From: Shyam Prasad N <nspmangalore@gmail.com>
To: Steve French <smfrench@gmail.com>, Paulo Alcantara <pc@cjr.nz>,
David Howells <dhowells@redhat.com>,
CIFS <linux-cifs@vger.kernel.org>
Subject: [PATCH] cifs: invalidate dns resolver keys after use
Date: Sat, 18 Dec 2021 09:53:18 -0800 [thread overview]
Message-ID: <CANT5p=rxedYesnqitKypJ3X9YU6eANo4zSDid_aKjk7EBCDStg@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 251 bytes --]
Hi Steve/Paulo/David,
Please review the attached patch.
I noticed that DNS resolution did not always upcall to userspace when
the IP address changed. This addresses the fix for it.
I would even recommend CC:stable for this one.
--
Regards,
Shyam
[-- Attachment #2: 0001-cifs-invalidate-dns-resolver-keys-after-use.patch --]
[-- Type: application/octet-stream, Size: 1620 bytes --]
From 604ab4c350c2552daa8e77f861a54032b49bc706 Mon Sep 17 00:00:00 2001
From: Shyam Prasad N <sprasad@microsoft.com>
Date: Sat, 18 Dec 2021 17:28:10 +0000
Subject: [PATCH] cifs: invalidate dns resolver keys after use
We rely on dns resolver module to upcall to userspace
using request_key and get us the DNS mapping.
However, the invalidate arg for dns_query was set
to false, which meant that the key created during the
first call for a hostname would continue to be cached
till it expires. This expiration period depends on
how the dns_resolver is configured.
Fixing this by setting invalidate=true during dns_query.
This means that the key will be cleaned up by dns_resolver
soon after it returns the data. This also means that
the dns_resolver subsystem will not cache the key for
an interval indicated by the DNS records TTL. But this is
okay since we use the TTL value returned to schedule the
next lookup.
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
---
fs/cifs/dns_resolve.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifs/dns_resolve.c b/fs/cifs/dns_resolve.c
index 0458d28d71aa..8890af1537ef 100644
--- a/fs/cifs/dns_resolve.c
+++ b/fs/cifs/dns_resolve.c
@@ -66,7 +66,7 @@ dns_resolve_server_name_to_ip(const char *unc, char **ip_addr, time64_t *expiry)
/* Perform the upcall */
rc = dns_query(current->nsproxy->net_ns, NULL, hostname, len,
- NULL, ip_addr, expiry, false);
+ NULL, ip_addr, expiry, true);
if (rc < 0)
cifs_dbg(FYI, "%s: unable to resolve: %*.*s\n",
__func__, len, len, hostname);
next reply other threads:[~2021-12-18 17:53 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-18 17:53 Shyam Prasad N [this message]
2021-12-19 22:25 ` [PATCH] cifs: invalidate dns resolver keys after use Enzo Matsumiya
2021-12-23 5:02 ` Shyam Prasad N
2021-12-23 8:42 ` David Howells
2021-12-23 20:33 ` Enzo Matsumiya
2022-01-05 13:12 ` David Howells
2021-12-20 12:55 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANT5p=rxedYesnqitKypJ3X9YU6eANo4zSDid_aKjk7EBCDStg@mail.gmail.com' \
--to=nspmangalore@gmail.com \
--cc=dhowells@redhat.com \
--cc=linux-cifs@vger.kernel.org \
--cc=pc@cjr.nz \
--cc=smfrench@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.