#include <linux/types.h>
#include <linux/init.h>
#include <linux/module.h>
+#include <linux/random.h>
#include <linux/slab.h>
#include <linux/hash.h>
#include <linux/mutex.h>
#include "gss_err.h"
#include "gss_internal.h"
#include "gss_api.h"
+#include "gss_crypto.h"
#define GSS_SVC_UPCALL_TIMEOUT (20)
static DEFINE_SPINLOCK(__ctx_index_lock);
static __u64 __ctx_index;
+unsigned int krb5_allow_old_client_csum;
+
__u64 gss_get_next_ctx_index(void)
{
__u64 idx;
static struct rsi *rsi_update(struct rsi *new, struct rsi *old);
static struct rsi *rsi_lookup(struct rsi *item);
+#ifdef HAVE_CACHE_DETAIL_WRITERS
+static inline int channel_users(struct cache_detail *cd)
+{
+ return atomic_read(&cd->writers);
+}
+#else
+static inline int channel_users(struct cache_detail *cd)
+{
+ return atomic_read(&cd->readers);
+}
+#endif
+
static inline int rsi_hash(struct rsi *item)
{
return hash_mem((char *)item->in_handle.data, item->in_handle.len,
if (first_check) {
first_check = 0;
- read_lock(&rsi_cache.hash_lock);
+ cache_read_lock(&rsi_cache);
valid = test_bit(CACHE_VALID, &rsip->h.flags);
if (valid == 0)
set_current_state(TASK_INTERRUPTIBLE);
- read_unlock(&rsi_cache.hash_lock);
+ cache_read_unlock(&rsi_cache);
if (valid == 0) {
- unsigned long jiffies;
- jiffies = msecs_to_jiffies(MSEC_PER_SEC *
- GSS_SVC_UPCALL_TIMEOUT);
- schedule_timeout(jiffies);
+ unsigned long timeout;
+
+ timeout = cfs_time_seconds(GSS_SVC_UPCALL_TIMEOUT);
+ schedule_timeout(timeout);
}
cache_get(&rsip->h);
goto cache_check;
grctx->src_ctx = &rsci->ctx;
}
+ if (gw->gw_flags & LUSTRE_GSS_PACK_KCSUM) {
+ grctx->src_ctx->gsc_mechctx->hash_func = gss_digest_hash;
+ } else if (!strcmp(grctx->src_ctx->gsc_mechctx->mech_type->gm_name,
+ "krb5") &&
+ !krb5_allow_old_client_csum) {
+ CWARN("%s: deny connection from '%s' due to missing 'krb_csum' feature, set 'sptlrpc.gss.krb5_allow_old_client_csum=1' to allow, but recommend client upgrade: rc = %d\n",
+ target->obd_name, libcfs_nid2str(req->rq_peer.nid),
+ -EPROTO);
+ GOTO(out, rc = SECSVC_DROP);
+ } else {
+ grctx->src_ctx->gsc_mechctx->hash_func =
+ gss_digest_hash_compat;
+ }
+
if (rawobj_dup(&rsci->ctx.gsc_rvs_hdl, rvs_hdl)) {
CERROR("failed duplicate reverse handle\n");
GOTO(out, rc);
* sequence number checking, thus no chance to sent error notification
* back to clients.
*/
- cfs_get_random_bytes(&__ctx_index, sizeof(__ctx_index));
+ get_random_bytes(&__ctx_index, sizeof(__ctx_index));
rc = _cache_register_net(&rsi_cache, &init_net);
if (rc != 0)
* Here we wait at minimum 1.5 seconds.
*/
for (i = 0; i < 6; i++) {
- if (atomic_read(&rsi_cache.readers) > 0)
+ if (channel_users(&rsi_cache) > 0)
break;
set_current_state(TASK_UNINTERRUPTIBLE);
- LASSERT(msecs_to_jiffies(MSEC_PER_SEC / 4) > 0);
- schedule_timeout(msecs_to_jiffies(MSEC_PER_SEC / 4));
+ schedule_timeout(cfs_time_seconds(1) / 4);
}
- if (atomic_read(&rsi_cache.readers) == 0)
+ if (channel_users(&rsi_cache) == 0)
CWARN("Init channel is not opened by lsvcgssd, following "
"request might be dropped until lsvcgssd is active\n");