4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Use is subject to license terms.
26 * Copyright (c) 2011, 2015, Intel Corporation.
29 * This file is part of Lustre, http://www.lustre.org/
30 * Lustre is a trademark of Sun Microsystems, Inc.
33 #define DEBUG_SUBSYSTEM S_SEC
35 #include "../../include/linux/libcfs/libcfs.h"
36 #include <linux/crypto.h>
37 #include <linux/key.h>
39 #include "../include/obd.h"
40 #include "../include/obd_support.h"
41 #include "../include/lustre_import.h"
42 #include "../include/lustre_param.h"
43 #include "../include/lustre_sec.h"
45 #include "ptlrpc_internal.h"
47 enum lustre_sec_part sptlrpc_target_sec_part(struct obd_device *obd)
49 const char *type = obd->obd_type->typ_name;
51 if (!strcmp(type, LUSTRE_MDT_NAME))
53 if (!strcmp(type, LUSTRE_OST_NAME))
55 if (!strcmp(type, LUSTRE_MGS_NAME))
58 CERROR("unknown target %p(%s)\n", obd, type);
62 /****************************************
63 * user supplied flavor string parsing *
64 ****************************************/
67 * format: <base_flavor>[-<bulk_type:alg_spec>]
69 int sptlrpc_parse_flavor(const char *str, struct sptlrpc_flavor *flvr)
74 memset(flvr, 0, sizeof(*flvr));
76 if (!str || str[0] == '\0') {
77 flvr->sf_rpc = SPTLRPC_FLVR_INVALID;
81 strlcpy(buf, str, sizeof(buf));
83 bulk = strchr(buf, '-');
87 flvr->sf_rpc = sptlrpc_name2flavor_base(buf);
88 if (flvr->sf_rpc == SPTLRPC_FLVR_INVALID)
92 * currently only base flavor "plain" can have bulk specification.
94 if (flvr->sf_rpc == SPTLRPC_FLVR_PLAIN) {
95 flvr->u_bulk.hash.hash_alg = BULK_HASH_ALG_ADLER32;
98 * format: plain-hash:<hash_alg>
100 alg = strchr(bulk, ':');
105 if (strcmp(bulk, "hash"))
108 flvr->u_bulk.hash.hash_alg = sptlrpc_get_hash_alg(alg);
109 if (flvr->u_bulk.hash.hash_alg >= BULK_HASH_ALG_MAX)
113 if (flvr->u_bulk.hash.hash_alg == BULK_HASH_ALG_NULL)
114 flvr_set_bulk_svc(&flvr->sf_rpc, SPTLRPC_BULK_SVC_NULL);
116 flvr_set_bulk_svc(&flvr->sf_rpc, SPTLRPC_BULK_SVC_INTG);
126 CERROR("invalid flavor string: %s\n", str);
129 EXPORT_SYMBOL(sptlrpc_parse_flavor);
131 /****************************************
133 ****************************************/
135 static void get_default_flavor(struct sptlrpc_flavor *sf)
137 memset(sf, 0, sizeof(*sf));
139 sf->sf_rpc = SPTLRPC_FLVR_NULL;
143 static void sptlrpc_rule_init(struct sptlrpc_rule *rule)
145 rule->sr_netid = LNET_NIDNET(LNET_NID_ANY);
146 rule->sr_from = LUSTRE_SP_ANY;
147 rule->sr_to = LUSTRE_SP_ANY;
148 rule->sr_padding = 0;
150 get_default_flavor(&rule->sr_flvr);
154 * format: network[.direction]=flavor
156 static int sptlrpc_parse_rule(char *param, struct sptlrpc_rule *rule)
161 sptlrpc_rule_init(rule);
163 flavor = strchr(param, '=');
165 CERROR("invalid param, no '='\n");
170 dir = strchr(param, '.');
175 if (strcmp(param, "default")) {
176 rule->sr_netid = libcfs_str2net(param);
177 if (rule->sr_netid == LNET_NIDNET(LNET_NID_ANY)) {
178 CERROR("invalid network name: %s\n", param);
185 if (!strcmp(dir, "mdt2ost")) {
186 rule->sr_from = LUSTRE_SP_MDT;
187 rule->sr_to = LUSTRE_SP_OST;
188 } else if (!strcmp(dir, "mdt2mdt")) {
189 rule->sr_from = LUSTRE_SP_MDT;
190 rule->sr_to = LUSTRE_SP_MDT;
191 } else if (!strcmp(dir, "cli2ost")) {
192 rule->sr_from = LUSTRE_SP_CLI;
193 rule->sr_to = LUSTRE_SP_OST;
194 } else if (!strcmp(dir, "cli2mdt")) {
195 rule->sr_from = LUSTRE_SP_CLI;
196 rule->sr_to = LUSTRE_SP_MDT;
198 CERROR("invalid rule dir segment: %s\n", dir);
204 rc = sptlrpc_parse_flavor(flavor, &rule->sr_flvr);
211 static void sptlrpc_rule_set_free(struct sptlrpc_rule_set *rset)
213 LASSERT(rset->srs_nslot ||
214 (rset->srs_nrule == 0 && !rset->srs_rules));
216 if (rset->srs_nslot) {
217 kfree(rset->srs_rules);
218 sptlrpc_rule_set_init(rset);
223 * return 0 if the rule set could accommodate one more rule.
225 static int sptlrpc_rule_set_expand(struct sptlrpc_rule_set *rset)
227 struct sptlrpc_rule *rules;
232 if (rset->srs_nrule < rset->srs_nslot)
235 nslot = rset->srs_nslot + 8;
237 /* better use realloc() if available */
238 rules = kcalloc(nslot, sizeof(*rset->srs_rules), GFP_NOFS);
242 if (rset->srs_nrule) {
243 LASSERT(rset->srs_nslot && rset->srs_rules);
244 memcpy(rules, rset->srs_rules,
245 rset->srs_nrule * sizeof(*rset->srs_rules));
247 kfree(rset->srs_rules);
250 rset->srs_rules = rules;
251 rset->srs_nslot = nslot;
255 static inline int rule_spec_dir(struct sptlrpc_rule *rule)
257 return (rule->sr_from != LUSTRE_SP_ANY ||
258 rule->sr_to != LUSTRE_SP_ANY);
261 static inline int rule_spec_net(struct sptlrpc_rule *rule)
263 return (rule->sr_netid != LNET_NIDNET(LNET_NID_ANY));
266 static inline int rule_match_dir(struct sptlrpc_rule *r1,
267 struct sptlrpc_rule *r2)
269 return (r1->sr_from == r2->sr_from && r1->sr_to == r2->sr_to);
272 static inline int rule_match_net(struct sptlrpc_rule *r1,
273 struct sptlrpc_rule *r2)
275 return (r1->sr_netid == r2->sr_netid);
279 * merge @rule into @rset.
280 * the @rset slots might be expanded.
282 static int sptlrpc_rule_set_merge(struct sptlrpc_rule_set *rset,
283 struct sptlrpc_rule *rule)
285 struct sptlrpc_rule *p = rset->srs_rules;
286 int spec_dir, spec_net;
287 int rc, n, match = 0;
291 spec_net = rule_spec_net(rule);
292 spec_dir = rule_spec_dir(rule);
294 for (n = 0; n < rset->srs_nrule; n++) {
295 p = &rset->srs_rules[n];
297 /* test network match, if failed:
298 * - spec rule: skip rules which is also spec rule match, until
299 * we hit a wild rule, which means no more chance
300 * - wild rule: skip until reach the one which is also wild
303 if (!rule_match_net(p, rule)) {
305 if (rule_spec_net(p))
314 /* test dir match, same logic as net matching */
315 if (!rule_match_dir(p, rule)) {
317 if (rule_spec_dir(p))
332 LASSERT(n >= 0 && n < rset->srs_nrule);
334 if (rule->sr_flvr.sf_rpc == SPTLRPC_FLVR_INVALID) {
335 /* remove this rule */
336 if (n < rset->srs_nrule - 1)
337 memmove(&rset->srs_rules[n],
338 &rset->srs_rules[n + 1],
339 (rset->srs_nrule - n - 1) *
343 /* override the rule */
344 memcpy(&rset->srs_rules[n], rule, sizeof(*rule));
347 LASSERT(n >= 0 && n <= rset->srs_nrule);
349 if (rule->sr_flvr.sf_rpc != SPTLRPC_FLVR_INVALID) {
350 rc = sptlrpc_rule_set_expand(rset);
354 if (n < rset->srs_nrule)
355 memmove(&rset->srs_rules[n + 1],
357 (rset->srs_nrule - n) * sizeof(*rule));
358 memcpy(&rset->srs_rules[n], rule, sizeof(*rule));
361 CDEBUG(D_CONFIG, "ignore the unmatched deletion\n");
369 * given from/to/nid, determine a matching flavor in ruleset.
370 * return 1 if a match found, otherwise return 0.
372 static int sptlrpc_rule_set_choose(struct sptlrpc_rule_set *rset,
373 enum lustre_sec_part from,
374 enum lustre_sec_part to,
376 struct sptlrpc_flavor *sf)
378 struct sptlrpc_rule *r;
381 for (n = 0; n < rset->srs_nrule; n++) {
382 r = &rset->srs_rules[n];
384 if (LNET_NIDNET(nid) != LNET_NIDNET(LNET_NID_ANY) &&
385 r->sr_netid != LNET_NIDNET(LNET_NID_ANY) &&
386 LNET_NIDNET(nid) != r->sr_netid)
389 if (from != LUSTRE_SP_ANY && r->sr_from != LUSTRE_SP_ANY &&
393 if (to != LUSTRE_SP_ANY && r->sr_to != LUSTRE_SP_ANY &&
404 /**********************************
405 * sptlrpc configuration support *
406 **********************************/
408 struct sptlrpc_conf_tgt {
409 struct list_head sct_list;
410 char sct_name[MAX_OBD_NAME];
411 struct sptlrpc_rule_set sct_rset;
414 struct sptlrpc_conf {
415 struct list_head sc_list;
416 char sc_fsname[MTI_NAME_MAXLEN];
417 unsigned int sc_modified; /* modified during updating */
418 unsigned int sc_updated:1, /* updated copy from MGS */
419 sc_local:1; /* local copy from target */
420 struct sptlrpc_rule_set sc_rset; /* fs general rules */
421 struct list_head sc_tgts; /* target-specific rules */
424 static struct mutex sptlrpc_conf_lock;
425 static LIST_HEAD(sptlrpc_confs);
427 static inline int is_hex(char c)
429 return ((c >= '0' && c <= '9') ||
430 (c >= 'a' && c <= 'f'));
433 static void target2fsname(const char *tgt, char *fsname, int buflen)
438 ptr = strrchr(tgt, '-');
440 if ((strncmp(ptr, "-MDT", 4) != 0 &&
441 strncmp(ptr, "-OST", 4) != 0) ||
442 !is_hex(ptr[4]) || !is_hex(ptr[5]) ||
443 !is_hex(ptr[6]) || !is_hex(ptr[7]))
447 /* if we didn't find the pattern, treat the whole string as fsname */
453 len = min(len, buflen - 1);
454 memcpy(fsname, tgt, len);
458 static void sptlrpc_conf_free_rsets(struct sptlrpc_conf *conf)
460 struct sptlrpc_conf_tgt *conf_tgt, *conf_tgt_next;
462 sptlrpc_rule_set_free(&conf->sc_rset);
464 list_for_each_entry_safe(conf_tgt, conf_tgt_next,
465 &conf->sc_tgts, sct_list) {
466 sptlrpc_rule_set_free(&conf_tgt->sct_rset);
467 list_del(&conf_tgt->sct_list);
470 LASSERT(list_empty(&conf->sc_tgts));
472 conf->sc_updated = 0;
476 static void sptlrpc_conf_free(struct sptlrpc_conf *conf)
478 CDEBUG(D_SEC, "free sptlrpc conf %s\n", conf->sc_fsname);
480 sptlrpc_conf_free_rsets(conf);
481 list_del(&conf->sc_list);
486 struct sptlrpc_conf_tgt *sptlrpc_conf_get_tgt(struct sptlrpc_conf *conf,
490 struct sptlrpc_conf_tgt *conf_tgt;
492 list_for_each_entry(conf_tgt, &conf->sc_tgts, sct_list) {
493 if (strcmp(conf_tgt->sct_name, name) == 0)
500 conf_tgt = kzalloc(sizeof(*conf_tgt), GFP_NOFS);
502 strlcpy(conf_tgt->sct_name, name, sizeof(conf_tgt->sct_name));
503 sptlrpc_rule_set_init(&conf_tgt->sct_rset);
504 list_add(&conf_tgt->sct_list, &conf->sc_tgts);
511 struct sptlrpc_conf *sptlrpc_conf_get(const char *fsname,
514 struct sptlrpc_conf *conf;
517 list_for_each_entry(conf, &sptlrpc_confs, sc_list) {
518 if (strcmp(conf->sc_fsname, fsname) == 0)
525 conf = kzalloc(sizeof(*conf), GFP_NOFS);
529 len = strlcpy(conf->sc_fsname, fsname, sizeof(conf->sc_fsname));
530 if (len >= sizeof(conf->sc_fsname)) {
534 sptlrpc_rule_set_init(&conf->sc_rset);
535 INIT_LIST_HEAD(&conf->sc_tgts);
536 list_add(&conf->sc_list, &sptlrpc_confs);
538 CDEBUG(D_SEC, "create sptlrpc conf %s\n", conf->sc_fsname);
543 * caller must hold conf_lock already.
545 static int sptlrpc_conf_merge_rule(struct sptlrpc_conf *conf,
547 struct sptlrpc_rule *rule)
549 struct sptlrpc_conf_tgt *conf_tgt;
550 struct sptlrpc_rule_set *rule_set;
552 /* fsname == target means general rules for the whole fs */
553 if (strcmp(conf->sc_fsname, target) == 0) {
554 rule_set = &conf->sc_rset;
556 conf_tgt = sptlrpc_conf_get_tgt(conf, target, 1);
558 rule_set = &conf_tgt->sct_rset;
560 CERROR("out of memory, can't merge rule!\n");
565 return sptlrpc_rule_set_merge(rule_set, rule);
569 * process one LCFG_SPTLRPC_CONF record. if \a conf is NULL, we
570 * find one through the target name in the record inside conf_lock;
571 * otherwise means caller already hold conf_lock.
573 static int __sptlrpc_process_config(struct lustre_cfg *lcfg,
574 struct sptlrpc_conf *conf)
576 char *target, *param;
577 char fsname[MTI_NAME_MAXLEN];
578 struct sptlrpc_rule rule;
581 target = lustre_cfg_string(lcfg, 1);
583 CERROR("missing target name\n");
587 param = lustre_cfg_string(lcfg, 2);
589 CERROR("missing parameter\n");
593 CDEBUG(D_SEC, "processing rule: %s.%s\n", target, param);
595 /* parse rule to make sure the format is correct */
596 if (strncmp(param, PARAM_SRPC_FLVR, sizeof(PARAM_SRPC_FLVR) - 1) != 0) {
597 CERROR("Invalid sptlrpc parameter: %s\n", param);
600 param += sizeof(PARAM_SRPC_FLVR) - 1;
602 rc = sptlrpc_parse_rule(param, &rule);
607 target2fsname(target, fsname, sizeof(fsname));
609 mutex_lock(&sptlrpc_conf_lock);
610 conf = sptlrpc_conf_get(fsname, 0);
612 CERROR("can't find conf\n");
615 rc = sptlrpc_conf_merge_rule(conf, target, &rule);
617 mutex_unlock(&sptlrpc_conf_lock);
619 LASSERT(mutex_is_locked(&sptlrpc_conf_lock));
620 rc = sptlrpc_conf_merge_rule(conf, target, &rule);
629 int sptlrpc_process_config(struct lustre_cfg *lcfg)
631 return __sptlrpc_process_config(lcfg, NULL);
633 EXPORT_SYMBOL(sptlrpc_process_config);
635 static int logname2fsname(const char *logname, char *buf, int buflen)
640 ptr = strrchr(logname, '-');
641 if (!ptr || strcmp(ptr, "-sptlrpc")) {
642 CERROR("%s is not a sptlrpc config log\n", logname);
646 len = min((int)(ptr - logname), buflen - 1);
648 memcpy(buf, logname, len);
653 void sptlrpc_conf_log_update_begin(const char *logname)
655 struct sptlrpc_conf *conf;
658 if (logname2fsname(logname, fsname, sizeof(fsname)))
661 mutex_lock(&sptlrpc_conf_lock);
663 conf = sptlrpc_conf_get(fsname, 0);
665 if (conf->sc_local) {
666 LASSERT(conf->sc_updated == 0);
667 sptlrpc_conf_free_rsets(conf);
669 conf->sc_modified = 0;
672 mutex_unlock(&sptlrpc_conf_lock);
674 EXPORT_SYMBOL(sptlrpc_conf_log_update_begin);
677 * mark a config log has been updated
679 void sptlrpc_conf_log_update_end(const char *logname)
681 struct sptlrpc_conf *conf;
684 if (logname2fsname(logname, fsname, sizeof(fsname)))
687 mutex_lock(&sptlrpc_conf_lock);
689 conf = sptlrpc_conf_get(fsname, 0);
692 * if original state is not updated, make sure the
693 * modified counter > 0 to enforce updating local copy.
695 if (conf->sc_updated == 0)
698 conf->sc_updated = 1;
701 mutex_unlock(&sptlrpc_conf_lock);
703 EXPORT_SYMBOL(sptlrpc_conf_log_update_end);
705 void sptlrpc_conf_log_start(const char *logname)
709 if (logname2fsname(logname, fsname, sizeof(fsname)))
712 mutex_lock(&sptlrpc_conf_lock);
713 sptlrpc_conf_get(fsname, 1);
714 mutex_unlock(&sptlrpc_conf_lock);
716 EXPORT_SYMBOL(sptlrpc_conf_log_start);
718 void sptlrpc_conf_log_stop(const char *logname)
720 struct sptlrpc_conf *conf;
723 if (logname2fsname(logname, fsname, sizeof(fsname)))
726 mutex_lock(&sptlrpc_conf_lock);
727 conf = sptlrpc_conf_get(fsname, 0);
729 sptlrpc_conf_free(conf);
730 mutex_unlock(&sptlrpc_conf_lock);
732 EXPORT_SYMBOL(sptlrpc_conf_log_stop);
734 static inline void flavor_set_flags(struct sptlrpc_flavor *sf,
735 enum lustre_sec_part from,
736 enum lustre_sec_part to,
737 unsigned int fl_udesc)
740 * null flavor doesn't need to set any flavor, and in fact
741 * we'd better not do that because everybody share a single sec.
743 if (sf->sf_rpc == SPTLRPC_FLVR_NULL)
746 if (from == LUSTRE_SP_MDT) {
747 /* MDT->MDT; MDT->OST */
748 sf->sf_flags |= PTLRPC_SEC_FL_ROOTONLY;
749 } else if (from == LUSTRE_SP_CLI && to == LUSTRE_SP_OST) {
751 sf->sf_flags |= PTLRPC_SEC_FL_ROOTONLY | PTLRPC_SEC_FL_BULK;
752 } else if (from == LUSTRE_SP_CLI && to == LUSTRE_SP_MDT) {
754 if (fl_udesc && sf->sf_rpc != SPTLRPC_FLVR_NULL)
755 sf->sf_flags |= PTLRPC_SEC_FL_UDESC;
759 void sptlrpc_conf_choose_flavor(enum lustre_sec_part from,
760 enum lustre_sec_part to,
761 struct obd_uuid *target,
763 struct sptlrpc_flavor *sf)
765 struct sptlrpc_conf *conf;
766 struct sptlrpc_conf_tgt *conf_tgt;
767 char name[MTI_NAME_MAXLEN];
770 target2fsname(target->uuid, name, sizeof(name));
772 mutex_lock(&sptlrpc_conf_lock);
774 conf = sptlrpc_conf_get(name, 0);
778 /* convert uuid name (supposed end with _UUID) to target name */
779 len = strlen(target->uuid);
781 memcpy(name, target->uuid, len - 5);
782 name[len - 5] = '\0';
784 conf_tgt = sptlrpc_conf_get_tgt(conf, name, 0);
786 rc = sptlrpc_rule_set_choose(&conf_tgt->sct_rset,
792 rc = sptlrpc_rule_set_choose(&conf->sc_rset, from, to, nid, sf);
794 mutex_unlock(&sptlrpc_conf_lock);
797 get_default_flavor(sf);
799 flavor_set_flags(sf, from, to, 1);
802 #define SEC_ADAPT_DELAY (10)
805 * called by client devices, notify the sptlrpc config has changed and
806 * do import_sec_adapt later.
808 void sptlrpc_conf_client_adapt(struct obd_device *obd)
810 struct obd_import *imp;
812 LASSERT(strcmp(obd->obd_type->typ_name, LUSTRE_MDC_NAME) == 0 ||
813 strcmp(obd->obd_type->typ_name, LUSTRE_OSC_NAME) == 0);
814 CDEBUG(D_SEC, "obd %s\n", obd->u.cli.cl_target_uuid.uuid);
816 /* serialize with connect/disconnect import */
817 down_read_nested(&obd->u.cli.cl_sem, OBD_CLI_SEM_MDCOSC);
819 imp = obd->u.cli.cl_import;
821 spin_lock(&imp->imp_lock);
823 imp->imp_sec_expire = ktime_get_real_seconds() +
825 spin_unlock(&imp->imp_lock);
828 up_read(&obd->u.cli.cl_sem);
830 EXPORT_SYMBOL(sptlrpc_conf_client_adapt);
832 int sptlrpc_conf_init(void)
834 mutex_init(&sptlrpc_conf_lock);
838 void sptlrpc_conf_fini(void)
840 struct sptlrpc_conf *conf, *conf_next;
842 mutex_lock(&sptlrpc_conf_lock);
843 list_for_each_entry_safe(conf, conf_next, &sptlrpc_confs, sc_list) {
844 sptlrpc_conf_free(conf);
846 LASSERT(list_empty(&sptlrpc_confs));
847 mutex_unlock(&sptlrpc_conf_lock);
projects / releases.git / blob