X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=blobdiff_plain;f=lustre%2Fmdt%2Fmdt_identity.c;h=e8ec709c39092fbee075f4edaaeca52a04adbfc1;hp=12ed4a853dd371dbc538e9f8e4c033d1f51bffb6;hb=d1b47781a3acd449473884f42e71ece2a7789670;hpb=3192e52a89946f12fd36d28a686c169d01d36e64 diff --git a/lustre/mdt/mdt_identity.c b/lustre/mdt/mdt_identity.c index 12ed4a8..e8ec709 100644 --- a/lustre/mdt/mdt_identity.c +++ b/lustre/mdt/mdt_identity.c @@ -1,34 +1,42 @@ -/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*- - * vim:expandtab:shiftwidth=8:tabstop=8: +/* + * GPL HEADER START + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 only, + * as published by the Free Software Foundation. * - * Copyright (C) 2004-2006 Cluster File Systems, Inc. - * Author: Lai Siyao - * Author: Fan Yong + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License version 2 for more details (a copy is included + * in the LICENSE file that accompanied this code). * - * This file is part of Lustre, http://www.lustre.org. + * You should have received a copy of the GNU General Public License + * version 2 along with this program; If not, see + * http://www.gnu.org/licenses/gpl-2.0.html + * + * GPL HEADER END + */ +/* + * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. + * Use is subject to license terms. * - * Lustre is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. + * Copyright (c) 2011, 2016, Intel Corporation. + */ +/* + * This file is part of Lustre, http://www.lustre.org/ + * Lustre is a trademark of Sun Microsystems, Inc. * - * Lustre is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * lustre/mdt/mdt_identity.c * - * You should have received a copy of the GNU General Public License - * along with Lustre; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * Author: Lai Siyao + * Author: Fan Yong */ -#ifndef EXPORT_SYMTAB -#define EXPORT_SYMTAB -#endif #define DEBUG_SUBSYSTEM S_MDS -#ifndef AUTOCONF_INCLUDED -#include -#endif #include #include #include @@ -38,15 +46,13 @@ #include #include #include -#include #include #include #include #include #include -#include -#include +#include #include #include #include @@ -54,7 +60,6 @@ #include #include #include -#include #include "mdt_internal.h" @@ -65,21 +70,21 @@ static void mdt_identity_entry_init(struct upcall_cache_entry *entry, } static void mdt_identity_entry_free(struct upcall_cache *cache, - struct upcall_cache_entry *entry) + struct upcall_cache_entry *entry) { - struct md_identity *identity = &entry->u.identity; - - if (identity->mi_ginfo) { - groups_free(identity->mi_ginfo); - identity->mi_ginfo = NULL; - } - - if (identity->mi_nperms) { - LASSERT(identity->mi_perms); - OBD_FREE(identity->mi_perms, - identity->mi_nperms * sizeof(struct md_perm)); - identity->mi_nperms = 0; - } + struct md_identity *identity = &entry->u.identity; + + if (identity->mi_ginfo) { + put_group_info(identity->mi_ginfo); + identity->mi_ginfo = NULL; + } + + if (identity->mi_nperms) { + LASSERT(identity->mi_perms); + OBD_FREE(identity->mi_perms, + identity->mi_nperms * sizeof(struct md_perm)); + identity->mi_nperms = 0; + } } static int mdt_identity_do_upcall(struct upcall_cache *cache, @@ -97,79 +102,97 @@ static int mdt_identity_do_upcall(struct upcall_cache *cache, [1] = "PATH=/sbin:/usr/sbin", [2] = NULL }; + ktime_t start, end; int rc; ENTRY; - snprintf(keystr, sizeof(keystr), LPU64, entry->ue_key); - - LASSERTF(strcmp(cache->uc_upcall, "NONE"), "no upcall set!"); - CDEBUG(D_INFO, "The upcall is: %s \n", cache->uc_upcall); - - rc = USERMODEHELPER(argv[0], argv, envp); - if (rc < 0) { - CERROR("%s: error invoking upcall %s %s %s: rc %d; " - "check /proc/fs/lustre/mdt/%s/identity_upcall\n", - cache->uc_name, argv[0], argv[1], argv[2], rc, - cache->uc_name); - } else { - CDEBUG(D_HA, "%s: invoked upcall %s %s %s\n", cache->uc_name, - argv[0], argv[1], argv[2]); - rc = 0; + /* There is race condition: + * "uc_upcall" was changed just after "is_identity_get_disabled" check. + */ + down_read(&cache->uc_upcall_rwsem); + CDEBUG(D_INFO, "The upcall is: '%s'\n", cache->uc_upcall); + + if (unlikely(!strcmp(cache->uc_upcall, "NONE"))) { + CERROR("no upcall set\n"); + GOTO(out, rc = -EREMCHG); } - RETURN(rc); + + argv[0] = cache->uc_upcall; + snprintf(keystr, sizeof(keystr), "%llu", entry->ue_key); + + start = ktime_get(); + rc = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); + end = ktime_get(); + if (rc < 0) { + CERROR("%s: error invoking upcall %s %s %s: rc %d; check /proc/fs/lustre/mdt/%s/identity_upcall, time %ldus\n", + cache->uc_name, argv[0], argv[1], argv[2], rc, + cache->uc_name, (long)ktime_us_delta(end, start)); + } else { + CDEBUG(D_HA, "%s: invoked upcall %s %s %s, time %ldus\n", + cache->uc_name, argv[0], argv[1], argv[2], + (long)ktime_us_delta(end, start)); + rc = 0; + } + EXIT; +out: + up_read(&cache->uc_upcall_rwsem); + return rc; } static int mdt_identity_parse_downcall(struct upcall_cache *cache, - struct upcall_cache_entry *entry, - void *args) + struct upcall_cache_entry *entry, + void *args) { - struct md_identity *identity = &entry->u.identity; - struct identity_downcall_data *data = args; - struct group_info *ginfo; - struct md_perm *perms = NULL; - int size, i; - ENTRY; - - LASSERT(data); - if (data->idd_ngroups > NGROUPS_MAX) - RETURN(-E2BIG); - - ginfo = groups_alloc(data->idd_ngroups); - if (!ginfo) { - CERROR("failed to alloc %d groups\n", data->idd_ngroups); - RETURN(-ENOMEM); - } - - lustre_groups_from_list(ginfo, data->idd_groups); - lustre_groups_sort(ginfo); - - if (data->idd_nperms) { - size = data->idd_nperms * sizeof(*perms); - OBD_ALLOC(perms, size); - if (!perms) { - CERROR("failed to alloc %d permissions\n", - data->idd_nperms); - groups_free(ginfo); - RETURN(-ENOMEM); - } - - for (i = 0; i < data->idd_nperms; i++) { - perms[i].mp_nid = data->idd_perms[i].pdd_nid; - perms[i].mp_perm = data->idd_perms[i].pdd_perm; - } - } - - identity->mi_uid = data->idd_uid; - identity->mi_gid = data->idd_gid; - identity->mi_ginfo = ginfo; - identity->mi_nperms = data->idd_nperms; - identity->mi_perms = perms; - - CDEBUG(D_OTHER, "parse mdt identity@%p: %d:%d, ngroups %u, nperms %u\n", - identity, identity->mi_uid, identity->mi_gid, - identity->mi_ginfo->ngroups, identity->mi_nperms); - - RETURN(0); + struct md_identity *identity = &entry->u.identity; + struct identity_downcall_data *data = args; + struct group_info *ginfo = NULL; + struct md_perm *perms = NULL; + int size, i; + ENTRY; + + LASSERT(data); + if (data->idd_ngroups > NGROUPS_MAX) + RETURN(-E2BIG); + + if (data->idd_ngroups > 0) { + ginfo = groups_alloc(data->idd_ngroups); + if (!ginfo) { + CERROR("failed to alloc %d groups\n", data->idd_ngroups); + RETURN(-ENOMEM); + } + + lustre_groups_from_list(ginfo, data->idd_groups); + lustre_groups_sort(ginfo); + } + + if (data->idd_nperms) { + size = data->idd_nperms * sizeof(*perms); + OBD_ALLOC(perms, size); + if (!perms) { + CERROR("failed to alloc %d permissions\n", + data->idd_nperms); + if (ginfo != NULL) + put_group_info(ginfo); + RETURN(-ENOMEM); + } + + for (i = 0; i < data->idd_nperms; i++) { + perms[i].mp_nid = data->idd_perms[i].pdd_nid; + perms[i].mp_perm = data->idd_perms[i].pdd_perm; + } + } + + identity->mi_uid = data->idd_uid; + identity->mi_gid = data->idd_gid; + identity->mi_ginfo = ginfo; + identity->mi_nperms = data->idd_nperms; + identity->mi_perms = perms; + + CDEBUG(D_OTHER, "parse mdt identity@%p: %d:%d, ngroups %u, nperms %u\n", + identity, identity->mi_uid, identity->mi_gid, + data->idd_ngroups, data->idd_nperms); + + RETURN(0); } struct md_identity *mdt_identity_get(struct upcall_cache *cache, __u32 uid) @@ -177,15 +200,15 @@ struct md_identity *mdt_identity_get(struct upcall_cache *cache, __u32 uid) struct upcall_cache_entry *entry; if (!cache) - return NULL; + return ERR_PTR(-ENOENT); entry = upcall_cache_get_entry(cache, (__u64)uid, NULL); - if (IS_ERR(entry)) { - CERROR("upcall_cache_get_entry failed: %ld\n", PTR_ERR(entry)); - return NULL; - } - - return &entry->u.identity; + if (IS_ERR(entry)) + return ERR_PTR(PTR_ERR(entry)); + else if (unlikely(!entry)) + return ERR_PTR(-ENOENT); + else + return &entry->u.identity; } void mdt_identity_put(struct upcall_cache *cache, struct md_identity *identity) @@ -216,16 +239,14 @@ void mdt_flush_identity(struct upcall_cache *cache, int uid) * If there is LNET_NID_ANY in perm[i].mp_nid, * it must be perm[0].mp_nid, and act as default perm. */ -__u32 mdt_identity_get_perm(struct md_identity *identity, - __u32 is_rmtclient, lnet_nid_t nid) +__u32 mdt_identity_get_perm(struct md_identity *identity, lnet_nid_t nid) { - struct md_perm *perm; - int i; - if (!identity) { - LASSERT(is_rmtclient == 0); - return CFS_SETGRP_PERM; - } + struct md_perm *perm; + int i; + + if (!identity) + return CFS_SETGRP_PERM; perm = identity->mi_perms; /* check exactly matched nid first */ @@ -241,41 +262,5 @@ __u32 mdt_identity_get_perm(struct md_identity *identity, return perm[0].mp_perm; /* return default last */ - return is_rmtclient ? 0 : CFS_SETGRP_PERM; -} - -int mdt_pack_remote_perm(struct mdt_thread_info *info, struct mdt_object *o, - void *buf) -{ - struct ptlrpc_request *req = mdt_info_req(info); - struct md_ucred *uc = mdt_ucred(info); - struct md_object *next = mdt_object_child(o); - struct mdt_export_data *med = mdt_req2med(req); - struct mdt_remote_perm *perm = buf; - - ENTRY; - - /* remote client request always pack ptlrpc_user_desc! */ - LASSERT(perm); - - if (!med->med_rmtclient) - RETURN(-EBADE); - - if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW)) - RETURN(-EINVAL); - - perm->rp_uid = uc->mu_o_uid; - perm->rp_gid = uc->mu_o_gid; - perm->rp_fsuid = uc->mu_o_fsuid; - perm->rp_fsgid = uc->mu_o_fsgid; - - perm->rp_access_perm = 0; - if (mo_permission(info->mti_env, NULL, next, NULL, MAY_READ) == 0) - perm->rp_access_perm |= MAY_READ; - if (mo_permission(info->mti_env, NULL, next, NULL, MAY_WRITE) == 0) - perm->rp_access_perm |= MAY_WRITE; - if (mo_permission(info->mti_env, NULL, next, NULL, MAY_EXEC) == 0) - perm->rp_access_perm |= MAY_EXEC; - - RETURN(0); + return CFS_SETGRP_PERM; }