4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
20 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
21 * CA 95054 USA or visit www.sun.com if you need additional information or
27 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
28 * Use is subject to license terms.
30 * Copyright (c) 2012, Intel Corporation.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
36 * lustre/obdclass/capa.c
38 * Lustre Capability Hash Management
40 * Author: Lai Siyao<lsy@clusterfs.com>
43 #define DEBUG_SUBSYSTEM S_SEC
46 #include <asm/unistd.h>
47 #include <linux/slab.h>
48 #include <linux/module.h>
49 #include <linux/init.h>
50 #include <linux/crypto.h>
52 #include <obd_class.h>
53 #include <lustre_debug.h>
54 #include <lustre/lustre_idl.h>
56 #include <linux/list.h>
57 #include <lustre_capa.h>
59 #define NR_CAPAHASH 32
60 #define CAPA_HASH_SIZE 3000 /* for MDS & OSS */
62 struct kmem_cache *capa_cachep = NULL;
64 /* lock for capa hash/capa_list/fo_capa_keys */
65 DEFINE_SPINLOCK(capa_lock);
67 struct list_head capa_list[CAPA_SITE_MAX];
69 static struct capa_hmac_alg capa_hmac_algs[] = {
70 DEF_CAPA_HMAC_ALG("sha1", SHA1, 20, 20),
73 int capa_count[CAPA_SITE_MAX] = { 0, };
75 EXPORT_SYMBOL(capa_cachep);
76 EXPORT_SYMBOL(capa_list);
77 EXPORT_SYMBOL(capa_lock);
78 EXPORT_SYMBOL(capa_count);
81 unsigned int ll_crypto_tfm_alg_min_keysize(struct crypto_blkcipher *tfm)
83 return crypto_blkcipher_tfm(tfm)->__crt_alg->cra_blkcipher.min_keysize;
86 struct hlist_head *init_capa_hash(void)
88 struct hlist_head *hash;
91 OBD_ALLOC(hash, PAGE_CACHE_SIZE);
95 nr_hash = PAGE_CACHE_SIZE / sizeof(struct hlist_head);
96 LASSERT(nr_hash > NR_CAPAHASH);
98 for (i = 0; i < NR_CAPAHASH; i++)
99 INIT_HLIST_HEAD(hash + i);
102 EXPORT_SYMBOL(init_capa_hash);
104 static inline int capa_on_server(struct obd_capa *ocapa)
106 return ocapa->c_site == CAPA_SITE_SERVER;
109 static inline void capa_delete(struct obd_capa *ocapa)
111 LASSERT(capa_on_server(ocapa));
112 hlist_del_init(&ocapa->u.tgt.c_hash);
113 list_del_init(&ocapa->c_list);
114 capa_count[ocapa->c_site]--;
115 /* release the ref when alloc */
119 void cleanup_capa_hash(struct hlist_head *hash)
122 struct hlist_node *next;
125 spin_lock(&capa_lock);
126 for (i = 0; i < NR_CAPAHASH; i++) {
127 hlist_for_each_entry_safe(oc, next, hash + i,
131 spin_unlock(&capa_lock);
133 OBD_FREE(hash, PAGE_CACHE_SIZE);
135 EXPORT_SYMBOL(cleanup_capa_hash);
137 static inline int capa_hashfn(struct lu_fid *fid)
139 return (fid_oid(fid) ^ fid_ver(fid)) *
140 (unsigned long)(fid_seq(fid) + 1) % NR_CAPAHASH;
143 /* capa renewal time check is earlier than that on client, which is to prevent
144 * client renew right after obtaining it. */
145 static inline int capa_is_to_expire(struct obd_capa *oc)
147 return cfs_time_before(cfs_time_sub(oc->c_expiry,
148 cfs_time_seconds(oc->c_capa.lc_timeout)*2/3),
152 static struct obd_capa *find_capa(struct lustre_capa *capa,
153 struct hlist_head *head, int alive)
155 struct obd_capa *ocapa;
156 int len = alive ? offsetof(struct lustre_capa, lc_keyid):sizeof(*capa);
158 hlist_for_each_entry(ocapa, head, u.tgt.c_hash) {
159 if (memcmp(&ocapa->c_capa, capa, len))
161 /* don't return one that will expire soon in this case */
162 if (alive && capa_is_to_expire(ocapa))
165 LASSERT(capa_on_server(ocapa));
167 DEBUG_CAPA(D_SEC, &ocapa->c_capa, "found");
174 #define LRU_CAPA_DELETE_COUNT 12
175 static inline void capa_delete_lru(struct list_head *head)
177 struct obd_capa *ocapa;
178 struct list_head *node = head->next;
181 /* free LRU_CAPA_DELETE_COUNT unused capa from head */
182 while (count++ < LRU_CAPA_DELETE_COUNT) {
183 ocapa = list_entry(node, struct obd_capa, c_list);
185 if (atomic_read(&ocapa->c_refc))
188 DEBUG_CAPA(D_SEC, &ocapa->c_capa, "free lru");
194 struct obd_capa *capa_add(struct hlist_head *hash, struct lustre_capa *capa)
196 struct hlist_head *head = hash + capa_hashfn(&capa->lc_fid);
197 struct obd_capa *ocapa, *old = NULL;
198 struct list_head *list = &capa_list[CAPA_SITE_SERVER];
200 ocapa = alloc_capa(CAPA_SITE_SERVER);
204 spin_lock(&capa_lock);
205 old = find_capa(capa, head, 0);
207 ocapa->c_capa = *capa;
208 set_capa_expiry(ocapa);
209 hlist_add_head(&ocapa->u.tgt.c_hash, head);
210 list_add_tail(&ocapa->c_list, list);
212 capa_count[CAPA_SITE_SERVER]++;
213 if (capa_count[CAPA_SITE_SERVER] > CAPA_HASH_SIZE)
214 capa_delete_lru(list);
215 spin_unlock(&capa_lock);
219 spin_unlock(&capa_lock);
224 EXPORT_SYMBOL(capa_add);
226 struct obd_capa *capa_lookup(struct hlist_head *hash, struct lustre_capa *capa,
229 struct obd_capa *ocapa;
231 spin_lock(&capa_lock);
232 ocapa = find_capa(capa, hash + capa_hashfn(&capa->lc_fid), alive);
234 list_move_tail(&ocapa->c_list,
235 &capa_list[CAPA_SITE_SERVER]);
238 spin_unlock(&capa_lock);
242 EXPORT_SYMBOL(capa_lookup);
244 static inline int ll_crypto_hmac(struct crypto_hash *tfm,
245 u8 *key, unsigned int *keylen,
246 struct scatterlist *sg,
247 unsigned int size, u8 *result)
249 struct hash_desc desc;
253 rv = crypto_hash_setkey(desc.tfm, key, *keylen);
255 CERROR("failed to hash setkey: %d\n", rv);
258 return crypto_hash_digest(&desc, sg, size, result);
261 int capa_hmac(__u8 *hmac, struct lustre_capa *capa, __u8 *key)
263 struct crypto_hash *tfm;
264 struct capa_hmac_alg *alg;
266 struct scatterlist sl;
268 if (capa_alg(capa) != CAPA_HMAC_ALG_SHA1) {
269 CERROR("unknown capability hmac algorithm!\n");
273 alg = &capa_hmac_algs[capa_alg(capa)];
275 tfm = crypto_alloc_hash(alg->ha_name, 0, 0);
277 CERROR("crypto_alloc_tfm failed, check whether your kernel"
278 "has crypto support!\n");
281 keylen = alg->ha_keylen;
283 sg_set_page(&sl, virt_to_page(capa),
284 offsetof(struct lustre_capa, lc_hmac),
285 (unsigned long)(capa) % PAGE_CACHE_SIZE);
287 ll_crypto_hmac(tfm, key, &keylen, &sl, sl.length, hmac);
288 crypto_free_hash(tfm);
292 EXPORT_SYMBOL(capa_hmac);
294 int capa_encrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen)
296 struct crypto_blkcipher *tfm;
297 struct scatterlist sd;
298 struct scatterlist ss;
299 struct blkcipher_desc desc;
302 char alg[CRYPTO_MAX_ALG_NAME+1] = "aes";
304 /* passing "aes" in a variable instead of a constant string keeps gcc
306 tfm = ll_crypto_alloc_blkcipher(alg, 0, 0 );
308 CERROR("failed to load transform for aes\n");
312 min = ll_crypto_tfm_alg_min_keysize(tfm);
314 CERROR("keylen at least %d bits for aes\n", min * 8);
315 GOTO(out, rc = -EINVAL);
318 rc = crypto_blkcipher_setkey(tfm, key, min);
320 CERROR("failed to setting key for aes\n");
324 sg_set_page(&sd, virt_to_page(d), 16,
325 (unsigned long)(d) % PAGE_CACHE_SIZE);
327 sg_set_page(&ss, virt_to_page(s), 16,
328 (unsigned long)(s) % PAGE_CACHE_SIZE);
332 rc = crypto_blkcipher_encrypt(&desc, &sd, &ss, 16);
334 CERROR("failed to encrypt for aes\n");
339 crypto_free_blkcipher(tfm);
342 EXPORT_SYMBOL(capa_encrypt_id);
344 int capa_decrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen)
346 struct crypto_blkcipher *tfm;
347 struct scatterlist sd;
348 struct scatterlist ss;
349 struct blkcipher_desc desc;
352 char alg[CRYPTO_MAX_ALG_NAME+1] = "aes";
354 /* passing "aes" in a variable instead of a constant string keeps gcc
356 tfm = ll_crypto_alloc_blkcipher(alg, 0, 0 );
358 CERROR("failed to load transform for aes\n");
362 min = ll_crypto_tfm_alg_min_keysize(tfm);
364 CERROR("keylen at least %d bits for aes\n", min * 8);
365 GOTO(out, rc = -EINVAL);
368 rc = crypto_blkcipher_setkey(tfm, key, min);
370 CERROR("failed to setting key for aes\n");
374 sg_set_page(&sd, virt_to_page(d), 16,
375 (unsigned long)(d) % PAGE_CACHE_SIZE);
377 sg_set_page(&ss, virt_to_page(s), 16,
378 (unsigned long)(s) % PAGE_CACHE_SIZE);
383 rc = crypto_blkcipher_decrypt(&desc, &sd, &ss, 16);
385 CERROR("failed to decrypt for aes\n");
390 crypto_free_blkcipher(tfm);
393 EXPORT_SYMBOL(capa_decrypt_id);
395 void capa_cpy(void *capa, struct obd_capa *ocapa)
397 spin_lock(&ocapa->c_lock);
398 *(struct lustre_capa *)capa = ocapa->c_capa;
399 spin_unlock(&ocapa->c_lock);
401 EXPORT_SYMBOL(capa_cpy);
403 void _debug_capa(struct lustre_capa *c,
404 struct libcfs_debug_msg_data *msgdata,
405 const char *fmt, ... )
409 libcfs_debug_vmsg2(msgdata, fmt, args,
410 " capability@%p fid "DFID" opc "LPX64" uid "LPU64
411 " gid "LPU64" flags %u alg %d keyid %u timeout %u "
412 "expiry %u\n", c, PFID(capa_fid(c)), capa_opc(c),
413 capa_uid(c), capa_gid(c), capa_flags(c),
414 capa_alg(c), capa_keyid(c), capa_timeout(c),
418 EXPORT_SYMBOL(_debug_capa);