Commit 2827bada authored by Xiubo Li's avatar Xiubo Li Committed by Ilya Dryomov
Browse files

ceph: check the cephx mds auth access for async dirop 

Before doing the op locally we need to check the cephx access.

Link: https://tracker.ceph.com/issues/61333


Signed-off-by: default avatarXiubo Li <xiubli@redhat.com>
Reviewed-by: default avatarMilind Changire <mchangir@redhat.com>
Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
parent 845ae9d4

fs/ceph/dir.c

+28 −0
Original line number Diff line number Diff line
@@ -1336,8 +1336,12 @@ static int ceph_unlink(struct inode *dir, struct dentry *dentry) 
	struct inode *inode = d_inode(dentry);

	struct ceph_mds_request *req;

	bool try_async = ceph_test_mount_opt(fsc, ASYNC_DIROPS);

	struct dentry *dn;

	int err = -EROFS;

	int op;

	char *path;

	int pathlen;

	u64 pathbase;



	if (ceph_snap(dir) == CEPH_SNAPDIR) {

		/* rmdir .snap/foo is RMSNAP */
@@ -1351,6 +1355,30 @@ static int ceph_unlink(struct inode *dir, struct dentry *dentry) 
			CEPH_MDS_OP_RMDIR : CEPH_MDS_OP_UNLINK;

	} else

		goto out;



	dn = d_find_alias(dir);

	if (!dn) {

		try_async = false;

	} else {

		path = ceph_mdsc_build_path(mdsc, dn, &pathlen, &pathbase, 0);

		if (IS_ERR(path)) {

			try_async = false;

			err = 0;

		} else {

			err = ceph_mds_check_access(mdsc, path, MAY_WRITE);

		}

		ceph_mdsc_free_path(path, pathlen);

		dput(dn);



		/* For none EACCES cases will let the MDS do the mds auth check */

		if (err == -EACCES) {

			return err;

		} else if (err < 0) {

			try_async = false;

			err = 0;

		}

	}



retry:

	req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS);

	if (IS_ERR(req)) {

fs/ceph/file.c

+31 −0
Original line number Diff line number Diff line
@@ -790,6 +790,9 @@ int ceph_atomic_open(struct inode *dir, struct dentry *dentry, 
	bool try_async = ceph_test_mount_opt(fsc, ASYNC_DIROPS);

	int mask;

	int err;

	char *path;

	int pathlen;

	u64 pathbase;



	doutc(cl, "%p %llx.%llx dentry %p '%pd' %s flags %d mode 0%o\n",

	      dir, ceph_vinop(dir), dentry, dentry,
@@ -807,6 +810,34 @@ int ceph_atomic_open(struct inode *dir, struct dentry *dentry, 
	 */

	flags &= ~O_TRUNC;



	dn = d_find_alias(dir);

	if (!dn) {

		try_async = false;

	} else {

		path = ceph_mdsc_build_path(mdsc, dn, &pathlen, &pathbase, 0);

		if (IS_ERR(path)) {

			try_async = false;

			err = 0;

		} else {

			int fmode = ceph_flags_to_mode(flags);



			mask = MAY_READ;

			if (fmode & CEPH_FILE_MODE_WR)

				mask |= MAY_WRITE;

			err = ceph_mds_check_access(mdsc, path, mask);

		}

		ceph_mdsc_free_path(path, pathlen);

		dput(dn);



		/* For none EACCES cases will let the MDS do the mds auth check */

		if (err == -EACCES) {

			return err;

		} else if (err < 0) {

			try_async = false;

			err = 0;

		}

	}



retry:

	if (flags & O_CREAT) {

		if (ceph_quota_is_max_files_exceeded(dir))