4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Use is subject to license terms.
26 * Copyright (c) 2011, 2012, Intel Corporation.
29 * This file is part of Lustre, http://www.lustre.org/
30 * Lustre is a trademark of Sun Microsystems, Inc.
34 * Author: Eric Mei <ericm@clusterfs.com>
37 #define DEBUG_SUBSYSTEM S_SEC
39 #include <linux/libcfs/libcfs.h>
40 #include <linux/crypto.h>
41 #include <linux/cred.h>
42 #include <linux/key.h>
43 #include <linux/sched/task.h>
46 #include <obd_class.h>
47 #include <obd_support.h>
48 #include <lustre_net.h>
49 #include <lustre_import.h>
50 #include <lustre_dlm.h>
51 #include <lustre_sec.h>
53 #include "ptlrpc_internal.h"
55 /***********************************************
57 ***********************************************/
59 static rwlock_t policy_lock;
60 static struct ptlrpc_sec_policy *policies[SPTLRPC_POLICY_MAX] = {
64 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy)
66 __u16 number = policy->sp_policy;
68 LASSERT(policy->sp_name);
69 LASSERT(policy->sp_cops);
70 LASSERT(policy->sp_sops);
72 if (number >= SPTLRPC_POLICY_MAX)
75 write_lock(&policy_lock);
76 if (unlikely(policies[number])) {
77 write_unlock(&policy_lock);
80 policies[number] = policy;
81 write_unlock(&policy_lock);
83 CDEBUG(D_SEC, "%s: registered\n", policy->sp_name);
86 EXPORT_SYMBOL(sptlrpc_register_policy);
88 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy)
90 __u16 number = policy->sp_policy;
92 LASSERT(number < SPTLRPC_POLICY_MAX);
94 write_lock(&policy_lock);
95 if (unlikely(!policies[number])) {
96 write_unlock(&policy_lock);
97 CERROR("%s: already unregistered\n", policy->sp_name);
101 LASSERT(policies[number] == policy);
102 policies[number] = NULL;
103 write_unlock(&policy_lock);
105 CDEBUG(D_SEC, "%s: unregistered\n", policy->sp_name);
108 EXPORT_SYMBOL(sptlrpc_unregister_policy);
111 struct ptlrpc_sec_policy *sptlrpc_wireflavor2policy(__u32 flavor)
113 static DEFINE_MUTEX(load_mutex);
114 static atomic_t loaded = ATOMIC_INIT(0);
115 struct ptlrpc_sec_policy *policy;
116 __u16 number = SPTLRPC_FLVR_POLICY(flavor);
119 if (number >= SPTLRPC_POLICY_MAX)
123 read_lock(&policy_lock);
124 policy = policies[number];
125 if (policy && !try_module_get(policy->sp_owner))
128 flag = atomic_read(&loaded);
129 read_unlock(&policy_lock);
131 if (policy || flag != 0 ||
132 number != SPTLRPC_POLICY_GSS)
135 /* try to load gss module, once */
136 mutex_lock(&load_mutex);
137 if (atomic_read(&loaded) == 0) {
138 if (request_module("ptlrpc_gss") == 0)
140 "module ptlrpc_gss loaded on demand\n");
142 CERROR("Unable to load module ptlrpc_gss\n");
144 atomic_set(&loaded, 1);
146 mutex_unlock(&load_mutex);
152 __u32 sptlrpc_name2flavor_base(const char *name)
154 if (!strcmp(name, "null"))
155 return SPTLRPC_FLVR_NULL;
156 if (!strcmp(name, "plain"))
157 return SPTLRPC_FLVR_PLAIN;
158 if (!strcmp(name, "krb5n"))
159 return SPTLRPC_FLVR_KRB5N;
160 if (!strcmp(name, "krb5a"))
161 return SPTLRPC_FLVR_KRB5A;
162 if (!strcmp(name, "krb5i"))
163 return SPTLRPC_FLVR_KRB5I;
164 if (!strcmp(name, "krb5p"))
165 return SPTLRPC_FLVR_KRB5P;
167 return SPTLRPC_FLVR_INVALID;
169 EXPORT_SYMBOL(sptlrpc_name2flavor_base);
171 const char *sptlrpc_flavor2name_base(__u32 flvr)
173 __u32 base = SPTLRPC_FLVR_BASE(flvr);
175 if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_NULL))
177 else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_PLAIN))
179 else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5N))
181 else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5A))
183 else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5I))
185 else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5P))
188 CERROR("invalid wire flavor 0x%x\n", flvr);
191 EXPORT_SYMBOL(sptlrpc_flavor2name_base);
193 char *sptlrpc_flavor2name_bulk(struct sptlrpc_flavor *sf,
194 char *buf, int bufsize)
196 if (SPTLRPC_FLVR_POLICY(sf->sf_rpc) == SPTLRPC_POLICY_PLAIN)
197 snprintf(buf, bufsize, "hash:%s",
198 sptlrpc_get_hash_name(sf->u_bulk.hash.hash_alg));
200 snprintf(buf, bufsize, "%s",
201 sptlrpc_flavor2name_base(sf->sf_rpc));
203 buf[bufsize - 1] = '\0';
206 EXPORT_SYMBOL(sptlrpc_flavor2name_bulk);
208 char *sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize)
210 strlcpy(buf, sptlrpc_flavor2name_base(sf->sf_rpc), bufsize);
213 * currently we don't support customized bulk specification for
214 * flavors other than plain
216 if (SPTLRPC_FLVR_POLICY(sf->sf_rpc) == SPTLRPC_POLICY_PLAIN) {
220 sptlrpc_flavor2name_bulk(sf, &bspec[1], sizeof(bspec) - 1);
221 strlcat(buf, bspec, bufsize);
226 EXPORT_SYMBOL(sptlrpc_flavor2name);
228 static char *sptlrpc_secflags2str(__u32 flags, char *buf, int bufsize)
232 if (flags & PTLRPC_SEC_FL_REVERSE)
233 strlcat(buf, "reverse,", bufsize);
234 if (flags & PTLRPC_SEC_FL_ROOTONLY)
235 strlcat(buf, "rootonly,", bufsize);
236 if (flags & PTLRPC_SEC_FL_UDESC)
237 strlcat(buf, "udesc,", bufsize);
238 if (flags & PTLRPC_SEC_FL_BULK)
239 strlcat(buf, "bulk,", bufsize);
241 strlcat(buf, "-,", bufsize);
246 /**************************************************
247 * client context APIs *
248 **************************************************/
251 struct ptlrpc_cli_ctx *get_my_ctx(struct ptlrpc_sec *sec)
253 struct vfs_cred vcred;
254 int create = 1, remove_dead = 1;
257 LASSERT(sec->ps_policy->sp_cops->lookup_ctx);
259 if (sec->ps_flvr.sf_flags & (PTLRPC_SEC_FL_REVERSE |
260 PTLRPC_SEC_FL_ROOTONLY)) {
263 if (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE) {
268 vcred.vc_uid = from_kuid(&init_user_ns, current_uid());
269 vcred.vc_gid = from_kgid(&init_user_ns, current_gid());
272 return sec->ps_policy->sp_cops->lookup_ctx(sec, &vcred,
273 create, remove_dead);
276 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx)
278 atomic_inc(&ctx->cc_refcount);
281 EXPORT_SYMBOL(sptlrpc_cli_ctx_get);
283 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync)
285 struct ptlrpc_sec *sec = ctx->cc_sec;
288 LASSERT_ATOMIC_POS(&ctx->cc_refcount);
290 if (!atomic_dec_and_test(&ctx->cc_refcount))
293 sec->ps_policy->sp_cops->release_ctx(sec, ctx, sync);
295 EXPORT_SYMBOL(sptlrpc_cli_ctx_put);
297 static int import_sec_check_expire(struct obd_import *imp)
301 spin_lock(&imp->imp_lock);
302 if (imp->imp_sec_expire &&
303 imp->imp_sec_expire < ktime_get_real_seconds()) {
305 imp->imp_sec_expire = 0;
307 spin_unlock(&imp->imp_lock);
312 CDEBUG(D_SEC, "found delayed sec adapt expired, do it now\n");
313 return sptlrpc_import_sec_adapt(imp, NULL, NULL);
317 * Get and validate the client side ptlrpc security facilities from
318 * \a imp. There is a race condition on client reconnect when the import is
319 * being destroyed while there are outstanding client bound requests. In
320 * this case do not output any error messages if import secuity is not
323 * \param[in] imp obd import associated with client
324 * \param[out] sec client side ptlrpc security
326 * \retval 0 if security retrieved successfully
327 * \retval -ve errno if there was a problem
329 static int import_sec_validate_get(struct obd_import *imp,
330 struct ptlrpc_sec **sec)
334 if (unlikely(imp->imp_sec_expire)) {
335 rc = import_sec_check_expire(imp);
340 *sec = sptlrpc_import_sec_ref(imp);
341 /* Only output an error when the import is still active */
343 if (list_empty(&imp->imp_zombie_chain))
344 CERROR("import %p (%s) with no sec\n",
345 imp, ptlrpc_import_state_name(imp->imp_state));
349 if (unlikely((*sec)->ps_dying)) {
350 CERROR("attempt to use dying sec %p\n", sec);
351 sptlrpc_sec_put(*sec);
359 * Given a \a req, find or allocate a appropriate context for it.
360 * \pre req->rq_cli_ctx == NULL.
362 * \retval 0 succeed, and req->rq_cli_ctx is set.
363 * \retval -ev error number, and req->rq_cli_ctx == NULL.
365 int sptlrpc_req_get_ctx(struct ptlrpc_request *req)
367 struct obd_import *imp = req->rq_import;
368 struct ptlrpc_sec *sec;
371 LASSERT(!req->rq_cli_ctx);
374 rc = import_sec_validate_get(imp, &sec);
378 req->rq_cli_ctx = get_my_ctx(sec);
380 sptlrpc_sec_put(sec);
382 if (!req->rq_cli_ctx) {
383 CERROR("req %p: fail to get context\n", req);
384 return -ECONNREFUSED;
391 * Drop the context for \a req.
392 * \pre req->rq_cli_ctx != NULL.
393 * \post req->rq_cli_ctx == NULL.
395 * If \a sync == 0, this function should return quickly without sleep;
396 * otherwise it might trigger and wait for the whole process of sending
397 * an context-destroying rpc to server.
399 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync)
402 LASSERT(req->rq_cli_ctx);
404 /* request might be asked to release earlier while still
405 * in the context waiting list.
407 if (!list_empty(&req->rq_ctx_chain)) {
408 spin_lock(&req->rq_cli_ctx->cc_lock);
409 list_del_init(&req->rq_ctx_chain);
410 spin_unlock(&req->rq_cli_ctx->cc_lock);
413 sptlrpc_cli_ctx_put(req->rq_cli_ctx, sync);
414 req->rq_cli_ctx = NULL;
418 int sptlrpc_req_ctx_switch(struct ptlrpc_request *req,
419 struct ptlrpc_cli_ctx *oldctx,
420 struct ptlrpc_cli_ctx *newctx)
422 struct sptlrpc_flavor old_flvr;
423 char *reqmsg = NULL; /* to workaround old gcc */
427 LASSERT(req->rq_reqmsg);
428 LASSERT(req->rq_reqlen);
429 LASSERT(req->rq_replen);
431 CDEBUG(D_SEC, "req %p: switch ctx %p(%u->%s) -> %p(%u->%s), switch sec %p(%s) -> %p(%s)\n",
433 oldctx, oldctx->cc_vcred.vc_uid, sec2target_str(oldctx->cc_sec),
434 newctx, newctx->cc_vcred.vc_uid, sec2target_str(newctx->cc_sec),
435 oldctx->cc_sec, oldctx->cc_sec->ps_policy->sp_name,
436 newctx->cc_sec, newctx->cc_sec->ps_policy->sp_name);
439 old_flvr = req->rq_flvr;
441 /* save request message */
442 reqmsg_size = req->rq_reqlen;
443 if (reqmsg_size != 0) {
444 reqmsg = libcfs_kvzalloc(reqmsg_size, GFP_NOFS);
447 memcpy(reqmsg, req->rq_reqmsg, reqmsg_size);
450 /* release old req/rep buf */
451 req->rq_cli_ctx = oldctx;
452 sptlrpc_cli_free_reqbuf(req);
453 sptlrpc_cli_free_repbuf(req);
454 req->rq_cli_ctx = newctx;
456 /* recalculate the flavor */
457 sptlrpc_req_set_flavor(req, 0);
459 /* alloc new request buffer
460 * we don't need to alloc reply buffer here, leave it to the
461 * rest procedure of ptlrpc
463 if (reqmsg_size != 0) {
464 rc = sptlrpc_cli_alloc_reqbuf(req, reqmsg_size);
466 LASSERT(req->rq_reqmsg);
467 memcpy(req->rq_reqmsg, reqmsg, reqmsg_size);
469 CWARN("failed to alloc reqbuf: %d\n", rc);
470 req->rq_flvr = old_flvr;
479 * If current context of \a req is dead somehow, e.g. we just switched flavor
480 * thus marked original contexts dead, we'll find a new context for it. if
481 * no switch is needed, \a req will end up with the same context.
483 * \note a request must have a context, to keep other parts of code happy.
484 * In any case of failure during the switching, we must restore the old one.
486 static int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req)
488 struct ptlrpc_cli_ctx *oldctx = req->rq_cli_ctx;
489 struct ptlrpc_cli_ctx *newctx;
494 sptlrpc_cli_ctx_get(oldctx);
495 sptlrpc_req_put_ctx(req, 0);
497 rc = sptlrpc_req_get_ctx(req);
499 LASSERT(!req->rq_cli_ctx);
501 /* restore old ctx */
502 req->rq_cli_ctx = oldctx;
506 newctx = req->rq_cli_ctx;
509 if (unlikely(newctx == oldctx &&
510 test_bit(PTLRPC_CTX_DEAD_BIT, &oldctx->cc_flags))) {
512 * still get the old dead ctx, usually means system too busy
515 "ctx (%p, fl %lx) doesn't switch, relax a little bit\n",
516 newctx, newctx->cc_flags);
518 set_current_state(TASK_INTERRUPTIBLE);
519 schedule_timeout(msecs_to_jiffies(MSEC_PER_SEC));
520 } else if (unlikely(!test_bit(PTLRPC_CTX_UPTODATE_BIT, &newctx->cc_flags))) {
522 * new ctx not up to date yet
525 "ctx (%p, fl %lx) doesn't switch, not up to date yet\n",
526 newctx, newctx->cc_flags);
529 * it's possible newctx == oldctx if we're switching
530 * subflavor with the same sec.
532 rc = sptlrpc_req_ctx_switch(req, oldctx, newctx);
534 /* restore old ctx */
535 sptlrpc_req_put_ctx(req, 0);
536 req->rq_cli_ctx = oldctx;
540 LASSERT(req->rq_cli_ctx == newctx);
543 sptlrpc_cli_ctx_put(oldctx, 1);
548 int ctx_check_refresh(struct ptlrpc_cli_ctx *ctx)
550 if (cli_ctx_is_refreshed(ctx))
556 int ctx_refresh_timeout(void *data)
558 struct ptlrpc_request *req = data;
561 /* conn_cnt is needed in expire_one_request */
562 lustre_msg_set_conn_cnt(req->rq_reqmsg, req->rq_import->imp_conn_cnt);
564 rc = ptlrpc_expire_one_request(req, 1);
565 /* if we started recovery, we should mark this ctx dead; otherwise
566 * in case of lgssd died nobody would retire this ctx, following
567 * connecting will still find the same ctx thus cause deadlock.
568 * there's an assumption that expire time of the request should be
569 * later than the context refresh expire time.
572 req->rq_cli_ctx->cc_ops->force_die(req->rq_cli_ctx, 0);
577 void ctx_refresh_interrupt(void *data)
579 struct ptlrpc_request *req = data;
581 spin_lock(&req->rq_lock);
583 spin_unlock(&req->rq_lock);
587 void req_off_ctx_list(struct ptlrpc_request *req, struct ptlrpc_cli_ctx *ctx)
589 spin_lock(&ctx->cc_lock);
590 if (!list_empty(&req->rq_ctx_chain))
591 list_del_init(&req->rq_ctx_chain);
592 spin_unlock(&ctx->cc_lock);
596 * To refresh the context of \req, if it's not up-to-date.
599 * - = 0: wait until success or fatal error occur
600 * - > 0: timeout value (in seconds)
602 * The status of the context could be subject to be changed by other threads
603 * at any time. We allow this race, but once we return with 0, the caller will
604 * suppose it's uptodated and keep using it until the owning rpc is done.
606 * \retval 0 only if the context is uptodated.
607 * \retval -ev error number.
609 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout)
611 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
612 struct ptlrpc_sec *sec;
613 struct l_wait_info lwi;
618 if (req->rq_ctx_init || req->rq_ctx_fini)
622 * during the process a request's context might change type even
623 * (e.g. from gss ctx to null ctx), so each loop we need to re-check
627 rc = import_sec_validate_get(req->rq_import, &sec);
631 if (sec->ps_flvr.sf_rpc != req->rq_flvr.sf_rpc) {
632 CDEBUG(D_SEC, "req %p: flavor has changed %x -> %x\n",
633 req, req->rq_flvr.sf_rpc, sec->ps_flvr.sf_rpc);
634 req_off_ctx_list(req, ctx);
635 sptlrpc_req_replace_dead_ctx(req);
636 ctx = req->rq_cli_ctx;
638 sptlrpc_sec_put(sec);
640 if (cli_ctx_is_eternal(ctx))
643 if (unlikely(test_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags))) {
644 LASSERT(ctx->cc_ops->refresh);
645 ctx->cc_ops->refresh(ctx);
647 LASSERT(test_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags) == 0);
649 LASSERT(ctx->cc_ops->validate);
650 if (ctx->cc_ops->validate(ctx) == 0) {
651 req_off_ctx_list(req, ctx);
655 if (unlikely(test_bit(PTLRPC_CTX_ERROR_BIT, &ctx->cc_flags))) {
656 spin_lock(&req->rq_lock);
658 spin_unlock(&req->rq_lock);
659 req_off_ctx_list(req, ctx);
664 * There's a subtle issue for resending RPCs, suppose following
666 * 1. the request was sent to server.
667 * 2. recovery was kicked start, after finished the request was
669 * 3. resend the request.
670 * 4. old reply from server received, we accept and verify the reply.
671 * this has to be success, otherwise the error will be aware
673 * 5. new reply from server received, dropped by LNet.
675 * Note the xid of old & new request is the same. We can't simply
676 * change xid for the resent request because the server replies on
677 * it for reply reconstruction.
679 * Commonly the original context should be uptodate because we
680 * have a expiry nice time; server will keep its context because
681 * we at least hold a ref of old context which prevent context
682 * destroying RPC being sent. So server still can accept the request
683 * and finish the RPC. But if that's not the case:
684 * 1. If server side context has been trimmed, a NO_CONTEXT will
685 * be returned, gss_cli_ctx_verify/unseal will switch to new
687 * 2. Current context never be refreshed, then we are fine: we
688 * never really send request with old context before.
690 if (test_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags) &&
691 unlikely(req->rq_reqmsg) &&
692 lustre_msg_get_flags(req->rq_reqmsg) & MSG_RESENT) {
693 req_off_ctx_list(req, ctx);
697 if (unlikely(test_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags))) {
698 req_off_ctx_list(req, ctx);
700 * don't switch ctx if import was deactivated
702 if (req->rq_import->imp_deactive) {
703 spin_lock(&req->rq_lock);
705 spin_unlock(&req->rq_lock);
709 rc = sptlrpc_req_replace_dead_ctx(req);
711 LASSERT(ctx == req->rq_cli_ctx);
712 CERROR("req %p: failed to replace dead ctx %p: %d\n",
714 spin_lock(&req->rq_lock);
716 spin_unlock(&req->rq_lock);
720 ctx = req->rq_cli_ctx;
725 * Now we're sure this context is during upcall, add myself into
728 spin_lock(&ctx->cc_lock);
729 if (list_empty(&req->rq_ctx_chain))
730 list_add(&req->rq_ctx_chain, &ctx->cc_req_list);
731 spin_unlock(&ctx->cc_lock);
736 /* Clear any flags that may be present from previous sends */
737 LASSERT(req->rq_receiving_reply == 0);
738 spin_lock(&req->rq_lock);
740 req->rq_timedout = 0;
743 spin_unlock(&req->rq_lock);
745 lwi = LWI_TIMEOUT_INTR(msecs_to_jiffies(timeout * MSEC_PER_SEC),
746 ctx_refresh_timeout, ctx_refresh_interrupt,
748 rc = l_wait_event(req->rq_reply_waitq, ctx_check_refresh(ctx), &lwi);
751 * following cases could lead us here:
752 * - successfully refreshed;
754 * - timedout, and we don't want recover from the failure;
755 * - timedout, and waked up upon recovery finished;
756 * - someone else mark this ctx dead by force;
757 * - someone invalidate the req and call ptlrpc_client_wake_req(),
758 * e.g. ptlrpc_abort_inflight();
760 if (!cli_ctx_is_refreshed(ctx)) {
761 /* timed out or interrupted */
762 req_off_ctx_list(req, ctx);
772 * Initialize flavor settings for \a req, according to \a opcode.
774 * \note this could be called in two situations:
775 * - new request from ptlrpc_pre_req(), with proper @opcode
776 * - old request which changed ctx in the middle, with @opcode == 0
778 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode)
780 struct ptlrpc_sec *sec;
782 LASSERT(req->rq_import);
783 LASSERT(req->rq_cli_ctx);
784 LASSERT(req->rq_cli_ctx->cc_sec);
785 LASSERT(req->rq_bulk_read == 0 || req->rq_bulk_write == 0);
787 /* special security flags according to opcode */
791 case MGS_CONFIG_READ:
793 req->rq_bulk_read = 1;
797 req->rq_bulk_write = 1;
800 req->rq_ctx_init = 1;
803 req->rq_ctx_fini = 1;
806 /* init/fini rpc won't be resend, so can't be here */
807 LASSERT(req->rq_ctx_init == 0);
808 LASSERT(req->rq_ctx_fini == 0);
810 /* cleanup flags, which should be recalculated */
811 req->rq_pack_udesc = 0;
812 req->rq_pack_bulk = 0;
816 sec = req->rq_cli_ctx->cc_sec;
818 spin_lock(&sec->ps_lock);
819 req->rq_flvr = sec->ps_flvr;
820 spin_unlock(&sec->ps_lock);
822 /* force SVC_NULL for context initiation rpc, SVC_INTG for context
825 if (unlikely(req->rq_ctx_init))
826 flvr_set_svc(&req->rq_flvr.sf_rpc, SPTLRPC_SVC_NULL);
827 else if (unlikely(req->rq_ctx_fini))
828 flvr_set_svc(&req->rq_flvr.sf_rpc, SPTLRPC_SVC_INTG);
830 /* user descriptor flag, null security can't do it anyway */
831 if ((sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_UDESC) &&
832 (req->rq_flvr.sf_rpc != SPTLRPC_FLVR_NULL))
833 req->rq_pack_udesc = 1;
835 /* bulk security flag */
836 if ((req->rq_bulk_read || req->rq_bulk_write) &&
837 sptlrpc_flavor_has_bulk(&req->rq_flvr))
838 req->rq_pack_bulk = 1;
841 void sptlrpc_request_out_callback(struct ptlrpc_request *req)
843 if (SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc) != SPTLRPC_SVC_PRIV)
846 LASSERT(req->rq_clrbuf);
847 if (req->rq_pool || !req->rq_reqbuf)
850 kvfree(req->rq_reqbuf);
851 req->rq_reqbuf = NULL;
852 req->rq_reqbuf_len = 0;
856 * Given an import \a imp, check whether current user has a valid context
857 * or not. We may create a new context and try to refresh it, and try
858 * repeatedly try in case of non-fatal errors. Return 0 means success.
860 int sptlrpc_import_check_ctx(struct obd_import *imp)
862 struct ptlrpc_sec *sec;
863 struct ptlrpc_cli_ctx *ctx;
864 struct ptlrpc_request *req = NULL;
869 sec = sptlrpc_import_sec_ref(imp);
870 ctx = get_my_ctx(sec);
871 sptlrpc_sec_put(sec);
876 if (cli_ctx_is_eternal(ctx) ||
877 ctx->cc_ops->validate(ctx) == 0) {
878 sptlrpc_cli_ctx_put(ctx, 1);
882 if (cli_ctx_is_error(ctx)) {
883 sptlrpc_cli_ctx_put(ctx, 1);
887 req = ptlrpc_request_cache_alloc(GFP_NOFS);
891 ptlrpc_cli_req_init(req);
892 atomic_set(&req->rq_refcount, 10000);
894 req->rq_import = imp;
895 req->rq_flvr = sec->ps_flvr;
896 req->rq_cli_ctx = ctx;
898 rc = sptlrpc_req_refresh_ctx(req, 0);
899 LASSERT(list_empty(&req->rq_ctx_chain));
900 sptlrpc_cli_ctx_put(req->rq_cli_ctx, 1);
901 ptlrpc_request_cache_free(req);
907 * Used by ptlrpc client, to perform the pre-defined security transformation
908 * upon the request message of \a req. After this function called,
909 * req->rq_reqmsg is still accessible as clear text.
911 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req)
913 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
917 LASSERT(ctx->cc_sec);
918 LASSERT(req->rq_reqbuf || req->rq_clrbuf);
920 /* we wrap bulk request here because now we can be sure
921 * the context is uptodate.
924 rc = sptlrpc_cli_wrap_bulk(req, req->rq_bulk);
929 switch (SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc)) {
930 case SPTLRPC_SVC_NULL:
931 case SPTLRPC_SVC_AUTH:
932 case SPTLRPC_SVC_INTG:
933 LASSERT(ctx->cc_ops->sign);
934 rc = ctx->cc_ops->sign(ctx, req);
936 case SPTLRPC_SVC_PRIV:
937 LASSERT(ctx->cc_ops->seal);
938 rc = ctx->cc_ops->seal(ctx, req);
945 LASSERT(req->rq_reqdata_len);
946 LASSERT(req->rq_reqdata_len % 8 == 0);
947 LASSERT(req->rq_reqdata_len <= req->rq_reqbuf_len);
953 static int do_cli_unwrap_reply(struct ptlrpc_request *req)
955 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
959 LASSERT(ctx->cc_sec);
960 LASSERT(req->rq_repbuf);
961 LASSERT(req->rq_repdata);
962 LASSERT(!req->rq_repmsg);
964 req->rq_rep_swab_mask = 0;
966 rc = __lustre_unpack_msg(req->rq_repdata, req->rq_repdata_len);
969 lustre_set_rep_swabbed(req, MSG_PTLRPC_HEADER_OFF);
973 CERROR("failed unpack reply: x%llu\n", req->rq_xid);
977 if (req->rq_repdata_len < sizeof(struct lustre_msg)) {
978 CERROR("replied data length %d too small\n",
979 req->rq_repdata_len);
983 if (SPTLRPC_FLVR_POLICY(req->rq_repdata->lm_secflvr) !=
984 SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc)) {
985 CERROR("reply policy %u doesn't match request policy %u\n",
986 SPTLRPC_FLVR_POLICY(req->rq_repdata->lm_secflvr),
987 SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc));
991 switch (SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc)) {
992 case SPTLRPC_SVC_NULL:
993 case SPTLRPC_SVC_AUTH:
994 case SPTLRPC_SVC_INTG:
995 LASSERT(ctx->cc_ops->verify);
996 rc = ctx->cc_ops->verify(ctx, req);
998 case SPTLRPC_SVC_PRIV:
999 LASSERT(ctx->cc_ops->unseal);
1000 rc = ctx->cc_ops->unseal(ctx, req);
1005 LASSERT(rc || req->rq_repmsg || req->rq_resend);
1007 if (SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc) != SPTLRPC_POLICY_NULL &&
1009 req->rq_rep_swab_mask = 0;
1014 * Used by ptlrpc client, to perform security transformation upon the reply
1015 * message of \a req. After return successfully, req->rq_repmsg points to
1016 * the reply message in clear text.
1018 * \pre the reply buffer should have been un-posted from LNet, so nothing is
1021 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req)
1023 LASSERT(req->rq_repbuf);
1024 LASSERT(!req->rq_repdata);
1025 LASSERT(!req->rq_repmsg);
1026 LASSERT(req->rq_reply_off + req->rq_nob_received <= req->rq_repbuf_len);
1028 if (req->rq_reply_off == 0 &&
1029 (lustre_msghdr_get_flags(req->rq_reqmsg) & MSGHDR_AT_SUPPORT)) {
1030 CERROR("real reply with offset 0\n");
1034 if (req->rq_reply_off % 8 != 0) {
1035 CERROR("reply at odd offset %u\n", req->rq_reply_off);
1039 req->rq_repdata = (struct lustre_msg *)
1040 (req->rq_repbuf + req->rq_reply_off);
1041 req->rq_repdata_len = req->rq_nob_received;
1043 return do_cli_unwrap_reply(req);
1047 * Used by ptlrpc client, to perform security transformation upon the early
1048 * reply message of \a req. We expect the rq_reply_off is 0, and
1049 * rq_nob_received is the early reply size.
1051 * Because the receive buffer might be still posted, the reply data might be
1052 * changed at any time, no matter we're holding rq_lock or not. For this reason
1053 * we allocate a separate ptlrpc_request and reply buffer for early reply
1056 * \retval 0 success, \a req_ret is filled with a duplicated ptlrpc_request.
1057 * Later the caller must call sptlrpc_cli_finish_early_reply() on the returned
1058 * \a *req_ret to release it.
1059 * \retval -ev error number, and \a req_ret will not be set.
1061 int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
1062 struct ptlrpc_request **req_ret)
1064 struct ptlrpc_request *early_req;
1066 int early_bufsz, early_size;
1069 early_req = ptlrpc_request_cache_alloc(GFP_NOFS);
1073 ptlrpc_cli_req_init(early_req);
1075 early_size = req->rq_nob_received;
1076 early_bufsz = size_roundup_power2(early_size);
1077 early_buf = libcfs_kvzalloc(early_bufsz, GFP_NOFS);
1083 /* sanity checkings and copy data out, do it inside spinlock */
1084 spin_lock(&req->rq_lock);
1086 if (req->rq_replied) {
1087 spin_unlock(&req->rq_lock);
1092 LASSERT(req->rq_repbuf);
1093 LASSERT(!req->rq_repdata);
1094 LASSERT(!req->rq_repmsg);
1096 if (req->rq_reply_off != 0) {
1097 CERROR("early reply with offset %u\n", req->rq_reply_off);
1098 spin_unlock(&req->rq_lock);
1103 if (req->rq_nob_received != early_size) {
1104 /* even another early arrived the size should be the same */
1105 CERROR("data size has changed from %u to %u\n",
1106 early_size, req->rq_nob_received);
1107 spin_unlock(&req->rq_lock);
1112 if (req->rq_nob_received < sizeof(struct lustre_msg)) {
1113 CERROR("early reply length %d too small\n",
1114 req->rq_nob_received);
1115 spin_unlock(&req->rq_lock);
1120 memcpy(early_buf, req->rq_repbuf, early_size);
1121 spin_unlock(&req->rq_lock);
1123 early_req->rq_cli_ctx = sptlrpc_cli_ctx_get(req->rq_cli_ctx);
1124 early_req->rq_flvr = req->rq_flvr;
1125 early_req->rq_repbuf = early_buf;
1126 early_req->rq_repbuf_len = early_bufsz;
1127 early_req->rq_repdata = (struct lustre_msg *)early_buf;
1128 early_req->rq_repdata_len = early_size;
1129 early_req->rq_early = 1;
1130 early_req->rq_reqmsg = req->rq_reqmsg;
1132 rc = do_cli_unwrap_reply(early_req);
1134 DEBUG_REQ(D_ADAPTTO, early_req,
1135 "error %d unwrap early reply", rc);
1139 LASSERT(early_req->rq_repmsg);
1140 *req_ret = early_req;
1144 sptlrpc_cli_ctx_put(early_req->rq_cli_ctx, 1);
1148 ptlrpc_request_cache_free(early_req);
1153 * Used by ptlrpc client, to release a processed early reply \a early_req.
1155 * \pre \a early_req was obtained from calling sptlrpc_cli_unwrap_early_reply().
1157 void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req)
1159 LASSERT(early_req->rq_repbuf);
1160 LASSERT(early_req->rq_repdata);
1161 LASSERT(early_req->rq_repmsg);
1163 sptlrpc_cli_ctx_put(early_req->rq_cli_ctx, 1);
1164 kvfree(early_req->rq_repbuf);
1165 ptlrpc_request_cache_free(early_req);
1168 /**************************************************
1170 **************************************************/
1173 * "fixed" sec (e.g. null) use sec_id < 0
1175 static atomic_t sptlrpc_sec_id = ATOMIC_INIT(1);
1177 int sptlrpc_get_next_secid(void)
1179 return atomic_inc_return(&sptlrpc_sec_id);
1181 EXPORT_SYMBOL(sptlrpc_get_next_secid);
1183 /**************************************************
1184 * client side high-level security APIs *
1185 **************************************************/
1187 static int sec_cop_flush_ctx_cache(struct ptlrpc_sec *sec, uid_t uid,
1188 int grace, int force)
1190 struct ptlrpc_sec_policy *policy = sec->ps_policy;
1192 LASSERT(policy->sp_cops);
1193 LASSERT(policy->sp_cops->flush_ctx_cache);
1195 return policy->sp_cops->flush_ctx_cache(sec, uid, grace, force);
1198 static void sec_cop_destroy_sec(struct ptlrpc_sec *sec)
1200 struct ptlrpc_sec_policy *policy = sec->ps_policy;
1202 LASSERT_ATOMIC_ZERO(&sec->ps_refcount);
1203 LASSERT_ATOMIC_ZERO(&sec->ps_nctx);
1204 LASSERT(policy->sp_cops->destroy_sec);
1206 CDEBUG(D_SEC, "%s@%p: being destroyed\n", sec->ps_policy->sp_name, sec);
1208 policy->sp_cops->destroy_sec(sec);
1209 sptlrpc_policy_put(policy);
1212 static void sptlrpc_sec_kill(struct ptlrpc_sec *sec)
1214 LASSERT_ATOMIC_POS(&sec->ps_refcount);
1216 if (sec->ps_policy->sp_cops->kill_sec) {
1217 sec->ps_policy->sp_cops->kill_sec(sec);
1219 sec_cop_flush_ctx_cache(sec, -1, 1, 1);
1223 static struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec)
1226 atomic_inc(&sec->ps_refcount);
1231 void sptlrpc_sec_put(struct ptlrpc_sec *sec)
1234 LASSERT_ATOMIC_POS(&sec->ps_refcount);
1236 if (atomic_dec_and_test(&sec->ps_refcount)) {
1237 sptlrpc_gc_del_sec(sec);
1238 sec_cop_destroy_sec(sec);
1242 EXPORT_SYMBOL(sptlrpc_sec_put);
1245 * policy module is responsible for taking reference of import
1248 struct ptlrpc_sec *sptlrpc_sec_create(struct obd_import *imp,
1249 struct ptlrpc_svc_ctx *svc_ctx,
1250 struct sptlrpc_flavor *sf,
1251 enum lustre_sec_part sp)
1253 struct ptlrpc_sec_policy *policy;
1254 struct ptlrpc_sec *sec;
1258 LASSERT(imp->imp_dlm_fake == 1);
1260 CDEBUG(D_SEC, "%s %s: reverse sec using flavor %s\n",
1261 imp->imp_obd->obd_type->typ_name,
1262 imp->imp_obd->obd_name,
1263 sptlrpc_flavor2name(sf, str, sizeof(str)));
1265 policy = sptlrpc_policy_get(svc_ctx->sc_policy);
1266 sf->sf_flags |= PTLRPC_SEC_FL_REVERSE | PTLRPC_SEC_FL_ROOTONLY;
1268 LASSERT(imp->imp_dlm_fake == 0);
1270 CDEBUG(D_SEC, "%s %s: select security flavor %s\n",
1271 imp->imp_obd->obd_type->typ_name,
1272 imp->imp_obd->obd_name,
1273 sptlrpc_flavor2name(sf, str, sizeof(str)));
1275 policy = sptlrpc_wireflavor2policy(sf->sf_rpc);
1277 CERROR("invalid flavor 0x%x\n", sf->sf_rpc);
1282 sec = policy->sp_cops->create_sec(imp, svc_ctx, sf);
1284 atomic_inc(&sec->ps_refcount);
1288 if (sec->ps_gc_interval && policy->sp_cops->gc_ctx)
1289 sptlrpc_gc_add_sec(sec);
1291 sptlrpc_policy_put(policy);
1297 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp)
1299 struct ptlrpc_sec *sec;
1301 spin_lock(&imp->imp_lock);
1302 sec = sptlrpc_sec_get(imp->imp_sec);
1303 spin_unlock(&imp->imp_lock);
1307 EXPORT_SYMBOL(sptlrpc_import_sec_ref);
1309 static void sptlrpc_import_sec_install(struct obd_import *imp,
1310 struct ptlrpc_sec *sec)
1312 struct ptlrpc_sec *old_sec;
1314 LASSERT_ATOMIC_POS(&sec->ps_refcount);
1316 spin_lock(&imp->imp_lock);
1317 old_sec = imp->imp_sec;
1319 spin_unlock(&imp->imp_lock);
1322 sptlrpc_sec_kill(old_sec);
1324 /* balance the ref taken by this import */
1325 sptlrpc_sec_put(old_sec);
1330 int flavor_equal(struct sptlrpc_flavor *sf1, struct sptlrpc_flavor *sf2)
1332 return (memcmp(sf1, sf2, sizeof(*sf1)) == 0);
1336 void flavor_copy(struct sptlrpc_flavor *dst, struct sptlrpc_flavor *src)
1341 static void sptlrpc_import_sec_adapt_inplace(struct obd_import *imp,
1342 struct ptlrpc_sec *sec,
1343 struct sptlrpc_flavor *sf)
1345 char str1[32], str2[32];
1347 if (sec->ps_flvr.sf_flags != sf->sf_flags)
1348 CDEBUG(D_SEC, "changing sec flags: %s -> %s\n",
1349 sptlrpc_secflags2str(sec->ps_flvr.sf_flags,
1350 str1, sizeof(str1)),
1351 sptlrpc_secflags2str(sf->sf_flags,
1352 str2, sizeof(str2)));
1354 spin_lock(&sec->ps_lock);
1355 flavor_copy(&sec->ps_flvr, sf);
1356 spin_unlock(&sec->ps_lock);
1360 * To get an appropriate ptlrpc_sec for the \a imp, according to the current
1361 * configuration. Upon called, imp->imp_sec may or may not be NULL.
1363 * - regular import: \a svc_ctx should be NULL and \a flvr is ignored;
1364 * - reverse import: \a svc_ctx and \a flvr are obtained from incoming request.
1366 int sptlrpc_import_sec_adapt(struct obd_import *imp,
1367 struct ptlrpc_svc_ctx *svc_ctx,
1368 struct sptlrpc_flavor *flvr)
1370 struct ptlrpc_connection *conn;
1371 struct sptlrpc_flavor sf;
1372 struct ptlrpc_sec *sec, *newsec;
1373 enum lustre_sec_part sp;
1382 conn = imp->imp_connection;
1385 struct client_obd *cliobd = &imp->imp_obd->u.cli;
1387 * normal import, determine flavor from rule set, except
1388 * for mgc the flavor is predetermined.
1390 if (cliobd->cl_sp_me == LUSTRE_SP_MGC)
1391 sf = cliobd->cl_flvr_mgc;
1393 sptlrpc_conf_choose_flavor(cliobd->cl_sp_me,
1395 &cliobd->cl_target_uuid,
1398 sp = imp->imp_obd->u.cli.cl_sp_me;
1400 /* reverse import, determine flavor from incoming request */
1403 if (sf.sf_rpc != SPTLRPC_FLVR_NULL)
1404 sf.sf_flags = PTLRPC_SEC_FL_REVERSE |
1405 PTLRPC_SEC_FL_ROOTONLY;
1407 sp = sptlrpc_target_sec_part(imp->imp_obd);
1410 sec = sptlrpc_import_sec_ref(imp);
1414 if (flavor_equal(&sf, &sec->ps_flvr))
1417 CDEBUG(D_SEC, "import %s->%s: changing flavor %s -> %s\n",
1418 imp->imp_obd->obd_name,
1419 obd_uuid2str(&conn->c_remote_uuid),
1420 sptlrpc_flavor2name(&sec->ps_flvr, str, sizeof(str)),
1421 sptlrpc_flavor2name(&sf, str2, sizeof(str2)));
1423 if (SPTLRPC_FLVR_POLICY(sf.sf_rpc) ==
1424 SPTLRPC_FLVR_POLICY(sec->ps_flvr.sf_rpc) &&
1425 SPTLRPC_FLVR_MECH(sf.sf_rpc) ==
1426 SPTLRPC_FLVR_MECH(sec->ps_flvr.sf_rpc)) {
1427 sptlrpc_import_sec_adapt_inplace(imp, sec, &sf);
1430 } else if (SPTLRPC_FLVR_BASE(sf.sf_rpc) !=
1431 SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_NULL)) {
1432 CDEBUG(D_SEC, "import %s->%s netid %x: select flavor %s\n",
1433 imp->imp_obd->obd_name,
1434 obd_uuid2str(&conn->c_remote_uuid),
1435 LNET_NIDNET(conn->c_self),
1436 sptlrpc_flavor2name(&sf, str, sizeof(str)));
1439 mutex_lock(&imp->imp_sec_mutex);
1441 newsec = sptlrpc_sec_create(imp, svc_ctx, &sf, sp);
1443 sptlrpc_import_sec_install(imp, newsec);
1445 CERROR("import %s->%s: failed to create new sec\n",
1446 imp->imp_obd->obd_name,
1447 obd_uuid2str(&conn->c_remote_uuid));
1451 mutex_unlock(&imp->imp_sec_mutex);
1453 sptlrpc_sec_put(sec);
1457 void sptlrpc_import_sec_put(struct obd_import *imp)
1460 sptlrpc_sec_kill(imp->imp_sec);
1462 sptlrpc_sec_put(imp->imp_sec);
1463 imp->imp_sec = NULL;
1467 static void import_flush_ctx_common(struct obd_import *imp,
1468 uid_t uid, int grace, int force)
1470 struct ptlrpc_sec *sec;
1475 sec = sptlrpc_import_sec_ref(imp);
1479 sec_cop_flush_ctx_cache(sec, uid, grace, force);
1480 sptlrpc_sec_put(sec);
1483 void sptlrpc_import_flush_my_ctx(struct obd_import *imp)
1485 import_flush_ctx_common(imp, from_kuid(&init_user_ns, current_uid()),
1488 EXPORT_SYMBOL(sptlrpc_import_flush_my_ctx);
1490 void sptlrpc_import_flush_all_ctx(struct obd_import *imp)
1492 import_flush_ctx_common(imp, -1, 1, 1);
1494 EXPORT_SYMBOL(sptlrpc_import_flush_all_ctx);
1497 * Used by ptlrpc client to allocate request buffer of \a req. Upon return
1498 * successfully, req->rq_reqmsg points to a buffer with size \a msgsize.
1500 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize)
1502 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1503 struct ptlrpc_sec_policy *policy;
1507 LASSERT(ctx->cc_sec);
1508 LASSERT(ctx->cc_sec->ps_policy);
1509 LASSERT(!req->rq_reqmsg);
1510 LASSERT_ATOMIC_POS(&ctx->cc_refcount);
1512 policy = ctx->cc_sec->ps_policy;
1513 rc = policy->sp_cops->alloc_reqbuf(ctx->cc_sec, req, msgsize);
1515 LASSERT(req->rq_reqmsg);
1516 LASSERT(req->rq_reqbuf || req->rq_clrbuf);
1518 /* zeroing preallocated buffer */
1520 memset(req->rq_reqmsg, 0, msgsize);
1527 * Used by ptlrpc client to free request buffer of \a req. After this
1528 * req->rq_reqmsg is set to NULL and should not be accessed anymore.
1530 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req)
1532 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1533 struct ptlrpc_sec_policy *policy;
1536 LASSERT(ctx->cc_sec);
1537 LASSERT(ctx->cc_sec->ps_policy);
1538 LASSERT_ATOMIC_POS(&ctx->cc_refcount);
1540 if (!req->rq_reqbuf && !req->rq_clrbuf)
1543 policy = ctx->cc_sec->ps_policy;
1544 policy->sp_cops->free_reqbuf(ctx->cc_sec, req);
1545 req->rq_reqmsg = NULL;
1549 * NOTE caller must guarantee the buffer size is enough for the enlargement
1551 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
1552 int segment, int newsize)
1555 int oldsize, oldmsg_size, movesize;
1557 LASSERT(segment < msg->lm_bufcount);
1558 LASSERT(msg->lm_buflens[segment] <= newsize);
1560 if (msg->lm_buflens[segment] == newsize)
1563 /* nothing to do if we are enlarging the last segment */
1564 if (segment == msg->lm_bufcount - 1) {
1565 msg->lm_buflens[segment] = newsize;
1569 oldsize = msg->lm_buflens[segment];
1571 src = lustre_msg_buf(msg, segment + 1, 0);
1572 msg->lm_buflens[segment] = newsize;
1573 dst = lustre_msg_buf(msg, segment + 1, 0);
1574 msg->lm_buflens[segment] = oldsize;
1576 /* move from segment + 1 to end segment */
1577 LASSERT(msg->lm_magic == LUSTRE_MSG_MAGIC_V2);
1578 oldmsg_size = lustre_msg_size_v2(msg->lm_bufcount, msg->lm_buflens);
1579 movesize = oldmsg_size - ((unsigned long)src - (unsigned long)msg);
1580 LASSERT(movesize >= 0);
1583 memmove(dst, src, movesize);
1585 /* note we don't clear the ares where old data live, not secret */
1587 /* finally set new segment size */
1588 msg->lm_buflens[segment] = newsize;
1590 EXPORT_SYMBOL(_sptlrpc_enlarge_msg_inplace);
1593 * Used by ptlrpc client to enlarge the \a segment of request message pointed
1594 * by req->rq_reqmsg to size \a newsize, all previously filled-in data will be
1595 * preserved after the enlargement. this must be called after original request
1596 * buffer being allocated.
1598 * \note after this be called, rq_reqmsg and rq_reqlen might have been changed,
1599 * so caller should refresh its local pointers if needed.
1601 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
1602 int segment, int newsize)
1604 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1605 struct ptlrpc_sec_cops *cops;
1606 struct lustre_msg *msg = req->rq_reqmsg;
1610 LASSERT(msg->lm_bufcount > segment);
1611 LASSERT(msg->lm_buflens[segment] <= newsize);
1613 if (msg->lm_buflens[segment] == newsize)
1616 cops = ctx->cc_sec->ps_policy->sp_cops;
1617 LASSERT(cops->enlarge_reqbuf);
1618 return cops->enlarge_reqbuf(ctx->cc_sec, req, segment, newsize);
1620 EXPORT_SYMBOL(sptlrpc_cli_enlarge_reqbuf);
1623 * Used by ptlrpc client to allocate reply buffer of \a req.
1625 * \note After this, req->rq_repmsg is still not accessible.
1627 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize)
1629 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1630 struct ptlrpc_sec_policy *policy;
1633 LASSERT(ctx->cc_sec);
1634 LASSERT(ctx->cc_sec->ps_policy);
1639 policy = ctx->cc_sec->ps_policy;
1640 return policy->sp_cops->alloc_repbuf(ctx->cc_sec, req, msgsize);
1644 * Used by ptlrpc client to free reply buffer of \a req. After this
1645 * req->rq_repmsg is set to NULL and should not be accessed anymore.
1647 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req)
1649 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1650 struct ptlrpc_sec_policy *policy;
1653 LASSERT(ctx->cc_sec);
1654 LASSERT(ctx->cc_sec->ps_policy);
1655 LASSERT_ATOMIC_POS(&ctx->cc_refcount);
1657 if (!req->rq_repbuf)
1659 LASSERT(req->rq_repbuf_len);
1661 policy = ctx->cc_sec->ps_policy;
1662 policy->sp_cops->free_repbuf(ctx->cc_sec, req);
1663 req->rq_repmsg = NULL;
1666 static int sptlrpc_svc_install_rvs_ctx(struct obd_import *imp,
1667 struct ptlrpc_svc_ctx *ctx)
1669 struct ptlrpc_sec_policy *policy = ctx->sc_policy;
1671 if (!policy->sp_sops->install_rctx)
1673 return policy->sp_sops->install_rctx(imp, ctx);
1676 /****************************************
1677 * server side security *
1678 ****************************************/
1680 static int flavor_allowed(struct sptlrpc_flavor *exp,
1681 struct ptlrpc_request *req)
1683 struct sptlrpc_flavor *flvr = &req->rq_flvr;
1685 if (exp->sf_rpc == SPTLRPC_FLVR_ANY || exp->sf_rpc == flvr->sf_rpc)
1688 if ((req->rq_ctx_init || req->rq_ctx_fini) &&
1689 SPTLRPC_FLVR_POLICY(exp->sf_rpc) ==
1690 SPTLRPC_FLVR_POLICY(flvr->sf_rpc) &&
1691 SPTLRPC_FLVR_MECH(exp->sf_rpc) == SPTLRPC_FLVR_MECH(flvr->sf_rpc))
1697 #define EXP_FLVR_UPDATE_EXPIRE (OBD_TIMEOUT_DEFAULT + 10)
1700 * Given an export \a exp, check whether the flavor of incoming \a req
1701 * is allowed by the export \a exp. Main logic is about taking care of
1702 * changing configurations. Return 0 means success.
1704 int sptlrpc_target_export_check(struct obd_export *exp,
1705 struct ptlrpc_request *req)
1707 struct sptlrpc_flavor flavor;
1712 /* client side export has no imp_reverse, skip
1713 * FIXME maybe we should check flavor this as well???
1715 if (!exp->exp_imp_reverse)
1718 /* don't care about ctx fini rpc */
1719 if (req->rq_ctx_fini)
1722 spin_lock(&exp->exp_lock);
1724 /* if flavor just changed (exp->exp_flvr_changed != 0), we wait for
1725 * the first req with the new flavor, then treat it as current flavor,
1726 * adapt reverse sec according to it.
1727 * note the first rpc with new flavor might not be with root ctx, in
1728 * which case delay the sec_adapt by leaving exp_flvr_adapt == 1.
1730 if (unlikely(exp->exp_flvr_changed) &&
1731 flavor_allowed(&exp->exp_flvr_old[1], req)) {
1732 /* make the new flavor as "current", and old ones as
1735 CDEBUG(D_SEC, "exp %p: just changed: %x->%x\n", exp,
1736 exp->exp_flvr.sf_rpc, exp->exp_flvr_old[1].sf_rpc);
1737 flavor = exp->exp_flvr_old[1];
1738 exp->exp_flvr_old[1] = exp->exp_flvr_old[0];
1739 exp->exp_flvr_expire[1] = exp->exp_flvr_expire[0];
1740 exp->exp_flvr_old[0] = exp->exp_flvr;
1741 exp->exp_flvr_expire[0] = ktime_get_real_seconds() +
1742 EXP_FLVR_UPDATE_EXPIRE;
1743 exp->exp_flvr = flavor;
1745 /* flavor change finished */
1746 exp->exp_flvr_changed = 0;
1747 LASSERT(exp->exp_flvr_adapt == 1);
1749 /* if it's gss, we only interested in root ctx init */
1750 if (req->rq_auth_gss &&
1751 !(req->rq_ctx_init &&
1752 (req->rq_auth_usr_root || req->rq_auth_usr_mdt ||
1753 req->rq_auth_usr_ost))) {
1754 spin_unlock(&exp->exp_lock);
1755 CDEBUG(D_SEC, "is good but not root(%d:%d:%d:%d:%d)\n",
1756 req->rq_auth_gss, req->rq_ctx_init,
1757 req->rq_auth_usr_root, req->rq_auth_usr_mdt,
1758 req->rq_auth_usr_ost);
1762 exp->exp_flvr_adapt = 0;
1763 spin_unlock(&exp->exp_lock);
1765 return sptlrpc_import_sec_adapt(exp->exp_imp_reverse,
1766 req->rq_svc_ctx, &flavor);
1769 /* if it equals to the current flavor, we accept it, but need to
1770 * dealing with reverse sec/ctx
1772 if (likely(flavor_allowed(&exp->exp_flvr, req))) {
1773 /* most cases should return here, we only interested in
1776 if (!req->rq_auth_gss || !req->rq_ctx_init ||
1777 (!req->rq_auth_usr_root && !req->rq_auth_usr_mdt &&
1778 !req->rq_auth_usr_ost)) {
1779 spin_unlock(&exp->exp_lock);
1783 /* if flavor just changed, we should not proceed, just leave
1784 * it and current flavor will be discovered and replaced
1785 * shortly, and let _this_ rpc pass through
1787 if (exp->exp_flvr_changed) {
1788 LASSERT(exp->exp_flvr_adapt);
1789 spin_unlock(&exp->exp_lock);
1793 if (exp->exp_flvr_adapt) {
1794 exp->exp_flvr_adapt = 0;
1795 CDEBUG(D_SEC, "exp %p (%x|%x|%x): do delayed adapt\n",
1796 exp, exp->exp_flvr.sf_rpc,
1797 exp->exp_flvr_old[0].sf_rpc,
1798 exp->exp_flvr_old[1].sf_rpc);
1799 flavor = exp->exp_flvr;
1800 spin_unlock(&exp->exp_lock);
1802 return sptlrpc_import_sec_adapt(exp->exp_imp_reverse,
1806 CDEBUG(D_SEC, "exp %p (%x|%x|%x): is current flavor, install rvs ctx\n",
1807 exp, exp->exp_flvr.sf_rpc,
1808 exp->exp_flvr_old[0].sf_rpc,
1809 exp->exp_flvr_old[1].sf_rpc);
1810 spin_unlock(&exp->exp_lock);
1812 return sptlrpc_svc_install_rvs_ctx(exp->exp_imp_reverse,
1817 if (exp->exp_flvr_expire[0]) {
1818 if (exp->exp_flvr_expire[0] >= ktime_get_real_seconds()) {
1819 if (flavor_allowed(&exp->exp_flvr_old[0], req)) {
1820 CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the middle one (%lld)\n", exp,
1821 exp->exp_flvr.sf_rpc,
1822 exp->exp_flvr_old[0].sf_rpc,
1823 exp->exp_flvr_old[1].sf_rpc,
1824 (s64)(exp->exp_flvr_expire[0] -
1825 ktime_get_real_seconds()));
1826 spin_unlock(&exp->exp_lock);
1830 CDEBUG(D_SEC, "mark middle expired\n");
1831 exp->exp_flvr_expire[0] = 0;
1833 CDEBUG(D_SEC, "exp %p (%x|%x|%x): %x not match middle\n", exp,
1834 exp->exp_flvr.sf_rpc,
1835 exp->exp_flvr_old[0].sf_rpc, exp->exp_flvr_old[1].sf_rpc,
1836 req->rq_flvr.sf_rpc);
1839 /* now it doesn't match the current flavor, the only chance we can
1840 * accept it is match the old flavors which is not expired.
1842 if (exp->exp_flvr_changed == 0 && exp->exp_flvr_expire[1]) {
1843 if (exp->exp_flvr_expire[1] >= ktime_get_real_seconds()) {
1844 if (flavor_allowed(&exp->exp_flvr_old[1], req)) {
1845 CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the oldest one (%lld)\n",
1847 exp->exp_flvr.sf_rpc,
1848 exp->exp_flvr_old[0].sf_rpc,
1849 exp->exp_flvr_old[1].sf_rpc,
1850 (s64)(exp->exp_flvr_expire[1] -
1851 ktime_get_real_seconds()));
1852 spin_unlock(&exp->exp_lock);
1856 CDEBUG(D_SEC, "mark oldest expired\n");
1857 exp->exp_flvr_expire[1] = 0;
1859 CDEBUG(D_SEC, "exp %p (%x|%x|%x): %x not match found\n",
1860 exp, exp->exp_flvr.sf_rpc,
1861 exp->exp_flvr_old[0].sf_rpc, exp->exp_flvr_old[1].sf_rpc,
1862 req->rq_flvr.sf_rpc);
1864 CDEBUG(D_SEC, "exp %p (%x|%x|%x): skip the last one\n",
1865 exp, exp->exp_flvr.sf_rpc, exp->exp_flvr_old[0].sf_rpc,
1866 exp->exp_flvr_old[1].sf_rpc);
1869 spin_unlock(&exp->exp_lock);
1871 CWARN("exp %p(%s): req %p (%u|%u|%u|%u|%u|%u) with unauthorized flavor %x, expect %x|%x(%+lld)|%x(%+lld)\n",
1872 exp, exp->exp_obd->obd_name,
1873 req, req->rq_auth_gss, req->rq_ctx_init, req->rq_ctx_fini,
1874 req->rq_auth_usr_root, req->rq_auth_usr_mdt, req->rq_auth_usr_ost,
1875 req->rq_flvr.sf_rpc,
1876 exp->exp_flvr.sf_rpc,
1877 exp->exp_flvr_old[0].sf_rpc,
1878 exp->exp_flvr_expire[0] ?
1879 (s64)(exp->exp_flvr_expire[0] - ktime_get_real_seconds()) : 0,
1880 exp->exp_flvr_old[1].sf_rpc,
1881 exp->exp_flvr_expire[1] ?
1882 (s64)(exp->exp_flvr_expire[1] - ktime_get_real_seconds()) : 0);
1885 EXPORT_SYMBOL(sptlrpc_target_export_check);
1887 static int sptlrpc_svc_check_from(struct ptlrpc_request *req, int svc_rc)
1889 /* peer's claim is unreliable unless gss is being used */
1890 if (!req->rq_auth_gss || svc_rc == SECSVC_DROP)
1893 switch (req->rq_sp_from) {
1895 if (req->rq_auth_usr_mdt || req->rq_auth_usr_ost) {
1896 DEBUG_REQ(D_ERROR, req, "faked source CLI");
1897 svc_rc = SECSVC_DROP;
1901 if (!req->rq_auth_usr_mdt) {
1902 DEBUG_REQ(D_ERROR, req, "faked source MDT");
1903 svc_rc = SECSVC_DROP;
1907 if (!req->rq_auth_usr_ost) {
1908 DEBUG_REQ(D_ERROR, req, "faked source OST");
1909 svc_rc = SECSVC_DROP;
1914 if (!req->rq_auth_usr_root && !req->rq_auth_usr_mdt &&
1915 !req->rq_auth_usr_ost) {
1916 DEBUG_REQ(D_ERROR, req, "faked source MGC/MGS");
1917 svc_rc = SECSVC_DROP;
1922 DEBUG_REQ(D_ERROR, req, "invalid source %u", req->rq_sp_from);
1923 svc_rc = SECSVC_DROP;
1930 * Used by ptlrpc server, to perform transformation upon request message of
1931 * incoming \a req. This must be the first thing to do with a incoming
1932 * request in ptlrpc layer.
1934 * \retval SECSVC_OK success, and req->rq_reqmsg point to request message in
1935 * clear text, size is req->rq_reqlen; also req->rq_svc_ctx is set.
1936 * \retval SECSVC_COMPLETE success, the request has been fully processed, and
1937 * reply message has been prepared.
1938 * \retval SECSVC_DROP failed, this request should be dropped.
1940 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req)
1942 struct ptlrpc_sec_policy *policy;
1943 struct lustre_msg *msg = req->rq_reqbuf;
1947 LASSERT(!req->rq_reqmsg);
1948 LASSERT(!req->rq_repmsg);
1949 LASSERT(!req->rq_svc_ctx);
1951 req->rq_req_swab_mask = 0;
1953 rc = __lustre_unpack_msg(msg, req->rq_reqdata_len);
1956 lustre_set_req_swabbed(req, MSG_PTLRPC_HEADER_OFF);
1960 CERROR("error unpacking request from %s x%llu\n",
1961 libcfs_id2str(req->rq_peer), req->rq_xid);
1965 req->rq_flvr.sf_rpc = WIRE_FLVR(msg->lm_secflvr);
1966 req->rq_sp_from = LUSTRE_SP_ANY;
1967 req->rq_auth_uid = -1;
1968 req->rq_auth_mapped_uid = -1;
1970 policy = sptlrpc_wireflavor2policy(req->rq_flvr.sf_rpc);
1972 CERROR("unsupported rpc flavor %x\n", req->rq_flvr.sf_rpc);
1976 LASSERT(policy->sp_sops->accept);
1977 rc = policy->sp_sops->accept(req);
1978 sptlrpc_policy_put(policy);
1979 LASSERT(req->rq_reqmsg || rc != SECSVC_OK);
1980 LASSERT(req->rq_svc_ctx || rc == SECSVC_DROP);
1983 * if it's not null flavor (which means embedded packing msg),
1984 * reset the swab mask for the coming inner msg unpacking.
1986 if (SPTLRPC_FLVR_POLICY(req->rq_flvr.sf_rpc) != SPTLRPC_POLICY_NULL)
1987 req->rq_req_swab_mask = 0;
1989 /* sanity check for the request source */
1990 rc = sptlrpc_svc_check_from(req, rc);
1995 * Used by ptlrpc server, to allocate reply buffer for \a req. If succeed,
1996 * req->rq_reply_state is set, and req->rq_reply_state->rs_msg point to
1997 * a buffer of \a msglen size.
1999 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen)
2001 struct ptlrpc_sec_policy *policy;
2002 struct ptlrpc_reply_state *rs;
2005 LASSERT(req->rq_svc_ctx);
2006 LASSERT(req->rq_svc_ctx->sc_policy);
2008 policy = req->rq_svc_ctx->sc_policy;
2009 LASSERT(policy->sp_sops->alloc_rs);
2011 rc = policy->sp_sops->alloc_rs(req, msglen);
2012 if (unlikely(rc == -ENOMEM)) {
2013 struct ptlrpc_service_part *svcpt = req->rq_rqbd->rqbd_svcpt;
2015 if (svcpt->scp_service->srv_max_reply_size <
2016 msglen + sizeof(struct ptlrpc_reply_state)) {
2017 /* Just return failure if the size is too big */
2018 CERROR("size of message is too big (%zd), %d allowed\n",
2019 msglen + sizeof(struct ptlrpc_reply_state),
2020 svcpt->scp_service->srv_max_reply_size);
2024 /* failed alloc, try emergency pool */
2025 rs = lustre_get_emerg_rs(svcpt);
2029 req->rq_reply_state = rs;
2030 rc = policy->sp_sops->alloc_rs(req, msglen);
2032 lustre_put_emerg_rs(rs);
2033 req->rq_reply_state = NULL;
2038 (req->rq_reply_state && req->rq_reply_state->rs_msg));
2044 * Used by ptlrpc server, to perform transformation upon reply message.
2046 * \post req->rq_reply_off is set to appropriate server-controlled reply offset.
2047 * \post req->rq_repmsg and req->rq_reply_state->rs_msg becomes inaccessible.
2049 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req)
2051 struct ptlrpc_sec_policy *policy;
2054 LASSERT(req->rq_svc_ctx);
2055 LASSERT(req->rq_svc_ctx->sc_policy);
2057 policy = req->rq_svc_ctx->sc_policy;
2058 LASSERT(policy->sp_sops->authorize);
2060 rc = policy->sp_sops->authorize(req);
2061 LASSERT(rc || req->rq_reply_state->rs_repdata_len);
2067 * Used by ptlrpc server, to free reply_state.
2069 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs)
2071 struct ptlrpc_sec_policy *policy;
2072 unsigned int prealloc;
2074 LASSERT(rs->rs_svc_ctx);
2075 LASSERT(rs->rs_svc_ctx->sc_policy);
2077 policy = rs->rs_svc_ctx->sc_policy;
2078 LASSERT(policy->sp_sops->free_rs);
2080 prealloc = rs->rs_prealloc;
2081 policy->sp_sops->free_rs(rs);
2084 lustre_put_emerg_rs(rs);
2087 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req)
2089 struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
2092 atomic_inc(&ctx->sc_refcount);
2095 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req)
2097 struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
2102 LASSERT_ATOMIC_POS(&ctx->sc_refcount);
2103 if (atomic_dec_and_test(&ctx->sc_refcount)) {
2104 if (ctx->sc_policy->sp_sops->free_ctx)
2105 ctx->sc_policy->sp_sops->free_ctx(ctx);
2107 req->rq_svc_ctx = NULL;
2110 /****************************************
2112 ****************************************/
2115 * Perform transformation upon bulk data pointed by \a desc. This is called
2116 * before transforming the request message.
2118 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
2119 struct ptlrpc_bulk_desc *desc)
2121 struct ptlrpc_cli_ctx *ctx;
2123 LASSERT(req->rq_bulk_read || req->rq_bulk_write);
2125 if (!req->rq_pack_bulk)
2128 ctx = req->rq_cli_ctx;
2129 if (ctx->cc_ops->wrap_bulk)
2130 return ctx->cc_ops->wrap_bulk(ctx, req, desc);
2133 EXPORT_SYMBOL(sptlrpc_cli_wrap_bulk);
2136 * This is called after unwrap the reply message.
2137 * return nob of actual plain text size received, or error code.
2139 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
2140 struct ptlrpc_bulk_desc *desc,
2143 struct ptlrpc_cli_ctx *ctx;
2146 LASSERT(req->rq_bulk_read && !req->rq_bulk_write);
2148 if (!req->rq_pack_bulk)
2149 return desc->bd_nob_transferred;
2151 ctx = req->rq_cli_ctx;
2152 if (ctx->cc_ops->unwrap_bulk) {
2153 rc = ctx->cc_ops->unwrap_bulk(ctx, req, desc);
2157 return desc->bd_nob_transferred;
2159 EXPORT_SYMBOL(sptlrpc_cli_unwrap_bulk_read);
2162 * This is called after unwrap the reply message.
2163 * return 0 for success or error code.
2165 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
2166 struct ptlrpc_bulk_desc *desc)
2168 struct ptlrpc_cli_ctx *ctx;
2171 LASSERT(!req->rq_bulk_read && req->rq_bulk_write);
2173 if (!req->rq_pack_bulk)
2176 ctx = req->rq_cli_ctx;
2177 if (ctx->cc_ops->unwrap_bulk) {
2178 rc = ctx->cc_ops->unwrap_bulk(ctx, req, desc);
2184 * if everything is going right, nob should equals to nob_transferred.
2185 * in case of privacy mode, nob_transferred needs to be adjusted.
2187 if (desc->bd_nob != desc->bd_nob_transferred) {
2188 CERROR("nob %d doesn't match transferred nob %d\n",
2189 desc->bd_nob, desc->bd_nob_transferred);
2195 EXPORT_SYMBOL(sptlrpc_cli_unwrap_bulk_write);
2197 /****************************************
2198 * user descriptor helpers *
2199 ****************************************/
2201 int sptlrpc_current_user_desc_size(void)
2205 ngroups = current_ngroups;
2207 if (ngroups > LUSTRE_MAX_GROUPS)
2208 ngroups = LUSTRE_MAX_GROUPS;
2209 return sptlrpc_user_desc_size(ngroups);
2211 EXPORT_SYMBOL(sptlrpc_current_user_desc_size);
2213 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset)
2215 struct ptlrpc_user_desc *pud;
2217 pud = lustre_msg_buf(msg, offset, 0);
2222 pud->pud_uid = from_kuid(&init_user_ns, current_uid());
2223 pud->pud_gid = from_kgid(&init_user_ns, current_gid());
2224 pud->pud_fsuid = from_kuid(&init_user_ns, current_fsuid());
2225 pud->pud_fsgid = from_kgid(&init_user_ns, current_fsgid());
2226 pud->pud_cap = cfs_curproc_cap_pack();
2227 pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;
2230 if (pud->pud_ngroups > current_ngroups)
2231 pud->pud_ngroups = current_ngroups;
2232 memcpy(pud->pud_groups, current_cred()->group_info->gid,
2233 pud->pud_ngroups * sizeof(__u32));
2234 task_unlock(current);
2238 EXPORT_SYMBOL(sptlrpc_pack_user_desc);
2240 int sptlrpc_unpack_user_desc(struct lustre_msg *msg, int offset, int swabbed)
2242 struct ptlrpc_user_desc *pud;
2245 pud = lustre_msg_buf(msg, offset, sizeof(*pud));
2250 __swab32s(&pud->pud_uid);
2251 __swab32s(&pud->pud_gid);
2252 __swab32s(&pud->pud_fsuid);
2253 __swab32s(&pud->pud_fsgid);
2254 __swab32s(&pud->pud_cap);
2255 __swab32s(&pud->pud_ngroups);
2258 if (pud->pud_ngroups > LUSTRE_MAX_GROUPS) {
2259 CERROR("%u groups is too large\n", pud->pud_ngroups);
2263 if (sizeof(*pud) + pud->pud_ngroups * sizeof(__u32) >
2264 msg->lm_buflens[offset]) {
2265 CERROR("%u groups are claimed but bufsize only %u\n",
2266 pud->pud_ngroups, msg->lm_buflens[offset]);
2271 for (i = 0; i < pud->pud_ngroups; i++)
2272 __swab32s(&pud->pud_groups[i]);
2277 EXPORT_SYMBOL(sptlrpc_unpack_user_desc);
2279 /****************************************
2281 ****************************************/
2283 const char *sec2target_str(struct ptlrpc_sec *sec)
2285 if (!sec || !sec->ps_import || !sec->ps_import->imp_obd)
2287 if (sec_is_reverse(sec))
2289 return obd_uuid2str(&sec->ps_import->imp_obd->u.cli.cl_target_uuid);
2291 EXPORT_SYMBOL(sec2target_str);
2294 * return true if the bulk data is protected
2296 bool sptlrpc_flavor_has_bulk(struct sptlrpc_flavor *flvr)
2298 switch (SPTLRPC_FLVR_BULK_SVC(flvr->sf_rpc)) {
2299 case SPTLRPC_BULK_SVC_INTG:
2300 case SPTLRPC_BULK_SVC_PRIV:
2306 EXPORT_SYMBOL(sptlrpc_flavor_has_bulk);
2308 /****************************************
2309 * crypto API helper/alloc blkciper *
2310 ****************************************/
2312 /****************************************
2313 * initialize/finalize *
2314 ****************************************/
2316 int sptlrpc_init(void)
2320 rwlock_init(&policy_lock);
2322 rc = sptlrpc_gc_init();
2326 rc = sptlrpc_conf_init();
2330 rc = sptlrpc_enc_pool_init();
2334 rc = sptlrpc_null_init();
2338 rc = sptlrpc_plain_init();
2342 rc = sptlrpc_lproc_init();
2349 sptlrpc_plain_fini();
2351 sptlrpc_null_fini();
2353 sptlrpc_enc_pool_fini();
2355 sptlrpc_conf_fini();
2362 void sptlrpc_fini(void)
2364 sptlrpc_lproc_fini();
2365 sptlrpc_plain_fini();
2366 sptlrpc_null_fini();
2367 sptlrpc_enc_pool_fini();
2368 sptlrpc_conf_fini();