/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
* vim:expandtab:shiftwidth=8:tabstop=8:
*
- * Copyright (C) 2004-2006 Cluster File Systems, Inc.
+ * GPL HEADER START
*
- * This file is part of Lustre, http://www.lustre.org.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
- * Lustre is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License as published by the Free Software Foundation.
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 only,
+ * as published by the Free Software Foundation.
*
- * Lustre is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License version 2 for more details (a copy is included
+ * in the LICENSE file that accompanied this code).
*
- * You should have received a copy of the GNU General Public License
- * along with Lustre; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; If not, see
+ * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ *
+ * GPL HEADER END
+ */
+/*
+ * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Use is subject to license terms.
+ */
+/*
+ * This file is part of Lustre, http://www.lustre.org/
+ * Lustre is a trademark of Sun Microsystems, Inc.
+ *
+ * lustre/ptlrpc/sec.c
+ *
+ * Author: Eric Mei <ericm@clusterfs.com>
*/
#ifndef EXPORT_SYMTAB
* policy registers *
***********************************************/
-static rwlock_t policy_lock = RW_LOCK_UNLOCKED;
+static cfs_rwlock_t policy_lock;
static struct ptlrpc_sec_policy *policies[SPTLRPC_POLICY_MAX] = {
NULL,
};
int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy)
{
- __u32 number = policy->sp_policy;
+ __u16 number = policy->sp_policy;
LASSERT(policy->sp_name);
LASSERT(policy->sp_cops);
if (number >= SPTLRPC_POLICY_MAX)
return -EINVAL;
- write_lock(&policy_lock);
+ cfs_write_lock(&policy_lock);
if (unlikely(policies[number])) {
- write_unlock(&policy_lock);
+ cfs_write_unlock(&policy_lock);
return -EALREADY;
}
policies[number] = policy;
- write_unlock(&policy_lock);
+ cfs_write_unlock(&policy_lock);
CDEBUG(D_SEC, "%s: registered\n", policy->sp_name);
return 0;
int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy)
{
- __u32 number = policy->sp_policy;
+ __u16 number = policy->sp_policy;
LASSERT(number < SPTLRPC_POLICY_MAX);
- write_lock(&policy_lock);
+ cfs_write_lock(&policy_lock);
if (unlikely(policies[number] == NULL)) {
- write_unlock(&policy_lock);
+ cfs_write_unlock(&policy_lock);
CERROR("%s: already unregistered\n", policy->sp_name);
return -EINVAL;
}
LASSERT(policies[number] == policy);
policies[number] = NULL;
- write_unlock(&policy_lock);
+ cfs_write_unlock(&policy_lock);
CDEBUG(D_SEC, "%s: unregistered\n", policy->sp_name);
return 0;
EXPORT_SYMBOL(sptlrpc_unregister_policy);
static
-struct ptlrpc_sec_policy * sptlrpc_flavor2policy(ptlrpc_sec_flavor_t flavor)
+struct ptlrpc_sec_policy * sptlrpc_wireflavor2policy(__u32 flavor)
{
-#ifdef CONFIG_KMOD
- static DECLARE_MUTEX(load_mutex);
-#endif
- static atomic_t loaded = ATOMIC_INIT(0);
- struct ptlrpc_sec_policy *policy;
- __u32 number = SEC_FLAVOR_POLICY(flavor), flag = 0;
+ static CFS_DECLARE_MUTEX(load_mutex);
+ static cfs_atomic_t loaded = CFS_ATOMIC_INIT(0);
+ struct ptlrpc_sec_policy *policy;
+ __u16 number = SPTLRPC_FLVR_POLICY(flavor);
+ __u16 flag = 0;
if (number >= SPTLRPC_POLICY_MAX)
return NULL;
-#ifdef CONFIG_KMOD
-again:
-#endif
- read_lock(&policy_lock);
- policy = policies[number];
- if (policy && !try_module_get(policy->sp_owner))
- policy = NULL;
- if (policy == NULL)
- flag = atomic_read(&loaded);
- read_unlock(&policy_lock);
-
-#ifdef CONFIG_KMOD
- /* if failure, try to load gss module, once */
- if (unlikely(policy == NULL) &&
- flag == 0 &&
- (number == SPTLRPC_POLICY_GSS ||
- number == SPTLRPC_POLICY_GSS_PIPEFS)) {
- mutex_down(&load_mutex);
- if (atomic_read(&loaded) == 0) {
- if (request_module("ptlrpc_gss") != 0)
- CERROR("Unable to load module ptlrpc_gss\n");
+ while (1) {
+ cfs_read_lock(&policy_lock);
+ policy = policies[number];
+ if (policy && !cfs_try_module_get(policy->sp_owner))
+ policy = NULL;
+ if (policy == NULL)
+ flag = cfs_atomic_read(&loaded);
+ cfs_read_unlock(&policy_lock);
+
+ if (policy != NULL || flag != 0 ||
+ number != SPTLRPC_POLICY_GSS)
+ break;
+
+ /* try to load gss module, once */
+ cfs_mutex_down(&load_mutex);
+ if (cfs_atomic_read(&loaded) == 0) {
+ if (cfs_request_module("ptlrpc_gss") == 0)
+ CWARN("module ptlrpc_gss loaded on demand\n");
else
- CWARN("module ptlrpc_gss loaded\n");
+ CERROR("Unable to load module ptlrpc_gss\n");
- atomic_set(&loaded, 1);
+ cfs_atomic_set(&loaded, 1);
}
- mutex_up(&load_mutex);
-
- goto again;
+ cfs_mutex_up(&load_mutex);
}
-#endif
return policy;
}
-ptlrpc_sec_flavor_t sptlrpc_name2flavor(const char *name)
+__u32 sptlrpc_name2flavor_base(const char *name)
{
if (!strcmp(name, "null"))
return SPTLRPC_FLVR_NULL;
return SPTLRPC_FLVR_PLAIN;
if (!strcmp(name, "krb5n"))
return SPTLRPC_FLVR_KRB5N;
+ if (!strcmp(name, "krb5a"))
+ return SPTLRPC_FLVR_KRB5A;
if (!strcmp(name, "krb5i"))
return SPTLRPC_FLVR_KRB5I;
if (!strcmp(name, "krb5p"))
return SPTLRPC_FLVR_INVALID;
}
-EXPORT_SYMBOL(sptlrpc_name2flavor);
+EXPORT_SYMBOL(sptlrpc_name2flavor_base);
-char *sptlrpc_flavor2name(ptlrpc_sec_flavor_t flavor)
+const char *sptlrpc_flavor2name_base(__u32 flvr)
{
- switch (flavor) {
- case SPTLRPC_FLVR_NULL:
+ __u32 base = SPTLRPC_FLVR_BASE(flvr);
+
+ if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_NULL))
return "null";
- case SPTLRPC_FLVR_PLAIN:
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_PLAIN))
return "plain";
- case SPTLRPC_FLVR_KRB5N:
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5N))
return "krb5n";
- case SPTLRPC_FLVR_KRB5A:
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5A))
return "krb5a";
- case SPTLRPC_FLVR_KRB5I:
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5I))
return "krb5i";
- case SPTLRPC_FLVR_KRB5P:
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5P))
return "krb5p";
- default:
- CERROR("invalid flavor 0x%x(p%u,s%u,v%u)\n", flavor,
- SEC_FLAVOR_POLICY(flavor), SEC_FLAVOR_MECH(flavor),
- SEC_FLAVOR_SVC(flavor));
+
+ CERROR("invalid wire flavor 0x%x\n", flvr);
+ return "invalid";
+}
+EXPORT_SYMBOL(sptlrpc_flavor2name_base);
+
+char *sptlrpc_flavor2name_bulk(struct sptlrpc_flavor *sf,
+ char *buf, int bufsize)
+{
+ if (SPTLRPC_FLVR_POLICY(sf->sf_rpc) == SPTLRPC_POLICY_PLAIN)
+ snprintf(buf, bufsize, "hash:%s",
+ sptlrpc_get_hash_name(sf->u_bulk.hash.hash_alg));
+ else
+ snprintf(buf, bufsize, "%s",
+ sptlrpc_flavor2name_base(sf->sf_rpc));
+
+ buf[bufsize - 1] = '\0';
+ return buf;
+}
+EXPORT_SYMBOL(sptlrpc_flavor2name_bulk);
+
+char *sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize)
+{
+ snprintf(buf, bufsize, "%s", sptlrpc_flavor2name_base(sf->sf_rpc));
+
+ /*
+ * currently we don't support customized bulk specification for
+ * flavors other than plain
+ */
+ if (SPTLRPC_FLVR_POLICY(sf->sf_rpc) == SPTLRPC_POLICY_PLAIN) {
+ char bspec[16];
+
+ bspec[0] = '-';
+ sptlrpc_flavor2name_bulk(sf, &bspec[1], sizeof(bspec) - 1);
+ strncat(buf, bspec, bufsize);
}
- return "UNKNOWN";
+
+ buf[bufsize - 1] = '\0';
+ return buf;
}
EXPORT_SYMBOL(sptlrpc_flavor2name);
+char *sptlrpc_secflags2str(__u32 flags, char *buf, int bufsize)
+{
+ buf[0] = '\0';
+
+ if (flags & PTLRPC_SEC_FL_REVERSE)
+ strncat(buf, "reverse,", bufsize);
+ if (flags & PTLRPC_SEC_FL_ROOTONLY)
+ strncat(buf, "rootonly,", bufsize);
+ if (flags & PTLRPC_SEC_FL_UDESC)
+ strncat(buf, "udesc,", bufsize);
+ if (flags & PTLRPC_SEC_FL_BULK)
+ strncat(buf, "bulk,", bufsize);
+ if (buf[0] == '\0')
+ strncat(buf, "-,", bufsize);
+
+ buf[bufsize - 1] = '\0';
+ return buf;
+}
+EXPORT_SYMBOL(sptlrpc_secflags2str);
+
/**************************************************
* client context APIs *
**************************************************/
LASSERT(sec);
LASSERT(sec->ps_policy->sp_cops->lookup_ctx);
- if (sec->ps_flags & (PTLRPC_SEC_FL_REVERSE | PTLRPC_SEC_FL_ROOTONLY)) {
+ if (sec->ps_flvr.sf_flags & (PTLRPC_SEC_FL_REVERSE |
+ PTLRPC_SEC_FL_ROOTONLY)) {
vcred.vc_uid = 0;
vcred.vc_gid = 0;
- if (sec->ps_flags & PTLRPC_SEC_FL_REVERSE) {
+ if (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE) {
create = 0;
remove_dead = 0;
}
} else {
- vcred.vc_uid = cfs_current()->uid;
- vcred.vc_gid = cfs_current()->gid;
+ vcred.vc_uid = cfs_curproc_uid();
+ vcred.vc_gid = cfs_curproc_gid();
}
return sec->ps_policy->sp_cops->lookup_ctx(sec, &vcred,
struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx)
{
- LASSERT(atomic_read(&ctx->cc_refcount) > 0);
- atomic_inc(&ctx->cc_refcount);
+ cfs_atomic_inc(&ctx->cc_refcount);
return ctx;
}
EXPORT_SYMBOL(sptlrpc_cli_ctx_get);
struct ptlrpc_sec *sec = ctx->cc_sec;
LASSERT(sec);
- LASSERT(atomic_read(&ctx->cc_refcount));
+ LASSERT_ATOMIC_POS(&ctx->cc_refcount);
- if (!atomic_dec_and_test(&ctx->cc_refcount))
+ if (!cfs_atomic_dec_and_test(&ctx->cc_refcount))
return;
sec->ps_policy->sp_cops->release_ctx(sec, ctx, sync);
}
EXPORT_SYMBOL(sptlrpc_cli_ctx_put);
-/*
- * expire the context immediately.
- * the caller must hold at least 1 ref on the ctx.
+/**
+ * Expire the client context immediately.
+ *
+ * \pre Caller must hold at least 1 reference on the \a ctx.
*/
void sptlrpc_cli_ctx_expire(struct ptlrpc_cli_ctx *ctx)
{
}
EXPORT_SYMBOL(sptlrpc_cli_ctx_expire);
+/**
+ * To wake up the threads who are waiting for this client context. Called
+ * after some status change happened on \a ctx.
+ */
void sptlrpc_cli_ctx_wakeup(struct ptlrpc_cli_ctx *ctx)
{
struct ptlrpc_request *req, *next;
- spin_lock(&ctx->cc_lock);
- list_for_each_entry_safe(req, next, &ctx->cc_req_list, rq_ctx_chain) {
- list_del_init(&req->rq_ctx_chain);
- ptlrpc_wake_client_req(req);
+ cfs_spin_lock(&ctx->cc_lock);
+ cfs_list_for_each_entry_safe(req, next, &ctx->cc_req_list,
+ rq_ctx_chain) {
+ cfs_list_del_init(&req->rq_ctx_chain);
+ ptlrpc_client_wake_req(req);
}
- spin_unlock(&ctx->cc_lock);
+ cfs_spin_unlock(&ctx->cc_lock);
}
EXPORT_SYMBOL(sptlrpc_cli_ctx_wakeup);
return ctx->cc_ops->display(ctx, buf, bufsize);
}
+static int import_sec_check_expire(struct obd_import *imp)
+{
+ int adapt = 0;
+
+ cfs_spin_lock(&imp->imp_lock);
+ if (imp->imp_sec_expire &&
+ imp->imp_sec_expire < cfs_time_current_sec()) {
+ adapt = 1;
+ imp->imp_sec_expire = 0;
+ }
+ cfs_spin_unlock(&imp->imp_lock);
+
+ if (!adapt)
+ return 0;
+
+ CDEBUG(D_SEC, "found delayed sec adapt expired, do it now\n");
+ return sptlrpc_import_sec_adapt(imp, NULL, 0);
+}
+
+static int import_sec_validate_get(struct obd_import *imp,
+ struct ptlrpc_sec **sec)
+{
+ int rc;
+
+ if (unlikely(imp->imp_sec_expire)) {
+ rc = import_sec_check_expire(imp);
+ if (rc)
+ return rc;
+ }
+
+ *sec = sptlrpc_import_sec_ref(imp);
+ if (*sec == NULL) {
+ CERROR("import %p (%s) with no sec\n",
+ imp, ptlrpc_import_state_name(imp->imp_state));
+ return -EACCES;
+ }
+
+ if (unlikely((*sec)->ps_dying)) {
+ CERROR("attempt to use dying sec %p\n", sec);
+ sptlrpc_sec_put(*sec);
+ return -EACCES;
+ }
+
+ return 0;
+}
+
+/**
+ * Given a \a req, find or allocate a appropriate context for it.
+ * \pre req->rq_cli_ctx == NULL.
+ *
+ * \retval 0 succeed, and req->rq_cli_ctx is set.
+ * \retval -ev error number, and req->rq_cli_ctx == NULL.
+ */
int sptlrpc_req_get_ctx(struct ptlrpc_request *req)
{
struct obd_import *imp = req->rq_import;
+ struct ptlrpc_sec *sec;
+ int rc;
ENTRY;
LASSERT(!req->rq_cli_ctx);
LASSERT(imp);
- if (imp->imp_sec == NULL) {
- CERROR("import %p (%s) with no sec pointer\n",
- imp, ptlrpc_import_state_name(imp->imp_state));
- RETURN(-EACCES);
- }
+ rc = import_sec_validate_get(imp, &sec);
+ if (rc)
+ RETURN(rc);
+
+ req->rq_cli_ctx = get_my_ctx(sec);
- req->rq_cli_ctx = get_my_ctx(imp->imp_sec);
+ sptlrpc_sec_put(sec);
if (!req->rq_cli_ctx) {
CERROR("req %p: fail to get context\n", req);
RETURN(0);
}
-/*
- * if @sync == 0, this function should return quickly without sleep;
- * otherwise might trigger ctx destroying rpc to server.
+/**
+ * Drop the context for \a req.
+ * \pre req->rq_cli_ctx != NULL.
+ * \post req->rq_cli_ctx == NULL.
+ *
+ * If \a sync == 0, this function should return quickly without sleep;
+ * otherwise it might trigger and wait for the whole process of sending
+ * an context-destroying rpc to server.
*/
void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync)
{
/* request might be asked to release earlier while still
* in the context waiting list.
*/
- if (!list_empty(&req->rq_ctx_chain)) {
- spin_lock(&req->rq_cli_ctx->cc_lock);
- list_del_init(&req->rq_ctx_chain);
- spin_unlock(&req->rq_cli_ctx->cc_lock);
+ if (!cfs_list_empty(&req->rq_ctx_chain)) {
+ cfs_spin_lock(&req->rq_cli_ctx->cc_lock);
+ cfs_list_del_init(&req->rq_ctx_chain);
+ cfs_spin_unlock(&req->rq_cli_ctx->cc_lock);
}
sptlrpc_cli_ctx_put(req->rq_cli_ctx, sync);
EXIT;
}
-/*
- * request must have a context. if failed to get new context,
- * just restore the old one
+static
+int sptlrpc_req_ctx_switch(struct ptlrpc_request *req,
+ struct ptlrpc_cli_ctx *oldctx,
+ struct ptlrpc_cli_ctx *newctx)
+{
+ struct sptlrpc_flavor old_flvr;
+ char *reqmsg = NULL; /* to workaround old gcc */
+ int reqmsg_size;
+ int rc = 0;
+
+ LASSERT(req->rq_reqmsg);
+ LASSERT(req->rq_reqlen);
+ LASSERT(req->rq_replen);
+
+ CWARN("req %p: switch ctx %p(%u->%s) -> %p(%u->%s), "
+ "switch sec %p(%s) -> %p(%s)\n", req,
+ oldctx, oldctx->cc_vcred.vc_uid, sec2target_str(oldctx->cc_sec),
+ newctx, newctx->cc_vcred.vc_uid, sec2target_str(newctx->cc_sec),
+ oldctx->cc_sec, oldctx->cc_sec->ps_policy->sp_name,
+ newctx->cc_sec, newctx->cc_sec->ps_policy->sp_name);
+
+ /* save flavor */
+ old_flvr = req->rq_flvr;
+
+ /* save request message */
+ reqmsg_size = req->rq_reqlen;
+ if (reqmsg_size != 0) {
+ OBD_ALLOC_LARGE(reqmsg, reqmsg_size);
+ if (reqmsg == NULL)
+ return -ENOMEM;
+ memcpy(reqmsg, req->rq_reqmsg, reqmsg_size);
+ }
+
+ /* release old req/rep buf */
+ req->rq_cli_ctx = oldctx;
+ sptlrpc_cli_free_reqbuf(req);
+ sptlrpc_cli_free_repbuf(req);
+ req->rq_cli_ctx = newctx;
+
+ /* recalculate the flavor */
+ sptlrpc_req_set_flavor(req, 0);
+
+ /* alloc new request buffer
+ * we don't need to alloc reply buffer here, leave it to the
+ * rest procedure of ptlrpc */
+ if (reqmsg_size != 0) {
+ rc = sptlrpc_cli_alloc_reqbuf(req, reqmsg_size);
+ if (!rc) {
+ LASSERT(req->rq_reqmsg);
+ memcpy(req->rq_reqmsg, reqmsg, reqmsg_size);
+ } else {
+ CWARN("failed to alloc reqbuf: %d\n", rc);
+ req->rq_flvr = old_flvr;
+ }
+
+ OBD_FREE_LARGE(reqmsg, reqmsg_size);
+ }
+ return rc;
+}
+
+/**
+ * If current context of \a req is dead somehow, e.g. we just switched flavor
+ * thus marked original contexts dead, we'll find a new context for it. if
+ * no switch is needed, \a req will end up with the same context.
+ *
+ * \note a request must have a context, to keep other parts of code happy.
+ * In any case of failure during the switching, we must restore the old one.
*/
int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req)
{
- struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
- int rc;
+ struct ptlrpc_cli_ctx *oldctx = req->rq_cli_ctx;
+ struct ptlrpc_cli_ctx *newctx;
+ int rc;
ENTRY;
- LASSERT(ctx);
- LASSERT(test_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags));
-
- /* make sure not on context waiting list */
- spin_lock(&ctx->cc_lock);
- list_del_init(&req->rq_ctx_chain);
- spin_unlock(&ctx->cc_lock);
+ LASSERT(oldctx);
- sptlrpc_cli_ctx_get(ctx);
+ sptlrpc_cli_ctx_get(oldctx);
sptlrpc_req_put_ctx(req, 0);
+
rc = sptlrpc_req_get_ctx(req);
- if (!rc) {
- LASSERT(req->rq_cli_ctx);
- sptlrpc_cli_ctx_put(ctx, 1);
- } else {
+ if (unlikely(rc)) {
LASSERT(!req->rq_cli_ctx);
- req->rq_cli_ctx = ctx;
+
+ /* restore old ctx */
+ req->rq_cli_ctx = oldctx;
+ RETURN(rc);
}
- RETURN(rc);
+
+ newctx = req->rq_cli_ctx;
+ LASSERT(newctx);
+
+ if (unlikely(newctx == oldctx &&
+ cfs_test_bit(PTLRPC_CTX_DEAD_BIT, &oldctx->cc_flags))) {
+ /*
+ * still get the old dead ctx, usually means system too busy
+ */
+ CWARN("ctx (%p, fl %lx) doesn't switch, relax a little bit\n",
+ newctx, newctx->cc_flags);
+
+ cfs_schedule_timeout_and_set_state(CFS_TASK_INTERRUPTIBLE,
+ CFS_HZ);
+ } else {
+ /*
+ * it's possible newctx == oldctx if we're switching
+ * subflavor with the same sec.
+ */
+ rc = sptlrpc_req_ctx_switch(req, oldctx, newctx);
+ if (rc) {
+ /* restore old ctx */
+ sptlrpc_req_put_ctx(req, 0);
+ req->rq_cli_ctx = oldctx;
+ RETURN(rc);
+ }
+
+ LASSERT(req->rq_cli_ctx == newctx);
+ }
+
+ sptlrpc_cli_ctx_put(oldctx, 1);
+ RETURN(0);
}
EXPORT_SYMBOL(sptlrpc_req_replace_dead_ctx);
/* conn_cnt is needed in expire_one_request */
lustre_msg_set_conn_cnt(req->rq_reqmsg, req->rq_import->imp_conn_cnt);
- rc = ptlrpc_expire_one_request(req);
+ rc = ptlrpc_expire_one_request(req, 1);
/* if we started recovery, we should mark this ctx dead; otherwise
* in case of lgssd died nobody would retire this ctx, following
* connecting will still find the same ctx thus cause deadlock.
{
struct ptlrpc_request *req = data;
- spin_lock(&req->rq_lock);
+ cfs_spin_lock(&req->rq_lock);
req->rq_intr = 1;
- spin_unlock(&req->rq_lock);
+ cfs_spin_unlock(&req->rq_lock);
}
static
void req_off_ctx_list(struct ptlrpc_request *req, struct ptlrpc_cli_ctx *ctx)
{
- spin_lock(&ctx->cc_lock);
- if (!list_empty(&req->rq_ctx_chain))
- list_del_init(&req->rq_ctx_chain);
- spin_unlock(&ctx->cc_lock);
+ cfs_spin_lock(&ctx->cc_lock);
+ if (!cfs_list_empty(&req->rq_ctx_chain))
+ cfs_list_del_init(&req->rq_ctx_chain);
+ cfs_spin_unlock(&ctx->cc_lock);
}
-/*
- * the status of context could be subject to be changed by other threads at any
- * time. we allow this race. but once we return with 0, the caller will
- * suppose it's uptodated and keep using it until the owning rpc is done.
+/**
+ * To refresh the context of \req, if it's not up-to-date.
+ * \param timeout
+ * - < 0: don't wait
+ * - = 0: wait until success or fatal error occur
+ * - > 0: timeout value (in seconds)
*
- * @timeout:
- * < 0 - don't wait
- * = 0 - wait until success or fatal error occur
- * > 0 - timeout value
+ * The status of the context could be subject to be changed by other threads
+ * at any time. We allow this race, but once we return with 0, the caller will
+ * suppose it's uptodated and keep using it until the owning rpc is done.
*
- * return 0 only if the context is uptodated.
+ * \retval 0 only if the context is uptodated.
+ * \retval -ev error number.
*/
int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout)
{
struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
+ struct ptlrpc_sec *sec;
struct l_wait_info lwi;
int rc;
ENTRY;
LASSERT(ctx);
- /* skip special ctxs */
- if (cli_ctx_is_eternal(ctx) || req->rq_ctx_init || req->rq_ctx_fini)
+ if (req->rq_ctx_init || req->rq_ctx_fini)
RETURN(0);
- if (test_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags)) {
+ /*
+ * during the process a request's context might change type even
+ * (e.g. from gss ctx to null ctx), so each loop we need to re-check
+ * everything
+ */
+again:
+ rc = import_sec_validate_get(req->rq_import, &sec);
+ if (rc)
+ RETURN(rc);
+
+ if (sec->ps_flvr.sf_rpc != req->rq_flvr.sf_rpc) {
+ CDEBUG(D_SEC, "req %p: flavor has changed %x -> %x\n",
+ req, req->rq_flvr.sf_rpc, sec->ps_flvr.sf_rpc);
+ req_off_ctx_list(req, ctx);
+ sptlrpc_req_replace_dead_ctx(req);
+ ctx = req->rq_cli_ctx;
+ }
+ sptlrpc_sec_put(sec);
+
+ if (cli_ctx_is_eternal(ctx))
+ RETURN(0);
+
+ if (unlikely(cfs_test_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags))) {
LASSERT(ctx->cc_ops->refresh);
ctx->cc_ops->refresh(ctx);
}
- LASSERT(test_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags) == 0);
+ LASSERT(cfs_test_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags) == 0);
-again:
LASSERT(ctx->cc_ops->validate);
if (ctx->cc_ops->validate(ctx) == 0) {
req_off_ctx_list(req, ctx);
RETURN(0);
}
- if (unlikely(test_bit(PTLRPC_CTX_ERROR_BIT, &ctx->cc_flags))) {
+ if (unlikely(cfs_test_bit(PTLRPC_CTX_ERROR_BIT, &ctx->cc_flags))) {
+ cfs_spin_lock(&req->rq_lock);
req->rq_err = 1;
+ cfs_spin_unlock(&req->rq_lock);
req_off_ctx_list(req, ctx);
RETURN(-EPERM);
}
- /* This is subtle. For resent message we have to keep original
- * context to survive following situation:
- * 1. the request sent to server
- * 2. recovery was kick start
- * 3. recovery finished, the request marked as resent
- * 4. resend the request
- * 5. old reply from server received (because xid is the same)
- * 6. verify reply (has to be success)
- * 7. new reply from server received, lnet drop it
+ /*
+ * There's a subtle issue for resending RPCs, suppose following
+ * situation:
+ * 1. the request was sent to server.
+ * 2. recovery was kicked start, after finished the request was
+ * marked as resent.
+ * 3. resend the request.
+ * 4. old reply from server received, we accept and verify the reply.
+ * this has to be success, otherwise the error will be aware
+ * by application.
+ * 5. new reply from server received, dropped by LNet.
*
- * Note we can't simply change xid for resent request because
- * server reply on it for reply reconstruction.
+ * Note the xid of old & new request is the same. We can't simply
+ * change xid for the resent request because the server replies on
+ * it for reply reconstruction.
*
* Commonly the original context should be uptodate because we
- * have a expiry nice time; And server will keep their half part
- * context because we at least hold a ref of old context which
- * prevent the context detroy RPC be sent. So server still can
- * accept the request and finish RPC. Two cases:
- * 1. If server side context has been trimed, a NO_CONTEXT will
+ * have a expiry nice time; server will keep its context because
+ * we at least hold a ref of old context which prevent context
+ * destroying RPC being sent. So server still can accept the request
+ * and finish the RPC. But if that's not the case:
+ * 1. If server side context has been trimmed, a NO_CONTEXT will
* be returned, gss_cli_ctx_verify/unseal will switch to new
* context by force.
* 2. Current context never be refreshed, then we are fine: we
* never really send request with old context before.
*/
- if (test_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags) &&
+ if (cfs_test_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags) &&
unlikely(req->rq_reqmsg) &&
lustre_msg_get_flags(req->rq_reqmsg) & MSG_RESENT) {
req_off_ctx_list(req, ctx);
RETURN(0);
}
- if (unlikely(test_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags))) {
- /* don't have to, but we don't want to release it too soon */
- sptlrpc_cli_ctx_get(ctx);
+ if (unlikely(cfs_test_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags))) {
+ req_off_ctx_list(req, ctx);
+ /*
+ * don't switch ctx if import was deactivated
+ */
+ if (req->rq_import->imp_deactive) {
+ cfs_spin_lock(&req->rq_lock);
+ req->rq_err = 1;
+ cfs_spin_unlock(&req->rq_lock);
+ RETURN(-EINTR);
+ }
rc = sptlrpc_req_replace_dead_ctx(req);
if (rc) {
LASSERT(ctx == req->rq_cli_ctx);
- CERROR("req %p: failed to replace dead ctx %p\n",
- req, ctx);
+ CERROR("req %p: failed to replace dead ctx %p: %d\n",
+ req, ctx, rc);
+ cfs_spin_lock(&req->rq_lock);
req->rq_err = 1;
- LASSERT(list_empty(&req->rq_ctx_chain));
- sptlrpc_cli_ctx_put(ctx, 1);
- RETURN(-ENOMEM);
+ cfs_spin_unlock(&req->rq_lock);
+ RETURN(rc);
}
- /* FIXME
- * if ctx didn't really switch, might be cpu tight or sth,
- * we just relax a little bit.
- */
- if (ctx == req->rq_cli_ctx)
- schedule();
-
- CWARN("req %p: replace dead ctx %p(%u->%s) => %p\n",
- req, ctx, ctx->cc_vcred.vc_uid,
- sec2target_str(ctx->cc_sec), req->rq_cli_ctx);
-
- sptlrpc_cli_ctx_put(ctx, 1);
ctx = req->rq_cli_ctx;
- LASSERT(list_empty(&req->rq_ctx_chain));
-
goto again;
}
- /* Now we're sure this context is during upcall, add myself into
+ /*
+ * Now we're sure this context is during upcall, add myself into
* waiting list
*/
- spin_lock(&ctx->cc_lock);
- if (list_empty(&req->rq_ctx_chain))
- list_add(&req->rq_ctx_chain, &ctx->cc_req_list);
- spin_unlock(&ctx->cc_lock);
+ cfs_spin_lock(&ctx->cc_lock);
+ if (cfs_list_empty(&req->rq_ctx_chain))
+ cfs_list_add(&req->rq_ctx_chain, &ctx->cc_req_list);
+ cfs_spin_unlock(&ctx->cc_lock);
- if (timeout < 0) {
+ if (timeout < 0)
RETURN(-EWOULDBLOCK);
- }
/* Clear any flags that may be present from previous sends */
LASSERT(req->rq_receiving_reply == 0);
- spin_lock(&req->rq_lock);
+ cfs_spin_lock(&req->rq_lock);
req->rq_err = 0;
req->rq_timedout = 0;
req->rq_resend = 0;
req->rq_restart = 0;
- spin_unlock(&req->rq_lock);
+ cfs_spin_unlock(&req->rq_lock);
- lwi = LWI_TIMEOUT_INTR(timeout * HZ, ctx_refresh_timeout,
+ lwi = LWI_TIMEOUT_INTR(timeout * CFS_HZ, ctx_refresh_timeout,
ctx_refresh_interrupt, req);
rc = l_wait_event(req->rq_reply_waitq, ctx_check_refresh(ctx), &lwi);
- /* five cases we are here:
- * 1. successfully refreshed;
- * 2. someone else mark this ctx dead by force;
- * 3. interruptted;
- * 4. timedout, and we don't want recover from the failure;
- * 5. timedout, and waked up upon recovery finished;
+ /*
+ * following cases could lead us here:
+ * - successfully refreshed;
+ * - interrupted;
+ * - timedout, and we don't want recover from the failure;
+ * - timedout, and waked up upon recovery finished;
+ * - someone else mark this ctx dead by force;
+ * - someone invalidate the req and call ptlrpc_client_wake_req(),
+ * e.g. ptlrpc_abort_inflight();
*/
if (!cli_ctx_is_refreshed(ctx)) {
/* timed out or interruptted */
goto again;
}
+/**
+ * Initialize flavor settings for \a req, according to \a opcode.
+ *
+ * \note this could be called in two situations:
+ * - new request from ptlrpc_pre_req(), with proper @opcode
+ * - old request which changed ctx in the middle, with @opcode == 0
+ */
void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode)
{
- struct sec_flavor_config *conf;
+ struct ptlrpc_sec *sec;
LASSERT(req->rq_import);
- LASSERT(req->rq_import->imp_sec);
LASSERT(req->rq_cli_ctx);
LASSERT(req->rq_cli_ctx->cc_sec);
LASSERT(req->rq_bulk_read == 0 || req->rq_bulk_write == 0);
/* special security flags accoding to opcode */
switch (opcode) {
case OST_READ:
+ case MDS_READPAGE:
req->rq_bulk_read = 1;
break;
case OST_WRITE:
+ case MDS_WRITEPAGE:
req->rq_bulk_write = 1;
break;
case SEC_CTX_INIT:
case SEC_CTX_FINI:
req->rq_ctx_fini = 1;
break;
+ case 0:
+ /* init/fini rpc won't be resend, so can't be here */
+ LASSERT(req->rq_ctx_init == 0);
+ LASSERT(req->rq_ctx_fini == 0);
+
+ /* cleanup flags, which should be recalculated */
+ req->rq_pack_udesc = 0;
+ req->rq_pack_bulk = 0;
+ break;
}
- req->rq_sec_flavor = req->rq_cli_ctx->cc_sec->ps_flavor;
+ sec = req->rq_cli_ctx->cc_sec;
+
+ cfs_spin_lock(&sec->ps_lock);
+ req->rq_flvr = sec->ps_flvr;
+ cfs_spin_unlock(&sec->ps_lock);
/* force SVC_NULL for context initiation rpc, SVC_INTG for context
- * destruction rpc
- */
- if (unlikely(req->rq_ctx_init)) {
- req->rq_sec_flavor = SEC_MAKE_RPC_FLAVOR(
- SEC_FLAVOR_POLICY(req->rq_sec_flavor),
- SEC_FLAVOR_MECH(req->rq_sec_flavor),
- SPTLRPC_SVC_NULL);
- } else if (unlikely(req->rq_ctx_fini)) {
- req->rq_sec_flavor = SEC_MAKE_RPC_FLAVOR(
- SEC_FLAVOR_POLICY(req->rq_sec_flavor),
- SEC_FLAVOR_MECH(req->rq_sec_flavor),
- SPTLRPC_SVC_INTG);
- }
-
- conf = &req->rq_import->imp_obd->u.cli.cl_sec_conf;
-
- /* user descriptor flag, except ROOTONLY which don't need, and
- * null security which can't
- */
- if ((conf->sfc_flags & PTLRPC_SEC_FL_ROOTONLY) == 0 &&
- req->rq_sec_flavor != SPTLRPC_FLVR_NULL)
- req->rq_sec_flavor |= SEC_FLAVOR_FL_USER;
+ * destruction rpc */
+ if (unlikely(req->rq_ctx_init))
+ flvr_set_svc(&req->rq_flvr.sf_rpc, SPTLRPC_SVC_NULL);
+ else if (unlikely(req->rq_ctx_fini))
+ flvr_set_svc(&req->rq_flvr.sf_rpc, SPTLRPC_SVC_INTG);
+
+ /* user descriptor flag, null security can't do it anyway */
+ if ((sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_UDESC) &&
+ (req->rq_flvr.sf_rpc != SPTLRPC_FLVR_NULL))
+ req->rq_pack_udesc = 1;
/* bulk security flag */
if ((req->rq_bulk_read || req->rq_bulk_write) &&
- (conf->sfc_bulk_priv != BULK_PRIV_ALG_NULL ||
- conf->sfc_bulk_csum != BULK_CSUM_ALG_NULL))
- req->rq_sec_flavor |= SEC_FLAVOR_FL_BULK;
+ sptlrpc_flavor_has_bulk(&req->rq_flvr))
+ req->rq_pack_bulk = 1;
}
void sptlrpc_request_out_callback(struct ptlrpc_request *req)
{
- if (SEC_FLAVOR_SVC(req->rq_sec_flavor) != SPTLRPC_SVC_PRIV)
+ if (SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc) != SPTLRPC_SVC_PRIV)
return;
LASSERT(req->rq_clrbuf);
req->rq_reqbuf_len = 0;
}
-/*
- * check whether current user have valid context for an import or not.
- * might repeatedly try in case of non-fatal errors.
- * return 0 on success, < 0 on failure
+/**
+ * Given an import \a imp, check whether current user has a valid context
+ * or not. We may create a new context and try to refresh it, and try
+ * repeatedly try in case of non-fatal errors. Return 0 means success.
*/
int sptlrpc_import_check_ctx(struct obd_import *imp)
{
+ struct ptlrpc_sec *sec;
struct ptlrpc_cli_ctx *ctx;
struct ptlrpc_request *req = NULL;
int rc;
ENTRY;
- might_sleep();
+ cfs_might_sleep();
+
+ sec = sptlrpc_import_sec_ref(imp);
+ ctx = get_my_ctx(sec);
+ sptlrpc_sec_put(sec);
- ctx = get_my_ctx(imp->imp_sec);
if (!ctx)
- RETURN(1);
+ RETURN(-ENOMEM);
if (cli_ctx_is_eternal(ctx) ||
ctx->cc_ops->validate(ctx) == 0) {
RETURN(0);
}
+ if (cli_ctx_is_error(ctx)) {
+ sptlrpc_cli_ctx_put(ctx, 1);
+ RETURN(-EACCES);
+ }
+
OBD_ALLOC_PTR(req);
if (!req)
RETURN(-ENOMEM);
- spin_lock_init(&req->rq_lock);
- atomic_set(&req->rq_refcount, 10000);
+ cfs_spin_lock_init(&req->rq_lock);
+ cfs_atomic_set(&req->rq_refcount, 10000);
CFS_INIT_LIST_HEAD(&req->rq_ctx_chain);
- init_waitqueue_head(&req->rq_reply_waitq);
+ cfs_waitq_init(&req->rq_reply_waitq);
+ cfs_waitq_init(&req->rq_set_waitq);
req->rq_import = imp;
+ req->rq_flvr = sec->ps_flvr;
req->rq_cli_ctx = ctx;
rc = sptlrpc_req_refresh_ctx(req, 0);
- LASSERT(list_empty(&req->rq_ctx_chain));
+ LASSERT(cfs_list_empty(&req->rq_ctx_chain));
sptlrpc_cli_ctx_put(req->rq_cli_ctx, 1);
OBD_FREE_PTR(req);
RETURN(rc);
}
+/**
+ * Used by ptlrpc client, to perform the pre-defined security transformation
+ * upon the request message of \a req. After this function called,
+ * req->rq_reqmsg is still accessible as clear text.
+ */
int sptlrpc_cli_wrap_request(struct ptlrpc_request *req)
{
struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
RETURN(rc);
}
- switch (SEC_FLAVOR_SVC(req->rq_sec_flavor)) {
+ switch (SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc)) {
case SPTLRPC_SVC_NULL:
case SPTLRPC_SVC_AUTH:
case SPTLRPC_SVC_INTG:
RETURN(rc);
}
-/*
- * rq_nob_received is the actual received data length
- */
-int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req)
+static int do_cli_unwrap_reply(struct ptlrpc_request *req)
{
struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
- int rc;
+ int rc;
ENTRY;
LASSERT(ctx);
LASSERT(ctx->cc_sec);
- LASSERT(ctx->cc_ops);
LASSERT(req->rq_repbuf);
+ LASSERT(req->rq_repdata);
+ LASSERT(req->rq_repmsg == NULL);
- req->rq_repdata_len = req->rq_nob_received;
+ req->rq_rep_swab_mask = 0;
- if (req->rq_nob_received < sizeof(struct lustre_msg)) {
- CERROR("replied data length %d too small\n",
- req->rq_nob_received);
+ rc = __lustre_unpack_msg(req->rq_repdata, req->rq_repdata_len);
+ switch (rc) {
+ case 1:
+ lustre_set_rep_swabbed(req, MSG_PTLRPC_HEADER_OFF);
+ case 0:
+ break;
+ default:
+ CERROR("failed unpack reply: x"LPU64"\n", req->rq_xid);
RETURN(-EPROTO);
}
- if (req->rq_repbuf->lm_magic == LUSTRE_MSG_MAGIC_V1 ||
- req->rq_repbuf->lm_magic == LUSTRE_MSG_MAGIC_V1_SWABBED) {
- /* it's must be null flavor, so our requets also should be
- * in null flavor */
- if (SEC_FLAVOR_POLICY(req->rq_sec_flavor) !=
- SPTLRPC_POLICY_NULL) {
- CERROR("request flavor is %x but reply with null\n",
- req->rq_sec_flavor);
- RETURN(-EPROTO);
- }
- } else {
- /* v2 message... */
- ptlrpc_sec_flavor_t tmpf = req->rq_repbuf->lm_secflvr;
-
- if (req->rq_repbuf->lm_magic == LUSTRE_MSG_MAGIC_V2_SWABBED)
- __swab32s(&tmpf);
-
- if (SEC_FLAVOR_POLICY(tmpf) !=
- SEC_FLAVOR_POLICY(req->rq_sec_flavor)) {
- CERROR("request policy %u while reply with %d\n",
- SEC_FLAVOR_POLICY(req->rq_sec_flavor),
- SEC_FLAVOR_POLICY(tmpf));
- RETURN(-EPROTO);
- }
+ if (req->rq_repdata_len < sizeof(struct lustre_msg)) {
+ CERROR("replied data length %d too small\n",
+ req->rq_repdata_len);
+ RETURN(-EPROTO);
+ }
- if ((SEC_FLAVOR_POLICY(req->rq_sec_flavor) !=
- SPTLRPC_POLICY_NULL) &&
- lustre_unpack_msg(req->rq_repbuf, req->rq_nob_received))
- RETURN(-EPROTO);
+ if (SPTLRPC_FLVR_POLICY(req->rq_repdata->lm_secflvr) !=
+ SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc)) {
+ CERROR("reply policy %u doesn't match request policy %u\n",
+ SPTLRPC_FLVR_POLICY(req->rq_repdata->lm_secflvr),
+ SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc));
+ RETURN(-EPROTO);
}
- switch (SEC_FLAVOR_SVC(req->rq_sec_flavor)) {
+ switch (SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc)) {
case SPTLRPC_SVC_NULL:
case SPTLRPC_SVC_AUTH:
case SPTLRPC_SVC_INTG:
default:
LBUG();
}
-
LASSERT(rc || req->rq_repmsg || req->rq_resend);
- RETURN(rc);
-}
-
-/**************************************************
- * client side high-level security APIs *
- **************************************************/
-
-static
-void sec_cop_destroy_sec(struct ptlrpc_sec *sec)
-{
- struct ptlrpc_sec_policy *policy = sec->ps_policy;
-
- LASSERT(atomic_read(&sec->ps_refcount) == 0);
- LASSERT(atomic_read(&sec->ps_busy) == 0);
- LASSERT(policy->sp_cops->destroy_sec);
- CDEBUG(D_SEC, "%s@%p: being destroied\n", sec->ps_policy->sp_name, sec);
-
- policy->sp_cops->destroy_sec(sec);
- sptlrpc_policy_put(policy);
+ if (SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc) != SPTLRPC_POLICY_NULL &&
+ !req->rq_ctx_init)
+ req->rq_rep_swab_mask = 0;
+ RETURN(rc);
}
-static
-int sec_cop_flush_ctx_cache(struct ptlrpc_sec *sec, uid_t uid,
- int grace, int force)
+/**
+ * Used by ptlrpc client, to perform security transformation upon the reply
+ * message of \a req. After return successfully, req->rq_repmsg points to
+ * the reply message in clear text.
+ *
+ * \pre the reply buffer should have been un-posted from LNet, so nothing is
+ * going to change.
+ */
+int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req)
{
- struct ptlrpc_sec_policy *policy = sec->ps_policy;
+ LASSERT(req->rq_repbuf);
+ LASSERT(req->rq_repdata == NULL);
+ LASSERT(req->rq_repmsg == NULL);
+ LASSERT(req->rq_reply_off + req->rq_nob_received <= req->rq_repbuf_len);
- LASSERT(policy->sp_cops);
- LASSERT(policy->sp_cops->flush_ctx_cache);
+ if (req->rq_reply_off == 0 &&
+ (lustre_msghdr_get_flags(req->rq_reqmsg) & MSGHDR_AT_SUPPORT)) {
+ CERROR("real reply with offset 0\n");
+ return -EPROTO;
+ }
- return policy->sp_cops->flush_ctx_cache(sec, uid, grace, force);
-}
+ if (req->rq_reply_off % 8 != 0) {
+ CERROR("reply at odd offset %u\n", req->rq_reply_off);
+ return -EPROTO;
+ }
-void sptlrpc_sec_destroy(struct ptlrpc_sec *sec)
-{
- sec_cop_destroy_sec(sec);
-}
-EXPORT_SYMBOL(sptlrpc_sec_destroy);
+ req->rq_repdata = (struct lustre_msg *)
+ (req->rq_repbuf + req->rq_reply_off);
+ req->rq_repdata_len = req->rq_nob_received;
-/*
- * let policy module to determine whether take refrence of
- * import or not.
+ return do_cli_unwrap_reply(req);
+}
+
+/**
+ * Used by ptlrpc client, to perform security transformation upon the early
+ * reply message of \a req. We expect the rq_reply_off is 0, and
+ * rq_nob_received is the early reply size.
+ *
+ * Because the receive buffer might be still posted, the reply data might be
+ * changed at any time, no matter we're holding rq_lock or not. For this reason
+ * we allocate a separate ptlrpc_request and reply buffer for early reply
+ * processing.
+ *
+ * \retval 0 success, \a req_ret is filled with a duplicated ptlrpc_request.
+ * Later the caller must call sptlrpc_cli_finish_early_reply() on the returned
+ * \a *req_ret to release it.
+ * \retval -ev error number, and \a req_ret will not be set.
*/
-static
-struct ptlrpc_sec * import_create_sec(struct obd_import *imp,
- struct ptlrpc_svc_ctx *ctx,
- __u32 flavor,
- unsigned long flags)
+int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
+ struct ptlrpc_request **req_ret)
{
- struct ptlrpc_sec_policy *policy;
- struct ptlrpc_sec *sec;
+ struct ptlrpc_request *early_req;
+ char *early_buf;
+ int early_bufsz, early_size;
+ int rc;
ENTRY;
- flavor = SEC_FLAVOR_RPC(flavor);
+ OBD_ALLOC_PTR(early_req);
+ if (early_req == NULL)
+ RETURN(-ENOMEM);
- if (ctx) {
- LASSERT(imp->imp_dlm_fake == 1);
+ early_size = req->rq_nob_received;
+ early_bufsz = size_roundup_power2(early_size);
+ OBD_ALLOC_LARGE(early_buf, early_bufsz);
+ if (early_buf == NULL)
+ GOTO(err_req, rc = -ENOMEM);
- CDEBUG(D_SEC, "%s %s: reverse sec using flavor %s\n",
- imp->imp_obd->obd_type->typ_name,
- imp->imp_obd->obd_name,
- sptlrpc_flavor2name(flavor));
+ /* sanity checkings and copy data out, do it inside spinlock */
+ cfs_spin_lock(&req->rq_lock);
- policy = sptlrpc_policy_get(ctx->sc_policy);
- flags |= PTLRPC_SEC_FL_REVERSE | PTLRPC_SEC_FL_ROOTONLY;
- } else {
- LASSERT(imp->imp_dlm_fake == 0);
+ if (req->rq_replied) {
+ cfs_spin_unlock(&req->rq_lock);
+ GOTO(err_buf, rc = -EALREADY);
+ }
- CDEBUG(D_SEC, "%s %s: select security flavor %s\n",
- imp->imp_obd->obd_type->typ_name,
- imp->imp_obd->obd_name,
- sptlrpc_flavor2name(flavor));
+ LASSERT(req->rq_repbuf);
+ LASSERT(req->rq_repdata == NULL);
+ LASSERT(req->rq_repmsg == NULL);
- policy = sptlrpc_flavor2policy(flavor);
- if (!policy) {
- CERROR("invalid flavor 0x%x\n", flavor);
- RETURN(NULL);
- }
+ if (req->rq_reply_off != 0) {
+ CERROR("early reply with offset %u\n", req->rq_reply_off);
+ cfs_spin_unlock(&req->rq_lock);
+ GOTO(err_buf, rc = -EPROTO);
}
- sec = policy->sp_cops->create_sec(imp, ctx, flavor, flags);
- if (sec) {
- atomic_inc(&sec->ps_refcount);
+ if (req->rq_nob_received != early_size) {
+ /* even another early arrived the size should be the same */
+ CERROR("data size has changed from %u to %u\n",
+ early_size, req->rq_nob_received);
+ cfs_spin_unlock(&req->rq_lock);
+ GOTO(err_buf, rc = -EINVAL);
+ }
- /* take 1 busy count on behalf of sec itself,
- * balanced in sptlrpc_set_put()
- */
- atomic_inc(&sec->ps_busy);
+ if (req->rq_nob_received < sizeof(struct lustre_msg)) {
+ CERROR("early reply length %d too small\n",
+ req->rq_nob_received);
+ cfs_spin_unlock(&req->rq_lock);
+ GOTO(err_buf, rc = -EALREADY);
+ }
- if (sec->ps_gc_interval && policy->sp_cops->gc_ctx)
- sptlrpc_gc_add_sec(sec);
- } else
- sptlrpc_policy_put(policy);
+ memcpy(early_buf, req->rq_repbuf, early_size);
+ cfs_spin_unlock(&req->rq_lock);
+
+ cfs_spin_lock_init(&early_req->rq_lock);
+ early_req->rq_cli_ctx = sptlrpc_cli_ctx_get(req->rq_cli_ctx);
+ early_req->rq_flvr = req->rq_flvr;
+ early_req->rq_repbuf = early_buf;
+ early_req->rq_repbuf_len = early_bufsz;
+ early_req->rq_repdata = (struct lustre_msg *) early_buf;
+ early_req->rq_repdata_len = early_size;
+ early_req->rq_early = 1;
+ early_req->rq_reqmsg = req->rq_reqmsg;
+
+ rc = do_cli_unwrap_reply(early_req);
+ if (rc) {
+ DEBUG_REQ(D_ADAPTTO, early_req,
+ "error %d unwrap early reply", rc);
+ GOTO(err_ctx, rc);
+ }
- RETURN(sec);
+ LASSERT(early_req->rq_repmsg);
+ *req_ret = early_req;
+ RETURN(0);
+
+err_ctx:
+ sptlrpc_cli_ctx_put(early_req->rq_cli_ctx, 1);
+err_buf:
+ OBD_FREE_LARGE(early_buf, early_bufsz);
+err_req:
+ OBD_FREE_PTR(early_req);
+ RETURN(rc);
}
-int sptlrpc_import_get_sec(struct obd_import *imp,
- struct ptlrpc_svc_ctx *ctx,
- __u32 flavor,
- unsigned long flags)
+/**
+ * Used by ptlrpc client, to release a processed early reply \a early_req.
+ *
+ * \pre \a early_req was obtained from calling sptlrpc_cli_unwrap_early_reply().
+ */
+void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req)
{
- might_sleep();
+ LASSERT(early_req->rq_repbuf);
+ LASSERT(early_req->rq_repdata);
+ LASSERT(early_req->rq_repmsg);
- /* old sec might be still there in reconnecting */
- if (imp->imp_sec)
- return 0;
+ sptlrpc_cli_ctx_put(early_req->rq_cli_ctx, 1);
+ OBD_FREE_LARGE(early_req->rq_repbuf, early_req->rq_repbuf_len);
+ OBD_FREE_PTR(early_req);
+}
- imp->imp_sec = import_create_sec(imp, ctx, flavor, flags);
- if (!imp->imp_sec)
- return -EINVAL;
+/**************************************************
+ * sec ID *
+ **************************************************/
- return 0;
-}
+/*
+ * "fixed" sec (e.g. null) use sec_id < 0
+ */
+static cfs_atomic_t sptlrpc_sec_id = CFS_ATOMIC_INIT(1);
-void sptlrpc_import_put_sec(struct obd_import *imp)
+int sptlrpc_get_next_secid(void)
{
- struct ptlrpc_sec *sec;
- struct ptlrpc_sec_policy *policy;
+ return cfs_atomic_inc_return(&sptlrpc_sec_id);
+}
+EXPORT_SYMBOL(sptlrpc_get_next_secid);
- might_sleep();
+/**************************************************
+ * client side high-level security APIs *
+ **************************************************/
- if (imp->imp_sec == NULL)
- return;
+static int sec_cop_flush_ctx_cache(struct ptlrpc_sec *sec, uid_t uid,
+ int grace, int force)
+{
+ struct ptlrpc_sec_policy *policy = sec->ps_policy;
- sec = imp->imp_sec;
- policy = sec->ps_policy;
+ LASSERT(policy->sp_cops);
+ LASSERT(policy->sp_cops->flush_ctx_cache);
+
+ return policy->sp_cops->flush_ctx_cache(sec, uid, grace, force);
+}
+
+static void sec_cop_destroy_sec(struct ptlrpc_sec *sec)
+{
+ struct ptlrpc_sec_policy *policy = sec->ps_policy;
+
+ LASSERT_ATOMIC_ZERO(&sec->ps_refcount);
+ LASSERT_ATOMIC_ZERO(&sec->ps_nctx);
+ LASSERT(policy->sp_cops->destroy_sec);
+
+ CDEBUG(D_SEC, "%s@%p: being destroied\n", sec->ps_policy->sp_name, sec);
+
+ policy->sp_cops->destroy_sec(sec);
+ sptlrpc_policy_put(policy);
+}
+
+void sptlrpc_sec_destroy(struct ptlrpc_sec *sec)
+{
+ sec_cop_destroy_sec(sec);
+}
+EXPORT_SYMBOL(sptlrpc_sec_destroy);
+
+static void sptlrpc_sec_kill(struct ptlrpc_sec *sec)
+{
+ LASSERT_ATOMIC_POS(&sec->ps_refcount);
+
+ if (sec->ps_policy->sp_cops->kill_sec) {
+ sec->ps_policy->sp_cops->kill_sec(sec);
- if (atomic_dec_and_test(&sec->ps_refcount)) {
sec_cop_flush_ctx_cache(sec, -1, 1, 1);
- sptlrpc_gc_del_sec(sec);
+ }
+}
+
+struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec)
+{
+ if (sec)
+ cfs_atomic_inc(&sec->ps_refcount);
+
+ return sec;
+}
+EXPORT_SYMBOL(sptlrpc_sec_get);
+
+void sptlrpc_sec_put(struct ptlrpc_sec *sec)
+{
+ if (sec) {
+ LASSERT_ATOMIC_POS(&sec->ps_refcount);
- if (atomic_dec_and_test(&sec->ps_busy))
+ if (cfs_atomic_dec_and_test(&sec->ps_refcount)) {
+ sptlrpc_gc_del_sec(sec);
sec_cop_destroy_sec(sec);
- else {
- CWARN("delay destroying busy sec %s %p\n",
- policy->sp_name, sec);
}
+ }
+}
+EXPORT_SYMBOL(sptlrpc_sec_put);
+
+/*
+ * policy module is responsible for taking refrence of import
+ */
+static
+struct ptlrpc_sec * sptlrpc_sec_create(struct obd_import *imp,
+ struct ptlrpc_svc_ctx *svc_ctx,
+ struct sptlrpc_flavor *sf,
+ enum lustre_sec_part sp)
+{
+ struct ptlrpc_sec_policy *policy;
+ struct ptlrpc_sec *sec;
+ char str[32];
+ ENTRY;
+
+ if (svc_ctx) {
+ LASSERT(imp->imp_dlm_fake == 1);
+
+ CDEBUG(D_SEC, "%s %s: reverse sec using flavor %s\n",
+ imp->imp_obd->obd_type->typ_name,
+ imp->imp_obd->obd_name,
+ sptlrpc_flavor2name(sf, str, sizeof(str)));
+
+ policy = sptlrpc_policy_get(svc_ctx->sc_policy);
+ sf->sf_flags |= PTLRPC_SEC_FL_REVERSE | PTLRPC_SEC_FL_ROOTONLY;
+ } else {
+ LASSERT(imp->imp_dlm_fake == 0);
+
+ CDEBUG(D_SEC, "%s %s: select security flavor %s\n",
+ imp->imp_obd->obd_type->typ_name,
+ imp->imp_obd->obd_name,
+ sptlrpc_flavor2name(sf, str, sizeof(str)));
+
+ policy = sptlrpc_wireflavor2policy(sf->sf_rpc);
+ if (!policy) {
+ CERROR("invalid flavor 0x%x\n", sf->sf_rpc);
+ RETURN(NULL);
+ }
+ }
+
+ sec = policy->sp_cops->create_sec(imp, svc_ctx, sf);
+ if (sec) {
+ cfs_atomic_inc(&sec->ps_refcount);
+
+ sec->ps_part = sp;
+
+ if (sec->ps_gc_interval && policy->sp_cops->gc_ctx)
+ sptlrpc_gc_add_sec(sec);
} else {
sptlrpc_policy_put(policy);
}
- imp->imp_sec = NULL;
+ RETURN(sec);
}
-void sptlrpc_import_flush_root_ctx(struct obd_import *imp)
+struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp)
+{
+ struct ptlrpc_sec *sec;
+
+ cfs_spin_lock(&imp->imp_lock);
+ sec = sptlrpc_sec_get(imp->imp_sec);
+ cfs_spin_unlock(&imp->imp_lock);
+
+ return sec;
+}
+EXPORT_SYMBOL(sptlrpc_import_sec_ref);
+
+static void sptlrpc_import_sec_install(struct obd_import *imp,
+ struct ptlrpc_sec *sec)
+{
+ struct ptlrpc_sec *old_sec;
+
+ LASSERT_ATOMIC_POS(&sec->ps_refcount);
+
+ cfs_spin_lock(&imp->imp_lock);
+ old_sec = imp->imp_sec;
+ imp->imp_sec = sec;
+ cfs_spin_unlock(&imp->imp_lock);
+
+ if (old_sec) {
+ sptlrpc_sec_kill(old_sec);
+
+ /* balance the ref taken by this import */
+ sptlrpc_sec_put(old_sec);
+ }
+}
+
+static inline
+int flavor_equal(struct sptlrpc_flavor *sf1, struct sptlrpc_flavor *sf2)
+{
+ return (memcmp(sf1, sf2, sizeof(*sf1)) == 0);
+}
+
+static inline
+void flavor_copy(struct sptlrpc_flavor *dst, struct sptlrpc_flavor *src)
+{
+ *dst = *src;
+}
+
+static void sptlrpc_import_sec_adapt_inplace(struct obd_import *imp,
+ struct ptlrpc_sec *sec,
+ struct sptlrpc_flavor *sf)
+{
+ char str1[32], str2[32];
+
+ if (sec->ps_flvr.sf_flags != sf->sf_flags)
+ CWARN("changing sec flags: %s -> %s\n",
+ sptlrpc_secflags2str(sec->ps_flvr.sf_flags,
+ str1, sizeof(str1)),
+ sptlrpc_secflags2str(sf->sf_flags,
+ str2, sizeof(str2)));
+
+ cfs_spin_lock(&sec->ps_lock);
+ flavor_copy(&sec->ps_flvr, sf);
+ cfs_spin_unlock(&sec->ps_lock);
+}
+
+/**
+ * To get an appropriate ptlrpc_sec for the \a imp, according to the current
+ * configuration. Upon called, imp->imp_sec may or may not be NULL.
+ *
+ * - regular import: \a svc_ctx should be NULL and \a flvr is ignored;
+ * - reverse import: \a svc_ctx and \a flvr are obtained from incoming request.
+ */
+int sptlrpc_import_sec_adapt(struct obd_import *imp,
+ struct ptlrpc_svc_ctx *svc_ctx,
+ struct sptlrpc_flavor *flvr)
+{
+ struct ptlrpc_connection *conn;
+ struct sptlrpc_flavor sf;
+ struct ptlrpc_sec *sec, *newsec;
+ enum lustre_sec_part sp;
+ char str[24];
+ int rc = 0;
+ ENTRY;
+
+ cfs_might_sleep();
+
+ if (imp == NULL)
+ RETURN(0);
+
+ conn = imp->imp_connection;
+
+ if (svc_ctx == NULL) {
+ struct client_obd *cliobd = &imp->imp_obd->u.cli;
+ /*
+ * normal import, determine flavor from rule set, except
+ * for mgc the flavor is predetermined.
+ */
+ if (cliobd->cl_sp_me == LUSTRE_SP_MGC)
+ sf = cliobd->cl_flvr_mgc;
+ else
+ sptlrpc_conf_choose_flavor(cliobd->cl_sp_me,
+ cliobd->cl_sp_to,
+ &cliobd->cl_target_uuid,
+ conn->c_self, &sf);
+
+ sp = imp->imp_obd->u.cli.cl_sp_me;
+ } else {
+ /* reverse import, determine flavor from incoming reqeust */
+ sf = *flvr;
+
+ if (sf.sf_rpc != SPTLRPC_FLVR_NULL)
+ sf.sf_flags = PTLRPC_SEC_FL_REVERSE |
+ PTLRPC_SEC_FL_ROOTONLY;
+
+ sp = sptlrpc_target_sec_part(imp->imp_obd);
+ }
+
+ sec = sptlrpc_import_sec_ref(imp);
+ if (sec) {
+ char str2[24];
+
+ if (flavor_equal(&sf, &sec->ps_flvr))
+ GOTO(out, rc);
+
+ CWARN("import %s->%s: changing flavor %s -> %s\n",
+ imp->imp_obd->obd_name,
+ obd_uuid2str(&conn->c_remote_uuid),
+ sptlrpc_flavor2name(&sec->ps_flvr, str, sizeof(str)),
+ sptlrpc_flavor2name(&sf, str2, sizeof(str2)));
+
+ if (SPTLRPC_FLVR_POLICY(sf.sf_rpc) ==
+ SPTLRPC_FLVR_POLICY(sec->ps_flvr.sf_rpc) &&
+ SPTLRPC_FLVR_MECH(sf.sf_rpc) ==
+ SPTLRPC_FLVR_MECH(sec->ps_flvr.sf_rpc)) {
+ sptlrpc_import_sec_adapt_inplace(imp, sec, &sf);
+ GOTO(out, rc);
+ }
+ } else {
+ CWARN("import %s->%s netid %x: select flavor %s\n",
+ imp->imp_obd->obd_name,
+ obd_uuid2str(&conn->c_remote_uuid),
+ LNET_NIDNET(conn->c_self),
+ sptlrpc_flavor2name(&sf, str, sizeof(str)));
+ }
+
+ cfs_mutex_down(&imp->imp_sec_mutex);
+
+ newsec = sptlrpc_sec_create(imp, svc_ctx, &sf, sp);
+ if (newsec) {
+ sptlrpc_import_sec_install(imp, newsec);
+ } else {
+ CERROR("import %s->%s: failed to create new sec\n",
+ imp->imp_obd->obd_name,
+ obd_uuid2str(&conn->c_remote_uuid));
+ rc = -EPERM;
+ }
+
+ cfs_mutex_up(&imp->imp_sec_mutex);
+out:
+ sptlrpc_sec_put(sec);
+ RETURN(rc);
+}
+
+void sptlrpc_import_sec_put(struct obd_import *imp)
+{
+ if (imp->imp_sec) {
+ sptlrpc_sec_kill(imp->imp_sec);
+
+ sptlrpc_sec_put(imp->imp_sec);
+ imp->imp_sec = NULL;
+ }
+}
+
+static void import_flush_ctx_common(struct obd_import *imp,
+ uid_t uid, int grace, int force)
{
- if (imp == NULL || imp->imp_sec == NULL)
+ struct ptlrpc_sec *sec;
+
+ if (imp == NULL)
+ return;
+
+ sec = sptlrpc_import_sec_ref(imp);
+ if (sec == NULL)
return;
+ sec_cop_flush_ctx_cache(sec, uid, grace, force);
+ sptlrpc_sec_put(sec);
+}
+
+void sptlrpc_import_flush_root_ctx(struct obd_import *imp)
+{
/* it's important to use grace mode, see explain in
- * sptlrpc_req_refresh_ctx()
- */
- sec_cop_flush_ctx_cache(imp->imp_sec, 0, 1, 1);
+ * sptlrpc_req_refresh_ctx() */
+ import_flush_ctx_common(imp, 0, 1, 1);
}
void sptlrpc_import_flush_my_ctx(struct obd_import *imp)
{
- if (imp == NULL || imp->imp_sec == NULL)
- return;
-
- sec_cop_flush_ctx_cache(imp->imp_sec, cfs_current()->uid, 1, 1);
+ import_flush_ctx_common(imp, cfs_curproc_uid(), 1, 1);
}
EXPORT_SYMBOL(sptlrpc_import_flush_my_ctx);
void sptlrpc_import_flush_all_ctx(struct obd_import *imp)
{
- if (imp == NULL || imp->imp_sec == NULL)
- return;
-
- sec_cop_flush_ctx_cache(imp->imp_sec, -1, 1, 1);
+ import_flush_ctx_common(imp, -1, 1, 1);
}
EXPORT_SYMBOL(sptlrpc_import_flush_all_ctx);
-/*
- * when complete successfully, req->rq_reqmsg should point to the
- * right place.
+/**
+ * Used by ptlrpc client to allocate request buffer of \a req. Upon return
+ * successfully, req->rq_reqmsg points to a buffer with size \a msgsize.
*/
int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize)
{
int rc;
LASSERT(ctx);
- LASSERT(atomic_read(&ctx->cc_refcount));
LASSERT(ctx->cc_sec);
LASSERT(ctx->cc_sec->ps_policy);
LASSERT(req->rq_reqmsg == NULL);
+ LASSERT_ATOMIC_POS(&ctx->cc_refcount);
policy = ctx->cc_sec->ps_policy;
rc = policy->sp_cops->alloc_reqbuf(ctx->cc_sec, req, msgsize);
return rc;
}
+/**
+ * Used by ptlrpc client to free request buffer of \a req. After this
+ * req->rq_reqmsg is set to NULL and should not be accessed anymore.
+ */
void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req)
{
struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
struct ptlrpc_sec_policy *policy;
LASSERT(ctx);
- LASSERT(atomic_read(&ctx->cc_refcount));
LASSERT(ctx->cc_sec);
LASSERT(ctx->cc_sec->ps_policy);
- LASSERT(req->rq_reqbuf || req->rq_clrbuf);
+ LASSERT_ATOMIC_POS(&ctx->cc_refcount);
+
+ if (req->rq_reqbuf == NULL && req->rq_clrbuf == NULL)
+ return;
policy = ctx->cc_sec->ps_policy;
policy->sp_cops->free_reqbuf(ctx->cc_sec, req);
+ req->rq_reqmsg = NULL;
}
/*
}
EXPORT_SYMBOL(_sptlrpc_enlarge_msg_inplace);
-/*
- * enlarge @segment of upper message req->rq_reqmsg to @newsize, all data
- * will be preserved after enlargement. this must be called after rq_reqmsg has
- * been intialized at least.
+/**
+ * Used by ptlrpc client to enlarge the \a segment of request message pointed
+ * by req->rq_reqmsg to size \a newsize, all previously filled-in data will be
+ * preserved after the enlargement. this must be called after original request
+ * buffer being allocated.
*
- * caller's attention: upon return, rq_reqmsg and rq_reqlen might have
- * been changed.
+ * \note after this be called, rq_reqmsg and rq_reqlen might have been changed,
+ * so caller should refresh its local pointers if needed.
*/
int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
int segment, int newsize)
}
EXPORT_SYMBOL(sptlrpc_cli_enlarge_reqbuf);
+/**
+ * Used by ptlrpc client to allocate reply buffer of \a req.
+ *
+ * \note After this, req->rq_repmsg is still not accessible.
+ */
int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize)
{
struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
ENTRY;
LASSERT(ctx);
- LASSERT(atomic_read(&ctx->cc_refcount));
LASSERT(ctx->cc_sec);
LASSERT(ctx->cc_sec->ps_policy);
RETURN(policy->sp_cops->alloc_repbuf(ctx->cc_sec, req, msgsize));
}
+/**
+ * Used by ptlrpc client to free reply buffer of \a req. After this
+ * req->rq_repmsg is set to NULL and should not be accessed anymore.
+ */
void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req)
{
struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
ENTRY;
LASSERT(ctx);
- LASSERT(atomic_read(&ctx->cc_refcount));
LASSERT(ctx->cc_sec);
LASSERT(ctx->cc_sec->ps_policy);
- LASSERT(req->rq_repbuf);
+ LASSERT_ATOMIC_POS(&ctx->cc_refcount);
+
+ if (req->rq_repbuf == NULL)
+ return;
+ LASSERT(req->rq_repbuf_len);
policy = ctx->cc_sec->ps_policy;
policy->sp_cops->free_repbuf(ctx->cc_sec, req);
+ req->rq_repmsg = NULL;
EXIT;
}
* server side security *
****************************************/
+static int flavor_allowed(struct sptlrpc_flavor *exp,
+ struct ptlrpc_request *req)
+{
+ struct sptlrpc_flavor *flvr = &req->rq_flvr;
+
+ if (exp->sf_rpc == SPTLRPC_FLVR_ANY || exp->sf_rpc == flvr->sf_rpc)
+ return 1;
+
+ if ((req->rq_ctx_init || req->rq_ctx_fini) &&
+ SPTLRPC_FLVR_POLICY(exp->sf_rpc) ==
+ SPTLRPC_FLVR_POLICY(flvr->sf_rpc) &&
+ SPTLRPC_FLVR_MECH(exp->sf_rpc) == SPTLRPC_FLVR_MECH(flvr->sf_rpc))
+ return 1;
+
+ return 0;
+}
+
+#define EXP_FLVR_UPDATE_EXPIRE (OBD_TIMEOUT_DEFAULT + 10)
+
+/**
+ * Given an export \a exp, check whether the flavor of incoming \a req
+ * is allowed by the export \a exp. Main logic is about taking care of
+ * changing configurations. Return 0 means success.
+ */
int sptlrpc_target_export_check(struct obd_export *exp,
struct ptlrpc_request *req)
{
- if (!req->rq_auth_gss ||
- (!req->rq_auth_usr_root && !req->rq_auth_usr_mdt))
+ struct sptlrpc_flavor flavor;
+
+ if (exp == NULL)
return 0;
- if (!req->rq_ctx_init)
+ /* client side export has no imp_reverse, skip
+ * FIXME maybe we should check flavor this as well??? */
+ if (exp->exp_imp_reverse == NULL)
return 0;
- LASSERT(exp->exp_imp_reverse);
- sptlrpc_svc_install_rvs_ctx(exp->exp_imp_reverse, req->rq_svc_ctx);
- return 0;
+ /* don't care about ctx fini rpc */
+ if (req->rq_ctx_fini)
+ return 0;
+
+ cfs_spin_lock(&exp->exp_lock);
+
+ /* if flavor just changed (exp->exp_flvr_changed != 0), we wait for
+ * the first req with the new flavor, then treat it as current flavor,
+ * adapt reverse sec according to it.
+ * note the first rpc with new flavor might not be with root ctx, in
+ * which case delay the sec_adapt by leaving exp_flvr_adapt == 1. */
+ if (unlikely(exp->exp_flvr_changed) &&
+ flavor_allowed(&exp->exp_flvr_old[1], req)) {
+ /* make the new flavor as "current", and old ones as
+ * about-to-expire */
+ CDEBUG(D_SEC, "exp %p: just changed: %x->%x\n", exp,
+ exp->exp_flvr.sf_rpc, exp->exp_flvr_old[1].sf_rpc);
+ flavor = exp->exp_flvr_old[1];
+ exp->exp_flvr_old[1] = exp->exp_flvr_old[0];
+ exp->exp_flvr_expire[1] = exp->exp_flvr_expire[0];
+ exp->exp_flvr_old[0] = exp->exp_flvr;
+ exp->exp_flvr_expire[0] = cfs_time_current_sec() +
+ EXP_FLVR_UPDATE_EXPIRE;
+ exp->exp_flvr = flavor;
+
+ /* flavor change finished */
+ exp->exp_flvr_changed = 0;
+ LASSERT(exp->exp_flvr_adapt == 1);
+
+ /* if it's gss, we only interested in root ctx init */
+ if (req->rq_auth_gss &&
+ !(req->rq_ctx_init &&
+ (req->rq_auth_usr_root || req->rq_auth_usr_mdt ||
+ req->rq_auth_usr_ost))) {
+ cfs_spin_unlock(&exp->exp_lock);
+ CDEBUG(D_SEC, "is good but not root(%d:%d:%d:%d:%d)\n",
+ req->rq_auth_gss, req->rq_ctx_init,
+ req->rq_auth_usr_root, req->rq_auth_usr_mdt,
+ req->rq_auth_usr_ost);
+ return 0;
+ }
+
+ exp->exp_flvr_adapt = 0;
+ cfs_spin_unlock(&exp->exp_lock);
+
+ return sptlrpc_import_sec_adapt(exp->exp_imp_reverse,
+ req->rq_svc_ctx, &flavor);
+ }
+
+ /* if it equals to the current flavor, we accept it, but need to
+ * dealing with reverse sec/ctx */
+ if (likely(flavor_allowed(&exp->exp_flvr, req))) {
+ /* most cases should return here, we only interested in
+ * gss root ctx init */
+ if (!req->rq_auth_gss || !req->rq_ctx_init ||
+ (!req->rq_auth_usr_root && !req->rq_auth_usr_mdt &&
+ !req->rq_auth_usr_ost)) {
+ cfs_spin_unlock(&exp->exp_lock);
+ return 0;
+ }
+
+ /* if flavor just changed, we should not proceed, just leave
+ * it and current flavor will be discovered and replaced
+ * shortly, and let _this_ rpc pass through */
+ if (exp->exp_flvr_changed) {
+ LASSERT(exp->exp_flvr_adapt);
+ cfs_spin_unlock(&exp->exp_lock);
+ return 0;
+ }
+
+ if (exp->exp_flvr_adapt) {
+ exp->exp_flvr_adapt = 0;
+ CDEBUG(D_SEC, "exp %p (%x|%x|%x): do delayed adapt\n",
+ exp, exp->exp_flvr.sf_rpc,
+ exp->exp_flvr_old[0].sf_rpc,
+ exp->exp_flvr_old[1].sf_rpc);
+ flavor = exp->exp_flvr;
+ cfs_spin_unlock(&exp->exp_lock);
+
+ return sptlrpc_import_sec_adapt(exp->exp_imp_reverse,
+ req->rq_svc_ctx,
+ &flavor);
+ } else {
+ CDEBUG(D_SEC, "exp %p (%x|%x|%x): is current flavor, "
+ "install rvs ctx\n", exp, exp->exp_flvr.sf_rpc,
+ exp->exp_flvr_old[0].sf_rpc,
+ exp->exp_flvr_old[1].sf_rpc);
+ cfs_spin_unlock(&exp->exp_lock);
+
+ return sptlrpc_svc_install_rvs_ctx(exp->exp_imp_reverse,
+ req->rq_svc_ctx);
+ }
+ }
+
+ if (exp->exp_flvr_expire[0]) {
+ if (exp->exp_flvr_expire[0] >= cfs_time_current_sec()) {
+ if (flavor_allowed(&exp->exp_flvr_old[0], req)) {
+ CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the "
+ "middle one ("CFS_DURATION_T")\n", exp,
+ exp->exp_flvr.sf_rpc,
+ exp->exp_flvr_old[0].sf_rpc,
+ exp->exp_flvr_old[1].sf_rpc,
+ exp->exp_flvr_expire[0] -
+ cfs_time_current_sec());
+ cfs_spin_unlock(&exp->exp_lock);
+ return 0;
+ }
+ } else {
+ CDEBUG(D_SEC, "mark middle expired\n");
+ exp->exp_flvr_expire[0] = 0;
+ }
+ CDEBUG(D_SEC, "exp %p (%x|%x|%x): %x not match middle\n", exp,
+ exp->exp_flvr.sf_rpc,
+ exp->exp_flvr_old[0].sf_rpc, exp->exp_flvr_old[1].sf_rpc,
+ req->rq_flvr.sf_rpc);
+ }
+
+ /* now it doesn't match the current flavor, the only chance we can
+ * accept it is match the old flavors which is not expired. */
+ if (exp->exp_flvr_changed == 0 && exp->exp_flvr_expire[1]) {
+ if (exp->exp_flvr_expire[1] >= cfs_time_current_sec()) {
+ if (flavor_allowed(&exp->exp_flvr_old[1], req)) {
+ CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the "
+ "oldest one ("CFS_DURATION_T")\n", exp,
+ exp->exp_flvr.sf_rpc,
+ exp->exp_flvr_old[0].sf_rpc,
+ exp->exp_flvr_old[1].sf_rpc,
+ exp->exp_flvr_expire[1] -
+ cfs_time_current_sec());
+ cfs_spin_unlock(&exp->exp_lock);
+ return 0;
+ }
+ } else {
+ CDEBUG(D_SEC, "mark oldest expired\n");
+ exp->exp_flvr_expire[1] = 0;
+ }
+ CDEBUG(D_SEC, "exp %p (%x|%x|%x): %x not match found\n",
+ exp, exp->exp_flvr.sf_rpc,
+ exp->exp_flvr_old[0].sf_rpc, exp->exp_flvr_old[1].sf_rpc,
+ req->rq_flvr.sf_rpc);
+ } else {
+ CDEBUG(D_SEC, "exp %p (%x|%x|%x): skip the last one\n",
+ exp, exp->exp_flvr.sf_rpc, exp->exp_flvr_old[0].sf_rpc,
+ exp->exp_flvr_old[1].sf_rpc);
+ }
+
+ cfs_spin_unlock(&exp->exp_lock);
+
+ CWARN("exp %p(%s): req %p (%u|%u|%u|%u|%u|%u) with "
+ "unauthorized flavor %x, expect %x|%x(%+ld)|%x(%+ld)\n",
+ exp, exp->exp_obd->obd_name,
+ req, req->rq_auth_gss, req->rq_ctx_init, req->rq_ctx_fini,
+ req->rq_auth_usr_root, req->rq_auth_usr_mdt, req->rq_auth_usr_ost,
+ req->rq_flvr.sf_rpc,
+ exp->exp_flvr.sf_rpc,
+ exp->exp_flvr_old[0].sf_rpc,
+ exp->exp_flvr_expire[0] ?
+ (unsigned long) (exp->exp_flvr_expire[0] -
+ cfs_time_current_sec()) : 0,
+ exp->exp_flvr_old[1].sf_rpc,
+ exp->exp_flvr_expire[1] ?
+ (unsigned long) (exp->exp_flvr_expire[1] -
+ cfs_time_current_sec()) : 0);
+ return -EACCES;
+}
+EXPORT_SYMBOL(sptlrpc_target_export_check);
+
+void sptlrpc_target_update_exp_flavor(struct obd_device *obd,
+ struct sptlrpc_rule_set *rset)
+{
+ struct obd_export *exp;
+ struct sptlrpc_flavor new_flvr;
+
+ LASSERT(obd);
+
+ cfs_spin_lock(&obd->obd_dev_lock);
+
+ cfs_list_for_each_entry(exp, &obd->obd_exports, exp_obd_chain) {
+ if (exp->exp_connection == NULL)
+ continue;
+
+ /* note if this export had just been updated flavor
+ * (exp_flvr_changed == 1), this will override the
+ * previous one. */
+ cfs_spin_lock(&exp->exp_lock);
+ sptlrpc_target_choose_flavor(rset, exp->exp_sp_peer,
+ exp->exp_connection->c_peer.nid,
+ &new_flvr);
+ if (exp->exp_flvr_changed ||
+ !flavor_equal(&new_flvr, &exp->exp_flvr)) {
+ exp->exp_flvr_old[1] = new_flvr;
+ exp->exp_flvr_expire[1] = 0;
+ exp->exp_flvr_changed = 1;
+ exp->exp_flvr_adapt = 1;
+
+ CDEBUG(D_SEC, "exp %p (%s): updated flavor %x->%x\n",
+ exp, sptlrpc_part2name(exp->exp_sp_peer),
+ exp->exp_flvr.sf_rpc,
+ exp->exp_flvr_old[1].sf_rpc);
+ }
+ cfs_spin_unlock(&exp->exp_lock);
+ }
+
+ cfs_spin_unlock(&obd->obd_dev_lock);
}
+EXPORT_SYMBOL(sptlrpc_target_update_exp_flavor);
+
+static int sptlrpc_svc_check_from(struct ptlrpc_request *req, int svc_rc)
+{
+ /* peer's claim is unreliable unless gss is being used */
+ if (!req->rq_auth_gss || svc_rc == SECSVC_DROP)
+ return svc_rc;
+ switch (req->rq_sp_from) {
+ case LUSTRE_SP_CLI:
+ if (req->rq_auth_usr_mdt || req->rq_auth_usr_ost) {
+ DEBUG_REQ(D_ERROR, req, "faked source CLI");
+ svc_rc = SECSVC_DROP;
+ }
+ break;
+ case LUSTRE_SP_MDT:
+ if (!req->rq_auth_usr_mdt) {
+ DEBUG_REQ(D_ERROR, req, "faked source MDT");
+ svc_rc = SECSVC_DROP;
+ }
+ break;
+ case LUSTRE_SP_OST:
+ if (!req->rq_auth_usr_ost) {
+ DEBUG_REQ(D_ERROR, req, "faked source OST");
+ svc_rc = SECSVC_DROP;
+ }
+ break;
+ case LUSTRE_SP_MGS:
+ case LUSTRE_SP_MGC:
+ if (!req->rq_auth_usr_root && !req->rq_auth_usr_mdt &&
+ !req->rq_auth_usr_ost) {
+ DEBUG_REQ(D_ERROR, req, "faked source MGC/MGS");
+ svc_rc = SECSVC_DROP;
+ }
+ break;
+ case LUSTRE_SP_ANY:
+ default:
+ DEBUG_REQ(D_ERROR, req, "invalid source %u", req->rq_sp_from);
+ svc_rc = SECSVC_DROP;
+ }
+
+ return svc_rc;
+}
+
+/**
+ * Used by ptlrpc server, to perform transformation upon request message of
+ * incoming \a req. This must be the first thing to do with a incoming
+ * request in ptlrpc layer.
+ *
+ * \retval SECSVC_OK success, and req->rq_reqmsg point to request message in
+ * clear text, size is req->rq_reqlen; also req->rq_svc_ctx is set.
+ * \retval SECSVC_COMPLETE success, the request has been fully processed, and
+ * reply message has been prepared.
+ * \retval SECSVC_DROP failed, this request should be dropped.
+ */
int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req)
{
struct ptlrpc_sec_policy *policy;
- struct lustre_msg *msg = req->rq_reqbuf;
- int rc;
+ struct lustre_msg *msg = req->rq_reqbuf;
+ int rc;
ENTRY;
LASSERT(msg);
LASSERT(req->rq_reqmsg == NULL);
LASSERT(req->rq_repmsg == NULL);
+ LASSERT(req->rq_svc_ctx == NULL);
- /*
- * in any case we avoid to call unpack_msg() for request of null flavor
- * which will later be done by ptlrpc_server_handle_request().
- */
- if (req->rq_reqdata_len < sizeof(struct lustre_msg)) {
- CERROR("request size %d too small\n", req->rq_reqdata_len);
+ req->rq_req_swab_mask = 0;
+
+ rc = __lustre_unpack_msg(msg, req->rq_reqdata_len);
+ switch (rc) {
+ case 1:
+ lustre_set_req_swabbed(req, MSG_PTLRPC_HEADER_OFF);
+ case 0:
+ break;
+ default:
+ CERROR("error unpacking request from %s x"LPU64"\n",
+ libcfs_id2str(req->rq_peer), req->rq_xid);
RETURN(SECSVC_DROP);
}
- if (msg->lm_magic == LUSTRE_MSG_MAGIC_V1 ||
- msg->lm_magic == LUSTRE_MSG_MAGIC_V1_SWABBED) {
- req->rq_sec_flavor = SPTLRPC_FLVR_NULL;
- } else {
- req->rq_sec_flavor = msg->lm_secflvr;
-
- if (msg->lm_magic == LUSTRE_MSG_MAGIC_V2_SWABBED)
- __swab32s(&req->rq_sec_flavor);
+ req->rq_flvr.sf_rpc = WIRE_FLVR(msg->lm_secflvr);
+ req->rq_sp_from = LUSTRE_SP_ANY;
+ req->rq_auth_uid = INVALID_UID;
+ req->rq_auth_mapped_uid = INVALID_UID;
- if ((SEC_FLAVOR_POLICY(req->rq_sec_flavor) !=
- SPTLRPC_POLICY_NULL) &&
- lustre_unpack_msg(msg, req->rq_reqdata_len))
- RETURN(SECSVC_DROP);
- }
-
- policy = sptlrpc_flavor2policy(req->rq_sec_flavor);
+ policy = sptlrpc_wireflavor2policy(req->rq_flvr.sf_rpc);
if (!policy) {
- CERROR("unsupported security flavor %x\n", req->rq_sec_flavor);
+ CERROR("unsupported rpc flavor %x\n", req->rq_flvr.sf_rpc);
RETURN(SECSVC_DROP);
}
LASSERT(policy->sp_sops->accept);
rc = policy->sp_sops->accept(req);
-
- LASSERT(req->rq_reqmsg || rc != SECSVC_OK);
sptlrpc_policy_put(policy);
+ LASSERT(req->rq_reqmsg || rc != SECSVC_OK);
+ LASSERT(req->rq_svc_ctx || rc == SECSVC_DROP);
- /* FIXME move to proper place */
- if (rc == SECSVC_OK) {
- __u32 opc = lustre_msg_get_opc(req->rq_reqmsg);
-
- if (opc == OST_WRITE)
- req->rq_bulk_write = 1;
- else if (opc == OST_READ)
- req->rq_bulk_read = 1;
- }
+ /*
+ * if it's not null flavor (which means embedded packing msg),
+ * reset the swab mask for the comming inner msg unpacking.
+ */
+ if (SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc) != SPTLRPC_POLICY_NULL)
+ req->rq_req_swab_mask = 0;
- LASSERT(req->rq_svc_ctx || rc == SECSVC_DROP);
+ /* sanity check for the request source */
+ rc = sptlrpc_svc_check_from(req, rc);
RETURN(rc);
}
-int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req,
- int msglen)
+/**
+ * Used by ptlrpc server, to allocate reply buffer for \a req. If succeed,
+ * req->rq_reply_state is set, and req->rq_reply_state->rs_msg point to
+ * a buffer of \a msglen size.
+ */
+int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen)
{
struct ptlrpc_sec_policy *policy;
struct ptlrpc_reply_state *rs;
RETURN(rc);
}
+/**
+ * Used by ptlrpc server, to perform transformation upon reply message.
+ *
+ * \post req->rq_reply_off is set to approriate server-controlled reply offset.
+ * \post req->rq_repmsg and req->rq_reply_state->rs_msg becomes inaccessible.
+ */
int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req)
{
struct ptlrpc_sec_policy *policy;
RETURN(rc);
}
+/**
+ * Used by ptlrpc server, to free reply_state.
+ */
void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs)
{
struct ptlrpc_sec_policy *policy;
{
struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
- if (ctx == NULL)
- return;
-
- LASSERT(atomic_read(&ctx->sc_refcount) > 0);
- atomic_inc(&ctx->sc_refcount);
+ if (ctx != NULL)
+ cfs_atomic_inc(&ctx->sc_refcount);
}
void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req)
if (ctx == NULL)
return;
- LASSERT(atomic_read(&ctx->sc_refcount) > 0);
- if (atomic_dec_and_test(&ctx->sc_refcount)) {
+ LASSERT_ATOMIC_POS(&ctx->sc_refcount);
+ if (cfs_atomic_dec_and_test(&ctx->sc_refcount)) {
if (ctx->sc_policy->sp_sops->free_ctx)
ctx->sc_policy->sp_sops->free_ctx(ctx);
}
if (ctx == NULL)
return;
- LASSERT(atomic_read(&ctx->sc_refcount) > 0);
+ LASSERT_ATOMIC_POS(&ctx->sc_refcount);
if (ctx->sc_policy->sp_sops->invalidate_ctx)
ctx->sc_policy->sp_sops->invalidate_ctx(ctx);
}
* bulk security *
****************************************/
+/**
+ * Perform transformation upon bulk data pointed by \a desc. This is called
+ * before transforming the request message.
+ */
int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
struct ptlrpc_bulk_desc *desc)
{
struct ptlrpc_cli_ctx *ctx;
- if (!SEC_FLAVOR_HAS_BULK(req->rq_sec_flavor))
- return 0;
-
LASSERT(req->rq_bulk_read || req->rq_bulk_write);
+ if (!req->rq_pack_bulk)
+ return 0;
+
ctx = req->rq_cli_ctx;
if (ctx->cc_ops->wrap_bulk)
return ctx->cc_ops->wrap_bulk(ctx, req, desc);
}
EXPORT_SYMBOL(sptlrpc_cli_wrap_bulk);
-static
-void pga_to_bulk_desc(int nob, obd_count pg_count, struct brw_page **pga,
- struct ptlrpc_bulk_desc *desc)
-{
- int i;
-
- LASSERT(pga);
- LASSERT(*pga);
-
- for (i = 0; i < pg_count && nob > 0; i++) {
-#ifdef __KERNEL__
- desc->bd_iov[i].kiov_page = pga[i]->pg;
- desc->bd_iov[i].kiov_len = pga[i]->count > nob ?
- nob : pga[i]->count;
- desc->bd_iov[i].kiov_offset = pga[i]->off & ~CFS_PAGE_MASK;
-#else
-#warning FIXME for liblustre!
- desc->bd_iov[i].iov_base = pga[i]->pg->addr;
- desc->bd_iov[i].iov_len = pga[i]->count > nob ?
- nob : pga[i]->count;
-#endif
-
- desc->bd_iov_count++;
- nob -= pga[i]->count;
- }
-}
-
+/**
+ * This is called after unwrap the reply message.
+ * return nob of actual plain text size received, or error code.
+ */
int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
- int nob, obd_count pg_count,
- struct brw_page **pga)
+ struct ptlrpc_bulk_desc *desc,
+ int nob)
{
- struct ptlrpc_bulk_desc *desc;
- struct ptlrpc_cli_ctx *ctx;
- int rc = 0;
-
- if (!SEC_FLAVOR_HAS_BULK(req->rq_sec_flavor))
- return 0;
+ struct ptlrpc_cli_ctx *ctx;
+ int rc;
LASSERT(req->rq_bulk_read && !req->rq_bulk_write);
- OBD_ALLOC(desc, offsetof(struct ptlrpc_bulk_desc, bd_iov[pg_count]));
- if (desc == NULL) {
- CERROR("out of memory, can't verify bulk read data\n");
- return -ENOMEM;
- }
-
- pga_to_bulk_desc(nob, pg_count, pga, desc);
+ if (!req->rq_pack_bulk)
+ return desc->bd_nob_transferred;
ctx = req->rq_cli_ctx;
- if (ctx->cc_ops->unwrap_bulk)
+ if (ctx->cc_ops->unwrap_bulk) {
rc = ctx->cc_ops->unwrap_bulk(ctx, req, desc);
-
- OBD_FREE(desc, offsetof(struct ptlrpc_bulk_desc, bd_iov[pg_count]));
-
- return rc;
+ if (rc < 0)
+ return rc;
+ }
+ return desc->bd_nob_transferred;
}
EXPORT_SYMBOL(sptlrpc_cli_unwrap_bulk_read);
+/**
+ * This is called after unwrap the reply message.
+ * return 0 for success or error code.
+ */
int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
struct ptlrpc_bulk_desc *desc)
{
- struct ptlrpc_cli_ctx *ctx;
-
- if (!SEC_FLAVOR_HAS_BULK(req->rq_sec_flavor))
- return 0;
+ struct ptlrpc_cli_ctx *ctx;
+ int rc;
LASSERT(!req->rq_bulk_read && req->rq_bulk_write);
+ if (!req->rq_pack_bulk)
+ return 0;
+
ctx = req->rq_cli_ctx;
- if (ctx->cc_ops->unwrap_bulk)
- return ctx->cc_ops->unwrap_bulk(ctx, req, desc);
+ if (ctx->cc_ops->unwrap_bulk) {
+ rc = ctx->cc_ops->unwrap_bulk(ctx, req, desc);
+ if (rc < 0)
+ return rc;
+ }
+
+ /*
+ * if everything is going right, nob should equals to nob_transferred.
+ * in case of privacy mode, nob_transferred needs to be adjusted.
+ */
+ if (desc->bd_nob != desc->bd_nob_transferred) {
+ CERROR("nob %d doesn't match transferred nob %d",
+ desc->bd_nob, desc->bd_nob_transferred);
+ return -EPROTO;
+ }
return 0;
}
EXPORT_SYMBOL(sptlrpc_cli_unwrap_bulk_write);
+/**
+ * Performe transformation upon outgoing bulk read.
+ */
int sptlrpc_svc_wrap_bulk(struct ptlrpc_request *req,
struct ptlrpc_bulk_desc *desc)
{
struct ptlrpc_svc_ctx *ctx;
- if (!SEC_FLAVOR_HAS_BULK(req->rq_sec_flavor))
- return 0;
+ LASSERT(req->rq_bulk_read);
- LASSERT(req->rq_bulk_read || req->rq_bulk_write);
+ if (!req->rq_pack_bulk)
+ return 0;
ctx = req->rq_svc_ctx;
if (ctx->sc_policy->sp_sops->wrap_bulk)
}
EXPORT_SYMBOL(sptlrpc_svc_wrap_bulk);
+/**
+ * Performe transformation upon incoming bulk write.
+ */
int sptlrpc_svc_unwrap_bulk(struct ptlrpc_request *req,
struct ptlrpc_bulk_desc *desc)
{
struct ptlrpc_svc_ctx *ctx;
+ int rc;
- if (!SEC_FLAVOR_HAS_BULK(req->rq_sec_flavor))
- return 0;
+ LASSERT(req->rq_bulk_write);
- LASSERT(req->rq_bulk_read || req->rq_bulk_write);
+ /*
+ * if it's in privacy mode, transferred should >= expected; otherwise
+ * transferred should == expected.
+ */
+ if (desc->bd_nob_transferred < desc->bd_nob ||
+ (desc->bd_nob_transferred > desc->bd_nob &&
+ SPTLRPC_FLVR_BULK_SVC(req->rq_flvr.sf_rpc) !=
+ SPTLRPC_BULK_SVC_PRIV)) {
+ DEBUG_REQ(D_ERROR, req, "truncated bulk GET %d(%d)",
+ desc->bd_nob_transferred, desc->bd_nob);
+ return -ETIMEDOUT;
+ }
+
+ if (!req->rq_pack_bulk)
+ return 0;
ctx = req->rq_svc_ctx;
- if (ctx->sc_policy->sp_sops->unwrap_bulk);
- return ctx->sc_policy->sp_sops->unwrap_bulk(req, desc);
+ if (ctx->sc_policy->sp_sops->unwrap_bulk) {
+ rc = ctx->sc_policy->sp_sops->unwrap_bulk(req, desc);
+ if (rc)
+ CERROR("error unwrap bulk: %d\n", rc);
+ }
+ /* return 0 to allow reply be sent */
return 0;
}
EXPORT_SYMBOL(sptlrpc_svc_unwrap_bulk);
+/**
+ * Prepare buffers for incoming bulk write.
+ */
+int sptlrpc_svc_prep_bulk(struct ptlrpc_request *req,
+ struct ptlrpc_bulk_desc *desc)
+{
+ struct ptlrpc_svc_ctx *ctx;
+
+ LASSERT(req->rq_bulk_write);
+
+ if (!req->rq_pack_bulk)
+ return 0;
+
+ ctx = req->rq_svc_ctx;
+ if (ctx->sc_policy->sp_sops->prep_bulk)
+ return ctx->sc_policy->sp_sops->prep_bulk(req, desc);
+
+ return 0;
+}
+EXPORT_SYMBOL(sptlrpc_svc_prep_bulk);
/****************************************
* user descriptor helpers *
pud = lustre_msg_buf(msg, offset, 0);
- pud->pud_uid = cfs_current()->uid;
- pud->pud_gid = cfs_current()->gid;
- pud->pud_fsuid = cfs_current()->fsuid;
- pud->pud_fsgid = cfs_current()->fsgid;
- pud->pud_cap = cfs_current()->cap_effective;
+ pud->pud_uid = cfs_curproc_uid();
+ pud->pud_gid = cfs_curproc_gid();
+ pud->pud_fsuid = cfs_curproc_fsuid();
+ pud->pud_fsgid = cfs_curproc_fsgid();
+ pud->pud_cap = cfs_curproc_cap_pack();
pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;
#ifdef __KERNEL__
task_lock(current);
if (pud->pud_ngroups > current_ngroups)
pud->pud_ngroups = current_ngroups;
- memcpy(pud->pud_groups, cfs_current()->group_info->blocks[0],
+ memcpy(pud->pud_groups, current_cred()->group_info->blocks[0],
pud->pud_ngroups * sizeof(__u32));
task_unlock(current);
#endif
}
EXPORT_SYMBOL(sptlrpc_pack_user_desc);
-int sptlrpc_unpack_user_desc(struct lustre_msg *msg, int offset)
+int sptlrpc_unpack_user_desc(struct lustre_msg *msg, int offset, int swabbed)
{
struct ptlrpc_user_desc *pud;
int i;
if (!pud)
return -EINVAL;
- if (lustre_msg_swabbed(msg)) {
+ if (swabbed) {
__swab32s(&pud->pud_uid);
__swab32s(&pud->pud_gid);
__swab32s(&pud->pud_fsuid);
return -EINVAL;
}
- if (lustre_msg_swabbed(msg)) {
+ if (swabbed) {
for (i = 0; i < pud->pud_ngroups; i++)
__swab32s(&pud->pud_groups[i]);
}
EXPORT_SYMBOL(sptlrpc_unpack_user_desc);
/****************************************
- * user supplied flavor string parsing *
+ * misc helpers *
****************************************/
-static
-int get_default_flavor(enum lustre_part to_part, struct sec_flavor_config *conf)
-{
- conf->sfc_bulk_priv = BULK_PRIV_ALG_NULL;
- conf->sfc_bulk_csum = BULK_CSUM_ALG_NULL;
- conf->sfc_flags = 0;
-
- switch (to_part) {
- case LUSTRE_MDT:
- conf->sfc_rpc_flavor = SPTLRPC_FLVR_PLAIN;
- return 0;
- case LUSTRE_OST:
- conf->sfc_rpc_flavor = SPTLRPC_FLVR_NULL;
- return 0;
- default:
- CERROR("Unknown to lustre part %d, apply defaults\n", to_part);
- conf->sfc_rpc_flavor = SPTLRPC_FLVR_NULL;
- return -EINVAL;
- }
-}
-
-static
-void get_flavor_by_rpc(__u32 rpc_flavor, struct sec_flavor_config *conf)
-{
- conf->sfc_rpc_flavor = rpc_flavor;
- conf->sfc_bulk_priv = BULK_PRIV_ALG_NULL;
- conf->sfc_bulk_csum = BULK_CSUM_ALG_NULL;
- conf->sfc_flags = 0;
-
- switch (rpc_flavor) {
- case SPTLRPC_FLVR_NULL:
- case SPTLRPC_FLVR_PLAIN:
- case SPTLRPC_FLVR_KRB5N:
- case SPTLRPC_FLVR_KRB5A:
- break;
- case SPTLRPC_FLVR_KRB5P:
- conf->sfc_bulk_priv = BULK_PRIV_ALG_ARC4;
- /* fall through */
- case SPTLRPC_FLVR_KRB5I:
- conf->sfc_bulk_csum = BULK_CSUM_ALG_SHA1;
- break;
- default:
- LBUG();
- }
-}
-
-static
-void get_flavor_by_rpc_bulk(__u32 rpc_flavor, int bulk_priv,
- struct sec_flavor_config *conf)
+const char * sec2target_str(struct ptlrpc_sec *sec)
{
- if (bulk_priv)
- conf->sfc_bulk_priv = BULK_PRIV_ALG_ARC4;
- else
- conf->sfc_bulk_priv = BULK_PRIV_ALG_NULL;
-
- switch (rpc_flavor) {
- case SPTLRPC_FLVR_PLAIN:
- conf->sfc_bulk_csum = BULK_CSUM_ALG_MD5;
- break;
- case SPTLRPC_FLVR_KRB5N:
- case SPTLRPC_FLVR_KRB5A:
- case SPTLRPC_FLVR_KRB5I:
- case SPTLRPC_FLVR_KRB5P:
- conf->sfc_bulk_csum = BULK_CSUM_ALG_SHA1;
- break;
- default:
- LBUG();
- }
+ if (!sec || !sec->ps_import || !sec->ps_import->imp_obd)
+ return "*";
+ if (sec_is_reverse(sec))
+ return "c";
+ return obd_uuid2str(&sec->ps_import->imp_obd->u.cli.cl_target_uuid);
}
-
-static __u32 __flavors[] = {
- SPTLRPC_FLVR_NULL,
- SPTLRPC_FLVR_PLAIN,
- SPTLRPC_FLVR_KRB5N,
- SPTLRPC_FLVR_KRB5A,
- SPTLRPC_FLVR_KRB5I,
- SPTLRPC_FLVR_KRB5P,
-};
-
-#define __nflavors (sizeof(__flavors)/sizeof(__u32))
+EXPORT_SYMBOL(sec2target_str);
/*
- * flavor string format: rpc[-bulk{n|i|p}[:cksum/enc]]
- * for examples:
- * null
- * plain-bulki
- * krb5p-bulkn
- * krb5i-bulkp
- * krb5i-bulkp:sha512/arc4
+ * return true if the bulk data is protected
*/
-int sptlrpc_parse_flavor(enum lustre_part from_part, enum lustre_part to_part,
- char *str, struct sec_flavor_config *conf)
+int sptlrpc_flavor_has_bulk(struct sptlrpc_flavor *flvr)
{
- char *f, *bulk, *alg, *enc;
- char buf[64];
- int i, bulk_priv;
- ENTRY;
-
- if (str == NULL) {
- if (get_default_flavor(to_part, conf))
- return -EINVAL;
- goto set_flags;
- }
-
- for (i = 0; i < __nflavors; i++) {
- f = sptlrpc_flavor2name(__flavors[i]);
- if (strncmp(str, f, strlen(f)) == 0)
- break;
- }
-
- if (i >= __nflavors)
- GOTO(invalid, -EINVAL);
-
- /* prepare local buffer thus we can modify it as we want */
- strncpy(buf, str, 64);
- buf[64 - 1] = '\0';
-
- /* find bulk string */
- bulk = strchr(buf, '-');
- if (bulk)
- *bulk++ = '\0';
-
- /* now the first part must equal to rpc flavor name */
- if (strcmp(buf, f) != 0)
- GOTO(invalid, -EINVAL);
-
- get_flavor_by_rpc(__flavors[i], conf);
-
- if (bulk == NULL)
- goto set_flags;
-
- /* null flavor should not have any suffix */
- if (__flavors[i] == SPTLRPC_FLVR_NULL)
- GOTO(invalid, -EINVAL);
-
- /* find bulk algorithm string */
- alg = strchr(bulk, ':');
- if (alg)
- *alg++ = '\0';
-
- /* verify bulk section */
- if (strcmp(bulk, "bulkn") == 0) {
- conf->sfc_bulk_csum = BULK_CSUM_ALG_NULL;
- conf->sfc_bulk_priv = BULK_PRIV_ALG_NULL;
- goto set_flags;
- }
-
- if (strcmp(bulk, "bulki") == 0)
- bulk_priv = 0;
- else if (strcmp(bulk, "bulkp") == 0)
- bulk_priv = 1;
- else
- GOTO(invalid, -EINVAL);
-
- /* plain policy dosen't support bulk encryption */
- if (bulk_priv && __flavors[i] == SPTLRPC_FLVR_PLAIN)
- GOTO(invalid, -EINVAL);
-
- get_flavor_by_rpc_bulk(__flavors[i], bulk_priv, conf);
-
- if (alg == NULL)
- goto set_flags;
-
- /* find encryption algorithm string */
- enc = strchr(alg, '/');
- if (enc)
- *enc++ = '\0';
-
- /* bulk combination sanity check */
- if ((bulk_priv && enc == NULL) || (bulk_priv == 0 && enc))
- GOTO(invalid, -EINVAL);
-
- /* checksum algorithm */
- for (i = 0; i < BULK_CSUM_ALG_MAX; i++) {
- if (strcmp(alg, sptlrpc_bulk_csum_alg2name(i)) == 0) {
- conf->sfc_bulk_csum = i;
- break;
- }
- }
- if (i >= BULK_CSUM_ALG_MAX)
- GOTO(invalid, -EINVAL);
-
- /* privacy algorithm */
- if (enc) {
- if (strcmp(enc, "arc4") != 0)
- GOTO(invalid, -EINVAL);
- conf->sfc_bulk_priv = BULK_PRIV_ALG_ARC4;
+ switch (SPTLRPC_FLVR_BULK_SVC(flvr->sf_rpc)) {
+ case SPTLRPC_BULK_SVC_INTG:
+ case SPTLRPC_BULK_SVC_PRIV:
+ return 1;
+ default:
+ return 0;
}
-
-set_flags:
- /* * set ROOTONLY flag:
- * - to OST
- * - from MDT to MDT
- * * set BULK flag for:
- * - from CLI to OST
- */
- if (to_part == LUSTRE_OST ||
- (from_part == LUSTRE_MDT && to_part == LUSTRE_MDT))
- conf->sfc_flags |= PTLRPC_SEC_FL_ROOTONLY;
- if (from_part == LUSTRE_CLI && to_part == LUSTRE_OST)
- conf->sfc_flags |= PTLRPC_SEC_FL_BULK;
-
-#ifdef __BIG_ENDIAN
- __swab32s(&conf->sfc_rpc_flavor);
- __swab32s(&conf->sfc_bulk_csum);
- __swab32s(&conf->sfc_bulk_priv);
- __swab32s(&conf->sfc_flags);
-#endif
- return 0;
-invalid:
- CERROR("invalid flavor string: %s\n", str);
- return -EINVAL;
}
-EXPORT_SYMBOL(sptlrpc_parse_flavor);
+EXPORT_SYMBOL(sptlrpc_flavor_has_bulk);
/****************************************
- * misc helpers *
+ * crypto API helper/alloc blkciper *
****************************************/
-const char * sec2target_str(struct ptlrpc_sec *sec)
-{
- if (!sec || !sec->ps_import || !sec->ps_import->imp_obd)
- return "*";
- if (sec_is_reverse(sec))
- return "c";
- return obd_uuid2str(&sec->ps_import->imp_obd->u.cli.cl_target_uuid);
-}
-EXPORT_SYMBOL(sec2target_str);
-
/****************************************
* initialize/finalize *
****************************************/
{
int rc;
- rc = sptlrpc_gc_start_thread();
+ cfs_rwlock_init(&policy_lock);
+
+ rc = sptlrpc_gc_init();
if (rc)
goto out;
- rc = sptlrpc_enc_pool_init();
+ rc = sptlrpc_conf_init();
if (rc)
goto out_gc;
+ rc = sptlrpc_enc_pool_init();
+ if (rc)
+ goto out_conf;
+
rc = sptlrpc_null_init();
if (rc)
goto out_pool;
sptlrpc_null_fini();
out_pool:
sptlrpc_enc_pool_fini();
+out_conf:
+ sptlrpc_conf_fini();
out_gc:
- sptlrpc_gc_stop_thread();
+ sptlrpc_gc_fini();
out:
return rc;
}
sptlrpc_plain_fini();
sptlrpc_null_fini();
sptlrpc_enc_pool_fini();
- sptlrpc_gc_stop_thread();
+ sptlrpc_conf_fini();
+ sptlrpc_gc_fini();
}