From: Sebastien Buisson Date: Thu, 13 Jun 2024 09:19:04 +0000 (+0200) Subject: LU-17940 gss: get rid of root key sooner X-Git-Tag: 2.15.64~7 X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=bffafaa5273109cea0e3b2a15d7a0b7ae965daa8;p=fs%2Flustre-release.git LU-17940 gss: get rid of root key sooner The root key associated with a GSS context (gck_key) is used to pass information between kernel and userspace during GSS context negotiation. Once the GSS context for root is up-to-date, the key is never used again, although it has a permanent validity. And when the context expires, the key is directly revoked and replaced with a new one to serve the negotiation of a new root context. So to avoid issues with keys staying in the root's kernel keyring and being accidentally revoked, just get rid of the key associated with a root context as soon as the negotiation process has finished. Test-Parameters: trivial Test-Parameters: testgroup=review-dne-selinux-ssk-part-1 Test-Parameters: testgroup=review-dne-selinux-ssk-part-2 Test-Parameters: kerberos=true testlist=sanity-krb5 Signed-off-by: Sebastien Buisson Change-Id: I4be773723b9046ed451684bd141d5ef2bc584bfb Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55406 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Andreas Dilger Reviewed-by: Aurelien Degremont Reviewed-by: Oleg Drokin --- diff --git a/lustre/ptlrpc/gss/gss_keyring.c b/lustre/ptlrpc/gss/gss_keyring.c index c1d61655..f5e45d8 100644 --- a/lustre/ptlrpc/gss/gss_keyring.c +++ b/lustre/ptlrpc/gss/gss_keyring.c @@ -364,8 +364,13 @@ static void bind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx) */ static void unbind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx) { + /* give up on revoked key, someone else already took care of it */ + if (test_bit(KEY_FLAG_REVOKED, &key->flags)) { + CDEBUG(D_SEC, "key %08x already revoked\n", key->serial); + return; + } + LASSERT(key_get_payload(key, 0) == ctx); - LASSERT(test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0); /* must revoke the key, or others may treat it as newly created */ key_revoke_locked(key); @@ -391,8 +396,6 @@ static void unbind_ctx_kr(struct ptlrpc_cli_ctx *ctx) struct key *key = ctx2gctx_keyring(ctx)->gck_key; if (key) { - LASSERT(key_get_payload(key, 0) == ctx); - key_get(key); down_write(&key->sem); unbind_key_ctx(key, ctx); @@ -1673,6 +1676,13 @@ out: * opinions here. */ if (rc == 0) { gss_cli_ctx_uptodate(gctx); + /* The companion key for root ctx can now be unbound, + * if it is still enlisted and up-to-date. + */ + if (ctx->cc_vcred.vc_uid == 0 && + test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) && + test_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags)) + unbind_key_ctx(key, ctx); } else { /* this will also revoke the key. has to be done before * wakeup waiters otherwise they can find the stale key */