Message ID | 20210125173526.10103-1-idryomov@gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | libceph: deprecate [no]cephx_require_signatures options | expand |
On Mon, 2021-01-25 at 18:35 +0100, Ilya Dryomov wrote: > These options were introduced in 3.19 with support for message signing > and are rather useless, as explained in commit a51983e4dd2d ("libceph: > add nocephx_sign_messages option"). Deprecate them. > > In case there is someone out there with a cluster that lacks support > for MSG_AUTH feature (very unlikely but has to be considered since we > haven't formally raised the bar from argonaut to bobtail yet), make > nocephx_sign_messages also waive MSG_AUTH requirement. This is probably > how it should have been done in the first place -- if we aren't going > to sign, requiring the signing feature makes no sense. > > Signed-off-by: Ilya Dryomov <idryomov@gmail.com> > --- > include/linux/ceph/libceph.h | 7 +++---- > net/ceph/ceph_common.c | 11 +++++------ > 2 files changed, 8 insertions(+), 10 deletions(-) > > diff --git a/include/linux/ceph/libceph.h b/include/linux/ceph/libceph.h > index eb9008bb3992..409d8c29bc4f 100644 > --- a/include/linux/ceph/libceph.h > +++ b/include/linux/ceph/libceph.h > @@ -32,10 +32,9 @@ > #define CEPH_OPT_NOSHARE (1<<1) /* don't share client with other sbs */ > #define CEPH_OPT_MYIP (1<<2) /* specified my ip */ > #define CEPH_OPT_NOCRC (1<<3) /* no data crc on writes (msgr1) */ > -#define CEPH_OPT_NOMSGAUTH (1<<4) /* don't require msg signing feat */ > -#define CEPH_OPT_TCP_NODELAY (1<<5) /* TCP_NODELAY on TCP sockets */ > -#define CEPH_OPT_NOMSGSIGN (1<<6) /* don't sign msgs (msgr1) */ > -#define CEPH_OPT_ABORT_ON_FULL (1<<7) /* abort w/ ENOSPC when full */ > +#define CEPH_OPT_TCP_NODELAY (1<<4) /* TCP_NODELAY on TCP sockets */ > +#define CEPH_OPT_NOMSGSIGN (1<<5) /* don't sign msgs (msgr1) */ > +#define CEPH_OPT_ABORT_ON_FULL (1<<6) /* abort w/ ENOSPC when full */ > > > #define CEPH_OPT_DEFAULT (CEPH_OPT_TCP_NODELAY) > > > diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c > index 271287c5ec12..bec181181d41 100644 > --- a/net/ceph/ceph_common.c > +++ b/net/ceph/ceph_common.c > @@ -307,7 +307,8 @@ static const struct constant_table ceph_param_ms_mode[] = { > > > static const struct fs_parameter_spec ceph_parameters[] = { > fsparam_flag ("abort_on_full", Opt_abort_on_full), > - fsparam_flag_no ("cephx_require_signatures", Opt_cephx_require_signatures), > + __fsparam (NULL, "cephx_require_signatures", Opt_cephx_require_signatures, > + fs_param_neg_with_no|fs_param_deprecated, NULL), > fsparam_flag_no ("cephx_sign_messages", Opt_cephx_sign_messages), > fsparam_flag_no ("crc", Opt_crc), > fsparam_string ("crush_location", Opt_crush_location), > @@ -596,9 +597,9 @@ int ceph_parse_param(struct fs_parameter *param, struct ceph_options *opt, > break; > case Opt_cephx_require_signatures: > if (!result.negated) > - opt->flags &= ~CEPH_OPT_NOMSGAUTH; > + warn_plog(&log, "Ignoring cephx_require_signatures"); > else > - opt->flags |= CEPH_OPT_NOMSGAUTH; > + warn_plog(&log, "Ignoring nocephx_require_signatures, use nocephx_sign_messages"); > break; > case Opt_cephx_sign_messages: > if (!result.negated) > @@ -686,8 +687,6 @@ int ceph_print_client_options(struct seq_file *m, struct ceph_client *client, > seq_puts(m, "noshare,"); > if (opt->flags & CEPH_OPT_NOCRC) > seq_puts(m, "nocrc,"); > - if (opt->flags & CEPH_OPT_NOMSGAUTH) > - seq_puts(m, "nocephx_require_signatures,"); > if (opt->flags & CEPH_OPT_NOMSGSIGN) > seq_puts(m, "nocephx_sign_messages,"); > if ((opt->flags & CEPH_OPT_TCP_NODELAY) == 0) > @@ -756,7 +755,7 @@ struct ceph_client *ceph_create_client(struct ceph_options *opt, void *private) > client->supported_features = CEPH_FEATURES_SUPPORTED_DEFAULT; > client->required_features = CEPH_FEATURES_REQUIRED_DEFAULT; > > > - if (!ceph_test_opt(client, NOMSGAUTH)) > + if (!ceph_test_opt(client, NOMSGSIGN)) > client->required_features |= CEPH_FEATURE_MSG_AUTH; > > > /* msgr */ Reviewed-by: Jeff Layton <jlayton@kernel.org>
diff --git a/include/linux/ceph/libceph.h b/include/linux/ceph/libceph.h index eb9008bb3992..409d8c29bc4f 100644 --- a/include/linux/ceph/libceph.h +++ b/include/linux/ceph/libceph.h @@ -32,10 +32,9 @@ #define CEPH_OPT_NOSHARE (1<<1) /* don't share client with other sbs */ #define CEPH_OPT_MYIP (1<<2) /* specified my ip */ #define CEPH_OPT_NOCRC (1<<3) /* no data crc on writes (msgr1) */ -#define CEPH_OPT_NOMSGAUTH (1<<4) /* don't require msg signing feat */ -#define CEPH_OPT_TCP_NODELAY (1<<5) /* TCP_NODELAY on TCP sockets */ -#define CEPH_OPT_NOMSGSIGN (1<<6) /* don't sign msgs (msgr1) */ -#define CEPH_OPT_ABORT_ON_FULL (1<<7) /* abort w/ ENOSPC when full */ +#define CEPH_OPT_TCP_NODELAY (1<<4) /* TCP_NODELAY on TCP sockets */ +#define CEPH_OPT_NOMSGSIGN (1<<5) /* don't sign msgs (msgr1) */ +#define CEPH_OPT_ABORT_ON_FULL (1<<6) /* abort w/ ENOSPC when full */ #define CEPH_OPT_DEFAULT (CEPH_OPT_TCP_NODELAY) diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c index 271287c5ec12..bec181181d41 100644 --- a/net/ceph/ceph_common.c +++ b/net/ceph/ceph_common.c @@ -307,7 +307,8 @@ static const struct constant_table ceph_param_ms_mode[] = { static const struct fs_parameter_spec ceph_parameters[] = { fsparam_flag ("abort_on_full", Opt_abort_on_full), - fsparam_flag_no ("cephx_require_signatures", Opt_cephx_require_signatures), + __fsparam (NULL, "cephx_require_signatures", Opt_cephx_require_signatures, + fs_param_neg_with_no|fs_param_deprecated, NULL), fsparam_flag_no ("cephx_sign_messages", Opt_cephx_sign_messages), fsparam_flag_no ("crc", Opt_crc), fsparam_string ("crush_location", Opt_crush_location), @@ -596,9 +597,9 @@ int ceph_parse_param(struct fs_parameter *param, struct ceph_options *opt, break; case Opt_cephx_require_signatures: if (!result.negated) - opt->flags &= ~CEPH_OPT_NOMSGAUTH; + warn_plog(&log, "Ignoring cephx_require_signatures"); else - opt->flags |= CEPH_OPT_NOMSGAUTH; + warn_plog(&log, "Ignoring nocephx_require_signatures, use nocephx_sign_messages"); break; case Opt_cephx_sign_messages: if (!result.negated) @@ -686,8 +687,6 @@ int ceph_print_client_options(struct seq_file *m, struct ceph_client *client, seq_puts(m, "noshare,"); if (opt->flags & CEPH_OPT_NOCRC) seq_puts(m, "nocrc,"); - if (opt->flags & CEPH_OPT_NOMSGAUTH) - seq_puts(m, "nocephx_require_signatures,"); if (opt->flags & CEPH_OPT_NOMSGSIGN) seq_puts(m, "nocephx_sign_messages,"); if ((opt->flags & CEPH_OPT_TCP_NODELAY) == 0) @@ -756,7 +755,7 @@ struct ceph_client *ceph_create_client(struct ceph_options *opt, void *private) client->supported_features = CEPH_FEATURES_SUPPORTED_DEFAULT; client->required_features = CEPH_FEATURES_REQUIRED_DEFAULT; - if (!ceph_test_opt(client, NOMSGAUTH)) + if (!ceph_test_opt(client, NOMSGSIGN)) client->required_features |= CEPH_FEATURE_MSG_AUTH; /* msgr */
These options were introduced in 3.19 with support for message signing and are rather useless, as explained in commit a51983e4dd2d ("libceph: add nocephx_sign_messages option"). Deprecate them. In case there is someone out there with a cluster that lacks support for MSG_AUTH feature (very unlikely but has to be considered since we haven't formally raised the bar from argonaut to bobtail yet), make nocephx_sign_messages also waive MSG_AUTH requirement. This is probably how it should have been done in the first place -- if we aren't going to sign, requiring the signing feature makes no sense. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> --- include/linux/ceph/libceph.h | 7 +++---- net/ceph/ceph_common.c | 11 +++++------ 2 files changed, 8 insertions(+), 10 deletions(-)