)]}'
{
  "commit": "d27c71257825dced46104eefe42e4d9964bd032e",
  "tree": "76396a8374b2bbe2c36cc0fb1ceb7958ac2e2cc3",
  "parents": [
    "e9c70084a64e51b65bb68f810692a03dc8bedffa"
  ],
  "author": {
    "name": "David Howells",
    "email": "dhowells@redhat.com",
    "time": "Fri Nov 28 10:19:05 2025 +0000"
  },
  "committer": {
    "name": "Christian Brauner",
    "email": "brauner@kernel.org",
    "time": "Fri Nov 28 11:30:10 2025 +0100"
  },
  "message": "afs: Fix delayed allocation of a cell\u0027s anonymous key\n\nThe allocation of a cell\u0027s anonymous key is done in a background thread\nalong with other cell setup such as doing a DNS upcall.  In the reported\nbug, this is triggered by afs_parse_source() parsing the device name given\nto mount() and calling afs_lookup_cell() with the name of the cell.\n\nThe normal key lookup then tries to use the key description on the\nanonymous authentication key as the reference for request_key() - but it\nmay not yet be set and so an oops can happen.\n\nThis has been made more likely to happen by the fix for dynamic lookup\nfailure.\n\nFix this by firstly allocating a reference name and attaching it to the\nafs_cell record when the record is created.  It can share the memory\nallocation with the cell name (unfortunately it can\u0027t just overlap the cell\nname by prepending it with \"afs@\" as the cell name already has a \u0027.\u0027\nprepended for other purposes).  This reference name is then passed to\nrequest_key().\n\nSecondly, the anon key is now allocated on demand at the point a key is\nrequested in afs_request_key() if it is not already allocated.  A mutex is\nused to prevent multiple allocation for a cell.\n\nThirdly, make afs_request_key_rcu() return NULL if the anonymous key isn\u0027t\nyet allocated (if we need it) and then the caller can return -ECHILD to\ndrop out of RCU-mode and afs_request_key() can be called.\n\nNote that the anonymous key is kind of necessary to make the key lookup\ncache work as that doesn\u0027t currently cache a negative lookup, but it\u0027s\nprobably worth some investigation to see if NULL can be used instead.\n\nFixes: 330e2c514823 (\"afs: Fix dynamic lookup to fail on cell lookup failure\")\nReported-by: syzbot+41c68824eefb67cdf00c@syzkaller.appspotmail.com\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nLink: https://patch.msgid.link/800328.1764325145@warthog.procyon.org.uk\ncc: Marc Dionne \u003cmarc.dionne@auristor.com\u003e\ncc: linux-afs@lists.infradead.org\ncc: linux-fsdevel@vger.kernel.org\nSigned-off-by: Christian Brauner \u003cbrauner@kernel.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "d9b6fa1088b7b356e96d1bbb3734f807c1fe2bbc",
      "old_mode": 33188,
      "old_path": "fs/afs/cell.c",
      "new_id": "71c10a05cebe56621d030810f86e80c58a041cbf",
      "new_mode": 33188,
      "new_path": "fs/afs/cell.c"
    },
    {
      "type": "modify",
      "old_id": "b92f96f567671a164504993e125bdae74f28bdb3",
      "old_mode": 33188,
      "old_path": "fs/afs/internal.h",
      "new_id": "009064b8d6616c71d9b6e68a675e862e7b2c1ead",
      "new_mode": 33188,
      "new_path": "fs/afs/internal.h"
    },
    {
      "type": "modify",
      "old_id": "6a7744c9e2a2d01c21d059560ef2ffa48015de13",
      "old_mode": 33188,
      "old_path": "fs/afs/security.c",
      "new_id": "ff8830e6982fb0f9541c8c3195b319ddd5450511",
      "new_mode": 33188,
      "new_path": "fs/afs/security.c"
    }
  ]
}