303w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PbFUmhFk; spf=pass (google.com: domain of linux-kernel+bounces-8516-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8516-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id x42-20020a056a000bea00b006d93fa631besi1583340pfu.222.2023.12.21.06.02.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 06:02:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8516-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PbFUmhFk; spf=pass (google.com: domain of linux-kernel+bounces-8516-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8516-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 450A128B84C for ; Thu, 21 Dec 2023 13:56:33 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8FC5958226; Thu, 21 Dec 2023 13:46:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="PbFUmhFk" X-Original-To: linux-kernel@vger.kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD09555E4F for ; Thu, 21 Dec 2023 13:46:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1703166367; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=rlyXAqOlyS384Hk8kpuBXYflRK12oBrIJ43cpC5VRV8=; b=PbFUmhFkKGxv/X2ri0PV9de3YTsXlNlm/4Iu+mkpS4P/vtu8DLy7BPvwAeFNvHkudGvLEO r84b7C4jO63cwld9KGfkDaESPx6zVpXxROgJvFCfOerhKAt0+/RyQz76shZqrSADe3xke/ ZxAbdZwjXdiaFtYvPtRcGBOqvQsoksg= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-544-hD6chBcqNRCdWwRwvh-SaA-1; Thu, 21 Dec 2023 08:46:02 -0500 X-MC-Unique: hD6chBcqNRCdWwRwvh-SaA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 653233C29A72; Thu, 21 Dec 2023 13:46:01 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.39.195.169]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4E6F7C1596E; Thu, 21 Dec 2023 13:46:00 +0000 (UTC) From: David Howells To: Markus Suvanto , Marc Dionne Cc: David Howells , linux-afs@lists.infradead.org, keyrings@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 0/3] afs: Fix dynamic root interaction with failing DNS lookups Date: Thu, 21 Dec 2023 13:45:27 +0000 Message-ID: <20231221134558.1659214-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785900386633630628 X-GMAIL-MSGID: 1785900386633630628 Hi Markus, Marc, Here's a set of fixes to improve the interaction of arbitrary lookups in the AFS dynamic root that hit DNS lookup failures[1]: (1) Always delete unused (particularly negative) dentries as soon as possible so that they don't prevent future lookups from retrying. (2) Fix the handling of new-style negative DNS lookups in ->lookup() to make them return ENOENT so that userspace doesn't get confused when stat succeeds but the following open on the looked up file then fails. (3) Fix key handling so that DNS lookup results are reclaimed as soon as they expire rather than sitting round either forever or for an additional 5 mins beyond a set expiry time returning EKEYEXPIRED. The patches can be found here: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes Thanks, David Link: https://bugzilla.kernel.org/show_bug.cgi?id=216637 [1] Link: https://lore.kernel.org/r/20231211163412.2766147-1-dhowells@redhat.com/ # v1 Link: https://lore.kernel.org/r/20231211213233.2793525-1-dhowells@redhat.com/ # v2 Link: https://lore.kernel.org/r/20231212144611.3100234-1-dhowells@redhat.com/ # v3 Changes ======= ver #4) - Reduce the negative timeout from 10s to 1s. ver #3) - Rebased to v6.7-rc5 which has an additional afs patch. - Don't add to TIME64_MAX (ie. permanent) when checking expiry time. ver #2) - Fix signed-unsigned comparison when checking return val. David Howells (3): afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry fs/afs/dynroot.c | 31 +++++++++++++++++-------------- include/linux/key-type.h | 1 + net/dns_resolver/dns_key.c | 10 +++++++++- security/keys/gc.c | 31 +++++++++++++++++++++---------- security/keys/internal.h | 11 ++++++++++- security/keys/key.c | 15 +++++---------- security/keys/proc.c | 2 +- 7 files changed, 64 insertions(+), 37 deletions(-) Reviewed-by: Jeffrey Altman