[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-keyrings
Subject:    Re: [PATCH] KEYS: Do not cache key in task struct if key is requested from kernel thread
From:       Jarkko Sakkinen <jarkko () kernel ! org>
Date:       2023-03-19 13:40:43
Message-ID: 20230319134043.6xkteuo3d6nxa5cj () kernel ! org
[Download RAW message or body]

On Sun, Mar 19, 2023 at 03:39:39PM +0200, Jarkko Sakkinen wrote:
> On Tue, Mar 14, 2023 at 03:27:32PM +0000, David Howells wrote:
> > Jarkko Sakkinen <jarkko@kernel.org> wrote:
> > 
> > > Please summarize this to the commit message it is useful stuff. With
> > > this report included the patch could should also have a fixes tag.
> > 
> > I've expanded the commit message to:
> > 
> >     keys: Do not cache key in task struct if key is requested from kernel thread
> >     
> >     The key which gets cached in task structure from a kernel thread does not
> >     get invalidated even after expiry.  Due to which, a new key request from
> >     kernel thread will be served with the cached key if it's present in task
> >     struct irrespective of the key validity.  The change is to not cache key in
> >     task_struct when key requested from kernel thread so that kernel thread
> >     gets a valid key on every key request.
> >     
> >     The problem has been seen with the cifs module doing DNS lookups from a
> >     kernel thread and the results getting pinned by being attached to that
> >     kernel thread's cache - and thus not something that can be easily got rid
> >     of.  The cache would ordinarily be cleared by notify-resume, but kernel
> >     threads don't do that.
> >     
> >     This isn't seen with AFS because AFS is doing request_key() within the
> >     kernel half of a user thread - which will do notify-resume.
> >     
> >     Signed-off-by: Bharath SM <bharathsm@microsoft.com>
> >     Signed-off-by: David Howells <dhowells@redhat.com>
> >     cc: Jarkko Sakkinen <jarkko@kernel.org>
> >     cc: Shyam Prasad N <nspmangalore@gmail.com>
> >     cc: Steve French <smfrench@gmail.com>
> >     cc: keyrings@vger.kernel.org
> >     cc: linux-cifs@vger.kernel.org
> >     cc: linux-fsdevel@vger.kernel.org
> > 
> > David
> 
> Looks good to me! Can you send a version with this?

Oops, not from original sender. If you apply with this, please add

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko
[prev in list] [next in list] [prev in thread] [next in thread]