From: Jeffrey E Altman
Sent: Friday, May 08, 2026 13:20
To: Matteo Fois
Cc: openafs-info@openafs.org; Linux AFS mailing list; David How= ells (dhowells@redhat.com); Marc Dionne
Subject: Re: [OpenAFS] dirtyflag vulnerability and OpenAFS

Hello Matteo,

OpenAFS does not use the Linux rxrpc module for its netwo= rk communications. Instead it embeds its own Rx RPC implementation wi= thin the openafs.ko module.

Linux AFS (kafs) on the other hand relies upon the rxrpc.= ko module for its network communications.

The mailing list for discussion of Linux AFS and Rx RPC i= s linux-afs@lists.infradead.org.

I've cc'd this message to that list as well as adding the= rxrpc.ko maintainers.

Jeffrey Altman

On 5/8/2026 4:33 AM, Matteo Fois wrote:

Good Morning,

I'm a researcher at ENEA (Italy) and we use the OpenAFS filesystem extensiv= ely in our facilities.

This morning we discovered the dirtyflags vulnerability (https://github.com/V4bel/dirtyfrag) and quicky patched our machines.

The patch works by blacklisting and removing the following kernel modules: = esp4 esp6 rxrpc

The last module rxrpc we understand that it's used by OpenAFS (https://docs.kernel.org/networ= king/rxrpc.html)

We are able to use the filesystem and it seems to be working properly after= the patch, but we were wondering if there are more subtle side effects, fo= r example in performance.

Also we were curious to know what happens if one uses the kafs kernel modul= e instead of the OpenAFS client, does the blacklisted module create any pro= blem?

Thanks,

Matteo

Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle per= sone indicate e la casella di posta elettronica da cui =E8 stata inviata = =E8 da qualificarsi quale strumento aziendale.

La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di= queste informazioni sono rigorosamente vietate (art. 616 c.p, D.Lgs. n. 19= 6/2003 s.m.i. e GDPR Regolamento - UE 2016/679).

Qualora abbiate ricevuto questo documento per errore siete cortesemente pre= gati di darne immediata comunicazione al mittente e di provvedere alla sua = distruzione. Grazie.

This e-mail and any attachments is confidential and may contain privileged = information intended for the addressee(s) only.

Dissemination, copying, printing or use by anybody else is unauthorised (ar= t. 616 c.p, D.Lgs. n. 196/2003 and subsequent amendments and GDPR UE 2016/6= 79).

If you are not the intended recipient, please delete this message and any a= ttachments and advise the sender by return e -mail. Thanks.

Que= sto messaggio e i suoi allegati sono indirizzati esclusivamente alle person= e indicate e la casella di posta elettronica da cui =E8 stata inviata =E8 d= a qualificarsi quale strumento aziendale.

La = diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di qu= este informazioni sono rigorosamente vietate (art. 616 c.p, D.Lgs. n. 196/2= 003 s.m.i. e GDPR Regolamento - UE 2016/679).

Qua= lora abbiate ricevuto questo documento per errore siete cortesemente pregat= i di darne immediata comunicazione al mittente e di provvedere alla sua dis= truzione. Grazie.

Thi= s e-mail and any attachments is confidential and may contain privileged inf= ormation intended for the addressee(s) only.

Dis= semination, copying, printing or use by anybody else is unauthorised (art. = 616 c.p, D.Lgs. n. 196/2003 and subsequent amendments and GDPR UE 2016/679)= .

If = you are not the intended recipient, please delete this message and any atta= chments and advise the sender by return e -mail. Thanks.

--_000_VI1PR02MB10149586077A9303C2EA12718FD3D2VI1PR02MB10149eu_-- From jaltman@auristor.com Fri May 8 12:32:33 2026 From: jaltman@auristor.com (Jeffrey E Altman) Date: Fri, 8 May 2026 07:32:33 -0400 Subject: [OpenAFS] dirtyflag vulnerability and OpenAFS In-Reply-To: References: Message-ID: <147fbfc4-5b50-4e2e-b642-03396d6a5eb6@auristor.com> --------------ms080700040900040006040201 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 W0Fwb2xvZ2llcyBmb3IgdGhlIGR1cGxpY2F0ZSB0cmFuc21pc3Npb24gYnV0IHNvbWUgb2Yg dGhlIHJlY2lwaWVudHMgDQpvbmx5IGFjY2VwdCBwbGFpbiB0ZXh0Ww0KDQoNCkhlbGxvIE1h dHRlbywNCg0KDQpPcGVuQUZTIGRvZXMgbm90IHVzZSB0aGUgTGludXggcnhycGMgbW9kdWxl IGZvciBpdHMgbmV0d29yayANCmNvbW11bmljYXRpb25zLsKgIEluc3RlYWQgaXQgZW1iZWRz IGl0cyBvd24gUnggUlBDIGltcGxlbWVudGF0aW9uIHdpdGhpbiANCnRoZSBvcGVuYWZzLmtv IG1vZHVsZS4NCg0KDQpMaW51eCBBRlMgKGthZnMpIG9uIHRoZSBvdGhlciBoYW5kIHJlbGll cyB1cG9uIHRoZSByeHJwYy5rbyBtb2R1bGUgZm9yIA0KaXRzIG5ldHdvcmsgY29tbXVuaWNh dGlvbnMuDQoNCg0KVGhlIG1haWxpbmcgbGlzdCBmb3IgZGlzY3Vzc2lvbiBvZiBMaW51eCBB RlMgYW5kIFJ4IFJQQyBpcyANCmxpbnV4LWFmc0BsaXN0cy5pbmZyYWRlYWQub3JnLg0KDQoN CkkndmUgY2MnZCB0aGlzIG1lc3NhZ2UgdG8gdGhhdCBsaXN0IGFzIHdlbGwgYXMgYWRkaW5n IHRoZSByeHJwYy5rbyANCm1haW50YWluZXJzLg0KDQoNCkplZmZyZXkgQWx0bWFuDQoNCg0K T24gNS84LzIwMjYgNDozMyBBTSwgTWF0dGVvIEZvaXMgd3JvdGU6DQo+IEdvb2QgTW9ybmlu ZywNCj4gSSdtIGEgcmVzZWFyY2hlciBhdCBFTkVBIChJdGFseSkgYW5kIHdlIHVzZSB0aGUg T3BlbkFGUyBmaWxlc3lzdGVtIA0KPiBleHRlbnNpdmVseSBpbiBvdXIgZmFjaWxpdGllcy4N Cj4gVGhpcyBtb3JuaW5nIHdlIGRpc2NvdmVyZWQgdGhlIGRpcnR5ZmxhZ3MgdnVsbmVyYWJp bGl0eSANCj4gKGh0dHBzOi8vZ2l0aHViLmNvbS9WNGJlbC9kaXJ0eWZyYWcgDQo+IDxodHRw czovL2dpdGh1Yi5jb20vVjRiZWwvZGlydHlmcmFnPikgYW5kIHF1aWNreSBwYXRjaGVkIG91 ciBtYWNoaW5lcy4NCj4NCj4gVGhlIHBhdGNoIHdvcmtzIGJ5IGJsYWNrbGlzdGluZyBhbmQg cmVtb3ZpbmcgdGhlIGZvbGxvd2luZyBrZXJuZWwgDQo+IG1vZHVsZXM6IGVzcDQgZXNwNiBy eHJwYw0KPiBUaGUgbGFzdCBtb2R1bGUgcnhycGMgd2UgdW5kZXJzdGFuZCB0aGF0IGl0J3Mg dXNlZCBieSBPcGVuQUZTIA0KPiAoaHR0cHM6Ly9kb2NzLmtlcm5lbC5vcmcvbmV0d29ya2lu Zy9yeHJwYy5odG1sKQ0KPg0KPiBXZSBhcmUgYWJsZSB0byB1c2UgdGhlIGZpbGVzeXN0ZW0g YW5kIGl0IHNlZW1zIHRvIGJlIHdvcmtpbmcgcHJvcGVybHkgDQo+IGFmdGVyIHRoZSBwYXRj aCwgYnV0IHdlIHdlcmUgd29uZGVyaW5nIGlmIHRoZXJlIGFyZSBtb3JlIHN1YnRsZSBzaWRl IA0KPiBlZmZlY3RzLCBmb3IgZXhhbXBsZSBpbiBwZXJmb3JtYW5jZS4NCj4gQWxzbyB3ZSB3 ZXJlIGN1cmlvdXMgdG8ga25vdyB3aGF0IGhhcHBlbnMgaWYgb25lIHVzZXMgdGhlIGthZnMg a2VybmVsIA0KPiBtb2R1bGUgaW5zdGVhZCBvZiB0aGUgT3BlbkFGUyBjbGllbnQsIGRvZXMg dGhlIGJsYWNrbGlzdGVkIG1vZHVsZSANCj4gY3JlYXRlIGFueSBwcm9ibGVtPw0KPg0KPiBU aGFua3MsDQo+DQo+IE1hdHRlbw0KPg0KPg0KPg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N Cj4gUXVlc3RvIG1lc3NhZ2dpbyBlIGkgc3VvaSBhbGxlZ2F0aSBzb25vIGluZGlyaXp6YXRp IGVzY2x1c2l2YW1lbnRlIA0KPiBhbGxlIHBlcnNvbmUgaW5kaWNhdGUgZSBsYSBjYXNlbGxh IGRpIHBvc3RhIGVsZXR0cm9uaWNhIGRhIGN1aSDDqCBzdGF0YSANCj4gaW52aWF0YSDDqCBk YSBxdWFsaWZpY2Fyc2kgcXVhbGUgc3RydW1lbnRvIGF6aWVuZGFsZS4NCj4NCj4gTGEgZGlm ZnVzaW9uZSwgY29waWEgbyBxdWFsc2lhc2kgYWx0cmEgYXppb25lIGRlcml2YW50ZSBkYWxs YSANCj4gY29ub3NjZW56YSBkaSBxdWVzdGUgaW5mb3JtYXppb25pIHNvbm8gcmlnb3Jvc2Ft ZW50ZSB2aWV0YXRlIChhcnQuIDYxNiANCj4gYy5wLCBELkxncy4gbi4gMTk2LzIwMDMgcy5t LmkuIGUgR0RQUiBSZWdvbGFtZW50byAtIFVFIDIwMTYvNjc5KS4NCj4NCj4gUXVhbG9yYSBh YmJpYXRlIHJpY2V2dXRvIHF1ZXN0byBkb2N1bWVudG8gcGVyIGVycm9yZSBzaWV0ZSANCj4g Y29ydGVzZW1lbnRlIHByZWdhdGkgZGkgZGFybmUgaW1tZWRpYXRhIGNvbXVuaWNhemlvbmUg YWwgbWl0dGVudGUgZSBkaSANCj4gcHJvdnZlZGVyZSBhbGxhIHN1YSBkaXN0cnV6aW9uZS4g R3JhemllLg0KPg0KPiBUaGlzIGUtbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGlzIGNvbmZp ZGVudGlhbCBhbmQgbWF5IGNvbnRhaW4gDQo+IHByaXZpbGVnZWQgaW5mb3JtYXRpb24gaW50 ZW5kZWQgZm9yIHRoZSBhZGRyZXNzZWUocykgb25seS4NCj4NCj4gRGlzc2VtaW5hdGlvbiwg Y29weWluZywgcHJpbnRpbmcgb3IgdXNlIGJ5IGFueWJvZHkgZWxzZSBpcyANCj4gdW5hdXRo b3Jpc2VkIChhcnQuIDYxNiBjLnAsIEQuTGdzLiBuLiAxOTYvMjAwMyBhbmQgc3Vic2VxdWVu dCANCj4gYW1lbmRtZW50cyBhbmQgR0RQUiBVRSAyMDE2LzY3OSkuDQo+DQo+IElmIHlvdSBh cmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBkZWxldGUgdGhpcyBtZXNz YWdlIGFuZCANCj4gYW55IGF0dGFjaG1lbnRzIGFuZCBhZHZpc2UgdGhlIHNlbmRlciBieSBy ZXR1cm4gZSAtbWFpbC4gVGhhbmtzLg0KPg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCg== --------------ms080700040900040006040201 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC DTAwggY0MIIEHKADAgECAhBAAZimBAJ19t4m6OTgn3OxMA0GCSqGSIb3DQEBCwUAMDoxCzAJ BgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxFzAVBgNVBAMTDlRydXN0SUQgQ0EgQTE0 MB4XDTI1MDgxNDAwMzg1N1oXDTI3MTEwMTAwMzc1N1owgcwxKDAmBgNVBAUTH0EwMTQxMEMw MDAwMDE5OEE2MDQwMjY3MDAxMEYyNjIxGTAXBgNVBGETEE5UUlVTK05ZLTM1ODIyMzcxFTAT BgNVBAoTDEF1cmlTdG9yIEluYzEZMBcGA1UEAxMQSmVmZnJleSBFIEFsdG1hbjEPMA0GA1UE BBMGQWx0bWFuMRAwDgYDVQQqEwdKZWZmcmV5MSMwIQYJKoZIhvcNAQkBFhRqYWx0bWFuQGF1 cmlzdG9yLmNvbTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDKtXD1tqgXxlJvgI10FM0ZvyWukq2IeXgVhbgOk4k4PbRk1TvrGB04QatXac9soW7yHv6R hoovQ+URaXBEpBYxOE8Tsx+XfKZNkGbWj9bEdWgi8HPb33rf8eKFuhjx1QEv/YtD7lGIp7Rh KWC5kBfvyut8o3XJmJF0hCR1m663wsttrn89dwZczLU4JUjbTF0ukM0DbDk55ItDB4dXnW/u RfhrVuemMvbDily+etLCWsuJjtrjRBCQ805eYRHq5LonX3oNLdXituSHXLKvq+uChgFN/veD HKpeBnBWmoNtOQnV8fsq5NCz/WswIACeZj+xGmZsWx7fyuzee78ZePfBAgMBAAGjggGhMIIB nTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DCBhAYIKwYBBQUHAQEEeDB2MDAGCCsG AQUFBzABhiRodHRwOi8vY29tbWVyY2lhbC5vY3NwLmlkZW50cnVzdC5jb20wQgYIKwYBBQUH MAKGNmh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vY2VydHMvdHJ1c3RpZGNhYTE0 LnA3YzAfBgNVHSMEGDAWgBTC1ESZoHHPSFa+DI5oOFynt/dFvDAjBgNVHSAEHDAaMAkGB2eB DAEFAwIwDQYLYIZIAYb5LwAGAgEwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL3ZhbGlkYXRp b24uaWRlbnRydXN0LmNvbS9jcmwvdHJ1c3RpZGNhYTE0LmNybDAfBgNVHREEGDAWgRRqYWx0 bWFuQGF1cmlzdG9yLmNvbTAdBgNVHQ4EFgQUY4JHedU4owyskKPvw4gOjSyBJZUwKQYDVR0l BCIwIAYIKwYBBQUHAwIGCCsGAQUFBwMEBgorBgEEAYI3CgMMMA0GCSqGSIb3DQEBCwUAA4IC AQCeOjCscMFctL6UG8WBsFMIOHc7MpbrX7EIvO34SGVKhrbqS1RTIBQiVVWnQ4VI6qVw/n9d adUv4o1/F23s0uXE8/lGJAGn51kkw1xHU+0PGODOTWvAQOiPhSmaXG5xM4BgleroGggumd8f HRSKFK7DIdWcMMNbS6LpMAOUfXYzNBvcHbAcjJMHQ7N8pNXdEQDB9c6yIw4paVD6XDE5VFhL df6749jGqSWXpyTMjXzrPMaDyxKiNOtsUrdT/fh8+Xx84nGpwiV9PA9/cGSAPcAc/qMBgPb4 Qj9met/RUvCHPWr68Zlirgx48W/7TTZFhXKZg3U+zCj4ASOfLJ6WT4PPoM+eLHbB402WNMFk QDmWBH4bMqUcbQWxarMxdQ/jHKTsJIkvg+rTCbWbDm7hgJbnPEZrJEghy69Opa9+F1HB90AQ mb41N1PLZytu8pCGBJufyqjzNU0eyWkHJCwHDLFhoCENk/vujFCmsJUSh7a6ZMPSXf3PR4TP Kkcgs9JBT0dyPGHEfC/Lp9ZHTGSO6zswK1BddBufYi3xqHNBO/s7ft6gpNvht7oKUhVcjM7E mQCA6t2ok44PNfeG8rJZxiDv04IruCbzLFwkPczWS5uCIuP3PWCfVtMnUPDamMVWAr4Ui/s6 fy3TZbPUAPDjFRi7zpkFIKHlCS/HIHNR6Gr1lzCCBvQwggTcoAMCAQICEEABif/SaQvad8Lp 1U2SCE0wDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVz dDEnMCUGA1UEAxMeSWRlblRydXN0IENvbW1lcmNpYWwgUm9vdCBDQSAxMB4XDTIzMDgxNjE5 Mjg0NloXDTMzMDgxMjE5Mjg0NVowOjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVz dDEXMBUGA1UEAxMOVHJ1c3RJRCBDQSBBMTQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQDoqfW8senk2X/L7Viky0ZgZYnwlxqsE/vDQWARa1i7gZ0wRJ7ZOWIbjYDccsGFBhCb 8VLx1dershozyPcOizZ1LxAhstZhpz8KvKc4bHhu1+6ZJftmrDyAELLRu1gkPS0BvongGBin xoTNo0XwafmS67jFRtYHe2VQSLvy0t9xRUsgdEeYgCUAnKO5eRVQMmBBNhnsTFtO5FzNmNKn uw/TDcBbOpGrQ1FSCuOZTHw3njDtZGqiRXSruX3MCpV190CefwryeGLXCsawSz2wMQZkqtjY V9Au73Zrqg1yDVj9KGKoRnJ8cUcg1Inxs/+Bo3xcM43y2h10yDrSWFTfvPSQhUJwYKHCYJSV QLFbeH9vxFJeLlewivaKQMGEg8PpnjevzDu8PVVzr9gkWcLubhztussqdAPF+dvyXIYJb/7l 6idZkS4NeHAsrAtcv+UF+SGzSS5F28s376Kx35LUaJeOW4hQOjSj/118F9cyYAd2WlgGdBda K2PSvH7aANZQfyEhNNMzk2GP83pHXXeXy+09LkTcIlgXr2rrXepxP+WBp+Ihu4Jh5uZWQkpG UUNqKSjxIpUJ6sDIIgGIqSY/uBFSp2ff+4OLLS3Z+XQ9gBu1Szd3kQ8PrGXAI5DXayXjM9Yp psHld3OojXhoOsLdCji+be0mAgvbNa6AaSJcT7RF3QIDAQABo4IB5DCCAeAwEgYDVR0TAQH/ BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwgYkGCCsGAQUFBwEBBH0wezAwBggrBgEFBQcw AYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVudHJ1c3QuY29tMEcGCCsGAQUFBzAChjto dHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL3Jvb3RzL2NvbW1lcmNpYWxyb290Y2Ex LnA3YzAfBgNVHSMEGDAWgBTtRBnA0/AGi+6ke75C5yZUyI42djBfBgNVHSAEWDBWMFQGBFUd IAAwTDBKBggrBgEFBQcCARY+aHR0cHM6Ly9zZWN1cmUuaWRlbnRydXN0LmNvbS9jZXJ0aWZp Y2F0ZXMvcG9saWN5L3RzL2luZGV4Lmh0bWwwSgYDVR0fBEMwQTA/oD2gO4Y5aHR0cDovL3Zh bGlkYXRpb24uaWRlbnRydXN0LmNvbS9jcmwvY29tbWVyY2lhbHJvb3RjYTEuY3JsMB0GA1Ud DgQWBBTC1ESZoHHPSFa+DI5oOFynt/dFvDBBBgNVHSUEOjA4BggrBgEFBQcDAgYIKwYBBQUH AwQGCisGAQQBgjcKAwwGCisGAQQBgjcUAgIGCisGAQQBgjcKAwQwDQYJKoZIhvcNAQELBQAD ggIBAJXyFF1baV3jUq5o3Q5FIysADRg5knGSFzcliSyYTBd5YZ4FYFZSDxrQ25J87EFzq8q9 a1lQxNwcj2R3IFNfx5QWU6EApuGwiOgX9igx3EAJuOa8JnSoLUI5zKflmNqTVHSz3b94UQy/ MF+s8+OwbM8+FscUY0CxXRlOEETsW6MFXfliOSIEnQFmm5NraqzYHecXC8DJF6yTxbu1+101 T66oqkp9+EAvU+SXgSIcHDpNxAmbm6XcSQFwEZLOLSctCVeZzLsvCE1Ozr5hvEAstYh07Qm/ FtuZ+M540l2qSydFaI4yD7uH6/SsjQAARQXYzezBauwR8YOTS7PUDWejFUpHzPy4q2JdYdU2 jYTst4G7gW0+y6EQyXIiSEEaKePUrnIiRImK6ySZXDTB7A+td6giMATY61GcJUS9kdCHZ4br FJiLBg9az11c15e5SbS2bCNAMOIK6NwakjsWmh2jX+C6LJX37ehqQT0GVekYT4nGMBH89MiQ 1kFnIQcIWTagA/QqFHMhHFlUH5mWyby/6alKXu0ZeODdBRR/Tn39K6awTCVSbQH8P+KbF5kM ky9b7IFzJI/fwxr/ZVoEKCj0aoicm2TTsXgqRUI7MgiLU6hE5ersxFh5yM2IBc8za+kvkB7S eXPhzloFqmayuM2QfrqjsX1F0CopS11iOE4QVaJmMYIEATCCA/0CAQEwTjA6MQswCQYDVQQG EwJVUzESMBAGA1UEChMJSWRlblRydXN0MRcwFQYDVQQDEw5UcnVzdElEIENBIEExNAIQQAGY pgQCdfbeJujk4J9zsTANBglghkgBZQMEAgEFAKCCAoQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3 DQEHATAcBgkqhkiG9w0BCQUxDxcNMjYwNTA4MTEzMjMzWjAvBgkqhkiG9w0BCQQxIgQgmFeq 1aoQZqE8dqxmjKQ7UxIVMzOcAwbXfkPlbM5UKD8wXQYJKwYBBAGCNxAEMVAwTjA6MQswCQYD VQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MRcwFQYDVQQDEw5UcnVzdElEIENBIEExNAIQ QAGYpgQCdfbeJujk4J9zsTBfBgsqhkiG9w0BCRACCzFQoE4wOjELMAkGA1UEBhMCVVMxEjAQ BgNVBAoTCUlkZW5UcnVzdDEXMBUGA1UEAxMOVHJ1c3RJRCBDQSBBMTQCEEABmKYEAnX23ibo 5OCfc7EwggFXBgkqhkiG9w0BCQ8xggFIMIIBRDALBglghkgBZQMEASowCwYJYIZIAWUDBAEC MAoGCCqGSIb3DQMHMA0GCCqGSIb3DQMCAgEFMA0GCCqGSIb3DQMCAgEFMAcGBSsOAwIHMA0G CCqGSIb3DQMCAgEFMAcGBSsOAwIaMAsGCWCGSAFlAwQCATALBglghkgBZQMEAgIwCwYJYIZI AWUDBAIDMAsGCWCGSAFlAwQCBDALBglghkgBZQMEAgcwCwYJYIZIAWUDBAIIMAsGCWCGSAFl AwQCCTALBglghkgBZQMEAgowCwYJKoZIhvcNAQEBMAsGCSuBBRCGSD8AAjAIBgYrgQQBCwAw CAYGK4EEAQsBMAgGBiuBBAELAjAIBgYrgQQBCwMwCwYJK4EFEIZIPwADMAgGBiuBBAEOADAI BgYrgQQBDgEwCAYGK4EEAQ4CMAgGBiuBBAEOAzANBgkqhkiG9w0BAQEFAASCAQA46zaSG3/s PDeQkarihu0vIPzEXEI0q7D0lnHFuEfdh5XtH1ThkIkOro+eDBw62ERihLKL37/4rpk+PTDm BQ/inU2Sg6stG2SGgzh8CUXz1bZE3qHSczdN4652tA8UUy/8c5W/oc6vw/yhWMjGszyscaV6 /F/QPZZ2IeBF7eNa5YS3dSXjuYrMST7ZlnuuUlZMu97K1I85L9yWWZK3Jra5z3qvRhZGK6en KLgx3w8V3NbErD/C+61BD3zWZFX++OydBOJlToNHDBN5ld0aeiS8QpcuZWXqrYviqm5jS80K FRsBOpo8vbp5PPIUh6c4O7nGXfGE9mB1W2hiQjgdXAtQAAAAAAAA --------------ms080700040900040006040201-- From mmeffie@sinenomine.net Fri May 8 19:06:15 2026 From: mmeffie@sinenomine.net (Michael Meffie) Date: Fri, 8 May 2026 14:06:15 -0400 Subject: [OpenAFS] dirtyflag vulnerability and OpenAFS In-Reply-To: References: Message-ID: <20260508140615.97ac115e92c3d7d62be84d56@sinenomine.net> Hello, This message aims to clarify the impact of the recently disclosed "Dirty Frag" vulnerability on systems using OpenAFS. Here is our current understanding of the situation: 1. The OpenAFS kernel module itself is not affected by this specific class of vulnerability. This is because OpenAFS does not currently use the Linux kernel's socket buffer management system (`struct sk_buff`), which is the component affected by disclosed issues. 2. The recommended mitigation steps involve disabling the `esp4`, `esp6`, and `rxrpc` kernel modules. These actions will not negatively impact the functionality of the OpenAFS kernel module. However, they will affect the Linux native kAFS filesystem and any other applications that rely on the `AF_RXRPC` socket type. 3. It is important to understand that using OpenAFS does not prevent a system from being vulnerable to this issue. The vulnerabilities lies within the Linux kernel's ipsec and rxrpc encryption code paths. We strongly recommend that all users apply the necessary kernel updates and mitigations as they become available. Best regards, Michael -- Michael Meffie From bosse@accum.se Mon May 11 01:09:46 2026 From: bosse@accum.se (Bo Branten) Date: Mon, 11 May 2026 02:09:46 +0200 (CEST) Subject: [OpenAFS] The AFS workshop 2026 Message-ID: <4053c02b-c141-3136-d446-911a405ff33a@accum.se> On the 2025 conference they showed a slide that this year conference will be held june 8-10 and that the schedule will be published may 1. However I have not seen any advertising or schedule yet? Bo Branten