LU-17317 gss: no cache flush for rsi and rsc

RPCSEC init and RPCSEC context caches hold gss-related information
of security contexts established between network peers. These cache
entries are tightly coupled with contexts handled in the sptlrpc layer
so they must not be purged directly. They are inserted into the cache
when sptlrpc security contexts are established, and removed when the
corresponding security contexts are destroyed.

Test-Parameters: trivial
Test-Parameters: kerberos=true testlist=sanity-krb5
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Fixes: 8d828762d1 ("LU-17015 gss: support large kerberos token for rpc sec init")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I903f75a4b5229286fcaed3e9d96b5eee7f653f15
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/53377
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>

diff --git a/lustre/ptlrpc/gss/gss_internal.h b/lustre/ptlrpc/gss/gss_internal.h
index 60c25cc..baa6e77 100644 (file)
--- a/lustre/ptlrpc/gss/gss_internal.h
+++ b/lustre/ptlrpc/gss/gss_internal.h
@@ -440,14 +440,12 @@ extern struct upcall_cache_ops rsi_upcall_cache_ops;
 extern struct upcall_cache *rsicache;
 struct gss_rsi *rsi_entry_get(struct upcall_cache *cache, struct gss_rsi *rsi);
 void rsi_entry_put(struct upcall_cache *cache, struct gss_rsi *rsi);
-void rsi_flush(struct upcall_cache *cache, int hash);
 #define RSC_UPCALL_PATH "NONE"
 #define UC_RSCCACHE_HASH_SIZE 1024
 extern struct upcall_cache_ops rsc_upcall_cache_ops;
 extern struct upcall_cache *rsccache;
 struct gss_rsc *rsc_entry_get(struct upcall_cache *cache, struct gss_rsc *rsc);
 void rsc_entry_put(struct upcall_cache *cache, struct gss_rsc *rsc);
-void rsc_flush(struct upcall_cache *cache, int hash);
 void __rsc_free(struct gss_rsc *rsc);
 
 #endif /* __PTLRPC_GSS_GSS_INTERNAL_H_ */

diff --git a/lustre/ptlrpc/gss/gss_svc_upcall.c b/lustre/ptlrpc/gss/gss_svc_upcall.c
index 418587c..063a5c2 100644 (file)
--- a/lustre/ptlrpc/gss/gss_svc_upcall.c
+++ b/lustre/ptlrpc/gss/gss_svc_upcall.c
@@ -431,14 +431,6 @@ void rsi_entry_put(struct upcall_cache *cache, struct gss_rsi *rsi)
        upcall_cache_put_entry(cache, rsi->si_uc_entry);
 }
 
-void rsi_flush(struct upcall_cache *cache, int hash)
-{
-       if (hash < 0)
-               upcall_cache_flush_idle(cache);
-       else
-               upcall_cache_flush_one(cache, (__u64)hash, NULL);
-}
-
 struct upcall_cache_ops rsi_upcall_cache_ops = {
        .init_entry       = rsi_entry_init,
        .free_entry       = rsi_entry_free,
@@ -637,14 +629,6 @@ void rsc_entry_put(struct upcall_cache *cache, struct gss_rsc *rsc)
        upcall_cache_put_entry(cache, rsc->sc_uc_entry);
 }
 
-void rsc_flush(struct upcall_cache *cache, int hash)
-{
-       if (hash < 0)
-               upcall_cache_flush_idle(cache);
-       else
-               upcall_cache_flush_one(cache, (__u64)hash, NULL);
-}
-
 struct upcall_cache_ops rsc_upcall_cache_ops = {
        .init_entry       = rsc_entry_init,
        .free_entry       = rsc_entry_free,

diff --git a/lustre/ptlrpc/gss/lproc_gss.c b/lustre/ptlrpc/gss/lproc_gss.c
index e1fa748..1fe6b0d 100644 (file)
--- a/lustre/ptlrpc/gss/lproc_gss.c
+++ b/lustre/ptlrpc/gss/lproc_gss.c
@@ -231,21 +231,6 @@ out:
 }
 LPROC_SEQ_FOPS(rsi_upcall);
 
-static ssize_t lprocfs_rsi_flush_seq_write(struct file *file,
-                                          const char __user *buffer,
-                                          size_t count, void *data)
-{
-       int hash, rc;
-
-       rc = kstrtoint_from_user(buffer, count, 0, &hash);
-       if (rc)
-               return rc;
-
-       rsi_flush(rsicache, hash);
-       return count;
-}
-LPROC_SEQ_FOPS_WR_ONLY(gss, rsi_flush);
-
 static ssize_t lprocfs_rsi_info_seq_write(struct file *file,
                                          const char __user *buffer,
                                          size_t count, void *data)
@@ -348,21 +333,6 @@ static ssize_t rsi_acquire_expire_seq_write(struct file *file,
 }
 LPROC_SEQ_FOPS(rsi_acquire_expire);
 
-static ssize_t lprocfs_rsc_flush_seq_write(struct file *file,
-                                          const char __user *buffer,
-                                          size_t count, void *data)
-{
-       int hash, rc;
-
-       rc = kstrtoint_from_user(buffer, count, 0, &hash);
-       if (rc)
-               return rc;
-
-       rsc_flush(rsccache, hash);
-       return count;
-}
-LPROC_SEQ_FOPS_WR_ONLY(gss, rsc_flush);
-
 static ssize_t lprocfs_rsc_info_seq_write(struct file *file,
                                          const char __user *buffer,
                                          size_t count, void *data)
@@ -476,16 +446,12 @@ static struct lprocfs_vars gss_lprocfs_vars[] = {
 #endif
        { .name =       "rsi_upcall",
          .fops =       &rsi_upcall_fops },
-       { .name =       "rsi_flush",
-         .fops =       &gss_rsi_flush_fops },
        { .name =       "rsi_info",
          .fops =       &gss_rsi_info_fops },
        { .name =       "rsi_entry_expire",
          .fops =       &rsi_entry_expire_fops },
        { .name =       "rsi_acquire_expire",
          .fops =       &rsi_acquire_expire_fops },
-       { .name =       "rsc_flush",
-         .fops =       &gss_rsc_flush_fops },
        { .name =       "rsc_info",
          .fops =       &gss_rsc_info_fops },
        { NULL }