From: ericm Date: Sun, 5 Jun 2005 21:14:54 +0000 (+0000) Subject: land b_hd_sec onto HEAD, some debugging code also kept. X-Git-Tag: v1_7_100~1215 X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=10a3045ba859070205d9bb5dc901d5de1566da69 land b_hd_sec onto HEAD, some debugging code also kept. --- diff --git a/lustre/mds/handler.c b/lustre/mds/handler.c index 62eb8c1..96a5b67 100644 --- a/lustre/mds/handler.c +++ b/lustre/mds/handler.c @@ -2587,18 +2587,18 @@ int mds_handle(struct ptlrpc_request *req) /* Security opc should NOT trigger any recovery events */ if (req->rq_reqmsg->opc == SEC_INIT || req->rq_reqmsg->opc == SEC_INIT_CONTINUE) { - if (!req->rq_export) - GOTO(out, rc = 0); - - mds_req_add_idmapping(req, &req->rq_export->exp_mds_data); - mds_revoke_export_locks(req->rq_export); + if (req->rq_export) { + mds_req_add_idmapping(req, + &req->rq_export->exp_mds_data); + mds_revoke_export_locks(req->rq_export); + } GOTO(out, rc = 0); } else if (req->rq_reqmsg->opc == SEC_FINI) { - if (!req->rq_export) - GOTO(out, rc = 0); - - mds_req_del_idmapping(req, &req->rq_export->exp_mds_data); - mds_revoke_export_locks(req->rq_export); + if (req->rq_export) { + mds_req_del_idmapping(req, + &req->rq_export->exp_mds_data); + mds_revoke_export_locks(req->rq_export); + } GOTO(out, rc = 0); } diff --git a/lustre/sec/gss/rawobj.c b/lustre/sec/gss/rawobj.c index 6c6edc4..dba01df 100644 --- a/lustre/sec/gss/rawobj.c +++ b/lustre/sec/gss/rawobj.c @@ -49,8 +49,10 @@ int rawobj_alloc(rawobj_t *obj, char *buf, int len) obj->len = len; if (len) { OBD_ALLOC(obj->data, len); - if (!obj->data) + if (!obj->data) { + obj->len = 0; RETURN(-ENOMEM); + } memcpy(obj->data, buf, len); } else obj->data = NULL; @@ -75,7 +77,7 @@ int rawobj_equal(rawobj_t *a, rawobj_t *b) LASSERT(a && b); return (a->len == b->len && - !memcmp(a->data, b->data, a->len)); + (!a->len || !memcmp(a->data, b->data, a->len))); } int rawobj_dup(rawobj_t *dest, rawobj_t *src) @@ -85,8 +87,10 @@ int rawobj_dup(rawobj_t *dest, rawobj_t *src) dest->len = src->len; if (dest->len) { OBD_ALLOC(dest->data, dest->len); - if (!dest->data) + if (!dest->data) { + dest->len = 0; return -ENOMEM; + } memcpy(dest->data, src->data, dest->len); } else dest->data = NULL; diff --git a/lustre/sec/gss/sec_gss.c b/lustre/sec/gss/sec_gss.c index 7c8ce34..d3cf0d1 100644 --- a/lustre/sec/gss/sec_gss.c +++ b/lustre/sec/gss/sec_gss.c @@ -511,6 +511,7 @@ static void gss_init_upcall_msg(struct gss_upcall_msg *gmsg, /******************************************** * gss cred manipulation helpers * ********************************************/ +#if 0 static int gss_cred_is_uptodate_ctx(struct ptlrpc_cred *cred) { @@ -525,6 +526,7 @@ int gss_cred_is_uptodate_ctx(struct ptlrpc_cred *cred) read_unlock(&gss_ctx_lock); return res; } +#endif static inline struct gss_cl_ctx * gss_get_ctx(struct gss_cl_ctx *ctx) @@ -785,12 +787,14 @@ again: /* so far we'v created gss_new */ gss_init_upcall_msg(gss_new, gsec, obdname, &gmd); - if (gss_cred_is_uptodate_ctx(cred)) { - /* someone else had done it for us, simply cancel - * our own upcall */ - CDEBUG(D_SEC, "cred("LPU64"/%u) has been refreshed by someone " - "else, simply drop our request\n", - cred->pc_pag, cred->pc_uid); + /* we'v created upcall msg, nobody else should touch the + * flag of this cred, unless be set as dead/expire by + * administrator via lctl etc. + */ + if (cred->pc_flags & PTLRPC_CRED_FLAGS_MASK) { + CWARN("cred %p("LPU64"/%u) was set flags %x unexpectedly\n", + cred, cred->pc_pag, cred->pc_uid, cred->pc_flags); + cred->pc_flags |= PTLRPC_CRED_DEAD | PTLRPC_CRED_ERROR; gss_unhash_msg_nolock(gss_new); spin_unlock(&gsec->gs_lock); gss_release_msg(gss_new); @@ -1117,8 +1121,8 @@ proc_data_out: else CERROR("replace dead cred failed %d\n", rc); } else { - CERROR("Unrecognized gss error (%x/%x)\n", - major, minor); + CERROR("req %p: unrecognized gss error (%x/%x)\n", + req, major, minor); rc = -EACCES; } break; diff --git a/lustre/sec/gss/svcsec_gss.c b/lustre/sec/gss/svcsec_gss.c index b18380c..c5e2ddb 100644 --- a/lustre/sec/gss/svcsec_gss.c +++ b/lustre/sec/gss/svcsec_gss.c @@ -127,6 +127,7 @@ static void rsi_free(struct rsi *rsii) static void rsi_put(struct cache_head *item, struct cache_detail *cd) { struct rsi *rsii = container_of(item, struct rsi, h); + LASSERT(atomic_read(&item->refcnt) > 0); if (cache_put(item, cd)) { rsi_free(rsii); OBD_FREE(rsii, sizeof(*rsii)); @@ -177,6 +178,7 @@ gssd_reply(struct rsi *item) tmp->h.next = NULL; rsi_cache.entries--; if (test_bit(CACHE_VALID, &tmp->h.flags)) { + CERROR("rsi is valid\n"); write_unlock(&rsi_cache.hash_lock); rsi_put(&tmp->h, &rsi_cache); RETURN(-EINVAL); @@ -229,18 +231,19 @@ gssd_upcall(struct rsi *item, struct cache_req *chandle) return tmp; } } - // cache_get(&item->h); - set_bit(CACHE_HASHED, &item->h.flags); + cache_get(&item->h); + //set_bit(CACHE_HASHED, &item->h.flags); item->h.next = *head; *head = &item->h; rsi_cache.entries++; read_unlock(&rsi_cache.hash_lock); - cache_get(&item->h); + //cache_get(&item->h); cache_check(&rsi_cache, &item->h, chandle); starttime = get_seconds(); do { - yield(); + set_current_state(TASK_UNINTERRUPTIBLE); + schedule_timeout(HZ/2); read_lock(&rsi_cache.hash_lock); for (hp = head; *hp != NULL; hp = &tmp->h.next) { tmp = container_of(*hp, struct rsi, h); @@ -261,8 +264,8 @@ gssd_upcall(struct rsi *item, struct cache_req *chandle) } } read_unlock(&rsi_cache.hash_lock); - } while ((get_seconds() - starttime) <= 5); - CERROR("5s timeout while waiting cache refill\n"); + } while ((get_seconds() - starttime) <= 15); + CERROR("15s timeout while waiting cache refill\n"); return NULL; } @@ -409,6 +412,7 @@ static void rsc_put(struct cache_head *item, struct cache_detail *cd) { struct rsc *rsci = container_of(item, struct rsc, h); + LASSERT(atomic_read(&item->refcnt) > 0); if (cache_put(item, cd)) { rsc_free(rsci); OBD_FREE(rsci, sizeof(*rsci)); @@ -455,7 +459,7 @@ static struct rsc *rsc_lookup(struct rsc *item, int set) } /* Didn't find anything */ if (!set) - goto out_noset; + goto out_nada; rsc_cache.entries++; out_set: set_bit(CACHE_HASHED, &item->h.flags); @@ -465,6 +469,8 @@ out_set: cache_fresh(&rsc_cache, &item->h, item->h.expiry_time); cache_get(&item->h); RETURN(item); +out_nada: + tmp = NULL; out_noset: read_unlock(&rsc_cache.hash_lock); RETURN(tmp); @@ -741,8 +747,9 @@ gss_svc_verify_request(struct ptlrpc_request *req, } if (gss_check_seq_num(&rsci->seqdata, gc->gc_seq)) { - CERROR("discard request %p with old seq_num %u\n", - req, gc->gc_seq); + CERROR("discard replayed request %p(o%u,x"LPU64",t"LPU64")\n", + req, req->rq_reqmsg->opc, req->rq_xid, + req->rq_reqmsg->transno); RETURN(GSS_S_DUPLICATE_TOKEN); } @@ -787,8 +794,9 @@ gss_svc_unseal_request(struct ptlrpc_request *req, } if (gss_check_seq_num(&rsci->seqdata, gc->gc_seq)) { - CERROR("discard request %p with old seq_num %u\n", - req, gc->gc_seq); + CERROR("discard replayed request %p(o%u,x"LPU64",t"LPU64")\n", + req, req->rq_reqmsg->opc, req->rq_xid, + req->rq_reqmsg->transno); RETURN(GSS_S_DUPLICATE_TOKEN); } @@ -861,6 +869,23 @@ gss_pack_err_notify(struct ptlrpc_request *req, RETURN(0); } +static void dump_cache_head(struct cache_head *h) +{ + CWARN("ref %d, fl %lx, n %p, t %ld, %ld\n", + atomic_read(&h->refcnt), h->flags, h->next, + h->expiry_time, h->last_refresh); +} +static void dump_rsi(struct rsi *rsi) +{ + CWARN("dump rsi %p\n", rsi); + dump_cache_head(&rsi->h); + CWARN("%x,%x,%llx\n", rsi->naltype, rsi->netid, rsi->nid); + CWARN("len %d, d %p\n", rsi->in_handle.len, rsi->in_handle.data); + CWARN("len %d, d %p\n", rsi->in_token.len, rsi->in_token.data); + CWARN("len %d, d %p\n", rsi->out_handle.len, rsi->out_handle.data); + CWARN("len %d, d %p\n", rsi->out_token.len, rsi->out_token.data); +} + static int gss_svcsec_handle_init(struct ptlrpc_request *req, struct rpc_gss_wire_cred *gc, @@ -920,17 +945,21 @@ gss_svcsec_handle_init(struct ptlrpc_request *req, rsip = gssd_upcall(rsikey, &my_chandle); if (!rsip) { CERROR("error in gssd_upcall.\n"); - GOTO(out_rsikey, rc = SVC_DROP); + + rc = SVC_COMPLETE; + if (gss_pack_err_notify(req, GSS_S_FAILURE, 0)) + rc = SVC_DROP; + + GOTO(out_rsikey, rc); } rsci = gss_svc_searchbyctx(&rsip->out_handle); if (!rsci) { CERROR("rsci still not mature yet?\n"); + rc = SVC_COMPLETE; if (gss_pack_err_notify(req, GSS_S_FAILURE, 0)) rc = SVC_DROP; - else - rc = SVC_COMPLETE; GOTO(out_rsip, rc); } @@ -970,11 +999,17 @@ gss_svcsec_handle_init(struct ptlrpc_request *req, *resp++ = cpu_to_le32(GSS_SEQ_WIN); reslen -= (4 * 4); if (rawobj_serialize(&rsip->out_handle, - &resp, &reslen)) + &resp, &reslen)) { + dump_rsi(rsip); + dump_rsi(rsikey); LBUG(); + } if (rawobj_serialize(&rsip->out_token, - &resp, &reslen)) + &resp, &reslen)) { + dump_rsi(rsip); + dump_rsi(rsikey); LBUG(); + } /* the actual sec data length */ *reslenp = cpu_to_le32(svcdata->reserve_len - reslen); diff --git a/lustre/sec/sec.c b/lustre/sec/sec.c index 135ce02..e249b84 100644 --- a/lustre/sec/sec.c +++ b/lustre/sec/sec.c @@ -428,7 +428,7 @@ int ptlrpcs_req_refresh_cred(struct ptlrpc_request *req) if (cred->pc_flags & PTLRPC_CRED_DEAD) { if (ptlrpcs_req_replace_dead_cred(req) == 0) { LASSERT(cred != req->rq_cred); - CWARN("req %p: replace cred %p => %p\n", + CDEBUG(D_SEC, "req %p: replace cred %p => %p\n", req, cred, req->rq_cred); cred = req->rq_cred; } else {