From 3d0b1b0200542f845ceb00c7d2be9a85fcf19388 Mon Sep 17 00:00:00 2001 From: Mr NeilBrown Date: Thu, 19 May 2022 11:45:19 +1000 Subject: [PATCH] LU-10391 lustre: change cfs_match_nid to take large nid. large nid now used more places. Signed-off-by: Mr NeilBrown Change-Id: I181ab0345a4bf2f9bb5c4b27eafb794968e8ef7e Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/50098 Tested-by: jenkins Tested-by: Maloo Reviewed-by: James Simmons Reviewed-by: Frank Sehr Reviewed-by: Serguei Smirnov Reviewed-by: Cyril Bordage Reviewed-by: Oleg Drokin --- libcfs/libcfs/util/nidstrings.c | 13 +++--- lnet/include/uapi/linux/lnet/nidstr.h | 2 +- lnet/lnet/nidstrings.c | 13 +++--- lustre/llite/llite_lib.c | 2 +- lustre/mdt/mdt_identity.c | 10 +++-- lustre/mdt/mdt_internal.h | 2 +- lustre/mdt/mdt_lib.c | 76 ++++++++++++++++++----------------- lustre/ptlrpc/nrs_tbf.c | 10 ++++- 8 files changed, 73 insertions(+), 55 deletions(-) diff --git a/libcfs/libcfs/util/nidstrings.c b/libcfs/libcfs/util/nidstrings.c index e7539cf..88f668a 100644 --- a/libcfs/libcfs/util/nidstrings.c +++ b/libcfs/libcfs/util/nidstrings.c @@ -1396,21 +1396,24 @@ cfs_parse_nidlist(char *str, int len, struct list_head *nidlist) * \retval 1 on match * \retval 0 otherwises */ -int cfs_match_nid(lnet_nid_t nid, struct list_head *nidlist) +int cfs_match_nid(struct lnet_nid *nid, struct list_head *nidlist) { struct nidrange *nr; struct addrrange *ar; + if (!nid_is_nid4(nid)) + return 0; list_for_each_entry(nr, nidlist, nr_link) { - if (nr->nr_netstrfns->nf_type != LNET_NETTYP(LNET_NIDNET(nid))) + if (nr->nr_netstrfns->nf_type != nid->nid_type) continue; - if (nr->nr_netnum != LNET_NETNUM(LNET_NIDNET(nid))) + if (nr->nr_netnum != __be16_to_cpu(nid->nid_num)) continue; if (nr->nr_all) return 1; list_for_each_entry(ar, &nr->nr_addrranges, ar_link) - if (nr->nr_netstrfns->nf_match_addr(LNET_NIDADDR(nid), - &ar->ar_numaddr_ranges)) + if (nr->nr_netstrfns->nf_match_addr( + __be32_to_cpu(nid->nid_addr[0]), + &ar->ar_numaddr_ranges)) return 1; } return 0; diff --git a/lnet/include/uapi/linux/lnet/nidstr.h b/lnet/include/uapi/linux/lnet/nidstr.h index 9b494cc..17ff37a 100644 --- a/lnet/include/uapi/linux/lnet/nidstr.h +++ b/lnet/include/uapi/linux/lnet/nidstr.h @@ -105,7 +105,7 @@ char *libcfs_id2str(struct lnet_process_id id); void cfs_free_nidlist(struct list_head *list); int cfs_parse_nidlist(char *str, int len, struct list_head *list); int cfs_print_nidlist(char *buffer, int count, struct list_head *list); -int cfs_match_nid(lnet_nid_t nid, struct list_head *list); +int cfs_match_nid(struct lnet_nid *nid, struct list_head *list); int cfs_match_net(__u32 net_id, __u32 net_type, struct list_head *net_num_list); diff --git a/lnet/lnet/nidstrings.c b/lnet/lnet/nidstrings.c index fa21dd1..09839d9 100644 --- a/lnet/lnet/nidstrings.c +++ b/lnet/lnet/nidstrings.c @@ -358,21 +358,24 @@ EXPORT_SYMBOL(cfs_parse_nidlist); * \retval 1 on match * \retval 0 otherwises */ -int cfs_match_nid(lnet_nid_t nid, struct list_head *nidlist) +int cfs_match_nid(struct lnet_nid *nid, struct list_head *nidlist) { struct nidrange *nr; struct addrrange *ar; + if (!nid_is_nid4(nid)) + return 0; list_for_each_entry(nr, nidlist, nr_link) { - if (nr->nr_netstrfns->nf_type != LNET_NETTYP(LNET_NIDNET(nid))) + if (nr->nr_netstrfns->nf_type != nid->nid_type) continue; - if (nr->nr_netnum != LNET_NETNUM(LNET_NIDNET(nid))) + if (nr->nr_netnum != be16_to_cpu(nid->nid_num)) continue; if (nr->nr_all) return 1; list_for_each_entry(ar, &nr->nr_addrranges, ar_link) - if (nr->nr_netstrfns->nf_match_addr(LNET_NIDADDR(nid), - &ar->ar_numaddr_ranges)) + if (nr->nr_netstrfns->nf_match_addr( + be32_to_cpu(nid->nid_addr[0]), + &ar->ar_numaddr_ranges)) return 1; } return 0; diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c index 492a93f..9b0c2ff 100644 --- a/lustre/llite/llite_lib.c +++ b/lustre/llite/llite_lib.c @@ -3866,7 +3866,7 @@ void ll_compute_rootsquash_state(struct ll_sb_info *sbi) while (LNetGetId(i++, &id) != -ENOENT) { if (nid_is_lo0(&id.nid)) continue; - if (cfs_match_nid(lnet_nid_to_nid4(&id.nid), + if (cfs_match_nid(&id.nid, &squash->rsi_nosquash_nids)) { matched = true; break; diff --git a/lustre/mdt/mdt_identity.c b/lustre/mdt/mdt_identity.c index 8729299..d8de61a 100644 --- a/lustre/mdt/mdt_identity.c +++ b/lustre/mdt/mdt_identity.c @@ -230,25 +230,29 @@ void mdt_flush_identity(struct upcall_cache *cache, int uid) * If there is LNET_NID_ANY in perm[i].mp_nid, * it must be perm[0].mp_nid, and act as default perm. */ -__u32 mdt_identity_get_perm(struct md_identity *identity, lnet_nid_t nid) +__u32 mdt_identity_get_perm(struct md_identity *identity, struct lnet_nid *nid) { struct md_perm *perm; + lnet_nid_t nid4; int i; if (!identity) return CFS_SETGRP_PERM; + if (!nid_is_nid4(nid)) + return CFS_SETGRP_PERM; + nid4 = lnet_nid_to_nid4(nid); perm = identity->mi_perms; /* check exactly matched nid first */ for (i = identity->mi_nperms - 1; i > 0; i--) { - if (perm[i].mp_nid != nid) + if (perm[i].mp_nid != nid4) continue; return perm[i].mp_perm; } /* check LNET_NID_ANY then */ if ((identity->mi_nperms > 0) && - ((perm[0].mp_nid == nid) || (perm[0].mp_nid == LNET_NID_ANY))) + ((perm[0].mp_nid == nid4) || (perm[0].mp_nid == LNET_NID_ANY))) return perm[0].mp_perm; /* return default last */ diff --git a/lustre/mdt/mdt_internal.h b/lustre/mdt/mdt_internal.h index bf95893..8301cbe2 100644 --- a/lustre/mdt/mdt_internal.h +++ b/lustre/mdt/mdt_internal.h @@ -1042,7 +1042,7 @@ void mdt_identity_put(struct upcall_cache *, struct md_identity *); void mdt_flush_identity(struct upcall_cache *, int); -__u32 mdt_identity_get_perm(struct md_identity *, lnet_nid_t); +__u32 mdt_identity_get_perm(struct md_identity *identity, struct lnet_nid *nid); /* mdt/mdt_recovery.c */ __u64 mdt_req_from_lrd(struct ptlrpc_request *req, struct tg_reply_data *trd); diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c index 4201b4d..a239410 100644 --- a/lustre/mdt/mdt_lib.c +++ b/lustre/mdt/mdt_lib.c @@ -84,7 +84,7 @@ void mdt_exit_ucred(struct mdt_thread_info *info) static int match_nosquash_list(struct spinlock *rsi_lock, struct list_head *nidlist, - lnet_nid_t peernid) + struct lnet_nid *peernid) { int rc; ENTRY; @@ -95,7 +95,8 @@ static int match_nosquash_list(struct spinlock *rsi_lock, } /* root_squash for inter-MDS operations */ -static int mdt_root_squash(struct mdt_thread_info *info, lnet_nid_t peernid) +static int mdt_root_squash(struct mdt_thread_info *info, + struct lnet_nid *peernid) { struct lu_ucred *ucred = mdt_ucred(info); struct root_squash_info *squash = &info->mti_mdt->mdt_squash; @@ -109,12 +110,12 @@ static int mdt_root_squash(struct mdt_thread_info *info, lnet_nid_t peernid) &squash->rsi_nosquash_nids, peernid)) { CDEBUG(D_OTHER, "%s is in nosquash_nids list\n", - libcfs_nid2str(peernid)); + libcfs_nidstr(peernid)); RETURN(0); } CDEBUG(D_OTHER, "squash req from %s, (%d:%d/%x)=>(%d:%d/%x)\n", - libcfs_nid2str(peernid), + libcfs_nidstr(peernid), ucred->uc_fsuid, ucred->uc_fsgid, ucred->uc_cap.cap[0], squash->rsi_uid, squash->rsi_gid, 0); @@ -195,7 +196,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, struct ptlrpc_user_desc *pud = req->rq_user_desc; struct lu_ucred *ucred = mdt_ucred(info); struct lu_nodemap *nodemap; - lnet_nid_t peernid = lnet_nid_to_nid4(&req->rq_peer.nid); + struct lnet_nid peernid = req->rq_peer.nid; __u32 perm = 0; int setuid; int setgid; @@ -256,7 +257,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, req->rq_auth_uid != pud->pud_uid) { CDEBUG(D_SEC, "local client %s: auth uid %u " "while client claims %u:%u/%u:%u\n", - libcfs_nid2str(peernid), req->rq_auth_uid, + libcfs_nidstr(&peernid), req->rq_auth_uid, pud->pud_uid, pud->pud_gid, pud->pud_fsuid, pud->pud_fsgid); RETURN(-EACCES); @@ -284,7 +285,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, } else { ucred->uc_identity = identity; perm = mdt_identity_get_perm(ucred->uc_identity, - peernid); + &peernid); } } @@ -297,7 +298,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, /* check permission of setuid */ if (setuid && !(perm & CFS_SETUID_PERM)) { CDEBUG(D_SEC, "mdt blocked setuid attempt (%u -> %u) from %s\n", - pud->pud_uid, pud->pud_fsuid, libcfs_nid2str(peernid)); + pud->pud_uid, pud->pud_fsuid, libcfs_nidstr(&peernid)); GOTO(out, rc = -EACCES); } @@ -306,7 +307,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, CDEBUG(D_SEC, "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) " "from %s\n", pud->pud_uid, pud->pud_gid, pud->pud_fsuid, pud->pud_fsgid, - ucred->uc_identity->mi_gid, libcfs_nid2str(peernid)); + ucred->uc_identity->mi_gid, libcfs_nidstr(&peernid)); GOTO(out, rc = -EACCES); } @@ -346,7 +347,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, ucred->uc_fsgid = pud->pud_fsgid; /* process root_squash here. */ - mdt_root_squash(info, peernid); + mdt_root_squash(info, &peernid); ucred->uc_valid = UCRED_NEW; ucred_set_jobid(info, ucred); @@ -398,7 +399,7 @@ bool allow_client_chgrp(struct mdt_thread_info *info, struct lu_ucred *uc) /* 3. Check the permission in the identities. */ perm = mdt_identity_get_perm( uc->uc_identity, - lnet_nid_to_nid4(&mdt_info_req(info)->rq_peer.nid)); + &mdt_info_req(info)->rq_peer.nid); if (perm & CFS_SETGRP_PERM) return true; @@ -412,7 +413,7 @@ int mdt_check_ucred(struct mdt_thread_info *info) struct ptlrpc_user_desc *pud = req->rq_user_desc; struct lu_ucred *ucred = mdt_ucred(info); struct md_identity *identity = NULL; - lnet_nid_t peernid = lnet_nid_to_nid4(&req->rq_peer.nid); + struct lnet_nid peernid = req->rq_peer.nid; __u32 perm = 0; int setuid; int setgid; @@ -433,7 +434,7 @@ int mdt_check_ucred(struct mdt_thread_info *info) req->rq_auth_uid != pud->pud_uid) { CDEBUG(D_SEC, "local client %s: auth uid %u " "while client claims %u:%u/%u:%u\n", - libcfs_nid2str(peernid), req->rq_auth_uid, + libcfs_nidstr(&peernid), req->rq_auth_uid, pud->pud_uid, pud->pud_gid, pud->pud_fsuid, pud->pud_fsgid); RETURN(-EACCES); @@ -453,33 +454,34 @@ int mdt_check_ucred(struct mdt_thread_info *info) } } - perm = mdt_identity_get_perm(identity, peernid); - /* find out the setuid/setgid attempt */ - setuid = (pud->pud_uid != pud->pud_fsuid); - setgid = (pud->pud_gid != pud->pud_fsgid || - pud->pud_gid != identity->mi_gid); - - /* check permission of setuid */ - if (setuid && !(perm & CFS_SETUID_PERM)) { - CDEBUG(D_SEC, "mdt blocked setuid attempt (%u -> %u) from %s\n", - pud->pud_uid, pud->pud_fsuid, libcfs_nid2str(peernid)); - GOTO(out, rc = -EACCES); - } + perm = mdt_identity_get_perm(identity, &peernid); + /* find out the setuid/setgid attempt */ + setuid = (pud->pud_uid != pud->pud_fsuid); + setgid = (pud->pud_gid != pud->pud_fsgid || + pud->pud_gid != identity->mi_gid); - /* check permission of setgid */ - if (setgid && !(perm & CFS_SETGID_PERM)) { - CDEBUG(D_SEC, "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) " - "from %s\n", pud->pud_uid, pud->pud_gid, - pud->pud_fsuid, pud->pud_fsgid, identity->mi_gid, - libcfs_nid2str(peernid)); - GOTO(out, rc = -EACCES); - } + /* check permission of setuid */ + if (setuid && !(perm & CFS_SETUID_PERM)) { + CDEBUG(D_SEC, "mdt blocked setuid attempt (%u -> %u) from %s\n", + pud->pud_uid, pud->pud_fsuid, libcfs_nidstr(&peernid)); + GOTO(out, rc = -EACCES); + } - EXIT; + /* check permission of setgid */ + if (setgid && !(perm & CFS_SETGID_PERM)) { + CDEBUG(D_SEC, + "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) from %s\n", + pud->pud_uid, pud->pud_gid, + pud->pud_fsuid, pud->pud_fsgid, identity->mi_gid, + libcfs_nidstr(&peernid)); + GOTO(out, rc = -EACCES); + } + + EXIT; out: - mdt_identity_put(mdt->mdt_identity_cache, identity); - return rc; + mdt_identity_put(mdt->mdt_identity_cache, identity); + return rc; } static int old_init_ucred_common(struct mdt_thread_info *info, @@ -518,7 +520,7 @@ static int old_init_ucred_common(struct mdt_thread_info *info, /* process root_squash here. */ mdt_root_squash(info, - lnet_nid_to_nid4(&mdt_info_req(info)->rq_peer.nid)); + &mdt_info_req(info)->rq_peer.nid); uc->uc_valid = UCRED_OLD; ucred_set_jobid(info, uc); diff --git a/lustre/ptlrpc/nrs_tbf.c b/lustre/ptlrpc/nrs_tbf.c index 023931a..a135e84 100644 --- a/lustre/ptlrpc/nrs_tbf.c +++ b/lustre/ptlrpc/nrs_tbf.c @@ -1217,7 +1217,10 @@ static int nrs_tbf_nid_rule_match(struct nrs_tbf_rule *rule, struct nrs_tbf_client *cli) { - return cfs_match_nid(cli->tc_nid, &rule->tr_nids); + struct lnet_nid nid; + + lnet_nid4_to_nid(cli->tc_nid, &nid); + return cfs_match_nid(&nid, &rule->tr_nids); } static void nrs_tbf_nid_rule_fini(struct nrs_tbf_rule *rule) @@ -1981,9 +1984,12 @@ nrs_tbf_expression_match(struct nrs_tbf_expression *expr, struct nrs_tbf_rule *rule, struct nrs_tbf_client *cli) { + struct lnet_nid nid; + switch (expr->te_field) { case NRS_TBF_FIELD_NID: - return cfs_match_nid(cli->tc_nid, &expr->te_cond); + lnet_nid4_to_nid(cli->tc_nid, &nid); + return cfs_match_nid(&nid, &expr->te_cond); case NRS_TBF_FIELD_JOBID: return nrs_tbf_jobid_list_match(&expr->te_cond, cli->tc_jobid); case NRS_TBF_FIELD_OPCODE: -- 1.8.3.1