land b_hd_sec onto HEAD, some debugging code also kept.

author ericm <ericm>

Sun, 5 Jun 2005 21:14:54 +0000 (21:14 +0000)

committer ericm <ericm>

Sun, 5 Jun 2005 21:14:54 +0000 (21:14 +0000)
author ericm <ericm>
Sun, 5 Jun 2005 21:14:54 +0000 (21:14 +0000)
committer ericm <ericm>
Sun, 5 Jun 2005 21:14:54 +0000 (21:14 +0000)
diff --git a/lustre/mds/handler.c b/lustre/mds/handler.c

index 62eb8c1..96a5b67 100644 (file)
--- a/lustre/mds/handler.c
+++ b/lustre/mds/handler.c
@@ -2587,18 +2587,18 @@ int mds_handle(struct ptlrpc_request *req)
          /* Security opc should NOT trigger any recovery events */
          if (req->rq_reqmsg->opc == SEC_INIT ||
              req->rq_reqmsg->opc == SEC_INIT_CONTINUE) {
          /* Security opc should NOT trigger any recovery events */
          if (req->rq_reqmsg->opc == SEC_INIT ||
              req->rq_reqmsg->opc == SEC_INIT_CONTINUE) {
-                if (!req->rq_export)
-                        GOTO(out, rc = 0);
-
-                mds_req_add_idmapping(req, &req->rq_export->exp_mds_data);
-                mds_revoke_export_locks(req->rq_export);
+                if (req->rq_export) {
+                        mds_req_add_idmapping(req,
+                                              &req->rq_export->exp_mds_data);
+                        mds_revoke_export_locks(req->rq_export);
+                }
                  GOTO(out, rc = 0);
          } else if (req->rq_reqmsg->opc == SEC_FINI) {
                  GOTO(out, rc = 0);
          } else if (req->rq_reqmsg->opc == SEC_FINI) {
-                if (!req->rq_export)
-                        GOTO(out, rc = 0);
-
-                mds_req_del_idmapping(req, &req->rq_export->exp_mds_data);
-                mds_revoke_export_locks(req->rq_export);
+                if (req->rq_export) {
+                        mds_req_del_idmapping(req,
+                                              &req->rq_export->exp_mds_data);
+                        mds_revoke_export_locks(req->rq_export);
+                }
                  GOTO(out, rc = 0);
          }
  
                  GOTO(out, rc = 0);
          }
  
diff --git a/lustre/sec/gss/rawobj.c b/lustre/sec/gss/rawobj.c

index 6c6edc4..dba01df 100644 (file)
--- a/lustre/sec/gss/rawobj.c
+++ b/lustre/sec/gss/rawobj.c
@@ -49,8 +49,10 @@ int rawobj_alloc(rawobj_t *obj, char *buf, int len)
          obj->len = len;
          if (len) {
                  OBD_ALLOC(obj->data, len);
          obj->len = len;
          if (len) {
                  OBD_ALLOC(obj->data, len);
-                if (!obj->data)
+                if (!obj->data) {
+                        obj->len = 0;
                          RETURN(-ENOMEM);
                          RETURN(-ENOMEM);
+                }
                  memcpy(obj->data, buf, len);
          } else
                  obj->data = NULL;
                  memcpy(obj->data, buf, len);
          } else
                  obj->data = NULL;
@@ -75,7 +77,7 @@ int rawobj_equal(rawobj_t *a, rawobj_t *b)
          LASSERT(a && b);
  
          return (a->len == b->len &&
          LASSERT(a && b);
  
          return (a->len == b->len &&
-                !memcmp(a->data, b->data, a->len));
+                (!a->len || !memcmp(a->data, b->data, a->len)));
  }
  
  int rawobj_dup(rawobj_t *dest, rawobj_t *src)
  }
  
  int rawobj_dup(rawobj_t *dest, rawobj_t *src)
@@ -85,8 +87,10 @@ int rawobj_dup(rawobj_t *dest, rawobj_t *src)
          dest->len = src->len;
          if (dest->len) {
                  OBD_ALLOC(dest->data, dest->len);
          dest->len = src->len;
          if (dest->len) {
                  OBD_ALLOC(dest->data, dest->len);
-                if (!dest->data)
+                if (!dest->data) {
+                        dest->len = 0;
                          return -ENOMEM;
                          return -ENOMEM;
+                }
                  memcpy(dest->data, src->data, dest->len);
          } else
                  dest->data = NULL;
                  memcpy(dest->data, src->data, dest->len);
          } else
                  dest->data = NULL;
diff --git a/lustre/sec/gss/sec_gss.c b/lustre/sec/gss/sec_gss.c

index 7c8ce34..d3cf0d1 100644 (file)
--- a/lustre/sec/gss/sec_gss.c
+++ b/lustre/sec/gss/sec_gss.c
@@ -511,6 +511,7 @@ static void gss_init_upcall_msg(struct gss_upcall_msg *gmsg,
  /********************************************
   * gss cred manipulation helpers            *
   ********************************************/
  /********************************************
   * gss cred manipulation helpers            *
   ********************************************/
+#if 0
  static
  int gss_cred_is_uptodate_ctx(struct ptlrpc_cred *cred)
  {
  static
  int gss_cred_is_uptodate_ctx(struct ptlrpc_cred *cred)
  {
@@ -525,6 +526,7 @@ int gss_cred_is_uptodate_ctx(struct ptlrpc_cred *cred)
          read_unlock(&gss_ctx_lock);
          return res;
  }
          read_unlock(&gss_ctx_lock);
          return res;
  }
+#endif
  
  static inline
  struct gss_cl_ctx * gss_get_ctx(struct gss_cl_ctx *ctx)
  
  static inline
  struct gss_cl_ctx * gss_get_ctx(struct gss_cl_ctx *ctx)
@@ -785,12 +787,14 @@ again:
          /* so far we'v created gss_new */
          gss_init_upcall_msg(gss_new, gsec, obdname, &gmd);
  
          /* so far we'v created gss_new */
          gss_init_upcall_msg(gss_new, gsec, obdname, &gmd);
  
-        if (gss_cred_is_uptodate_ctx(cred)) {
-                /* someone else had done it for us, simply cancel
-                 * our own upcall */
-                CDEBUG(D_SEC, "cred("LPU64"/%u) has been refreshed by someone "
-                       "else, simply drop our request\n",
-                       cred->pc_pag, cred->pc_uid);
+        /* we'v created upcall msg, nobody else should touch the
+         * flag of this cred, unless be set as dead/expire by
+         * administrator via lctl etc.
+         */
+        if (cred->pc_flags & PTLRPC_CRED_FLAGS_MASK) {
+                CWARN("cred %p("LPU64"/%u) was set flags %x unexpectedly\n",
+                      cred, cred->pc_pag, cred->pc_uid, cred->pc_flags);
+                cred->pc_flags |= PTLRPC_CRED_DEAD | PTLRPC_CRED_ERROR;
                  gss_unhash_msg_nolock(gss_new);
                  spin_unlock(&gsec->gs_lock);
                  gss_release_msg(gss_new);
                  gss_unhash_msg_nolock(gss_new);
                  spin_unlock(&gsec->gs_lock);
                  gss_release_msg(gss_new);
@@ -1117,8 +1121,8 @@ proc_data_out:
                          else
                                  CERROR("replace dead cred failed %d\n", rc);
                  } else {
                          else
                                  CERROR("replace dead cred failed %d\n", rc);
                  } else {
-                        CERROR("Unrecognized gss error (%x/%x)\n",
-                                major, minor);
+                        CERROR("req %p: unrecognized gss error (%x/%x)\n",
+                                req, major, minor);
                          rc = -EACCES;
                  }
                  break;
                          rc = -EACCES;
                  }
                  break;
diff --git a/lustre/sec/gss/svcsec_gss.c b/lustre/sec/gss/svcsec_gss.c

index b18380c..c5e2ddb 100644 (file)
--- a/lustre/sec/gss/svcsec_gss.c
+++ b/lustre/sec/gss/svcsec_gss.c
@@ -127,6 +127,7 @@ static void rsi_free(struct rsi *rsii)
  static void rsi_put(struct cache_head *item, struct cache_detail *cd)
  {
          struct rsi *rsii = container_of(item, struct rsi, h);
  static void rsi_put(struct cache_head *item, struct cache_detail *cd)
  {
          struct rsi *rsii = container_of(item, struct rsi, h);
+        LASSERT(atomic_read(&item->refcnt) > 0);
          if (cache_put(item, cd)) {
                  rsi_free(rsii);
                  OBD_FREE(rsii, sizeof(*rsii));
          if (cache_put(item, cd)) {
                  rsi_free(rsii);
                  OBD_FREE(rsii, sizeof(*rsii));
@@ -177,6 +178,7 @@ gssd_reply(struct rsi *item)
                          tmp->h.next = NULL;
                          rsi_cache.entries--;
                          if (test_bit(CACHE_VALID, &tmp->h.flags)) {
                          tmp->h.next = NULL;
                          rsi_cache.entries--;
                          if (test_bit(CACHE_VALID, &tmp->h.flags)) {
+                                CERROR("rsi is valid\n");
                                  write_unlock(&rsi_cache.hash_lock);
                                  rsi_put(&tmp->h, &rsi_cache);
                                  RETURN(-EINVAL);
                                  write_unlock(&rsi_cache.hash_lock);
                                  rsi_put(&tmp->h, &rsi_cache);
                                  RETURN(-EINVAL);
@@ -229,18 +231,19 @@ gssd_upcall(struct rsi *item, struct cache_req *chandle)
                          return tmp;
                  }
          }
                          return tmp;
                  }
          }
-        // cache_get(&item->h);
-        set_bit(CACHE_HASHED, &item->h.flags);
+        cache_get(&item->h);
+        //set_bit(CACHE_HASHED, &item->h.flags);
          item->h.next = *head;
          *head = &item->h;
          rsi_cache.entries++;
          read_unlock(&rsi_cache.hash_lock);
          item->h.next = *head;
          *head = &item->h;
          rsi_cache.entries++;
          read_unlock(&rsi_cache.hash_lock);
-        cache_get(&item->h);
+        //cache_get(&item->h);
  
          cache_check(&rsi_cache, &item->h, chandle);
          starttime = get_seconds();
          do {
  
          cache_check(&rsi_cache, &item->h, chandle);
          starttime = get_seconds();
          do {
-                yield();
+                set_current_state(TASK_UNINTERRUPTIBLE);
+                schedule_timeout(HZ/2);
                  read_lock(&rsi_cache.hash_lock);
                  for (hp = head; *hp != NULL; hp = &tmp->h.next) {
                          tmp = container_of(*hp, struct rsi, h);
                  read_lock(&rsi_cache.hash_lock);
                  for (hp = head; *hp != NULL; hp = &tmp->h.next) {
                          tmp = container_of(*hp, struct rsi, h);
@@ -261,8 +264,8 @@ gssd_upcall(struct rsi *item, struct cache_req *chandle)
                          }
                  }
                  read_unlock(&rsi_cache.hash_lock);
                          }
                  }
                  read_unlock(&rsi_cache.hash_lock);
-        } while ((get_seconds() - starttime) <= 5);
-        CERROR("5s timeout while waiting cache refill\n");
+        } while ((get_seconds() - starttime) <= 15);
+        CERROR("15s timeout while waiting cache refill\n");
          return NULL;
  }
  
          return NULL;
  }
  
@@ -409,6 +412,7 @@ static void rsc_put(struct cache_head *item, struct cache_detail *cd)
  {
          struct rsc *rsci = container_of(item, struct rsc, h);
  
  {
          struct rsc *rsci = container_of(item, struct rsc, h);
  
+        LASSERT(atomic_read(&item->refcnt) > 0);
          if (cache_put(item, cd)) {
                  rsc_free(rsci);
                  OBD_FREE(rsci, sizeof(*rsci));
          if (cache_put(item, cd)) {
                  rsc_free(rsci);
                  OBD_FREE(rsci, sizeof(*rsci));
@@ -455,7 +459,7 @@ static struct rsc *rsc_lookup(struct rsc *item, int set)
          }
          /* Didn't find anything */
          if (!set)
          }
          /* Didn't find anything */
          if (!set)
-                goto out_noset;
+                goto out_nada;
          rsc_cache.entries++;
  out_set:
          set_bit(CACHE_HASHED, &item->h.flags);
          rsc_cache.entries++;
  out_set:
          set_bit(CACHE_HASHED, &item->h.flags);
@@ -465,6 +469,8 @@ out_set:
          cache_fresh(&rsc_cache, &item->h, item->h.expiry_time);
          cache_get(&item->h);
          RETURN(item);
          cache_fresh(&rsc_cache, &item->h, item->h.expiry_time);
          cache_get(&item->h);
          RETURN(item);
+out_nada:
+        tmp = NULL;
  out_noset:
          read_unlock(&rsc_cache.hash_lock);
          RETURN(tmp);
  out_noset:
          read_unlock(&rsc_cache.hash_lock);
          RETURN(tmp);
@@ -741,8 +747,9 @@ gss_svc_verify_request(struct ptlrpc_request *req,
          }
  
          if (gss_check_seq_num(&rsci->seqdata, gc->gc_seq)) {
          }
  
          if (gss_check_seq_num(&rsci->seqdata, gc->gc_seq)) {
-                CERROR("discard request %p with old seq_num %u\n",
-                        req, gc->gc_seq);
+                CERROR("discard replayed request %p(o%u,x"LPU64",t"LPU64")\n",
+                        req, req->rq_reqmsg->opc, req->rq_xid,
+                        req->rq_reqmsg->transno);
                  RETURN(GSS_S_DUPLICATE_TOKEN);
          }
  
                  RETURN(GSS_S_DUPLICATE_TOKEN);
          }
  
@@ -787,8 +794,9 @@ gss_svc_unseal_request(struct ptlrpc_request *req,
          }
  
          if (gss_check_seq_num(&rsci->seqdata, gc->gc_seq)) {
          }
  
          if (gss_check_seq_num(&rsci->seqdata, gc->gc_seq)) {
-                CERROR("discard request %p with old seq_num %u\n",
-                        req, gc->gc_seq);
+                CERROR("discard replayed request %p(o%u,x"LPU64",t"LPU64")\n",
+                        req, req->rq_reqmsg->opc, req->rq_xid,
+                        req->rq_reqmsg->transno);
                  RETURN(GSS_S_DUPLICATE_TOKEN);
          }
  
                  RETURN(GSS_S_DUPLICATE_TOKEN);
          }
  
@@ -861,6 +869,23 @@ gss_pack_err_notify(struct ptlrpc_request *req,
          RETURN(0);
  }
  
          RETURN(0);
  }
  
+static void dump_cache_head(struct cache_head *h)
+{
+        CWARN("ref %d, fl %lx, n %p, t %ld, %ld\n",
+              atomic_read(&h->refcnt), h->flags, h->next,
+              h->expiry_time, h->last_refresh);
+}
+static void dump_rsi(struct rsi *rsi)
+{
+        CWARN("dump rsi %p\n", rsi);
+        dump_cache_head(&rsi->h);
+        CWARN("%x,%x,%llx\n", rsi->naltype, rsi->netid, rsi->nid);
+        CWARN("len %d, d %p\n", rsi->in_handle.len, rsi->in_handle.data);
+        CWARN("len %d, d %p\n", rsi->in_token.len, rsi->in_token.data);
+        CWARN("len %d, d %p\n", rsi->out_handle.len, rsi->out_handle.data);
+        CWARN("len %d, d %p\n", rsi->out_token.len, rsi->out_token.data);
+}
+
  static int
  gss_svcsec_handle_init(struct ptlrpc_request *req,
                         struct rpc_gss_wire_cred *gc,
  static int
  gss_svcsec_handle_init(struct ptlrpc_request *req,
                         struct rpc_gss_wire_cred *gc,
@@ -920,17 +945,21 @@ gss_svcsec_handle_init(struct ptlrpc_request *req,
          rsip = gssd_upcall(rsikey, &my_chandle);
          if (!rsip) {
                  CERROR("error in gssd_upcall.\n");
          rsip = gssd_upcall(rsikey, &my_chandle);
          if (!rsip) {
                  CERROR("error in gssd_upcall.\n");
-                GOTO(out_rsikey, rc = SVC_DROP);
+
+                rc = SVC_COMPLETE;
+                if (gss_pack_err_notify(req, GSS_S_FAILURE, 0))
+                        rc = SVC_DROP;
+
+                GOTO(out_rsikey, rc);
          }
  
          rsci = gss_svc_searchbyctx(&rsip->out_handle);
          if (!rsci) {
                  CERROR("rsci still not mature yet?\n");
  
          }
  
          rsci = gss_svc_searchbyctx(&rsip->out_handle);
          if (!rsci) {
                  CERROR("rsci still not mature yet?\n");
  
+                rc = SVC_COMPLETE;
                  if (gss_pack_err_notify(req, GSS_S_FAILURE, 0))
                          rc = SVC_DROP;
                  if (gss_pack_err_notify(req, GSS_S_FAILURE, 0))
                          rc = SVC_DROP;
-                else
-                        rc = SVC_COMPLETE;
  
                  GOTO(out_rsip, rc);
          }
  
                  GOTO(out_rsip, rc);
          }
@@ -970,11 +999,17 @@ gss_svcsec_handle_init(struct ptlrpc_request *req,
          *resp++ = cpu_to_le32(GSS_SEQ_WIN);
          reslen -= (4 * 4);
          if (rawobj_serialize(&rsip->out_handle,
          *resp++ = cpu_to_le32(GSS_SEQ_WIN);
          reslen -= (4 * 4);
          if (rawobj_serialize(&rsip->out_handle,
-                             &resp, &reslen))
+                             &resp, &reslen)) {
+                dump_rsi(rsip);
+                dump_rsi(rsikey);
                  LBUG();
                  LBUG();
+        }
          if (rawobj_serialize(&rsip->out_token,
          if (rawobj_serialize(&rsip->out_token,
-                             &resp, &reslen))
+                             &resp, &reslen)) {
+                dump_rsi(rsip);
+                dump_rsi(rsikey);
                  LBUG();
                  LBUG();
+        }
          /* the actual sec data length */
          *reslenp = cpu_to_le32(svcdata->reserve_len - reslen);
  
          /* the actual sec data length */
          *reslenp = cpu_to_le32(svcdata->reserve_len - reslen);
  
diff --git a/lustre/sec/sec.c b/lustre/sec/sec.c

index 135ce02..e249b84 100644 (file)
--- a/lustre/sec/sec.c
+++ b/lustre/sec/sec.c
@@ -428,7 +428,7 @@ int ptlrpcs_req_refresh_cred(struct ptlrpc_request *req)
          if (cred->pc_flags & PTLRPC_CRED_DEAD) {
                  if (ptlrpcs_req_replace_dead_cred(req) == 0) {
                          LASSERT(cred != req->rq_cred);
          if (cred->pc_flags & PTLRPC_CRED_DEAD) {
                  if (ptlrpcs_req_replace_dead_cred(req) == 0) {
                          LASSERT(cred != req->rq_cred);
-                        CWARN("req %p: replace cred %p => %p\n",
+                        CDEBUG(D_SEC, "req %p: replace cred %p => %p\n",
                                 req, cred, req->rq_cred);
                          cred = req->rq_cred;
                  } else {
                                 req, cred, req->rq_cred);
                          cred = req->rq_cred;
                  } else {
author	ericm <ericm>
	Sun, 5 Jun 2005 21:14:54 +0000 (21:14 +0000)
committer	ericm <ericm>
	Sun, 5 Jun 2005 21:14:54 +0000 (21:14 +0000)
lustre/mds/handler.c		patch \| blob \| history
lustre/sec/gss/rawobj.c		patch \| blob \| history
lustre/sec/gss/sec_gss.c		patch \| blob \| history
lustre/sec/gss/svcsec_gss.c		patch \| blob \| history
lustre/sec/sec.c		patch \| blob \| history