From: David Howells <dhowells@redhat.com>
To: chuck.lever@oracle.com, cth@carlh.net
Cc: neilb@suse.de, linux-nfs@vger.kernel.org, keyrings@linux-nfs.org
Subject: Re: [Keyrings] [PATCH] KEYS: Simplify KEYRING_SEARCH_{NO, DO}_STATE_CHECK flags
Date: Tue, 18 Nov 2014 15:49:45 +0000 [thread overview]
Message-ID: <21959.1416325785@warthog.procyon.org.uk> (raw)
In-Reply-To: <8829.1416236894@warthog.procyon.org.uk>
David Howells <dhowells@redhat.com> wrote:
> I'm not sure this patch actually solves your problem.
>
> > request_key_and_link() depends on getting an -EAGAIN result code to know
> > when to perform an upcall to refresh an expired key.
>
> request_key_and_link() should return EKEYEXPIRED if it meets an expired key
> until that key gets gc'd.
>
> What we lack is that bit to upcall to refresh the expired key.
> /sbin/request-key can support it - the first column has 'create' for key
> creation and can hold other values for updating a key and KEYCTL_UPDATE can be
> allowed to unexpire a key.
>
> Possibly I should be only returning EKEYEXPIRED if the key instantiation was
> rejected so and simply invalidate the key if it's in-memory expiration
> occurs. Making this so will cause failures in the testsuite, but I think
> that's okay.
>
> Another option is to allow keys to be specifically marked at
> immediate-gc-on-expire such that you never see them in the expired state
> unless you're holding a ref on one inside the kernel.
Having thought about it some more, I think the thing to do is to have
request_key() do as add_key() does and either replace or update a key that's
locally expired.
A key that was rejected (negatively instantiated) with EKEYEXPIRED as the
error to present should present that error instead with request_key() is
invoked.
Invalidated keys shouldn't be returned by the search algorithm.
Revoked keys should probably fail with EKEYREVOKED. Invalidation rather than
revocation should be used to evict keys from memory.
Keyctl functions that access an expired key for other purposes, such as to
read the contents, should fail with EKEYEXPIRED still (apart from unlink and
invalidate which should always succeed given appropriate permissions).
I'm going to work on a patch on this basis.
David
_______________________________________________
Keyrings mailing list
Keyrings@linux-nfs.org
To change your subscription to this list, please see http://linux-nfs.org/cgi-bin/mailman/listinfo/keyrings
prev parent reply other threads:[~2014-11-18 15:49 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-30 17:46 [PATCH] KEYS: Ensure expired keys are renewed Chuck Lever
2014-11-13 0:15 ` NeilBrown
2014-11-13 15:09 ` Chuck Lever
2014-11-13 15:29 ` Benjamin Coddington
2014-11-14 12:20 ` David Howells
2014-11-14 15:06 ` Chuck Lever
2014-11-14 14:06 ` [Keyrings] [PATCH 1/3] KEYS: request_key_and_link() needs to request state checks when searching David Howells
2014-11-14 14:06 ` [Keyrings] [PATCH 2/3] KEYS: When searching a keyring, restore KEYRING_SEARCH_DO_STATE_CHECK David Howells
2014-11-14 14:06 ` [Keyrings] [PATCH 3/3] KEYS: KEYRING_SEARCH_NO_STATE_CHECK overrides KEYRING_SEARCH_DO_STATE_CHECK David Howells
2014-11-14 14:49 ` Are both DO_STATE_CHECK and NO_STATE_CHECK required? David Howells
2014-11-14 15:13 ` [Keyrings] " Chuck Lever
2014-11-14 15:18 ` [Keyrings] [PATCH] KEYS: search_nested_keyrings() should honour NO_STATE_CHECK for the root David Howells
2014-11-14 15:19 ` David Howells
2014-11-14 15:39 ` [Keyrings] [PATCH] KEYS: Simplify KEYRING_SEARCH_{NO, DO}_STATE_CHECK flags David Howells
2014-11-17 15:08 ` David Howells
2014-11-17 15:48 ` Chuck Lever
2014-11-18 15:49 ` David Howells [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=21959.1416325785@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=cth@carlh.net \
--cc=keyrings@linux-nfs.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox