*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; If not, see
- * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
+ * http://www.gnu.org/licenses/gpl-2.0.html
*
* GPL HEADER END
*/
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
- * Copyright (c) 2011, 2012, Intel Corporation.
+ * Copyright (c) 2011, 2017, Intel Corporation.
*/
/*
* This file is part of Lustre, http://www.lustre.org/
#define DEBUG_SUBSYSTEM S_SEC
-#include <libcfs/libcfs.h>
-#ifndef __KERNEL__
-#include <liblustre.h>
-#include <libcfs/list.h>
-#else
+#include <linux/user_namespace.h>
+#ifdef HAVE_UIDGID_HEADER
+# include <linux/uidgid.h>
+#endif
#include <linux/crypto.h>
#include <linux/key.h>
-#endif
+#include <libcfs/libcfs.h>
#include <obd.h>
#include <obd_class.h>
#include <obd_support.h>
struct ptlrpc_sec_policy * sptlrpc_wireflavor2policy(__u32 flavor)
{
static DEFINE_MUTEX(load_mutex);
- static cfs_atomic_t loaded = CFS_ATOMIC_INIT(0);
- struct ptlrpc_sec_policy *policy;
- __u16 number = SPTLRPC_FLVR_POLICY(flavor);
- __u16 flag = 0;
+ static atomic_t loaded = ATOMIC_INIT(0);
+ struct ptlrpc_sec_policy *policy;
+ __u16 number = SPTLRPC_FLVR_POLICY(flavor);
+ __u16 flag = 0;
- if (number >= SPTLRPC_POLICY_MAX)
- return NULL;
+ if (number >= SPTLRPC_POLICY_MAX)
+ return NULL;
- while (1) {
+ while (1) {
read_lock(&policy_lock);
- policy = policies[number];
- if (policy && !cfs_try_module_get(policy->sp_owner))
- policy = NULL;
- if (policy == NULL)
- flag = cfs_atomic_read(&loaded);
+ policy = policies[number];
+ if (policy && !try_module_get(policy->sp_owner))
+ policy = NULL;
+ if (policy == NULL)
+ flag = atomic_read(&loaded);
read_unlock(&policy_lock);
- if (policy != NULL || flag != 0 ||
- number != SPTLRPC_POLICY_GSS)
- break;
+ if (policy != NULL || flag != 0 ||
+ number != SPTLRPC_POLICY_GSS)
+ break;
- /* try to load gss module, once */
+ /* try to load gss module, once */
mutex_lock(&load_mutex);
- if (cfs_atomic_read(&loaded) == 0) {
- if (cfs_request_module("ptlrpc_gss") == 0)
- CDEBUG(D_SEC,
- "module ptlrpc_gss loaded on demand\n");
- else
- CERROR("Unable to load module ptlrpc_gss\n");
-
- cfs_atomic_set(&loaded, 1);
- }
+ if (atomic_read(&loaded) == 0) {
+ if (request_module("ptlrpc_gss") == 0)
+ CDEBUG(D_SEC,
+ "module ptlrpc_gss loaded on demand\n");
+ else
+ CERROR("Unable to load module ptlrpc_gss\n");
+
+ atomic_set(&loaded, 1);
+ }
mutex_unlock(&load_mutex);
- }
+ }
- return policy;
+ return policy;
}
__u32 sptlrpc_name2flavor_base(const char *name)
{
- if (!strcmp(name, "null"))
- return SPTLRPC_FLVR_NULL;
- if (!strcmp(name, "plain"))
- return SPTLRPC_FLVR_PLAIN;
+ if (!strcmp(name, "null"))
+ return SPTLRPC_FLVR_NULL;
+ if (!strcmp(name, "plain"))
+ return SPTLRPC_FLVR_PLAIN;
+ if (!strcmp(name, "gssnull"))
+ return SPTLRPC_FLVR_GSSNULL;
if (!strcmp(name, "krb5n"))
return SPTLRPC_FLVR_KRB5N;
if (!strcmp(name, "krb5a"))
return SPTLRPC_FLVR_KRB5I;
if (!strcmp(name, "krb5p"))
return SPTLRPC_FLVR_KRB5P;
+ if (!strcmp(name, "skn"))
+ return SPTLRPC_FLVR_SKN;
+ if (!strcmp(name, "ska"))
+ return SPTLRPC_FLVR_SKA;
+ if (!strcmp(name, "ski"))
+ return SPTLRPC_FLVR_SKI;
+ if (!strcmp(name, "skpi"))
+ return SPTLRPC_FLVR_SKPI;
- return SPTLRPC_FLVR_INVALID;
+ return SPTLRPC_FLVR_INVALID;
}
EXPORT_SYMBOL(sptlrpc_name2flavor_base);
return "null";
else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_PLAIN))
return "plain";
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_GSSNULL))
+ return "gssnull";
else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5N))
return "krb5n";
else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5A))
return "krb5i";
else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5P))
return "krb5p";
-
- CERROR("invalid wire flavor 0x%x\n", flvr);
- return "invalid";
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_SKN))
+ return "skn";
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_SKA))
+ return "ska";
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_SKI))
+ return "ski";
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_SKPI))
+ return "skpi";
+
+ CERROR("invalid wire flavor 0x%x\n", flvr);
+ return "invalid";
}
EXPORT_SYMBOL(sptlrpc_flavor2name_base);
create = 0;
remove_dead = 0;
}
- } else {
- vcred.vc_uid = cfs_curproc_uid();
- vcred.vc_gid = cfs_curproc_gid();
- }
+ } else {
+ vcred.vc_uid = from_kuid(&init_user_ns, current_uid());
+ vcred.vc_gid = from_kgid(&init_user_ns, current_gid());
+ }
- return sec->ps_policy->sp_cops->lookup_ctx(sec, &vcred,
- create, remove_dead);
+ return sec->ps_policy->sp_cops->lookup_ctx(sec, &vcred, create,
+ remove_dead);
}
struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx)
{
- cfs_atomic_inc(&ctx->cc_refcount);
- return ctx;
+ atomic_inc(&ctx->cc_refcount);
+ return ctx;
}
EXPORT_SYMBOL(sptlrpc_cli_ctx_get);
void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync)
{
- struct ptlrpc_sec *sec = ctx->cc_sec;
+ struct ptlrpc_sec *sec = ctx->cc_sec;
- LASSERT(sec);
- LASSERT_ATOMIC_POS(&ctx->cc_refcount);
+ LASSERT(sec);
+ LASSERT_ATOMIC_POS(&ctx->cc_refcount);
- if (!cfs_atomic_dec_and_test(&ctx->cc_refcount))
- return;
+ if (!atomic_dec_and_test(&ctx->cc_refcount))
+ return;
- sec->ps_policy->sp_cops->release_ctx(sec, ctx, sync);
+ sec->ps_policy->sp_cops->release_ctx(sec, ctx, sync);
}
EXPORT_SYMBOL(sptlrpc_cli_ctx_put);
struct ptlrpc_request *req, *next;
spin_lock(&ctx->cc_lock);
- cfs_list_for_each_entry_safe(req, next, &ctx->cc_req_list,
+ list_for_each_entry_safe(req, next, &ctx->cc_req_list,
rq_ctx_chain) {
- cfs_list_del_init(&req->rq_ctx_chain);
+ list_del_init(&req->rq_ctx_chain);
ptlrpc_client_wake_req(req);
}
spin_unlock(&ctx->cc_lock);
spin_lock(&imp->imp_lock);
if (imp->imp_sec_expire &&
- imp->imp_sec_expire < cfs_time_current_sec()) {
+ imp->imp_sec_expire < ktime_get_real_seconds()) {
adapt = 1;
imp->imp_sec_expire = 0;
}
return 0;
CDEBUG(D_SEC, "found delayed sec adapt expired, do it now\n");
- return sptlrpc_import_sec_adapt(imp, NULL, 0);
+ return sptlrpc_import_sec_adapt(imp, NULL, NULL);
}
+/**
+ * Get and validate the client side ptlrpc security facilities from
+ * \a imp. There is a race condition on client reconnect when the import is
+ * being destroyed while there are outstanding client bound requests. In
+ * this case do not output any error messages if import secuity is not
+ * found.
+ *
+ * \param[in] imp obd import associated with client
+ * \param[out] sec client side ptlrpc security
+ *
+ * \retval 0 if security retrieved successfully
+ * \retval -ve errno if there was a problem
+ */
static int import_sec_validate_get(struct obd_import *imp,
- struct ptlrpc_sec **sec)
+ struct ptlrpc_sec **sec)
{
- int rc;
+ int rc;
- if (unlikely(imp->imp_sec_expire)) {
- rc = import_sec_check_expire(imp);
- if (rc)
- return rc;
- }
+ if (unlikely(imp->imp_sec_expire)) {
+ rc = import_sec_check_expire(imp);
+ if (rc)
+ return rc;
+ }
- *sec = sptlrpc_import_sec_ref(imp);
- if (*sec == NULL) {
- CERROR("import %p (%s) with no sec\n",
- imp, ptlrpc_import_state_name(imp->imp_state));
- return -EACCES;
- }
+ *sec = sptlrpc_import_sec_ref(imp);
+ if (*sec == NULL) {
+ CERROR("import %p (%s) with no sec\n",
+ imp, ptlrpc_import_state_name(imp->imp_state));
+ return -EACCES;
+ }
- if (unlikely((*sec)->ps_dying)) {
- CERROR("attempt to use dying sec %p\n", sec);
- sptlrpc_sec_put(*sec);
- return -EACCES;
- }
+ if (unlikely((*sec)->ps_dying)) {
+ CERROR("attempt to use dying sec %p\n", sec);
+ sptlrpc_sec_put(*sec);
+ return -EACCES;
+ }
- return 0;
+ return 0;
}
/**
- * Given a \a req, find or allocate a appropriate context for it.
+ * Given a \a req, find or allocate an appropriate context for it.
* \pre req->rq_cli_ctx == NULL.
*
* \retval 0 succeed, and req->rq_cli_ctx is set.
sptlrpc_sec_put(sec);
- if (!req->rq_cli_ctx) {
- CERROR("req %p: fail to get context\n", req);
- RETURN(-ENOMEM);
- }
+ if (!req->rq_cli_ctx) {
+ CERROR("req %p: fail to get context\n", req);
+ RETURN(-ECONNREFUSED);
+ }
RETURN(0);
}
/* request might be asked to release earlier while still
* in the context waiting list.
*/
- if (!cfs_list_empty(&req->rq_ctx_chain)) {
+ if (!list_empty(&req->rq_ctx_chain)) {
spin_lock(&req->rq_cli_ctx->cc_lock);
- cfs_list_del_init(&req->rq_ctx_chain);
+ list_del_init(&req->rq_ctx_chain);
spin_unlock(&req->rq_cli_ctx->cc_lock);
}
newctx = req->rq_cli_ctx;
LASSERT(newctx);
- if (unlikely(newctx == oldctx &&
+ if (unlikely(newctx == oldctx &&
test_bit(PTLRPC_CTX_DEAD_BIT, &oldctx->cc_flags))) {
/*
* still get the old dead ctx, usually means system too busy
"ctx (%p, fl %lx) doesn't switch, relax a little bit\n",
newctx, newctx->cc_flags);
- cfs_schedule_timeout_and_set_state(CFS_TASK_INTERRUPTIBLE,
- CFS_HZ);
- } else {
+ set_current_state(TASK_INTERRUPTIBLE);
+ schedule_timeout(msecs_to_jiffies(MSEC_PER_SEC));
+ } else if (unlikely(test_bit(PTLRPC_CTX_UPTODATE_BIT, &newctx->cc_flags)
+ == 0)) {
+ /*
+ * new ctx not up to date yet
+ */
+ CDEBUG(D_SEC,
+ "ctx (%p, fl %lx) doesn't switch, not up to date yet\n",
+ newctx, newctx->cc_flags);
+ } else {
/*
* it's possible newctx == oldctx if we're switching
* subflavor with the same sec.
void req_off_ctx_list(struct ptlrpc_request *req, struct ptlrpc_cli_ctx *ctx)
{
spin_lock(&ctx->cc_lock);
- if (!cfs_list_empty(&req->rq_ctx_chain))
- cfs_list_del_init(&req->rq_ctx_chain);
+ if (!list_empty(&req->rq_ctx_chain))
+ list_del_init(&req->rq_ctx_chain);
spin_unlock(&ctx->cc_lock);
}
* it for reply reconstruction.
*
* Commonly the original context should be uptodate because we
- * have a expiry nice time; server will keep its context because
+ * have an expiry nice time; server will keep its context because
* we at least hold a ref of old context which prevent context
- * destroying RPC being sent. So server still can accept the request
- * and finish the RPC. But if that's not the case:
+ * from destroying RPC being sent. So server still can accept the
+ * request and finish the RPC. But if that's not the case:
* 1. If server side context has been trimmed, a NO_CONTEXT will
* be returned, gss_cli_ctx_verify/unseal will switch to new
* context by force.
* waiting list
*/
spin_lock(&ctx->cc_lock);
- if (cfs_list_empty(&req->rq_ctx_chain))
- cfs_list_add(&req->rq_ctx_chain, &ctx->cc_req_list);
+ if (list_empty(&req->rq_ctx_chain))
+ list_add(&req->rq_ctx_chain, &ctx->cc_req_list);
spin_unlock(&ctx->cc_lock);
if (timeout < 0)
req->rq_restart = 0;
spin_unlock(&req->rq_lock);
- lwi = LWI_TIMEOUT_INTR(timeout * CFS_HZ, ctx_refresh_timeout,
- ctx_refresh_interrupt, req);
- rc = l_wait_event(req->rq_reply_waitq, ctx_check_refresh(ctx), &lwi);
+ lwi = LWI_TIMEOUT_INTR(msecs_to_jiffies(timeout * MSEC_PER_SEC),
+ ctx_refresh_timeout,
+ ctx_refresh_interrupt, req);
+ rc = l_wait_event(req->rq_reply_waitq, ctx_check_refresh(ctx), &lwi);
/*
* following cases could lead us here:
LASSERT(req->rq_cli_ctx->cc_sec);
LASSERT(req->rq_bulk_read == 0 || req->rq_bulk_write == 0);
- /* special security flags accoding to opcode */
+ /* special security flags according to opcode */
switch (opcode) {
case OST_READ:
case MDS_READPAGE:
*/
int sptlrpc_import_check_ctx(struct obd_import *imp)
{
- struct ptlrpc_sec *sec;
- struct ptlrpc_cli_ctx *ctx;
- struct ptlrpc_request *req = NULL;
- int rc;
- ENTRY;
+ struct ptlrpc_sec *sec;
+ struct ptlrpc_cli_ctx *ctx;
+ struct ptlrpc_request *req = NULL;
+ int rc;
+ ENTRY;
- cfs_might_sleep();
+ might_sleep();
- sec = sptlrpc_import_sec_ref(imp);
- ctx = get_my_ctx(sec);
- sptlrpc_sec_put(sec);
+ sec = sptlrpc_import_sec_ref(imp);
+ ctx = get_my_ctx(sec);
+ sptlrpc_sec_put(sec);
if (!ctx)
RETURN(-ENOMEM);
RETURN(-EACCES);
}
- OBD_ALLOC_PTR(req);
- if (!req)
- RETURN(-ENOMEM);
+ req = ptlrpc_request_cache_alloc(GFP_NOFS);
+ if (!req)
+ RETURN(-ENOMEM);
- spin_lock_init(&req->rq_lock);
- cfs_atomic_set(&req->rq_refcount, 10000);
- CFS_INIT_LIST_HEAD(&req->rq_ctx_chain);
- cfs_waitq_init(&req->rq_reply_waitq);
- cfs_waitq_init(&req->rq_set_waitq);
- req->rq_import = imp;
- req->rq_flvr = sec->ps_flvr;
- req->rq_cli_ctx = ctx;
+ ptlrpc_cli_req_init(req);
+ atomic_set(&req->rq_refcount, 10000);
+
+ req->rq_import = imp;
+ req->rq_flvr = sec->ps_flvr;
+ req->rq_cli_ctx = ctx;
rc = sptlrpc_req_refresh_ctx(req, 0);
- LASSERT(cfs_list_empty(&req->rq_ctx_chain));
+ LASSERT(list_empty(&req->rq_ctx_chain));
sptlrpc_cli_ctx_put(req->rq_cli_ctx, 1);
- OBD_FREE_PTR(req);
+ ptlrpc_request_cache_free(req);
- RETURN(rc);
+ RETURN(rc);
}
/**
case 0:
break;
default:
- CERROR("failed unpack reply: x"LPU64"\n", req->rq_xid);
+ CERROR("failed unpack reply: x%llu\n", req->rq_xid);
RETURN(-EPROTO);
}
* changed at any time, no matter we're holding rq_lock or not. For this reason
* we allocate a separate ptlrpc_request and reply buffer for early reply
* processing.
- *
+ *
* \retval 0 success, \a req_ret is filled with a duplicated ptlrpc_request.
* Later the caller must call sptlrpc_cli_finish_early_reply() on the returned
* \a *req_ret to release it.
* \retval -ev error number, and \a req_ret will not be set.
*/
int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
- struct ptlrpc_request **req_ret)
+ struct ptlrpc_request **req_ret)
{
- struct ptlrpc_request *early_req;
- char *early_buf;
- int early_bufsz, early_size;
- int rc;
- ENTRY;
+ struct ptlrpc_request *early_req;
+ char *early_buf;
+ int early_bufsz, early_size;
+ int rc;
+ ENTRY;
- OBD_ALLOC_PTR(early_req);
- if (early_req == NULL)
- RETURN(-ENOMEM);
+ early_req = ptlrpc_request_cache_alloc(GFP_NOFS);
+ if (early_req == NULL)
+ RETURN(-ENOMEM);
- early_size = req->rq_nob_received;
- early_bufsz = size_roundup_power2(early_size);
- OBD_ALLOC_LARGE(early_buf, early_bufsz);
- if (early_buf == NULL)
- GOTO(err_req, rc = -ENOMEM);
+ ptlrpc_cli_req_init(early_req);
- /* sanity checkings and copy data out, do it inside spinlock */
+ early_size = req->rq_nob_received;
+ early_bufsz = size_roundup_power2(early_size);
+ OBD_ALLOC_LARGE(early_buf, early_bufsz);
+ if (early_buf == NULL)
+ GOTO(err_req, rc = -ENOMEM);
+
+ /* sanity checkings and copy data out, do it inside spinlock */
spin_lock(&req->rq_lock);
if (req->rq_replied) {
memcpy(early_buf, req->rq_repbuf, early_size);
spin_unlock(&req->rq_lock);
- spin_lock_init(&early_req->rq_lock);
early_req->rq_cli_ctx = sptlrpc_cli_ctx_get(req->rq_cli_ctx);
early_req->rq_flvr = req->rq_flvr;
early_req->rq_repbuf = early_buf;
err_buf:
OBD_FREE_LARGE(early_buf, early_bufsz);
err_req:
- OBD_FREE_PTR(early_req);
- RETURN(rc);
+ ptlrpc_request_cache_free(early_req);
+ RETURN(rc);
}
/**
*/
void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req)
{
- LASSERT(early_req->rq_repbuf);
- LASSERT(early_req->rq_repdata);
- LASSERT(early_req->rq_repmsg);
+ LASSERT(early_req->rq_repbuf);
+ LASSERT(early_req->rq_repdata);
+ LASSERT(early_req->rq_repmsg);
- sptlrpc_cli_ctx_put(early_req->rq_cli_ctx, 1);
- OBD_FREE_LARGE(early_req->rq_repbuf, early_req->rq_repbuf_len);
- OBD_FREE_PTR(early_req);
+ sptlrpc_cli_ctx_put(early_req->rq_cli_ctx, 1);
+ OBD_FREE_LARGE(early_req->rq_repbuf, early_req->rq_repbuf_len);
+ ptlrpc_request_cache_free(early_req);
}
/**************************************************
/*
* "fixed" sec (e.g. null) use sec_id < 0
*/
-static cfs_atomic_t sptlrpc_sec_id = CFS_ATOMIC_INIT(1);
+static atomic_t sptlrpc_sec_id = ATOMIC_INIT(1);
int sptlrpc_get_next_secid(void)
{
- return cfs_atomic_inc_return(&sptlrpc_sec_id);
+ return atomic_inc_return(&sptlrpc_sec_id);
}
EXPORT_SYMBOL(sptlrpc_get_next_secid);
struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec)
{
- if (sec)
- cfs_atomic_inc(&sec->ps_refcount);
+ if (sec)
+ atomic_inc(&sec->ps_refcount);
- return sec;
+ return sec;
}
EXPORT_SYMBOL(sptlrpc_sec_get);
void sptlrpc_sec_put(struct ptlrpc_sec *sec)
{
- if (sec) {
- LASSERT_ATOMIC_POS(&sec->ps_refcount);
+ if (sec) {
+ LASSERT_ATOMIC_POS(&sec->ps_refcount);
- if (cfs_atomic_dec_and_test(&sec->ps_refcount)) {
- sptlrpc_gc_del_sec(sec);
- sec_cop_destroy_sec(sec);
- }
- }
+ if (atomic_dec_and_test(&sec->ps_refcount)) {
+ sptlrpc_gc_del_sec(sec);
+ sec_cop_destroy_sec(sec);
+ }
+ }
}
EXPORT_SYMBOL(sptlrpc_sec_put);
}
}
- sec = policy->sp_cops->create_sec(imp, svc_ctx, sf);
- if (sec) {
- cfs_atomic_inc(&sec->ps_refcount);
+ sec = policy->sp_cops->create_sec(imp, svc_ctx, sf);
+ if (sec) {
+ atomic_inc(&sec->ps_refcount);
- sec->ps_part = sp;
+ sec->ps_part = sp;
- if (sec->ps_gc_interval && policy->sp_cops->gc_ctx)
- sptlrpc_gc_add_sec(sec);
- } else {
- sptlrpc_policy_put(policy);
- }
+ if (sec->ps_gc_interval && policy->sp_cops->gc_ctx)
+ sptlrpc_gc_add_sec(sec);
+ } else {
+ sptlrpc_policy_put(policy);
+ }
- RETURN(sec);
+ RETURN(sec);
}
struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp)
*dst = *src;
}
-static void sptlrpc_import_sec_adapt_inplace(struct obd_import *imp,
- struct ptlrpc_sec *sec,
- struct sptlrpc_flavor *sf)
-{
- char str1[32], str2[32];
-
- if (sec->ps_flvr.sf_flags != sf->sf_flags)
- CDEBUG(D_SEC, "changing sec flags: %s -> %s\n",
- sptlrpc_secflags2str(sec->ps_flvr.sf_flags,
- str1, sizeof(str1)),
- sptlrpc_secflags2str(sf->sf_flags,
- str2, sizeof(str2)));
-
- spin_lock(&sec->ps_lock);
- flavor_copy(&sec->ps_flvr, sf);
- spin_unlock(&sec->ps_lock);
-}
-
/**
* To get an appropriate ptlrpc_sec for the \a imp, according to the current
* configuration. Upon called, imp->imp_sec may or may not be NULL.
struct ptlrpc_svc_ctx *svc_ctx,
struct sptlrpc_flavor *flvr)
{
- struct ptlrpc_connection *conn;
- struct sptlrpc_flavor sf;
- struct ptlrpc_sec *sec, *newsec;
- enum lustre_sec_part sp;
- char str[24];
- int rc = 0;
- ENTRY;
+ struct ptlrpc_connection *conn;
+ struct sptlrpc_flavor sf;
+ struct ptlrpc_sec *sec, *newsec;
+ enum lustre_sec_part sp;
+ char str[24];
+ int rc = 0;
+ ENTRY;
- cfs_might_sleep();
+ might_sleep();
- if (imp == NULL)
- RETURN(0);
+ if (imp == NULL)
+ RETURN(0);
- conn = imp->imp_connection;
+ conn = imp->imp_connection;
if (svc_ctx == NULL) {
struct client_obd *cliobd = &imp->imp_obd->u.cli;
obd_uuid2str(&conn->c_remote_uuid),
sptlrpc_flavor2name(&sec->ps_flvr, str, sizeof(str)),
sptlrpc_flavor2name(&sf, str2, sizeof(str2)));
-
- if (SPTLRPC_FLVR_POLICY(sf.sf_rpc) ==
- SPTLRPC_FLVR_POLICY(sec->ps_flvr.sf_rpc) &&
- SPTLRPC_FLVR_MECH(sf.sf_rpc) ==
- SPTLRPC_FLVR_MECH(sec->ps_flvr.sf_rpc)) {
- sptlrpc_import_sec_adapt_inplace(imp, sec, &sf);
- GOTO(out, rc);
- }
} else if (SPTLRPC_FLVR_BASE(sf.sf_rpc) !=
SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_NULL)) {
CDEBUG(D_SEC, "import %s->%s netid %x: select flavor %s\n",
void sptlrpc_import_flush_my_ctx(struct obd_import *imp)
{
- import_flush_ctx_common(imp, cfs_curproc_uid(), 1, 1);
+ import_flush_ctx_common(imp, from_kuid(&init_user_ns, current_uid()),
+ 1, 1);
}
EXPORT_SYMBOL(sptlrpc_import_flush_my_ctx);
* so caller should refresh its local pointers if needed.
*/
int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
- int segment, int newsize)
+ const struct req_msg_field *field,
+ int newsize)
{
- struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
- struct ptlrpc_sec_cops *cops;
- struct lustre_msg *msg = req->rq_reqmsg;
+ struct req_capsule *pill = &req->rq_pill;
+ struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
+ struct ptlrpc_sec_cops *cops;
+ struct lustre_msg *msg = req->rq_reqmsg;
+ int segment = __req_capsule_offset(pill, field, RCL_CLIENT);
LASSERT(ctx);
LASSERT(msg);
req->rq_repmsg = NULL;
EXIT;
}
+EXPORT_SYMBOL(sptlrpc_cli_free_repbuf);
int sptlrpc_cli_install_rvs_ctx(struct obd_import *imp,
struct ptlrpc_cli_ctx *ctx)
exp->exp_flvr_old[1] = exp->exp_flvr_old[0];
exp->exp_flvr_expire[1] = exp->exp_flvr_expire[0];
exp->exp_flvr_old[0] = exp->exp_flvr;
- exp->exp_flvr_expire[0] = cfs_time_current_sec() +
+ exp->exp_flvr_expire[0] = ktime_get_real_seconds() +
EXP_FLVR_UPDATE_EXPIRE;
exp->exp_flvr = flavor;
}
if (exp->exp_flvr_expire[0]) {
- if (exp->exp_flvr_expire[0] >= cfs_time_current_sec()) {
+ if (exp->exp_flvr_expire[0] >= ktime_get_real_seconds()) {
if (flavor_allowed(&exp->exp_flvr_old[0], req)) {
- CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the "
- "middle one ("CFS_DURATION_T")\n", exp,
+ CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the middle one (%lld)\n", exp,
exp->exp_flvr.sf_rpc,
exp->exp_flvr_old[0].sf_rpc,
exp->exp_flvr_old[1].sf_rpc,
- exp->exp_flvr_expire[0] -
- cfs_time_current_sec());
+ (s64)(exp->exp_flvr_expire[0] -
+ ktime_get_real_seconds()));
spin_unlock(&exp->exp_lock);
return 0;
}
/* now it doesn't match the current flavor, the only chance we can
* accept it is match the old flavors which is not expired. */
if (exp->exp_flvr_changed == 0 && exp->exp_flvr_expire[1]) {
- if (exp->exp_flvr_expire[1] >= cfs_time_current_sec()) {
+ if (exp->exp_flvr_expire[1] >= ktime_get_real_seconds()) {
if (flavor_allowed(&exp->exp_flvr_old[1], req)) {
- CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the "
- "oldest one ("CFS_DURATION_T")\n", exp,
+ CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the oldest one (%lld)\n",
+ exp,
exp->exp_flvr.sf_rpc,
exp->exp_flvr_old[0].sf_rpc,
exp->exp_flvr_old[1].sf_rpc,
- exp->exp_flvr_expire[1] -
- cfs_time_current_sec());
+ (s64)(exp->exp_flvr_expire[1] -
+ ktime_get_real_seconds()));
spin_unlock(&exp->exp_lock);
return 0;
}
spin_unlock(&exp->exp_lock);
- CWARN("exp %p(%s): req %p (%u|%u|%u|%u|%u|%u) with "
- "unauthorized flavor %x, expect %x|%x(%+ld)|%x(%+ld)\n",
+ CWARN("exp %p(%s): req %p (%u|%u|%u|%u|%u|%u) with unauthorized flavor %x, expect %x|%x(%+lld)|%x(%+lld)\n",
exp, exp->exp_obd->obd_name,
req, req->rq_auth_gss, req->rq_ctx_init, req->rq_ctx_fini,
req->rq_auth_usr_root, req->rq_auth_usr_mdt, req->rq_auth_usr_ost,
exp->exp_flvr.sf_rpc,
exp->exp_flvr_old[0].sf_rpc,
exp->exp_flvr_expire[0] ?
- (unsigned long) (exp->exp_flvr_expire[0] -
- cfs_time_current_sec()) : 0,
+ (s64)(exp->exp_flvr_expire[0] - ktime_get_real_seconds()) : 0,
exp->exp_flvr_old[1].sf_rpc,
exp->exp_flvr_expire[1] ?
- (unsigned long) (exp->exp_flvr_expire[1] -
- cfs_time_current_sec()) : 0);
+ (s64)(exp->exp_flvr_expire[1] - ktime_get_real_seconds()) : 0);
return -EACCES;
}
EXPORT_SYMBOL(sptlrpc_target_export_check);
spin_lock(&obd->obd_dev_lock);
- cfs_list_for_each_entry(exp, &obd->obd_exports, exp_obd_chain) {
+ list_for_each_entry(exp, &obd->obd_exports, exp_obd_chain) {
if (exp->exp_connection == NULL)
continue;
/**
* Used by ptlrpc server, to perform transformation upon request message of
- * incoming \a req. This must be the first thing to do with a incoming
+ * incoming \a req. This must be the first thing to do with an incoming
* request in ptlrpc layer.
*
* \retval SECSVC_OK success, and req->rq_reqmsg point to request message in
case 0:
break;
default:
- CERROR("error unpacking request from %s x"LPU64"\n",
+ CERROR("error unpacking request from %s x%llu\n",
libcfs_id2str(req->rq_peer), req->rq_xid);
RETURN(SECSVC_DROP);
}
req->rq_flvr.sf_rpc = WIRE_FLVR(msg->lm_secflvr);
req->rq_sp_from = LUSTRE_SP_ANY;
- req->rq_auth_uid = INVALID_UID;
- req->rq_auth_mapped_uid = INVALID_UID;
+ req->rq_auth_uid = -1; /* set to INVALID_UID */
+ req->rq_auth_mapped_uid = -1;
policy = sptlrpc_wireflavor2policy(req->rq_flvr.sf_rpc);
if (!policy) {
rc = policy->sp_sops->alloc_rs(req, msglen);
if (unlikely(rc == -ENOMEM)) {
+ struct ptlrpc_service_part *svcpt = req->rq_rqbd->rqbd_svcpt;
+ if (svcpt->scp_service->srv_max_reply_size <
+ msglen + sizeof(struct ptlrpc_reply_state)) {
+ /* Just return failure if the size is too big */
+ CERROR("size of message is too big (%zd), %d allowed\n",
+ msglen + sizeof(struct ptlrpc_reply_state),
+ svcpt->scp_service->srv_max_reply_size);
+ RETURN(-ENOMEM);
+ }
+
/* failed alloc, try emergency pool */
- rs = lustre_get_emerg_rs(req->rq_rqbd->rqbd_svcpt);
+ rs = lustre_get_emerg_rs(svcpt);
if (rs == NULL)
RETURN(-ENOMEM);
void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req)
{
- struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
+ struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
- if (ctx != NULL)
- cfs_atomic_inc(&ctx->sc_refcount);
+ if (ctx != NULL)
+ atomic_inc(&ctx->sc_refcount);
}
void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req)
{
- struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
+ struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
- if (ctx == NULL)
- return;
+ if (ctx == NULL)
+ return;
- LASSERT_ATOMIC_POS(&ctx->sc_refcount);
- if (cfs_atomic_dec_and_test(&ctx->sc_refcount)) {
- if (ctx->sc_policy->sp_sops->free_ctx)
- ctx->sc_policy->sp_sops->free_ctx(ctx);
- }
- req->rq_svc_ctx = NULL;
+ LASSERT_ATOMIC_POS(&ctx->sc_refcount);
+ if (atomic_dec_and_test(&ctx->sc_refcount)) {
+ if (ctx->sc_policy->sp_sops->free_ctx)
+ ctx->sc_policy->sp_sops->free_ctx(ctx);
+ }
+ req->rq_svc_ctx = NULL;
}
void sptlrpc_svc_ctx_invalidate(struct ptlrpc_request *req)
* in case of privacy mode, nob_transferred needs to be adjusted.
*/
if (desc->bd_nob != desc->bd_nob_transferred) {
- CERROR("nob %d doesn't match transferred nob %d",
- desc->bd_nob, desc->bd_nob_transferred);
- return -EPROTO;
- }
+ CERROR("nob %d doesn't match transferred nob %d\n",
+ desc->bd_nob, desc->bd_nob_transferred);
+ return -EPROTO;
+ }
- return 0;
+ return 0;
}
EXPORT_SYMBOL(sptlrpc_cli_unwrap_bulk_write);
{
int ngroups;
-#ifdef __KERNEL__
ngroups = current_ngroups;
if (ngroups > LUSTRE_MAX_GROUPS)
ngroups = LUSTRE_MAX_GROUPS;
-#else
- ngroups = 0;
-#endif
return sptlrpc_user_desc_size(ngroups);
}
EXPORT_SYMBOL(sptlrpc_current_user_desc_size);
int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset)
{
- struct ptlrpc_user_desc *pud;
-
- pud = lustre_msg_buf(msg, offset, 0);
-
- pud->pud_uid = cfs_curproc_uid();
- pud->pud_gid = cfs_curproc_gid();
- pud->pud_fsuid = cfs_curproc_fsuid();
- pud->pud_fsgid = cfs_curproc_fsgid();
- pud->pud_cap = cfs_curproc_cap_pack();
- pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;
-
-#ifdef __KERNEL__
- task_lock(current);
- if (pud->pud_ngroups > current_ngroups)
- pud->pud_ngroups = current_ngroups;
- memcpy(pud->pud_groups, current_cred()->group_info->blocks[0],
- pud->pud_ngroups * sizeof(__u32));
- task_unlock(current);
-#endif
-
- return 0;
+ struct ptlrpc_user_desc *pud;
+
+ pud = lustre_msg_buf(msg, offset, 0);
+
+ pud->pud_uid = from_kuid(&init_user_ns, current_uid());
+ pud->pud_gid = from_kgid(&init_user_ns, current_gid());
+ pud->pud_fsuid = from_kuid(&init_user_ns, current_fsuid());
+ pud->pud_fsgid = from_kgid(&init_user_ns, current_fsgid());
+ pud->pud_cap = cfs_curproc_cap_pack();
+ pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;
+
+ task_lock(current);
+ if (pud->pud_ngroups > current_ngroups)
+ pud->pud_ngroups = current_ngroups;
+#ifdef HAVE_GROUP_INFO_GID
+ memcpy(pud->pud_groups, current_cred()->group_info->gid,
+ pud->pud_ngroups * sizeof(__u32));
+#else /* !HAVE_GROUP_INFO_GID */
+ memcpy(pud->pud_groups, current_cred()->group_info->blocks[0],
+ pud->pud_ngroups * sizeof(__u32));
+#endif /* HAVE_GROUP_INFO_GID */
+ task_unlock(current);
+
+ return 0;
}
EXPORT_SYMBOL(sptlrpc_pack_user_desc);