X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=blobdiff_plain;f=lustre%2Fobdclass%2Fcapa.c;h=29c40c17bbffcd016f96d5c686440806995c3ac5;hp=b47b58beb801580940516690a8ac5325a253cb52;hb=a32a2faaa95e4e3379511dd2e8d5493496437867;hpb=d2d56f38da01001c92a09afc6b52b5acbd9bc13c diff --git a/lustre/obdclass/capa.c b/lustre/obdclass/capa.c index b47b58b..29c40c1 100644 --- a/lustre/obdclass/capa.c +++ b/lustre/obdclass/capa.c @@ -1,30 +1,44 @@ -/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*- - * vim:expandtab:shiftwidth=8:tabstop=8: +/* + * GPL HEADER START * - * lustre/obdclass/capa.c - * Lustre Capability Hash Management + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Copyright (c) 2005 Cluster File Systems, Inc. - * Author: Lai Siyao + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 only, + * as published by the Free Software Foundation. * - * This file is part of Lustre, http://www.lustre.org. + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License version 2 for more details (a copy is included + * in the LICENSE file that accompanied this code). * - * Lustre is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. + * You should have received a copy of the GNU General Public License + * version 2 along with this program; If not, see + * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf * - * Lustre is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. * - * You should have received a copy of the GNU General Public License - * along with Lustre; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * GPL HEADER END + */ +/* + * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Use is subject to license terms. + * + * Copyright (c) 2012, Intel Corporation. + */ +/* + * This file is part of Lustre, http://www.lustre.org/ + * Lustre is a trademark of Sun Microsystems, Inc. + * + * lustre/obdclass/capa.c + * + * Lustre Capability Hash Management + * + * Author: Lai Siyao */ -#ifndef EXPORT_SYMTAB -# define EXPORT_SYMTAB -#endif #define DEBUG_SUBSYSTEM S_SEC @@ -49,42 +63,43 @@ #define NR_CAPAHASH 32 #define CAPA_HASH_SIZE 3000 /* for MDS & OSS */ -cfs_mem_cache_t *capa_cachep = NULL; +struct kmem_cache *capa_cachep; #ifdef __KERNEL__ /* lock for capa hash/capa_list/fo_capa_keys */ -spinlock_t capa_lock = SPIN_LOCK_UNLOCKED; +DEFINE_SPINLOCK(capa_lock); -struct list_head capa_list[CAPA_SITE_MAX]; -#endif -/* capa count */ -int capa_count[CAPA_SITE_MAX] = { 0, }; +cfs_list_t capa_list[CAPA_SITE_MAX]; static struct capa_hmac_alg capa_hmac_algs[] = { DEF_CAPA_HMAC_ALG("sha1", SHA1, 20, 20), }; +#endif +/* capa count */ +int capa_count[CAPA_SITE_MAX] = { 0, }; EXPORT_SYMBOL(capa_cachep); EXPORT_SYMBOL(capa_list); EXPORT_SYMBOL(capa_lock); EXPORT_SYMBOL(capa_count); -struct hlist_head *init_capa_hash(void) +cfs_hlist_head_t *init_capa_hash(void) { - struct hlist_head *hash; - int nr_hash, i; + cfs_hlist_head_t *hash; + int nr_hash, i; - OBD_ALLOC(hash, PAGE_SIZE); - if (!hash) - return NULL; + OBD_ALLOC(hash, PAGE_CACHE_SIZE); + if (!hash) + return NULL; - nr_hash = PAGE_SIZE / sizeof(struct hlist_head); - LASSERT(nr_hash > NR_CAPAHASH); + nr_hash = PAGE_CACHE_SIZE / sizeof(cfs_hlist_head_t); + LASSERT(nr_hash > NR_CAPAHASH); - for (i = 0; i < NR_CAPAHASH; i++) - INIT_HLIST_HEAD(hash + i); - return hash; + for (i = 0; i < NR_CAPAHASH; i++) + CFS_INIT_HLIST_HEAD(hash + i); + return hash; } +EXPORT_SYMBOL(init_capa_hash); #ifdef __KERNEL__ static inline int capa_on_server(struct obd_capa *ocapa) @@ -95,29 +110,32 @@ static inline int capa_on_server(struct obd_capa *ocapa) static inline void capa_delete(struct obd_capa *ocapa) { LASSERT(capa_on_server(ocapa)); - hlist_del(&ocapa->u.tgt.c_hash); - list_del(&ocapa->c_list); + cfs_hlist_del_init(&ocapa->u.tgt.c_hash); + cfs_list_del_init(&ocapa->c_list); capa_count[ocapa->c_site]--; - free_capa(ocapa); + /* release the ref when alloc */ + capa_put(ocapa); } -void cleanup_capa_hash(struct hlist_head *hash) +void cleanup_capa_hash(cfs_hlist_head_t *hash) { - int i; - struct hlist_node *pos, *next; - struct obd_capa *oc; - - spin_lock(&capa_lock); - for (i = 0; i < NR_CAPAHASH; i++) { - hlist_for_each_entry_safe(oc, pos, next, hash + i, u.tgt.c_hash) - capa_delete(oc); - } - spin_unlock(&capa_lock); - - OBD_FREE(hash, PAGE_SIZE); + int i; + cfs_hlist_node_t *pos, *next; + struct obd_capa *oc; + + spin_lock(&capa_lock); + for (i = 0; i < NR_CAPAHASH; i++) { + cfs_hlist_for_each_entry_safe(oc, pos, next, hash + i, + u.tgt.c_hash) + capa_delete(oc); + } + spin_unlock(&capa_lock); + + OBD_FREE(hash, PAGE_CACHE_SIZE); } +EXPORT_SYMBOL(cleanup_capa_hash); -static inline int const capa_hashfn(struct lu_fid *fid) +static inline int capa_hashfn(struct lu_fid *fid) { return (fid_oid(fid) ^ fid_ver(fid)) * (unsigned long)(fid_seq(fid) + 1) % NR_CAPAHASH; @@ -133,13 +151,13 @@ static inline int capa_is_to_expire(struct obd_capa *oc) } static struct obd_capa *find_capa(struct lustre_capa *capa, - struct hlist_head *head, int alive) + cfs_hlist_head_t *head, int alive) { - struct hlist_node *pos; + cfs_hlist_node_t *pos; struct obd_capa *ocapa; int len = alive ? offsetof(struct lustre_capa, lc_keyid):sizeof(*capa); - hlist_for_each_entry(ocapa, pos, head, u.tgt.c_hash) { + cfs_hlist_for_each_entry(ocapa, pos, head, u.tgt.c_hash) { if (memcmp(&ocapa->c_capa, capa, len)) continue; /* don't return one that will expire soon in this case */ @@ -156,17 +174,17 @@ static struct obd_capa *find_capa(struct lustre_capa *capa, } #define LRU_CAPA_DELETE_COUNT 12 -static inline void capa_delete_lru(struct list_head *head) +static inline void capa_delete_lru(cfs_list_t *head) { struct obd_capa *ocapa; - struct list_head *node = head->next; + cfs_list_t *node = head->next; int count = 0; /* free LRU_CAPA_DELETE_COUNT unused capa from head */ while (count++ < LRU_CAPA_DELETE_COUNT) { - ocapa = list_entry(node, struct obd_capa, c_list); + ocapa = cfs_list_entry(node, struct obd_capa, c_list); node = node->next; - if (atomic_read(&ocapa->c_refc)) + if (atomic_read(&ocapa->c_refc)) continue; DEBUG_CAPA(D_SEC, &ocapa->c_capa, "free lru"); @@ -175,70 +193,62 @@ static inline void capa_delete_lru(struct list_head *head) } /* add or update */ -struct obd_capa *capa_add(struct hlist_head *hash, struct lustre_capa *capa) +struct obd_capa *capa_add(cfs_hlist_head_t *hash, struct lustre_capa *capa) { - struct hlist_head *head = hash + capa_hashfn(&capa->lc_fid); + cfs_hlist_head_t *head = hash + capa_hashfn(&capa->lc_fid); struct obd_capa *ocapa, *old = NULL; - struct list_head *list = &capa_list[CAPA_SITE_SERVER]; + cfs_list_t *list = &capa_list[CAPA_SITE_SERVER]; ocapa = alloc_capa(CAPA_SITE_SERVER); - if (!ocapa) + if (IS_ERR(ocapa)) return NULL; - spin_lock(&capa_lock); + spin_lock(&capa_lock); old = find_capa(capa, head, 0); if (!old) { ocapa->c_capa = *capa; set_capa_expiry(ocapa); - hlist_add_head(&ocapa->u.tgt.c_hash, head); - list_add_tail(&ocapa->c_list, list); - capa_count[CAPA_SITE_SERVER]++; + cfs_hlist_add_head(&ocapa->u.tgt.c_hash, head); + cfs_list_add_tail(&ocapa->c_list, list); capa_get(ocapa); - + capa_count[CAPA_SITE_SERVER]++; if (capa_count[CAPA_SITE_SERVER] > CAPA_HASH_SIZE) capa_delete_lru(list); - - DEBUG_CAPA(D_SEC, &ocapa->c_capa, "new"); - - spin_unlock(&capa_lock); - return ocapa; - } - - capa_get(old); - spin_unlock(&capa_lock); - - DEBUG_CAPA(D_SEC, &old->c_capa, "update"); - - free_capa(ocapa); - return old; + spin_unlock(&capa_lock); + return ocapa; + } else { + capa_get(old); + spin_unlock(&capa_lock); + capa_put(ocapa); + return old; + } } +EXPORT_SYMBOL(capa_add); -struct obd_capa *capa_lookup(struct hlist_head *hash, struct lustre_capa *capa, - int alive) +struct obd_capa *capa_lookup(cfs_hlist_head_t *hash, struct lustre_capa *capa, + int alive) { - struct obd_capa *ocapa; - - spin_lock(&capa_lock); - ocapa = find_capa(capa, hash + capa_hashfn(&capa->lc_fid), alive); - if (ocapa) { - list_move_tail(&ocapa->c_list, &capa_list[CAPA_SITE_SERVER]); - capa_get(ocapa); - } - spin_unlock(&capa_lock); - - return ocapa; + struct obd_capa *ocapa; + + spin_lock(&capa_lock); + ocapa = find_capa(capa, hash + capa_hashfn(&capa->lc_fid), alive); + if (ocapa) { + cfs_list_move_tail(&ocapa->c_list, + &capa_list[CAPA_SITE_SERVER]); + capa_get(ocapa); + } + spin_unlock(&capa_lock); + + return ocapa; } +EXPORT_SYMBOL(capa_lookup); int capa_hmac(__u8 *hmac, struct lustre_capa *capa, __u8 *key) { - struct crypto_tfm *tfm; - struct capa_hmac_alg *alg; + struct crypto_hash *tfm; + struct capa_hmac_alg *alg; int keylen; - struct scatterlist sl = { - .page = virt_to_page(capa), - .offset = (unsigned long)(capa) % PAGE_SIZE, - .length = offsetof(struct lustre_capa, lc_hmac), - }; + struct scatterlist sl; if (capa_alg(capa) != CAPA_HMAC_ALG_SHA1) { CERROR("unknown capability hmac algorithm!\n"); @@ -247,44 +257,195 @@ int capa_hmac(__u8 *hmac, struct lustre_capa *capa, __u8 *key) alg = &capa_hmac_algs[capa_alg(capa)]; - tfm = crypto_alloc_tfm(alg->ha_name, 0); - if (!tfm) { + tfm = crypto_alloc_hash(alg->ha_name, 0, 0); + if (IS_ERR(tfm)) { CERROR("crypto_alloc_tfm failed, check whether your kernel" "has crypto support!\n"); - return -ENOMEM; + return PTR_ERR(tfm); } keylen = alg->ha_keylen; - crypto_hmac(tfm, key, &keylen, &sl, 1, hmac); - crypto_free_tfm(tfm); + sg_set_page(&sl, virt_to_page(capa), + offsetof(struct lustre_capa, lc_hmac), + (unsigned long)(capa) % PAGE_CACHE_SIZE); + + ll_crypto_hmac(tfm, key, &keylen, &sl, sl.length, hmac); + crypto_free_hash(tfm); return 0; } +EXPORT_SYMBOL(capa_hmac); + +int capa_encrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen) +{ + struct crypto_blkcipher *tfm; + struct scatterlist sd; + struct scatterlist ss; + struct blkcipher_desc desc; + unsigned int min; + int rc; + char alg[CRYPTO_MAX_ALG_NAME+1] = "aes"; + ENTRY; + + /* passing "aes" in a variable instead of a constant string keeps gcc + * 4.3.2 happy */ + tfm = crypto_alloc_blkcipher(alg, 0, 0 ); + if (IS_ERR(tfm)) { + CERROR("failed to load transform for aes\n"); + RETURN(PTR_ERR(tfm)); + } + + min = ll_crypto_tfm_alg_min_keysize(tfm); + if (keylen < min) { + CERROR("keylen at least %d bits for aes\n", min * 8); + GOTO(out, rc = -EINVAL); + } + + rc = crypto_blkcipher_setkey(tfm, key, min); + if (rc) { + CERROR("failed to setting key for aes\n"); + GOTO(out, rc); + } + + sg_set_page(&sd, virt_to_page(d), 16, + (unsigned long)(d) % PAGE_CACHE_SIZE); + + sg_set_page(&ss, virt_to_page(s), 16, + (unsigned long)(s) % PAGE_CACHE_SIZE); + desc.tfm = tfm; + desc.info = NULL; + desc.flags = 0; + rc = crypto_blkcipher_encrypt(&desc, &sd, &ss, 16); + if (rc) { + CERROR("failed to encrypt for aes\n"); + GOTO(out, rc); + } + + EXIT; + +out: + crypto_free_blkcipher(tfm); + return rc; +} +EXPORT_SYMBOL(capa_encrypt_id); + +int capa_decrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen) +{ + struct crypto_blkcipher *tfm; + struct scatterlist sd; + struct scatterlist ss; + struct blkcipher_desc desc; + unsigned int min; + int rc; + char alg[CRYPTO_MAX_ALG_NAME+1] = "aes"; + ENTRY; + + /* passing "aes" in a variable instead of a constant string keeps gcc + * 4.3.2 happy */ + tfm = crypto_alloc_blkcipher(alg, 0, 0 ); + if (IS_ERR(tfm)) { + CERROR("failed to load transform for aes\n"); + RETURN(PTR_ERR(tfm)); + } + + min = ll_crypto_tfm_alg_min_keysize(tfm); + if (keylen < min) { + CERROR("keylen at least %d bits for aes\n", min * 8); + GOTO(out, rc = -EINVAL); + } + + rc = crypto_blkcipher_setkey(tfm, key, min); + if (rc) { + CERROR("failed to setting key for aes\n"); + GOTO(out, rc); + } + + sg_set_page(&sd, virt_to_page(d), 16, + (unsigned long)(d) % PAGE_CACHE_SIZE); + + sg_set_page(&ss, virt_to_page(s), 16, + (unsigned long)(s) % PAGE_CACHE_SIZE); + + desc.tfm = tfm; + desc.info = NULL; + desc.flags = 0; + rc = crypto_blkcipher_decrypt(&desc, &sd, &ss, 16); + if (rc) { + CERROR("failed to decrypt for aes\n"); + GOTO(out, rc); + } + + EXIT; + +out: + crypto_free_blkcipher(tfm); + return rc; +} +EXPORT_SYMBOL(capa_decrypt_id); #endif void capa_cpy(void *capa, struct obd_capa *ocapa) { - spin_lock(&ocapa->c_lock); - *(struct lustre_capa *)capa = ocapa->c_capa; - spin_unlock(&ocapa->c_lock); + spin_lock(&ocapa->c_lock); + *(struct lustre_capa *)capa = ocapa->c_capa; + spin_unlock(&ocapa->c_lock); } +EXPORT_SYMBOL(capa_cpy); -char *dump_capa_content(char *buf, char *key, int len) +void _debug_capa(struct lustre_capa *c, + struct libcfs_debug_msg_data *msgdata, + const char *fmt, ... ) { - int i, n = 0; - - for (i = 0; i < len; i++) - n += sprintf(buf + n, "%02x", (unsigned char) key[i]); - return buf; + va_list args; + va_start(args, fmt); + libcfs_debug_vmsg2(msgdata, fmt, args, + " capability@%p fid "DFID" opc "LPX64" uid "LPU64 + " gid "LPU64" flags %u alg %d keyid %u timeout %u " + "expiry %u\n", c, PFID(capa_fid(c)), capa_opc(c), + capa_uid(c), capa_gid(c), capa_flags(c), + capa_alg(c), capa_keyid(c), capa_timeout(c), + capa_expiry(c)); + va_end(args); } +EXPORT_SYMBOL(_debug_capa); -EXPORT_SYMBOL(init_capa_hash); -EXPORT_SYMBOL(cleanup_capa_hash); +/* + * context key constructor/destructor: + * lu_capainfo_key_init, lu_capainfo_key_fini + */ +LU_KEY_INIT_FINI(lu_capainfo, struct lu_capainfo); -EXPORT_SYMBOL(capa_add); -EXPORT_SYMBOL(capa_lookup); +struct lu_context_key lu_capainfo_key = { + .lct_tags = LCT_SERVER_SESSION, + .lct_init = lu_capainfo_key_init, + .lct_fini = lu_capainfo_key_fini +}; -EXPORT_SYMBOL(capa_hmac); -EXPORT_SYMBOL(capa_cpy); +struct lu_capainfo *lu_capainfo_get(const struct lu_env *env) +{ + /* NB, in mdt_init0 */ + if (env->le_ses == NULL) + return NULL; + return lu_context_key_get(env->le_ses, &lu_capainfo_key); +} +EXPORT_SYMBOL(lu_capainfo_get); -EXPORT_SYMBOL(dump_capa_content); +/** + * Initialization of lu_capainfo_key data. + */ +int lu_capainfo_init(void) +{ + int rc; + + LU_CONTEXT_KEY_INIT(&lu_capainfo_key); + rc = lu_context_key_register(&lu_capainfo_key); + return rc; +} + +/** + * Dual to lu_capainfo_init(). + */ +void lu_capainfo_fini(void) +{ + lu_context_key_degister(&lu_capainfo_key); +}