From patchwork Fri Jan 15 14:50:43 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ilya Dryomov <idryomov@gmail.com>
X-Patchwork-Id: 8041641
Return-Path: <ceph-devel-owner@kernel.org>
X-Original-To: patchwork-ceph-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id DCA93BEEE5
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Fri, 15 Jan 2016 14:51:28 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 06297203E1
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Fri, 15 Jan 2016 14:51:28 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 1F47B20434
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Fri, 15 Jan 2016 14:51:27 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754073AbcAOOvY (ORCPT
	<rfc822;patchwork-ceph-devel@patchwork.kernel.org>);
	Fri, 15 Jan 2016 09:51:24 -0500
Received: from mail-wm0-f66.google.com ([74.125.82.66]:36226 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754039AbcAOOvM (ORCPT
	<rfc822; ceph-devel@vger.kernel.org>); Fri, 15 Jan 2016 09:51:12 -0500
Received: by mail-wm0-f66.google.com with SMTP id l65so3216035wmf.3
	for <ceph-devel@vger.kernel.org>;
	Fri, 15 Jan 2016 06:51:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=Rls0CgkBz2twNKL0xn8mb37znqRXYhnZRV9L53haw+o=;
	b=g3G2pSJU6XfHtlfAs6YDbeLfZNGzXqf9d3UILgsnrjpXFnRPJqQgG8JcBWiyAjBDnq
	G/bMvFAKj75N5m7/i9G4mqolqRnpC5ZOmzZFYkry71o3O9isdsnTFi25kYUmoOHHcE7u
	QlYPYXUOsksCc5nC5G/T7BjVDcqVjrcMufnbA9BS/bX+T55npIQx9rhIVpoCnoZAUmud
	HU8z/7H//FVgUug7J+Q9jtG60dZw8V5aGQMQSaCwfBkf2dTb+hntd1tOuROKXV6MZo/3
	OH0yzgMlT82/4D1/v63ZE0MWT4fNSTa1nFfXXs8CjadBmnhG1+nBDIy3vo9NbE+mQIwd
	z3VA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=Rls0CgkBz2twNKL0xn8mb37znqRXYhnZRV9L53haw+o=;
	b=W2Kg++tkU8FGUGGXG4jKRTTG3CnEPfgcpt188eCKmD/Mrz0LiRKqtsl7l8bngefYyS
	mrDULilb7Y5um70wpqRtCcfN8RBO96TlkST73pMsAcGr39BXJZKZ2XHtr60ftqO7urKG
	aZ3wMESw1GHOiSrNvVUuiUVDneSwQT0LUbdURpbOP01E6EM6qrn4NFk1RB8bRq3omlNu
	faQFgYqwSZVePMHaKMzRnOtLZooo00UJn9pbHVZTaEzWAYDcY35NPQcvmjH7M3iTOlxu
	s6/eSHj1gBBuC7OEKdd93ijsbDE8Y3EV44TNf7H3ZGm+z7gbMSRvSvdOMNJkUPuWD6Dm
	u6cw==
X-Gm-Message-State: 
 ALoCoQl96UenrJqe1WCwPkDG49wS1KONPOpsySMBNtoZJ7k9NCTvvNbcgQscoX1oRQhlFBBLUGgkEX4+/tfZQEIja33EyR12KQ==
X-Received: by 10.194.172.35 with SMTP id az3mr12075842wjc.64.1452869471191;
	Fri, 15 Jan 2016 06:51:11 -0800 (PST)
Received: from dhcp-27-199.brq.redhat.com (nat-pool-brq-t.redhat.com.
	[213.175.37.10]) by smtp.gmail.com with ESMTPSA id
	jm4sm10939876wjb.7.2016.01.15.06.51.10
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 15 Jan 2016 06:51:10 -0800 (PST)
From: Ilya Dryomov <idryomov@gmail.com>
To: ceph-devel@vger.kernel.org
Cc: Sage Weil <sweil@redhat.com>
Subject: [PATCH 2/4] libceph: fix authorizer invalidation, take 2
Date: Fri, 15 Jan 2016 15:50:43 +0100
Message-Id: <1452869445-10228-3-git-send-email-idryomov@gmail.com>
X-Mailer: git-send-email 2.4.3
In-Reply-To: <1452869445-10228-1-git-send-email-idryomov@gmail.com>
References: <1452869445-10228-1-git-send-email-idryomov@gmail.com>
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Back in 2013, commit 4b8e8b5d78b8 ("libceph: fix authorizer
invalidation") tried to fix authorizer invalidation issues by clearing
validity field.  However, nothing ever consults this field, so it
doesn't force us to request any new secrets in any way and therefore we
never get out of the exponential backoff mode:

    [  129.973812] libceph: osd2 192.168.122.1:6810 connect authorization failure
    [  130.706785] libceph: osd2 192.168.122.1:6810 connect authorization failure
    [  131.710088] libceph: osd2 192.168.122.1:6810 connect authorization failure
    [  133.708321] libceph: osd2 192.168.122.1:6810 connect authorization failure
    [  137.706598] libceph: osd2 192.168.122.1:6810 connect authorization failure
    ...

AFAICT this was the case at the time 4b8e8b5d78b8 was merged, too.

Using timespec solely as a bool isn't nice, so introduce a new have_key
flag, specifically for this purpose.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---
 net/ceph/auth_x.c | 27 ++++++++++++++++++++++-----
 net/ceph/auth_x.h |  1 +
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index 10d87753ed87..ab080bb18254 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -237,6 +237,7 @@ static int process_one_ticket(struct ceph_auth_client *ac,
 	th->secret_id = new_secret_id;
 	th->expires = new_expires;
 	th->renew_after = new_renew_after;
+	th->have_key = true;
 	dout(" got ticket service %d (%s) secret_id %lld len %d\n",
 	     type, ceph_entity_type_name(type), th->secret_id,
 	     (int)th->ticket_blob->vec.iov_len);
@@ -384,6 +385,24 @@ bad:
 	return -ERANGE;
 }
 
+static bool need_key(struct ceph_x_ticket_handler *th)
+{
+	if (!th->have_key)
+		return true;
+
+	return get_seconds() >= th->renew_after;
+}
+
+static bool have_key(struct ceph_x_ticket_handler *th)
+{
+	if (th->have_key) {
+		if (get_seconds() >= th->expires)
+			th->have_key = false;
+	}
+
+	return th->have_key;
+}
+
 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed)
 {
 	int want = ac->want_keys;
@@ -402,20 +421,18 @@ static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed)
 			continue;
 
 		th = get_ticket_handler(ac, service);
-
 		if (IS_ERR(th)) {
 			*pneed |= service;
 			continue;
 		}
 
-		if (get_seconds() >= th->renew_after)
+		if (need_key(th))
 			*pneed |= service;
-		if (get_seconds() >= th->expires)
+		if (!have_key(th))
 			xi->have_keys &= ~service;
 	}
 }
 
-
 static int ceph_x_build_request(struct ceph_auth_client *ac,
 				void *buf, void *end)
 {
@@ -674,7 +691,7 @@ static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,
 
 	th = get_ticket_handler(ac, peer_type);
 	if (!IS_ERR(th))
-		memset(&th->validity, 0, sizeof(th->validity));
+		th->have_key = false;
 }
 
 static int calcu_signature(struct ceph_x_authorizer *au,
diff --git a/net/ceph/auth_x.h b/net/ceph/auth_x.h
index e8b7c6917d47..5334b9b159c5 100644
--- a/net/ceph/auth_x.h
+++ b/net/ceph/auth_x.h
@@ -17,6 +17,7 @@ struct ceph_x_ticket_handler {
 
 	struct ceph_crypto_key session_key;
 	struct ceph_timespec validity;
+	bool have_key;
 
 	u64 secret_id;
 	struct ceph_buffer *ticket_blob;