From ea9532fb731bbfe041010e2224219479c2c0d71b Mon Sep 17 00:00:00 2001 From: Shaun Tancheff Date: Sat, 6 May 2023 21:11:27 -0500 Subject: [PATCH] LU-16667 build: kernel_cap_t contains u64 linux kernel v6.2-13111-gf122a08b197d capability: just use a 'u64' instead of a 'u32[2]' array Add configure test for kernel_cap_t as u64 and provide and accessor for the least significant 32 bits. As of linux commit v3.6-10973-g607ca46e97a1 lustre implicitly started to ignore some capabilities, see: include/uapi/linux/capability.h The last capability flag was added by: linux commit v5.8-rc5-1-g124ea650d307 The capabilities the Lustre currently ignores are: - CAP_MAC_OVERRIDE - CAP_MAC_ADMIN - CAP_SYSLOG - CAP_WAKE_ALARM - CAP_BLOCK_SUSPEND - CAP_AUDIT_READ - CAP_PERFMON - CAP_BPF - CAP_CHECKPOINT_RESTORE None of which appear to be important to Lustre operations and should be fine to continue ignore. Test-Parameters: trivial HPE-bug-id: LUS-11557 Signed-off-by: Shaun Tancheff Change-Id: I48ad7b1a34fff378c260dc73ea91b22aaa0d7469 Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/50421 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Andreas Dilger Reviewed-by: Jian Yu Reviewed-by: Oleg Drokin --- lustre/autoconf/lustre-core.m4 | 29 ++++++++++++++ lustre/include/lustre_compat.h | 12 ++++++ lustre/mdc/mdc_lib.c | 16 ++++---- lustre/mdc/mdc_reint.c | 2 +- lustre/mdc/mdc_request.c | 2 +- lustre/mdt/mdt_lib.c | 86 ++++++++++++++++++++--------------------- lustre/ptlrpc/ptlrpc_internal.h | 2 +- lustre/ptlrpc/sec.c | 2 +- 8 files changed, 96 insertions(+), 55 deletions(-) diff --git a/lustre/autoconf/lustre-core.m4 b/lustre/autoconf/lustre-core.m4 index 9057da9..b546649 100644 --- a/lustre/autoconf/lustre-core.m4 +++ b/lustre/autoconf/lustre-core.m4 @@ -3768,6 +3768,29 @@ AC_DEFUN([LC_HAVE_ACL_WITH_DENTRY], [ ]) # LC_HAVE_ACL_WITH_DENTRY # +# LC_HAVE_U64_CAPABILITY +# +# linux kernel v6.2-13111-gf122a08b197d +# capability: just use a 'u64' instead of a 'u32[2]' array +# +AC_DEFUN([LC_SRC_HAVE_U64_CAPABILITY], [ + LB2_LINUX_TEST_SRC([kernel_cap_t_has_u64_value], [ + #include + #include + ],[ + kernel_cap_t cap __attribute__ ((unused)); + cap.val = 0xffffffffffffffffull; + ],[-Werror]) +]) +AC_DEFUN([LC_HAVE_U64_CAPABILITY], [ + AC_MSG_CHECKING([if 'kernel_cap_t' has u64 val]) + LB2_LINUX_TEST_RESULT([kernel_cap_t_has_u64_value], [ + AC_DEFINE(HAVE_U64_CAPABILITY, 1, + ['kernel_cap_t' has u64 val]) + ]) +]) # LC_HAVE_U64_CAPABILITY + +# # LC_PROG_LINUX # # Lustre linux kernel checks @@ -4012,6 +4035,9 @@ AC_DEFUN([LC_PROG_LINUX_SRC], [ LC_SRC_HAVE_GET_RANDOM_U32_BELOW LC_SRC_HAVE_ACL_WITH_DENTRY + # 6.3 + LC_SRC_HAVE_U64_CAPABILITY + # kernel patch to extend integrity interface LC_SRC_BIO_INTEGRITY_PREP_FN ]) @@ -4272,6 +4298,9 @@ AC_DEFUN([LC_PROG_LINUX_RESULTS], [ LC_HAVE_GET_RANDOM_U32_BELOW LC_HAVE_ACL_WITH_DENTRY + # 6.3 + LC_HAVE_U64_CAPABILITY + # kernel patch to extend integrity interface LC_BIO_INTEGRITY_PREP_FN ]) diff --git a/lustre/include/lustre_compat.h b/lustre/include/lustre_compat.h index 38a3b94..4051aac 100644 --- a/lustre/include/lustre_compat.h +++ b/lustre/include/lustre_compat.h @@ -200,6 +200,18 @@ static inline void truncate_inode_pages_final(struct address_space *map) } #endif +#ifdef HAVE_U64_CAPABILITY +#define ll_capability_u32(kcap) \ + ((kcap).val & 0xFFFFFFFF) +#define ll_set_capability_u32(kcap, val32) \ + ((kcap)->val = ((kcap)->val & 0xffffffff00000000ull) | (val32)) +#else +#define ll_capability_u32(kcap) \ + ((kcap).cap[0]) +#define ll_set_capability_u32(kcap, val32) \ + ((kcap)->cap[0] = val32) +#endif + #ifndef HAVE_PTR_ERR_OR_ZERO static inline int __must_check PTR_ERR_OR_ZERO(__force const void *ptr) { diff --git a/lustre/mdc/mdc_lib.c b/lustre/mdc/mdc_lib.c index 39dbd21..78c81ff 100644 --- a/lustre/mdc/mdc_lib.c +++ b/lustre/mdc/mdc_lib.c @@ -54,7 +54,7 @@ static void __mdc_pack_body(struct mdt_body *b, __u32 suppgid) b->mbo_gid = from_kgid(&init_user_ns, current_gid()); b->mbo_fsuid = from_kuid(&init_user_ns, current_fsuid()); b->mbo_fsgid = from_kgid(&init_user_ns, current_fsgid()); - b->mbo_capability = current_cap().cap[0]; + b->mbo_capability = ll_capability_u32(current_cap()); } void mdc_swap_layouts_pack(struct req_capsule *pill, @@ -208,7 +208,7 @@ void mdc_create_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->cr_opcode = REINT_CREATE; rec->cr_fsuid = uid; rec->cr_fsgid = gid; - rec->cr_cap = cap_effective.cap[0]; + rec->cr_cap = ll_capability_u32(cap_effective); rec->cr_fid1 = op_data->op_fid1; rec->cr_fid2 = op_data->op_fid2; rec->cr_mode = mode; @@ -302,7 +302,7 @@ void mdc_open_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->cr_opcode = REINT_OPEN; rec->cr_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->cr_fsgid = from_kgid(&init_user_ns, current_fsgid()); - rec->cr_cap = current_cap().cap[0]; + rec->cr_cap = ll_capability_u32(current_cap()); rec->cr_mode = mode; cr_flags = mds_pack_open_flags(flags); rec->cr_rdev = rdev; @@ -404,7 +404,7 @@ static void mdc_setattr_pack_rec(struct mdt_rec_setattr *rec, rec->sa_opcode = REINT_SETATTR; rec->sa_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->sa_fsgid = from_kgid(&init_user_ns, current_fsgid()); - rec->sa_cap = current_cap().cap[0]; + rec->sa_cap = ll_capability_u32(current_cap()); rec->sa_suppgid = -1; rec->sa_fid = op_data->op_fid1; @@ -478,7 +478,7 @@ void mdc_unlink_pack(struct req_capsule *pill, struct md_op_data *op_data) REINT_RMENTRY : REINT_UNLINK; rec->ul_fsuid = op_data->op_fsuid; rec->ul_fsgid = op_data->op_fsgid; - rec->ul_cap = op_data->op_cap.cap[0]; + rec->ul_cap = ll_capability_u32(op_data->op_cap); rec->ul_mode = op_data->op_mode; rec->ul_suppgid1 = op_data->op_suppgids[0]; rec->ul_suppgid2 = -1; @@ -505,7 +505,7 @@ void mdc_link_pack(struct req_capsule *pill, struct md_op_data *op_data) rec->lk_opcode = REINT_LINK; rec->lk_fsuid = op_data->op_fsuid; /* current->fsuid; */ rec->lk_fsgid = op_data->op_fsgid; /* current->fsgid; */ - rec->lk_cap = op_data->op_cap.cap[0]; /* current->cap_effective; */ + rec->lk_cap = ll_capability_u32(op_data->op_cap); rec->lk_suppgid1 = op_data->op_suppgids[0]; rec->lk_suppgid2 = op_data->op_suppgids[1]; rec->lk_fid1 = op_data->op_fid1; @@ -578,7 +578,7 @@ void mdc_rename_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->rn_opcode = REINT_RENAME; rec->rn_fsuid = op_data->op_fsuid; rec->rn_fsgid = op_data->op_fsgid; - rec->rn_cap = op_data->op_cap.cap[0]; + rec->rn_cap = ll_capability_u32(op_data->op_cap); rec->rn_suppgid1 = op_data->op_suppgids[0]; rec->rn_suppgid2 = op_data->op_suppgids[1]; rec->rn_fid1 = op_data->op_fid1; @@ -609,7 +609,7 @@ void mdc_migrate_pack(struct req_capsule *pill, struct md_op_data *op_data, rec->rn_opcode = REINT_MIGRATE; rec->rn_fsuid = op_data->op_fsuid; rec->rn_fsgid = op_data->op_fsgid; - rec->rn_cap = op_data->op_cap.cap[0]; + rec->rn_cap = ll_capability_u32(op_data->op_cap); rec->rn_suppgid1 = op_data->op_suppgids[0]; rec->rn_suppgid2 = op_data->op_suppgids[1]; rec->rn_fid1 = op_data->op_fid1; diff --git a/lustre/mdc/mdc_reint.c b/lustre/mdc/mdc_reint.c index 4d76294..b1d4ee4 100644 --- a/lustre/mdc/mdc_reint.c +++ b/lustre/mdc/mdc_reint.c @@ -514,7 +514,7 @@ int mdc_file_resync(struct obd_export *exp, struct md_op_data *op_data) rec->rs_opcode = REINT_RESYNC; rec->rs_fsuid = op_data->op_fsuid; rec->rs_fsgid = op_data->op_fsgid; - rec->rs_cap = op_data->op_cap.cap[0]; + rec->rs_cap = ll_capability_u32(op_data->op_cap); rec->rs_fid = op_data->op_fid1; rec->rs_bias = op_data->op_bias; rec->rs_mirror_id = op_data->op_mirror_id; diff --git a/lustre/mdc/mdc_request.c b/lustre/mdc/mdc_request.c index e44fd5a..3c6fd6a 100644 --- a/lustre/mdc/mdc_request.c +++ b/lustre/mdc/mdc_request.c @@ -420,7 +420,7 @@ static int mdc_xattr_common(struct obd_export *exp,const struct req_format *fmt, rec->sx_opcode = REINT_SETXATTR; rec->sx_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->sx_fsgid = from_kgid(&init_user_ns, current_fsgid()); - rec->sx_cap = current_cap().cap[0]; + rec->sx_cap = ll_capability_u32(current_cap()); rec->sx_suppgid1 = suppgid; rec->sx_suppgid2 = -1; rec->sx_fid = *fid; diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c index 7b0d2bc..47a338e 100644 --- a/lustre/mdt/mdt_lib.c +++ b/lustre/mdt/mdt_lib.c @@ -115,8 +115,8 @@ static int mdt_root_squash(struct mdt_thread_info *info, } CDEBUG(D_OTHER, "squash req from %s, (%d:%d/%x)=>(%d:%d/%x)\n", - libcfs_nidstr(peernid), - ucred->uc_fsuid, ucred->uc_fsgid, ucred->uc_cap.cap[0], + libcfs_nidstr(peernid), ucred->uc_fsuid, ucred->uc_fsgid, + (u32)ll_capability_u32(ucred->uc_cap), squash->rsi_uid, squash->rsi_gid, 0); ucred->uc_fsuid = squash->rsi_uid; @@ -341,7 +341,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, ucred->uc_cap = CAP_EMPTY_SET; if (!nodemap || ucred->uc_o_uid != nodemap->nm_squash_uid) - ucred->uc_cap.cap[0] = pud->pud_cap; + ll_set_capability_u32(&ucred->uc_cap, pud->pud_cap); ucred->uc_fsuid = pud->pud_fsuid; ucred->uc_fsgid = pud->pud_fsgid; @@ -564,7 +564,7 @@ static int old_init_ucred(struct mdt_thread_info *info, uc->uc_suppgids[1] = -1; uc->uc_ginfo = NULL; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = body->mbo_capability; + ll_set_capability_u32(&uc->uc_cap, body->mbo_capability); rc = old_init_ucred_common(info, nodemap); nodemap_putref(nodemap); @@ -1160,11 +1160,11 @@ static int mdt_setattr_unpack_rec(struct mdt_thread_info *info) uc->uc_fsuid = rec->sa_fsuid; uc->uc_fsgid = rec->sa_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->sa_cap; + ll_set_capability_u32(&uc->uc_cap, rec->sa_cap); uc->uc_suppgids[0] = rec->sa_suppgid; uc->uc_suppgids[1] = -1; - rr->rr_fid1 = &rec->sa_fid; + rr->rr_fid1 = &rec->sa_fid; la->la_valid = mdt_attr_valid_xlate(rec->sa_valid, rr, ma); la->la_mode = rec->sa_mode; la->la_flags = rec->sa_attr_flags; @@ -1323,7 +1323,7 @@ static int mdt_create_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->cr_fsuid; uc->uc_fsgid = rec->cr_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->cr_cap; + ll_set_capability_u32(&uc->uc_cap, rec->cr_cap); uc->uc_suppgids[0] = rec->cr_suppgid1; uc->uc_suppgids[1] = -1; uc->uc_umask = rec->cr_umask; @@ -1426,17 +1426,17 @@ static int mdt_link_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->lk_fsuid; uc->uc_fsgid = rec->lk_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->lk_cap; + ll_set_capability_u32(&uc->uc_cap, rec->lk_cap); uc->uc_suppgids[0] = rec->lk_suppgid1; uc->uc_suppgids[1] = rec->lk_suppgid2; - attr->la_uid = rec->lk_fsuid; - attr->la_gid = rec->lk_fsgid; - rr->rr_fid1 = &rec->lk_fid1; - rr->rr_fid2 = &rec->lk_fid2; - attr->la_ctime = rec->lk_time; - attr->la_mtime = rec->lk_time; - attr->la_valid = LA_UID | LA_GID | LA_CTIME | LA_MTIME; + attr->la_uid = rec->lk_fsuid; + attr->la_gid = rec->lk_fsgid; + rr->rr_fid1 = &rec->lk_fid1; + rr->rr_fid2 = &rec->lk_fid2; + attr->la_ctime = rec->lk_time; + attr->la_mtime = rec->lk_time; + attr->la_valid = LA_UID | LA_GID | LA_CTIME | LA_MTIME; rc = mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, 0); if (rc < 0) @@ -1471,7 +1471,7 @@ static int mdt_unlink_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->ul_fsuid; uc->uc_fsgid = rec->ul_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->ul_cap; + ll_set_capability_u32(&uc->uc_cap, rec->ul_cap); uc->uc_suppgids[0] = rec->ul_suppgid1; uc->uc_suppgids[1] = -1; @@ -1529,7 +1529,7 @@ static int mdt_rename_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->rn_fsuid; uc->uc_fsgid = rec->rn_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->rn_cap; + ll_set_capability_u32(&uc->uc_cap, rec->rn_cap); uc->uc_suppgids[0] = rec->rn_suppgid1; uc->uc_suppgids[1] = rec->rn_suppgid2; @@ -1583,7 +1583,7 @@ static int mdt_migrate_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->rn_fsuid; uc->uc_fsgid = rec->rn_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->rn_cap; + ll_set_capability_u32(&uc->uc_cap, rec->rn_cap); uc->uc_suppgids[0] = rec->rn_suppgid1; uc->uc_suppgids[1] = rec->rn_suppgid2; @@ -1685,7 +1685,7 @@ static int mdt_open_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->cr_fsuid; uc->uc_fsgid = rec->cr_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->cr_cap; + ll_set_capability_u32(&uc->uc_cap, rec->cr_cap); uc->uc_suppgids[0] = rec->cr_suppgid1; uc->uc_suppgids[1] = rec->cr_suppgid2; uc->uc_umask = rec->cr_umask; @@ -1775,40 +1775,40 @@ static int mdt_setxattr_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->sx_fsuid; uc->uc_fsgid = rec->sx_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->sx_cap; + ll_set_capability_u32(&uc->uc_cap, rec->sx_cap); uc->uc_suppgids[0] = rec->sx_suppgid1; uc->uc_suppgids[1] = -1; - rr->rr_opcode = rec->sx_opcode; - rr->rr_fid1 = &rec->sx_fid; - attr->la_valid = rec->sx_valid; - attr->la_ctime = rec->sx_time; - attr->la_size = rec->sx_size; - attr->la_flags = rec->sx_flags; + rr->rr_opcode = rec->sx_opcode; + rr->rr_fid1 = &rec->sx_fid; + attr->la_valid = rec->sx_valid; + attr->la_ctime = rec->sx_time; + attr->la_size = rec->sx_size; + attr->la_flags = rec->sx_flags; rc = mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, 0); if (rc < 0) RETURN(rc); - if (req_capsule_field_present(pill, &RMF_EADATA, RCL_CLIENT)) { - rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA, - RCL_CLIENT); + if (req_capsule_field_present(pill, &RMF_EADATA, RCL_CLIENT)) { + rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA, + RCL_CLIENT); if (rr->rr_eadatalen > info->mti_mdt->mdt_max_ea_size) RETURN(-E2BIG); - if (rr->rr_eadatalen > 0) { - rr->rr_eadata = req_capsule_client_get(pill, - &RMF_EADATA); - if (rr->rr_eadata == NULL) - RETURN(-EFAULT); - } else { - rr->rr_eadata = NULL; - } - } else if (!(attr->la_valid & OBD_MD_FLXATTRRM)) { - CDEBUG(D_INFO, "no xattr data supplied\n"); - RETURN(-EFAULT); - } + if (rr->rr_eadatalen > 0) { + rr->rr_eadata = req_capsule_client_get(pill, + &RMF_EADATA); + if (rr->rr_eadata == NULL) + RETURN(-EFAULT); + } else { + rr->rr_eadata = NULL; + } + } else if (!(attr->la_valid & OBD_MD_FLXATTRRM)) { + CDEBUG(D_INFO, "no xattr data supplied\n"); + RETURN(-EFAULT); + } rc = req_check_sepol(pill); if (rc) @@ -1817,7 +1817,7 @@ static int mdt_setxattr_unpack(struct mdt_thread_info *info) if (mdt_dlmreq_unpack(info) < 0) RETURN(-EPROTO); - RETURN(0); + RETURN(0); } static int mdt_resync_unpack(struct mdt_thread_info *info) @@ -1837,7 +1837,7 @@ static int mdt_resync_unpack(struct mdt_thread_info *info) uc->uc_fsuid = rec->rs_fsuid; uc->uc_fsgid = rec->rs_fsgid; uc->uc_cap = CAP_EMPTY_SET; - uc->uc_cap.cap[0] = rec->rs_cap; + ll_set_capability_u32(&uc->uc_cap, rec->rs_cap); rr->rr_fid1 = &rec->rs_fid; rr->rr_mirror_id = rec->rs_mirror_id; diff --git a/lustre/ptlrpc/ptlrpc_internal.h b/lustre/ptlrpc/ptlrpc_internal.h index d85a79b..4d68dca 100644 --- a/lustre/ptlrpc/ptlrpc_internal.h +++ b/lustre/ptlrpc/ptlrpc_internal.h @@ -415,7 +415,7 @@ static inline void do_pack_body(struct ptlrpc_request *req) b->mbo_gid = from_kgid(&init_user_ns, current_gid()); b->mbo_fsuid = from_kuid(&init_user_ns, current_fsuid()); b->mbo_fsgid = from_kgid(&init_user_ns, current_fsgid()); - b->mbo_capability = current_cap().cap[0]; + b->mbo_capability = ll_capability_u32(current_cap()); } #endif /* PTLRPC_INTERNAL_H */ diff --git a/lustre/ptlrpc/sec.c b/lustre/ptlrpc/sec.c index 38dc598..101a472 100644 --- a/lustre/ptlrpc/sec.c +++ b/lustre/ptlrpc/sec.c @@ -2609,7 +2609,7 @@ int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset) pud->pud_gid = from_kgid(&init_user_ns, current_gid()); pud->pud_fsuid = from_kuid(&init_user_ns, current_fsuid()); pud->pud_fsgid = from_kgid(&init_user_ns, current_fsgid()); - pud->pud_cap = current_cap().cap[0]; + pud->pud_cap = ll_capability_u32(current_cap()); pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4; task_lock(current); -- 1.8.3.1