4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
20 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
21 * CA 95054 USA or visit www.sun.com if you need additional information or
27 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
28 * Use is subject to license terms.
30 * Copyright (c) 2012, Intel Corporation.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
36 * lustre/obdclass/capa.c
38 * Lustre Capability Hash Management
40 * Author: Lai Siyao<lsy@clusterfs.com>
43 #define DEBUG_SUBSYSTEM S_SEC
46 #include <asm/unistd.h>
47 #include <linux/slab.h>
48 #include <linux/module.h>
49 #include <linux/crypto.h>
51 #include <obd_class.h>
52 #include <lustre_debug.h>
53 #include <lustre/lustre_idl.h>
55 #include <linux/list.h>
56 #include <lustre_capa.h>
58 #define NR_CAPAHASH 32
59 #define CAPA_HASH_SIZE 3000 /* for MDS & OSS */
61 struct kmem_cache
*capa_cachep
= NULL
;
63 /* lock for capa hash/capa_list/fo_capa_keys */
64 DEFINE_SPINLOCK(capa_lock
);
66 struct list_head capa_list
[CAPA_SITE_MAX
];
68 static struct capa_hmac_alg capa_hmac_algs
[] = {
69 DEF_CAPA_HMAC_ALG("sha1", SHA1
, 20, 20),
72 int capa_count
[CAPA_SITE_MAX
] = { 0, };
74 EXPORT_SYMBOL(capa_cachep
);
75 EXPORT_SYMBOL(capa_list
);
76 EXPORT_SYMBOL(capa_lock
);
77 EXPORT_SYMBOL(capa_count
);
80 unsigned int ll_crypto_tfm_alg_min_keysize(struct crypto_blkcipher
*tfm
)
82 return crypto_blkcipher_tfm(tfm
)->__crt_alg
->cra_blkcipher
.min_keysize
;
85 struct hlist_head
*init_capa_hash(void)
87 struct hlist_head
*hash
;
90 OBD_ALLOC(hash
, PAGE_CACHE_SIZE
);
94 nr_hash
= PAGE_CACHE_SIZE
/ sizeof(struct hlist_head
);
95 LASSERT(nr_hash
> NR_CAPAHASH
);
97 for (i
= 0; i
< NR_CAPAHASH
; i
++)
98 INIT_HLIST_HEAD(hash
+ i
);
101 EXPORT_SYMBOL(init_capa_hash
);
103 static inline int capa_on_server(struct obd_capa
*ocapa
)
105 return ocapa
->c_site
== CAPA_SITE_SERVER
;
108 static inline void capa_delete(struct obd_capa
*ocapa
)
110 LASSERT(capa_on_server(ocapa
));
111 hlist_del_init(&ocapa
->u
.tgt
.c_hash
);
112 list_del_init(&ocapa
->c_list
);
113 capa_count
[ocapa
->c_site
]--;
114 /* release the ref when alloc */
118 void cleanup_capa_hash(struct hlist_head
*hash
)
121 struct hlist_node
*next
;
124 spin_lock(&capa_lock
);
125 for (i
= 0; i
< NR_CAPAHASH
; i
++) {
126 hlist_for_each_entry_safe(oc
, next
, hash
+ i
,
130 spin_unlock(&capa_lock
);
132 OBD_FREE(hash
, PAGE_CACHE_SIZE
);
134 EXPORT_SYMBOL(cleanup_capa_hash
);
136 static inline int capa_hashfn(struct lu_fid
*fid
)
138 return (fid_oid(fid
) ^ fid_ver(fid
)) *
139 (unsigned long)(fid_seq(fid
) + 1) % NR_CAPAHASH
;
142 /* capa renewal time check is earlier than that on client, which is to prevent
143 * client renew right after obtaining it. */
144 static inline int capa_is_to_expire(struct obd_capa
*oc
)
146 return cfs_time_before(cfs_time_sub(oc
->c_expiry
,
147 cfs_time_seconds(oc
->c_capa
.lc_timeout
)*2/3),
151 static struct obd_capa
*find_capa(struct lustre_capa
*capa
,
152 struct hlist_head
*head
, int alive
)
154 struct obd_capa
*ocapa
;
155 int len
= alive
? offsetof(struct lustre_capa
, lc_keyid
):sizeof(*capa
);
157 hlist_for_each_entry(ocapa
, head
, u
.tgt
.c_hash
) {
158 if (memcmp(&ocapa
->c_capa
, capa
, len
))
160 /* don't return one that will expire soon in this case */
161 if (alive
&& capa_is_to_expire(ocapa
))
164 LASSERT(capa_on_server(ocapa
));
166 DEBUG_CAPA(D_SEC
, &ocapa
->c_capa
, "found");
173 #define LRU_CAPA_DELETE_COUNT 12
174 static inline void capa_delete_lru(struct list_head
*head
)
176 struct obd_capa
*ocapa
;
177 struct list_head
*node
= head
->next
;
180 /* free LRU_CAPA_DELETE_COUNT unused capa from head */
181 while (count
++ < LRU_CAPA_DELETE_COUNT
) {
182 ocapa
= list_entry(node
, struct obd_capa
, c_list
);
184 if (atomic_read(&ocapa
->c_refc
))
187 DEBUG_CAPA(D_SEC
, &ocapa
->c_capa
, "free lru");
193 struct obd_capa
*capa_add(struct hlist_head
*hash
, struct lustre_capa
*capa
)
195 struct hlist_head
*head
= hash
+ capa_hashfn(&capa
->lc_fid
);
196 struct obd_capa
*ocapa
, *old
= NULL
;
197 struct list_head
*list
= &capa_list
[CAPA_SITE_SERVER
];
199 ocapa
= alloc_capa(CAPA_SITE_SERVER
);
203 spin_lock(&capa_lock
);
204 old
= find_capa(capa
, head
, 0);
206 ocapa
->c_capa
= *capa
;
207 set_capa_expiry(ocapa
);
208 hlist_add_head(&ocapa
->u
.tgt
.c_hash
, head
);
209 list_add_tail(&ocapa
->c_list
, list
);
211 capa_count
[CAPA_SITE_SERVER
]++;
212 if (capa_count
[CAPA_SITE_SERVER
] > CAPA_HASH_SIZE
)
213 capa_delete_lru(list
);
214 spin_unlock(&capa_lock
);
218 spin_unlock(&capa_lock
);
223 EXPORT_SYMBOL(capa_add
);
225 struct obd_capa
*capa_lookup(struct hlist_head
*hash
, struct lustre_capa
*capa
,
228 struct obd_capa
*ocapa
;
230 spin_lock(&capa_lock
);
231 ocapa
= find_capa(capa
, hash
+ capa_hashfn(&capa
->lc_fid
), alive
);
233 list_move_tail(&ocapa
->c_list
,
234 &capa_list
[CAPA_SITE_SERVER
]);
237 spin_unlock(&capa_lock
);
241 EXPORT_SYMBOL(capa_lookup
);
243 static inline int ll_crypto_hmac(struct crypto_hash
*tfm
,
244 u8
*key
, unsigned int *keylen
,
245 struct scatterlist
*sg
,
246 unsigned int size
, u8
*result
)
248 struct hash_desc desc
;
252 rv
= crypto_hash_setkey(desc
.tfm
, key
, *keylen
);
254 CERROR("failed to hash setkey: %d\n", rv
);
257 return crypto_hash_digest(&desc
, sg
, size
, result
);
260 int capa_hmac(__u8
*hmac
, struct lustre_capa
*capa
, __u8
*key
)
262 struct crypto_hash
*tfm
;
263 struct capa_hmac_alg
*alg
;
265 struct scatterlist sl
;
267 if (capa_alg(capa
) != CAPA_HMAC_ALG_SHA1
) {
268 CERROR("unknown capability hmac algorithm!\n");
272 alg
= &capa_hmac_algs
[capa_alg(capa
)];
274 tfm
= crypto_alloc_hash(alg
->ha_name
, 0, 0);
276 CERROR("crypto_alloc_tfm failed, check whether your kernel"
277 "has crypto support!\n");
280 keylen
= alg
->ha_keylen
;
282 sg_set_page(&sl
, virt_to_page(capa
),
283 offsetof(struct lustre_capa
, lc_hmac
),
284 (unsigned long)(capa
) % PAGE_CACHE_SIZE
);
286 ll_crypto_hmac(tfm
, key
, &keylen
, &sl
, sl
.length
, hmac
);
287 crypto_free_hash(tfm
);
291 EXPORT_SYMBOL(capa_hmac
);
293 int capa_encrypt_id(__u32
*d
, __u32
*s
, __u8
*key
, int keylen
)
295 struct crypto_blkcipher
*tfm
;
296 struct scatterlist sd
;
297 struct scatterlist ss
;
298 struct blkcipher_desc desc
;
301 char alg
[CRYPTO_MAX_ALG_NAME
+1] = "aes";
303 /* passing "aes" in a variable instead of a constant string keeps gcc
305 tfm
= crypto_alloc_blkcipher(alg
, 0, 0 );
307 CERROR("failed to load transform for aes\n");
311 min
= ll_crypto_tfm_alg_min_keysize(tfm
);
313 CERROR("keylen at least %d bits for aes\n", min
* 8);
314 GOTO(out
, rc
= -EINVAL
);
317 rc
= crypto_blkcipher_setkey(tfm
, key
, min
);
319 CERROR("failed to setting key for aes\n");
323 sg_set_page(&sd
, virt_to_page(d
), 16,
324 (unsigned long)(d
) % PAGE_CACHE_SIZE
);
326 sg_set_page(&ss
, virt_to_page(s
), 16,
327 (unsigned long)(s
) % PAGE_CACHE_SIZE
);
331 rc
= crypto_blkcipher_encrypt(&desc
, &sd
, &ss
, 16);
333 CERROR("failed to encrypt for aes\n");
338 crypto_free_blkcipher(tfm
);
341 EXPORT_SYMBOL(capa_encrypt_id
);
343 int capa_decrypt_id(__u32
*d
, __u32
*s
, __u8
*key
, int keylen
)
345 struct crypto_blkcipher
*tfm
;
346 struct scatterlist sd
;
347 struct scatterlist ss
;
348 struct blkcipher_desc desc
;
351 char alg
[CRYPTO_MAX_ALG_NAME
+1] = "aes";
353 /* passing "aes" in a variable instead of a constant string keeps gcc
355 tfm
= crypto_alloc_blkcipher(alg
, 0, 0 );
357 CERROR("failed to load transform for aes\n");
361 min
= ll_crypto_tfm_alg_min_keysize(tfm
);
363 CERROR("keylen at least %d bits for aes\n", min
* 8);
364 GOTO(out
, rc
= -EINVAL
);
367 rc
= crypto_blkcipher_setkey(tfm
, key
, min
);
369 CERROR("failed to setting key for aes\n");
373 sg_set_page(&sd
, virt_to_page(d
), 16,
374 (unsigned long)(d
) % PAGE_CACHE_SIZE
);
376 sg_set_page(&ss
, virt_to_page(s
), 16,
377 (unsigned long)(s
) % PAGE_CACHE_SIZE
);
382 rc
= crypto_blkcipher_decrypt(&desc
, &sd
, &ss
, 16);
384 CERROR("failed to decrypt for aes\n");
389 crypto_free_blkcipher(tfm
);
392 EXPORT_SYMBOL(capa_decrypt_id
);
394 void capa_cpy(void *capa
, struct obd_capa
*ocapa
)
396 spin_lock(&ocapa
->c_lock
);
397 *(struct lustre_capa
*)capa
= ocapa
->c_capa
;
398 spin_unlock(&ocapa
->c_lock
);
400 EXPORT_SYMBOL(capa_cpy
);
402 void _debug_capa(struct lustre_capa
*c
,
403 struct libcfs_debug_msg_data
*msgdata
,
404 const char *fmt
, ... )
408 libcfs_debug_vmsg2(msgdata
, fmt
, args
,
409 " capability@%p fid "DFID
" opc "LPX64
" uid "LPU64
410 " gid "LPU64
" flags %u alg %d keyid %u timeout %u "
411 "expiry %u\n", c
, PFID(capa_fid(c
)), capa_opc(c
),
412 capa_uid(c
), capa_gid(c
), capa_flags(c
),
413 capa_alg(c
), capa_keyid(c
), capa_timeout(c
),
417 EXPORT_SYMBOL(_debug_capa
);