1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
6 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 only,
10 * as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License version 2 for more details (a copy is included
16 * in the LICENSE file that accompanied this code).
18 * You should have received a copy of the GNU General Public License
19 * version 2 along with this program; If not, see
20 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
22 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
23 * CA 95054 USA or visit www.sun.com if you need additional information or
29 * Copyright 2008 Sun Microsystems, Inc. All rights reserved
30 * Use is subject to license terms.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
36 * lustre/obdclass/capa.c
38 * Lustre Capability Hash Management
40 * Author: Lai Siyao<lsy@clusterfs.com>
44 # define EXPORT_SYMTAB
47 #define DEBUG_SUBSYSTEM S_SEC
50 #include <linux/version.h>
52 #include <asm/unistd.h>
53 #include <linux/slab.h>
54 #include <linux/module.h>
55 #include <linux/init.h>
57 #include <obd_class.h>
58 #include <lustre_debug.h>
59 #include <lustre/lustre_idl.h>
61 #include <liblustre.h>
64 #include <libcfs/list.h>
65 #include <lustre_capa.h>
67 #define NR_CAPAHASH 32
68 #define CAPA_HASH_SIZE 3000 /* for MDS & OSS */
70 cfs_mem_cache_t *capa_cachep = NULL;
73 /* lock for capa hash/capa_list/fo_capa_keys */
74 spinlock_t capa_lock = SPIN_LOCK_UNLOCKED;
76 struct list_head capa_list[CAPA_SITE_MAX];
78 static struct capa_hmac_alg capa_hmac_algs[] = {
79 DEF_CAPA_HMAC_ALG("sha1", SHA1, 20, 20),
83 int capa_count[CAPA_SITE_MAX] = { 0, };
85 EXPORT_SYMBOL(capa_cachep);
86 EXPORT_SYMBOL(capa_list);
87 EXPORT_SYMBOL(capa_lock);
88 EXPORT_SYMBOL(capa_count);
90 struct hlist_head *init_capa_hash(void)
92 struct hlist_head *hash;
95 OBD_ALLOC(hash, CFS_PAGE_SIZE);
99 nr_hash = CFS_PAGE_SIZE / sizeof(struct hlist_head);
100 LASSERT(nr_hash > NR_CAPAHASH);
102 for (i = 0; i < NR_CAPAHASH; i++)
103 INIT_HLIST_HEAD(hash + i);
108 static inline int capa_on_server(struct obd_capa *ocapa)
110 return ocapa->c_site == CAPA_SITE_SERVER;
113 static inline void capa_delete(struct obd_capa *ocapa)
115 LASSERT(capa_on_server(ocapa));
116 hlist_del_init(&ocapa->u.tgt.c_hash);
117 list_del_init(&ocapa->c_list);
118 capa_count[ocapa->c_site]--;
119 /* release the ref when alloc */
123 void cleanup_capa_hash(struct hlist_head *hash)
126 struct hlist_node *pos, *next;
129 spin_lock(&capa_lock);
130 for (i = 0; i < NR_CAPAHASH; i++) {
131 hlist_for_each_entry_safe(oc, pos, next, hash + i, u.tgt.c_hash)
134 spin_unlock(&capa_lock);
136 OBD_FREE(hash, CFS_PAGE_SIZE);
139 static inline int capa_hashfn(struct lu_fid *fid)
141 return (fid_oid(fid) ^ fid_ver(fid)) *
142 (unsigned long)(fid_seq(fid) + 1) % NR_CAPAHASH;
145 /* capa renewal time check is earlier than that on client, which is to prevent
146 * client renew right after obtaining it. */
147 static inline int capa_is_to_expire(struct obd_capa *oc)
149 return cfs_time_before(cfs_time_sub(oc->c_expiry,
150 cfs_time_seconds(oc->c_capa.lc_timeout)*2/3),
154 static struct obd_capa *find_capa(struct lustre_capa *capa,
155 struct hlist_head *head, int alive)
157 struct hlist_node *pos;
158 struct obd_capa *ocapa;
159 int len = alive ? offsetof(struct lustre_capa, lc_keyid):sizeof(*capa);
161 hlist_for_each_entry(ocapa, pos, head, u.tgt.c_hash) {
162 if (memcmp(&ocapa->c_capa, capa, len))
164 /* don't return one that will expire soon in this case */
165 if (alive && capa_is_to_expire(ocapa))
168 LASSERT(capa_on_server(ocapa));
170 DEBUG_CAPA(D_SEC, &ocapa->c_capa, "found");
177 #define LRU_CAPA_DELETE_COUNT 12
178 static inline void capa_delete_lru(struct list_head *head)
180 struct obd_capa *ocapa;
181 struct list_head *node = head->next;
184 /* free LRU_CAPA_DELETE_COUNT unused capa from head */
185 while (count++ < LRU_CAPA_DELETE_COUNT) {
186 ocapa = list_entry(node, struct obd_capa, c_list);
188 if (atomic_read(&ocapa->c_refc))
191 DEBUG_CAPA(D_SEC, &ocapa->c_capa, "free lru");
197 struct obd_capa *capa_add(struct hlist_head *hash, struct lustre_capa *capa)
199 struct hlist_head *head = hash + capa_hashfn(&capa->lc_fid);
200 struct obd_capa *ocapa, *old = NULL;
201 struct list_head *list = &capa_list[CAPA_SITE_SERVER];
203 ocapa = alloc_capa(CAPA_SITE_SERVER);
207 spin_lock(&capa_lock);
208 old = find_capa(capa, head, 0);
210 ocapa->c_capa = *capa;
211 set_capa_expiry(ocapa);
212 hlist_add_head(&ocapa->u.tgt.c_hash, head);
213 list_add_tail(&ocapa->c_list, list);
215 capa_count[CAPA_SITE_SERVER]++;
216 if (capa_count[CAPA_SITE_SERVER] > CAPA_HASH_SIZE)
217 capa_delete_lru(list);
218 spin_unlock(&capa_lock);
222 spin_unlock(&capa_lock);
228 struct obd_capa *capa_lookup(struct hlist_head *hash, struct lustre_capa *capa,
231 struct obd_capa *ocapa;
233 spin_lock(&capa_lock);
234 ocapa = find_capa(capa, hash + capa_hashfn(&capa->lc_fid), alive);
236 list_move_tail(&ocapa->c_list, &capa_list[CAPA_SITE_SERVER]);
239 spin_unlock(&capa_lock);
244 int capa_hmac(__u8 *hmac, struct lustre_capa *capa, __u8 *key)
246 struct ll_crypto_hash *tfm;
247 struct capa_hmac_alg *alg;
249 struct scatterlist sl;
251 if (capa_alg(capa) != CAPA_HMAC_ALG_SHA1) {
252 CERROR("unknown capability hmac algorithm!\n");
256 alg = &capa_hmac_algs[capa_alg(capa)];
258 tfm = ll_crypto_alloc_hash(alg->ha_name, 0, 0);
260 CERROR("crypto_alloc_tfm failed, check whether your kernel"
261 "has crypto support!\n");
264 keylen = alg->ha_keylen;
266 sg_set_page(&sl, virt_to_page(capa),
267 offsetof(struct lustre_capa, lc_hmac),
268 (unsigned long)(capa) % CFS_PAGE_SIZE);
270 ll_crypto_hmac(tfm, key, &keylen, &sl, sl.length, hmac);
271 ll_crypto_free_hash(tfm);
276 int capa_encrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen)
278 struct ll_crypto_cipher *tfm;
279 struct scatterlist sd;
280 struct scatterlist ss;
281 struct blkcipher_desc desc;
284 char alg[CRYPTO_MAX_ALG_NAME+1] = "aes";
287 /* passing "aes" in a variable instead of a constant string keeps gcc
289 tfm = ll_crypto_alloc_blkcipher(alg, 0, 0 );
291 CERROR("failed to load transform for aes\n");
295 min = ll_crypto_tfm_alg_min_keysize(tfm);
297 CERROR("keylen at least %d bits for aes\n", min * 8);
298 GOTO(out, rc = -EINVAL);
301 rc = ll_crypto_blkcipher_setkey(tfm, key, min);
303 CERROR("failed to setting key for aes\n");
307 sg_set_page(&sd, virt_to_page(d), 16,
308 (unsigned long)(d) % CFS_PAGE_SIZE);
310 sg_set_page(&ss, virt_to_page(s), 16,
311 (unsigned long)(s) % CFS_PAGE_SIZE);
315 rc = ll_crypto_blkcipher_encrypt(&desc, &sd, &ss, 16);
317 CERROR("failed to encrypt for aes\n");
324 ll_crypto_free_blkcipher(tfm);
328 int capa_decrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen)
330 struct ll_crypto_cipher *tfm;
331 struct scatterlist sd;
332 struct scatterlist ss;
333 struct blkcipher_desc desc;
336 char alg[CRYPTO_MAX_ALG_NAME+1] = "aes";
339 /* passing "aes" in a variable instead of a constant string keeps gcc
341 tfm = ll_crypto_alloc_blkcipher(alg, 0, 0 );
343 CERROR("failed to load transform for aes\n");
347 min = ll_crypto_tfm_alg_min_keysize(tfm);
349 CERROR("keylen at least %d bits for aes\n", min * 8);
350 GOTO(out, rc = -EINVAL);
353 rc = ll_crypto_blkcipher_setkey(tfm, key, min);
355 CERROR("failed to setting key for aes\n");
359 sg_set_page(&sd, virt_to_page(d), 16,
360 (unsigned long)(d) % CFS_PAGE_SIZE);
362 sg_set_page(&ss, virt_to_page(s), 16,
363 (unsigned long)(s) % CFS_PAGE_SIZE);
368 rc = ll_crypto_blkcipher_decrypt(&desc, &sd, &ss, 16);
370 CERROR("failed to decrypt for aes\n");
377 ll_crypto_free_blkcipher(tfm);
382 void capa_cpy(void *capa, struct obd_capa *ocapa)
384 spin_lock(&ocapa->c_lock);
385 *(struct lustre_capa *)capa = ocapa->c_capa;
386 spin_unlock(&ocapa->c_lock);
389 EXPORT_SYMBOL(init_capa_hash);
390 EXPORT_SYMBOL(cleanup_capa_hash);
391 EXPORT_SYMBOL(capa_add);
392 EXPORT_SYMBOL(capa_lookup);
393 EXPORT_SYMBOL(capa_hmac);
394 EXPORT_SYMBOL(capa_encrypt_id);
395 EXPORT_SYMBOL(capa_decrypt_id);
396 EXPORT_SYMBOL(capa_cpy);