4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Use is subject to license terms.
26 * Copyright (c) 2011, 2012, Intel Corporation.
29 * This file is part of Lustre, http://www.lustre.org/
30 * Lustre is a trademark of Sun Microsystems, Inc.
34 * Author: Eric Mei <ericm@clusterfs.com>
37 #define DEBUG_SUBSYSTEM S_SEC
39 #include "../../include/linux/libcfs/libcfs.h"
40 #include <linux/crypto.h>
41 #include <linux/key.h>
43 #include "../include/obd.h"
44 #include "../include/obd_class.h"
45 #include "../include/obd_support.h"
46 #include "../include/lustre_net.h"
47 #include "../include/lustre_import.h"
48 #include "../include/lustre_dlm.h"
49 #include "../include/lustre_sec.h"
51 #include "ptlrpc_internal.h"
53 /***********************************************
55 ***********************************************/
57 static rwlock_t policy_lock;
58 static struct ptlrpc_sec_policy *policies[SPTLRPC_POLICY_MAX] = {
62 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy)
64 __u16 number = policy->sp_policy;
66 LASSERT(policy->sp_name);
67 LASSERT(policy->sp_cops);
68 LASSERT(policy->sp_sops);
70 if (number >= SPTLRPC_POLICY_MAX)
73 write_lock(&policy_lock);
74 if (unlikely(policies[number])) {
75 write_unlock(&policy_lock);
78 policies[number] = policy;
79 write_unlock(&policy_lock);
81 CDEBUG(D_SEC, "%s: registered\n", policy->sp_name);
84 EXPORT_SYMBOL(sptlrpc_register_policy);
86 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy)
88 __u16 number = policy->sp_policy;
90 LASSERT(number < SPTLRPC_POLICY_MAX);
92 write_lock(&policy_lock);
93 if (unlikely(!policies[number])) {
94 write_unlock(&policy_lock);
95 CERROR("%s: already unregistered\n", policy->sp_name);
99 LASSERT(policies[number] == policy);
100 policies[number] = NULL;
101 write_unlock(&policy_lock);
103 CDEBUG(D_SEC, "%s: unregistered\n", policy->sp_name);
106 EXPORT_SYMBOL(sptlrpc_unregister_policy);
109 struct ptlrpc_sec_policy *sptlrpc_wireflavor2policy(__u32 flavor)
111 static DEFINE_MUTEX(load_mutex);
112 static atomic_t loaded = ATOMIC_INIT(0);
113 struct ptlrpc_sec_policy *policy;
114 __u16 number = SPTLRPC_FLVR_POLICY(flavor);
117 if (number >= SPTLRPC_POLICY_MAX)
121 read_lock(&policy_lock);
122 policy = policies[number];
123 if (policy && !try_module_get(policy->sp_owner))
126 flag = atomic_read(&loaded);
127 read_unlock(&policy_lock);
129 if (policy || flag != 0 ||
130 number != SPTLRPC_POLICY_GSS)
133 /* try to load gss module, once */
134 mutex_lock(&load_mutex);
135 if (atomic_read(&loaded) == 0) {
136 if (request_module("ptlrpc_gss") == 0)
138 "module ptlrpc_gss loaded on demand\n");
140 CERROR("Unable to load module ptlrpc_gss\n");
142 atomic_set(&loaded, 1);
144 mutex_unlock(&load_mutex);
150 __u32 sptlrpc_name2flavor_base(const char *name)
152 if (!strcmp(name, "null"))
153 return SPTLRPC_FLVR_NULL;
154 if (!strcmp(name, "plain"))
155 return SPTLRPC_FLVR_PLAIN;
156 if (!strcmp(name, "krb5n"))
157 return SPTLRPC_FLVR_KRB5N;
158 if (!strcmp(name, "krb5a"))
159 return SPTLRPC_FLVR_KRB5A;
160 if (!strcmp(name, "krb5i"))
161 return SPTLRPC_FLVR_KRB5I;
162 if (!strcmp(name, "krb5p"))
163 return SPTLRPC_FLVR_KRB5P;
165 return SPTLRPC_FLVR_INVALID;
167 EXPORT_SYMBOL(sptlrpc_name2flavor_base);
169 const char *sptlrpc_flavor2name_base(__u32 flvr)
171 __u32 base = SPTLRPC_FLVR_BASE(flvr);
173 if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_NULL))
175 else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_PLAIN))
177 else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5N))
179 else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5A))
181 else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5I))
183 else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5P))
186 CERROR("invalid wire flavor 0x%x\n", flvr);
189 EXPORT_SYMBOL(sptlrpc_flavor2name_base);
191 char *sptlrpc_flavor2name_bulk(struct sptlrpc_flavor *sf,
192 char *buf, int bufsize)
194 if (SPTLRPC_FLVR_POLICY(sf->sf_rpc) == SPTLRPC_POLICY_PLAIN)
195 snprintf(buf, bufsize, "hash:%s",
196 sptlrpc_get_hash_name(sf->u_bulk.hash.hash_alg));
198 snprintf(buf, bufsize, "%s",
199 sptlrpc_flavor2name_base(sf->sf_rpc));
201 buf[bufsize - 1] = '\0';
204 EXPORT_SYMBOL(sptlrpc_flavor2name_bulk);
206 char *sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize)
208 strlcpy(buf, sptlrpc_flavor2name_base(sf->sf_rpc), bufsize);
211 * currently we don't support customized bulk specification for
212 * flavors other than plain
214 if (SPTLRPC_FLVR_POLICY(sf->sf_rpc) == SPTLRPC_POLICY_PLAIN) {
218 sptlrpc_flavor2name_bulk(sf, &bspec[1], sizeof(bspec) - 1);
219 strlcat(buf, bspec, bufsize);
224 EXPORT_SYMBOL(sptlrpc_flavor2name);
226 static char *sptlrpc_secflags2str(__u32 flags, char *buf, int bufsize)
230 if (flags & PTLRPC_SEC_FL_REVERSE)
231 strlcat(buf, "reverse,", bufsize);
232 if (flags & PTLRPC_SEC_FL_ROOTONLY)
233 strlcat(buf, "rootonly,", bufsize);
234 if (flags & PTLRPC_SEC_FL_UDESC)
235 strlcat(buf, "udesc,", bufsize);
236 if (flags & PTLRPC_SEC_FL_BULK)
237 strlcat(buf, "bulk,", bufsize);
239 strlcat(buf, "-,", bufsize);
244 /**************************************************
245 * client context APIs *
246 **************************************************/
249 struct ptlrpc_cli_ctx *get_my_ctx(struct ptlrpc_sec *sec)
251 struct vfs_cred vcred;
252 int create = 1, remove_dead = 1;
255 LASSERT(sec->ps_policy->sp_cops->lookup_ctx);
257 if (sec->ps_flvr.sf_flags & (PTLRPC_SEC_FL_REVERSE |
258 PTLRPC_SEC_FL_ROOTONLY)) {
261 if (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE) {
266 vcred.vc_uid = from_kuid(&init_user_ns, current_uid());
267 vcred.vc_gid = from_kgid(&init_user_ns, current_gid());
270 return sec->ps_policy->sp_cops->lookup_ctx(sec, &vcred,
271 create, remove_dead);
274 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx)
276 atomic_inc(&ctx->cc_refcount);
279 EXPORT_SYMBOL(sptlrpc_cli_ctx_get);
281 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync)
283 struct ptlrpc_sec *sec = ctx->cc_sec;
286 LASSERT_ATOMIC_POS(&ctx->cc_refcount);
288 if (!atomic_dec_and_test(&ctx->cc_refcount))
291 sec->ps_policy->sp_cops->release_ctx(sec, ctx, sync);
293 EXPORT_SYMBOL(sptlrpc_cli_ctx_put);
295 static int import_sec_check_expire(struct obd_import *imp)
299 spin_lock(&imp->imp_lock);
300 if (imp->imp_sec_expire &&
301 imp->imp_sec_expire < ktime_get_real_seconds()) {
303 imp->imp_sec_expire = 0;
305 spin_unlock(&imp->imp_lock);
310 CDEBUG(D_SEC, "found delayed sec adapt expired, do it now\n");
311 return sptlrpc_import_sec_adapt(imp, NULL, NULL);
315 * Get and validate the client side ptlrpc security facilities from
316 * \a imp. There is a race condition on client reconnect when the import is
317 * being destroyed while there are outstanding client bound requests. In
318 * this case do not output any error messages if import secuity is not
321 * \param[in] imp obd import associated with client
322 * \param[out] sec client side ptlrpc security
324 * \retval 0 if security retrieved successfully
325 * \retval -ve errno if there was a problem
327 static int import_sec_validate_get(struct obd_import *imp,
328 struct ptlrpc_sec **sec)
332 if (unlikely(imp->imp_sec_expire)) {
333 rc = import_sec_check_expire(imp);
338 *sec = sptlrpc_import_sec_ref(imp);
339 /* Only output an error when the import is still active */
341 if (list_empty(&imp->imp_zombie_chain))
342 CERROR("import %p (%s) with no sec\n",
343 imp, ptlrpc_import_state_name(imp->imp_state));
347 if (unlikely((*sec)->ps_dying)) {
348 CERROR("attempt to use dying sec %p\n", sec);
349 sptlrpc_sec_put(*sec);
357 * Given a \a req, find or allocate a appropriate context for it.
358 * \pre req->rq_cli_ctx == NULL.
360 * \retval 0 succeed, and req->rq_cli_ctx is set.
361 * \retval -ev error number, and req->rq_cli_ctx == NULL.
363 int sptlrpc_req_get_ctx(struct ptlrpc_request *req)
365 struct obd_import *imp = req->rq_import;
366 struct ptlrpc_sec *sec;
369 LASSERT(!req->rq_cli_ctx);
372 rc = import_sec_validate_get(imp, &sec);
376 req->rq_cli_ctx = get_my_ctx(sec);
378 sptlrpc_sec_put(sec);
380 if (!req->rq_cli_ctx) {
381 CERROR("req %p: fail to get context\n", req);
389 * Drop the context for \a req.
390 * \pre req->rq_cli_ctx != NULL.
391 * \post req->rq_cli_ctx == NULL.
393 * If \a sync == 0, this function should return quickly without sleep;
394 * otherwise it might trigger and wait for the whole process of sending
395 * an context-destroying rpc to server.
397 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync)
400 LASSERT(req->rq_cli_ctx);
402 /* request might be asked to release earlier while still
403 * in the context waiting list.
405 if (!list_empty(&req->rq_ctx_chain)) {
406 spin_lock(&req->rq_cli_ctx->cc_lock);
407 list_del_init(&req->rq_ctx_chain);
408 spin_unlock(&req->rq_cli_ctx->cc_lock);
411 sptlrpc_cli_ctx_put(req->rq_cli_ctx, sync);
412 req->rq_cli_ctx = NULL;
416 int sptlrpc_req_ctx_switch(struct ptlrpc_request *req,
417 struct ptlrpc_cli_ctx *oldctx,
418 struct ptlrpc_cli_ctx *newctx)
420 struct sptlrpc_flavor old_flvr;
421 char *reqmsg = NULL; /* to workaround old gcc */
425 LASSERT(req->rq_reqmsg);
426 LASSERT(req->rq_reqlen);
427 LASSERT(req->rq_replen);
429 CDEBUG(D_SEC, "req %p: switch ctx %p(%u->%s) -> %p(%u->%s), switch sec %p(%s) -> %p(%s)\n",
431 oldctx, oldctx->cc_vcred.vc_uid, sec2target_str(oldctx->cc_sec),
432 newctx, newctx->cc_vcred.vc_uid, sec2target_str(newctx->cc_sec),
433 oldctx->cc_sec, oldctx->cc_sec->ps_policy->sp_name,
434 newctx->cc_sec, newctx->cc_sec->ps_policy->sp_name);
437 old_flvr = req->rq_flvr;
439 /* save request message */
440 reqmsg_size = req->rq_reqlen;
441 if (reqmsg_size != 0) {
442 reqmsg = libcfs_kvzalloc(reqmsg_size, GFP_NOFS);
445 memcpy(reqmsg, req->rq_reqmsg, reqmsg_size);
448 /* release old req/rep buf */
449 req->rq_cli_ctx = oldctx;
450 sptlrpc_cli_free_reqbuf(req);
451 sptlrpc_cli_free_repbuf(req);
452 req->rq_cli_ctx = newctx;
454 /* recalculate the flavor */
455 sptlrpc_req_set_flavor(req, 0);
457 /* alloc new request buffer
458 * we don't need to alloc reply buffer here, leave it to the
459 * rest procedure of ptlrpc
461 if (reqmsg_size != 0) {
462 rc = sptlrpc_cli_alloc_reqbuf(req, reqmsg_size);
464 LASSERT(req->rq_reqmsg);
465 memcpy(req->rq_reqmsg, reqmsg, reqmsg_size);
467 CWARN("failed to alloc reqbuf: %d\n", rc);
468 req->rq_flvr = old_flvr;
477 * If current context of \a req is dead somehow, e.g. we just switched flavor
478 * thus marked original contexts dead, we'll find a new context for it. if
479 * no switch is needed, \a req will end up with the same context.
481 * \note a request must have a context, to keep other parts of code happy.
482 * In any case of failure during the switching, we must restore the old one.
484 static int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req)
486 struct ptlrpc_cli_ctx *oldctx = req->rq_cli_ctx;
487 struct ptlrpc_cli_ctx *newctx;
492 sptlrpc_cli_ctx_get(oldctx);
493 sptlrpc_req_put_ctx(req, 0);
495 rc = sptlrpc_req_get_ctx(req);
497 LASSERT(!req->rq_cli_ctx);
499 /* restore old ctx */
500 req->rq_cli_ctx = oldctx;
504 newctx = req->rq_cli_ctx;
507 if (unlikely(newctx == oldctx &&
508 test_bit(PTLRPC_CTX_DEAD_BIT, &oldctx->cc_flags))) {
510 * still get the old dead ctx, usually means system too busy
513 "ctx (%p, fl %lx) doesn't switch, relax a little bit\n",
514 newctx, newctx->cc_flags);
516 set_current_state(TASK_INTERRUPTIBLE);
517 schedule_timeout(msecs_to_jiffies(MSEC_PER_SEC));
520 * it's possible newctx == oldctx if we're switching
521 * subflavor with the same sec.
523 rc = sptlrpc_req_ctx_switch(req, oldctx, newctx);
525 /* restore old ctx */
526 sptlrpc_req_put_ctx(req, 0);
527 req->rq_cli_ctx = oldctx;
531 LASSERT(req->rq_cli_ctx == newctx);
534 sptlrpc_cli_ctx_put(oldctx, 1);
539 int ctx_check_refresh(struct ptlrpc_cli_ctx *ctx)
541 if (cli_ctx_is_refreshed(ctx))
547 int ctx_refresh_timeout(void *data)
549 struct ptlrpc_request *req = data;
552 /* conn_cnt is needed in expire_one_request */
553 lustre_msg_set_conn_cnt(req->rq_reqmsg, req->rq_import->imp_conn_cnt);
555 rc = ptlrpc_expire_one_request(req, 1);
556 /* if we started recovery, we should mark this ctx dead; otherwise
557 * in case of lgssd died nobody would retire this ctx, following
558 * connecting will still find the same ctx thus cause deadlock.
559 * there's an assumption that expire time of the request should be
560 * later than the context refresh expire time.
563 req->rq_cli_ctx->cc_ops->force_die(req->rq_cli_ctx, 0);
568 void ctx_refresh_interrupt(void *data)
570 struct ptlrpc_request *req = data;
572 spin_lock(&req->rq_lock);
574 spin_unlock(&req->rq_lock);
578 void req_off_ctx_list(struct ptlrpc_request *req, struct ptlrpc_cli_ctx *ctx)
580 spin_lock(&ctx->cc_lock);
581 if (!list_empty(&req->rq_ctx_chain))
582 list_del_init(&req->rq_ctx_chain);
583 spin_unlock(&ctx->cc_lock);
587 * To refresh the context of \req, if it's not up-to-date.
590 * - = 0: wait until success or fatal error occur
591 * - > 0: timeout value (in seconds)
593 * The status of the context could be subject to be changed by other threads
594 * at any time. We allow this race, but once we return with 0, the caller will
595 * suppose it's uptodated and keep using it until the owning rpc is done.
597 * \retval 0 only if the context is uptodated.
598 * \retval -ev error number.
600 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout)
602 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
603 struct ptlrpc_sec *sec;
604 struct l_wait_info lwi;
609 if (req->rq_ctx_init || req->rq_ctx_fini)
613 * during the process a request's context might change type even
614 * (e.g. from gss ctx to null ctx), so each loop we need to re-check
618 rc = import_sec_validate_get(req->rq_import, &sec);
622 if (sec->ps_flvr.sf_rpc != req->rq_flvr.sf_rpc) {
623 CDEBUG(D_SEC, "req %p: flavor has changed %x -> %x\n",
624 req, req->rq_flvr.sf_rpc, sec->ps_flvr.sf_rpc);
625 req_off_ctx_list(req, ctx);
626 sptlrpc_req_replace_dead_ctx(req);
627 ctx = req->rq_cli_ctx;
629 sptlrpc_sec_put(sec);
631 if (cli_ctx_is_eternal(ctx))
634 if (unlikely(test_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags))) {
635 LASSERT(ctx->cc_ops->refresh);
636 ctx->cc_ops->refresh(ctx);
638 LASSERT(test_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags) == 0);
640 LASSERT(ctx->cc_ops->validate);
641 if (ctx->cc_ops->validate(ctx) == 0) {
642 req_off_ctx_list(req, ctx);
646 if (unlikely(test_bit(PTLRPC_CTX_ERROR_BIT, &ctx->cc_flags))) {
647 spin_lock(&req->rq_lock);
649 spin_unlock(&req->rq_lock);
650 req_off_ctx_list(req, ctx);
655 * There's a subtle issue for resending RPCs, suppose following
657 * 1. the request was sent to server.
658 * 2. recovery was kicked start, after finished the request was
660 * 3. resend the request.
661 * 4. old reply from server received, we accept and verify the reply.
662 * this has to be success, otherwise the error will be aware
664 * 5. new reply from server received, dropped by LNet.
666 * Note the xid of old & new request is the same. We can't simply
667 * change xid for the resent request because the server replies on
668 * it for reply reconstruction.
670 * Commonly the original context should be uptodate because we
671 * have a expiry nice time; server will keep its context because
672 * we at least hold a ref of old context which prevent context
673 * destroying RPC being sent. So server still can accept the request
674 * and finish the RPC. But if that's not the case:
675 * 1. If server side context has been trimmed, a NO_CONTEXT will
676 * be returned, gss_cli_ctx_verify/unseal will switch to new
678 * 2. Current context never be refreshed, then we are fine: we
679 * never really send request with old context before.
681 if (test_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags) &&
682 unlikely(req->rq_reqmsg) &&
683 lustre_msg_get_flags(req->rq_reqmsg) & MSG_RESENT) {
684 req_off_ctx_list(req, ctx);
688 if (unlikely(test_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags))) {
689 req_off_ctx_list(req, ctx);
691 * don't switch ctx if import was deactivated
693 if (req->rq_import->imp_deactive) {
694 spin_lock(&req->rq_lock);
696 spin_unlock(&req->rq_lock);
700 rc = sptlrpc_req_replace_dead_ctx(req);
702 LASSERT(ctx == req->rq_cli_ctx);
703 CERROR("req %p: failed to replace dead ctx %p: %d\n",
705 spin_lock(&req->rq_lock);
707 spin_unlock(&req->rq_lock);
711 ctx = req->rq_cli_ctx;
716 * Now we're sure this context is during upcall, add myself into
719 spin_lock(&ctx->cc_lock);
720 if (list_empty(&req->rq_ctx_chain))
721 list_add(&req->rq_ctx_chain, &ctx->cc_req_list);
722 spin_unlock(&ctx->cc_lock);
727 /* Clear any flags that may be present from previous sends */
728 LASSERT(req->rq_receiving_reply == 0);
729 spin_lock(&req->rq_lock);
731 req->rq_timedout = 0;
734 spin_unlock(&req->rq_lock);
736 lwi = LWI_TIMEOUT_INTR(msecs_to_jiffies(timeout * MSEC_PER_SEC),
737 ctx_refresh_timeout, ctx_refresh_interrupt,
739 rc = l_wait_event(req->rq_reply_waitq, ctx_check_refresh(ctx), &lwi);
742 * following cases could lead us here:
743 * - successfully refreshed;
745 * - timedout, and we don't want recover from the failure;
746 * - timedout, and waked up upon recovery finished;
747 * - someone else mark this ctx dead by force;
748 * - someone invalidate the req and call ptlrpc_client_wake_req(),
749 * e.g. ptlrpc_abort_inflight();
751 if (!cli_ctx_is_refreshed(ctx)) {
752 /* timed out or interrupted */
753 req_off_ctx_list(req, ctx);
763 * Initialize flavor settings for \a req, according to \a opcode.
765 * \note this could be called in two situations:
766 * - new request from ptlrpc_pre_req(), with proper @opcode
767 * - old request which changed ctx in the middle, with @opcode == 0
769 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode)
771 struct ptlrpc_sec *sec;
773 LASSERT(req->rq_import);
774 LASSERT(req->rq_cli_ctx);
775 LASSERT(req->rq_cli_ctx->cc_sec);
776 LASSERT(req->rq_bulk_read == 0 || req->rq_bulk_write == 0);
778 /* special security flags according to opcode */
782 case MGS_CONFIG_READ:
784 req->rq_bulk_read = 1;
788 req->rq_bulk_write = 1;
791 req->rq_ctx_init = 1;
794 req->rq_ctx_fini = 1;
797 /* init/fini rpc won't be resend, so can't be here */
798 LASSERT(req->rq_ctx_init == 0);
799 LASSERT(req->rq_ctx_fini == 0);
801 /* cleanup flags, which should be recalculated */
802 req->rq_pack_udesc = 0;
803 req->rq_pack_bulk = 0;
807 sec = req->rq_cli_ctx->cc_sec;
809 spin_lock(&sec->ps_lock);
810 req->rq_flvr = sec->ps_flvr;
811 spin_unlock(&sec->ps_lock);
813 /* force SVC_NULL for context initiation rpc, SVC_INTG for context
816 if (unlikely(req->rq_ctx_init))
817 flvr_set_svc(&req->rq_flvr.sf_rpc, SPTLRPC_SVC_NULL);
818 else if (unlikely(req->rq_ctx_fini))
819 flvr_set_svc(&req->rq_flvr.sf_rpc, SPTLRPC_SVC_INTG);
821 /* user descriptor flag, null security can't do it anyway */
822 if ((sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_UDESC) &&
823 (req->rq_flvr.sf_rpc != SPTLRPC_FLVR_NULL))
824 req->rq_pack_udesc = 1;
826 /* bulk security flag */
827 if ((req->rq_bulk_read || req->rq_bulk_write) &&
828 sptlrpc_flavor_has_bulk(&req->rq_flvr))
829 req->rq_pack_bulk = 1;
832 void sptlrpc_request_out_callback(struct ptlrpc_request *req)
834 if (SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc) != SPTLRPC_SVC_PRIV)
837 LASSERT(req->rq_clrbuf);
838 if (req->rq_pool || !req->rq_reqbuf)
841 kfree(req->rq_reqbuf);
842 req->rq_reqbuf = NULL;
843 req->rq_reqbuf_len = 0;
847 * Given an import \a imp, check whether current user has a valid context
848 * or not. We may create a new context and try to refresh it, and try
849 * repeatedly try in case of non-fatal errors. Return 0 means success.
851 int sptlrpc_import_check_ctx(struct obd_import *imp)
853 struct ptlrpc_sec *sec;
854 struct ptlrpc_cli_ctx *ctx;
855 struct ptlrpc_request *req = NULL;
860 sec = sptlrpc_import_sec_ref(imp);
861 ctx = get_my_ctx(sec);
862 sptlrpc_sec_put(sec);
867 if (cli_ctx_is_eternal(ctx) ||
868 ctx->cc_ops->validate(ctx) == 0) {
869 sptlrpc_cli_ctx_put(ctx, 1);
873 if (cli_ctx_is_error(ctx)) {
874 sptlrpc_cli_ctx_put(ctx, 1);
878 req = ptlrpc_request_cache_alloc(GFP_NOFS);
882 ptlrpc_cli_req_init(req);
883 atomic_set(&req->rq_refcount, 10000);
885 req->rq_import = imp;
886 req->rq_flvr = sec->ps_flvr;
887 req->rq_cli_ctx = ctx;
889 rc = sptlrpc_req_refresh_ctx(req, 0);
890 LASSERT(list_empty(&req->rq_ctx_chain));
891 sptlrpc_cli_ctx_put(req->rq_cli_ctx, 1);
892 ptlrpc_request_cache_free(req);
898 * Used by ptlrpc client, to perform the pre-defined security transformation
899 * upon the request message of \a req. After this function called,
900 * req->rq_reqmsg is still accessible as clear text.
902 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req)
904 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
908 LASSERT(ctx->cc_sec);
909 LASSERT(req->rq_reqbuf || req->rq_clrbuf);
911 /* we wrap bulk request here because now we can be sure
912 * the context is uptodate.
915 rc = sptlrpc_cli_wrap_bulk(req, req->rq_bulk);
920 switch (SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc)) {
921 case SPTLRPC_SVC_NULL:
922 case SPTLRPC_SVC_AUTH:
923 case SPTLRPC_SVC_INTG:
924 LASSERT(ctx->cc_ops->sign);
925 rc = ctx->cc_ops->sign(ctx, req);
927 case SPTLRPC_SVC_PRIV:
928 LASSERT(ctx->cc_ops->seal);
929 rc = ctx->cc_ops->seal(ctx, req);
936 LASSERT(req->rq_reqdata_len);
937 LASSERT(req->rq_reqdata_len % 8 == 0);
938 LASSERT(req->rq_reqdata_len <= req->rq_reqbuf_len);
944 static int do_cli_unwrap_reply(struct ptlrpc_request *req)
946 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
950 LASSERT(ctx->cc_sec);
951 LASSERT(req->rq_repbuf);
952 LASSERT(req->rq_repdata);
953 LASSERT(!req->rq_repmsg);
955 req->rq_rep_swab_mask = 0;
957 rc = __lustre_unpack_msg(req->rq_repdata, req->rq_repdata_len);
960 lustre_set_rep_swabbed(req, MSG_PTLRPC_HEADER_OFF);
964 CERROR("failed unpack reply: x%llu\n", req->rq_xid);
968 if (req->rq_repdata_len < sizeof(struct lustre_msg)) {
969 CERROR("replied data length %d too small\n",
970 req->rq_repdata_len);
974 if (SPTLRPC_FLVR_POLICY(req->rq_repdata->lm_secflvr) !=
975 SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc)) {
976 CERROR("reply policy %u doesn't match request policy %u\n",
977 SPTLRPC_FLVR_POLICY(req->rq_repdata->lm_secflvr),
978 SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc));
982 switch (SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc)) {
983 case SPTLRPC_SVC_NULL:
984 case SPTLRPC_SVC_AUTH:
985 case SPTLRPC_SVC_INTG:
986 LASSERT(ctx->cc_ops->verify);
987 rc = ctx->cc_ops->verify(ctx, req);
989 case SPTLRPC_SVC_PRIV:
990 LASSERT(ctx->cc_ops->unseal);
991 rc = ctx->cc_ops->unseal(ctx, req);
996 LASSERT(rc || req->rq_repmsg || req->rq_resend);
998 if (SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc) != SPTLRPC_POLICY_NULL &&
1000 req->rq_rep_swab_mask = 0;
1005 * Used by ptlrpc client, to perform security transformation upon the reply
1006 * message of \a req. After return successfully, req->rq_repmsg points to
1007 * the reply message in clear text.
1009 * \pre the reply buffer should have been un-posted from LNet, so nothing is
1012 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req)
1014 LASSERT(req->rq_repbuf);
1015 LASSERT(!req->rq_repdata);
1016 LASSERT(!req->rq_repmsg);
1017 LASSERT(req->rq_reply_off + req->rq_nob_received <= req->rq_repbuf_len);
1019 if (req->rq_reply_off == 0 &&
1020 (lustre_msghdr_get_flags(req->rq_reqmsg) & MSGHDR_AT_SUPPORT)) {
1021 CERROR("real reply with offset 0\n");
1025 if (req->rq_reply_off % 8 != 0) {
1026 CERROR("reply at odd offset %u\n", req->rq_reply_off);
1030 req->rq_repdata = (struct lustre_msg *)
1031 (req->rq_repbuf + req->rq_reply_off);
1032 req->rq_repdata_len = req->rq_nob_received;
1034 return do_cli_unwrap_reply(req);
1038 * Used by ptlrpc client, to perform security transformation upon the early
1039 * reply message of \a req. We expect the rq_reply_off is 0, and
1040 * rq_nob_received is the early reply size.
1042 * Because the receive buffer might be still posted, the reply data might be
1043 * changed at any time, no matter we're holding rq_lock or not. For this reason
1044 * we allocate a separate ptlrpc_request and reply buffer for early reply
1047 * \retval 0 success, \a req_ret is filled with a duplicated ptlrpc_request.
1048 * Later the caller must call sptlrpc_cli_finish_early_reply() on the returned
1049 * \a *req_ret to release it.
1050 * \retval -ev error number, and \a req_ret will not be set.
1052 int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
1053 struct ptlrpc_request **req_ret)
1055 struct ptlrpc_request *early_req;
1057 int early_bufsz, early_size;
1060 early_req = ptlrpc_request_cache_alloc(GFP_NOFS);
1064 ptlrpc_cli_req_init(early_req);
1066 early_size = req->rq_nob_received;
1067 early_bufsz = size_roundup_power2(early_size);
1068 early_buf = libcfs_kvzalloc(early_bufsz, GFP_NOFS);
1074 /* sanity checkings and copy data out, do it inside spinlock */
1075 spin_lock(&req->rq_lock);
1077 if (req->rq_replied) {
1078 spin_unlock(&req->rq_lock);
1083 LASSERT(req->rq_repbuf);
1084 LASSERT(!req->rq_repdata);
1085 LASSERT(!req->rq_repmsg);
1087 if (req->rq_reply_off != 0) {
1088 CERROR("early reply with offset %u\n", req->rq_reply_off);
1089 spin_unlock(&req->rq_lock);
1094 if (req->rq_nob_received != early_size) {
1095 /* even another early arrived the size should be the same */
1096 CERROR("data size has changed from %u to %u\n",
1097 early_size, req->rq_nob_received);
1098 spin_unlock(&req->rq_lock);
1103 if (req->rq_nob_received < sizeof(struct lustre_msg)) {
1104 CERROR("early reply length %d too small\n",
1105 req->rq_nob_received);
1106 spin_unlock(&req->rq_lock);
1111 memcpy(early_buf, req->rq_repbuf, early_size);
1112 spin_unlock(&req->rq_lock);
1114 early_req->rq_cli_ctx = sptlrpc_cli_ctx_get(req->rq_cli_ctx);
1115 early_req->rq_flvr = req->rq_flvr;
1116 early_req->rq_repbuf = early_buf;
1117 early_req->rq_repbuf_len = early_bufsz;
1118 early_req->rq_repdata = (struct lustre_msg *)early_buf;
1119 early_req->rq_repdata_len = early_size;
1120 early_req->rq_early = 1;
1121 early_req->rq_reqmsg = req->rq_reqmsg;
1123 rc = do_cli_unwrap_reply(early_req);
1125 DEBUG_REQ(D_ADAPTTO, early_req,
1126 "error %d unwrap early reply", rc);
1130 LASSERT(early_req->rq_repmsg);
1131 *req_ret = early_req;
1135 sptlrpc_cli_ctx_put(early_req->rq_cli_ctx, 1);
1139 ptlrpc_request_cache_free(early_req);
1144 * Used by ptlrpc client, to release a processed early reply \a early_req.
1146 * \pre \a early_req was obtained from calling sptlrpc_cli_unwrap_early_reply().
1148 void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req)
1150 LASSERT(early_req->rq_repbuf);
1151 LASSERT(early_req->rq_repdata);
1152 LASSERT(early_req->rq_repmsg);
1154 sptlrpc_cli_ctx_put(early_req->rq_cli_ctx, 1);
1155 kvfree(early_req->rq_repbuf);
1156 ptlrpc_request_cache_free(early_req);
1159 /**************************************************
1161 **************************************************/
1164 * "fixed" sec (e.g. null) use sec_id < 0
1166 static atomic_t sptlrpc_sec_id = ATOMIC_INIT(1);
1168 int sptlrpc_get_next_secid(void)
1170 return atomic_inc_return(&sptlrpc_sec_id);
1172 EXPORT_SYMBOL(sptlrpc_get_next_secid);
1174 /**************************************************
1175 * client side high-level security APIs *
1176 **************************************************/
1178 static int sec_cop_flush_ctx_cache(struct ptlrpc_sec *sec, uid_t uid,
1179 int grace, int force)
1181 struct ptlrpc_sec_policy *policy = sec->ps_policy;
1183 LASSERT(policy->sp_cops);
1184 LASSERT(policy->sp_cops->flush_ctx_cache);
1186 return policy->sp_cops->flush_ctx_cache(sec, uid, grace, force);
1189 static void sec_cop_destroy_sec(struct ptlrpc_sec *sec)
1191 struct ptlrpc_sec_policy *policy = sec->ps_policy;
1193 LASSERT_ATOMIC_ZERO(&sec->ps_refcount);
1194 LASSERT_ATOMIC_ZERO(&sec->ps_nctx);
1195 LASSERT(policy->sp_cops->destroy_sec);
1197 CDEBUG(D_SEC, "%s@%p: being destroyed\n", sec->ps_policy->sp_name, sec);
1199 policy->sp_cops->destroy_sec(sec);
1200 sptlrpc_policy_put(policy);
1203 static void sptlrpc_sec_kill(struct ptlrpc_sec *sec)
1205 LASSERT_ATOMIC_POS(&sec->ps_refcount);
1207 if (sec->ps_policy->sp_cops->kill_sec) {
1208 sec->ps_policy->sp_cops->kill_sec(sec);
1210 sec_cop_flush_ctx_cache(sec, -1, 1, 1);
1214 static struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec)
1217 atomic_inc(&sec->ps_refcount);
1222 void sptlrpc_sec_put(struct ptlrpc_sec *sec)
1225 LASSERT_ATOMIC_POS(&sec->ps_refcount);
1227 if (atomic_dec_and_test(&sec->ps_refcount)) {
1228 sptlrpc_gc_del_sec(sec);
1229 sec_cop_destroy_sec(sec);
1233 EXPORT_SYMBOL(sptlrpc_sec_put);
1236 * policy module is responsible for taking reference of import
1239 struct ptlrpc_sec *sptlrpc_sec_create(struct obd_import *imp,
1240 struct ptlrpc_svc_ctx *svc_ctx,
1241 struct sptlrpc_flavor *sf,
1242 enum lustre_sec_part sp)
1244 struct ptlrpc_sec_policy *policy;
1245 struct ptlrpc_sec *sec;
1249 LASSERT(imp->imp_dlm_fake == 1);
1251 CDEBUG(D_SEC, "%s %s: reverse sec using flavor %s\n",
1252 imp->imp_obd->obd_type->typ_name,
1253 imp->imp_obd->obd_name,
1254 sptlrpc_flavor2name(sf, str, sizeof(str)));
1256 policy = sptlrpc_policy_get(svc_ctx->sc_policy);
1257 sf->sf_flags |= PTLRPC_SEC_FL_REVERSE | PTLRPC_SEC_FL_ROOTONLY;
1259 LASSERT(imp->imp_dlm_fake == 0);
1261 CDEBUG(D_SEC, "%s %s: select security flavor %s\n",
1262 imp->imp_obd->obd_type->typ_name,
1263 imp->imp_obd->obd_name,
1264 sptlrpc_flavor2name(sf, str, sizeof(str)));
1266 policy = sptlrpc_wireflavor2policy(sf->sf_rpc);
1268 CERROR("invalid flavor 0x%x\n", sf->sf_rpc);
1273 sec = policy->sp_cops->create_sec(imp, svc_ctx, sf);
1275 atomic_inc(&sec->ps_refcount);
1279 if (sec->ps_gc_interval && policy->sp_cops->gc_ctx)
1280 sptlrpc_gc_add_sec(sec);
1282 sptlrpc_policy_put(policy);
1288 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp)
1290 struct ptlrpc_sec *sec;
1292 spin_lock(&imp->imp_lock);
1293 sec = sptlrpc_sec_get(imp->imp_sec);
1294 spin_unlock(&imp->imp_lock);
1298 EXPORT_SYMBOL(sptlrpc_import_sec_ref);
1300 static void sptlrpc_import_sec_install(struct obd_import *imp,
1301 struct ptlrpc_sec *sec)
1303 struct ptlrpc_sec *old_sec;
1305 LASSERT_ATOMIC_POS(&sec->ps_refcount);
1307 spin_lock(&imp->imp_lock);
1308 old_sec = imp->imp_sec;
1310 spin_unlock(&imp->imp_lock);
1313 sptlrpc_sec_kill(old_sec);
1315 /* balance the ref taken by this import */
1316 sptlrpc_sec_put(old_sec);
1321 int flavor_equal(struct sptlrpc_flavor *sf1, struct sptlrpc_flavor *sf2)
1323 return (memcmp(sf1, sf2, sizeof(*sf1)) == 0);
1327 void flavor_copy(struct sptlrpc_flavor *dst, struct sptlrpc_flavor *src)
1332 static void sptlrpc_import_sec_adapt_inplace(struct obd_import *imp,
1333 struct ptlrpc_sec *sec,
1334 struct sptlrpc_flavor *sf)
1336 char str1[32], str2[32];
1338 if (sec->ps_flvr.sf_flags != sf->sf_flags)
1339 CDEBUG(D_SEC, "changing sec flags: %s -> %s\n",
1340 sptlrpc_secflags2str(sec->ps_flvr.sf_flags,
1341 str1, sizeof(str1)),
1342 sptlrpc_secflags2str(sf->sf_flags,
1343 str2, sizeof(str2)));
1345 spin_lock(&sec->ps_lock);
1346 flavor_copy(&sec->ps_flvr, sf);
1347 spin_unlock(&sec->ps_lock);
1351 * To get an appropriate ptlrpc_sec for the \a imp, according to the current
1352 * configuration. Upon called, imp->imp_sec may or may not be NULL.
1354 * - regular import: \a svc_ctx should be NULL and \a flvr is ignored;
1355 * - reverse import: \a svc_ctx and \a flvr are obtained from incoming request.
1357 int sptlrpc_import_sec_adapt(struct obd_import *imp,
1358 struct ptlrpc_svc_ctx *svc_ctx,
1359 struct sptlrpc_flavor *flvr)
1361 struct ptlrpc_connection *conn;
1362 struct sptlrpc_flavor sf;
1363 struct ptlrpc_sec *sec, *newsec;
1364 enum lustre_sec_part sp;
1373 conn = imp->imp_connection;
1376 struct client_obd *cliobd = &imp->imp_obd->u.cli;
1378 * normal import, determine flavor from rule set, except
1379 * for mgc the flavor is predetermined.
1381 if (cliobd->cl_sp_me == LUSTRE_SP_MGC)
1382 sf = cliobd->cl_flvr_mgc;
1384 sptlrpc_conf_choose_flavor(cliobd->cl_sp_me,
1386 &cliobd->cl_target_uuid,
1389 sp = imp->imp_obd->u.cli.cl_sp_me;
1391 /* reverse import, determine flavor from incoming request */
1394 if (sf.sf_rpc != SPTLRPC_FLVR_NULL)
1395 sf.sf_flags = PTLRPC_SEC_FL_REVERSE |
1396 PTLRPC_SEC_FL_ROOTONLY;
1398 sp = sptlrpc_target_sec_part(imp->imp_obd);
1401 sec = sptlrpc_import_sec_ref(imp);
1405 if (flavor_equal(&sf, &sec->ps_flvr))
1408 CDEBUG(D_SEC, "import %s->%s: changing flavor %s -> %s\n",
1409 imp->imp_obd->obd_name,
1410 obd_uuid2str(&conn->c_remote_uuid),
1411 sptlrpc_flavor2name(&sec->ps_flvr, str, sizeof(str)),
1412 sptlrpc_flavor2name(&sf, str2, sizeof(str2)));
1414 if (SPTLRPC_FLVR_POLICY(sf.sf_rpc) ==
1415 SPTLRPC_FLVR_POLICY(sec->ps_flvr.sf_rpc) &&
1416 SPTLRPC_FLVR_MECH(sf.sf_rpc) ==
1417 SPTLRPC_FLVR_MECH(sec->ps_flvr.sf_rpc)) {
1418 sptlrpc_import_sec_adapt_inplace(imp, sec, &sf);
1421 } else if (SPTLRPC_FLVR_BASE(sf.sf_rpc) !=
1422 SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_NULL)) {
1423 CDEBUG(D_SEC, "import %s->%s netid %x: select flavor %s\n",
1424 imp->imp_obd->obd_name,
1425 obd_uuid2str(&conn->c_remote_uuid),
1426 LNET_NIDNET(conn->c_self),
1427 sptlrpc_flavor2name(&sf, str, sizeof(str)));
1430 mutex_lock(&imp->imp_sec_mutex);
1432 newsec = sptlrpc_sec_create(imp, svc_ctx, &sf, sp);
1434 sptlrpc_import_sec_install(imp, newsec);
1436 CERROR("import %s->%s: failed to create new sec\n",
1437 imp->imp_obd->obd_name,
1438 obd_uuid2str(&conn->c_remote_uuid));
1442 mutex_unlock(&imp->imp_sec_mutex);
1444 sptlrpc_sec_put(sec);
1448 void sptlrpc_import_sec_put(struct obd_import *imp)
1451 sptlrpc_sec_kill(imp->imp_sec);
1453 sptlrpc_sec_put(imp->imp_sec);
1454 imp->imp_sec = NULL;
1458 static void import_flush_ctx_common(struct obd_import *imp,
1459 uid_t uid, int grace, int force)
1461 struct ptlrpc_sec *sec;
1466 sec = sptlrpc_import_sec_ref(imp);
1470 sec_cop_flush_ctx_cache(sec, uid, grace, force);
1471 sptlrpc_sec_put(sec);
1474 void sptlrpc_import_flush_my_ctx(struct obd_import *imp)
1476 import_flush_ctx_common(imp, from_kuid(&init_user_ns, current_uid()),
1479 EXPORT_SYMBOL(sptlrpc_import_flush_my_ctx);
1481 void sptlrpc_import_flush_all_ctx(struct obd_import *imp)
1483 import_flush_ctx_common(imp, -1, 1, 1);
1485 EXPORT_SYMBOL(sptlrpc_import_flush_all_ctx);
1488 * Used by ptlrpc client to allocate request buffer of \a req. Upon return
1489 * successfully, req->rq_reqmsg points to a buffer with size \a msgsize.
1491 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize)
1493 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1494 struct ptlrpc_sec_policy *policy;
1498 LASSERT(ctx->cc_sec);
1499 LASSERT(ctx->cc_sec->ps_policy);
1500 LASSERT(!req->rq_reqmsg);
1501 LASSERT_ATOMIC_POS(&ctx->cc_refcount);
1503 policy = ctx->cc_sec->ps_policy;
1504 rc = policy->sp_cops->alloc_reqbuf(ctx->cc_sec, req, msgsize);
1506 LASSERT(req->rq_reqmsg);
1507 LASSERT(req->rq_reqbuf || req->rq_clrbuf);
1509 /* zeroing preallocated buffer */
1511 memset(req->rq_reqmsg, 0, msgsize);
1518 * Used by ptlrpc client to free request buffer of \a req. After this
1519 * req->rq_reqmsg is set to NULL and should not be accessed anymore.
1521 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req)
1523 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1524 struct ptlrpc_sec_policy *policy;
1527 LASSERT(ctx->cc_sec);
1528 LASSERT(ctx->cc_sec->ps_policy);
1529 LASSERT_ATOMIC_POS(&ctx->cc_refcount);
1531 if (!req->rq_reqbuf && !req->rq_clrbuf)
1534 policy = ctx->cc_sec->ps_policy;
1535 policy->sp_cops->free_reqbuf(ctx->cc_sec, req);
1536 req->rq_reqmsg = NULL;
1540 * NOTE caller must guarantee the buffer size is enough for the enlargement
1542 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
1543 int segment, int newsize)
1546 int oldsize, oldmsg_size, movesize;
1548 LASSERT(segment < msg->lm_bufcount);
1549 LASSERT(msg->lm_buflens[segment] <= newsize);
1551 if (msg->lm_buflens[segment] == newsize)
1554 /* nothing to do if we are enlarging the last segment */
1555 if (segment == msg->lm_bufcount - 1) {
1556 msg->lm_buflens[segment] = newsize;
1560 oldsize = msg->lm_buflens[segment];
1562 src = lustre_msg_buf(msg, segment + 1, 0);
1563 msg->lm_buflens[segment] = newsize;
1564 dst = lustre_msg_buf(msg, segment + 1, 0);
1565 msg->lm_buflens[segment] = oldsize;
1567 /* move from segment + 1 to end segment */
1568 LASSERT(msg->lm_magic == LUSTRE_MSG_MAGIC_V2);
1569 oldmsg_size = lustre_msg_size_v2(msg->lm_bufcount, msg->lm_buflens);
1570 movesize = oldmsg_size - ((unsigned long)src - (unsigned long)msg);
1571 LASSERT(movesize >= 0);
1574 memmove(dst, src, movesize);
1576 /* note we don't clear the ares where old data live, not secret */
1578 /* finally set new segment size */
1579 msg->lm_buflens[segment] = newsize;
1581 EXPORT_SYMBOL(_sptlrpc_enlarge_msg_inplace);
1584 * Used by ptlrpc client to enlarge the \a segment of request message pointed
1585 * by req->rq_reqmsg to size \a newsize, all previously filled-in data will be
1586 * preserved after the enlargement. this must be called after original request
1587 * buffer being allocated.
1589 * \note after this be called, rq_reqmsg and rq_reqlen might have been changed,
1590 * so caller should refresh its local pointers if needed.
1592 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
1593 int segment, int newsize)
1595 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1596 struct ptlrpc_sec_cops *cops;
1597 struct lustre_msg *msg = req->rq_reqmsg;
1601 LASSERT(msg->lm_bufcount > segment);
1602 LASSERT(msg->lm_buflens[segment] <= newsize);
1604 if (msg->lm_buflens[segment] == newsize)
1607 cops = ctx->cc_sec->ps_policy->sp_cops;
1608 LASSERT(cops->enlarge_reqbuf);
1609 return cops->enlarge_reqbuf(ctx->cc_sec, req, segment, newsize);
1611 EXPORT_SYMBOL(sptlrpc_cli_enlarge_reqbuf);
1614 * Used by ptlrpc client to allocate reply buffer of \a req.
1616 * \note After this, req->rq_repmsg is still not accessible.
1618 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize)
1620 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1621 struct ptlrpc_sec_policy *policy;
1624 LASSERT(ctx->cc_sec);
1625 LASSERT(ctx->cc_sec->ps_policy);
1630 policy = ctx->cc_sec->ps_policy;
1631 return policy->sp_cops->alloc_repbuf(ctx->cc_sec, req, msgsize);
1635 * Used by ptlrpc client to free reply buffer of \a req. After this
1636 * req->rq_repmsg is set to NULL and should not be accessed anymore.
1638 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req)
1640 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1641 struct ptlrpc_sec_policy *policy;
1644 LASSERT(ctx->cc_sec);
1645 LASSERT(ctx->cc_sec->ps_policy);
1646 LASSERT_ATOMIC_POS(&ctx->cc_refcount);
1648 if (!req->rq_repbuf)
1650 LASSERT(req->rq_repbuf_len);
1652 policy = ctx->cc_sec->ps_policy;
1653 policy->sp_cops->free_repbuf(ctx->cc_sec, req);
1654 req->rq_repmsg = NULL;
1657 static int sptlrpc_svc_install_rvs_ctx(struct obd_import *imp,
1658 struct ptlrpc_svc_ctx *ctx)
1660 struct ptlrpc_sec_policy *policy = ctx->sc_policy;
1662 if (!policy->sp_sops->install_rctx)
1664 return policy->sp_sops->install_rctx(imp, ctx);
1667 /****************************************
1668 * server side security *
1669 ****************************************/
1671 static int flavor_allowed(struct sptlrpc_flavor *exp,
1672 struct ptlrpc_request *req)
1674 struct sptlrpc_flavor *flvr = &req->rq_flvr;
1676 if (exp->sf_rpc == SPTLRPC_FLVR_ANY || exp->sf_rpc == flvr->sf_rpc)
1679 if ((req->rq_ctx_init || req->rq_ctx_fini) &&
1680 SPTLRPC_FLVR_POLICY(exp->sf_rpc) ==
1681 SPTLRPC_FLVR_POLICY(flvr->sf_rpc) &&
1682 SPTLRPC_FLVR_MECH(exp->sf_rpc) == SPTLRPC_FLVR_MECH(flvr->sf_rpc))
1688 #define EXP_FLVR_UPDATE_EXPIRE (OBD_TIMEOUT_DEFAULT + 10)
1691 * Given an export \a exp, check whether the flavor of incoming \a req
1692 * is allowed by the export \a exp. Main logic is about taking care of
1693 * changing configurations. Return 0 means success.
1695 int sptlrpc_target_export_check(struct obd_export *exp,
1696 struct ptlrpc_request *req)
1698 struct sptlrpc_flavor flavor;
1703 /* client side export has no imp_reverse, skip
1704 * FIXME maybe we should check flavor this as well???
1706 if (!exp->exp_imp_reverse)
1709 /* don't care about ctx fini rpc */
1710 if (req->rq_ctx_fini)
1713 spin_lock(&exp->exp_lock);
1715 /* if flavor just changed (exp->exp_flvr_changed != 0), we wait for
1716 * the first req with the new flavor, then treat it as current flavor,
1717 * adapt reverse sec according to it.
1718 * note the first rpc with new flavor might not be with root ctx, in
1719 * which case delay the sec_adapt by leaving exp_flvr_adapt == 1.
1721 if (unlikely(exp->exp_flvr_changed) &&
1722 flavor_allowed(&exp->exp_flvr_old[1], req)) {
1723 /* make the new flavor as "current", and old ones as
1726 CDEBUG(D_SEC, "exp %p: just changed: %x->%x\n", exp,
1727 exp->exp_flvr.sf_rpc, exp->exp_flvr_old[1].sf_rpc);
1728 flavor = exp->exp_flvr_old[1];
1729 exp->exp_flvr_old[1] = exp->exp_flvr_old[0];
1730 exp->exp_flvr_expire[1] = exp->exp_flvr_expire[0];
1731 exp->exp_flvr_old[0] = exp->exp_flvr;
1732 exp->exp_flvr_expire[0] = ktime_get_real_seconds() +
1733 EXP_FLVR_UPDATE_EXPIRE;
1734 exp->exp_flvr = flavor;
1736 /* flavor change finished */
1737 exp->exp_flvr_changed = 0;
1738 LASSERT(exp->exp_flvr_adapt == 1);
1740 /* if it's gss, we only interested in root ctx init */
1741 if (req->rq_auth_gss &&
1742 !(req->rq_ctx_init &&
1743 (req->rq_auth_usr_root || req->rq_auth_usr_mdt ||
1744 req->rq_auth_usr_ost))) {
1745 spin_unlock(&exp->exp_lock);
1746 CDEBUG(D_SEC, "is good but not root(%d:%d:%d:%d:%d)\n",
1747 req->rq_auth_gss, req->rq_ctx_init,
1748 req->rq_auth_usr_root, req->rq_auth_usr_mdt,
1749 req->rq_auth_usr_ost);
1753 exp->exp_flvr_adapt = 0;
1754 spin_unlock(&exp->exp_lock);
1756 return sptlrpc_import_sec_adapt(exp->exp_imp_reverse,
1757 req->rq_svc_ctx, &flavor);
1760 /* if it equals to the current flavor, we accept it, but need to
1761 * dealing with reverse sec/ctx
1763 if (likely(flavor_allowed(&exp->exp_flvr, req))) {
1764 /* most cases should return here, we only interested in
1767 if (!req->rq_auth_gss || !req->rq_ctx_init ||
1768 (!req->rq_auth_usr_root && !req->rq_auth_usr_mdt &&
1769 !req->rq_auth_usr_ost)) {
1770 spin_unlock(&exp->exp_lock);
1774 /* if flavor just changed, we should not proceed, just leave
1775 * it and current flavor will be discovered and replaced
1776 * shortly, and let _this_ rpc pass through
1778 if (exp->exp_flvr_changed) {
1779 LASSERT(exp->exp_flvr_adapt);
1780 spin_unlock(&exp->exp_lock);
1784 if (exp->exp_flvr_adapt) {
1785 exp->exp_flvr_adapt = 0;
1786 CDEBUG(D_SEC, "exp %p (%x|%x|%x): do delayed adapt\n",
1787 exp, exp->exp_flvr.sf_rpc,
1788 exp->exp_flvr_old[0].sf_rpc,
1789 exp->exp_flvr_old[1].sf_rpc);
1790 flavor = exp->exp_flvr;
1791 spin_unlock(&exp->exp_lock);
1793 return sptlrpc_import_sec_adapt(exp->exp_imp_reverse,
1797 CDEBUG(D_SEC, "exp %p (%x|%x|%x): is current flavor, install rvs ctx\n",
1798 exp, exp->exp_flvr.sf_rpc,
1799 exp->exp_flvr_old[0].sf_rpc,
1800 exp->exp_flvr_old[1].sf_rpc);
1801 spin_unlock(&exp->exp_lock);
1803 return sptlrpc_svc_install_rvs_ctx(exp->exp_imp_reverse,
1808 if (exp->exp_flvr_expire[0]) {
1809 if (exp->exp_flvr_expire[0] >= ktime_get_real_seconds()) {
1810 if (flavor_allowed(&exp->exp_flvr_old[0], req)) {
1811 CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the middle one (%lld)\n", exp,
1812 exp->exp_flvr.sf_rpc,
1813 exp->exp_flvr_old[0].sf_rpc,
1814 exp->exp_flvr_old[1].sf_rpc,
1815 (s64)(exp->exp_flvr_expire[0] -
1816 ktime_get_real_seconds()));
1817 spin_unlock(&exp->exp_lock);
1821 CDEBUG(D_SEC, "mark middle expired\n");
1822 exp->exp_flvr_expire[0] = 0;
1824 CDEBUG(D_SEC, "exp %p (%x|%x|%x): %x not match middle\n", exp,
1825 exp->exp_flvr.sf_rpc,
1826 exp->exp_flvr_old[0].sf_rpc, exp->exp_flvr_old[1].sf_rpc,
1827 req->rq_flvr.sf_rpc);
1830 /* now it doesn't match the current flavor, the only chance we can
1831 * accept it is match the old flavors which is not expired.
1833 if (exp->exp_flvr_changed == 0 && exp->exp_flvr_expire[1]) {
1834 if (exp->exp_flvr_expire[1] >= ktime_get_real_seconds()) {
1835 if (flavor_allowed(&exp->exp_flvr_old[1], req)) {
1836 CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the oldest one (%lld)\n",
1838 exp->exp_flvr.sf_rpc,
1839 exp->exp_flvr_old[0].sf_rpc,
1840 exp->exp_flvr_old[1].sf_rpc,
1841 (s64)(exp->exp_flvr_expire[1] -
1842 ktime_get_real_seconds()));
1843 spin_unlock(&exp->exp_lock);
1847 CDEBUG(D_SEC, "mark oldest expired\n");
1848 exp->exp_flvr_expire[1] = 0;
1850 CDEBUG(D_SEC, "exp %p (%x|%x|%x): %x not match found\n",
1851 exp, exp->exp_flvr.sf_rpc,
1852 exp->exp_flvr_old[0].sf_rpc, exp->exp_flvr_old[1].sf_rpc,
1853 req->rq_flvr.sf_rpc);
1855 CDEBUG(D_SEC, "exp %p (%x|%x|%x): skip the last one\n",
1856 exp, exp->exp_flvr.sf_rpc, exp->exp_flvr_old[0].sf_rpc,
1857 exp->exp_flvr_old[1].sf_rpc);
1860 spin_unlock(&exp->exp_lock);
1862 CWARN("exp %p(%s): req %p (%u|%u|%u|%u|%u|%u) with unauthorized flavor %x, expect %x|%x(%+lld)|%x(%+lld)\n",
1863 exp, exp->exp_obd->obd_name,
1864 req, req->rq_auth_gss, req->rq_ctx_init, req->rq_ctx_fini,
1865 req->rq_auth_usr_root, req->rq_auth_usr_mdt, req->rq_auth_usr_ost,
1866 req->rq_flvr.sf_rpc,
1867 exp->exp_flvr.sf_rpc,
1868 exp->exp_flvr_old[0].sf_rpc,
1869 exp->exp_flvr_expire[0] ?
1870 (s64)(exp->exp_flvr_expire[0] - ktime_get_real_seconds()) : 0,
1871 exp->exp_flvr_old[1].sf_rpc,
1872 exp->exp_flvr_expire[1] ?
1873 (s64)(exp->exp_flvr_expire[1] - ktime_get_real_seconds()) : 0);
1876 EXPORT_SYMBOL(sptlrpc_target_export_check);
1878 static int sptlrpc_svc_check_from(struct ptlrpc_request *req, int svc_rc)
1880 /* peer's claim is unreliable unless gss is being used */
1881 if (!req->rq_auth_gss || svc_rc == SECSVC_DROP)
1884 switch (req->rq_sp_from) {
1886 if (req->rq_auth_usr_mdt || req->rq_auth_usr_ost) {
1887 DEBUG_REQ(D_ERROR, req, "faked source CLI");
1888 svc_rc = SECSVC_DROP;
1892 if (!req->rq_auth_usr_mdt) {
1893 DEBUG_REQ(D_ERROR, req, "faked source MDT");
1894 svc_rc = SECSVC_DROP;
1898 if (!req->rq_auth_usr_ost) {
1899 DEBUG_REQ(D_ERROR, req, "faked source OST");
1900 svc_rc = SECSVC_DROP;
1905 if (!req->rq_auth_usr_root && !req->rq_auth_usr_mdt &&
1906 !req->rq_auth_usr_ost) {
1907 DEBUG_REQ(D_ERROR, req, "faked source MGC/MGS");
1908 svc_rc = SECSVC_DROP;
1913 DEBUG_REQ(D_ERROR, req, "invalid source %u", req->rq_sp_from);
1914 svc_rc = SECSVC_DROP;
1921 * Used by ptlrpc server, to perform transformation upon request message of
1922 * incoming \a req. This must be the first thing to do with a incoming
1923 * request in ptlrpc layer.
1925 * \retval SECSVC_OK success, and req->rq_reqmsg point to request message in
1926 * clear text, size is req->rq_reqlen; also req->rq_svc_ctx is set.
1927 * \retval SECSVC_COMPLETE success, the request has been fully processed, and
1928 * reply message has been prepared.
1929 * \retval SECSVC_DROP failed, this request should be dropped.
1931 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req)
1933 struct ptlrpc_sec_policy *policy;
1934 struct lustre_msg *msg = req->rq_reqbuf;
1938 LASSERT(!req->rq_reqmsg);
1939 LASSERT(!req->rq_repmsg);
1940 LASSERT(!req->rq_svc_ctx);
1942 req->rq_req_swab_mask = 0;
1944 rc = __lustre_unpack_msg(msg, req->rq_reqdata_len);
1947 lustre_set_req_swabbed(req, MSG_PTLRPC_HEADER_OFF);
1951 CERROR("error unpacking request from %s x%llu\n",
1952 libcfs_id2str(req->rq_peer), req->rq_xid);
1956 req->rq_flvr.sf_rpc = WIRE_FLVR(msg->lm_secflvr);
1957 req->rq_sp_from = LUSTRE_SP_ANY;
1958 req->rq_auth_uid = -1;
1959 req->rq_auth_mapped_uid = -1;
1961 policy = sptlrpc_wireflavor2policy(req->rq_flvr.sf_rpc);
1963 CERROR("unsupported rpc flavor %x\n", req->rq_flvr.sf_rpc);
1967 LASSERT(policy->sp_sops->accept);
1968 rc = policy->sp_sops->accept(req);
1969 sptlrpc_policy_put(policy);
1970 LASSERT(req->rq_reqmsg || rc != SECSVC_OK);
1971 LASSERT(req->rq_svc_ctx || rc == SECSVC_DROP);
1974 * if it's not null flavor (which means embedded packing msg),
1975 * reset the swab mask for the coming inner msg unpacking.
1977 if (SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc) != SPTLRPC_POLICY_NULL)
1978 req->rq_req_swab_mask = 0;
1980 /* sanity check for the request source */
1981 rc = sptlrpc_svc_check_from(req, rc);
1986 * Used by ptlrpc server, to allocate reply buffer for \a req. If succeed,
1987 * req->rq_reply_state is set, and req->rq_reply_state->rs_msg point to
1988 * a buffer of \a msglen size.
1990 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen)
1992 struct ptlrpc_sec_policy *policy;
1993 struct ptlrpc_reply_state *rs;
1996 LASSERT(req->rq_svc_ctx);
1997 LASSERT(req->rq_svc_ctx->sc_policy);
1999 policy = req->rq_svc_ctx->sc_policy;
2000 LASSERT(policy->sp_sops->alloc_rs);
2002 rc = policy->sp_sops->alloc_rs(req, msglen);
2003 if (unlikely(rc == -ENOMEM)) {
2004 struct ptlrpc_service_part *svcpt = req->rq_rqbd->rqbd_svcpt;
2006 if (svcpt->scp_service->srv_max_reply_size <
2007 msglen + sizeof(struct ptlrpc_reply_state)) {
2008 /* Just return failure if the size is too big */
2009 CERROR("size of message is too big (%zd), %d allowed\n",
2010 msglen + sizeof(struct ptlrpc_reply_state),
2011 svcpt->scp_service->srv_max_reply_size);
2015 /* failed alloc, try emergency pool */
2016 rs = lustre_get_emerg_rs(svcpt);
2020 req->rq_reply_state = rs;
2021 rc = policy->sp_sops->alloc_rs(req, msglen);
2023 lustre_put_emerg_rs(rs);
2024 req->rq_reply_state = NULL;
2029 (req->rq_reply_state && req->rq_reply_state->rs_msg));
2035 * Used by ptlrpc server, to perform transformation upon reply message.
2037 * \post req->rq_reply_off is set to appropriate server-controlled reply offset.
2038 * \post req->rq_repmsg and req->rq_reply_state->rs_msg becomes inaccessible.
2040 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req)
2042 struct ptlrpc_sec_policy *policy;
2045 LASSERT(req->rq_svc_ctx);
2046 LASSERT(req->rq_svc_ctx->sc_policy);
2048 policy = req->rq_svc_ctx->sc_policy;
2049 LASSERT(policy->sp_sops->authorize);
2051 rc = policy->sp_sops->authorize(req);
2052 LASSERT(rc || req->rq_reply_state->rs_repdata_len);
2058 * Used by ptlrpc server, to free reply_state.
2060 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs)
2062 struct ptlrpc_sec_policy *policy;
2063 unsigned int prealloc;
2065 LASSERT(rs->rs_svc_ctx);
2066 LASSERT(rs->rs_svc_ctx->sc_policy);
2068 policy = rs->rs_svc_ctx->sc_policy;
2069 LASSERT(policy->sp_sops->free_rs);
2071 prealloc = rs->rs_prealloc;
2072 policy->sp_sops->free_rs(rs);
2075 lustre_put_emerg_rs(rs);
2078 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req)
2080 struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
2083 atomic_inc(&ctx->sc_refcount);
2086 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req)
2088 struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
2093 LASSERT_ATOMIC_POS(&ctx->sc_refcount);
2094 if (atomic_dec_and_test(&ctx->sc_refcount)) {
2095 if (ctx->sc_policy->sp_sops->free_ctx)
2096 ctx->sc_policy->sp_sops->free_ctx(ctx);
2098 req->rq_svc_ctx = NULL;
2101 /****************************************
2103 ****************************************/
2106 * Perform transformation upon bulk data pointed by \a desc. This is called
2107 * before transforming the request message.
2109 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
2110 struct ptlrpc_bulk_desc *desc)
2112 struct ptlrpc_cli_ctx *ctx;
2114 LASSERT(req->rq_bulk_read || req->rq_bulk_write);
2116 if (!req->rq_pack_bulk)
2119 ctx = req->rq_cli_ctx;
2120 if (ctx->cc_ops->wrap_bulk)
2121 return ctx->cc_ops->wrap_bulk(ctx, req, desc);
2124 EXPORT_SYMBOL(sptlrpc_cli_wrap_bulk);
2127 * This is called after unwrap the reply message.
2128 * return nob of actual plain text size received, or error code.
2130 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
2131 struct ptlrpc_bulk_desc *desc,
2134 struct ptlrpc_cli_ctx *ctx;
2137 LASSERT(req->rq_bulk_read && !req->rq_bulk_write);
2139 if (!req->rq_pack_bulk)
2140 return desc->bd_nob_transferred;
2142 ctx = req->rq_cli_ctx;
2143 if (ctx->cc_ops->unwrap_bulk) {
2144 rc = ctx->cc_ops->unwrap_bulk(ctx, req, desc);
2148 return desc->bd_nob_transferred;
2150 EXPORT_SYMBOL(sptlrpc_cli_unwrap_bulk_read);
2153 * This is called after unwrap the reply message.
2154 * return 0 for success or error code.
2156 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
2157 struct ptlrpc_bulk_desc *desc)
2159 struct ptlrpc_cli_ctx *ctx;
2162 LASSERT(!req->rq_bulk_read && req->rq_bulk_write);
2164 if (!req->rq_pack_bulk)
2167 ctx = req->rq_cli_ctx;
2168 if (ctx->cc_ops->unwrap_bulk) {
2169 rc = ctx->cc_ops->unwrap_bulk(ctx, req, desc);
2175 * if everything is going right, nob should equals to nob_transferred.
2176 * in case of privacy mode, nob_transferred needs to be adjusted.
2178 if (desc->bd_nob != desc->bd_nob_transferred) {
2179 CERROR("nob %d doesn't match transferred nob %d\n",
2180 desc->bd_nob, desc->bd_nob_transferred);
2186 EXPORT_SYMBOL(sptlrpc_cli_unwrap_bulk_write);
2188 /****************************************
2189 * user descriptor helpers *
2190 ****************************************/
2192 int sptlrpc_current_user_desc_size(void)
2196 ngroups = current_ngroups;
2198 if (ngroups > LUSTRE_MAX_GROUPS)
2199 ngroups = LUSTRE_MAX_GROUPS;
2200 return sptlrpc_user_desc_size(ngroups);
2202 EXPORT_SYMBOL(sptlrpc_current_user_desc_size);
2204 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset)
2206 struct ptlrpc_user_desc *pud;
2208 pud = lustre_msg_buf(msg, offset, 0);
2213 pud->pud_uid = from_kuid(&init_user_ns, current_uid());
2214 pud->pud_gid = from_kgid(&init_user_ns, current_gid());
2215 pud->pud_fsuid = from_kuid(&init_user_ns, current_fsuid());
2216 pud->pud_fsgid = from_kgid(&init_user_ns, current_fsgid());
2217 pud->pud_cap = cfs_curproc_cap_pack();
2218 pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;
2221 if (pud->pud_ngroups > current_ngroups)
2222 pud->pud_ngroups = current_ngroups;
2223 memcpy(pud->pud_groups, current_cred()->group_info->blocks[0],
2224 pud->pud_ngroups * sizeof(__u32));
2225 task_unlock(current);
2229 EXPORT_SYMBOL(sptlrpc_pack_user_desc);
2231 int sptlrpc_unpack_user_desc(struct lustre_msg *msg, int offset, int swabbed)
2233 struct ptlrpc_user_desc *pud;
2236 pud = lustre_msg_buf(msg, offset, sizeof(*pud));
2241 __swab32s(&pud->pud_uid);
2242 __swab32s(&pud->pud_gid);
2243 __swab32s(&pud->pud_fsuid);
2244 __swab32s(&pud->pud_fsgid);
2245 __swab32s(&pud->pud_cap);
2246 __swab32s(&pud->pud_ngroups);
2249 if (pud->pud_ngroups > LUSTRE_MAX_GROUPS) {
2250 CERROR("%u groups is too large\n", pud->pud_ngroups);
2254 if (sizeof(*pud) + pud->pud_ngroups * sizeof(__u32) >
2255 msg->lm_buflens[offset]) {
2256 CERROR("%u groups are claimed but bufsize only %u\n",
2257 pud->pud_ngroups, msg->lm_buflens[offset]);
2262 for (i = 0; i < pud->pud_ngroups; i++)
2263 __swab32s(&pud->pud_groups[i]);
2268 EXPORT_SYMBOL(sptlrpc_unpack_user_desc);
2270 /****************************************
2272 ****************************************/
2274 const char *sec2target_str(struct ptlrpc_sec *sec)
2276 if (!sec || !sec->ps_import || !sec->ps_import->imp_obd)
2278 if (sec_is_reverse(sec))
2280 return obd_uuid2str(&sec->ps_import->imp_obd->u.cli.cl_target_uuid);
2282 EXPORT_SYMBOL(sec2target_str);
2285 * return true if the bulk data is protected
2287 bool sptlrpc_flavor_has_bulk(struct sptlrpc_flavor *flvr)
2289 switch (SPTLRPC_FLVR_BULK_SVC(flvr->sf_rpc)) {
2290 case SPTLRPC_BULK_SVC_INTG:
2291 case SPTLRPC_BULK_SVC_PRIV:
2297 EXPORT_SYMBOL(sptlrpc_flavor_has_bulk);
2299 /****************************************
2300 * crypto API helper/alloc blkciper *
2301 ****************************************/
2303 /****************************************
2304 * initialize/finalize *
2305 ****************************************/
2307 int sptlrpc_init(void)
2311 rwlock_init(&policy_lock);
2313 rc = sptlrpc_gc_init();
2317 rc = sptlrpc_conf_init();
2321 rc = sptlrpc_enc_pool_init();
2325 rc = sptlrpc_null_init();
2329 rc = sptlrpc_plain_init();
2333 rc = sptlrpc_lproc_init();
2340 sptlrpc_plain_fini();
2342 sptlrpc_null_fini();
2344 sptlrpc_enc_pool_fini();
2346 sptlrpc_conf_fini();
2353 void sptlrpc_fini(void)
2355 sptlrpc_lproc_fini();
2356 sptlrpc_plain_fini();
2357 sptlrpc_null_fini();
2358 sptlrpc_enc_pool_fini();
2359 sptlrpc_conf_fini();
projects / cascardo / linux.git / blob