X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Fptlrpc%2Fgss%2Fsec_gss.c;h=043a68327062fc271aaf8195039497b2ddf54a75;hb=e975b1ce94ab7e626fbb4807032e0f72d6a3d42b;hp=528ea1706edf0074817765d404ab93275f674517;hpb=70e80ade90af09300396706b8910e196a7928520;p=fs%2Flustre-release.git diff --git a/lustre/ptlrpc/gss/sec_gss.c b/lustre/ptlrpc/gss/sec_gss.c index 528ea17..043a683 100644 --- a/lustre/ptlrpc/gss/sec_gss.c +++ b/lustre/ptlrpc/gss/sec_gss.c @@ -1,9 +1,9 @@ -/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*- - * vim:expandtab:shiftwidth=8:tabstop=8: - * +/* * Modifications for Lustre * - * Copyright 2008 Sun Microsystems, Inc. All rights reserved + * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. + * + * Copyright (c) 2011, 2013, Intel Corporation. * * Author: Eric Mei */ @@ -46,9 +46,6 @@ * */ -#ifndef EXPORT_SYMTAB -# define EXPORT_SYMTAB -#endif #define DEBUG_SUBSYSTEM S_SEC #ifdef __KERNEL__ #include @@ -56,7 +53,6 @@ #include #include #include -#include #include #include #else @@ -77,6 +73,7 @@ #include "gss_api.h" #include +#include /* * early reply have fixed size, respectively in privacy and integrity mode. @@ -111,17 +108,21 @@ void gss_header_swabber(struct gss_header *ghdr) __swab32s(&ghdr->gh_handle.len); } -struct gss_header *gss_swab_header(struct lustre_msg *msg, int segment) +struct gss_header *gss_swab_header(struct lustre_msg *msg, int segment, + int swabbed) { struct gss_header *ghdr; - ghdr = lustre_swab_buf(msg, segment, sizeof(*ghdr), - gss_header_swabber); + ghdr = lustre_msg_buf(msg, segment, sizeof(*ghdr)); + if (ghdr == NULL) + return NULL; + + if (swabbed) + gss_header_swabber(ghdr); - if (ghdr && - sizeof(*ghdr) + ghdr->gh_handle.len > msg->lm_buflens[segment]) { - CERROR("gss header require length %u, now %u received\n", - (unsigned int) sizeof(*ghdr) + ghdr->gh_handle.len, + if (sizeof(*ghdr) + ghdr->gh_handle.len > msg->lm_buflens[segment]) { + CERROR("gss header has length %d, now %u received\n", + (int) sizeof(*ghdr) + ghdr->gh_handle.len, msg->lm_buflens[segment]); return NULL; } @@ -129,6 +130,7 @@ struct gss_header *gss_swab_header(struct lustre_msg *msg, int segment) return ghdr; } +#if 0 static void gss_netobj_swabber(netobj_t *obj) { @@ -149,6 +151,7 @@ netobj_t *gss_swab_netobj(struct lustre_msg *msg, int segment) return obj; } +#endif /* * payload should be obtained from mechanism. but currently since we @@ -182,7 +185,7 @@ static int gss_sign_msg(struct lustre_msg *msg, rawobj_t *handle) { struct gss_header *ghdr; - rawobj_t text[3], mic; + rawobj_t text[4], mic; int textcnt, max_textcnt, mic_idx; __u32 major; @@ -223,7 +226,7 @@ static int gss_sign_msg(struct lustre_msg *msg, mic.len = msg->lm_buflens[mic_idx]; mic.data = lustre_msg_buf(msg, mic_idx, 0); - major = lgss_get_mic(mechctx, textcnt, text, &mic); + major = lgss_get_mic(mechctx, textcnt, text, 0, NULL, &mic); if (major != GSS_S_COMPLETE) { CERROR("fail to generate MIC: %08x\n", major); return -EPERM; @@ -241,7 +244,7 @@ __u32 gss_verify_msg(struct lustre_msg *msg, struct gss_ctx *mechctx, __u32 svc) { - rawobj_t text[3], mic; + rawobj_t text[4], mic; int textcnt, max_textcnt; int mic_idx; __u32 major; @@ -262,7 +265,7 @@ __u32 gss_verify_msg(struct lustre_msg *msg, mic.len = msg->lm_buflens[mic_idx]; mic.data = lustre_msg_buf(msg, mic_idx, 0); - major = lgss_verify_mic(mechctx, textcnt, text, &mic); + major = lgss_verify_mic(mechctx, textcnt, text, 0, NULL, &mic); if (major != GSS_S_COMPLETE) CERROR("mic verify error: %08x\n", major); @@ -291,7 +294,7 @@ __u32 gss_unseal_msg(struct gss_ctx *mechctx, /* allocate a temporary clear text buffer, same sized as token, * we assume the final clear text size <= token size */ clear_buflen = lustre_msg_buflen(msgbuf, 1); - OBD_ALLOC(clear_buf, clear_buflen); + OBD_ALLOC_LARGE(clear_buf, clear_buflen); if (!clear_buf) RETURN(GSS_S_FAILURE); @@ -317,7 +320,7 @@ __u32 gss_unseal_msg(struct gss_ctx *mechctx, major = GSS_S_COMPLETE; out_free: - OBD_FREE(clear_buf, clear_buflen); + OBD_FREE_LARGE(clear_buf, clear_buflen); RETURN(major); } @@ -327,11 +330,11 @@ out_free: int cli_ctx_expire(struct ptlrpc_cli_ctx *ctx) { - LASSERT(atomic_read(&ctx->cc_refcount)); + LASSERT(cfs_atomic_read(&ctx->cc_refcount)); - if (!test_and_set_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags)) { + if (!test_and_set_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags)) { if (!ctx->cc_early_expire) - clear_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags); + clear_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags); CWARN("ctx %p(%u->%s) get expired: %lu(%+lds)\n", ctx, ctx->cc_vcred.vc_uid, sec2target_str(ctx->cc_sec), @@ -339,6 +342,7 @@ int cli_ctx_expire(struct ptlrpc_cli_ctx *ctx) ctx->cc_expire == 0 ? 0 : cfs_time_sub(ctx->cc_expire, cfs_time_current_sec())); + sptlrpc_cli_ctx_wakeup(ctx); return 1; } @@ -384,7 +388,7 @@ void gss_cli_ctx_uptodate(struct gss_cli_ctx *gctx) * someone else, in which case nobody will make further use * of it. we don't care, and mark it UPTODATE will help * destroying server side context when it be destroied. */ - set_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags); + set_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags); if (sec_is_reverse(ctx->cc_sec)) { CWARN("server installed reverse ctx %p idx "LPX64", " @@ -403,6 +407,8 @@ void gss_cli_ctx_uptodate(struct gss_cli_ctx *gctx) gss_sec_install_rctx(ctx->cc_sec->ps_import, ctx->cc_sec, ctx); } + + sptlrpc_cli_ctx_wakeup(ctx); } static void gss_cli_ctx_finalize(struct gss_cli_ctx *gctx) @@ -504,7 +510,7 @@ int gss_do_check_seq(unsigned long *window, __u32 win_size, __u32 *max_seq, */ switch (phase) { case 0: - if (test_bit(seq_num % win_size, window)) + if (test_bit(seq_num % win_size, window)) goto replay; break; case 1: @@ -534,9 +540,9 @@ replay: */ int gss_check_seq_num(struct gss_svc_seq_data *ssd, __u32 seq_num, int set) { - int rc = 0; + int rc = 0; - spin_lock(&ssd->ssd_lock); + spin_lock(&ssd->ssd_lock); if (set == 0) { /* @@ -570,8 +576,8 @@ int gss_check_seq_num(struct gss_svc_seq_data *ssd, __u32 seq_num, int set) gss_stat_oos_record_svc(2, 0); } exit: - spin_unlock(&ssd->ssd_lock); - return rc; + spin_unlock(&ssd->ssd_lock); + return rc; } /*************************************** @@ -584,6 +590,33 @@ static inline int gss_cli_payload(struct ptlrpc_cli_ctx *ctx, return gss_mech_payload(NULL, msgsize, privacy); } +static int gss_cli_bulk_payload(struct ptlrpc_cli_ctx *ctx, + struct sptlrpc_flavor *flvr, + int reply, int read) +{ + int payload = sizeof(struct ptlrpc_bulk_sec_desc); + + LASSERT(SPTLRPC_FLVR_BULK_TYPE(flvr->sf_rpc) == SPTLRPC_BULK_DEFAULT); + + if ((!reply && !read) || (reply && read)) { + switch (SPTLRPC_FLVR_BULK_SVC(flvr->sf_rpc)) { + case SPTLRPC_BULK_SVC_NULL: + break; + case SPTLRPC_BULK_SVC_INTG: + payload += gss_cli_payload(ctx, 0, 0); + break; + case SPTLRPC_BULK_SVC_PRIV: + payload += gss_cli_payload(ctx, 0, 1); + break; + case SPTLRPC_BULK_SVC_AUTH: + default: + LBUG(); + } + } + + return payload; +} + int gss_cli_ctx_match(struct ptlrpc_cli_ctx *ctx, struct vfs_cred *vcred) { return (ctx->cc_vcred.vc_uid == vcred->vc_uid); @@ -627,14 +660,14 @@ int gss_cli_ctx_sign(struct ptlrpc_cli_ctx *ctx, if (req->rq_ctx_init) RETURN(0); - svc = RPC_FLVR_SVC(req->rq_flvr.sf_rpc); + svc = SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc); if (req->rq_pack_bulk) flags |= LUSTRE_GSS_PACK_BULK; if (req->rq_pack_udesc) flags |= LUSTRE_GSS_PACK_USER; redo: - seq = atomic_inc_return(&gctx->gc_seq); + seq = cfs_atomic_inc_return(&gctx->gc_seq); rc = gss_sign_msg(req->rq_reqbuf, gctx->gc_mechctx, ctx->cc_sec->ps_part, @@ -651,8 +684,8 @@ redo: * * Note: null mode dosen't check sequence number. */ if (svc != SPTLRPC_SVC_NULL && - atomic_read(&gctx->gc_seq) - seq > GSS_SEQ_REPACK_THRESHOLD) { - int behind = atomic_read(&gctx->gc_seq) - seq; + cfs_atomic_read(&gctx->gc_seq) - seq > GSS_SEQ_REPACK_THRESHOLD) { + int behind = cfs_atomic_read(&gctx->gc_seq) - seq; gss_stat_oos_record_cli(behind); CWARN("req %p: %u behind, retry signing\n", req, behind); @@ -735,7 +768,7 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, struct gss_header *ghdr, *reqhdr; struct lustre_msg *msg = req->rq_repdata; __u32 major; - int pack_bulk, early = 0, rc = 0; + int pack_bulk, swabbed, rc = 0; ENTRY; LASSERT(req->rq_cli_ctx == ctx); @@ -743,13 +776,9 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, gctx = container_of(ctx, struct gss_cli_ctx, gc_base); - if ((char *) msg < req->rq_repbuf || - (char *) msg >= req->rq_repbuf + req->rq_repbuf_len) - early = 1; - /* special case for context negotiation, rq_repmsg/rq_replen actually * are not used currently. but early reply always be treated normally */ - if (req->rq_ctx_init && !early) { + if (req->rq_ctx_init && !req->rq_early) { req->rq_repmsg = lustre_msg_buf(msg, 1, 0); req->rq_replen = msg->lm_buflens[1]; RETURN(0); @@ -760,7 +789,9 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, RETURN(-EPROTO); } - ghdr = gss_swab_header(msg, 0); + swabbed = ptlrpc_rep_need_swab(req); + + ghdr = gss_swab_header(msg, 0, swabbed); if (ghdr == NULL) { CERROR("can't decode gss header\n"); RETURN(-EPROTO); @@ -780,7 +811,7 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, case PTLRPC_GSS_PROC_DATA: pack_bulk = ghdr->gh_flags & LUSTRE_GSS_PACK_BULK; - if (!early && !equi(req->rq_pack_bulk == 1, pack_bulk)) { + if (!req->rq_early && !equi(req->rq_pack_bulk == 1, pack_bulk)){ CERROR("%s bulk flag in reply\n", req->rq_pack_bulk ? "missing" : "unexpected"); RETURN(-EPROTO); @@ -798,14 +829,16 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, RETURN(-EPROTO); } - if (lustre_msg_swabbed(msg)) + if (swabbed) gss_header_swabber(ghdr); major = gss_verify_msg(msg, gctx->gc_mechctx, reqhdr->gh_svc); - if (major != GSS_S_COMPLETE) + if (major != GSS_S_COMPLETE) { + CERROR("failed to verify reply: %x\n", major); RETURN(-EPERM); + } - if (early && reqhdr->gh_svc == SPTLRPC_SVC_NULL) { + if (req->rq_early && reqhdr->gh_svc == SPTLRPC_SVC_NULL) { __u32 cksum; cksum = crc32_le(!(__u32) 0, @@ -826,7 +859,7 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, RETURN(-EPROTO); } - rc = bulk_sec_desc_unpack(msg, 2); + rc = bulk_sec_desc_unpack(msg, 2, swabbed); if (rc) { CERROR("unpack bulk desc: %d\n", rc); RETURN(rc); @@ -837,7 +870,7 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, req->rq_replen = msg->lm_buflens[1]; break; case PTLRPC_GSS_PROC_ERR: - if (early) { + if (req->rq_early) { CERROR("server return error with early reply\n"); rc = -EPROTO; } else { @@ -884,7 +917,7 @@ int gss_cli_ctx_seal(struct ptlrpc_cli_ctx *ctx, LASSERT(req->rq_reqbuf != req->rq_clrbuf); LASSERT(req->rq_reqbuf_len >= wiresize); } else { - OBD_ALLOC(req->rq_reqbuf, wiresize); + OBD_ALLOC_LARGE(req->rq_reqbuf, wiresize); if (!req->rq_reqbuf) RETURN(-ENOMEM); req->rq_reqbuf_len = wiresize; @@ -908,7 +941,7 @@ int gss_cli_ctx_seal(struct ptlrpc_cli_ctx *ctx, ghdr->gh_flags |= LUSTRE_GSS_PACK_USER; redo: - ghdr->gh_seq = atomic_inc_return(&gctx->gc_seq); + ghdr->gh_seq = cfs_atomic_inc_return(&gctx->gc_seq); /* buffer objects */ hdrobj.len = PTLRPC_GSS_HEADER_SIZE; @@ -927,14 +960,14 @@ redo: LASSERT(token.len <= buflens[1]); /* see explain in gss_cli_ctx_sign() */ - if (unlikely(atomic_read(&gctx->gc_seq) - ghdr->gh_seq > + if (unlikely(cfs_atomic_read(&gctx->gc_seq) - ghdr->gh_seq > GSS_SEQ_REPACK_THRESHOLD)) { - int behind = atomic_read(&gctx->gc_seq) - ghdr->gh_seq; + int behind = cfs_atomic_read(&gctx->gc_seq) - ghdr->gh_seq; gss_stat_oos_record_cli(behind); CWARN("req %p: %u behind, retry sealing\n", req, behind); - ghdr->gh_seq = atomic_inc_return(&gctx->gc_seq); + ghdr->gh_seq = cfs_atomic_inc_return(&gctx->gc_seq); goto redo; } @@ -944,7 +977,7 @@ redo: err_free: if (!req->rq_pool) { - OBD_FREE(req->rq_reqbuf, req->rq_reqbuf_len); + OBD_FREE_LARGE(req->rq_reqbuf, req->rq_reqbuf_len); req->rq_reqbuf = NULL; req->rq_reqbuf_len = 0; } @@ -957,7 +990,7 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, struct gss_cli_ctx *gctx; struct gss_header *ghdr; struct lustre_msg *msg = req->rq_repdata; - int msglen, pack_bulk, early = 0, rc; + int msglen, pack_bulk, swabbed, rc; __u32 major; ENTRY; @@ -966,12 +999,9 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, LASSERT(msg); gctx = container_of(ctx, struct gss_cli_ctx, gc_base); + swabbed = ptlrpc_rep_need_swab(req); - if ((char *) msg < req->rq_repbuf || - (char *) msg >= req->rq_repbuf + req->rq_repbuf_len) - early = 1; - - ghdr = gss_swab_header(msg, 0); + ghdr = gss_swab_header(msg, 0, swabbed); if (ghdr == NULL) { CERROR("can't decode gss header\n"); RETURN(-EPROTO); @@ -988,13 +1018,13 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, case PTLRPC_GSS_PROC_DATA: pack_bulk = ghdr->gh_flags & LUSTRE_GSS_PACK_BULK; - if (!early && !equi(req->rq_pack_bulk == 1, pack_bulk)) { + if (!req->rq_early && !equi(req->rq_pack_bulk == 1, pack_bulk)){ CERROR("%s bulk flag in reply\n", req->rq_pack_bulk ? "missing" : "unexpected"); RETURN(-EPROTO); } - if (lustre_msg_swabbed(msg)) + if (swabbed) gss_header_swabber(ghdr); /* use rq_repdata_len as buffer size, which assume unseal @@ -1004,11 +1034,13 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, major = gss_unseal_msg(gctx->gc_mechctx, msg, &msglen, req->rq_repdata_len); if (major != GSS_S_COMPLETE) { + CERROR("failed to unwrap reply: %x\n", major); rc = -EPERM; break; } - if (lustre_unpack_msg(msg, msglen)) { + swabbed = __lustre_unpack_msg(msg, msglen); + if (swabbed < 0) { CERROR("Failed to unpack after decryption\n"); RETURN(-EPROTO); } @@ -1026,7 +1058,8 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, } /* bulk checksum is the last segment */ - if (bulk_sec_desc_unpack(msg, msg->lm_bufcount-1)) + if (bulk_sec_desc_unpack(msg, msg->lm_bufcount - 1, + swabbed)) RETURN(-EPROTO); } @@ -1036,7 +1069,12 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, rc = 0; break; case PTLRPC_GSS_PROC_ERR: - rc = gss_cli_ctx_handle_err_notify(ctx, req, ghdr); + if (req->rq_early) { + CERROR("server return error with early reply\n"); + rc = -EPROTO; + } else { + rc = gss_cli_ctx_handle_err_notify(ctx, req, ghdr); + } break; default: CERROR("unexpected proc %d\n", ghdr->gh_proc); @@ -1070,27 +1108,28 @@ int gss_sec_create_common(struct gss_sec *gsec, struct ptlrpc_sec *sec; LASSERT(imp); - LASSERT(RPC_FLVR_POLICY(sf->sf_rpc) == SPTLRPC_POLICY_GSS); + LASSERT(SPTLRPC_FLVR_POLICY(sf->sf_rpc) == SPTLRPC_POLICY_GSS); - gsec->gs_mech = lgss_subflavor_to_mech(RPC_FLVR_SUB(sf->sf_rpc)); + gsec->gs_mech = lgss_subflavor_to_mech( + SPTLRPC_FLVR_BASE_SUB(sf->sf_rpc)); if (!gsec->gs_mech) { CERROR("gss backend 0x%x not found\n", - RPC_FLVR_SUB(sf->sf_rpc)); + SPTLRPC_FLVR_BASE_SUB(sf->sf_rpc)); return -EOPNOTSUPP; } - spin_lock_init(&gsec->gs_lock); + spin_lock_init(&gsec->gs_lock); gsec->gs_rvs_hdl = 0ULL; /* initialize upper ptlrpc_sec */ sec = &gsec->gs_base; sec->ps_policy = policy; - atomic_set(&sec->ps_refcount, 0); - atomic_set(&sec->ps_nctx, 0); + cfs_atomic_set(&sec->ps_refcount, 0); + cfs_atomic_set(&sec->ps_nctx, 0); sec->ps_id = sptlrpc_get_next_secid(); sec->ps_flvr = *sf; sec->ps_import = class_import_get(imp); - sec->ps_lock = SPIN_LOCK_UNLOCKED; + spin_lock_init(&sec->ps_lock); CFS_INIT_LIST_HEAD(&sec->ps_gc_list); if (!svcctx) { @@ -1102,8 +1141,7 @@ int gss_sec_create_common(struct gss_sec *gsec, sec->ps_gc_interval = 0; } - if (sec->ps_flvr.sf_bulk_ciph != BULK_CIPH_ALG_NULL && - sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_BULK) + if (SPTLRPC_FLVR_BULK_SVC(sec->ps_flvr.sf_rpc) == SPTLRPC_BULK_SVC_PRIV) sptlrpc_enc_pool_add_user(); CDEBUG(D_SEC, "create %s%s@%p\n", (svcctx ? "reverse " : ""), @@ -1117,8 +1155,8 @@ void gss_sec_destroy_common(struct gss_sec *gsec) ENTRY; LASSERT(sec->ps_import); - LASSERT(atomic_read(&sec->ps_refcount) == 0); - LASSERT(atomic_read(&sec->ps_nctx) == 0); + LASSERT(cfs_atomic_read(&sec->ps_refcount) == 0); + LASSERT(cfs_atomic_read(&sec->ps_nctx) == 0); if (gsec->gs_mech) { lgss_mech_put(gsec->gs_mech); @@ -1127,8 +1165,7 @@ void gss_sec_destroy_common(struct gss_sec *gsec) class_import_put(sec->ps_import); - if (sec->ps_flvr.sf_bulk_ciph != BULK_CIPH_ALG_NULL && - sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_BULK) + if (SPTLRPC_FLVR_BULK_SVC(sec->ps_flvr.sf_rpc) == SPTLRPC_BULK_SVC_PRIV) sptlrpc_enc_pool_del_user(); EXIT; @@ -1147,23 +1184,23 @@ int gss_cli_ctx_init_common(struct ptlrpc_sec *sec, struct gss_cli_ctx *gctx = ctx2gctx(ctx); gctx->gc_win = 0; - atomic_set(&gctx->gc_seq, 0); + cfs_atomic_set(&gctx->gc_seq, 0); CFS_INIT_HLIST_NODE(&ctx->cc_cache); - atomic_set(&ctx->cc_refcount, 0); + cfs_atomic_set(&ctx->cc_refcount, 0); ctx->cc_sec = sec; ctx->cc_ops = ctxops; ctx->cc_expire = 0; ctx->cc_flags = PTLRPC_CTX_NEW; ctx->cc_vcred = *vcred; - spin_lock_init(&ctx->cc_lock); + spin_lock_init(&ctx->cc_lock); CFS_INIT_LIST_HEAD(&ctx->cc_req_list); CFS_INIT_LIST_HEAD(&ctx->cc_gc_chain); /* take a ref on belonging sec, balanced in ctx destroying */ - atomic_inc(&sec->ps_refcount); + cfs_atomic_inc(&sec->ps_refcount); /* statistic only */ - atomic_inc(&sec->ps_nctx); + cfs_atomic_inc(&sec->ps_nctx); CDEBUG(D_SEC, "%s@%p: create ctx %p(%u->%s)\n", sec->ps_policy->sp_name, ctx->cc_sec, @@ -1181,21 +1218,30 @@ int gss_cli_ctx_fini_common(struct ptlrpc_sec *sec, { struct gss_cli_ctx *gctx = ctx2gctx(ctx); - LASSERT(atomic_read(&sec->ps_nctx) > 0); - LASSERT(atomic_read(&ctx->cc_refcount) == 0); + LASSERT(cfs_atomic_read(&sec->ps_nctx) > 0); + LASSERT(cfs_atomic_read(&ctx->cc_refcount) == 0); LASSERT(ctx->cc_sec == sec); + /* + * remove UPTODATE flag of reverse ctx thus we won't send fini rpc, + * this is to avoid potential problems of client side reverse svc ctx + * be mis-destroyed in various recovery senarios. anyway client can + * manage its reverse ctx well by associating it with its buddy ctx. + */ + if (sec_is_reverse(sec)) + ctx->cc_flags &= ~PTLRPC_CTX_UPTODATE; + if (gctx->gc_mechctx) { /* the final context fini rpc will use this ctx too, and it's * asynchronous which finished by request_out_callback(). so * we add refcount, whoever drop finally drop the refcount to * 0 should responsible for the rest of destroy. */ - atomic_inc(&ctx->cc_refcount); + cfs_atomic_inc(&ctx->cc_refcount); gss_do_ctx_fini_rpc(gctx); gss_cli_ctx_finalize(gctx); - if (!atomic_dec_and_test(&ctx->cc_refcount)) + if (!cfs_atomic_dec_and_test(&ctx->cc_refcount)) return 1; } @@ -1250,9 +1296,9 @@ int gss_alloc_reqbuf_intg(struct ptlrpc_sec *sec, } if (req->rq_pack_bulk) { - buflens[bufcnt] = bulk_sec_desc_size( - req->rq_flvr.sf_bulk_hash, 1, - req->rq_bulk_read); + buflens[bufcnt] = gss_cli_bulk_payload(req->rq_cli_ctx, + &req->rq_flvr, + 0, req->rq_bulk_read); if (svc == SPTLRPC_SVC_INTG) txtsize += buflens[bufcnt]; bufcnt++; @@ -1268,7 +1314,7 @@ int gss_alloc_reqbuf_intg(struct ptlrpc_sec *sec, if (!req->rq_reqbuf) { bufsize = size_roundup_power2(bufsize); - OBD_ALLOC(req->rq_reqbuf, bufsize); + OBD_ALLOC_LARGE(req->rq_reqbuf, bufsize); if (!req->rq_reqbuf) RETURN(-ENOMEM); @@ -1316,9 +1362,9 @@ int gss_alloc_reqbuf_priv(struct ptlrpc_sec *sec, if (req->rq_pack_udesc) ibuflens[ibufcnt++] = sptlrpc_current_user_desc_size(); if (req->rq_pack_bulk) - ibuflens[ibufcnt++] = bulk_sec_desc_size( - req->rq_flvr.sf_bulk_hash, 1, - req->rq_bulk_read); + ibuflens[ibufcnt++] = gss_cli_bulk_payload(req->rq_cli_ctx, + &req->rq_flvr, 0, + req->rq_bulk_read); clearsize = lustre_msg_size_v2(ibufcnt, ibuflens); /* to allow append padding during encryption */ @@ -1355,7 +1401,7 @@ int gss_alloc_reqbuf_priv(struct ptlrpc_sec *sec, if (!req->rq_clrbuf) { clearsize = size_roundup_power2(clearsize); - OBD_ALLOC(req->rq_clrbuf, clearsize); + OBD_ALLOC_LARGE(req->rq_clrbuf, clearsize); if (!req->rq_clrbuf) RETURN(-ENOMEM); } @@ -1378,7 +1424,7 @@ int gss_alloc_reqbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req, int msgsize) { - int svc = RPC_FLVR_SVC(req->rq_flvr.sf_rpc); + int svc = SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc); LASSERT(!req->rq_pack_bulk || (req->rq_bulk_read || req->rq_bulk_write)); @@ -1403,7 +1449,7 @@ void gss_free_reqbuf(struct ptlrpc_sec *sec, ENTRY; LASSERT(!req->rq_pool || req->rq_reqbuf); - privacy = RPC_FLVR_SVC(req->rq_flvr.sf_rpc) == SPTLRPC_SVC_PRIV; + privacy = SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc) == SPTLRPC_SVC_PRIV; if (!req->rq_clrbuf) goto release_reqbuf; @@ -1412,13 +1458,12 @@ void gss_free_reqbuf(struct ptlrpc_sec *sec, LASSERT(privacy); LASSERT(req->rq_clrbuf_len); - if (req->rq_pool && - req->rq_clrbuf >= req->rq_reqbuf && - (char *) req->rq_clrbuf < + if (req->rq_pool == NULL || + req->rq_clrbuf < req->rq_reqbuf || + (char *) req->rq_clrbuf >= (char *) req->rq_reqbuf + req->rq_reqbuf_len) - goto release_reqbuf; + OBD_FREE_LARGE(req->rq_clrbuf, req->rq_clrbuf_len); - OBD_FREE(req->rq_clrbuf, req->rq_clrbuf_len); req->rq_clrbuf = NULL; req->rq_clrbuf_len = 0; @@ -1426,13 +1471,11 @@ release_reqbuf: if (!req->rq_pool && req->rq_reqbuf) { LASSERT(req->rq_reqbuf_len); - OBD_FREE(req->rq_reqbuf, req->rq_reqbuf_len); + OBD_FREE_LARGE(req->rq_reqbuf, req->rq_reqbuf_len); req->rq_reqbuf = NULL; req->rq_reqbuf_len = 0; } - req->rq_reqmsg = NULL; - EXIT; } @@ -1440,7 +1483,7 @@ static int do_alloc_repbuf(struct ptlrpc_request *req, int bufsize) { bufsize = size_roundup_power2(bufsize); - OBD_ALLOC(req->rq_repbuf, bufsize); + OBD_ALLOC_LARGE(req->rq_repbuf, bufsize); if (!req->rq_repbuf) return -ENOMEM; @@ -1480,9 +1523,9 @@ int gss_alloc_repbuf_intg(struct ptlrpc_sec *sec, txtsize += buflens[1]; if (req->rq_pack_bulk) { - buflens[bufcnt] = bulk_sec_desc_size( - req->rq_flvr.sf_bulk_hash, 0, - req->rq_bulk_read); + buflens[bufcnt] = gss_cli_bulk_payload(req->rq_cli_ctx, + &req->rq_flvr, + 1, req->rq_bulk_read); if (svc == SPTLRPC_SVC_INTG) txtsize += buflens[bufcnt]; bufcnt++; @@ -1516,9 +1559,9 @@ int gss_alloc_repbuf_priv(struct ptlrpc_sec *sec, buflens[0] = msgsize; if (req->rq_pack_bulk) - buflens[bufcnt++] = bulk_sec_desc_size( - req->rq_flvr.sf_bulk_hash, 0, - req->rq_bulk_read); + buflens[bufcnt++] = gss_cli_bulk_payload(req->rq_cli_ctx, + &req->rq_flvr, + 1, req->rq_bulk_read); txtsize = lustre_msg_size_v2(bufcnt, buflens); txtsize += GSS_MAX_CIPHER_BLOCK; @@ -1538,7 +1581,7 @@ int gss_alloc_repbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req, int msgsize) { - int svc = RPC_FLVR_SVC(req->rq_flvr.sf_rpc); + int svc = SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc); ENTRY; LASSERT(!req->rq_pack_bulk || @@ -1560,11 +1603,11 @@ int gss_alloc_repbuf(struct ptlrpc_sec *sec, void gss_free_repbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req) { - OBD_FREE(req->rq_repbuf, req->rq_repbuf_len); + OBD_FREE_LARGE(req->rq_repbuf, req->rq_repbuf_len); req->rq_repbuf = NULL; req->rq_repbuf_len = 0; - - req->rq_repmsg = NULL; + req->rq_repdata = NULL; + req->rq_repdata_len = 0; } static int get_enlarged_msgsize(struct lustre_msg *msg, @@ -1656,13 +1699,13 @@ int gss_enlarge_reqbuf_intg(struct ptlrpc_sec *sec, if (req->rq_reqbuf_len < newbuf_size) { newbuf_size = size_roundup_power2(newbuf_size); - OBD_ALLOC(newbuf, newbuf_size); + OBD_ALLOC_LARGE(newbuf, newbuf_size); if (newbuf == NULL) RETURN(-ENOMEM); memcpy(newbuf, req->rq_reqbuf, req->rq_reqbuf_len); - OBD_FREE(req->rq_reqbuf, req->rq_reqbuf_len); + OBD_FREE_LARGE(req->rq_reqbuf, req->rq_reqbuf_len); req->rq_reqbuf = newbuf; req->rq_reqbuf_len = newbuf_size; req->rq_reqmsg = lustre_msg_buf(req->rq_reqbuf, 1, 0); @@ -1745,7 +1788,7 @@ int gss_enlarge_reqbuf_priv(struct ptlrpc_sec *sec, if (req->rq_clrbuf_len < newclrbuf_size) { newclrbuf_size = size_roundup_power2(newclrbuf_size); - OBD_ALLOC(newclrbuf, newclrbuf_size); + OBD_ALLOC_LARGE(newclrbuf, newclrbuf_size); if (newclrbuf == NULL) RETURN(-ENOMEM); @@ -1755,7 +1798,7 @@ int gss_enlarge_reqbuf_priv(struct ptlrpc_sec *sec, req->rq_clrbuf < req->rq_reqbuf || (char *) req->rq_clrbuf >= (char *) req->rq_reqbuf + req->rq_reqbuf_len) { - OBD_FREE(req->rq_clrbuf, req->rq_clrbuf_len); + OBD_FREE_LARGE(req->rq_clrbuf, req->rq_clrbuf_len); } req->rq_clrbuf = newclrbuf; @@ -1774,7 +1817,7 @@ int gss_enlarge_reqbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req, int segment, int newsize) { - int svc = RPC_FLVR_SVC(req->rq_flvr.sf_rpc); + int svc = SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc); LASSERT(!req->rq_ctx_init && !req->rq_ctx_fini); @@ -1831,16 +1874,16 @@ void gss_svc_reqctx_free(struct gss_svc_reqctx *grctx) static inline void gss_svc_reqctx_addref(struct gss_svc_reqctx *grctx) { - LASSERT(atomic_read(&grctx->src_base.sc_refcount) > 0); - atomic_inc(&grctx->src_base.sc_refcount); + LASSERT(cfs_atomic_read(&grctx->src_base.sc_refcount) > 0); + cfs_atomic_inc(&grctx->src_base.sc_refcount); } static inline void gss_svc_reqctx_decref(struct gss_svc_reqctx *grctx) { - LASSERT(atomic_read(&grctx->src_base.sc_refcount) > 0); + LASSERT(cfs_atomic_read(&grctx->src_base.sc_refcount) > 0); - if (atomic_dec_and_test(&grctx->src_base.sc_refcount)) + if (cfs_atomic_dec_and_test(&grctx->src_base.sc_refcount)) gss_svc_reqctx_free(grctx); } @@ -1872,7 +1915,10 @@ int gss_svc_sign(struct ptlrpc_request *req, rs->rs_repdata_len = rc; if (likely(req->rq_packed_final)) { - req->rq_reply_off = gss_at_reply_off_integ; + if (lustre_msghdr_get_flags(req->rq_reqmsg) & MSGHDR_AT_SUPPORT) + req->rq_reply_off = gss_at_reply_off_integ; + else + req->rq_reply_off = 0; } else { if (svc == SPTLRPC_SVC_NULL) rs->rs_repbuf->lm_cksum = crc32_le(!(__u32) 0, @@ -1935,7 +1981,7 @@ int gss_svc_handle_init(struct ptlrpc_request *req, rawobj_t uuid_obj, rvs_hdl, in_token; __u32 lustre_svc; __u32 *secdata, seclen; - int rc; + int swabbed, rc; ENTRY; CDEBUG(D_SEC, "processing gss init(%d) request from %s\n", gw->gw_proc, @@ -1959,6 +2005,8 @@ int gss_svc_handle_init(struct ptlrpc_request *req, RETURN(SECSVC_DROP); } + swabbed = ptlrpc_req_need_swab(req); + /* ctx initiate payload is in last segment */ secdata = lustre_msg_buf(reqbuf, reqbuf->lm_bufcount - 1, 0); seclen = reqbuf->lm_buflens[reqbuf->lm_bufcount - 1]; @@ -2006,10 +2054,12 @@ int gss_svc_handle_init(struct ptlrpc_request *req, if (rc != SECSVC_OK) RETURN(rc); - if (grctx->src_ctx->gsc_usr_mds || grctx->src_ctx->gsc_usr_root) + if (grctx->src_ctx->gsc_usr_mds || grctx->src_ctx->gsc_usr_oss || + grctx->src_ctx->gsc_usr_root) CWARN("create svc ctx %p: user from %s authenticated as %s\n", grctx->src_ctx, libcfs_nid2str(req->rq_peer.nid), - grctx->src_ctx->gsc_usr_mds ? "mds" : "root"); + grctx->src_ctx->gsc_usr_mds ? "mds" : + (grctx->src_ctx->gsc_usr_oss ? "oss" : "root")); else CWARN("create svc ctx %p: accept user %u from %s\n", grctx->src_ctx, grctx->src_ctx->gsc_uid, @@ -2020,7 +2070,7 @@ int gss_svc_handle_init(struct ptlrpc_request *req, CERROR("missing user descriptor\n"); RETURN(SECSVC_DROP); } - if (sptlrpc_unpack_user_desc(reqbuf, 2)) { + if (sptlrpc_unpack_user_desc(reqbuf, 2, swabbed)) { CERROR("Mal-formed user descriptor\n"); RETURN(SECSVC_DROP); } @@ -2047,6 +2097,7 @@ int gss_svc_verify_request(struct ptlrpc_request *req, struct gss_svc_ctx *gctx = grctx->src_ctx; struct lustre_msg *msg = req->rq_reqbuf; int offset = 2; + int swabbed; ENTRY; *major = GSS_S_COMPLETE; @@ -2066,8 +2117,10 @@ int gss_svc_verify_request(struct ptlrpc_request *req, } *major = gss_verify_msg(msg, gctx->gsc_mechctx, gw->gw_svc); - if (*major != GSS_S_COMPLETE) + if (*major != GSS_S_COMPLETE) { + CERROR("failed to verify request: %x\n", *major); RETURN(-EACCES); + } if (gctx->gsc_reverse == 0 && gss_check_seq_num(&gctx->gsc_seqdata, gw->gw_seq, 1)) { @@ -2077,6 +2130,8 @@ int gss_svc_verify_request(struct ptlrpc_request *req, } verified: + swabbed = ptlrpc_req_need_swab(req); + /* user descriptor */ if (gw->gw_flags & LUSTRE_GSS_PACK_USER) { if (msg->lm_bufcount < (offset + 1)) { @@ -2084,7 +2139,7 @@ verified: RETURN(-EINVAL); } - if (sptlrpc_unpack_user_desc(msg, offset)) { + if (sptlrpc_unpack_user_desc(msg, offset, swabbed)) { CERROR("Mal-formed user descriptor\n"); RETURN(-EINVAL); } @@ -2094,14 +2149,14 @@ verified: offset++; } - /* check bulk cksum data */ + /* check bulk_sec_desc data */ if (gw->gw_flags & LUSTRE_GSS_PACK_BULK) { if (msg->lm_bufcount < (offset + 1)) { - CERROR("no bulk checksum included\n"); + CERROR("missing bulk sec descriptor\n"); RETURN(-EINVAL); } - if (bulk_sec_desc_unpack(msg, offset)) + if (bulk_sec_desc_unpack(msg, offset, swabbed)) RETURN(-EINVAL); req->rq_pack_bulk = 1; @@ -2122,7 +2177,7 @@ int gss_svc_unseal_request(struct ptlrpc_request *req, { struct gss_svc_ctx *gctx = grctx->src_ctx; struct lustre_msg *msg = req->rq_reqbuf; - int msglen, offset = 1; + int swabbed, msglen, offset = 1; ENTRY; if (gss_check_seq_num(&gctx->gsc_seqdata, gw->gw_seq, 0)) { @@ -2133,8 +2188,10 @@ int gss_svc_unseal_request(struct ptlrpc_request *req, *major = gss_unseal_msg(gctx->gsc_mechctx, msg, &msglen, req->rq_reqdata_len); - if (*major != GSS_S_COMPLETE) + if (*major != GSS_S_COMPLETE) { + CERROR("failed to unwrap request: %x\n", *major); RETURN(-EACCES); + } if (gss_check_seq_num(&gctx->gsc_seqdata, gw->gw_seq, 1)) { CERROR("phase 1+: discard replayed req: seq %u\n", gw->gw_seq); @@ -2142,7 +2199,8 @@ int gss_svc_unseal_request(struct ptlrpc_request *req, RETURN(-EACCES); } - if (lustre_unpack_msg(msg, msglen)) { + swabbed = __lustre_unpack_msg(msg, msglen); + if (swabbed < 0) { CERROR("Failed to unpack after decryption\n"); RETURN(-EINVAL); } @@ -2159,7 +2217,7 @@ int gss_svc_unseal_request(struct ptlrpc_request *req, RETURN(-EINVAL); } - if (sptlrpc_unpack_user_desc(msg, offset)) { + if (sptlrpc_unpack_user_desc(msg, offset, swabbed)) { CERROR("Mal-formed user descriptor\n"); RETURN(-EINVAL); } @@ -2175,7 +2233,7 @@ int gss_svc_unseal_request(struct ptlrpc_request *req, RETURN(-EINVAL); } - if (bulk_sec_desc_unpack(msg, offset)) + if (bulk_sec_desc_unpack(msg, offset, swabbed)) RETURN(-EINVAL); req->rq_pack_bulk = 1; @@ -2270,7 +2328,8 @@ int gss_svc_handle_destroy(struct ptlrpc_request *req, CERROR("missing user descriptor, ignore it\n"); RETURN(SECSVC_OK); } - if (sptlrpc_unpack_user_desc(req->rq_reqbuf, 2)) { + if (sptlrpc_unpack_user_desc(req->rq_reqbuf, 2, + ptlrpc_req_need_swab(req))) { CERROR("Mal-formed user descriptor, ignore it\n"); RETURN(SECSVC_OK); } @@ -2287,7 +2346,7 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) struct gss_header *ghdr; struct gss_svc_reqctx *grctx; struct gss_wire_ctx *gw; - int rc; + int swabbed, rc; ENTRY; LASSERT(req->rq_reqbuf); @@ -2298,7 +2357,9 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) RETURN(SECSVC_DROP); } - ghdr = gss_swab_header(req->rq_reqbuf, 0); + swabbed = ptlrpc_req_need_swab(req); + + ghdr = gss_swab_header(req->rq_reqbuf, 0, swabbed); if (ghdr == NULL) { CERROR("can't decode gss header\n"); RETURN(SECSVC_DROP); @@ -2319,7 +2380,7 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) RETURN(SECSVC_DROP); grctx->src_base.sc_policy = sptlrpc_policy_get(policy); - atomic_set(&grctx->src_base.sc_refcount, 1); + cfs_atomic_set(&grctx->src_base.sc_refcount, 1); req->rq_svc_ctx = &grctx->src_base; gw = &grctx->src_wirectx; @@ -2331,7 +2392,7 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) rawobj_from_netobj(&gw->gw_handle, &ghdr->gh_handle); /* keep original wire header which subject to checksum verification */ - if (lustre_msg_swabbed(req->rq_reqbuf)) + if (swabbed) gss_header_swabber(ghdr); switch(ghdr->gh_proc) { @@ -2358,6 +2419,7 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) req->rq_auth_gss = 1; req->rq_auth_remote = grctx->src_ctx->gsc_remote; req->rq_auth_usr_mdt = grctx->src_ctx->gsc_usr_mds; + req->rq_auth_usr_ost = grctx->src_ctx->gsc_usr_oss; req->rq_auth_usr_root = grctx->src_ctx->gsc_usr_root; req->rq_auth_uid = grctx->src_ctx->gsc_uid; req->rq_auth_mapped_uid = grctx->src_ctx->gsc_mapped_uid; @@ -2405,6 +2467,31 @@ int gss_svc_payload(struct gss_svc_reqctx *grctx, int early, return gss_mech_payload(NULL, msgsize, privacy); } +static int gss_svc_bulk_payload(struct gss_svc_ctx *gctx, + struct sptlrpc_flavor *flvr, + int read) +{ + int payload = sizeof(struct ptlrpc_bulk_sec_desc); + + if (read) { + switch (SPTLRPC_FLVR_BULK_SVC(flvr->sf_rpc)) { + case SPTLRPC_BULK_SVC_NULL: + break; + case SPTLRPC_BULK_SVC_INTG: + payload += gss_mech_payload(NULL, 0, 0); + break; + case SPTLRPC_BULK_SVC_PRIV: + payload += gss_mech_payload(NULL, 0, 1); + break; + case SPTLRPC_BULK_SVC_AUTH: + default: + LBUG(); + } + } + + return payload; +} + int gss_svc_alloc_rs(struct ptlrpc_request *req, int msglen) { struct gss_svc_reqctx *grctx; @@ -2422,7 +2509,7 @@ int gss_svc_alloc_rs(struct ptlrpc_request *req, int msglen) RETURN(-EPROTO); } - svc = RPC_FLVR_SVC(req->rq_flvr.sf_rpc); + svc = SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc); early = (req->rq_packed_final == 0); grctx = gss_svc_ctx2reqctx(req->rq_svc_ctx); @@ -2440,9 +2527,10 @@ int gss_svc_alloc_rs(struct ptlrpc_request *req, int msglen) LASSERT(grctx->src_reqbsd); bsd_off = ibufcnt; - ibuflens[ibufcnt++] = bulk_sec_desc_size( - grctx->src_reqbsd->bsd_hash_alg, - 0, req->rq_bulk_read); + ibuflens[ibufcnt++] = gss_svc_bulk_payload( + grctx->src_ctx, + &req->rq_flvr, + req->rq_bulk_read); } txtsize = lustre_msg_size_v2(ibufcnt, ibuflens); @@ -2465,9 +2553,10 @@ int gss_svc_alloc_rs(struct ptlrpc_request *req, int msglen) LASSERT(grctx->src_reqbsd); bsd_off = bufcnt; - buflens[bufcnt] = bulk_sec_desc_size( - grctx->src_reqbsd->bsd_hash_alg, - 0, req->rq_bulk_read); + buflens[bufcnt] = gss_svc_bulk_payload( + grctx->src_ctx, + &req->rq_flvr, + req->rq_bulk_read); if (svc == SPTLRPC_SVC_INTG) txtsize += buflens[bufcnt]; bufcnt++; @@ -2488,7 +2577,7 @@ int gss_svc_alloc_rs(struct ptlrpc_request *req, int msglen) /* pre-allocated */ LASSERT(rs->rs_size >= rs_size); } else { - OBD_ALLOC(rs, rs_size); + OBD_ALLOC_LARGE(rs, rs_size); if (rs == NULL) RETURN(-ENOMEM); @@ -2560,7 +2649,7 @@ static int gss_svc_seal(struct ptlrpc_request *req, /* allocate temporary cipher buffer */ token_buflen = gss_mech_payload(gctx->gsc_mechctx, msglen, 1); - OBD_ALLOC(token_buf, token_buflen); + OBD_ALLOC_LARGE(token_buf, token_buflen); if (token_buf == NULL) RETURN(-ENOMEM); @@ -2604,7 +2693,8 @@ static int gss_svc_seal(struct ptlrpc_request *req, memcpy(lustre_msg_buf(rs->rs_repbuf, 1, 0), token.data, token.len); /* reply offset */ - if (likely(req->rq_packed_final)) + if (req->rq_packed_final && + (lustre_msghdr_get_flags(req->rq_reqmsg) & MSGHDR_AT_SUPPORT)) req->rq_reply_off = gss_at_reply_off_priv; else req->rq_reply_off = 0; @@ -2616,7 +2706,7 @@ static int gss_svc_seal(struct ptlrpc_request *req, rc = 0; out_free: - OBD_FREE(token_buf, token_buflen); + OBD_FREE_LARGE(token_buf, token_buflen); RETURN(rc); } @@ -2677,12 +2767,12 @@ void gss_svc_free_rs(struct ptlrpc_reply_state *rs) rs->rs_svc_ctx = NULL; if (!rs->rs_prealloc) - OBD_FREE(rs, rs->rs_size); + OBD_FREE_LARGE(rs, rs->rs_size); } void gss_svc_free_ctx(struct ptlrpc_svc_ctx *ctx) { - LASSERT(atomic_read(&ctx->sc_refcount) == 0); + LASSERT(cfs_atomic_read(&ctx->sc_refcount) == 0); gss_svc_reqctx_free(gss_svc_ctx2reqctx(ctx)); } @@ -2708,7 +2798,7 @@ int gss_copy_rvc_cli_ctx(struct ptlrpc_cli_ctx *cli_ctx, * each reverse root ctx will record its latest sequence number on its * buddy svcctx before be destroied, so here we continue use it. */ - atomic_set(&cli_gctx->gc_seq, svc_gctx->gsc_rvs_seq); + cfs_atomic_set(&cli_gctx->gc_seq, svc_gctx->gsc_rvs_seq); if (gss_svc_upcall_dup_handle(&cli_gctx->gc_svc_handle, svc_gctx)) { CERROR("failed to dup svc handle\n"); @@ -2784,21 +2874,16 @@ int __init sptlrpc_gss_init(void) if (rc) goto out_kerberos; -#ifdef HAVE_GSS_PIPEFS rc = gss_init_pipefs(); if (rc) goto out_keyring; -#endif gss_init_at_reply_offset(); return 0; -#ifdef HAVE_GSS_PIPEFS out_keyring: gss_exit_keyring(); -#endif - out_kerberos: cleanup_kerberos_module(); out_svc_upcall: @@ -2813,9 +2898,7 @@ out_lproc: static void __exit sptlrpc_gss_exit(void) { gss_exit_keyring(); -#ifdef HAVE_GSS_PIPEFS gss_exit_pipefs(); -#endif cleanup_kerberos_module(); gss_exit_svc_upcall(); gss_exit_cli_upcall();