1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (C) 2004, 2005 Cluster File Systems, Inc.
6 * This file is part of Lustre, http://www.lustre.org.
8 * Lustre is free software; you can redistribute it and/or
9 * modify it under the terms of version 2 of the GNU General Public
10 * License as published by the Free Software Foundation.
12 * Lustre is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with Lustre; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #define DEBUG_SUBSYSTEM S_LLITE
25 #include <linux/types.h>
26 #include <linux/version.h>
27 #include <asm/uaccess.h>
28 #include <linux/file.h>
29 #include <linux/kmod.h>
30 #include <linux/posix_acl.h>
31 #include <linux/xattr_acl.h>
33 #include <linux/lustre_acl.h>
34 #include <linux/lustre_lite.h>
35 #include <linux/lustre_gs.h>
36 #include "llite_internal.h"
38 int ll_gs_intent_init(struct lookup_intent *it)
40 struct lustre_intent_data *lustre_data;
42 LASSERT(it->d.fs_data != NULL);
43 lustre_data = (struct lustre_intent_data *)it->d.fs_data;
44 /*set lustre key size when there is gss server
45 *or other configuration*/
46 lustre_data->it_key = NULL;
47 lustre_data->it_key_size = 0;
51 static int ll_get_acl_key(struct inode *inode, struct posix_acl **acl,
52 struct lustre_key **lkey)
54 struct lookup_intent it = { .it_op = IT_GETATTR };
55 struct dentry de = { .d_inode = inode };
56 struct ll_sb_info *sbi;
58 struct ptlrpc_request *req = NULL;
59 struct ll_inode_info *lli = ll_i2info(inode);
63 if (lli->lli_posix_acl && lli->lli_key_info) {
64 /*If they are in the local cache, just fetch them*/
65 spin_lock(&lli->lli_lock);
66 *acl = posix_acl_dup(lli->lli_posix_acl);
67 *lkey = lustre_key_get(lli->lli_key_info);
68 spin_unlock(&lli->lli_lock);
71 sbi = ll_i2sbi(inode);
72 ll_inode2id(&id, inode);
74 if (ll_intent_alloc(&it))
77 rc = md_intent_lock(sbi->ll_md_exp, &id, NULL, 0, NULL, 0, &id,
78 &it, 0, &req, ll_mdc_blocking_ast);
84 rc = revalidate_it_finish(req, 1, &it, &de);
86 ll_intent_release(&it);
90 ll_lookup_finish_locks(&it, &de);
93 spin_lock(&lli->lli_lock);
94 *acl = posix_acl_dup(lli->lli_posix_acl);
95 *lkey = lustre_key_get(lli->lli_key_info);
96 spin_unlock(&lli->lli_lock);
99 ptlrpc_req_finished(req);
103 static int ll_init_key_perm(struct key_perm *kperm, struct posix_acl *acl,
104 __u32 uid, __u32 gid, int mode)
107 kperm->kp_acl_count = acl->a_count;
108 memcpy(kperm->kp_acls, acl->a_entries,
109 acl->a_count * sizeof(struct posix_acl_entry));
111 kperm->kp_mode = mode;
117 static int ll_init_key_context(struct key_context *pkc, __u32 uid,
118 __u32 gid, struct crypto_key *ck,
119 struct posix_acl *acl, int mode,
120 int command, int valid)
122 struct key_perm *kperm;
125 pkc->kc_command = command;
126 pkc->kc_valid = valid;
129 memcpy(&pkc->kc_ck, ck, sizeof(*ck));
131 kperm = &pkc->kc_perm;
133 ll_init_key_perm(kperm, acl, uid, gid, mode);
136 static int ll_get_default_acl(struct inode *inode, struct posix_acl **acl,
139 int rc = 0, buf_size, ea_size;
143 if (!S_ISDIR(inode->i_mode))
146 buf_size = xattr_acl_size(LL_ACL_MAX_ENTRIES);
147 OBD_ALLOC(buf, buf_size);
151 ea_size = ll_getxattr_internal(inode, XATTR_NAME_ACL_DEFAULT,
152 buf, buf_size, OBD_MD_FLXATTR);
154 if (ea_size < 0 && ea_size != -ENODATA)
155 CERROR("get default acl of ino %lu error rc %d \n",
156 inode->i_ino, ea_size);
159 *acl = posix_acl_from_xattr(buf, ea_size);
162 CERROR("convert xattr to acl failed: %d\n", rc);
165 rc = posix_acl_valid(*acl);
167 CERROR("acl valid error: %d\n", rc);
168 posix_acl_release(*acl);
173 rc = posix_acl_create_masq(*acl, &mode);
176 OBD_FREE(buf, buf_size);
180 int ll_gks_create_key(struct inode *dir, mode_t mode, void **key,
183 struct obd_export *gs_exp = ll_i2gsexp(dir);
184 struct key_context *kcontext = NULL;
185 struct key_parms kparms;
186 struct posix_acl *default_acl = NULL;
190 OBD_ALLOC(kcontext, sizeof(struct key_context));
192 GOTO(out, rc = -ENOMEM);
194 rc = ll_get_default_acl(dir, &default_acl, mode);
198 ll_init_key_context(kcontext, current->fsuid, current->fsgid,
199 NULL, default_acl, mode, GKS_GET_KEY, 0);
201 kparms.context = kcontext;
202 kparms.context_size = sizeof(struct key_context);
205 *key_size = sizeof(struct crypto_key);
206 OBD_ALLOC(*key, *key_size);
208 GOTO(out, rc = -ENOMEM);
210 /*GET an encrypt key from GS server*/
211 rc = obd_get_info(gs_exp, sizeof(struct key_parms), (void *)&kparms,
214 CERROR("get key error rc %d \n", rc);
217 CDEBUG(D_INFO, "Get enkey %s MAC %s from exp %p \n",
218 (char*)((struct crypto_key *)(*key))->ck_key,
219 (char*)((struct crypto_key *)(*key))->ck_mac,
223 OBD_FREE(kcontext, sizeof(struct key_context));
225 posix_acl_release(default_acl);
230 int ll_gks_init_it(struct inode *parent, struct lookup_intent *it)
232 struct obd_export *gs_exp = ll_i2gsexp(parent);
233 struct lustre_intent_data *lustre_data;
234 mode_t mode = (it->it_create_mode | S_IFREG) & (~current->fs->umask);
236 int key_size = 0, rc = 0;
242 ll_gs_intent_init(it);
243 if (!(it->it_op & IT_CREAT))
246 LASSERT(it->d.fs_data != NULL);
247 lustre_data = (struct lustre_intent_data *)it->d.fs_data;
249 if (lustre_data->it_key) {
250 LASSERT(lustre_data->it_key_size ==
251 sizeof(struct crypto_key));
252 OBD_FREE(lustre_data->it_key, sizeof(struct crypto_key));
255 rc = ll_gks_create_key(parent, mode, &key, &key_size);
259 lustre_data->it_key = key;
260 lustre_data->it_key_size = key_size;
264 OBD_FREE(key, key_size);
269 int ll_gks_decrypt_key(struct inode *inode, struct lookup_intent *it)
271 struct obd_export *gs_exp = ll_i2gsexp(inode);
272 struct ll_inode_info *lli = ll_i2info(inode);
273 struct key_context *kcontext = NULL;
274 struct key_perm *kperm = NULL;
275 struct key_parms kparms;
276 struct lustre_key *lkey = NULL;
277 struct crypto_key *ckey = NULL;
278 struct posix_acl *acl = NULL;
280 int rc = 0, ck_size = 0, kcontext_size = 0, acl_count;
287 rc = ll_get_acl_key(inode, &acl, &lkey);
290 if (!lkey || IS_DECRYPTED(lkey->lk_flags))
293 acl_count = acl ? acl->a_count : 0;
294 kcontext_size = crypto_kcontext_size(acl_count);
295 OBD_ALLOC(kcontext, kcontext_size);
297 GOTO(out, rc = -ENOMEM);
299 flags = mds_pack_open_flags(it->it_flags);
301 spin_lock(&lli->lli_lock);
302 ll_init_key_context(kcontext, inode->i_uid, inode->i_gid, &lkey->lk_ck,
303 acl, inode->i_mode, GKS_DECRYPT_KEY, flags);
305 spin_unlock(&lli->lli_lock);
307 OBD_ALLOC(kperm, sizeof(struct key_perm));
308 ll_init_key_perm(kperm, NULL, current->uid, current->gid, 0);
310 kparms.context = kcontext;
311 kparms.context_size = kcontext_size;
313 kparms.perm_size = sizeof(struct key_perm);
315 ck_size = sizeof(*ckey);
316 OBD_ALLOC(ckey, ck_size);
318 GOTO(out, rc = -ENOMEM);
320 /*GET an encrypt key from GS server*/
321 rc = obd_get_info(gs_exp, sizeof(struct key_parms), (void *)&kparms,
324 CERROR("decrypt key error rc %d \n", rc);
327 CDEBUG(D_INFO, "decrypt key %s MAC %s from exp %p \n",
328 ckey->ck_mac, ckey->ck_mac, gs_exp);
330 /*copy the decrypt key from kcontext to the lustre key*/
332 spin_lock(&lli->lli_lock);
333 memcpy(&lkey->lk_ck, ckey, sizeof(*ckey));
334 SET_DECRYPTED(lkey->lk_flags);
335 spin_unlock(&lli->lli_lock);
338 posix_acl_release(acl);
340 lustre_key_release(lkey);
342 OBD_FREE(kperm, sizeof(struct key_perm));
344 OBD_FREE(kcontext, kcontext_size);
346 OBD_FREE(ckey, ck_size);
350 int ll_gks_get_mac(struct inode *inode, struct iattr *iattr, void *value,
351 int size, void **key, int *key_size)
353 struct ll_inode_info *lli = ll_i2info(inode);
354 struct obd_export *gs_exp = ll_i2gsexp(inode);
355 struct key_context *kcontext = NULL;
356 struct key_perm *kperm = NULL;
357 struct key_parms kparms;
358 struct lustre_key *lkey = NULL;
359 struct posix_acl *acl = NULL, *new_acl = NULL;
360 int rc = 0, kperm_size = 0, kcontext_size = 0;
369 rc = ll_get_acl_key(inode, &acl, &lkey);
375 acl_count = acl ? acl->a_count : 0;
376 kcontext_size = crypto_kcontext_size(acl_count);
377 OBD_ALLOC(kcontext, kcontext_size);
379 GOTO(out, rc = -ENOMEM);
380 spin_lock(&lli->lli_lock);
381 ll_init_key_context(kcontext, inode->i_uid, inode->i_gid, &lkey->lk_ck,
382 acl, inode->i_mode, GKS_GET_MAC, iattr->ia_valid);
383 spin_unlock(&lli->lli_lock);
385 new_acl = posix_acl_from_xattr(value, size);
386 if (IS_ERR(new_acl)) {
387 rc = PTR_ERR(new_acl);
388 CERROR("convert from xattr to acl error: %d",rc);
391 } else if (new_acl) {
392 rc = posix_acl_valid(new_acl);
394 CERROR("acl valid error: %d", rc);
399 acl_count = acl ? acl->a_count : 0;
400 kperm_size = crypto_kperm_size(acl_count);
401 OBD_ALLOC(kperm, kperm_size);
402 if (iattr->ia_valid & ATTR_MODE)
403 mac_mode = iattr->ia_mode;
405 mac_mode = inode->i_mode;
406 ll_init_key_perm(kperm, new_acl, iattr->ia_uid, iattr->ia_gid,
408 kparms.context = kcontext;
409 kparms.context_size = kcontext_size;
411 kparms.perm_size = kperm_size;
413 *key_size = sizeof(struct crypto_key);
414 OBD_ALLOC(*key, *key_size);
416 GOTO(out, rc = -ENOMEM);
418 /*GET an encrypt key from GS server*/
419 rc = obd_get_info(gs_exp, sizeof(struct key_parms), (void *)&kparms,
422 CERROR("decrypt key error rc %d \n", rc);
425 /*copy the decrypt key from kcontext to the lustre key*/
426 spin_lock(&lli->lli_lock);
427 memcpy(&lkey->lk_ck, *key, *key_size);
428 iattr->ia_valid |= ATTR_MAC;
429 spin_unlock(&lli->lli_lock);
432 posix_acl_release(acl);
434 posix_acl_release(new_acl);
436 lustre_key_release(lkey);
438 OBD_FREE(kperm, kperm_size);
440 OBD_FREE(kcontext, kcontext_size);
444 /*key function for calculate the key for countermode method*/
445 static int ll_crypt_cb(struct page *page, __u64 offset, __u64 count,
448 struct inode *inode = page->mapping->host;
449 struct ll_inode_info *lli = ll_i2info(inode);
450 struct lustre_key *lkey = ll_i2info(inode)->lli_key_info;
453 int index = page->index;
460 if (!IS_DECRYPTED(lkey->lk_flags))
462 if (flags == ENCRYPT_DATA && !IS_ENABLE_ENCRYPT(lkey->lk_flags))
464 if (flags == DECRYPT_DATA && !IS_ENABLE_DECRYPT(lkey->lk_flags))
467 /*FIXME: tmp calculate method, should calculate
468 the key according to KEY_TYPE*/
470 spin_lock(&lli->lli_lock);
471 key_ptr = &lkey->lk_ck.ck_key[0];
472 for (i=0; i < KEY_SIZE; i++)
473 data_key += *key_ptr++;
474 spin_unlock(&lli->lli_lock);
477 CDEBUG(D_INFO, "data_key is "LPU64" \n", data_key);
479 ptr = (char *)kmap(page);
481 CDEBUG(D_INFO, "ptr is %s \n", ptr);
482 for (i = 0; i < count; i++)
484 CDEBUG(D_INFO, "encrypted ptr is %s \n", ptr);
490 int ll_gs_init_inode_key(struct inode *inode, void *mkey)
492 struct ll_inode_info *lli = ll_i2info(inode);
493 struct crypto_key *key = (struct crypto_key*)mkey;
494 struct lustre_key *lkey = NULL;
500 if (lli->lli_key_info == NULL) {
501 OBD_ALLOC(lkey, sizeof(struct lustre_key));
504 memcpy(&lkey->lk_ck, key, sizeof(*key));
505 atomic_set(&lkey->lk_refcount, 1);
506 SET_UNDECRYPTED(lkey->lk_flags);
507 ENABLE_ENCRYPT(lkey->lk_flags);
508 ENABLE_DECRYPT(lkey->lk_flags);
509 spin_lock(&lli->lli_lock);
510 lli->lli_key_info = lkey;
511 spin_unlock(&lli->lli_lock);
513 lkey = lustre_key_get(lli->lli_key_info);
514 if (!IS_DECRYPTED(lkey->lk_flags)) {
515 if (memcmp(&lkey->lk_ck, key, sizeof(*key))) {
516 CWARN("already have key_info %p in ino %ld \n",
517 lli->lli_key_info, inode->i_ino);
520 spin_lock(&lli->lli_lock);
521 SET_UNDECRYPTED(lkey->lk_flags);
522 memcpy(&lkey->lk_ck, key, sizeof(*key));
523 spin_unlock(&lli->lli_lock);
525 lustre_key_release(lkey);
527 CDEBUG(D_INFO, "set key %s mac %s in inode %lu \n",
528 lli->lli_key_info->lk_ck.ck_mac,
529 lli->lli_key_info->lk_ck.ck_key,
534 static int ll_gs_destroy_key(struct inode *inode)
536 struct ll_inode_info *lli = ll_i2info(inode);
538 spin_lock(&lli->lli_lock);
539 if (lli->lli_key_info) {
540 LASSERTF(atomic_read(&lli->lli_key_info->lk_refcount) == 1,
541 "lk_refcount %d != 1 when destory\n",
542 atomic_read(&lli->lli_key_info->lk_refcount));
543 lustre_key_release(lli->lli_key_info);
544 lli->lli_key_info = NULL;
546 spin_unlock(&lli->lli_lock);
550 struct crypto_helper_ops ll_cgs_ops = {
551 .init_it_key = ll_gks_init_it,
552 .create_key = ll_gks_create_key,
553 .init_inode_key = ll_gs_init_inode_key,
554 .get_mac = ll_gks_get_mac,
555 .decrypt_key = ll_gks_decrypt_key,
556 .destroy_key = ll_gs_destroy_key,
559 int ll_mks_create_key(struct inode *inode, struct lookup_intent *it)
561 struct lustre_intent_data *lustre_data;
562 struct crypto_key *crypto_key;
566 LASSERT(it->d.fs_data != NULL);
567 lustre_data = (struct lustre_intent_data *)it->d.fs_data;
569 if (lustre_data->it_key) {
570 OBD_FREE(lustre_data->it_key, sizeof(struct crypto_key));
572 OBD_ALLOC(crypto_key, sizeof(struct crypto_key));
574 lustre_data->it_key = crypto_key;
575 lustre_data->it_key_size = sizeof(struct crypto_key);
579 int ll_mks_init_it(struct inode *parent, struct lookup_intent *it)
581 struct obd_export *gs_exp = ll_i2gsexp(parent);
588 ll_gs_intent_init(it);
589 if (it->it_op & IT_CREAT) {
590 ll_mks_create_key(parent, it);
595 int ll_mks_decrypt_key(struct inode *inode, struct lookup_intent *it)
597 struct ll_inode_info *lli = ll_i2info(inode);
598 struct obd_export *gs_exp = ll_i2gsexp(inode);
599 struct lustre_key *lkey = NULL;
600 struct posix_acl *acl = NULL;
608 rc = ll_get_acl_key(inode, &acl, &lkey);
611 spin_lock(&lli->lli_lock);
612 SET_DECRYPTED(lkey->lk_flags);
613 spin_unlock(&lli->lli_lock);
616 struct crypto_helper_ops ll_cmd_ops = {
617 .init_it_key = ll_mks_init_it,
618 .init_inode_key = ll_gs_init_inode_key,
619 .decrypt_key = ll_mks_decrypt_key,
620 .destroy_key = ll_gs_destroy_key,
624 static int ll_register_cops(struct ll_crypto_info *llci, char *type,
625 struct crypto_helper_ops *cops)
627 struct list_head *list = &llci->ll_cops_list;
628 struct crypto_ops_item *opi = NULL, *tmp;
629 char *opi_name = NULL;
633 list_for_each_entry(tmp, list, clist) {
634 if (!strcmp(type, tmp->ctype)) {
635 CWARN("%s is already registered\n", type);
641 OBD_ALLOC(opi, sizeof(*opi));
643 OBD_ALLOC(opi_name, strlen(type) + 1);
645 LASSERT(opi && opi_name);
647 memcpy(opi_name, type, strlen(type));
649 opi->ctype = opi_name;
652 list_add_tail(&opi->clist, list);
657 static int ll_init_sb_crypto(struct super_block *sb)
659 struct ll_crypto_info *llci = NULL;
663 OBD_ALLOC(llci, sizeof(*llci));
668 INIT_LIST_HEAD(&llci->ll_cops_list);
670 ll_register_cops(llci, "gks", &ll_cgs_ops);
671 ll_register_cops(llci, "mks", &ll_cmd_ops);
673 ll_s2sbi(sb)->ll_crypto_info = llci;
678 static int ll_unregister_cops(struct ll_crypto_info *llci)
680 struct list_head *list = &llci->ll_cops_list;
681 struct crypto_ops_item *tmp, *item;
683 list_for_each_entry_safe(item, tmp, list, clist) {
684 list_del_init(&item->clist);
685 OBD_FREE(item->ctype, strlen(item->ctype) + 1);
686 OBD_FREE(item, sizeof(*item));
691 int lustre_destroy_crypto(struct super_block *sb)
693 struct ll_crypto_info *llci = ll_s2crpi(sb);
700 obd_disconnect(llci->ll_gt_exp, 0);
702 ll_unregister_cops(llci);
703 OBD_FREE(llci, sizeof(*llci));
707 int lustre_init_crypto(struct super_block *sb, char *gkc,
708 struct obd_connect_data *data,
711 struct obd_device *obd = NULL;
712 struct ll_sb_info *sbi = ll_s2sbi(sb);
713 struct lustre_handle gt_conn;
717 rc = ll_init_sb_crypto(sb);
721 if (!gkc || !strcmp(gkc, "null")) {
722 CDEBUG(D_INFO, "No gks Server\n");
726 obd = class_name2obd(gkc);
728 CERROR("GSC %s: not setup or attached\n", gkc);
729 GOTO(out, rc = -EINVAL);
732 obd_set_info(obd->obd_self_export, strlen("async"), "async",
733 sizeof(async), &async);
735 rc = obd_connect(>_conn, obd, &sbi->ll_sb_uuid, data,
736 OBD_OPT_REAL_CLIENT);
738 CERROR("cannot connect to %s: rc = %d\n", gkc, rc);
741 ll_s2crpi(sb)->ll_gt_exp = class_conn2export(>_conn);
744 lustre_destroy_crypto(sb);
747 struct crypto_helper_ops *
748 ll_gks_find_ops(struct ll_crypto_info *llc_info, char *type)
750 struct list_head *list = &llc_info->ll_cops_list;
751 struct crypto_ops_item *tmp;
754 list_for_each_entry(tmp, list, clist) {
755 if (!strcmp(type, tmp->ctype)) {
760 CERROR("can not find crypto api %s \n", type);
764 int ll_set_sb_gksinfo(struct super_block *sb, char *type)
766 struct ll_crypto_info *llci = ll_s2crpi(sb);
767 struct obd_export *md_exp = ll_s2mdexp(sb);
768 struct obd_export *dt_exp = ll_s2dtexp(sb);
769 struct crypto_helper_ops *ops;
773 /*try to find the helper ops according to the type*/
774 ops = ll_gks_find_ops(llci, type);
776 CERROR("can not find the crypto ops by type %s \n", type);
781 rc = obd_set_info(md_exp, strlen("crypto_type"), "crypto_type",
784 /*set crypt call back func*/
786 rc = obd_set_info(dt_exp, strlen("crypto_cb"), "crypto_cb",
787 sizeof(crypt_cb_t), &ll_crypt_cb);