#define DEBUG_SUBSYSTEM S_MDS
+#include <linux/user_namespace.h>
+#ifdef HAVE_UIDGID_HEADER
+# include <linux/uidgid.h>
+#endif
#include "mdt_internal.h"
#include <lnet/nidstr.h>
#include <lustre_nodemap.h>
return rc;
}
+/**
+ * Check whether allow the client to set supplementary group IDs or not.
+ *
+ * \param[in] info pointer to the thread context
+ * \param[in] uc pointer to the RPC user descriptor
+ *
+ * \retval true if allow to set supplementary group IDs
+ * \retval false for other cases
+ */
+bool allow_client_chgrp(struct mdt_thread_info *info, struct lu_ucred *uc)
+{
+ __u32 remote = exp_connect_rmtclient(info->mti_exp);
+ __u32 perm;
+
+ /* 1. If identity_upcall is disabled, then forbid remote client to set
+ * supplementary group IDs, but permit local client to do that. */
+ if (is_identity_get_disabled(info->mti_mdt->mdt_identity_cache)) {
+ if (remote)
+ return false;
+
+ return true;
+ }
+
+ /* 2. If fail to get related identities, then forbid any client to
+ * set supplementary group IDs. */
+ if (uc->uc_identity == NULL)
+ return false;
+
+ /* 3. Check the permission in the identities. */
+ perm = mdt_identity_get_perm(uc->uc_identity, remote,
+ mdt_info_req(info)->rq_peer.nid);
+ if (perm & CFS_SETGRP_PERM)
+ return true;
+
+ return false;
+}
+
int mdt_check_ucred(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
acl_size = 0;
}
- CDEBUG(D_INFO, "Shrink to md_size = %d cookie/acl_size = %d"
- " MDSCAPA = %llx, OSSCAPA = %llx\n",
- md_size, acl_size,
- (unsigned long long)(body->mbo_valid & OBD_MD_FLMDSCAPA),
- (unsigned long long)(body->mbo_valid & OBD_MD_FLOSSCAPA));
+ CDEBUG(D_INFO, "Shrink to md_size = %d cookie/acl_size = %d\n",
+ md_size, acl_size);
/*
&RMF_MDT_BODY,
&RMF_MDT_MD,
{
struct mdt_body *repbody;
const struct lu_attr *la = &ma->ma_attr;
- int rc;
ENTRY;
repbody = req_capsule_server_get(info->mti_pill, &RMF_MDT_BODY);
}
repbody->mbo_eadatasize = 0;
- if (info->mti_mdt->mdt_lut.lut_oss_capa &&
- exp_connect_flags(info->mti_exp) & OBD_CONNECT_OSS_CAPA &&
- repbody->mbo_valid & OBD_MD_FLEASIZE) {
- struct lustre_capa *capa;
-
- capa = req_capsule_server_get(info->mti_pill, &RMF_CAPA2);
- LASSERT(capa);
- capa->lc_opc = CAPA_OPC_OSS_DESTROY;
- rc = mo_capa_get(info->mti_env, mdt_object_child(mo), capa, 0);
- if (rc)
- RETURN(rc);
-
- repbody->mbo_valid |= OBD_MD_FLOSSCAPA;
- }
-
RETURN(0);
}
return out;
}
-void mdt_set_capainfo(struct mdt_thread_info *info, int offset,
- const struct lu_fid *fid, struct lustre_capa *capa)
-{
- struct lu_capainfo *lci;
-
- LASSERT(offset >= 0 && offset < LU_CAPAINFO_MAX);
- if (!info->mti_mdt->mdt_lut.lut_mds_capa ||
- !(exp_connect_flags(info->mti_exp) & OBD_CONNECT_MDS_CAPA))
- return;
-
- lci = lu_capainfo_get(info->mti_env);
- LASSERT(lci);
- lci->lci_fid[offset] = *fid;
- lci->lci_capa[offset] = capa;
-}
-
-#ifdef DEBUG_CAPA
-void mdt_dump_capainfo(struct mdt_thread_info *info)
-{
- struct lu_capainfo *lci = lu_capainfo_get(info->mti_env);
- int i;
-
- if (lci == NULL)
- return;
-
- for (i = 0; i < LU_CAPAINFO_MAX; i++) {
- if (lci->lci_capa[i] == NULL) {
- CERROR("no capa for index %d "DFID"\n",
- i, PFID(&lci->lci_fid[i]));
- continue;
- }
- if (lci->lci_capa[i] == BYPASS_CAPA) {
- CERROR("bypass for index %d "DFID"\n",
- i, PFID(&lci->lci_fid[i]));
- continue;
- }
- DEBUG_CAPA(D_ERROR, lci->lci_capa[i], "index %d", i);
- }
-}
-#endif /* DEBUG_CAPA */
-
/* unpacking */
int mdt_name_unpack(struct req_capsule *pill,
rr->rr_fid1 = &rec->sa_fid;
la->la_valid = mdt_attr_valid_xlate(rec->sa_valid, rr, ma);
- /* If MDS_ATTR_xTIME is set without MDS_ATTR_xTIME_SET and
- * the client does not have OBD_CONNECT_FULL20, convert it
- * to LA_xTIME. LU-3036 */
- if (!(exp_connect_flags(info->mti_exp) & OBD_CONNECT_FULL20)) {
- if (!(rec->sa_valid & MDS_ATTR_ATIME_SET) &&
- (rec->sa_valid & MDS_ATTR_ATIME))
- la->la_valid |= LA_ATIME;
- if (!(rec->sa_valid & MDS_ATTR_MTIME_SET) &&
- (rec->sa_valid & MDS_ATTR_MTIME))
- la->la_valid |= LA_MTIME;
- if (!(rec->sa_valid & MDS_ATTR_CTIME_SET) &&
- (rec->sa_valid & MDS_ATTR_CTIME))
- la->la_valid |= LA_CTIME;
- }
la->la_mode = rec->sa_mode;
la->la_flags = rec->sa_attr_flags;
la->la_uid = nodemap_map_id(nodemap, NODEMAP_UID,
else
ma->ma_attr_flags &= ~MDS_HSM_RELEASE;
- if (req_capsule_get_size(pill, &RMF_CAPA1, RCL_CLIENT))
- mdt_set_capainfo(info, 0, rr->rr_fid1,
- req_capsule_client_get(pill, &RMF_CAPA1));
+ if (rec->sa_bias & MDS_CLOSE_LAYOUT_SWAP)
+ ma->ma_attr_flags |= MDS_CLOSE_LAYOUT_SWAP;
+ else
+ ma->ma_attr_flags &= ~MDS_CLOSE_LAYOUT_SWAP;
RETURN(0);
}
-static int mdt_ioepoch_unpack(struct mdt_thread_info *info)
+static int mdt_close_handle_unpack(struct mdt_thread_info *info)
{
- struct req_capsule *pill = info->mti_pill;
- ENTRY;
+ struct req_capsule *pill = info->mti_pill;
+ struct mdt_ioepoch *ioepoch;
+ ENTRY;
- if (req_capsule_get_size(pill, &RMF_MDT_EPOCH, RCL_CLIENT))
- info->mti_ioepoch =
- req_capsule_client_get(pill, &RMF_MDT_EPOCH);
- else
- info->mti_ioepoch = NULL;
- RETURN(info->mti_ioepoch == NULL ? -EFAULT : 0);
+ if (req_capsule_get_size(pill, &RMF_MDT_EPOCH, RCL_CLIENT))
+ ioepoch = req_capsule_client_get(pill, &RMF_MDT_EPOCH);
+ else
+ ioepoch = NULL;
+
+ if (ioepoch == NULL)
+ RETURN(-EPROTO);
+
+ info->mti_close_handle = ioepoch->mio_handle;
+
+ RETURN(0);
}
static inline int mdt_dlmreq_unpack(struct mdt_thread_info *info) {
if (rc)
RETURN(rc);
- /* Epoch may be absent */
- mdt_ioepoch_unpack(info);
-
if (req_capsule_field_present(pill, &RMF_EADATA, RCL_CLIENT)) {
rr->rr_eadata = req_capsule_client_get(pill, &RMF_EADATA);
rr->rr_eadatalen = req_capsule_get_size(pill, &RMF_EADATA,
RETURN(rc);
}
-static int mdt_hsm_release_unpack(struct mdt_thread_info *info)
+static int mdt_intent_close_unpack(struct mdt_thread_info *info)
{
struct md_attr *ma = &info->mti_attr;
- struct req_capsule *pill = info->mti_pill;
+ struct req_capsule *pill = info->mti_pill;
ENTRY;
- if (!(ma->ma_attr_flags & MDS_HSM_RELEASE))
+ if (!(ma->ma_attr_flags & (MDS_HSM_RELEASE | MDS_CLOSE_LAYOUT_SWAP)))
RETURN(0);
- req_capsule_extend(pill, &RQF_MDS_RELEASE_CLOSE);
+ req_capsule_extend(pill, &RQF_MDS_INTENT_CLOSE);
if (!(req_capsule_has_field(pill, &RMF_CLOSE_DATA, RCL_CLIENT) &&
req_capsule_field_present(pill, &RMF_CLOSE_DATA, RCL_CLIENT)))
int mdt_close_unpack(struct mdt_thread_info *info)
{
- int rc;
- ENTRY;
+ int rc;
+ ENTRY;
- rc = mdt_ioepoch_unpack(info);
+ rc = mdt_close_handle_unpack(info);
if (rc)
RETURN(rc);
if (rc)
RETURN(rc);
- rc = mdt_hsm_release_unpack(info);
+ rc = mdt_intent_close_unpack(info);
if (rc)
RETURN(rc);
memset(&sp->u, 0, sizeof(sp->u));
sp->sp_cr_flags = get_mrc_cr_flags(rec);
- if (req_capsule_get_size(pill, &RMF_CAPA1, RCL_CLIENT))
- mdt_set_capainfo(info, 0, rr->rr_fid1,
- req_capsule_client_get(pill, &RMF_CAPA1));
- mdt_set_capainfo(info, 1, rr->rr_fid2, BYPASS_CAPA);
-
rc = mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, 0);
if (rc < 0)
RETURN(rc);
attr->la_mtime = rec->lk_time;
attr->la_valid = LA_UID | LA_GID | LA_CTIME | LA_MTIME;
- if (req_capsule_get_size(pill, &RMF_CAPA1, RCL_CLIENT))
- mdt_set_capainfo(info, 0, rr->rr_fid1,
- req_capsule_client_get(pill, &RMF_CAPA1));
- if (req_capsule_get_size(pill, &RMF_CAPA2, RCL_CLIENT))
- mdt_set_capainfo(info, 1, rr->rr_fid2,
- req_capsule_client_get(pill, &RMF_CAPA2));
-
rc = mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, 0);
if (rc < 0)
RETURN(rc);
attr->la_mode = rec->ul_mode;
attr->la_valid = LA_UID | LA_GID | LA_CTIME | LA_MTIME | LA_MODE;
- if (req_capsule_get_size(pill, &RMF_CAPA1, RCL_CLIENT))
- mdt_set_capainfo(info, 0, rr->rr_fid1,
- req_capsule_client_get(pill, &RMF_CAPA1));
-
rc = mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, 0);
if (rc < 0)
RETURN(rc);
attr->la_mode = rec->rn_mode;
attr->la_valid = LA_UID | LA_GID | LA_CTIME | LA_MTIME | LA_MODE;
- if (req_capsule_get_size(pill, &RMF_CAPA1, RCL_CLIENT))
- mdt_set_capainfo(info, 0, rr->rr_fid1,
- req_capsule_client_get(pill, &RMF_CAPA1));
- if (req_capsule_get_size(pill, &RMF_CAPA2, RCL_CLIENT))
- mdt_set_capainfo(info, 1, rr->rr_fid2,
- req_capsule_client_get(pill, &RMF_CAPA2));
-
rc = mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, 0);
if (rc < 0)
RETURN(rc);
/* Do not trigger ASSERTION if client miss to set such flags. */
if (unlikely(info->mti_spec.sp_cr_flags == 0))
RETURN(-EPROTO);
- info->mti_replayepoch = rec->cr_ioepoch;
info->mti_cross_ref = !!(rec->cr_bias & MDS_CROSS_REF);
- if (req_capsule_get_size(pill, &RMF_CAPA1, RCL_CLIENT))
- mdt_set_capainfo(info, 0, rr->rr_fid1,
- req_capsule_client_get(pill, &RMF_CAPA1));
- if (req_is_replay(req) &&
- req_capsule_get_size(pill, &RMF_CAPA2, RCL_CLIENT)) {
-#if 0
- mdt_set_capainfo(info, 1, rr->rr_fid2,
- req_capsule_client_get(pill, &RMF_CAPA2));
-#else
- /*
- * FIXME: capa in replay open request might have expired,
- * bypass capa check. Security hole?
- */
- mdt_set_capainfo(info, 0, rr->rr_fid1, BYPASS_CAPA);
- mdt_set_capainfo(info, 1, rr->rr_fid2, BYPASS_CAPA);
-#endif
- }
-
mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, MNF_FIX_ANON);
if (req_capsule_field_present(pill, &RMF_EADATA, RCL_CLIENT)) {
attr->la_size = rec->sx_size;
attr->la_flags = rec->sx_flags;
- if (req_capsule_get_size(pill, &RMF_CAPA1, RCL_CLIENT))
- mdt_set_capainfo(info, 0, rr->rr_fid1,
- req_capsule_client_get(pill, &RMF_CAPA1));
- else
- mdt_set_capainfo(info, 0, rr->rr_fid1, BYPASS_CAPA);
-
rc = mdt_name_unpack(pill, &RMF_NAME, &rr->rr_name, 0);
if (rc < 0)
RETURN(rc);