I'm not sure this patch actually solves your problem. > request_key_and_link() depends on getting an -EAGAIN result code to know > when to perform an upcall to refresh an expired key. request_key_and_link() should return EKEYEXPIRED if it meets an expired key until that key gets gc'd. What we lack is that bit to upcall to refresh the expired key. /sbin/request-key can support it - the first column has 'create' for key creation and can hold other values for updating a key and KEYCTL_UPDATE can be allowed to unexpire a key. Possibly I should be only returning EKEYEXPIRED if the key instantiation was rejected so and simply invalidate the key if it's in-memory expiration occurs. Making this so will cause failures in the testsuite, but I think that's okay. Another option is to allow keys to be specifically marked at immediate-gc-on-expire such that you never see them in the expired state unless you're holding a ref on one inside the kernel. David -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
