LXR linux/drivers/staging/lustre/lustre/obdclass/capa.c

   1/*
   2 * GPL HEADER START
   3 *
   4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5 *
   6 * This program is free software; you can redistribute it and/or modify
   7 * it under the terms of the GNU General Public License version 2 only,
   8 * as published by the Free Software Foundation.
   9 *
  10 * This program is distributed in the hope that it will be useful, but
  11 * WITHOUT ANY WARRANTY; without even the implied warranty of
  12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13 * General Public License version 2 for more details (a copy is included
  14 * in the LICENSE file that accompanied this code).
  15 *
  16 * You should have received a copy of the GNU General Public License
  17 * version 2 along with this program; If not, see
  18 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
  19 *
  20 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
  21 * CA 95054 USA or visit www.sun.com if you need additional information or
  22 * have any questions.
  23 *
  24 * GPL HEADER END
  25 */
  26/*
  27 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
  28 * Use is subject to license terms.
  29 *
  30 * Copyright (c) 2012, Intel Corporation.
  31 */
  32/*
  33 * This file is part of Lustre, http://www.lustre.org/
  34 * Lustre is a trademark of Sun Microsystems, Inc.
  35 *
  36 * lustre/obdclass/capa.c
  37 *
  38 * Lustre Capability Hash Management
  39 *
  40 * Author: Lai Siyao<lsy@clusterfs.com>
  41 */
  42
  43#define DEBUG_SUBSYSTEM S_SEC
  44
  45#include <linux/fs.h>
  46#include <asm/unistd.h>
  47#include <linux/slab.h>
  48#include <linux/module.h>
  49#include <linux/crypto.h>
  50
  51#include <obd_class.h>
  52#include <lustre_debug.h>
  53#include <lustre/lustre_idl.h>
  54
  55#include <linux/list.h>
  56#include <lustre_capa.h>
  57
  58#define NR_CAPAHASH 32
  59#define CAPA_HASH_SIZE 3000           /* for MDS & OSS */
  60
  61struct kmem_cache *capa_cachep = NULL;
  62
  63/* lock for capa hash/capa_list/fo_capa_keys */
  64DEFINE_SPINLOCK(capa_lock);
  65
  66struct list_head capa_list[CAPA_SITE_MAX];
  67
  68static struct capa_hmac_alg capa_hmac_algs[] = {
  69        DEF_CAPA_HMAC_ALG("sha1", SHA1, 20, 20),
  70};
  71/* capa count */
  72int capa_count[CAPA_SITE_MAX] = { 0, };
  73
  74EXPORT_SYMBOL(capa_cachep);
  75EXPORT_SYMBOL(capa_list);
  76EXPORT_SYMBOL(capa_lock);
  77EXPORT_SYMBOL(capa_count);
  78
  79static inline
  80unsigned int ll_crypto_tfm_alg_min_keysize(struct crypto_blkcipher *tfm)
  81{
  82        return crypto_blkcipher_tfm(tfm)->__crt_alg->cra_blkcipher.min_keysize;
  83}
  84
  85struct hlist_head *init_capa_hash(void)
  86{
  87        struct hlist_head *hash;
  88        int nr_hash, i;
  89
  90        OBD_ALLOC(hash, PAGE_CACHE_SIZE);
  91        if (!hash)
  92                return NULL;
  93
  94        nr_hash = PAGE_CACHE_SIZE / sizeof(struct hlist_head);
  95        LASSERT(nr_hash > NR_CAPAHASH);
  96
  97        for (i = 0; i < NR_CAPAHASH; i++)
  98                INIT_HLIST_HEAD(hash + i);
  99        return hash;
 100}
 101EXPORT_SYMBOL(init_capa_hash);
 102
 103static inline int capa_on_server(struct obd_capa *ocapa)
 104{
 105        return ocapa->c_site == CAPA_SITE_SERVER;
 106}
 107
 108static inline void capa_delete(struct obd_capa *ocapa)
 109{
 110        LASSERT(capa_on_server(ocapa));
 111        hlist_del_init(&ocapa->u.tgt.c_hash);
 112        list_del_init(&ocapa->c_list);
 113        capa_count[ocapa->c_site]--;
 114        /* release the ref when alloc */
 115        capa_put(ocapa);
 116}
 117
 118void cleanup_capa_hash(struct hlist_head *hash)
 119{
 120        int i;
 121        struct hlist_node *next;
 122        struct obd_capa *oc;
 123
 124        spin_lock(&capa_lock);
 125        for (i = 0; i < NR_CAPAHASH; i++) {
 126                hlist_for_each_entry_safe(oc, next, hash + i,
 127                                              u.tgt.c_hash)
 128                        capa_delete(oc);
 129        }
 130        spin_unlock(&capa_lock);
 131
 132        OBD_FREE(hash, PAGE_CACHE_SIZE);
 133}
 134EXPORT_SYMBOL(cleanup_capa_hash);
 135
 136static inline int capa_hashfn(struct lu_fid *fid)
 137{
 138        return (fid_oid(fid) ^ fid_ver(fid)) *
 139               (unsigned long)(fid_seq(fid) + 1) % NR_CAPAHASH;
 140}
 141
 142/* capa renewal time check is earlier than that on client, which is to prevent
 143 * client renew right after obtaining it. */
 144static inline int capa_is_to_expire(struct obd_capa *oc)
 145{
 146        return cfs_time_before(cfs_time_sub(oc->c_expiry,
 147                                   cfs_time_seconds(oc->c_capa.lc_timeout)*2/3),
 148                               cfs_time_current());
 149}
 150
 151static struct obd_capa *find_capa(struct lustre_capa *capa,
 152                                  struct hlist_head *head, int alive)
 153{
 154        struct obd_capa *ocapa;
 155        int len = alive ? offsetof(struct lustre_capa, lc_keyid):sizeof(*capa);
 156
 157        hlist_for_each_entry(ocapa, head, u.tgt.c_hash) {
 158                if (memcmp(&ocapa->c_capa, capa, len))
 159                        continue;
 160                /* don't return one that will expire soon in this case */
 161                if (alive && capa_is_to_expire(ocapa))
 162                        continue;
 163
 164                LASSERT(capa_on_server(ocapa));
 165
 166                DEBUG_CAPA(D_SEC, &ocapa->c_capa, "found");
 167                return ocapa;
 168        }
 169
 170        return NULL;
 171}
 172
 173#define LRU_CAPA_DELETE_COUNT 12
 174static inline void capa_delete_lru(struct list_head *head)
 175{
 176        struct obd_capa *ocapa;
 177        struct list_head *node = head->next;
 178        int count = 0;
 179
 180        /* free LRU_CAPA_DELETE_COUNT unused capa from head */
 181        while (count++ < LRU_CAPA_DELETE_COUNT) {
 182                ocapa = list_entry(node, struct obd_capa, c_list);
 183                node = node->next;
 184                if (atomic_read(&ocapa->c_refc))
 185                        continue;
 186
 187                DEBUG_CAPA(D_SEC, &ocapa->c_capa, "free lru");
 188                capa_delete(ocapa);
 189        }
 190}
 191
 192/* add or update */
 193struct obd_capa *capa_add(struct hlist_head *hash, struct lustre_capa *capa)
 194{
 195        struct hlist_head *head = hash + capa_hashfn(&capa->lc_fid);
 196        struct obd_capa *ocapa, *old = NULL;
 197        struct list_head *list = &capa_list[CAPA_SITE_SERVER];
 198
 199        ocapa = alloc_capa(CAPA_SITE_SERVER);
 200        if (IS_ERR(ocapa))
 201                return NULL;
 202
 203        spin_lock(&capa_lock);
 204        old = find_capa(capa, head, 0);
 205        if (!old) {
 206                ocapa->c_capa = *capa;
 207                set_capa_expiry(ocapa);
 208                hlist_add_head(&ocapa->u.tgt.c_hash, head);
 209                list_add_tail(&ocapa->c_list, list);
 210                capa_get(ocapa);
 211                capa_count[CAPA_SITE_SERVER]++;
 212                if (capa_count[CAPA_SITE_SERVER] > CAPA_HASH_SIZE)
 213                        capa_delete_lru(list);
 214                spin_unlock(&capa_lock);
 215                return ocapa;
 216        } else {
 217                capa_get(old);
 218                spin_unlock(&capa_lock);
 219                capa_put(ocapa);
 220                return old;
 221        }
 222}
 223EXPORT_SYMBOL(capa_add);
 224
 225struct obd_capa *capa_lookup(struct hlist_head *hash, struct lustre_capa *capa,
 226                             int alive)
 227{
 228        struct obd_capa *ocapa;
 229
 230        spin_lock(&capa_lock);
 231        ocapa = find_capa(capa, hash + capa_hashfn(&capa->lc_fid), alive);
 232        if (ocapa) {
 233                list_move_tail(&ocapa->c_list,
 234                                   &capa_list[CAPA_SITE_SERVER]);
 235                capa_get(ocapa);
 236        }
 237        spin_unlock(&capa_lock);
 238
 239        return ocapa;
 240}
 241EXPORT_SYMBOL(capa_lookup);
 242
 243static inline int ll_crypto_hmac(struct crypto_hash *tfm,
 244                                 u8 *key, unsigned int *keylen,
 245                                 struct scatterlist *sg,
 246                                 unsigned int size, u8 *result)
 247{
 248        struct hash_desc desc;
 249        int           rv;
 250        desc.tfm   = tfm;
 251        desc.flags = 0;
 252        rv = crypto_hash_setkey(desc.tfm, key, *keylen);
 253        if (rv) {
 254                CERROR("failed to hash setkey: %d\n", rv);
 255                return rv;
 256        }
 257        return crypto_hash_digest(&desc, sg, size, result);
 258}
 259
 260int capa_hmac(__u8 *hmac, struct lustre_capa *capa, __u8 *key)
 261{
 262        struct crypto_hash *tfm;
 263        struct capa_hmac_alg  *alg;
 264        int keylen;
 265        struct scatterlist sl;
 266
 267        if (capa_alg(capa) != CAPA_HMAC_ALG_SHA1) {
 268                CERROR("unknown capability hmac algorithm!\n");
 269                return -EFAULT;
 270        }
 271
 272        alg = &capa_hmac_algs[capa_alg(capa)];
 273
 274        tfm = crypto_alloc_hash(alg->ha_name, 0, 0);
 275        if (IS_ERR(tfm)) {
 276                CERROR("crypto_alloc_tfm failed, check whether your kernel"
 277                       "has crypto support!\n");
 278                return PTR_ERR(tfm);
 279        }
 280        keylen = alg->ha_keylen;
 281
 282        sg_set_page(&sl, virt_to_page(capa),
 283                    offsetof(struct lustre_capa, lc_hmac),
 284                    (unsigned long)(capa) % PAGE_CACHE_SIZE);
 285
 286        ll_crypto_hmac(tfm, key, &keylen, &sl, sl.length, hmac);
 287        crypto_free_hash(tfm);
 288
 289        return 0;
 290}
 291EXPORT_SYMBOL(capa_hmac);
 292
 293int capa_encrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen)
 294{
 295        struct crypto_blkcipher *tfm;
 296        struct scatterlist sd;
 297        struct scatterlist ss;
 298        struct blkcipher_desc desc;
 299        unsigned int min;
 300        int rc;
 301        char alg[CRYPTO_MAX_ALG_NAME+1] = "aes";
 302
 303        /* passing "aes" in a variable instead of a constant string keeps gcc
 304         * 4.3.2 happy */
 305        tfm = crypto_alloc_blkcipher(alg, 0, 0 );
 306        if (IS_ERR(tfm)) {
 307                CERROR("failed to load transform for aes\n");
 308                return PTR_ERR(tfm);
 309        }
 310
 311        min = ll_crypto_tfm_alg_min_keysize(tfm);
 312        if (keylen < min) {
 313                CERROR("keylen at least %d bits for aes\n", min * 8);
 314                GOTO(out, rc = -EINVAL);
 315        }
 316
 317        rc = crypto_blkcipher_setkey(tfm, key, min);
 318        if (rc) {
 319                CERROR("failed to setting key for aes\n");
 320                GOTO(out, rc);
 321        }
 322
 323        sg_set_page(&sd, virt_to_page(d), 16,
 324                    (unsigned long)(d) % PAGE_CACHE_SIZE);
 325
 326        sg_set_page(&ss, virt_to_page(s), 16,
 327                    (unsigned long)(s) % PAGE_CACHE_SIZE);
 328        desc.tfm   = tfm;
 329        desc.info  = NULL;
 330        desc.flags = 0;
 331        rc = crypto_blkcipher_encrypt(&desc, &sd, &ss, 16);
 332        if (rc) {
 333                CERROR("failed to encrypt for aes\n");
 334                GOTO(out, rc);
 335        }
 336
 337out:
 338        crypto_free_blkcipher(tfm);
 339        return rc;
 340}
 341EXPORT_SYMBOL(capa_encrypt_id);
 342
 343int capa_decrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen)
 344{
 345        struct crypto_blkcipher *tfm;
 346        struct scatterlist sd;
 347        struct scatterlist ss;
 348        struct blkcipher_desc desc;
 349        unsigned int min;
 350        int rc;
 351        char alg[CRYPTO_MAX_ALG_NAME+1] = "aes";
 352
 353        /* passing "aes" in a variable instead of a constant string keeps gcc
 354         * 4.3.2 happy */
 355        tfm = crypto_alloc_blkcipher(alg, 0, 0 );
 356        if (IS_ERR(tfm)) {
 357                CERROR("failed to load transform for aes\n");
 358                return PTR_ERR(tfm);
 359        }
 360
 361        min = ll_crypto_tfm_alg_min_keysize(tfm);
 362        if (keylen < min) {
 363                CERROR("keylen at least %d bits for aes\n", min * 8);
 364                GOTO(out, rc = -EINVAL);
 365        }
 366
 367        rc = crypto_blkcipher_setkey(tfm, key, min);
 368        if (rc) {
 369                CERROR("failed to setting key for aes\n");
 370                GOTO(out, rc);
 371        }
 372
 373        sg_set_page(&sd, virt_to_page(d), 16,
 374                    (unsigned long)(d) % PAGE_CACHE_SIZE);
 375
 376        sg_set_page(&ss, virt_to_page(s), 16,
 377                    (unsigned long)(s) % PAGE_CACHE_SIZE);
 378
 379        desc.tfm   = tfm;
 380        desc.info  = NULL;
 381        desc.flags = 0;
 382        rc = crypto_blkcipher_decrypt(&desc, &sd, &ss, 16);
 383        if (rc) {
 384                CERROR("failed to decrypt for aes\n");
 385                GOTO(out, rc);
 386        }
 387
 388out:
 389        crypto_free_blkcipher(tfm);
 390        return rc;
 391}
 392EXPORT_SYMBOL(capa_decrypt_id);
 393
 394void capa_cpy(void *capa, struct obd_capa *ocapa)
 395{
 396        spin_lock(&ocapa->c_lock);
 397        *(struct lustre_capa *)capa = ocapa->c_capa;
 398        spin_unlock(&ocapa->c_lock);
 399}
 400EXPORT_SYMBOL(capa_cpy);
 401
 402void _debug_capa(struct lustre_capa *c,
 403                 struct libcfs_debug_msg_data *msgdata,
 404                 const char *fmt, ... )
 405{
 406        va_list args;
 407        va_start(args, fmt);
 408        libcfs_debug_vmsg2(msgdata, fmt, args,
 409                           " capability@%p fid "DFID" opc "LPX64" uid "LPU64
 410                           " gid "LPU64" flags %u alg %d keyid %u timeout %u "
 411                           "expiry %u\n", c, PFID(capa_fid(c)), capa_opc(c),
 412                           capa_uid(c), capa_gid(c), capa_flags(c),
 413                           capa_alg(c), capa_keyid(c), capa_timeout(c),
 414                           capa_expiry(c));
 415        va_end(args);
 416}
 417EXPORT_SYMBOL(_debug_capa);
 418