4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
20 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
21 * CA 95054 USA or visit www.sun.com if you need additional information or
27 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
28 * Use is subject to license terms.
30 * Copyright (c) 2012, Intel Corporation.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
36 * lustre/obdclass/capa.c
38 * Lustre Capability Hash Management
40 * Author: Lai Siyao<lsy@clusterfs.com>
43 #define DEBUG_SUBSYSTEM S_SEC
46 #include <linux/version.h>
48 #include <asm/unistd.h>
49 #include <linux/slab.h>
50 #include <linux/module.h>
51 #include <linux/init.h>
53 #include <obd_class.h>
54 #include <lustre_debug.h>
55 #include <lustre/lustre_idl.h>
57 #include <liblustre.h>
60 #include <libcfs/list.h>
61 #include <lustre_capa.h>
63 #define NR_CAPAHASH 32
64 #define CAPA_HASH_SIZE 3000 /* for MDS & OSS */
66 struct kmem_cache *capa_cachep;
69 /* lock for capa hash/capa_list/fo_capa_keys */
70 DEFINE_SPINLOCK(capa_lock);
72 cfs_list_t capa_list[CAPA_SITE_MAX];
74 static struct capa_hmac_alg capa_hmac_algs[] = {
75 DEF_CAPA_HMAC_ALG("sha1", SHA1, 20, 20),
79 int capa_count[CAPA_SITE_MAX] = { 0, };
81 EXPORT_SYMBOL(capa_cachep);
82 EXPORT_SYMBOL(capa_list);
83 EXPORT_SYMBOL(capa_lock);
84 EXPORT_SYMBOL(capa_count);
86 cfs_hlist_head_t *init_capa_hash(void)
88 cfs_hlist_head_t *hash;
91 OBD_ALLOC(hash, PAGE_CACHE_SIZE);
95 nr_hash = PAGE_CACHE_SIZE / sizeof(cfs_hlist_head_t);
96 LASSERT(nr_hash > NR_CAPAHASH);
98 for (i = 0; i < NR_CAPAHASH; i++)
99 CFS_INIT_HLIST_HEAD(hash + i);
102 EXPORT_SYMBOL(init_capa_hash);
105 static inline int capa_on_server(struct obd_capa *ocapa)
107 return ocapa->c_site == CAPA_SITE_SERVER;
110 static inline void capa_delete(struct obd_capa *ocapa)
112 LASSERT(capa_on_server(ocapa));
113 cfs_hlist_del_init(&ocapa->u.tgt.c_hash);
114 cfs_list_del_init(&ocapa->c_list);
115 capa_count[ocapa->c_site]--;
116 /* release the ref when alloc */
120 void cleanup_capa_hash(cfs_hlist_head_t *hash)
123 cfs_hlist_node_t *pos, *next;
126 spin_lock(&capa_lock);
127 for (i = 0; i < NR_CAPAHASH; i++) {
128 cfs_hlist_for_each_entry_safe(oc, pos, next, hash + i,
132 spin_unlock(&capa_lock);
134 OBD_FREE(hash, PAGE_CACHE_SIZE);
136 EXPORT_SYMBOL(cleanup_capa_hash);
138 static inline int capa_hashfn(struct lu_fid *fid)
140 return (fid_oid(fid) ^ fid_ver(fid)) *
141 (unsigned long)(fid_seq(fid) + 1) % NR_CAPAHASH;
144 /* capa renewal time check is earlier than that on client, which is to prevent
145 * client renew right after obtaining it. */
146 static inline int capa_is_to_expire(struct obd_capa *oc)
148 return cfs_time_before(cfs_time_sub(oc->c_expiry,
149 cfs_time_seconds(oc->c_capa.lc_timeout)*2/3),
153 static struct obd_capa *find_capa(struct lustre_capa *capa,
154 cfs_hlist_head_t *head, int alive)
156 cfs_hlist_node_t *pos;
157 struct obd_capa *ocapa;
158 int len = alive ? offsetof(struct lustre_capa, lc_keyid):sizeof(*capa);
160 cfs_hlist_for_each_entry(ocapa, pos, head, u.tgt.c_hash) {
161 if (memcmp(&ocapa->c_capa, capa, len))
163 /* don't return one that will expire soon in this case */
164 if (alive && capa_is_to_expire(ocapa))
167 LASSERT(capa_on_server(ocapa));
169 DEBUG_CAPA(D_SEC, &ocapa->c_capa, "found");
176 #define LRU_CAPA_DELETE_COUNT 12
177 static inline void capa_delete_lru(cfs_list_t *head)
179 struct obd_capa *ocapa;
180 cfs_list_t *node = head->next;
183 /* free LRU_CAPA_DELETE_COUNT unused capa from head */
184 while (count++ < LRU_CAPA_DELETE_COUNT) {
185 ocapa = cfs_list_entry(node, struct obd_capa, c_list);
187 if (cfs_atomic_read(&ocapa->c_refc))
190 DEBUG_CAPA(D_SEC, &ocapa->c_capa, "free lru");
196 struct obd_capa *capa_add(cfs_hlist_head_t *hash, struct lustre_capa *capa)
198 cfs_hlist_head_t *head = hash + capa_hashfn(&capa->lc_fid);
199 struct obd_capa *ocapa, *old = NULL;
200 cfs_list_t *list = &capa_list[CAPA_SITE_SERVER];
202 ocapa = alloc_capa(CAPA_SITE_SERVER);
206 spin_lock(&capa_lock);
207 old = find_capa(capa, head, 0);
209 ocapa->c_capa = *capa;
210 set_capa_expiry(ocapa);
211 cfs_hlist_add_head(&ocapa->u.tgt.c_hash, head);
212 cfs_list_add_tail(&ocapa->c_list, list);
214 capa_count[CAPA_SITE_SERVER]++;
215 if (capa_count[CAPA_SITE_SERVER] > CAPA_HASH_SIZE)
216 capa_delete_lru(list);
217 spin_unlock(&capa_lock);
221 spin_unlock(&capa_lock);
226 EXPORT_SYMBOL(capa_add);
228 struct obd_capa *capa_lookup(cfs_hlist_head_t *hash, struct lustre_capa *capa,
231 struct obd_capa *ocapa;
233 spin_lock(&capa_lock);
234 ocapa = find_capa(capa, hash + capa_hashfn(&capa->lc_fid), alive);
236 cfs_list_move_tail(&ocapa->c_list,
237 &capa_list[CAPA_SITE_SERVER]);
240 spin_unlock(&capa_lock);
244 EXPORT_SYMBOL(capa_lookup);
246 int capa_hmac(__u8 *hmac, struct lustre_capa *capa, __u8 *key)
248 struct ll_crypto_hash *tfm;
249 struct capa_hmac_alg *alg;
251 struct scatterlist sl;
253 if (capa_alg(capa) != CAPA_HMAC_ALG_SHA1) {
254 CERROR("unknown capability hmac algorithm!\n");
258 alg = &capa_hmac_algs[capa_alg(capa)];
260 tfm = ll_crypto_alloc_hash(alg->ha_name, 0, 0);
262 CERROR("crypto_alloc_tfm failed, check whether your kernel"
263 "has crypto support!\n");
266 keylen = alg->ha_keylen;
268 sg_set_page(&sl, virt_to_page(capa),
269 offsetof(struct lustre_capa, lc_hmac),
270 (unsigned long)(capa) % PAGE_CACHE_SIZE);
272 ll_crypto_hmac(tfm, key, &keylen, &sl, sl.length, hmac);
273 ll_crypto_free_hash(tfm);
277 EXPORT_SYMBOL(capa_hmac);
279 int capa_encrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen)
281 struct ll_crypto_cipher *tfm;
282 struct scatterlist sd;
283 struct scatterlist ss;
284 struct blkcipher_desc desc;
287 char alg[CRYPTO_MAX_ALG_NAME+1] = "aes";
290 /* passing "aes" in a variable instead of a constant string keeps gcc
292 tfm = ll_crypto_alloc_blkcipher(alg, 0, 0 );
294 CERROR("failed to load transform for aes\n");
295 RETURN(PTR_ERR(tfm));
298 min = ll_crypto_tfm_alg_min_keysize(tfm);
300 CERROR("keylen at least %d bits for aes\n", min * 8);
301 GOTO(out, rc = -EINVAL);
304 rc = ll_crypto_blkcipher_setkey(tfm, key, min);
306 CERROR("failed to setting key for aes\n");
310 sg_set_page(&sd, virt_to_page(d), 16,
311 (unsigned long)(d) % PAGE_CACHE_SIZE);
313 sg_set_page(&ss, virt_to_page(s), 16,
314 (unsigned long)(s) % PAGE_CACHE_SIZE);
318 rc = ll_crypto_blkcipher_encrypt(&desc, &sd, &ss, 16);
320 CERROR("failed to encrypt for aes\n");
327 ll_crypto_free_blkcipher(tfm);
330 EXPORT_SYMBOL(capa_encrypt_id);
332 int capa_decrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen)
334 struct ll_crypto_cipher *tfm;
335 struct scatterlist sd;
336 struct scatterlist ss;
337 struct blkcipher_desc desc;
340 char alg[CRYPTO_MAX_ALG_NAME+1] = "aes";
343 /* passing "aes" in a variable instead of a constant string keeps gcc
345 tfm = ll_crypto_alloc_blkcipher(alg, 0, 0 );
347 CERROR("failed to load transform for aes\n");
348 RETURN(PTR_ERR(tfm));
351 min = ll_crypto_tfm_alg_min_keysize(tfm);
353 CERROR("keylen at least %d bits for aes\n", min * 8);
354 GOTO(out, rc = -EINVAL);
357 rc = ll_crypto_blkcipher_setkey(tfm, key, min);
359 CERROR("failed to setting key for aes\n");
363 sg_set_page(&sd, virt_to_page(d), 16,
364 (unsigned long)(d) % PAGE_CACHE_SIZE);
366 sg_set_page(&ss, virt_to_page(s), 16,
367 (unsigned long)(s) % PAGE_CACHE_SIZE);
372 rc = ll_crypto_blkcipher_decrypt(&desc, &sd, &ss, 16);
374 CERROR("failed to decrypt for aes\n");
381 ll_crypto_free_blkcipher(tfm);
384 EXPORT_SYMBOL(capa_decrypt_id);
387 void capa_cpy(void *capa, struct obd_capa *ocapa)
389 spin_lock(&ocapa->c_lock);
390 *(struct lustre_capa *)capa = ocapa->c_capa;
391 spin_unlock(&ocapa->c_lock);
393 EXPORT_SYMBOL(capa_cpy);
395 void _debug_capa(struct lustre_capa *c,
396 struct libcfs_debug_msg_data *msgdata,
397 const char *fmt, ... )
401 libcfs_debug_vmsg2(msgdata, fmt, args,
402 " capability@%p fid "DFID" opc "LPX64" uid "LPU64
403 " gid "LPU64" flags %u alg %d keyid %u timeout %u "
404 "expiry %u\n", c, PFID(capa_fid(c)), capa_opc(c),
405 capa_uid(c), capa_gid(c), capa_flags(c),
406 capa_alg(c), capa_keyid(c), capa_timeout(c),
410 EXPORT_SYMBOL(_debug_capa);
413 * context key constructor/destructor:
414 * lu_capainfo_key_init, lu_capainfo_key_fini
416 LU_KEY_INIT_FINI(lu_capainfo, struct lu_capainfo);
418 struct lu_context_key lu_capainfo_key = {
419 .lct_tags = LCT_SESSION,
420 .lct_init = lu_capainfo_key_init,
421 .lct_fini = lu_capainfo_key_fini
424 struct lu_capainfo *lu_capainfo_get(const struct lu_env *env)
426 /* NB, in mdt_init0 */
427 if (env->le_ses == NULL)
429 return lu_context_key_get(env->le_ses, &lu_capainfo_key);
431 EXPORT_SYMBOL(lu_capainfo_get);
434 * Initialization of lu_capainfo_key data.
436 int lu_capainfo_init(void)
440 LU_CONTEXT_KEY_INIT(&lu_capainfo_key);
441 rc = lu_context_key_register(&lu_capainfo_key);
446 * Dual to lu_capainfo_init().
448 void lu_capainfo_fini(void)
450 lu_context_key_degister(&lu_capainfo_key);