1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (C) 2004, 2005 Cluster File Systems, Inc.
6 * This file is part of Lustre, http://www.lustre.org.
8 * Lustre is free software; you can redistribute it and/or
9 * modify it under the terms of version 2 of the GNU General Public
10 * License as published by the Free Software Foundation.
12 * Lustre is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with Lustre; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #define DEBUG_SUBSYSTEM S_LLITE
25 #include <linux/types.h>
26 #include <linux/version.h>
27 #include <asm/uaccess.h>
28 #include <linux/file.h>
29 #include <linux/kmod.h>
30 #include <linux/posix_acl.h>
31 #include <linux/xattr_acl.h>
33 #include <linux/lustre_acl.h>
34 #include <linux/lustre_lite.h>
35 #include <linux/lustre_gs.h>
36 #include "llite_internal.h"
38 int ll_gs_intent_init(struct lookup_intent *it)
40 struct lustre_intent_data *lustre_data;
42 LASSERT(it->d.fs_data != NULL);
43 lustre_data = (struct lustre_intent_data *)it->d.fs_data;
44 /*set lustre key size when there is gss server
45 *or other configuration*/
46 lustre_data->it_key = NULL;
47 lustre_data->it_key_size = 0;
51 static int ll_get_acl_key(struct inode *inode, struct posix_acl **acl,
52 struct lustre_key **lkey)
54 struct lookup_intent it = { .it_op = IT_GETATTR };
55 struct dentry de = { .d_inode = inode };
56 struct ll_sb_info *sbi;
58 struct ptlrpc_request *req = NULL;
59 struct ll_inode_info *lli = ll_i2info(inode);
63 if (lli->lli_posix_acl && lli->lli_key_info) {
64 /*If they are in the local cache, just fetch them*/
65 spin_lock(&lli->lli_lock);
66 *acl = posix_acl_dup(lli->lli_posix_acl);
67 *lkey = lustre_key_get(lli->lli_key_info);
68 spin_unlock(&lli->lli_lock);
71 sbi = ll_i2sbi(inode);
72 ll_inode2id(&id, inode);
74 if (ll_intent_alloc(&it))
77 rc = md_intent_lock(sbi->ll_md_exp, &id, NULL, 0, NULL, 0, &id,
78 &it, 0, &req, ll_mdc_blocking_ast);
84 rc = revalidate_it_finish(req, 1, &it, &de);
86 ll_intent_release(&it);
90 ll_lookup_finish_locks(&it, &de);
93 spin_lock(&lli->lli_lock);
94 *acl = posix_acl_dup(lli->lli_posix_acl);
95 *lkey = lustre_key_get(lli->lli_key_info);
96 spin_unlock(&lli->lli_lock);
99 ptlrpc_req_finished(req);
103 static int ll_init_key_perm(struct key_perm *kperm, struct posix_acl *acl,
104 __u32 uid, __u32 gid, int mode)
107 kperm->kp_acl_count = acl->a_count;
108 memcpy(kperm->kp_acls, acl->a_entries,
109 acl->a_count * sizeof(struct posix_acl_entry));
111 kperm->kp_mode = mode;
117 static int ll_init_key_context(struct key_context *pkc, __u32 uid,
118 __u32 gid, struct crypto_key *ck,
119 struct posix_acl *acl, int mode,
120 int command, int valid)
122 struct key_perm *kperm;
125 pkc->kc_command = command;
126 pkc->kc_valid = valid;
129 memcpy(&pkc->kc_ck, ck, sizeof(*ck));
131 kperm = &pkc->kc_perm;
133 ll_init_key_perm(kperm, acl, uid, gid, mode);
136 static int ll_get_default_acl(struct inode *inode, struct posix_acl **acl,
139 int rc = 0, buf_size, ea_size;
143 if (!S_ISDIR(inode->i_mode))
146 buf_size = xattr_acl_size(LL_ACL_MAX_ENTRIES);
147 OBD_ALLOC(buf, buf_size);
151 ea_size = ll_getxattr_internal(inode, XATTR_NAME_ACL_DEFAULT,
152 buf, buf_size, OBD_MD_FLXATTR);
154 if (ea_size < 0 && ea_size != -ENODATA)
155 CERROR("get default acl of ino %lu error rc %d \n",
156 inode->i_ino, ea_size);
159 *acl = posix_acl_from_xattr(buf, ea_size);
162 CERROR("convert xattr to acl failed: %d\n", rc);
165 rc = posix_acl_valid(*acl);
167 CERROR("acl valid error: %d\n", rc);
168 posix_acl_release(*acl);
173 rc = posix_acl_create_masq(*acl, &mode);
176 OBD_FREE(buf, buf_size);
180 int ll_gks_create_key(struct inode *dir, mode_t mode, void **key,
183 struct obd_export *gs_exp = ll_i2gsexp(dir);
184 struct key_context *kcontext = NULL;
185 struct key_parms kparms;
186 struct posix_acl *default_acl = NULL;
190 OBD_ALLOC(kcontext, sizeof(struct key_context));
192 GOTO(out, rc = -ENOMEM);
194 rc = ll_get_default_acl(dir, &default_acl, mode);
198 ll_init_key_context(kcontext, current->fsuid, current->fsgid,
199 NULL, default_acl, mode, GKS_GET_KEY, 0);
201 kparms.context = kcontext;
202 kparms.context_size = sizeof(struct key_context);
205 *key_size = sizeof(struct crypto_key);
206 OBD_ALLOC(*key, *key_size);
208 GOTO(out, rc = -ENOMEM);
210 /*GET an encrypt key from GS server*/
211 rc = obd_get_info(gs_exp, sizeof(struct key_parms), (void *)&kparms,
214 CERROR("get key error rc %d \n", rc);
217 CDEBUG(D_INFO, "Get enkey %s MAC %s from exp %p \n",
218 (char*)((struct crypto_key *)(*key))->ck_key,
219 (char*)((struct crypto_key *)(*key))->ck_mac,
223 OBD_FREE(kcontext, sizeof(struct key_context));
225 posix_acl_release(default_acl);
230 int ll_gks_init_it(struct inode *parent, struct lookup_intent *it)
232 struct obd_export *gs_exp = ll_i2gsexp(parent);
233 struct lustre_intent_data *lustre_data;
234 mode_t mode = (it->it_create_mode | S_IFREG) & (~current->fs->umask);
236 int key_size = 0, rc = 0;
242 ll_gs_intent_init(it);
243 if (!(it->it_op & IT_CREAT))
246 LASSERT(it->d.fs_data != NULL);
247 lustre_data = (struct lustre_intent_data *)it->d.fs_data;
249 if (lustre_data->it_key) {
250 LASSERT(lustre_data->it_key_size ==
251 sizeof(struct crypto_key));
252 OBD_FREE(lustre_data->it_key, sizeof(struct crypto_key));
255 rc = ll_gks_create_key(parent, mode, &key, &key_size);
259 lustre_data->it_key = key;
260 lustre_data->it_key_size = key_size;
264 OBD_FREE(key, key_size);
269 int ll_gks_decrypt_key(struct inode *inode, struct lookup_intent *it)
271 struct obd_export *gs_exp = ll_i2gsexp(inode);
272 struct ll_inode_info *lli = ll_i2info(inode);
273 struct key_context *kcontext = NULL;
274 struct key_perm *kperm = NULL;
275 struct key_parms kparms;
276 struct lustre_key *lkey = NULL;
277 struct crypto_key *ckey = NULL;
278 struct posix_acl *acl = NULL;
280 int rc = 0, ck_size = 0, kcontext_size = 0, acl_count;
287 rc = ll_get_acl_key(inode, &acl, &lkey);
290 if (!lkey || IS_DECRYPTED(lkey->lk_flags))
293 acl_count = acl ? acl->a_count : 0;
294 kcontext_size = crypto_kcontext_size(acl_count);
295 OBD_ALLOC(kcontext, kcontext_size);
297 GOTO(out, rc = -ENOMEM);
299 flags = mds_pack_open_flags(it->it_flags);
301 spin_lock(&lli->lli_lock);
302 ll_init_key_context(kcontext, inode->i_uid, inode->i_gid, &lkey->lk_ck,
303 acl, inode->i_mode, GKS_DECRYPT_KEY, flags);
305 spin_unlock(&lli->lli_lock);
307 OBD_ALLOC(kperm, sizeof(struct key_perm));
308 ll_init_key_perm(kperm, NULL, current->uid, current->gid, 0);
310 kparms.context = kcontext;
311 kparms.context_size = kcontext_size;
313 kparms.perm_size = sizeof(struct key_perm);
315 ck_size = sizeof(*ckey);
316 OBD_ALLOC(ckey, ck_size);
318 GOTO(out, rc = -ENOMEM);
320 /*GET an encrypt key from GS server*/
321 rc = obd_get_info(gs_exp, sizeof(struct key_parms), (void *)&kparms,
324 CERROR("decrypt key error rc %d \n", rc);
327 CDEBUG(D_INFO, "decrypt key %s MAC %s from exp %p \n",
328 ckey->ck_mac, ckey->ck_mac, gs_exp);
330 /*copy the decrypt key from kcontext to the lustre key*/
332 spin_lock(&lli->lli_lock);
333 memcpy(&lkey->lk_ck, ckey, sizeof(*ckey));
334 SET_DECRYPTED(lkey->lk_flags);
335 spin_unlock(&lli->lli_lock);
338 posix_acl_release(acl);
340 lustre_key_release(lkey);
342 OBD_FREE(kperm, sizeof(struct key_perm));
344 OBD_FREE(kcontext, kcontext_size);
346 OBD_FREE(ckey, ck_size);
349 static void get_real_parameters(struct inode *inode, struct iattr *iattr,
350 struct posix_acl *new_acl, mode_t *mode,
351 __u32 *uid, __u32 *gid)
355 if (iattr->ia_valid & ATTR_MODE) {
356 *mode = iattr->ia_mode;
358 *mode = inode->i_mode;
360 posix_acl_equiv_mode(new_acl, mode);
361 CDEBUG(D_INFO, "get new mode %d \n", *mode);
365 if (iattr->ia_valid & ATTR_UID)
366 *uid = iattr->ia_uid;
370 if (iattr->ia_valid & ATTR_GID)
371 *gid = iattr->ia_gid;
376 int ll_gks_get_mac(struct inode *inode, struct iattr *iattr, void *value,
377 int size, void **key, int *key_size)
379 struct ll_inode_info *lli = ll_i2info(inode);
380 struct obd_export *gs_exp = ll_i2gsexp(inode);
381 struct key_context *kcontext = NULL;
382 struct key_perm *kperm = NULL;
383 struct key_parms kparms;
384 struct lustre_key *lkey = NULL;
385 struct posix_acl *acl = NULL, *new_acl = NULL;
386 int rc = 0, kperm_size = 0, kcontext_size = 0;
396 rc = ll_get_acl_key(inode, &acl, &lkey);
402 acl_count = acl ? acl->a_count : 0;
403 kcontext_size = crypto_kcontext_size(acl_count);
404 OBD_ALLOC(kcontext, kcontext_size);
406 GOTO(out, rc = -ENOMEM);
407 spin_lock(&lli->lli_lock);
408 ll_init_key_context(kcontext, inode->i_uid, inode->i_gid, &lkey->lk_ck,
409 acl, inode->i_mode, GKS_GET_MAC, iattr->ia_valid);
410 spin_unlock(&lli->lli_lock);
412 new_acl = posix_acl_from_xattr(value, size);
413 if (IS_ERR(new_acl)) {
414 rc = PTR_ERR(new_acl);
415 CERROR("convert from xattr to acl error: %d",rc);
418 } else if (new_acl) {
419 rc = posix_acl_valid(new_acl);
421 CERROR("acl valid error: %d", rc);
426 acl_count = new_acl ? new_acl->a_count : 0;
427 kperm_size = crypto_kperm_size(acl_count);
428 OBD_ALLOC(kperm, kperm_size);
429 get_real_parameters(inode, iattr, new_acl, &mac_mode, &uid, &gid);
430 ll_init_key_perm(kperm, new_acl, uid, gid, mac_mode);
431 kparms.context = kcontext;
432 kparms.context_size = kcontext_size;
434 kparms.perm_size = kperm_size;
436 *key_size = sizeof(struct crypto_key);
437 OBD_ALLOC(*key, *key_size);
439 GOTO(out, rc = -ENOMEM);
440 /*GET an encrypt key from GS server*/
441 rc = obd_get_info(gs_exp, sizeof(struct key_parms), (void *)&kparms,
444 CERROR("decrypt key error rc %d \n", rc);
447 printk("come here 5\n");
448 /*copy the decrypt key from kcontext to the lustre key*/
449 spin_lock(&lli->lli_lock);
450 memcpy(&lkey->lk_ck, *key, *key_size);
451 iattr->ia_valid |= ATTR_MAC;
452 spin_unlock(&lli->lli_lock);
455 posix_acl_release(acl);
457 posix_acl_release(new_acl);
459 lustre_key_release(lkey);
461 OBD_FREE(kperm, kperm_size);
463 OBD_FREE(kcontext, kcontext_size);
467 /*key function for calculate the key for countermode method*/
468 static int ll_crypt_cb(struct page *page, __u64 offset, __u64 count,
471 struct inode *inode = page->mapping->host;
472 struct ll_inode_info *lli = ll_i2info(inode);
473 struct lustre_key *lkey = ll_i2info(inode)->lli_key_info;
476 int index = page->index;
483 if (!IS_DECRYPTED(lkey->lk_flags))
485 if (flags == ENCRYPT_DATA && !IS_ENABLE_ENCRYPT(lkey->lk_flags))
487 if (flags == DECRYPT_DATA && !IS_ENABLE_DECRYPT(lkey->lk_flags))
490 /*FIXME: tmp calculate method, should calculate
491 the key according to KEY_TYPE*/
493 spin_lock(&lli->lli_lock);
494 key_ptr = &lkey->lk_ck.ck_key[0];
495 for (i=0; i < KEY_SIZE; i++)
496 data_key += *key_ptr++;
497 spin_unlock(&lli->lli_lock);
500 CDEBUG(D_INFO, "data_key is "LPU64" \n", data_key);
502 ptr = (char *)kmap(page);
505 CDEBUG(D_INFO, "ptr is %s \n", ptr);
506 for (i = 0; i < count; i++)
507 *ptr++ ^= (__u8)data_key;
508 CDEBUG(D_INFO, "encrypted ptr is %s \n", key_ptr);
514 int ll_gs_init_inode_key(struct inode *inode, void *mkey)
516 struct ll_inode_info *lli = ll_i2info(inode);
517 struct crypto_key *key = (struct crypto_key*)mkey;
518 struct lustre_key *lkey = NULL;
524 if (lli->lli_key_info == NULL) {
525 OBD_ALLOC(lkey, sizeof(struct lustre_key));
528 memcpy(&lkey->lk_ck, key, sizeof(*key));
529 atomic_set(&lkey->lk_refcount, 1);
530 SET_UNDECRYPTED(lkey->lk_flags);
531 ENABLE_ENCRYPT(lkey->lk_flags);
532 ENABLE_DECRYPT(lkey->lk_flags);
533 spin_lock(&lli->lli_lock);
534 lli->lli_key_info = lkey;
535 spin_unlock(&lli->lli_lock);
537 lkey = lustre_key_get(lli->lli_key_info);
538 if (!IS_DECRYPTED(lkey->lk_flags)) {
539 if (memcmp(&lkey->lk_ck, key, sizeof(*key))) {
540 CWARN("already have key_info %p in ino %ld \n",
541 lli->lli_key_info, inode->i_ino);
544 spin_lock(&lli->lli_lock);
545 SET_UNDECRYPTED(lkey->lk_flags);
546 memcpy(&lkey->lk_ck, key, sizeof(*key));
547 spin_unlock(&lli->lli_lock);
549 lustre_key_release(lkey);
551 CDEBUG(D_INFO, "set key %s mac %s in inode %lu \n",
552 lli->lli_key_info->lk_ck.ck_mac,
553 lli->lli_key_info->lk_ck.ck_key,
558 static int ll_gs_destroy_key(struct inode *inode)
560 struct ll_inode_info *lli = ll_i2info(inode);
562 spin_lock(&lli->lli_lock);
563 if (lli->lli_key_info) {
564 LASSERTF(atomic_read(&lli->lli_key_info->lk_refcount) == 1,
565 "lk_refcount %d != 1 when destory\n",
566 atomic_read(&lli->lli_key_info->lk_refcount));
567 lustre_key_release(lli->lli_key_info);
568 lli->lli_key_info = NULL;
570 spin_unlock(&lli->lli_lock);
574 struct crypto_helper_ops ll_cgs_ops = {
575 .init_it_key = ll_gks_init_it,
576 .create_key = ll_gks_create_key,
577 .init_inode_key = ll_gs_init_inode_key,
578 .get_mac = ll_gks_get_mac,
579 .decrypt_key = ll_gks_decrypt_key,
580 .destroy_key = ll_gs_destroy_key,
583 int ll_mks_create_key(struct inode *inode, struct lookup_intent *it)
585 struct lustre_intent_data *lustre_data;
586 struct crypto_key *crypto_key;
590 LASSERT(it->d.fs_data != NULL);
591 lustre_data = (struct lustre_intent_data *)it->d.fs_data;
593 if (lustre_data->it_key) {
594 OBD_FREE(lustre_data->it_key, sizeof(struct crypto_key));
596 OBD_ALLOC(crypto_key, sizeof(struct crypto_key));
598 crypto_key->ck_type = MKS_TYPE;
599 lustre_data->it_key = crypto_key;
600 lustre_data->it_key_size = sizeof(struct crypto_key);
604 int ll_mks_init_it(struct inode *parent, struct lookup_intent *it)
612 ll_gs_intent_init(it);
613 if (it->it_op & IT_CREAT) {
614 ll_mks_create_key(parent, it);
619 int ll_mks_decrypt_key(struct inode *inode, struct lookup_intent *it)
621 struct ll_inode_info *lli = ll_i2info(inode);
622 struct lustre_key *lkey = NULL;
623 struct posix_acl *acl = NULL;
628 rc = ll_get_acl_key(inode, &acl, &lkey);
631 spin_lock(&lli->lli_lock);
632 SET_DECRYPTED(lkey->lk_flags);
633 spin_unlock(&lli->lli_lock);
636 posix_acl_release(acl);
638 lustre_key_release(lkey);
642 struct crypto_helper_ops ll_cmd_ops = {
643 .init_it_key = ll_mks_init_it,
644 .init_inode_key = ll_gs_init_inode_key,
645 .decrypt_key = ll_mks_decrypt_key,
646 .destroy_key = ll_gs_destroy_key,
650 static int ll_register_cops(struct ll_crypto_info *llci, char *type,
651 struct crypto_helper_ops *cops)
653 struct list_head *list = &llci->ll_cops_list;
654 struct crypto_ops_item *opi = NULL, *tmp;
655 char *opi_name = NULL;
659 list_for_each_entry(tmp, list, clist) {
660 if (!strcmp(type, tmp->ctype)) {
661 CWARN("%s is already registered\n", type);
667 OBD_ALLOC(opi, sizeof(*opi));
669 OBD_ALLOC(opi_name, strlen(type) + 1);
671 LASSERT(opi && opi_name);
673 memcpy(opi_name, type, strlen(type));
675 opi->ctype = opi_name;
678 list_add_tail(&opi->clist, list);
683 static int ll_init_sb_crypto(struct super_block *sb)
685 struct ll_crypto_info *llci = NULL;
689 OBD_ALLOC(llci, sizeof(*llci));
694 INIT_LIST_HEAD(&llci->ll_cops_list);
696 ll_register_cops(llci, "gks", &ll_cgs_ops);
697 ll_register_cops(llci, "mks", &ll_cmd_ops);
699 ll_s2sbi(sb)->ll_crypto_info = llci;
704 static int ll_unregister_cops(struct ll_crypto_info *llci)
706 struct list_head *list = &llci->ll_cops_list;
707 struct crypto_ops_item *tmp, *item;
709 list_for_each_entry_safe(item, tmp, list, clist) {
710 list_del_init(&item->clist);
711 OBD_FREE(item->ctype, strlen(item->ctype) + 1);
712 OBD_FREE(item, sizeof(*item));
717 int lustre_destroy_crypto(struct super_block *sb)
719 struct ll_crypto_info *llci = ll_s2crpi(sb);
726 obd_disconnect(llci->ll_gt_exp, 0);
728 ll_unregister_cops(llci);
729 OBD_FREE(llci, sizeof(*llci));
733 int lustre_init_crypto(struct super_block *sb, char *gkc,
734 struct obd_connect_data *data,
737 struct obd_device *obd = NULL;
738 struct ll_sb_info *sbi = ll_s2sbi(sb);
739 struct lustre_handle gt_conn;
743 rc = ll_init_sb_crypto(sb);
747 if (!gkc || !strcmp(gkc, "null")) {
748 CDEBUG(D_INFO, "No gks Server\n");
752 obd = class_name2obd(gkc);
754 CERROR("GSC %s: not setup or attached\n", gkc);
755 GOTO(out, rc = -EINVAL);
758 obd_set_info(obd->obd_self_export, strlen("async"), "async",
759 sizeof(async), &async);
761 rc = obd_connect(>_conn, obd, &sbi->ll_sb_uuid, data,
762 OBD_OPT_REAL_CLIENT);
764 CERROR("cannot connect to %s: rc = %d\n", gkc, rc);
767 ll_s2crpi(sb)->ll_gt_exp = class_conn2export(>_conn);
770 lustre_destroy_crypto(sb);
773 struct crypto_helper_ops *
774 ll_gks_find_ops(struct ll_crypto_info *llc_info, char *type)
776 struct list_head *list = &llc_info->ll_cops_list;
777 struct crypto_ops_item *tmp;
780 list_for_each_entry(tmp, list, clist) {
781 if (!strcmp(type, tmp->ctype)) {
786 CERROR("can not find crypto api %s \n", type);
790 int ll_set_sb_gksinfo(struct super_block *sb, char *type)
792 struct ll_crypto_info *llci = ll_s2crpi(sb);
793 struct obd_export *md_exp = ll_s2mdexp(sb);
794 struct obd_export *dt_exp = ll_s2dtexp(sb);
795 struct crypto_helper_ops *ops;
799 /*try to find the helper ops according to the type*/
800 ops = ll_gks_find_ops(llci, type);
802 CERROR("can not find the crypto ops by type %s \n", type);
807 rc = obd_set_info(md_exp, strlen("crypto_type"), "crypto_type",
810 /*set crypt call back func*/
812 rc = obd_set_info(dt_exp, strlen("crypto_cb"), "crypto_cb",
813 sizeof(crypt_cb_t), &ll_crypt_cb);