From: Jeff Layton <jlayton@kernel.org>
To: Ilya Dryomov <idryomov@gmail.com>, ceph-devel@vger.kernel.org
Subject: Re: [PATCH] libceph: deprecate [no]cephx_require_signatures options
Date: Tue, 26 Jan 2021 09:59:10 -0500 [thread overview]
Message-ID: <81015316607f9df5cc8c3221d62be7eca9a7673c.camel@kernel.org> (raw)
In-Reply-To: <20210125173526.10103-1-idryomov@gmail.com>
On Mon, 2021-01-25 at 18:35 +0100, Ilya Dryomov wrote:
> These options were introduced in 3.19 with support for message signing
> and are rather useless, as explained in commit a51983e4dd2d ("libceph:
> add nocephx_sign_messages option"). Deprecate them.
>
> In case there is someone out there with a cluster that lacks support
> for MSG_AUTH feature (very unlikely but has to be considered since we
> haven't formally raised the bar from argonaut to bobtail yet), make
> nocephx_sign_messages also waive MSG_AUTH requirement. This is probably
> how it should have been done in the first place -- if we aren't going
> to sign, requiring the signing feature makes no sense.
>
> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
> ---
> include/linux/ceph/libceph.h | 7 +++----
> net/ceph/ceph_common.c | 11 +++++------
> 2 files changed, 8 insertions(+), 10 deletions(-)
>
> diff --git a/include/linux/ceph/libceph.h b/include/linux/ceph/libceph.h
> index eb9008bb3992..409d8c29bc4f 100644
> --- a/include/linux/ceph/libceph.h
> +++ b/include/linux/ceph/libceph.h
> @@ -32,10 +32,9 @@
> #define CEPH_OPT_NOSHARE (1<<1) /* don't share client with other sbs */
> #define CEPH_OPT_MYIP (1<<2) /* specified my ip */
> #define CEPH_OPT_NOCRC (1<<3) /* no data crc on writes (msgr1) */
> -#define CEPH_OPT_NOMSGAUTH (1<<4) /* don't require msg signing feat */
> -#define CEPH_OPT_TCP_NODELAY (1<<5) /* TCP_NODELAY on TCP sockets */
> -#define CEPH_OPT_NOMSGSIGN (1<<6) /* don't sign msgs (msgr1) */
> -#define CEPH_OPT_ABORT_ON_FULL (1<<7) /* abort w/ ENOSPC when full */
> +#define CEPH_OPT_TCP_NODELAY (1<<4) /* TCP_NODELAY on TCP sockets */
> +#define CEPH_OPT_NOMSGSIGN (1<<5) /* don't sign msgs (msgr1) */
> +#define CEPH_OPT_ABORT_ON_FULL (1<<6) /* abort w/ ENOSPC when full */
>
>
> #define CEPH_OPT_DEFAULT (CEPH_OPT_TCP_NODELAY)
>
>
> diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
> index 271287c5ec12..bec181181d41 100644
> --- a/net/ceph/ceph_common.c
> +++ b/net/ceph/ceph_common.c
> @@ -307,7 +307,8 @@ static const struct constant_table ceph_param_ms_mode[] = {
>
>
> static const struct fs_parameter_spec ceph_parameters[] = {
> fsparam_flag ("abort_on_full", Opt_abort_on_full),
> - fsparam_flag_no ("cephx_require_signatures", Opt_cephx_require_signatures),
> + __fsparam (NULL, "cephx_require_signatures", Opt_cephx_require_signatures,
> + fs_param_neg_with_no|fs_param_deprecated, NULL),
> fsparam_flag_no ("cephx_sign_messages", Opt_cephx_sign_messages),
> fsparam_flag_no ("crc", Opt_crc),
> fsparam_string ("crush_location", Opt_crush_location),
> @@ -596,9 +597,9 @@ int ceph_parse_param(struct fs_parameter *param, struct ceph_options *opt,
> break;
> case Opt_cephx_require_signatures:
> if (!result.negated)
> - opt->flags &= ~CEPH_OPT_NOMSGAUTH;
> + warn_plog(&log, "Ignoring cephx_require_signatures");
> else
> - opt->flags |= CEPH_OPT_NOMSGAUTH;
> + warn_plog(&log, "Ignoring nocephx_require_signatures, use nocephx_sign_messages");
> break;
> case Opt_cephx_sign_messages:
> if (!result.negated)
> @@ -686,8 +687,6 @@ int ceph_print_client_options(struct seq_file *m, struct ceph_client *client,
> seq_puts(m, "noshare,");
> if (opt->flags & CEPH_OPT_NOCRC)
> seq_puts(m, "nocrc,");
> - if (opt->flags & CEPH_OPT_NOMSGAUTH)
> - seq_puts(m, "nocephx_require_signatures,");
> if (opt->flags & CEPH_OPT_NOMSGSIGN)
> seq_puts(m, "nocephx_sign_messages,");
> if ((opt->flags & CEPH_OPT_TCP_NODELAY) == 0)
> @@ -756,7 +755,7 @@ struct ceph_client *ceph_create_client(struct ceph_options *opt, void *private)
> client->supported_features = CEPH_FEATURES_SUPPORTED_DEFAULT;
> client->required_features = CEPH_FEATURES_REQUIRED_DEFAULT;
>
>
> - if (!ceph_test_opt(client, NOMSGAUTH))
> + if (!ceph_test_opt(client, NOMSGSIGN))
> client->required_features |= CEPH_FEATURE_MSG_AUTH;
>
>
> /* msgr */
Reviewed-by: Jeff Layton <jlayton@kernel.org>
prev parent reply other threads:[~2021-01-26 15:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-25 17:35 [PATCH] libceph: deprecate [no]cephx_require_signatures options Ilya Dryomov
2021-01-26 14:59 ` Jeff Layton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=81015316607f9df5cc8c3221d62be7eca9a7673c.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).