LU-16734 gss: fix lookup_user_key() bug

With more recent kernels, like on Ubuntu 22.04, trying to
delete some keyring resources trigger a kernel warning message
and cleaning is not successful, leading to stuck resources
and warning messages being regularly printed.

This is because Linux 5.8, in commit 8c0637e, introduced an API
change for lookup_user_key() that was not taken in account.

Update the lookup_user_key() call from _user_key() to fix it.

Change-Id: I34ef4dac3f56cbb4aac6bc5a3bad36feb66b8675
Signed-off-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/50623
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-by: Jonathan Calmels <jcalmels@nvidia.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>

diff --git a/libcfs/autoconf/lustre-libcfs.m4 b/libcfs/autoconf/lustre-libcfs.m4
index 4d66b10..19bc8ae 100644 (file)
--- a/libcfs/autoconf/lustre-libcfs.m4
+++ b/libcfs/autoconf/lustre-libcfs.m4
@@ -1948,6 +1948,28 @@ AC_DEFUN([LIBCFS_KERNEL_SETSOCKOPT], [
 ]) # LIBCFS_KERNEL_SETSOCKOPT
 
 #
+# LIBCFS_KEY_NEED_UNLINK
+#
+# kernel 5.8 commit 8c0637e950d68933a67f7438f779d79b049b5e5c
+# keys: Make the KEY_NEED_* perms an enum rather than a mask
+#
+AC_DEFUN([LIBCFS_SRC_KEY_NEED_UNLINK], [
+       LB2_LINUX_TEST_SRC([key_need_unlink_exists], [
+               #include <linux/key.h>
+               #include <linux/keyctl.h>
+       ],[
+               lookup_user_key(0, 0, KEY_NEED_UNLINK);
+       ],[-Werror])
+])
+AC_DEFUN([LIBCFS_KEY_NEED_UNLINK], [
+       AC_MSG_CHECKING([if KEY_NEED_UNLINK exists])
+       LB2_LINUX_TEST_RESULT([key_need_unlink_exists], [
+               AC_DEFINE(HAVE_KEY_NEED_UNLINK, 1,
+                       [KEY_NEED_UNLINK exists])
+       ])
+]) # LIBCFS_KEY_NEED_UNLINK
+
+#
 # LIBCFS_SEC_RELEASE_SECCTX
 #
 # kernel linux-hwe-5.8 (5.8.0-22.23~20.04.1)
@@ -2392,13 +2414,14 @@ AC_DEFUN([LIBCFS_PROG_LINUX_SRC], [
        LIBCFS_SRC_TCP_SOCK_SET_KEEPINTVL
        LIBCFS_SRC_TCP_SOCK_SET_KEEPCNT
        # 5.8
+       LIBCFS_SRC_IP6_SET_PREF
+       LIBCFS_SRC_VMALLOC_2ARGS
        LIBCFS_SRC_HAVE_NR_UNSTABLE_NFS
        LIBCFS_SRC_HAVE_MMAP_LOCK
        LIBCFS_SRC_KERNEL_SETSOCKOPT
-       LIBCFS_SRC_IP6_SET_PREF
-       LIBCFS_SRC_VMALLOC_2ARGS
-       # 5.10
+       LIBCFS_SRC_KEY_NEED_UNLINK
        LIBCFS_SRC_SEC_RELEASE_SECCTX
+       # 5.10
        LIBCFS_SRC_HAVE_KFREE_SENSITIVE
        LIBCFS_SRC_HAVE_LIST_CMP_FUNC_T
        LIBCFS_SRC_NLA_STRLCPY
@@ -2535,13 +2558,14 @@ AC_DEFUN([LIBCFS_PROG_LINUX_RESULTS], [
        LIBCFS_TCP_SOCK_SET_KEEPINTVL
        LIBCFS_TCP_SOCK_SET_KEEPCNT
        # 5.8
+       LIBCFS_IP6_SET_PREF
+       LIBCFS_VMALLOC_2ARGS
        LIBCFS_HAVE_NR_UNSTABLE_NFS
        LIBCFS_HAVE_MMAP_LOCK
        LIBCFS_KERNEL_SETSOCKOPT
-       LIBCFS_IP6_SET_PREF
-       LIBCFS_VMALLOC_2ARGS
-       # 5.10
+       LIBCFS_KEY_NEED_UNLINK
        LIBCFS_SEC_RELEASE_SECCTX
+       # 5.10
        LIBCFS_HAVE_KFREE_SENSITIVE
        LIBCFS_HAVE_LIST_CMP_FUNC_T
        LIBCFS_NLA_STRLCPY

diff --git a/lustre/ptlrpc/gss/gss_keyring.c b/lustre/ptlrpc/gss/gss_keyring.c
index 824197b..08ad7d1 100644 (file)
--- a/lustre/ptlrpc/gss/gss_keyring.c
+++ b/lustre/ptlrpc/gss/gss_keyring.c
@@ -617,26 +617,31 @@ static inline int user_is_root(struct ptlrpc_sec *sec, struct vfs_cred *vcred)
 }
 
 /*
- * kernel 5.3: commit 0f44e4d976f96c6439da0d6717238efa4b91196e
- * keys: Move the user and user-session keyrings to the user_namespace
- *
  * When lookup_user_key is available use the kernel API rather than directly
  * accessing the uid_keyring and session_keyring via the current process
  * credentials.
  */
 #ifdef HAVE_LOOKUP_USER_KEY
 
+#ifdef HAVE_KEY_NEED_UNLINK
 /* from Linux security/keys/internal.h: */
-#ifndef KEY_LOOKUP_FOR_UNLINK
-#define KEY_LOOKUP_FOR_UNLINK          0x04
-#endif
+#  ifndef KEY_LOOKUP_PARTIAL
+#    define KEY_LOOKUP_PARTIAL 0x2
+#  endif
+#else
+#  define KEY_NEED_UNLINK 0
+#  ifndef KEY_LOOKUP_FOR_UNLINK
+#    define KEY_LOOKUP_FOR_UNLINK 0x4
+#  endif
+#  define KEY_LOOKUP_PARTIAL KEY_LOOKUP_FOR_UNLINK
+#endif /* HAVE_KEY_NEED_UNLINK */
 
 static struct key *_user_key(key_serial_t id)
 {
        key_ref_t ref;
 
        might_sleep();
-       ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0);
+       ref = lookup_user_key(id, KEY_LOOKUP_PARTIAL, KEY_NEED_UNLINK);
        if (IS_ERR(ref))
                return NULL;
        return key_ref_to_ptr(ref);