On Fri, 2 Sep 2016, Jeff Layton wrote:
/* return error if we tried this already recently */ if (time_before(jiffies, tlink->tl_time + TLINK_ERROR_EXPIRE)) { cifs_put_tlink(tlink); return ERR_PTR(-EACCES); } Essentially, the CIFS layer is caching the failed key look-up for a second even though in the intervening time the kernel has received a suitable key.Interesting. It has been a while since that code was written, but IIRC the main worry was spamming the server (and upcalls) that are just going to fail.
The keys subsystem has negative caching for request_key() calls that fail, and it keeps those much longer than the CIFS timeout. So at least the upcalls to user space are properly rate-limited.
A more subtle approach may make sense there though. One idea might be to continue to retry for a period of time, and only back off with EACCES errors after that. Or, we could just sleep in the kernel for a bit, and retry there, and only give up after that fails for a while.
I think the right thing might be to distinguish request_key() failures from other kinds of failure, and to only apply the rate limit to failures that didn't come from request_key().
-- Ben Harris, University of Cambridge Information Services.
