[OpenAFS] dirtyflag vulnerability and OpenAFS
Matteo Fois
matteo.fois@enea.it
Fri, 8 May 2026 11:31:45 +0000
--_000_VI1PR02MB10149586077A9303C2EA12718FD3D2VI1PR02MB10149eu_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Thanks Jeffrey,
that's great news, as we use the kafs module only on some personal workstat=
ions.
Matteo
________________________________
From: Jeffrey E Altman
Sent: Friday, May 08, 2026 13:20
To: Matteo Fois
Cc: openafs-info@openafs.org; Linux AFS mailing list; David Howells (dhowel=
ls@redhat.com); Marc Dionne
Subject: Re: [OpenAFS] dirtyflag vulnerability and OpenAFS
Hello Matteo,
OpenAFS does not use the Linux rxrpc module for its network communications.=
Instead it embeds its own Rx RPC implementation within the openafs.ko mod=
ule.
Linux AFS (kafs) on the other hand relies upon the rxrpc.ko module for its =
network communications.
The mailing list for discussion of Linux AFS and Rx RPC is linux-afs@lists.=
infradead.org<mailto:linux-afs@lists.infradead.org>.
I've cc'd this message to that list as well as adding the rxrpc.ko maintain=
ers.
Jeffrey Altman
On 5/8/2026 4:33 AM, Matteo Fois wrote:
Good Morning,
I'm a researcher at ENEA (Italy) and we use the OpenAFS filesystem extensiv=
ely in our facilities.
This morning we discovered the dirtyflags vulnerability (https://github.com=
/V4bel/dirtyfrag) and quicky patched our machines.
The patch works by blacklisting and removing the following kernel modules: =
esp4 esp6 rxrpc
The last module rxrpc we understand that it's used by OpenAFS (https://docs=
.kernel.org/networking/rxrpc.html)
We are able to use the filesystem and it seems to be working properly after=
the patch, but we were wondering if there are more subtle side effects, fo=
r example in performance.
Also we were curious to know what happens if one uses the kafs kernel modul=
e instead of the OpenAFS client, does the blacklisted module create any pro=
blem?
Thanks,
Matteo
________________________________
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle per=
sone indicate e la casella di posta elettronica da cui =E8 stata inviata =
=E8 da qualificarsi quale strumento aziendale.
La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di=
queste informazioni sono rigorosamente vietate (art. 616 c.p, D.Lgs. n. 19=
6/2003 s.m.i. e GDPR Regolamento - UE 2016/679).
Qualora abbiate ricevuto questo documento per errore siete cortesemente pre=
gati di darne immediata comunicazione al mittente e di provvedere alla sua =
distruzione. Grazie.
This e-mail and any attachments is confidential and may contain privileged =
information intended for the addressee(s) only.
Dissemination, copying, printing or use by anybody else is unauthorised (ar=
t. 616 c.p, D.Lgs. n. 196/2003 and subsequent amendments and GDPR UE 2016/6=
79).
If you are not the intended recipient, please delete this message and any a=
ttachments and advise the sender by return e -mail. Thanks.
________________________________
________________________________
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle per=
sone indicate e la casella di posta elettronica da cui =E8 stata inviata =
=E8 da qualificarsi quale strumento aziendale.
La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di=
queste informazioni sono rigorosamente vietate (art. 616 c.p, D.Lgs. n. 19=
6/2003 s.m.i. e GDPR Regolamento - UE 2016/679).
Qualora abbiate ricevuto questo documento per errore siete cortesemente pre=
gati di darne immediata comunicazione al mittente e di provvedere alla sua =
distruzione. Grazie.
This e-mail and any attachments is confidential and may contain privileged =
information intended for the addressee(s) only.
Dissemination, copying, printing or use by anybody else is unauthorised (ar=
t. 616 c.p, D.Lgs. n. 196/2003 and subsequent amendments and GDPR UE 2016/6=
79).
If you are not the intended recipient, please delete this message and any a=
ttachments and advise the sender by return e -mail. Thanks.
________________________________
--_000_VI1PR02MB10149586077A9303C2EA12718FD3D2VI1PR02MB10149eu_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<div class=3D"elementToProof" style=3D"font-family: Aptos, Aptos_EmbeddedFo=
nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=
olor: rgb(0, 0, 0);">
Thanks Jeffrey,</div>
<div class=3D"elementToProof" style=3D"font-family: Aptos, Aptos_EmbeddedFo=
nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=
olor: rgb(0, 0, 0);">
that's great news, as we use the kafs module only on some personal workstat=
ions.</div>
<div class=3D"elementToProof" style=3D"font-family: Aptos, Aptos_EmbeddedFo=
nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=
olor: rgb(0, 0, 0);">
<br>
</div>
<div class=3D"elementToProof" style=3D"font-family: Aptos, Aptos_EmbeddedFo=
nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=
olor: rgb(0, 0, 0);">
Matteo</div>
<div><br>
</div>
<div style=3D"font-family: Calibri, Arial, Helvetica, sans-serif; font-size=
: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<hr style=3D"display: inline-block; width: 98%;">
<div style=3D"font-family: Calibri, Arial, Helvetica, sans-serif; font-size=
: 12pt; color: rgb(0, 0, 0);">
<b>From:</b> Jeffrey E Altman<br>
<b>Sent:</b> Friday, May 08, 2026 13:20<br>
<b>To:</b> Matteo Fois<br>
<b>Cc:</b> openafs-info@openafs.org; Linux AFS mailing list; David How=
ells (dhowells@redhat.com); Marc Dionne<br>
<b>Subject:</b> Re: [OpenAFS] dirtyflag vulnerability and OpenAFS </di=
v>
<div style=3D"font-family: Calibri, Arial, Helvetica, sans-serif; font-size=
: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;">Hello Matteo,</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;"><br>
</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;">OpenAFS does not use the Linux rxrpc module for its netwo=
rk communications. Instead it embeds its own Rx RPC implementation wi=
thin the openafs.ko module.</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;"><br>
</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;">Linux AFS (kafs) on the other hand relies upon the rxrpc.=
ko module for its network communications.</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;"><br>
</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;">The mailing list for discussion of Linux AFS and Rx RPC i=
s
<a href=3D"mailto:linux-afs@lists.infradead.org" id=3D"OWA3d5c186b-0d4d-6ed=
a-696b-44c32b1f53a6" class=3D"x_moz-txt-link-abbreviated OWAAutoLink" style=
=3D"margin-top: 0px; margin-bottom: 0px;">
linux-afs@lists.infradead.org</a>.</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;"><br>
</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;">I've cc'd this message to that list as well as adding the=
rxrpc.ko maintainers.</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;"><br>
</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;">Jeffrey Altman</span></p>
<p style=3D"margin-top: 0px; margin-bottom: 0px;"><span style=3D"font-famil=
y: Gill Sans MT;"><br>
</span></p>
<div>On 5/8/2026 4:33 AM, Matteo Fois wrote:</div>
<blockquote>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
Good Morning,</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
I'm a researcher at ENEA (Italy) and we use the OpenAFS filesystem extensiv=
ely in our facilities.</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
This morning we discovered the dirtyflags vulnerability (<a href=3D"https:/=
/github.com/V4bel/dirtyfrag" id=3D"OWAcb04fc56-f052-dfc4-467b-7828fab27279"=
class=3D"x_OWAAutoLink x_moz-txt-link-freetext" rel=3D"noopener noreferrer=
" data-auth=3D"NotApplicable">https://github.com/V4bel/dirtyfrag</a>)
and quicky patched our machines.</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
<br>
</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
The patch works by blacklisting and removing the following kernel modules: =
esp4 esp6 rxrpc</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
The last module rxrpc we understand that it's used by OpenAFS (<a href=3D"h=
ttps://docs.kernel.org/networking/rxrpc.html" id=3D"OWA3ff63cb1-3f9b-535b-5=
726-525a76ae45c7" class=3D"x_moz-txt-link-freetext OWAAutoLink" rel=3D"noop=
ener noreferrer" data-auth=3D"NotApplicable">https://docs.kernel.org/networ=
king/rxrpc.html</a>)</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
<br>
</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
We are able to use the filesystem and it seems to be working properly after=
the patch, but we were wondering if there are more subtle side effects, fo=
r example in performance.</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
Also we were curious to know what happens if one uses the kafs kernel modul=
e instead of the OpenAFS client, does the blacklisted module create any pro=
blem?</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
<br>
</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
Thanks,</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
<br>
</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
Matteo</div>
<div style=3D"font-family: Aptos, "Aptos_EmbeddedFont", "Apt=
os_MSFontService", Calibri, Helvetica, sans-serif; font-size: 12pt; co=
lor: rgb(0, 0, 0);">
<br>
</div>
<div><br>
<br>
</div>
<hr>
<p style=3D"margin-top: 0px; margin-bottom: 0px; font-family: Arial, Helvet=
ica, sans-serif; font-size: 13px;">
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle per=
sone indicate e la casella di posta elettronica da cui =E8 stata inviata =
=E8 da qualificarsi quale strumento aziendale.</p>
<p style=3D"margin-top: 0px; margin-bottom: 0px; font-family: Arial, Helvet=
ica, sans-serif; font-size: 13px;">
La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di=
queste informazioni sono rigorosamente vietate (art. 616 c.p, D.Lgs. n. 19=
6/2003 s.m.i. e GDPR Regolamento - UE 2016/679).</p>
<p style=3D"margin-top: 0px; margin-bottom: 0px; font-family: Arial, Helvet=
ica, sans-serif; font-size: 13px;">
Qualora abbiate ricevuto questo documento per errore siete cortesemente pre=
gati di darne immediata comunicazione al mittente e di provvedere alla sua =
distruzione. Grazie.</p>
<p style=3D"margin-top: 0px; margin-bottom: 0px; font-family: Arial, Helvet=
ica, sans-serif; font-size: 13px;">
This e-mail and any attachments is confidential and may contain privileged =
information intended for the addressee(s) only.</p>
<p style=3D"margin-top: 0px; margin-bottom: 0px; font-family: Arial, Helvet=
ica, sans-serif; font-size: 13px;">
Dissemination, copying, printing or use by anybody else is unauthorised (ar=
t. 616 c.p, D.Lgs. n. 196/2003 and subsequent amendments and GDPR UE 2016/6=
79).</p>
<p style=3D"margin-top: 0px; margin-bottom: 0px; font-family: Arial, Helvet=
ica, sans-serif; font-size: 13px;">
If you are not the intended recipient, please delete this message and any a=
ttachments and advise the sender by return e -mail. Thanks.</p>
<hr>
</blockquote>
<br>
<br>
<hr>
<p style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 13px"></p=
>
<p style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 13px">Que=
sto messaggio e i suoi allegati sono indirizzati esclusivamente alle person=
e indicate e la casella di posta elettronica da cui =E8 stata inviata =E8 d=
a qualificarsi quale strumento aziendale.
</p>
<p style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 13px">La =
diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di qu=
este informazioni sono rigorosamente vietate (art. 616 c.p, D.Lgs. n. 196/2=
003 s.m.i. e GDPR Regolamento - UE
2016/679). </p>
<p style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 13px">Qua=
lora abbiate ricevuto questo documento per errore siete cortesemente pregat=
i di darne immediata comunicazione al mittente e di provvedere alla sua dis=
truzione. Grazie.
<br>
</p>
<p style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 13px">Thi=
s e-mail and any attachments is confidential and may contain privileged inf=
ormation intended for the addressee(s) only.
</p>
<p style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 13px">Dis=
semination, copying, printing or use by anybody else is unauthorised (art. =
616 c.p, D.Lgs. n. 196/2003 and subsequent amendments and GDPR UE 2016/679)=
.
</p>
<p style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 13px">If =
you are not the intended recipient, please delete this message and any atta=
chments and advise the sender by return e -mail. Thanks.
<br>
</p>
<hr>
</body>
</html>
--_000_VI1PR02MB10149586077A9303C2EA12718FD3D2VI1PR02MB10149eu_--