diff mbox series

[03/27] lustre: gss: no sec flavor on loopback connection

Message ID 20250321130711.3257092-4-jsimmons@infradead.org (mailing list archive)
State New
Headers show
Series lustre: sync to OpenSFS tree July 27, 2023 | expand

Commit Message

James Simmons March 21, 2025, 1:06 p.m. UTC 
From: Sebastien Buisson <sbuisson@ddn.com>

When using a local client, i.e. a client mounted on a server node,
there is no benefit from a security standpoint to enforce an SSK or
KRB flavor, since the data does not go over the network.
So force the 'null' security flavor for connections on 0@lo,
independently of the currently defined srpc flavor.

WC-bug-id: https://jira.whamcloud.com/browse/LU-13343
Lustre-commit: e3e91ea95fd96a5ea ("LU-13343 gss: no sec flavor on loopback connection")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/46704
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
 fs/lustre/lmv/lmv_obd.c       |  1 +
 fs/lustre/lov/lov_obd.c       | 11 +++++++----
 fs/lustre/ptlrpc/sec_config.c |  4 ++++
 3 files changed, 12 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/fs/lustre/lmv/lmv_obd.c b/fs/lustre/lmv/lmv_obd.c
index f7c7826d0baf..da28bc0e544b 100644
--- a/fs/lustre/lmv/lmv_obd.c
+++ b/fs/lustre/lmv/lmv_obd.c
@@ -471,6 +471,7 @@  static int lmv_check_connect(struct obd_device *obd)
 			continue;
 
 		--lmv->lmv_mdt_descs.ltd_lmv_desc.ld_active_tgt_count;
+		obd_register_observer(tgt->ltd_exp->exp_obd, NULL);
 		obd_disconnect(tgt->ltd_exp);
 	}
 
diff --git a/fs/lustre/lov/lov_obd.c b/fs/lustre/lov/lov_obd.c
index 392395f4c35e..f05091560e95 100644
--- a/fs/lustre/lov/lov_obd.c
+++ b/fs/lustre/lov/lov_obd.c
@@ -134,8 +134,10 @@  int lov_connect_osc(struct obd_device *obd, u32 index, int activate,
 	tgt_obd = lov->lov_tgts[index]->ltd_obd;
 
 	if (!tgt_obd->obd_set_up) {
-		CERROR("Target %s not set up\n", obd_uuid2str(tgt_uuid));
-		return -EINVAL;
+		rc = -EINVAL;
+		CERROR("%s: target not set up: rc = %d\n",
+		       obd_uuid2str(tgt_uuid), rc);
+		return rc;
 	}
 
 	/* override the sp_me from lov */
@@ -159,7 +161,7 @@  int lov_connect_osc(struct obd_device *obd, u32 index, int activate,
 
 	rc = obd_register_observer(tgt_obd, obd);
 	if (rc) {
-		CERROR("Target %s register_observer error %d\n",
+		CERROR("%s: target register_observer error: rc = %d\n",
 		       obd_uuid2str(tgt_uuid), rc);
 		return rc;
 	}
@@ -174,8 +176,9 @@  int lov_connect_osc(struct obd_device *obd, u32 index, int activate,
 	rc = obd_connect(NULL, &lov->lov_tgts[index]->ltd_exp, tgt_obd,
 			 &lov_osc_uuid, data, lov->lov_cache);
 	if (rc || !lov->lov_tgts[index]->ltd_exp) {
-		CERROR("Target %s connect error %d\n",
+		CERROR("%s: target connect error: rc = %d\n",
 		       obd_uuid2str(tgt_uuid), rc);
+		obd_register_observer(tgt_obd, NULL);
 		return -ENODEV;
 	}
 
diff --git a/fs/lustre/ptlrpc/sec_config.c b/fs/lustre/ptlrpc/sec_config.c
index 95e0da4b2da2..35bd95315bd7 100644
--- a/fs/lustre/ptlrpc/sec_config.c
+++ b/fs/lustre/ptlrpc/sec_config.c
@@ -380,6 +380,10 @@  static int sptlrpc_rule_set_choose(struct sptlrpc_rule_set *rset,
 	struct sptlrpc_rule *r;
 	int n;
 
+	if (nid_is_lo0(nid))
+		/* do not enforce any sec flavor on loopback connection */
+		return 0;
+
 	for (n = 0; n < rset->srs_nrule; n++) {
 		r = &rset->srs_rules[n];