tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

libceph: set global_id as soon as we get an auth ticket

Commit 61ca49a9105f ("libceph: don't set global_id until we get an
auth ticket") delayed the setting of global_id too much. It is set
only after all tickets are received, but in pre-nautilus clusters an
auth ticket and the service tickets are obtained in separate steps
(for a total of three MAuth replies). When the service tickets are
requested, global_id is used to build an authorizer; if global_id is
still 0 we never get them and fail to establish the session.

Moving the setting of global_id into protocol implementations. This
way global_id can be set exactly when an auth ticket is received, not
sooner nor later.

Fixes: 61ca49a9105f ("libceph: don't set global_id until we get an auth ticket")
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>

Ilya Dryomov 03af4c7b 3c0d0894

+16 -15
+3 -1
include/linux/ceph/auth.h
··· 50 50 * another request. 51 51 */ 52 52 int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end); 53 - int (*handle_reply)(struct ceph_auth_client *ac, 53 + int (*handle_reply)(struct ceph_auth_client *ac, u64 global_id, 54 54 void *buf, void *end, u8 *session_key, 55 55 int *session_key_len, u8 *con_secret, 56 56 int *con_secret_len); ··· 103 103 104 104 struct mutex mutex; 105 105 }; 106 + 107 + void ceph_auth_set_global_id(struct ceph_auth_client *ac, u64 global_id); 106 108 107 109 struct ceph_auth_client *ceph_auth_init(const char *name, 108 110 const struct ceph_crypto_key *key,
+5 -8
net/ceph/auth.c
··· 36 36 } 37 37 } 38 38 39 - static void set_global_id(struct ceph_auth_client *ac, u64 global_id) 39 + void ceph_auth_set_global_id(struct ceph_auth_client *ac, u64 global_id) 40 40 { 41 41 dout("%s global_id %llu\n", __func__, global_id); 42 42 ··· 267 267 goto out; 268 268 } 269 269 270 - ret = ac->ops->handle_reply(ac, payload, payload_end, 270 + ret = ac->ops->handle_reply(ac, global_id, payload, payload_end, 271 271 NULL, NULL, NULL, NULL); 272 272 if (ret == -EAGAIN) { 273 273 ret = build_request(ac, true, reply_buf, reply_len); ··· 275 275 } else if (ret) { 276 276 goto out; 277 277 } 278 - 279 - set_global_id(ac, global_id); 280 278 281 279 out: 282 280 mutex_unlock(&ac->mutex); ··· 483 485 int ret; 484 486 485 487 mutex_lock(&ac->mutex); 486 - ret = ac->ops->handle_reply(ac, reply, reply + reply_len, 488 + ret = ac->ops->handle_reply(ac, 0, reply, reply + reply_len, 487 489 NULL, NULL, NULL, NULL); 488 490 if (ret == -EAGAIN) 489 491 ret = build_request(ac, false, buf, buf_len); ··· 501 503 int ret; 502 504 503 505 mutex_lock(&ac->mutex); 504 - ret = ac->ops->handle_reply(ac, reply, reply + reply_len, 506 + ret = ac->ops->handle_reply(ac, global_id, reply, reply + reply_len, 505 507 session_key, session_key_len, 506 508 con_secret, con_secret_len); 507 - if (!ret) 508 - set_global_id(ac, global_id); 509 + WARN_ON(ret == -EAGAIN || ret > 0); 509 510 mutex_unlock(&ac->mutex); 510 511 return ret; 511 512 }
+2 -1
net/ceph/auth_none.c
··· 69 69 * the generic auth code decode the global_id, and we carry no actual 70 70 * authenticate state, so nothing happens here. 71 71 */ 72 - static int handle_reply(struct ceph_auth_client *ac, 72 + static int handle_reply(struct ceph_auth_client *ac, u64 global_id, 73 73 void *buf, void *end, u8 *session_key, 74 74 int *session_key_len, u8 *con_secret, 75 75 int *con_secret_len) ··· 77 77 struct ceph_auth_none_info *xi = ac->private; 78 78 79 79 xi->starting = false; 80 + ceph_auth_set_global_id(ac, global_id); 80 81 return 0; 81 82 } 82 83
+6 -5
net/ceph/auth_x.c
··· 597 597 return -EINVAL; 598 598 } 599 599 600 - static int handle_auth_session_key(struct ceph_auth_client *ac, 600 + static int handle_auth_session_key(struct ceph_auth_client *ac, u64 global_id, 601 601 void **p, void *end, 602 602 u8 *session_key, int *session_key_len, 603 603 u8 *con_secret, int *con_secret_len) ··· 613 613 if (ret) 614 614 return ret; 615 615 616 + ceph_auth_set_global_id(ac, global_id); 616 617 if (*p == end) { 617 618 /* pre-nautilus (or didn't request service tickets!) */ 618 619 WARN_ON(session_key || con_secret); ··· 662 661 return -EINVAL; 663 662 } 664 663 665 - static int ceph_x_handle_reply(struct ceph_auth_client *ac, 664 + static int ceph_x_handle_reply(struct ceph_auth_client *ac, u64 global_id, 666 665 void *buf, void *end, 667 666 u8 *session_key, int *session_key_len, 668 667 u8 *con_secret, int *con_secret_len) ··· 696 695 switch (op) { 697 696 case CEPHX_GET_AUTH_SESSION_KEY: 698 697 /* AUTH ticket + [connection secret] + service tickets */ 699 - ret = handle_auth_session_key(ac, &p, end, session_key, 700 - session_key_len, con_secret, 701 - con_secret_len); 698 + ret = handle_auth_session_key(ac, global_id, &p, end, 699 + session_key, session_key_len, 700 + con_secret, con_secret_len); 702 701 break; 703 702 704 703 case CEPHX_GET_PRINCIPAL_SESSION_KEY: