Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp4091396rdb; Mon, 11 Dec 2023 08:34:36 -0800 (PST) X-Google-Smtp-Source: AGHT+IF3vygtoIJ6iXzZwF7Cbqt/9ynBHiKinHwQA8B9WFxLwgZ2Wa8Isq60gEPFYeV2KTdeUv+c X-Received: by 2002:a05:6a20:1044:b0:171:a2df:4e68 with SMTP id gt4-20020a056a20104400b00171a2df4e68mr1806985pzc.36.1702312475632; Mon, 11 Dec 2023 08:34:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702312475; cv=none; d=google.com; s=arc-20160816; b=KCABebNoiynJn8RACmL267Ig3sV3kjQUqTmWiD9SbEk5/a05rtrgtzb+t7NGsvb9uM Uj9ksjjV55LEcy3oAleXhY2FaB6fw8gvLHKPn76ID4K1dIKSPJKRWZHI3SsKDbTshf/v XIcmXcktAMnwEL6q/HOlI3kA3q+50+j1cXJEJy3Dj0cgYLAi1iq+pv8nAOooHh4L18X+ AwZARm3lBHFmhSZeE1u8qYteAdRN/H6YDhzVIw0H5lG/rf3OVr829POq30NO/OLAc+Jn t8DTDWpGOjNM8eZQpqXPoqR9iKcRZRXOE9Uv7rulCkPHLLvE7aj/lV+19KatV1SAbSfl Yj0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=nsV9+0B0VQ25C7AzDesdB06lttw93Mil7/MhVPbjkO0=; fh=amlZE/0bmUZb0iruJSnjcNGDWpcpLgWng4o3VdOIeS8=; b=BUlG4IzAAiap7w1rMT9H3fEe22ZPXfgq5lEUN0SWZycRyJ0TaeqiCZWebbMdlf84Aq TxyIif749kqwtBHvHhFXtuqn1YLqUx6G8YNsNvVXns0y5hhrtUl7+54oG+K0++civcPr oL3E5cMsSHw6bhnb40I4etKckwcZiBdywcdpOhSJ9OXWKjYmRpAt3B9XH1JhXXLzqKJR SFsZM950RpNZV5Ki8wEOvW0juqw1ez6oC4vgwMVEBpvuCgQcoTpGwHyN+QPbH0L773Sq hg3n/7A94kF4alNPVxROQlfJ1RrkfWkRXGYcGiFht9QJRjo35dTxIW3z1d6vr8wfxQ3U NtBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=WA0X5Tbu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id f11-20020a056a00228b00b006ce9acdf9efsi6174564pfe.79.2023.12.11.08.34.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Dec 2023 08:34:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=WA0X5Tbu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id C2605809F8BA; Mon, 11 Dec 2023 08:34:31 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344658AbjLKQeT (ORCPT + 99 others); Mon, 11 Dec 2023 11:34:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344433AbjLKQeQ (ORCPT ); Mon, 11 Dec 2023 11:34:16 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E413BF for ; Mon, 11 Dec 2023 08:34:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1702312461; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=nsV9+0B0VQ25C7AzDesdB06lttw93Mil7/MhVPbjkO0=; b=WA0X5TbuKgNI7UPPhZezbSKKMkRpZX/Kw3/MOSURtGXTu+d9RJSA5DSRMOPmxgHZAsQ06s eOQMlN1I/Z0VVQRiBx3vpx7+szpO3v9xyO+EOMphIzZNendrMwqvhJqr6wDOcw7ZAl79ie mQlcmdY+y+3wsOTqNP3nYupnVXzzT+E= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-15-Cxh188gnO_uFafuTJl-saQ-1; Mon, 11 Dec 2023 11:34:18 -0500 X-MC-Unique: Cxh188gnO_uFafuTJl-saQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2443788D131; Mon, 11 Dec 2023 16:34:18 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 143A53C2E; Mon, 11 Dec 2023 16:34:16 +0000 (UTC) From: David Howells To: Markus Suvanto , Marc Dionne Cc: David Howells , linux-afs@lists.infradead.org, keyrings@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 0/3] afs: Fix dynamic root interaction with failing DNS lookups Date: Mon, 11 Dec 2023 16:34:09 +0000 Message-ID: <20231211163412.2766147-1-dhowells@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Mon, 11 Dec 2023 08:34:31 -0800 (PST) Hi Markus, Marc, Here's a set of fixes to improve the interaction of arbitrary lookups in the AFS dynamic root that hit DNS lookup failures: (1) Always delete unused (particularly negative) dentries as soon as possible so that they don't prevent future lookups from retrying. (2) Fix the handling of new-style negative DNS lookups in ->lookup() to make them return ENOENT so that userspace doesn't get confused when stat succeeds but the following open on the looked up file then fails. (3) Fix key handling so that DNS lookup results are reclaimed as soon as they expire rather than sitting round either forever or for an additional 5 mins beyond a set expiry time returning EKEYEXPIRED. The patches can be found here: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes Thanks, David David Howells (3): afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry fs/afs/dynroot.c | 31 +++++++++++++++++-------------- include/linux/key-type.h | 1 + net/dns_resolver/dns_key.c | 10 +++++++++- security/keys/gc.c | 31 +++++++++++++++++++++---------- security/keys/internal.h | 8 +++++++- security/keys/key.c | 15 +++++---------- security/keys/proc.c | 2 +- 7 files changed, 61 insertions(+), 37 deletions(-)