LU-9193 security: return security context for metadata ops
Security layer needs to fetch security context of files/dirs
upon metadata ops like lookup, getattr, open, truncate, and
layout, for its own purpose and control checks.
Retrieving the security context consists in a getxattr operation
at the file system level. The fact that the requested metadata
operation and the getxattr are not atomic can create a window
for a dead-lock situation where, based on some access patterns,
all MDT service threads can become stuck waiting for lookup lock
to be released and thus unable to serve getxattr for security context.
Another problem is that sending an additional getxattr request for
every metadata op hurts performance.
This patch introduces a way to get atomicity by having
the MDT return security context upon granted lock reply,
sparing the client an additional getxattr request.
LU-12212 mdt: fix SECCTX reply buffer handling
LU-9193 changes for inline SECCTX in reply may cause often
resends and reconnects in some loads, e.g. dbench runs.
That is caused by missed buffer shrink when SECCTX is not
used.
Patch shrinks SECCTX buffer if it is not used
Lustre-change: https://review.whamcloud.com/26831
Lustre-commit:
fca35f74f9ec5c5ed77e774f3e3209d9df057a01
Lustre-change: https://review.whamcloud.com/34734
Lustre-commit:
cb61ed93f8563c26b6a6db396478fe54f8dc42cb
Test-Parameters: clientselinux testlist=sanity envdefinitions=EXCEPT=103a
Test-Parameters: mdscount=2 mdtcount=4 clientselinux testlist=recovery-small,sanity-selinux
Signed-off-by: Bruno Faccini <bruno.faccini@intel.com>
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Signed-off-by: Sebastien Piechurski <sebastien.piechurski@atos.net>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: Mikhail Pershin <mpershin@whamcloud.com>
Change-Id: I45659ffcb911a9d62e6d7e92bcdc251ae641b24b
Reviewed-on: https://review.whamcloud.com/41387
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>