[lustre-devel] [PATCH 03/27] lustre: gss: no sec flavor on loopback connection
James Simmons
jsimmons at infradead.org
Fri Mar 21 06:06:46 PDT 2025
From: Sebastien Buisson <sbuisson at ddn.com>
When using a local client, i.e. a client mounted on a server node,
there is no benefit from a security standpoint to enforce an SSK or
KRB flavor, since the data does not go over the network.
So force the 'null' security flavor for connections on 0 at lo,
independently of the currently defined srpc flavor.
WC-bug-id: https://jira.whamcloud.com/browse/LU-13343
Lustre-commit: e3e91ea95fd96a5ea ("LU-13343 gss: no sec flavor on loopback connection")
Signed-off-by: Sebastien Buisson <sbuisson at ddn.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/46704
Reviewed-by: Aurelien Degremont <adegremont at nvidia.com>
Reviewed-by: Andreas Dilger <adilger at whamcloud.com>
Reviewed-by: James Simmons <jsimmons at infradead.org>
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
---
fs/lustre/lmv/lmv_obd.c | 1 +
fs/lustre/lov/lov_obd.c | 11 +++++++----
fs/lustre/ptlrpc/sec_config.c | 4 ++++
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/fs/lustre/lmv/lmv_obd.c b/fs/lustre/lmv/lmv_obd.c
index f7c7826d0baf..da28bc0e544b 100644
--- a/fs/lustre/lmv/lmv_obd.c
+++ b/fs/lustre/lmv/lmv_obd.c
@@ -471,6 +471,7 @@ static int lmv_check_connect(struct obd_device *obd)
continue;
--lmv->lmv_mdt_descs.ltd_lmv_desc.ld_active_tgt_count;
+ obd_register_observer(tgt->ltd_exp->exp_obd, NULL);
obd_disconnect(tgt->ltd_exp);
}
diff --git a/fs/lustre/lov/lov_obd.c b/fs/lustre/lov/lov_obd.c
index 392395f4c35e..f05091560e95 100644
--- a/fs/lustre/lov/lov_obd.c
+++ b/fs/lustre/lov/lov_obd.c
@@ -134,8 +134,10 @@ int lov_connect_osc(struct obd_device *obd, u32 index, int activate,
tgt_obd = lov->lov_tgts[index]->ltd_obd;
if (!tgt_obd->obd_set_up) {
- CERROR("Target %s not set up\n", obd_uuid2str(tgt_uuid));
- return -EINVAL;
+ rc = -EINVAL;
+ CERROR("%s: target not set up: rc = %d\n",
+ obd_uuid2str(tgt_uuid), rc);
+ return rc;
}
/* override the sp_me from lov */
@@ -159,7 +161,7 @@ int lov_connect_osc(struct obd_device *obd, u32 index, int activate,
rc = obd_register_observer(tgt_obd, obd);
if (rc) {
- CERROR("Target %s register_observer error %d\n",
+ CERROR("%s: target register_observer error: rc = %d\n",
obd_uuid2str(tgt_uuid), rc);
return rc;
}
@@ -174,8 +176,9 @@ int lov_connect_osc(struct obd_device *obd, u32 index, int activate,
rc = obd_connect(NULL, &lov->lov_tgts[index]->ltd_exp, tgt_obd,
&lov_osc_uuid, data, lov->lov_cache);
if (rc || !lov->lov_tgts[index]->ltd_exp) {
- CERROR("Target %s connect error %d\n",
+ CERROR("%s: target connect error: rc = %d\n",
obd_uuid2str(tgt_uuid), rc);
+ obd_register_observer(tgt_obd, NULL);
return -ENODEV;
}
diff --git a/fs/lustre/ptlrpc/sec_config.c b/fs/lustre/ptlrpc/sec_config.c
index 95e0da4b2da2..35bd95315bd7 100644
--- a/fs/lustre/ptlrpc/sec_config.c
+++ b/fs/lustre/ptlrpc/sec_config.c
@@ -380,6 +380,10 @@ static int sptlrpc_rule_set_choose(struct sptlrpc_rule_set *rset,
struct sptlrpc_rule *r;
int n;
+ if (nid_is_lo0(nid))
+ /* do not enforce any sec flavor on loopback connection */
+ return 0;
+
for (n = 0; n < rset->srs_nrule; n++) {
r = &rset->srs_rules[n];
--
2.39.3
More information about the lustre-devel
mailing list