lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1843374.1703172614@warthog.procyon.org.uk>
Date: Thu, 21 Dec 2023 15:30:14 +0000
From: David Howells <dhowells@...hat.com>
To: torvalds@...ux-foundation.org
cc: dhowells@...hat.com, Markus Suvanto <markus.suvanto@...il.com>,
    Marc Dionne <marc.dionne@...istor.com>,
    Wang Lei <wang840925@...il.com>, Jeff Layton <jlayton@...hat.com>,
    Steve French <smfrench@...il.com>,
    Jarkko Sakkinen <jarkko@...nel.org>,
    "David S. Miller" <davem@...emloft.net>,
    Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
    Paolo Abeni <pabeni@...hat.com>, linux-afs@...ts.infradead.org,
    keyrings@...r.kernel.org, linux-cifs@...r.kernel.org,
    linux-nfs@...r.kernel.org, ceph-devel@...r.kernel.org,
    netdev@...r.kernel.org, linux-fsdevel@...r.kernel.org,
    linux-kernel@...r.kernel.org
Subject: [GIT PULL] afs, dns: Fix dynamic root interaction with negative DNS

Hi Linus,

Could you apply this, please?  It's intended to improve the interaction of
arbitrary lookups in the AFS dynamic root that hit DNS lookup failures[1]
where kafs behaves differently from openafs and causes some applications to
fail that aren't expecting that.  Further, negative DNS results aren't
getting removed and are causing failures to persist.

 (1) Always delete unused (particularly negative) dentries as soon as
     possible so that they don't prevent future lookups from retrying.

 (2) Fix the handling of new-style negative DNS lookups in ->lookup() to
     make them return ENOENT so that userspace doesn't get confused when
     stat succeeds but the following open on the looked up file then fails.

 (3) Fix key handling so that DNS lookup results are reclaimed almost as
     soon as they expire rather than sitting round either forever or for an
     additional 5 mins beyond a set expiry time returning EKEYEXPIRED.
     They persist for 1s as /bin/ls will do a second stat call if the first
     fails.

Reviewed-by: Jeffrey Altman <jaltman@...istor.com>

Thanks,
David

Link: https://bugzilla.kernel.org/show_bug.cgi?id=216637 [1]
Link: https://lore.kernel.org/r/20231211163412.2766147-1-dhowells@redhat.com/ # v1
Link: https://lore.kernel.org/r/20231211213233.2793525-1-dhowells@redhat.com/ # v2
Link: https://lore.kernel.org/r/20231212144611.3100234-1-dhowells@redhat.com/ # v3
Link: https://lore.kernel.org/r/20231221134558.1659214-1-dhowells@redhat.com/ # v4
---
The following changes since commit ceb6a6f023fd3e8b07761ed900352ef574010bcb:

  Linux 6.7-rc6 (2023-12-17 15:19:28 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/afs-fixes-20231221

for you to fetch changes up to 39299bdd2546688d92ed9db4948f6219ca1b9542:

  keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (2023-12-21 13:47:38 +0000)

----------------------------------------------------------------
AFS fixes

----------------------------------------------------------------
David Howells (3):
      afs: Fix the dynamic root's d_delete to always delete unused dentries
      afs: Fix dynamic root lookup DNS check
      keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry

 fs/afs/dynroot.c           | 31 +++++++++++++++++--------------
 include/linux/key-type.h   |  1 +
 net/dns_resolver/dns_key.c | 10 +++++++++-
 security/keys/gc.c         | 31 +++++++++++++++++++++----------
 security/keys/internal.h   | 11 ++++++++++-
 security/keys/key.c        | 15 +++++----------
 security/keys/proc.c       |  2 +-
 7 files changed, 64 insertions(+), 37 deletions(-)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ