From 88104ca458dff8ed7db935936b91b9af4422c9cd Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher Date: Thu, 28 Apr 2011 21:47:21 +0200 Subject: [PATCH] drbd: Allow to change data-integrity-alg on the fly The main purpose of this is to allow to turn data integrity checking on and off on demand without causing interruptions. Implemented by allocating tconn->peer_integrity_tfm only when receiving a P_PROTOCOL message. l accesses to tconn->peer_integrity_tf happen in worker context, and no further synchronization is necessary. On the sender side, tconn->integrity_tfm is modified under tconn->data.mutex, and a P_PROTOCOL message is sent whenever. All accesses to tconn->integrity_tfm already happen under this mutex. Signed-off-by: Philipp Reisner Signed-off-by: Lars Ellenberg --- drivers/block/drbd/drbd_main.c | 4 +-- drivers/block/drbd/drbd_nl.c | 22 ++++++------ drivers/block/drbd/drbd_receiver.c | 54 ++++++++++++++---------------- 3 files changed, 40 insertions(+), 40 deletions(-) diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c index 3cb2af6c6069..a5c9b385223a 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -1433,8 +1433,8 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd, void drbd_send_ack_dp(struct drbd_conf *mdev, enum drbd_packet cmd, struct p_data *dp, int data_size) { - data_size -= (mdev->tconn->agreed_pro_version >= 87 && mdev->tconn->peer_integrity_tfm) ? - crypto_hash_digestsize(mdev->tconn->peer_integrity_tfm) : 0; + if (mdev->tconn->peer_integrity_tfm) + data_size -= crypto_hash_digestsize(mdev->tconn->peer_integrity_tfm); _drbd_send_ack(mdev, cmd, dp->sector, cpu_to_be32(data_size), dp->block_id); } diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c index dc5824b175aa..17c0cda7bbe2 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c @@ -1793,7 +1793,6 @@ struct crypto { struct crypto_hash *csums_tfm; struct crypto_hash *cram_hmac_tfm; struct crypto_hash *integrity_tfm; - struct crypto_hash *peer_integrity_tfm; void *int_dig_in; void *int_dig_vv; }; @@ -1832,10 +1831,6 @@ alloc_crypto(struct crypto *crypto, struct net_conf *new_conf) ERR_INTEGRITY_ALG); if (rv != NO_ERROR) return rv; - rv = alloc_hash(&crypto->peer_integrity_tfm, new_conf->integrity_alg, - ERR_INTEGRITY_ALG); - if (rv != NO_ERROR) - return rv; if (new_conf->cram_hmac_alg[0] != 0) { snprintf(hmac_name, CRYPTO_MAX_ALG_NAME, "hmac(%s)", new_conf->cram_hmac_alg); @@ -1862,7 +1857,6 @@ static void free_crypto(struct crypto *crypto) kfree(crypto->int_dig_vv); crypto_free_hash(crypto->cram_hmac_tfm); crypto_free_hash(crypto->integrity_tfm); - crypto_free_hash(crypto->peer_integrity_tfm); crypto_free_hash(crypto->csums_tfm); crypto_free_hash(crypto->verify_tfm); } @@ -1876,6 +1870,7 @@ int drbd_adm_net_opts(struct sk_buff *skb, struct genl_info *info) int ovr; /* online verify running */ int rsr; /* re-sync running */ struct crypto crypto = { }; + bool change_integrity_alg; retcode = drbd_adm_prepare(skb, info, DRBD_ADM_NEED_CONN); if (!adm_ctx.reply_skb) @@ -1893,6 +1888,7 @@ int drbd_adm_net_opts(struct sk_buff *skb, struct genl_info *info) conn_reconfig_start(tconn); + mutex_lock(&tconn->data.mutex); mutex_lock(&tconn->net_conf_update); old_conf = tconn->net_conf; @@ -1931,6 +1927,9 @@ int drbd_adm_net_opts(struct sk_buff *skb, struct genl_info *info) goto fail; } + change_integrity_alg = strcmp(old_conf->integrity_alg, + new_conf->integrity_alg); + retcode = alloc_crypto(&crypto, new_conf); if (retcode != NO_ERROR) goto fail; @@ -1948,21 +1947,24 @@ int drbd_adm_net_opts(struct sk_buff *skb, struct genl_info *info) crypto.verify_tfm = NULL; } - /* FIXME can not assign these so bluntly while we have ongoing IO */ kfree(tconn->int_dig_in); tconn->int_dig_in = crypto.int_dig_in; kfree(tconn->int_dig_vv); tconn->int_dig_vv = crypto.int_dig_vv; crypto_free_hash(tconn->integrity_tfm); tconn->integrity_tfm = crypto.integrity_tfm; - crypto_free_hash(tconn->peer_integrity_tfm); - tconn->peer_integrity_tfm = crypto.peer_integrity_tfm; + if (change_integrity_alg) { + /* Do this without trying to take tconn->data.mutex again. */ + if (__drbd_send_protocol(tconn)) + goto fail; + } /* FIXME Changing cram_hmac while the connection is established is useless */ crypto_free_hash(tconn->cram_hmac_tfm); tconn->cram_hmac_tfm = crypto.cram_hmac_tfm; mutex_unlock(&tconn->net_conf_update); + mutex_unlock(&tconn->data.mutex); synchronize_rcu(); kfree(old_conf); @@ -1973,6 +1975,7 @@ int drbd_adm_net_opts(struct sk_buff *skb, struct genl_info *info) fail: mutex_unlock(&tconn->net_conf_update); + mutex_unlock(&tconn->data.mutex); free_crypto(&crypto); kfree(new_conf); done: @@ -2081,7 +2084,6 @@ int drbd_adm_connect(struct sk_buff *skb, struct genl_info *info) tconn->int_dig_vv = crypto.int_dig_vv; tconn->cram_hmac_tfm = crypto.cram_hmac_tfm; tconn->integrity_tfm = crypto.integrity_tfm; - tconn->peer_integrity_tfm = crypto.peer_integrity_tfm; tconn->csums_tfm = crypto.csums_tfm; tconn->verify_tfm = crypto.verify_tfm; diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c index 30b655644afd..9c8bcce0e684 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c @@ -1384,10 +1384,9 @@ read_in_block(struct drbd_conf *mdev, u64 id, sector_t sector, void *dig_vv = mdev->tconn->int_dig_vv; unsigned long *data; - dgs = (mdev->tconn->agreed_pro_version >= 87 && mdev->tconn->peer_integrity_tfm) ? - crypto_hash_digestsize(mdev->tconn->peer_integrity_tfm) : 0; - - if (dgs) { + dgs = 0; + if (mdev->tconn->peer_integrity_tfm) { + dgs = crypto_hash_digestsize(mdev->tconn->peer_integrity_tfm); /* * FIXME: Receive the incoming digest into the receive buffer * here, together with its struct p_data? @@ -1395,10 +1394,9 @@ read_in_block(struct drbd_conf *mdev, u64 id, sector_t sector, err = drbd_recv_all_warn(mdev->tconn, dig_in, dgs); if (err) return NULL; + data_size -= dgs; } - data_size -= dgs; - if (!expect(data_size != 0)) return NULL; if (!expect(IS_ALIGNED(data_size, 512))) @@ -1491,17 +1489,15 @@ static int recv_dless_read(struct drbd_conf *mdev, struct drbd_request *req, void *dig_in = mdev->tconn->int_dig_in; void *dig_vv = mdev->tconn->int_dig_vv; - dgs = (mdev->tconn->agreed_pro_version >= 87 && mdev->tconn->peer_integrity_tfm) ? - crypto_hash_digestsize(mdev->tconn->peer_integrity_tfm) : 0; - - if (dgs) { + dgs = 0; + if (mdev->tconn->peer_integrity_tfm) { + dgs = crypto_hash_digestsize(mdev->tconn->peer_integrity_tfm); err = drbd_recv_all_warn(mdev->tconn, dig_in, dgs); if (err) return err; + data_size -= dgs; } - data_size -= dgs; - /* optimistically update recv_cnt. if receiving fails below, * we disconnect anyways, and counters will be reset. */ mdev->recv_cnt += data_size>>9; @@ -2997,7 +2993,6 @@ static int receive_protocol(struct drbd_tconn *tconn, struct packet_info *pi) struct p_protocol *p = pi->data; int p_proto, p_after_sb_0p, p_after_sb_1p, p_after_sb_2p; int p_want_lose, p_two_primaries, cf; - char p_integrity_alg[SHARED_SECRET_MAX] = ""; struct net_conf *nc; p_proto = be32_to_cpu(p->protocol); @@ -3009,15 +3004,30 @@ static int receive_protocol(struct drbd_tconn *tconn, struct packet_info *pi) p_want_lose = cf & CF_WANT_LOSE; if (tconn->agreed_pro_version >= 87) { + char integrity_alg[SHARED_SECRET_MAX]; + struct crypto_hash *tfm = NULL; int err; - if (pi->size > sizeof(p_integrity_alg)) + if (pi->size > sizeof(integrity_alg)) return -EIO; - err = drbd_recv_all(tconn, p_integrity_alg, pi->size); + err = drbd_recv_all(tconn, integrity_alg, pi->size); if (err) return err; + integrity_alg[SHARED_SECRET_MAX-1] = 0; - p_integrity_alg[SHARED_SECRET_MAX-1] = 0; + if (integrity_alg[0]) { + tfm = crypto_alloc_hash(integrity_alg, 0, CRYPTO_ALG_ASYNC); + if (!tfm) { + conn_err(tconn, "peer data-integrity-alg %s not supported\n", + integrity_alg); + goto disconnect; + } + conn_info(tconn, "peer data-integrity-alg: %s\n", integrity_alg); + } + + if (tconn->peer_integrity_tfm) + crypto_free_hash(tconn->peer_integrity_tfm); + tconn->peer_integrity_tfm = tfm; } clear_bit(CONN_DRY_RUN, &tconn->flags); @@ -3058,20 +3068,8 @@ static int receive_protocol(struct drbd_tconn *tconn, struct packet_info *pi) goto disconnect_rcu_unlock; } - if (tconn->agreed_pro_version >= 87) { - if (strcmp(p_integrity_alg, nc->integrity_alg)) { - conn_err(tconn, "incompatible setting of the data-integrity-alg\n"); - goto disconnect; - } - } - rcu_read_unlock(); - if (tconn->agreed_pro_version >= 87) { - conn_info(tconn, "data-integrity-alg: %s\n", - nc->integrity_alg[0] ? nc->integrity_alg : (unsigned char *)""); - } - return 0; disconnect_rcu_unlock: -- 2.20.1