4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
20 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
21 * CA 95054 USA or visit www.sun.com if you need additional information or
27 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
28 * Use is subject to license terms.
30 * Copyright (c) 2012, Intel Corporation.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
36 * lustre/obdclass/capa.c
38 * Lustre Capability Hash Management
40 * Author: Lai Siyao<lsy@clusterfs.com>
43 #define DEBUG_SUBSYSTEM S_SEC
45 #include <linux/version.h>
47 #include <asm/unistd.h>
48 #include <linux/slab.h>
49 #include <linux/module.h>
50 #include <linux/init.h>
52 #include <obd_class.h>
53 #include <lustre_debug.h>
54 #include <lustre/lustre_idl.h>
56 #include <linux/list.h>
57 #include <lustre_capa.h>
59 #define NR_CAPAHASH 32
60 #define CAPA_HASH_SIZE 3000 /* for MDS & OSS */
62 struct kmem_cache
*capa_cachep
= NULL
;
64 /* lock for capa hash/capa_list/fo_capa_keys */
65 DEFINE_SPINLOCK(capa_lock
);
67 struct list_head capa_list
[CAPA_SITE_MAX
];
69 static struct capa_hmac_alg capa_hmac_algs
[] = {
70 DEF_CAPA_HMAC_ALG("sha1", SHA1
, 20, 20),
73 int capa_count
[CAPA_SITE_MAX
] = { 0, };
75 EXPORT_SYMBOL(capa_cachep
);
76 EXPORT_SYMBOL(capa_list
);
77 EXPORT_SYMBOL(capa_lock
);
78 EXPORT_SYMBOL(capa_count
);
80 struct hlist_head
*init_capa_hash(void)
82 struct hlist_head
*hash
;
85 OBD_ALLOC(hash
, PAGE_CACHE_SIZE
);
89 nr_hash
= PAGE_CACHE_SIZE
/ sizeof(struct hlist_head
);
90 LASSERT(nr_hash
> NR_CAPAHASH
);
92 for (i
= 0; i
< NR_CAPAHASH
; i
++)
93 INIT_HLIST_HEAD(hash
+ i
);
96 EXPORT_SYMBOL(init_capa_hash
);
98 static inline int capa_on_server(struct obd_capa
*ocapa
)
100 return ocapa
->c_site
== CAPA_SITE_SERVER
;
103 static inline void capa_delete(struct obd_capa
*ocapa
)
105 LASSERT(capa_on_server(ocapa
));
106 hlist_del_init(&ocapa
->u
.tgt
.c_hash
);
107 list_del_init(&ocapa
->c_list
);
108 capa_count
[ocapa
->c_site
]--;
109 /* release the ref when alloc */
113 void cleanup_capa_hash(struct hlist_head
*hash
)
116 struct hlist_node
*next
;
119 spin_lock(&capa_lock
);
120 for (i
= 0; i
< NR_CAPAHASH
; i
++) {
121 hlist_for_each_entry_safe(oc
, next
, hash
+ i
,
125 spin_unlock(&capa_lock
);
127 OBD_FREE(hash
, PAGE_CACHE_SIZE
);
129 EXPORT_SYMBOL(cleanup_capa_hash
);
131 static inline int capa_hashfn(struct lu_fid
*fid
)
133 return (fid_oid(fid
) ^ fid_ver(fid
)) *
134 (unsigned long)(fid_seq(fid
) + 1) % NR_CAPAHASH
;
137 /* capa renewal time check is earlier than that on client, which is to prevent
138 * client renew right after obtaining it. */
139 static inline int capa_is_to_expire(struct obd_capa
*oc
)
141 return cfs_time_before(cfs_time_sub(oc
->c_expiry
,
142 cfs_time_seconds(oc
->c_capa
.lc_timeout
)*2/3),
146 static struct obd_capa
*find_capa(struct lustre_capa
*capa
,
147 struct hlist_head
*head
, int alive
)
149 struct obd_capa
*ocapa
;
150 int len
= alive
? offsetof(struct lustre_capa
, lc_keyid
):sizeof(*capa
);
152 hlist_for_each_entry(ocapa
, head
, u
.tgt
.c_hash
) {
153 if (memcmp(&ocapa
->c_capa
, capa
, len
))
155 /* don't return one that will expire soon in this case */
156 if (alive
&& capa_is_to_expire(ocapa
))
159 LASSERT(capa_on_server(ocapa
));
161 DEBUG_CAPA(D_SEC
, &ocapa
->c_capa
, "found");
168 #define LRU_CAPA_DELETE_COUNT 12
169 static inline void capa_delete_lru(struct list_head
*head
)
171 struct obd_capa
*ocapa
;
172 struct list_head
*node
= head
->next
;
175 /* free LRU_CAPA_DELETE_COUNT unused capa from head */
176 while (count
++ < LRU_CAPA_DELETE_COUNT
) {
177 ocapa
= list_entry(node
, struct obd_capa
, c_list
);
179 if (atomic_read(&ocapa
->c_refc
))
182 DEBUG_CAPA(D_SEC
, &ocapa
->c_capa
, "free lru");
188 struct obd_capa
*capa_add(struct hlist_head
*hash
, struct lustre_capa
*capa
)
190 struct hlist_head
*head
= hash
+ capa_hashfn(&capa
->lc_fid
);
191 struct obd_capa
*ocapa
, *old
= NULL
;
192 struct list_head
*list
= &capa_list
[CAPA_SITE_SERVER
];
194 ocapa
= alloc_capa(CAPA_SITE_SERVER
);
198 spin_lock(&capa_lock
);
199 old
= find_capa(capa
, head
, 0);
201 ocapa
->c_capa
= *capa
;
202 set_capa_expiry(ocapa
);
203 hlist_add_head(&ocapa
->u
.tgt
.c_hash
, head
);
204 list_add_tail(&ocapa
->c_list
, list
);
206 capa_count
[CAPA_SITE_SERVER
]++;
207 if (capa_count
[CAPA_SITE_SERVER
] > CAPA_HASH_SIZE
)
208 capa_delete_lru(list
);
209 spin_unlock(&capa_lock
);
213 spin_unlock(&capa_lock
);
218 EXPORT_SYMBOL(capa_add
);
220 struct obd_capa
*capa_lookup(struct hlist_head
*hash
, struct lustre_capa
*capa
,
223 struct obd_capa
*ocapa
;
225 spin_lock(&capa_lock
);
226 ocapa
= find_capa(capa
, hash
+ capa_hashfn(&capa
->lc_fid
), alive
);
228 list_move_tail(&ocapa
->c_list
,
229 &capa_list
[CAPA_SITE_SERVER
]);
232 spin_unlock(&capa_lock
);
236 EXPORT_SYMBOL(capa_lookup
);
238 int capa_hmac(__u8
*hmac
, struct lustre_capa
*capa
, __u8
*key
)
240 struct ll_crypto_hash
*tfm
;
241 struct capa_hmac_alg
*alg
;
243 struct scatterlist sl
;
245 if (capa_alg(capa
) != CAPA_HMAC_ALG_SHA1
) {
246 CERROR("unknown capability hmac algorithm!\n");
250 alg
= &capa_hmac_algs
[capa_alg(capa
)];
252 tfm
= ll_crypto_alloc_hash(alg
->ha_name
, 0, 0);
254 CERROR("crypto_alloc_tfm failed, check whether your kernel"
255 "has crypto support!\n");
258 keylen
= alg
->ha_keylen
;
260 sg_set_page(&sl
, virt_to_page(capa
),
261 offsetof(struct lustre_capa
, lc_hmac
),
262 (unsigned long)(capa
) % PAGE_CACHE_SIZE
);
264 ll_crypto_hmac(tfm
, key
, &keylen
, &sl
, sl
.length
, hmac
);
265 ll_crypto_free_hash(tfm
);
269 EXPORT_SYMBOL(capa_hmac
);
271 int capa_encrypt_id(__u32
*d
, __u32
*s
, __u8
*key
, int keylen
)
273 struct ll_crypto_cipher
*tfm
;
274 struct scatterlist sd
;
275 struct scatterlist ss
;
276 struct blkcipher_desc desc
;
279 char alg
[CRYPTO_MAX_ALG_NAME
+1] = "aes";
282 /* passing "aes" in a variable instead of a constant string keeps gcc
284 tfm
= ll_crypto_alloc_blkcipher(alg
, 0, 0 );
286 CERROR("failed to load transform for aes\n");
287 RETURN(PTR_ERR(tfm
));
290 min
= ll_crypto_tfm_alg_min_keysize(tfm
);
292 CERROR("keylen at least %d bits for aes\n", min
* 8);
293 GOTO(out
, rc
= -EINVAL
);
296 rc
= ll_crypto_blkcipher_setkey(tfm
, key
, min
);
298 CERROR("failed to setting key for aes\n");
302 sg_set_page(&sd
, virt_to_page(d
), 16,
303 (unsigned long)(d
) % PAGE_CACHE_SIZE
);
305 sg_set_page(&ss
, virt_to_page(s
), 16,
306 (unsigned long)(s
) % PAGE_CACHE_SIZE
);
310 rc
= ll_crypto_blkcipher_encrypt(&desc
, &sd
, &ss
, 16);
312 CERROR("failed to encrypt for aes\n");
319 ll_crypto_free_blkcipher(tfm
);
322 EXPORT_SYMBOL(capa_encrypt_id
);
324 int capa_decrypt_id(__u32
*d
, __u32
*s
, __u8
*key
, int keylen
)
326 struct ll_crypto_cipher
*tfm
;
327 struct scatterlist sd
;
328 struct scatterlist ss
;
329 struct blkcipher_desc desc
;
332 char alg
[CRYPTO_MAX_ALG_NAME
+1] = "aes";
335 /* passing "aes" in a variable instead of a constant string keeps gcc
337 tfm
= ll_crypto_alloc_blkcipher(alg
, 0, 0 );
339 CERROR("failed to load transform for aes\n");
340 RETURN(PTR_ERR(tfm
));
343 min
= ll_crypto_tfm_alg_min_keysize(tfm
);
345 CERROR("keylen at least %d bits for aes\n", min
* 8);
346 GOTO(out
, rc
= -EINVAL
);
349 rc
= ll_crypto_blkcipher_setkey(tfm
, key
, min
);
351 CERROR("failed to setting key for aes\n");
355 sg_set_page(&sd
, virt_to_page(d
), 16,
356 (unsigned long)(d
) % PAGE_CACHE_SIZE
);
358 sg_set_page(&ss
, virt_to_page(s
), 16,
359 (unsigned long)(s
) % PAGE_CACHE_SIZE
);
364 rc
= ll_crypto_blkcipher_decrypt(&desc
, &sd
, &ss
, 16);
366 CERROR("failed to decrypt for aes\n");
373 ll_crypto_free_blkcipher(tfm
);
376 EXPORT_SYMBOL(capa_decrypt_id
);
378 void capa_cpy(void *capa
, struct obd_capa
*ocapa
)
380 spin_lock(&ocapa
->c_lock
);
381 *(struct lustre_capa
*)capa
= ocapa
->c_capa
;
382 spin_unlock(&ocapa
->c_lock
);
384 EXPORT_SYMBOL(capa_cpy
);
386 void _debug_capa(struct lustre_capa
*c
,
387 struct libcfs_debug_msg_data
*msgdata
,
388 const char *fmt
, ... )
392 libcfs_debug_vmsg2(msgdata
, fmt
, args
,
393 " capability@%p fid "DFID
" opc "LPX64
" uid "LPU64
394 " gid "LPU64
" flags %u alg %d keyid %u timeout %u "
395 "expiry %u\n", c
, PFID(capa_fid(c
)), capa_opc(c
),
396 capa_uid(c
), capa_gid(c
), capa_flags(c
),
397 capa_alg(c
), capa_keyid(c
), capa_timeout(c
),
401 EXPORT_SYMBOL(_debug_capa
);