Skip to content

Commit

Permalink
Merge git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Browse files Browse the repository at this point in the history
* git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  libceph: Create a new key type "ceph".
  libceph: Get secret from the kernel keys api when mounting with key=NAME.
  ceph: Move secret key parsing earlier.
  libceph: fix null dereference when unregistering linger requests
  ceph: unlock on error in ceph_osdc_start_request()
  ceph: fix possible NULL pointer dereference
  ceph: flush msgr_wq during mds_client shutdown
  • Loading branch information
Linus Torvalds committed Mar 30, 2011
2 parents 6aba74f + 4b2a58a commit 50f3515
Show file tree
Hide file tree
Showing 13 changed files with 215 additions and 27 deletions.
6 changes: 6 additions & 0 deletions fs/ceph/mds_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -3215,9 +3215,15 @@ void ceph_mdsc_destroy(struct ceph_fs_client *fsc)
{
struct ceph_mds_client *mdsc = fsc->mdsc;

dout("mdsc_destroy %p\n", mdsc);
ceph_mdsc_stop(mdsc);

/* flush out any connection work with references to us */
ceph_msgr_flush();

fsc->mdsc = NULL;
kfree(mdsc);
dout("mdsc_destroy %p done\n", mdsc);
}


Expand Down
2 changes: 1 addition & 1 deletion fs/ceph/super.c
Original file line number Diff line number Diff line change
Expand Up @@ -353,7 +353,7 @@ static int ceph_show_options(struct seq_file *m, struct vfsmount *mnt)

if (opt->name)
seq_printf(m, ",name=%s", opt->name);
if (opt->secret)
if (opt->key)
seq_puts(m, ",secret=<hidden>");

if (opt->mount_timeout != CEPH_MOUNT_TIMEOUT_DEFAULT)
Expand Down
8 changes: 8 additions & 0 deletions include/keys/ceph-type.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#ifndef _KEYS_CEPH_TYPE_H
#define _KEYS_CEPH_TYPE_H

#include <linux/key.h>

extern struct key_type key_type_ceph;

#endif
4 changes: 2 additions & 2 deletions include/linux/ceph/auth.h
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,12 @@ struct ceph_auth_client {
bool negotiating; /* true if negotiating protocol */
const char *name; /* entity name */
u64 global_id; /* our unique id in system */
const char *secret; /* our secret key */
const struct ceph_crypto_key *key; /* our secret key */
unsigned want_keys; /* which services we want */
};

extern struct ceph_auth_client *ceph_auth_init(const char *name,
const char *secret);
const struct ceph_crypto_key *key);
extern void ceph_auth_destroy(struct ceph_auth_client *ac);

extern void ceph_auth_reset(struct ceph_auth_client *ac);
Expand Down
2 changes: 1 addition & 1 deletion include/linux/ceph/libceph.h
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ struct ceph_options {
pointer type of args */
int num_mon;
char *name;
char *secret;
struct ceph_crypto_key *key;
};

/*
Expand Down
1 change: 1 addition & 0 deletions net/ceph/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ config CEPH_LIB
select LIBCRC32C
select CRYPTO_AES
select CRYPTO
select KEYS
default n
help
Choose Y or M here to include cephlib, which provides the
Expand Down
8 changes: 4 additions & 4 deletions net/ceph/auth.c
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,12 @@ static int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol)
/*
* setup, teardown.
*/
struct ceph_auth_client *ceph_auth_init(const char *name, const char *secret)
struct ceph_auth_client *ceph_auth_init(const char *name, const struct ceph_crypto_key *key)
{
struct ceph_auth_client *ac;
int ret;

dout("auth_init name '%s' secret '%s'\n", name, secret);
dout("auth_init name '%s'\n", name);

ret = -ENOMEM;
ac = kzalloc(sizeof(*ac), GFP_NOFS);
Expand All @@ -52,8 +52,8 @@ struct ceph_auth_client *ceph_auth_init(const char *name, const char *secret)
ac->name = name;
else
ac->name = CEPH_AUTH_NAME_DEFAULT;
dout("auth_init name %s secret %s\n", ac->name, secret);
ac->secret = secret;
dout("auth_init name %s\n", ac->name);
ac->key = key;
return ac;

out:
Expand Down
8 changes: 5 additions & 3 deletions net/ceph/auth_x.c
Original file line number Diff line number Diff line change
Expand Up @@ -662,14 +662,16 @@ int ceph_x_init(struct ceph_auth_client *ac)
goto out;

ret = -EINVAL;
if (!ac->secret) {
if (!ac->key) {
pr_err("no secret set (for auth_x protocol)\n");
goto out_nomem;
}

ret = ceph_crypto_key_unarmor(&xi->secret, ac->secret);
if (ret)
ret = ceph_crypto_key_clone(&xi->secret, ac->key);
if (ret < 0) {
pr_err("cannot clone key: %d\n", ret);
goto out_nomem;
}

xi->starting = true;
xi->ticket_handlers = RB_ROOT;
Expand Down
112 changes: 102 additions & 10 deletions net/ceph/ceph_common.c
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
#include <linux/fs.h>
#include <linux/inet.h>
#include <linux/in6.h>
#include <linux/key.h>
#include <keys/ceph-type.h>
#include <linux/module.h>
#include <linux/mount.h>
#include <linux/parser.h>
Expand All @@ -20,6 +22,7 @@
#include <linux/ceph/decode.h>
#include <linux/ceph/mon_client.h>
#include <linux/ceph/auth.h>
#include "crypto.h"



Expand Down Expand Up @@ -117,9 +120,29 @@ int ceph_compare_options(struct ceph_options *new_opt,
if (ret)
return ret;

ret = strcmp_null(opt1->secret, opt2->secret);
if (ret)
return ret;
if (opt1->key && !opt2->key)
return -1;
if (!opt1->key && opt2->key)
return 1;
if (opt1->key && opt2->key) {
if (opt1->key->type != opt2->key->type)
return -1;
if (opt1->key->created.tv_sec != opt2->key->created.tv_sec)
return -1;
if (opt1->key->created.tv_nsec != opt2->key->created.tv_nsec)
return -1;
if (opt1->key->len != opt2->key->len)
return -1;
if (opt1->key->key && !opt2->key->key)
return -1;
if (!opt1->key->key && opt2->key->key)
return 1;
if (opt1->key->key && opt2->key->key) {
ret = memcmp(opt1->key->key, opt2->key->key, opt1->key->len);
if (ret)
return ret;
}
}

/* any matching mon ip implies a match */
for (i = 0; i < opt1->num_mon; i++) {
Expand Down Expand Up @@ -176,6 +199,7 @@ enum {
Opt_fsid,
Opt_name,
Opt_secret,
Opt_key,
Opt_ip,
Opt_last_string,
/* string args above */
Expand All @@ -192,6 +216,7 @@ static match_table_t opt_tokens = {
{Opt_fsid, "fsid=%s"},
{Opt_name, "name=%s"},
{Opt_secret, "secret=%s"},
{Opt_key, "key=%s"},
{Opt_ip, "ip=%s"},
/* string args above */
{Opt_noshare, "noshare"},
Expand All @@ -203,11 +228,56 @@ void ceph_destroy_options(struct ceph_options *opt)
{
dout("destroy_options %p\n", opt);
kfree(opt->name);
kfree(opt->secret);
if (opt->key) {
ceph_crypto_key_destroy(opt->key);
kfree(opt->key);
}
kfree(opt);
}
EXPORT_SYMBOL(ceph_destroy_options);

/* get secret from key store */
static int get_secret(struct ceph_crypto_key *dst, const char *name) {
struct key *ukey;
int key_err;
int err = 0;
struct ceph_crypto_key *ckey;

ukey = request_key(&key_type_ceph, name, NULL);
if (!ukey || IS_ERR(ukey)) {
/* request_key errors don't map nicely to mount(2)
errors; don't even try, but still printk */
key_err = PTR_ERR(ukey);
switch (key_err) {
case -ENOKEY:
pr_warning("ceph: Mount failed due to key not found: %s\n", name);
break;
case -EKEYEXPIRED:
pr_warning("ceph: Mount failed due to expired key: %s\n", name);
break;
case -EKEYREVOKED:
pr_warning("ceph: Mount failed due to revoked key: %s\n", name);
break;
default:
pr_warning("ceph: Mount failed due to unknown key error"
" %d: %s\n", key_err, name);
}
err = -EPERM;
goto out;
}

ckey = ukey->payload.data;
err = ceph_crypto_key_clone(dst, ckey);
if (err)
goto out_key;
/* pass through, err is 0 */

out_key:
key_put(ukey);
out:
return err;
}

int ceph_parse_options(struct ceph_options **popt, char *options,
const char *dev_name, const char *dev_name_end,
int (*parse_extra_token)(char *c, void *private),
Expand Down Expand Up @@ -295,9 +365,24 @@ int ceph_parse_options(struct ceph_options **popt, char *options,
GFP_KERNEL);
break;
case Opt_secret:
opt->secret = kstrndup(argstr[0].from,
argstr[0].to-argstr[0].from,
GFP_KERNEL);
opt->key = kzalloc(sizeof(*opt->key), GFP_KERNEL);
if (!opt->key) {
err = -ENOMEM;
goto out;
}
err = ceph_crypto_key_unarmor(opt->key, argstr[0].from);
if (err < 0)
goto out;
break;
case Opt_key:
opt->key = kzalloc(sizeof(*opt->key), GFP_KERNEL);
if (!opt->key) {
err = -ENOMEM;
goto out;
}
err = get_secret(opt->key, argstr[0].from);
if (err < 0)
goto out;
break;

/* misc */
Expand Down Expand Up @@ -394,8 +479,8 @@ void ceph_destroy_client(struct ceph_client *client)
ceph_osdc_stop(&client->osdc);

/*
* make sure mds and osd connections close out before destroying
* the auth module, which is needed to free those connections'
* make sure osd connections close out before destroying the
* auth module, which is needed to free those connections'
* ceph_authorizers.
*/
ceph_msgr_flush();
Expand Down Expand Up @@ -496,17 +581,23 @@ static int __init init_ceph_lib(void)
if (ret < 0)
goto out;

ret = ceph_msgr_init();
ret = ceph_crypto_init();
if (ret < 0)
goto out_debugfs;

ret = ceph_msgr_init();
if (ret < 0)
goto out_crypto;

pr_info("loaded (mon/osd proto %d/%d, osdmap %d/%d %d/%d)\n",
CEPH_MONC_PROTOCOL, CEPH_OSDC_PROTOCOL,
CEPH_OSDMAP_VERSION, CEPH_OSDMAP_VERSION_EXT,
CEPH_OSDMAP_INC_VERSION, CEPH_OSDMAP_INC_VERSION_EXT);

return 0;

out_crypto:
ceph_crypto_shutdown();
out_debugfs:
ceph_debugfs_cleanup();
out:
Expand All @@ -517,6 +608,7 @@ static void __exit exit_ceph_lib(void)
{
dout("exit_ceph_lib\n");
ceph_msgr_exit();
ceph_crypto_shutdown();
ceph_debugfs_cleanup();
}

Expand Down
73 changes: 73 additions & 0 deletions net/ceph/crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,23 @@
#include <linux/scatterlist.h>
#include <linux/slab.h>
#include <crypto/hash.h>
#include <linux/key-type.h>

#include <keys/ceph-type.h>
#include <linux/ceph/decode.h>
#include "crypto.h"

int ceph_crypto_key_clone(struct ceph_crypto_key *dst,
const struct ceph_crypto_key *src)
{
memcpy(dst, src, sizeof(struct ceph_crypto_key));
dst->key = kmalloc(src->len, GFP_NOFS);
if (!dst->key)
return -ENOMEM;
memcpy(dst->key, src->key, src->len);
return 0;
}

int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end)
{
if (*p + sizeof(u16) + sizeof(key->created) +
Expand Down Expand Up @@ -410,3 +423,63 @@ int ceph_encrypt2(struct ceph_crypto_key *secret, void *dst, size_t *dst_len,
return -EINVAL;
}
}

int ceph_key_instantiate(struct key *key, const void *data, size_t datalen)
{
struct ceph_crypto_key *ckey;
int ret;
void *p;

ret = -EINVAL;
if (datalen <= 0 || datalen > 32767 || !data)
goto err;

ret = key_payload_reserve(key, datalen);
if (ret < 0)
goto err;

ret = -ENOMEM;
ckey = kmalloc(sizeof(*ckey), GFP_KERNEL);
if (!ckey)
goto err;

/* TODO ceph_crypto_key_decode should really take const input */
p = (void*)data;
ret = ceph_crypto_key_decode(ckey, &p, (char*)data+datalen);
if (ret < 0)
goto err_ckey;

key->payload.data = ckey;
return 0;

err_ckey:
kfree(ckey);
err:
return ret;
}

int ceph_key_match(const struct key *key, const void *description)
{
return strcmp(key->description, description) == 0;
}

void ceph_key_destroy(struct key *key) {
struct ceph_crypto_key *ckey = key->payload.data;

ceph_crypto_key_destroy(ckey);
}

struct key_type key_type_ceph = {
.name = "ceph",
.instantiate = ceph_key_instantiate,
.match = ceph_key_match,
.destroy = ceph_key_destroy,
};

int ceph_crypto_init(void) {
return register_key_type(&key_type_ceph);
}

void ceph_crypto_shutdown(void) {
unregister_key_type(&key_type_ceph);
}
Loading

0 comments on commit 50f3515

Please sign in to comment.