• Bruno Faccini's avatar
    LU-9193 security: return security context for metadata ops · fca35f74
    Bruno Faccini authored
    Security layer needs to fetch security context of files/dirs
    upon metadata ops like lookup, getattr, open, truncate, and
    layout, for its own purpose and control checks.
    Retrieving the security context consists in a getxattr operation
    at the file system level. The fact that the requested metadata
    operation and the getxattr are not atomic can create a window
    for a dead-lock situation where, based on some access patterns,
    all MDT service threads can become stuck waiting for lookup lock
    to be released and thus unable to serve getxattr for security context.
    Another problem is that sending an additional getxattr request for
    every metadata op hurts performance.
    This patch introduces a way to get atomicity by having
    the MDT return security context upon granted lock reply,
    sparing the client an additional getxattr request.
    Test-Parameters: serverbuildno=62488 serverjob=lustre-reviews testlist=sanity,sanity-selinux clientselinux
    Test-Parameters: clientbuildno=4033 clientjob=lustre-reviews-patchless testlist=sanity,sanity-selinux clientselinux
    Signed-off-by: default avatarBruno Faccini <bruno.faccini@intel.com>
    Signed-off-by: default avatarSebastien Buisson <sbuisson@ddn.com>
    Change-Id: Iaaf4d93f8d3bf31b5a2c23e7db36b3cb3feb31ba
    Reviewed-on: https://review.whamcloud.com/26831
    Tested-by: Jenkins
    Tested-by: default avatarMaloo <maloo@whamcloud.com>
    Reviewed-by: default avatarAndreas Dilger <adilger@whamcloud.com>
    Reviewed-by: default avatarOleg Drokin <green@whamcloud.com>