* [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
@ 2023-03-12 18:53 Bharath SM
2023-03-12 21:37 ` Jarkko Sakkinen
2023-03-14 15:18 ` David Howells
0 siblings, 2 replies; 10+ messages in thread
From: Bharath SM @ 2023-03-12 18:53 UTC (permalink / raw)
To: David Howells, jarkko, keyrings; +Cc: Bharath S M, Shyam Prasad N, Steve French
The key which gets cached in task structure from a kernel thread does not
get invalidated even after expiry. Due to which, a new key request from
kernel thread will be served with the cached key if it's present in task
struct irrespective of the key validity.
The change is to not cache key in task_struct when key requested from kernel
thread so that kernel thread gets a valid key on every key request.
Signed-off-by: Bharath SM <bharathsm@microsoft.com>
---
security/keys/request_key.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 2da4404276f0..07a0ef2baacd 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -38,9 +38,12 @@ static void cache_requested_key(struct key *key)
#ifdef CONFIG_KEYS_REQUEST_CACHE
struct task_struct *t = current;
- key_put(t->cached_requested_key);
- t->cached_requested_key = key_get(key);
- set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
+ /* Do not cache key if it is a kernel thread */
+ if (!(t->flags & PF_KTHREAD)) {
+ key_put(t->cached_requested_key);
+ t->cached_requested_key = key_get(key);
+ set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
+ }
#endif
}
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
2023-03-12 18:53 [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread Bharath SM
@ 2023-03-12 21:37 ` Jarkko Sakkinen
2023-03-13 5:18 ` Bharath SM
2023-03-14 15:18 ` David Howells
1 sibling, 1 reply; 10+ messages in thread
From: Jarkko Sakkinen @ 2023-03-12 21:37 UTC (permalink / raw)
To: Bharath SM, David Howells, keyrings
Cc: Bharath S M, Shyam Prasad N, Steve French
On Mon, 2023-03-13 at 00:23 +0530, Bharath SM wrote:
> The key which gets cached in task structure from a kernel thread does not
> get invalidated even after expiry. Due to which, a new key request from
> kernel thread will be served with the cached key if it's present in task
> struct irrespective of the key validity.
> The change is to not cache key in task_struct when key requested from kernel
> thread so that kernel thread gets a valid key on every key request.
>
> Signed-off-by: Bharath SM <bharathsm@microsoft.com>
What is the context where you bumped into this?
> ---
> security/keys/request_key.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/security/keys/request_key.c b/security/keys/request_key.c
> index 2da4404276f0..07a0ef2baacd 100644
> --- a/security/keys/request_key.c
> +++ b/security/keys/request_key.c
> @@ -38,9 +38,12 @@ static void cache_requested_key(struct key *key)
> #ifdef CONFIG_KEYS_REQUEST_CACHE
> struct task_struct *t = current;
>
> - key_put(t->cached_requested_key);
> - t->cached_requested_key = key_get(key);
> - set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
> + /* Do not cache key if it is a kernel thread */
> + if (!(t->flags & PF_KTHREAD)) {
> + key_put(t->cached_requested_key);
> + t->cached_requested_key = key_get(key);
> + set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
> + }
> #endif
> }
>
> --
> 2.25.1
BR, Jarkko
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
2023-03-12 21:37 ` Jarkko Sakkinen
@ 2023-03-13 5:18 ` Bharath SM
2023-03-14 11:07 ` Jarkko Sakkinen
2023-03-14 15:27 ` David Howells
0 siblings, 2 replies; 10+ messages in thread
From: Bharath SM @ 2023-03-13 5:18 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: David Howells, keyrings, Bharath S M, Shyam Prasad N, Steve French
Linux kernel cifs module uses dns_resolver for dns resolution and
dns_resolver will use kernel keys infrastructure for key management.
Cifs module calls dns_query during reconnect for dns resolution, we noticed
an issue with dns resolution requests during reconnect operations from cifs.
Where the dns_query was failing by returning EKEYEXPIRED to cifs. And
this issue was
happening only when CONFIG_KEYS_REQUEST_CACHE was enabled.
Further debugging the keys subsystem and discussing with david howells revealed
this issue in keys subsystem.
To reproduce the issue mount a few SMB shares on device with
nosharesock mount option and try disconnecting connections a few times
using "ss -K src dport 445".
Logs from dns_resolver:
Notice that 2nd time, we can see dns_query returning -127(EKEYEXPIRED)
Disconnected first time and got right response for dns_query:
[Mon Mar 13 05:05:23 2023] [cifsd ] ==>
dns_query((null),storagesouthcus1.file.core.windows.net,38,(null))
[Mon Mar 13 05:05:23 2023] [cifsd ] call
request_key(,storagesouthcus1.file.core.windows.net,)
[Mon Mar 13 05:05:23 2023] [cifsd ] ==>
dns_query((null),storagesouthcus1.file.core.windows.net,38,(null))
[Mon Mar 13 05:05:23 2023] [cifsd ] call
request_key(,storagesouthcus1.file.core.windows.net,)
[Mon Mar 13 05:05:23 2023] [cifsd ] ==>
dns_resolver_cmp(storagesouthcus1.file.core.windows.net,storagesouthcus1.file.core.windows.net)
[Mon Mar 13 05:05:23 2023] [cifsd ] <== dns_resolver_cmp() = 1
[Mon Mar 13 05:05:23 2023] [key.dn] ==> dns_resolver_preparse('
20.150.20.136',14)
[Mon Mar 13 05:05:23 2023] [key.dn] no options
[Mon Mar 13 05:05:23 2023] [key.dn] store result
[Mon Mar 13 05:05:23 2023] [key.dn] <== dns_resolver_preparse() = 0
[Mon Mar 13 05:05:23 2023] [cifsd ] <== dns_query() = 13
[Mon Mar 13 05:05:23 2023] [cifsd ] <== dns_query() = 13
Disconnected second time, but this time we can see one of the
dns_query request is failing with -127
[Mon Mar 13 05:05:30 2023] [cifsd ] ==>
dns_query((null),storagesouthcus1.file.core.windows.net,38,(null))
[Mon Mar 13 05:05:30 2023] [cifsd ] call
request_key(,storagesouthcus1.file.core.windows.net,)
[Mon Mar 13 05:05:30 2023] [cifsd ] ==>
dns_query((null),storagesouthcus1.file.core.windows.net,38,(null))
[Mon Mar 13 05:05:30 2023] [cifsd ] call
request_key(,storagesouthcus1.file.core.windows.net,)
[Mon Mar 13 05:05:30 2023] [cifsd ] ==>
dns_resolver_cmp(storagesouthcus1.file.core.windows.net,storagesouthcus1.file.core.windows.net)
[Mon Mar 13 05:05:30 2023] [cifsd ] <== dns_resolver_cmp() = 1
[Mon Mar 13 05:05:30 2023] [cifsd ] <== dns_query() = -127
[Mon Mar 13 05:05:30 2023] [key.dn] ==> dns_resolver_preparse('
20.150.20.136',14)
[Mon Mar 13 05:05:30 2023] [key.dn] no options
[Mon Mar 13 05:05:30 2023] [key.dn] store result
[Mon Mar 13 05:05:30 2023] [key.dn] <== dns_resolver_preparse() = 0
[Mon Mar 13 05:05:30 2023] [cifsd ] <== dns_query() = 13
On Mon, Mar 13, 2023 at 3:07 AM Jarkko Sakkinen <jarkko@kernel.org> wrote:
>
> On Mon, 2023-03-13 at 00:23 +0530, Bharath SM wrote:
> > The key which gets cached in task structure from a kernel thread does not
> > get invalidated even after expiry. Due to which, a new key request from
> > kernel thread will be served with the cached key if it's present in task
> > struct irrespective of the key validity.
> > The change is to not cache key in task_struct when key requested from kernel
> > thread so that kernel thread gets a valid key on every key request.
> >
> > Signed-off-by: Bharath SM <bharathsm@microsoft.com>
>
> What is the context where you bumped into this?
>
> > ---
> > security/keys/request_key.c | 9 ++++++---
> > 1 file changed, 6 insertions(+), 3 deletions(-)
> >
> > diff --git a/security/keys/request_key.c b/security/keys/request_key.c
> > index 2da4404276f0..07a0ef2baacd 100644
> > --- a/security/keys/request_key.c
> > +++ b/security/keys/request_key.c
> > @@ -38,9 +38,12 @@ static void cache_requested_key(struct key *key)
> > #ifdef CONFIG_KEYS_REQUEST_CACHE
> > struct task_struct *t = current;
> >
> > - key_put(t->cached_requested_key);
> > - t->cached_requested_key = key_get(key);
> > - set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
> > + /* Do not cache key if it is a kernel thread */
> > + if (!(t->flags & PF_KTHREAD)) {
> > + key_put(t->cached_requested_key);
> > + t->cached_requested_key = key_get(key);
> > + set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
> > + }
> > #endif
> > }
> >
> > --
> > 2.25.1
>
> BR, Jarkko
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
2023-03-13 5:18 ` Bharath SM
@ 2023-03-14 11:07 ` Jarkko Sakkinen
2023-03-14 15:27 ` David Howells
1 sibling, 0 replies; 10+ messages in thread
From: Jarkko Sakkinen @ 2023-03-14 11:07 UTC (permalink / raw)
To: Bharath SM
Cc: David Howells, keyrings, Bharath S M, Shyam Prasad N, Steve French
On Mon, Mar 13, 2023 at 10:48:29AM +0530, Bharath SM wrote:
> Linux kernel cifs module uses dns_resolver for dns resolution and
> dns_resolver will use kernel keys infrastructure for key management.
> Cifs module calls dns_query during reconnect for dns resolution, we noticed
> an issue with dns resolution requests during reconnect operations from cifs.
> Where the dns_query was failing by returning EKEYEXPIRED to cifs. And
> this issue was
> happening only when CONFIG_KEYS_REQUEST_CACHE was enabled.
> Further debugging the keys subsystem and discussing with david howells revealed
> this issue in keys subsystem.
>
> To reproduce the issue mount a few SMB shares on device with
> nosharesock mount option and try disconnecting connections a few times
> using "ss -K src dport 445".
>
> Logs from dns_resolver:
> Notice that 2nd time, we can see dns_query returning -127(EKEYEXPIRED)
>
> Disconnected first time and got right response for dns_query:
>
> [Mon Mar 13 05:05:23 2023] [cifsd ] ==>
> dns_query((null),storagesouthcus1.file.core.windows.net,38,(null))
> [Mon Mar 13 05:05:23 2023] [cifsd ] call
> request_key(,storagesouthcus1.file.core.windows.net,)
> [Mon Mar 13 05:05:23 2023] [cifsd ] ==>
> dns_query((null),storagesouthcus1.file.core.windows.net,38,(null))
> [Mon Mar 13 05:05:23 2023] [cifsd ] call
> request_key(,storagesouthcus1.file.core.windows.net,)
> [Mon Mar 13 05:05:23 2023] [cifsd ] ==>
> dns_resolver_cmp(storagesouthcus1.file.core.windows.net,storagesouthcus1.file.core.windows.net)
> [Mon Mar 13 05:05:23 2023] [cifsd ] <== dns_resolver_cmp() = 1
> [Mon Mar 13 05:05:23 2023] [key.dn] ==> dns_resolver_preparse('
> 20.150.20.136',14)
> [Mon Mar 13 05:05:23 2023] [key.dn] no options
> [Mon Mar 13 05:05:23 2023] [key.dn] store result
> [Mon Mar 13 05:05:23 2023] [key.dn] <== dns_resolver_preparse() = 0
> [Mon Mar 13 05:05:23 2023] [cifsd ] <== dns_query() = 13
> [Mon Mar 13 05:05:23 2023] [cifsd ] <== dns_query() = 13
>
> Disconnected second time, but this time we can see one of the
> dns_query request is failing with -127
>
> [Mon Mar 13 05:05:30 2023] [cifsd ] ==>
> dns_query((null),storagesouthcus1.file.core.windows.net,38,(null))
> [Mon Mar 13 05:05:30 2023] [cifsd ] call
> request_key(,storagesouthcus1.file.core.windows.net,)
> [Mon Mar 13 05:05:30 2023] [cifsd ] ==>
> dns_query((null),storagesouthcus1.file.core.windows.net,38,(null))
> [Mon Mar 13 05:05:30 2023] [cifsd ] call
> request_key(,storagesouthcus1.file.core.windows.net,)
> [Mon Mar 13 05:05:30 2023] [cifsd ] ==>
> dns_resolver_cmp(storagesouthcus1.file.core.windows.net,storagesouthcus1.file.core.windows.net)
> [Mon Mar 13 05:05:30 2023] [cifsd ] <== dns_resolver_cmp() = 1
> [Mon Mar 13 05:05:30 2023] [cifsd ] <== dns_query() = -127
> [Mon Mar 13 05:05:30 2023] [key.dn] ==> dns_resolver_preparse('
> 20.150.20.136',14)
> [Mon Mar 13 05:05:30 2023] [key.dn] no options
> [Mon Mar 13 05:05:30 2023] [key.dn] store result
> [Mon Mar 13 05:05:30 2023] [key.dn] <== dns_resolver_preparse() = 0
> [Mon Mar 13 05:05:30 2023] [cifsd ] <== dns_query() = 13
Please summarize this to the commit message it is useful stuff. With
this report included the patch could should also have a fixes tag.
BR, Jarkko
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
2023-03-12 18:53 [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread Bharath SM
2023-03-12 21:37 ` Jarkko Sakkinen
@ 2023-03-14 15:18 ` David Howells
1 sibling, 0 replies; 10+ messages in thread
From: David Howells @ 2023-03-14 15:18 UTC (permalink / raw)
To: Bharath SM
Cc: dhowells, jarkko, keyrings, Bharath S M, Shyam Prasad N, Steve French
Bharath SM <bharathsm.hsk@gmail.com> wrote:
> diff --git a/security/keys/request_key.c b/security/keys/request_key.c
> index 2da4404276f0..07a0ef2baacd 100644
> --- a/security/keys/request_key.c
> +++ b/security/keys/request_key.c
> @@ -38,9 +38,12 @@ static void cache_requested_key(struct key *key)
> #ifdef CONFIG_KEYS_REQUEST_CACHE
> struct task_struct *t = current;
>
> - key_put(t->cached_requested_key);
> - t->cached_requested_key = key_get(key);
> - set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
> + /* Do not cache key if it is a kernel thread */
> + if (!(t->flags & PF_KTHREAD)) {
> + key_put(t->cached_requested_key);
> + t->cached_requested_key = key_get(key);
> + set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
> + }
> #endif
> }
It seems all the tabs got converted into spaces. I'll manually apply it.
David
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
2023-03-13 5:18 ` Bharath SM
2023-03-14 11:07 ` Jarkko Sakkinen
@ 2023-03-14 15:27 ` David Howells
2023-03-15 15:13 ` Bharath SM
2023-03-19 13:39 ` Jarkko Sakkinen
1 sibling, 2 replies; 10+ messages in thread
From: David Howells @ 2023-03-14 15:27 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: dhowells, Bharath SM, keyrings, Bharath S M, Shyam Prasad N,
Steve French
Jarkko Sakkinen <jarkko@kernel.org> wrote:
> Please summarize this to the commit message it is useful stuff. With
> this report included the patch could should also have a fixes tag.
I've expanded the commit message to:
keys: Do not cache key in task struct if key is requested from kernel thread
The key which gets cached in task structure from a kernel thread does not
get invalidated even after expiry. Due to which, a new key request from
kernel thread will be served with the cached key if it's present in task
struct irrespective of the key validity. The change is to not cache key in
task_struct when key requested from kernel thread so that kernel thread
gets a valid key on every key request.
The problem has been seen with the cifs module doing DNS lookups from a
kernel thread and the results getting pinned by being attached to that
kernel thread's cache - and thus not something that can be easily got rid
of. The cache would ordinarily be cleared by notify-resume, but kernel
threads don't do that.
This isn't seen with AFS because AFS is doing request_key() within the
kernel half of a user thread - which will do notify-resume.
Signed-off-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jarkko Sakkinen <jarkko@kernel.org>
cc: Shyam Prasad N <nspmangalore@gmail.com>
cc: Steve French <smfrench@gmail.com>
cc: keyrings@vger.kernel.org
cc: linux-cifs@vger.kernel.org
cc: linux-fsdevel@vger.kernel.org
David
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
2023-03-14 15:27 ` David Howells
@ 2023-03-15 15:13 ` Bharath SM
2023-03-15 15:34 ` Bharath SM
2023-03-19 13:39 ` Jarkko Sakkinen
1 sibling, 1 reply; 10+ messages in thread
From: Bharath SM @ 2023-03-15 15:13 UTC (permalink / raw)
To: David Howells
Cc: Jarkko Sakkinen, keyrings, Bharath S M, Shyam Prasad N, Steve French
On Tue, Mar 14, 2023 at 8:58 PM David Howells <dhowells@redhat.com> wrote:
>
> Jarkko Sakkinen <jarkko@kernel.org> wrote:
>
> > Please summarize this to the commit message it is useful stuff. With
> > this report included the patch could should also have a fixes tag.
>
> I've expanded the commit message to:
>
> keys: Do not cache key in task struct if key is requested from kernel thread
>
> The key which gets cached in task structure from a kernel thread does not
> get invalidated even after expiry. Due to which, a new key request from
> kernel thread will be served with the cached key if it's present in task
> struct irrespective of the key validity. The change is to not cache key in
> task_struct when key requested from kernel thread so that kernel thread
> gets a valid key on every key request.
>
> The problem has been seen with the cifs module doing DNS lookups from a
> kernel thread and the results getting pinned by being attached to that
> kernel thread's cache - and thus not something that can be easily got rid
> of. The cache would ordinarily be cleared by notify-resume, but kernel
> threads don't do that.
>
> This isn't seen with AFS because AFS is doing request_key() within the
> kernel half of a user thread - which will do notify-resume.
>
> Signed-off-by: Bharath SM <bharathsm@microsoft.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: Jarkko Sakkinen <jarkko@kernel.org>
> cc: Shyam Prasad N <nspmangalore@gmail.com>
> cc: Steve French <smfrench@gmail.com>
> cc: keyrings@vger.kernel.org
> cc: linux-cifs@vger.kernel.org
> cc: linux-fsdevel@vger.kernel.org
>
> David
Your expanded commit message looks fine. Can we please mark this
commit for a stable kernel since it fixes some serious reconnect
problem.?
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
2023-03-15 15:13 ` Bharath SM
@ 2023-03-15 15:34 ` Bharath SM
0 siblings, 0 replies; 10+ messages in thread
From: Bharath SM @ 2023-03-15 15:34 UTC (permalink / raw)
To: David Howells
Cc: Jarkko Sakkinen, keyrings, Bharath S M, Shyam Prasad N, Steve French
On Wed, Mar 15, 2023 at 8:43 PM Bharath SM <bharathsm.hsk@gmail.com> wrote:
>
> On Tue, Mar 14, 2023 at 8:58 PM David Howells <dhowells@redhat.com> wrote:
> >
> > Jarkko Sakkinen <jarkko@kernel.org> wrote:
> >
> > > Please summarize this to the commit message it is useful stuff. With
> > > this report included the patch could should also have a fixes tag.
> >
> > I've expanded the commit message to:
> >
> > keys: Do not cache key in task struct if key is requested from kernel thread
> >
> > The key which gets cached in task structure from a kernel thread does not
> > get invalidated even after expiry. Due to which, a new key request from
> > kernel thread will be served with the cached key if it's present in task
> > struct irrespective of the key validity. The change is to not cache key in
> > task_struct when key requested from kernel thread so that kernel thread
> > gets a valid key on every key request.
> >
> > The problem has been seen with the cifs module doing DNS lookups from a
> > kernel thread and the results getting pinned by being attached to that
> > kernel thread's cache - and thus not something that can be easily got rid
> > of. The cache would ordinarily be cleared by notify-resume, but kernel
> > threads don't do that.
> >
> > This isn't seen with AFS because AFS is doing request_key() within the
> > kernel half of a user thread - which will do notify-resume.
> >
> > Signed-off-by: Bharath SM <bharathsm@microsoft.com>
> > Signed-off-by: David Howells <dhowells@redhat.com>
> > cc: Jarkko Sakkinen <jarkko@kernel.org>
> > cc: Shyam Prasad N <nspmangalore@gmail.com>
> > cc: Steve French <smfrench@gmail.com>
> > cc: keyrings@vger.kernel.org
> > cc: linux-cifs@vger.kernel.org
> > cc: linux-fsdevel@vger.kernel.org
> >
> > David
>
> Your expanded commit message looks fine. Can we please mark this
> commit for a stable kernel since it fixes some serious reconnect
> problem.?
Adding Fixes tag:
Fixes: 7743c48e54ee ("keys: Cache result of request_key*() temporarily
in task_struct")
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
2023-03-14 15:27 ` David Howells
2023-03-15 15:13 ` Bharath SM
@ 2023-03-19 13:39 ` Jarkko Sakkinen
2023-03-19 13:40 ` Jarkko Sakkinen
1 sibling, 1 reply; 10+ messages in thread
From: Jarkko Sakkinen @ 2023-03-19 13:39 UTC (permalink / raw)
To: David Howells
Cc: Bharath SM, keyrings, Bharath S M, Shyam Prasad N, Steve French
On Tue, Mar 14, 2023 at 03:27:32PM +0000, David Howells wrote:
> Jarkko Sakkinen <jarkko@kernel.org> wrote:
>
> > Please summarize this to the commit message it is useful stuff. With
> > this report included the patch could should also have a fixes tag.
>
> I've expanded the commit message to:
>
> keys: Do not cache key in task struct if key is requested from kernel thread
>
> The key which gets cached in task structure from a kernel thread does not
> get invalidated even after expiry. Due to which, a new key request from
> kernel thread will be served with the cached key if it's present in task
> struct irrespective of the key validity. The change is to not cache key in
> task_struct when key requested from kernel thread so that kernel thread
> gets a valid key on every key request.
>
> The problem has been seen with the cifs module doing DNS lookups from a
> kernel thread and the results getting pinned by being attached to that
> kernel thread's cache - and thus not something that can be easily got rid
> of. The cache would ordinarily be cleared by notify-resume, but kernel
> threads don't do that.
>
> This isn't seen with AFS because AFS is doing request_key() within the
> kernel half of a user thread - which will do notify-resume.
>
> Signed-off-by: Bharath SM <bharathsm@microsoft.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: Jarkko Sakkinen <jarkko@kernel.org>
> cc: Shyam Prasad N <nspmangalore@gmail.com>
> cc: Steve French <smfrench@gmail.com>
> cc: keyrings@vger.kernel.org
> cc: linux-cifs@vger.kernel.org
> cc: linux-fsdevel@vger.kernel.org
>
> David
Looks good to me! Can you send a version with this?
BR, Jarkko
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
2023-03-19 13:39 ` Jarkko Sakkinen
@ 2023-03-19 13:40 ` Jarkko Sakkinen
0 siblings, 0 replies; 10+ messages in thread
From: Jarkko Sakkinen @ 2023-03-19 13:40 UTC (permalink / raw)
To: David Howells
Cc: Bharath SM, keyrings, Bharath S M, Shyam Prasad N, Steve French
On Sun, Mar 19, 2023 at 03:39:39PM +0200, Jarkko Sakkinen wrote:
> On Tue, Mar 14, 2023 at 03:27:32PM +0000, David Howells wrote:
> > Jarkko Sakkinen <jarkko@kernel.org> wrote:
> >
> > > Please summarize this to the commit message it is useful stuff. With
> > > this report included the patch could should also have a fixes tag.
> >
> > I've expanded the commit message to:
> >
> > keys: Do not cache key in task struct if key is requested from kernel thread
> >
> > The key which gets cached in task structure from a kernel thread does not
> > get invalidated even after expiry. Due to which, a new key request from
> > kernel thread will be served with the cached key if it's present in task
> > struct irrespective of the key validity. The change is to not cache key in
> > task_struct when key requested from kernel thread so that kernel thread
> > gets a valid key on every key request.
> >
> > The problem has been seen with the cifs module doing DNS lookups from a
> > kernel thread and the results getting pinned by being attached to that
> > kernel thread's cache - and thus not something that can be easily got rid
> > of. The cache would ordinarily be cleared by notify-resume, but kernel
> > threads don't do that.
> >
> > This isn't seen with AFS because AFS is doing request_key() within the
> > kernel half of a user thread - which will do notify-resume.
> >
> > Signed-off-by: Bharath SM <bharathsm@microsoft.com>
> > Signed-off-by: David Howells <dhowells@redhat.com>
> > cc: Jarkko Sakkinen <jarkko@kernel.org>
> > cc: Shyam Prasad N <nspmangalore@gmail.com>
> > cc: Steve French <smfrench@gmail.com>
> > cc: keyrings@vger.kernel.org
> > cc: linux-cifs@vger.kernel.org
> > cc: linux-fsdevel@vger.kernel.org
> >
> > David
>
> Looks good to me! Can you send a version with this?
Oops, not from original sender. If you apply with this, please add
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2023-03-19 13:40 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-12 18:53 [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread Bharath SM
2023-03-12 21:37 ` Jarkko Sakkinen
2023-03-13 5:18 ` Bharath SM
2023-03-14 11:07 ` Jarkko Sakkinen
2023-03-14 15:27 ` David Howells
2023-03-15 15:13 ` Bharath SM
2023-03-15 15:34 ` Bharath SM
2023-03-19 13:39 ` Jarkko Sakkinen
2023-03-19 13:40 ` Jarkko Sakkinen
2023-03-14 15:18 ` David Howells
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).