LU-17317 gss: no cache flush for rsi and rsc

RPCSEC init and RPCSEC context caches hold gss-related information of security contexts established between network peers. These cache entries are tightly coupled with contexts handled in the sptlrpc layer so they must not be purged directly. They are inserted into the cache when sptlrpc security contexts are established, and removed when the corresponding security contexts are destroyed. Test-Parameters: trivial Test-Parameters: kerberos=true testlist=sanity-krb5 Test-Parameters: testgroup=review-dne-selinux-ssk-part-2 Fixes: 8d828762 ("LU-17015 gss: support large kerberos token for rpc sec init") Signed-off-by: Sebastien Buisson <sbuisson@ddn.com> Change-Id: I903f75a4b5229286fcaed3e9d96b5eee7f653f15 Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/53377 Reviewed-by: Oleg Drokin <green@whamcloud.com> Reviewed-by: Aurelien Degremont <adegremont@nvidia.com> Reviewed-by: Andreas Dilger <adilger@whamcloud.com> Tested-by: jenkins <devops@whamcloud.com> Tested-by: Maloo <maloo@whamcloud.com>

LU-17317 gss: no cache flush for rsi and rsc
RPCSEC init and RPCSEC context caches hold gss-related information of security contexts established between network peers. These cache entries are tightly coupled with contexts handled in the sptlrpc layer so they must not be purged directly. They are inserted into the cache when sptlrpc security contexts are established, and removed when the corresponding security contexts are destroyed. Test-Parameters: trivial Test-Parameters: kerberos=true testlist=sanity-krb5 Test-Parameters: testgroup=review-dne-selinux-ssk-part-2 Fixes: 8d828762 ("LU-17015 gss: support large kerberos token for rpc sec init") Signed-off-by: Sebastien Buisson <sbuisson@ddn.com> Change-Id: I903f75a4b5229286fcaed3e9d96b5eee7f653f15 Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/53377 Reviewed-by: Oleg Drokin <green@whamcloud.com> Reviewed-by: Aurelien Degremont <adegremont@nvidia.com> Reviewed-by: Andreas Dilger <adilger@whamcloud.com> Tested-by: jenkins <devops@whamcloud.com> Tested-by: Maloo <maloo@whamcloud.com>
3615fa4a · Sebastien Buisson · Oleg Drokin · 654d20cd · 3615fa4a · 3615fa4a
Commit 3615fa4a authored 1 year ago by Sebastien Buisson Committed by Oleg Drokin 1 year ago
--- a/lustre/ptlrpc/gss/gss_internal.h
+++ b/lustre/ptlrpc/gss/gss_internal.h
@@ -440,14 +440,12 @@ extern struct upcall_cache_ops rsi_upcall_cache_ops;
 extern struct upcall_cache *rsicache;
 struct gss_rsi *rsi_entry_get(struct upcall_cache *cache, struct gss_rsi *rsi);
 void rsi_entry_put(struct upcall_cache *cache, struct gss_rsi *rsi);
-void rsi_flush(struct upcall_cache *cache, int hash);
 #define RSC_UPCALL_PATH "NONE"
 #define UC_RSCCACHE_HASH_SIZE 1024
 extern struct upcall_cache_ops rsc_upcall_cache_ops;
 extern struct upcall_cache *rsccache;
 struct gss_rsc *rsc_entry_get(struct upcall_cache *cache, struct gss_rsc *rsc);
 void rsc_entry_put(struct upcall_cache *cache, struct gss_rsc *rsc);
-void rsc_flush(struct upcall_cache *cache, int hash);
 void __rsc_free(struct gss_rsc *rsc);

 #endif /* __PTLRPC_GSS_GSS_INTERNAL_H_ */
--- a/lustre/ptlrpc/gss/gss_svc_upcall.c
+++ b/lustre/ptlrpc/gss/gss_svc_upcall.c
@@ -431,14 +431,6 @@ void rsi_entry_put(struct upcall_cache *cache, struct gss_rsi *rsi)
 	upcall_cache_put_entry(cache, rsi->si_uc_entry);
 }

-void rsi_flush(struct upcall_cache *cache, int hash)
-{
-	if (hash < 0)
-		upcall_cache_flush_idle(cache);
-	else
-		upcall_cache_flush_one(cache, (__u64)hash, NULL);
-}
-
 struct upcall_cache_ops rsi_upcall_cache_ops = {
 	.init_entry	  = rsi_entry_init,
 	.free_entry	  = rsi_entry_free,
@@ -637,14 +629,6 @@ void rsc_entry_put(struct upcall_cache *cache, struct gss_rsc *rsc)
 	upcall_cache_put_entry(cache, rsc->sc_uc_entry);
 }

-void rsc_flush(struct upcall_cache *cache, int hash)
-{
-	if (hash < 0)
-		upcall_cache_flush_idle(cache);
-	else
-		upcall_cache_flush_one(cache, (__u64)hash, NULL);
-}
-
 struct upcall_cache_ops rsc_upcall_cache_ops = {
 	.init_entry	  = rsc_entry_init,
 	.free_entry	  = rsc_entry_free,

--- a/lustre/ptlrpc/gss/lproc_gss.c
+++ b/lustre/ptlrpc/gss/lproc_gss.c
@@ -231,21 +231,6 @@ out:
 }
 LPROC_SEQ_FOPS(rsi_upcall);

-static ssize_t lprocfs_rsi_flush_seq_write(struct file *file,
-					   const char __user *buffer,
-					   size_t count, void *data)
-{
-	int hash, rc;
-
-	rc = kstrtoint_from_user(buffer, count, 0, &hash);
-	if (rc)
-		return rc;
-
-	rsi_flush(rsicache, hash);
-	return count;
-}
-LPROC_SEQ_FOPS_WR_ONLY(gss, rsi_flush);
-
 static ssize_t lprocfs_rsi_info_seq_write(struct file *file,
 					  const char __user *buffer,
 					  size_t count, void *data)
@@ -348,21 +333,6 @@ static ssize_t rsi_acquire_expire_seq_write(struct file *file,
 }
 LPROC_SEQ_FOPS(rsi_acquire_expire);

-static ssize_t lprocfs_rsc_flush_seq_write(struct file *file,
-					   const char __user *buffer,
-					   size_t count, void *data)
-{
-	int hash, rc;
-
-	rc = kstrtoint_from_user(buffer, count, 0, &hash);
-	if (rc)
-		return rc;
-
-	rsc_flush(rsccache, hash);
-	return count;
-}
-LPROC_SEQ_FOPS_WR_ONLY(gss, rsc_flush);
-
 static ssize_t lprocfs_rsc_info_seq_write(struct file *file,
 					  const char __user *buffer,
 					  size_t count, void *data)
@@ -476,16 +446,12 @@ static struct lprocfs_vars gss_lprocfs_vars[] = {
 #endif
 	{ .name	=	"rsi_upcall",
 	  .fops	=	&rsi_upcall_fops },
-	{ .name =	"rsi_flush",
-	  .fops =	&gss_rsi_flush_fops },
 	{ .name =	"rsi_info",
 	  .fops =	&gss_rsi_info_fops },
 	{ .name	=	"rsi_entry_expire",
 	  .fops	=	&rsi_entry_expire_fops },
 	{ .name	=	"rsi_acquire_expire",
 	  .fops	=	&rsi_acquire_expire_fops },
-	{ .name =	"rsc_flush",
-	  .fops =	&gss_rsc_flush_fops },
 	{ .name =	"rsc_info",
 	  .fops =	&gss_rsc_info_fops },
 	{ NULL }