From: Sebastien Buisson <sbuisson@ddn.com>
Date: Mon, 18 Oct 2021 11:26:40 +0000 (+0200)
Subject: LU-15047 gss: gss integrity check with multi-rail
X-Git-Tag: 2.14.56~122
X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=c8301a65c5672a1d081669343466746df983eabc;hp=9997f94d4b6ee335d2bf86f94bd43464d5b8f061

LU-15047 gss: gss integrity check with multi-rail

With multi-rail, a primary NID is used as node identifier, but LNet
decides which NID is actually used for sending/receiving data, on a
per request basis.
For the integrity check mechanism implemented as part of GSS, the
primary NID must be used in order to compute HMAC with the correct
key, independently of the actual NID for the current request.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I2bf3974d3aa0e8365a9413dca56c69ee3734c12b
Reviewed-on: https://review.whamcloud.com/45277
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Jeremy Filizetti <jeremy.filizetti@gmail.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---

diff --git a/lustre/ptlrpc/gss/gss_keyring.c b/lustre/ptlrpc/gss/gss_keyring.c
index 85571dc..2da3178 100644
--- a/lustre/ptlrpc/gss/gss_keyring.c
+++ b/lustre/ptlrpc/gss/gss_keyring.c
@@ -863,7 +863,7 @@ struct ptlrpc_cli_ctx * gss_sec_lookup_ctx_kr(struct ptlrpc_sec *sec,
 		 vcred->vc_uid, vcred->vc_gid,
 		 sec_part_flags, svc_flag, import_to_gss_svc(imp),
 		 imp->imp_connection->c_peer.nid, imp->imp_obd->obd_name,
-		 imp->imp_connection->c_self, caller_pid);
+		 LNetPrimaryNID(imp->imp_connection->c_self), caller_pid);
 
 	CDEBUG(D_SEC, "requesting key for %s\n", desc);
 
diff --git a/lustre/ptlrpc/gss/gss_svc_upcall.c b/lustre/ptlrpc/gss/gss_svc_upcall.c
index 5b0da4b..99b3e00 100644
--- a/lustre/ptlrpc/gss/gss_svc_upcall.c
+++ b/lustre/ptlrpc/gss/gss_svc_upcall.c
@@ -909,9 +909,9 @@ int gss_svc_upcall_handle_init(struct ptlrpc_request *req,
 	rsikey.lustre_svc = lustre_svc;
 	/* In case of MR, rq_peer is not the NID from which request is received,
 	 * but primary NID of peer.
-	 * So we need rq_source, which contains the NID actually in use.
+	 * So we need LNetPrimaryNID(rq_source) to match what the clients uses.
 	 */
-	rsikey.nid = (__u64) req->rq_source.nid;
+	rsikey.nid = (__u64)LNetPrimaryNID(req->rq_source.nid);
 	nodemap_test_nid(req->rq_peer.nid, rsikey.nm_name,
 			 sizeof(rsikey.nm_name));