SUNRPC: Introduce trace points in rpc_auth_gss.ko

/* SPDX-License-Identifier: GPL-2.0 */

/*

 * Copyright (c) 2018 Oracle.  All rights reserved.

 *

 * Trace point definitions for the "rpcgss" subsystem.

 */

#undef TRACE_SYSTEM

#define TRACE_SYSTEM rpcgss

#if !defined(_TRACE_RPCRDMA_H) || defined(TRACE_HEADER_MULTI_READ)

#define _TRACE_RPCGSS_H

#include <linux/tracepoint.h>

/**

 ** GSS-API related trace events

 **/

TRACE_DEFINE_ENUM(GSS_S_BAD_MECH);

TRACE_DEFINE_ENUM(GSS_S_BAD_NAME);

TRACE_DEFINE_ENUM(GSS_S_BAD_NAMETYPE);

TRACE_DEFINE_ENUM(GSS_S_BAD_BINDINGS);

TRACE_DEFINE_ENUM(GSS_S_BAD_STATUS);

TRACE_DEFINE_ENUM(GSS_S_BAD_SIG);

TRACE_DEFINE_ENUM(GSS_S_NO_CRED);

TRACE_DEFINE_ENUM(GSS_S_NO_CONTEXT);

TRACE_DEFINE_ENUM(GSS_S_DEFECTIVE_TOKEN);

TRACE_DEFINE_ENUM(GSS_S_DEFECTIVE_CREDENTIAL);

TRACE_DEFINE_ENUM(GSS_S_CREDENTIALS_EXPIRED);

TRACE_DEFINE_ENUM(GSS_S_CONTEXT_EXPIRED);

TRACE_DEFINE_ENUM(GSS_S_FAILURE);

TRACE_DEFINE_ENUM(GSS_S_BAD_QOP);

TRACE_DEFINE_ENUM(GSS_S_UNAUTHORIZED);

TRACE_DEFINE_ENUM(GSS_S_UNAVAILABLE);

TRACE_DEFINE_ENUM(GSS_S_DUPLICATE_ELEMENT);

TRACE_DEFINE_ENUM(GSS_S_NAME_NOT_MN);

TRACE_DEFINE_ENUM(GSS_S_CONTINUE_NEEDED);

TRACE_DEFINE_ENUM(GSS_S_DUPLICATE_TOKEN);

TRACE_DEFINE_ENUM(GSS_S_OLD_TOKEN);

TRACE_DEFINE_ENUM(GSS_S_UNSEQ_TOKEN);

TRACE_DEFINE_ENUM(GSS_S_GAP_TOKEN);

#define show_gss_status(x)						\

	__print_flags(x, "|",						\

		{ GSS_S_BAD_MECH, "GSS_S_BAD_MECH" },			\

		{ GSS_S_BAD_NAME, "GSS_S_BAD_NAME" },			\

		{ GSS_S_BAD_NAMETYPE, "GSS_S_BAD_NAMETYPE" },		\

		{ GSS_S_BAD_BINDINGS, "GSS_S_BAD_BINDINGS" },		\

		{ GSS_S_BAD_STATUS, "GSS_S_BAD_STATUS" },		\

		{ GSS_S_BAD_SIG, "GSS_S_BAD_SIG" },			\

		{ GSS_S_NO_CRED, "GSS_S_NO_CRED" },			\

		{ GSS_S_NO_CONTEXT, "GSS_S_NO_CONTEXT" },		\

		{ GSS_S_DEFECTIVE_TOKEN, "GSS_S_DEFECTIVE_TOKEN" },	\

		{ GSS_S_DEFECTIVE_CREDENTIAL, "GSS_S_DEFECTIVE_CREDENTIAL" }, \

		{ GSS_S_CREDENTIALS_EXPIRED, "GSS_S_CREDENTIALS_EXPIRED" }, \

		{ GSS_S_CONTEXT_EXPIRED, "GSS_S_CONTEXT_EXPIRED" },	\

		{ GSS_S_FAILURE, "GSS_S_FAILURE" },			\

		{ GSS_S_BAD_QOP, "GSS_S_BAD_QOP" },			\

		{ GSS_S_UNAUTHORIZED, "GSS_S_UNAUTHORIZED" },		\

		{ GSS_S_UNAVAILABLE, "GSS_S_UNAVAILABLE" },		\

		{ GSS_S_DUPLICATE_ELEMENT, "GSS_S_DUPLICATE_ELEMENT" },	\

		{ GSS_S_NAME_NOT_MN, "GSS_S_NAME_NOT_MN" },		\

		{ GSS_S_CONTINUE_NEEDED, "GSS_S_CONTINUE_NEEDED" },	\

		{ GSS_S_DUPLICATE_TOKEN, "GSS_S_DUPLICATE_TOKEN" },	\

		{ GSS_S_OLD_TOKEN, "GSS_S_OLD_TOKEN" },			\

		{ GSS_S_UNSEQ_TOKEN, "GSS_S_UNSEQ_TOKEN" },		\

		{ GSS_S_GAP_TOKEN, "GSS_S_GAP_TOKEN" })

DECLARE_EVENT_CLASS(rpcgss_gssapi_event,

	TP_PROTO(

		const struct rpc_task *task,

		u32 maj_stat

	),

	TP_ARGS(task, maj_stat),

	TP_STRUCT__entry(

		__field(unsigned int, task_id)

		__field(unsigned int, client_id)

		__field(u32, maj_stat)

	),

	TP_fast_assign(

		__entry->task_id = task->tk_pid;

		__entry->client_id = task->tk_client->cl_clid;

		__entry->maj_stat = maj_stat;

	),

	TP_printk("task:%u@%u maj_stat=%s",

		__entry->task_id, __entry->client_id,

		__entry->maj_stat == 0 ?

		"GSS_S_COMPLETE" : show_gss_status(__entry->maj_stat))

);

#define DEFINE_GSSAPI_EVENT(name)					\

	DEFINE_EVENT(rpcgss_gssapi_event, rpcgss_##name,		\

			TP_PROTO(					\

				const struct rpc_task *task,		\

				u32 maj_stat				\

			),						\

			TP_ARGS(task, maj_stat))

TRACE_EVENT(rpcgss_import_ctx,

	TP_PROTO(

		int status

	),

	TP_ARGS(status),

	TP_STRUCT__entry(

		__field(int, status)

	),

	TP_fast_assign(

		__entry->status = status;

	),

	TP_printk("status=%d", __entry->status)

);

DEFINE_GSSAPI_EVENT(get_mic);

DEFINE_GSSAPI_EVENT(verify_mic);

DEFINE_GSSAPI_EVENT(wrap);

DEFINE_GSSAPI_EVENT(unwrap);

/**

 ** GSS auth unwrap failures

 **/

TRACE_EVENT(rpcgss_unwrap_failed,

	TP_PROTO(

		const struct rpc_task *task

	),

	TP_ARGS(task),

	TP_STRUCT__entry(

		__field(unsigned int, task_id)

		__field(unsigned int, client_id)

	),

	TP_fast_assign(

		__entry->task_id = task->tk_pid;

		__entry->client_id = task->tk_client->cl_clid;

	),

	TP_printk("task:%u@%u", __entry->task_id, __entry->client_id)

);

TRACE_EVENT(rpcgss_bad_seqno,

	TP_PROTO(

		const struct rpc_task *task,

		u32 expected,

		u32 received

	),

	TP_ARGS(task, expected, received),

	TP_STRUCT__entry(

		__field(unsigned int, task_id)

		__field(unsigned int, client_id)

		__field(u32, expected)

		__field(u32, received)

	),

	TP_fast_assign(

		__entry->task_id = task->tk_pid;

		__entry->client_id = task->tk_client->cl_clid;

		__entry->expected = expected;

		__entry->received = received;

	),

	TP_printk("task:%u@%u expected seqno %u, received seqno %u",

		__entry->task_id, __entry->client_id,

		__entry->expected, __entry->received)

);

TRACE_EVENT(rpcgss_seqno,

	TP_PROTO(

		const struct rpc_task *task

	),

	TP_ARGS(task),

	TP_STRUCT__entry(

		__field(unsigned int, task_id)

		__field(unsigned int, client_id)

		__field(u32, xid)

		__field(u32, seqno)

	),

	TP_fast_assign(

		const struct rpc_rqst *rqst = task->tk_rqstp;

		__entry->task_id = task->tk_pid;

		__entry->client_id = task->tk_client->cl_clid;

		__entry->xid = be32_to_cpu(rqst->rq_xid);

		__entry->seqno = rqst->rq_seqno;

	),

	TP_printk("task:%u@%u xid=0x%08x seqno=%u",

		__entry->task_id, __entry->client_id,

		__entry->xid, __entry->seqno)

);

TRACE_EVENT(rpcgss_need_reencode,

	TP_PROTO(

		const struct rpc_task *task,

		u32 seq_xmit,

		bool ret

	),

	TP_ARGS(task, seq_xmit, ret),

	TP_STRUCT__entry(

		__field(unsigned int, task_id)

		__field(unsigned int, client_id)

		__field(u32, xid)

		__field(u32, seq_xmit)

		__field(u32, seqno)

		__field(bool, ret)

	),

	TP_fast_assign(

		__entry->task_id = task->tk_pid;

		__entry->client_id = task->tk_client->cl_clid;

		__entry->xid = be32_to_cpu(task->tk_rqstp->rq_xid);

		__entry->seq_xmit = seq_xmit;

		__entry->seqno = task->tk_rqstp->rq_seqno;

		__entry->ret = ret;

	),

	TP_printk("task:%u@%u xid=0x%08x rq_seqno=%u seq_xmit=%u reencode %sneeded",

		__entry->task_id, __entry->client_id,

		__entry->xid, __entry->seqno, __entry->seq_xmit,

		__entry->ret ? "" : "un")

);

/**

 ** gssd upcall related trace events

 **/

TRACE_EVENT(rpcgss_upcall_msg,

	TP_PROTO(

		const char *buf

	),

	TP_ARGS(buf),

	TP_STRUCT__entry(

		__string(msg, buf)

	),

	TP_fast_assign(

		__assign_str(msg, buf)

	),

	TP_printk("msg='%s'", __get_str(msg))

);

TRACE_EVENT(rpcgss_upcall_result,

	TP_PROTO(

		u32 uid,

		int result

	),

	TP_ARGS(uid, result),

	TP_STRUCT__entry(

		__field(u32, uid)

		__field(int, result)

	),

	TP_fast_assign(

		__entry->uid = uid;

		__entry->result = result;

	),

	TP_printk("for uid %u, result=%d", __entry->uid, __entry->result)

);

TRACE_EVENT(rpcgss_context,

	TP_PROTO(

		unsigned long expiry,

		unsigned long now,

		unsigned int timeout,

		unsigned int len,

		const u8 *data

	),

	TP_ARGS(expiry, now, timeout, len, data),

	TP_STRUCT__entry(

		__field(unsigned long, expiry)

		__field(unsigned long, now)

		__field(unsigned int, timeout)

		__field(int, len)

		__string(acceptor, data)

	),

	TP_fast_assign(

		__entry->expiry = expiry;

		__entry->now = now;

		__entry->timeout = timeout;

		__entry->len = len;

		strncpy(__get_str(acceptor), data, len);

	),

	TP_printk("gc_expiry=%lu now=%lu timeout=%u acceptor=%.*s",

		__entry->expiry, __entry->now, __entry->timeout,

		__entry->len, __get_str(acceptor))

);

/**

 ** Miscellaneous events

 */

TRACE_DEFINE_ENUM(RPC_AUTH_GSS_KRB5);

TRACE_DEFINE_ENUM(RPC_AUTH_GSS_KRB5I);

TRACE_DEFINE_ENUM(RPC_AUTH_GSS_KRB5P);

#define show_pseudoflavor(x)						\

	__print_symbolic(x,						\

		{ RPC_AUTH_GSS_KRB5, "RPC_AUTH_GSS_KRB5" },		\

		{ RPC_AUTH_GSS_KRB5I, "RPC_AUTH_GSS_KRB5I" },		\

		{ RPC_AUTH_GSS_KRB5P, "RPC_AUTH_GSS_KRB5P" })

TRACE_EVENT(rpcgss_createauth,

	TP_PROTO(

		unsigned int flavor,

		int error

	),

	TP_ARGS(flavor, error),

	TP_STRUCT__entry(

		__field(unsigned int, flavor)

		__field(int, error)

	),

	TP_fast_assign(

		__entry->flavor = flavor;

		__entry->error = error;

	),

	TP_printk("flavor=%s error=%d",

		show_pseudoflavor(__entry->flavor), __entry->error)

);

#endif	/* _TRACE_RPCGSS_H */

#include <trace/define_trace.h>

	TP_STRUCT__entry(

		__field(const void *, req)

		__field(unsigned int, task_id)

		__field(unsigned int, client_id)

		__field(int, num_sge)

		__field(int, signaled)

		__field(int, status)

	),

	TP_fast_assign(

		const struct rpc_rqst *rqst = &req->rl_slot;

		__entry->task_id = rqst->rq_task->tk_pid;

		__entry->client_id = rqst->rq_task->tk_client->cl_clid;

		__entry->req = req;

		__entry->num_sge = req->rl_sendctx->sc_wr.num_sge;

		__entry->signaled = req->rl_sendctx->sc_wr.send_flags &

		__entry->status = status;

	),

	TP_printk("req=%p, %d SGEs%s, status=%d",

	TP_printk("task:%u@%u req=%p (%d SGE%s) %sstatus=%d",

		__entry->task_id, __entry->client_id,

		__entry->req, __entry->num_sge,

		(__entry->signaled ? ", signaled" : ""),

		(__entry->num_sge == 1 ? "" : "s"),

		(__entry->signaled ? "signaled " : ""),

		__entry->status

	)

);

DEFINE_RPC_XPRT_EVENT(timer);

DEFINE_RPC_XPRT_EVENT(lookup_rqst);

DEFINE_RPC_XPRT_EVENT(transmit);

DEFINE_RPC_XPRT_EVENT(complete_rqst);

TRACE_EVENT(xprt_transmit,

	TP_PROTO(

		const struct rpc_rqst *rqst,

		int status

	),

	TP_ARGS(rqst, status),

	TP_STRUCT__entry(

		__field(unsigned int, task_id)

		__field(unsigned int, client_id)

		__field(u32, xid)

		__field(u32, seqno)

		__field(int, status)

	),

	TP_fast_assign(

		__entry->task_id = rqst->rq_task->tk_pid;

		__entry->client_id = rqst->rq_task->tk_client->cl_clid;

		__entry->xid = be32_to_cpu(rqst->rq_xid);

		__entry->seqno = rqst->rq_seqno;

		__entry->status = status;

	),

	TP_printk(

		"task:%u@%u xid=0x%08x seqno=%u status=%d",

		__entry->task_id, __entry->client_id, __entry->xid,

		__entry->seqno, __entry->status)

);

TRACE_EVENT(xprt_enq_xmit,

	TP_PROTO(

		const struct rpc_task *task,

		int stage

	),

	TP_ARGS(task, stage),

	TP_STRUCT__entry(

		__field(unsigned int, task_id)

		__field(unsigned int, client_id)

		__field(u32, xid)

		__field(u32, seqno)

		__field(int, stage)

	),

	TP_fast_assign(

		__entry->task_id = task->tk_pid;

		__entry->client_id = task->tk_client->cl_clid;

		__entry->xid = be32_to_cpu(task->tk_rqstp->rq_xid);

		__entry->seqno = task->tk_rqstp->rq_seqno;

		__entry->stage = stage;

	),

	TP_printk(

		"task:%u@%u xid=0x%08x seqno=%u stage=%d",

		__entry->task_id, __entry->client_id, __entry->xid,

		__entry->seqno, __entry->stage)

);

TRACE_EVENT(xprt_ping,

	TP_PROTO(const struct rpc_xprt *xprt, int status),

auth_rpcgss-y := auth_gss.o gss_generic_token.o \

	gss_mech_switch.o svcauth_gss.o \

	gss_rpc_upcall.o gss_rpc_xdr.o

	gss_rpc_upcall.o gss_rpc_xdr.o trace.o

obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o

#include "../netns.h"

#include <trace/events/rpcgss.h>

static const struct rpc_authops authgss_ops;

static const struct rpc_credops gss_credops;

	}

	ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, NULL, GFP_NOFS);

	if (ret < 0) {

		trace_rpcgss_import_ctx(ret);

		p = ERR_PTR(ret);

		goto err;

	}

	if (IS_ERR(p))

		goto err;

done:

	dprintk("RPC:       %s Success. gc_expiry %lu now %lu timeout %u acceptor %.*s\n",

		__func__, ctx->gc_expiry, now, timeout, ctx->gc_acceptor.len,

		ctx->gc_acceptor.data);

	return p;

	trace_rpcgss_context(ctx->gc_expiry, now, timeout,

			     ctx->gc_acceptor.len, ctx->gc_acceptor.data);

err:

	dprintk("RPC:       %s returns error %ld\n", __func__, -PTR_ERR(p));

	return p;

}

		if (auth && pos->auth->service != auth->service)

			continue;

		refcount_inc(&pos->count);

		dprintk("RPC:       %s found msg %p\n", __func__, pos);

		return pos;

	}

	dprintk("RPC:       %s found nothing\n", __func__);

	return NULL;

}

		p += len;

		gss_msg->msg.len += len;

	}

	trace_rpcgss_upcall_msg(gss_msg->databuf);

	len = scnprintf(p, buflen, "\n");

	if (len == 0)

		goto out_overflow;

	gss_msg->msg.len += len;

	gss_msg->msg.data = gss_msg->databuf;

	return 0;

out_overflow:

	struct rpc_pipe *pipe;

	int err = 0;

	dprintk("RPC: %5u %s for uid %u\n",

		task->tk_pid, __func__, from_kuid(&init_user_ns, cred->cr_cred->fsuid));

	gss_msg = gss_setup_upcall(gss_auth, cred);

	if (PTR_ERR(gss_msg) == -EAGAIN) {

		/* XXX: warning on the first, under the assumption we

		warn_gssd();

		task->tk_timeout = 15*HZ;

		rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL);

		return -EAGAIN;

		err = -EAGAIN;

		goto out;

	}

	if (IS_ERR(gss_msg)) {

		err = PTR_ERR(gss_msg);

	spin_unlock(&pipe->lock);

	gss_release_msg(gss_msg);

out:

	dprintk("RPC: %5u %s for uid %u result %d\n",

		task->tk_pid, __func__,

		from_kuid(&init_user_ns, cred->cr_cred->fsuid),	err);

	trace_rpcgss_upcall_result(from_kuid(&init_user_ns,

					     cred->cr_cred->fsuid), err);

	return err;

}

	DEFINE_WAIT(wait);

	int err;

	dprintk("RPC:       %s for uid %u\n",

		__func__, from_kuid(&init_user_ns, cred->cr_cred->fsuid));

retry:

	err = 0;

	/* if gssd is down, just skip upcalling altogether */

	if (!gssd_running(net)) {

		warn_gssd();

		return -EACCES;

		err = -EACCES;

		goto out;

	}

	gss_msg = gss_setup_upcall(gss_auth, cred);

	if (PTR_ERR(gss_msg) == -EAGAIN) {

	finish_wait(&gss_msg->waitqueue, &wait);

	gss_release_msg(gss_msg);

out:

	dprintk("RPC:       %s for uid %u result %d\n",

		__func__, from_kuid(&init_user_ns, cred->cr_cred->fsuid), err);

	trace_rpcgss_upcall_result(from_kuid(&init_user_ns,

					     cred->cr_cred->fsuid), err);

	return err;

}

err:

	kfree(buf);

out:

	dprintk("RPC:       %s returning %zd\n", __func__, err);

	return err;

}

	struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);

	if (msg->errno < 0) {

		dprintk("RPC:       %s releasing msg %p\n",

			__func__, gss_msg);

		refcount_inc(&gss_msg->count);

		gss_unhash_msg(gss_msg);

		if (msg->errno == -ETIMEDOUT)

	struct rpc_auth * auth;

	int err = -ENOMEM; /* XXX? */

	dprintk("RPC:       creating GSS authenticator for client %p\n", clnt);

	if (!try_module_get(THIS_MODULE))

		return ERR_PTR(err);

	if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))

	gss_auth->net = get_net(rpc_net_ns(clnt));

	err = -EINVAL;

	gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);

	if (!gss_auth->mech) {

		dprintk("RPC:       Pseudoflavor %d not found!\n", flavor);

	if (!gss_auth->mech)

		goto err_put_net;

	}

	gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);

	if (gss_auth->service == 0)

		goto err_put_mech;

	kfree(gss_auth);

out_dec:

	module_put(THIS_MODULE);

	trace_rpcgss_createauth(flavor, err);

	return ERR_PTR(err);

}

	struct gss_auth *gss_auth = container_of(auth,

			struct gss_auth, rpc_auth);

	dprintk("RPC:       destroying GSS authenticator %p flavor %d\n",

			auth, auth->au_flavor);

	if (hash_hashed(&gss_auth->hash)) {

		spin_lock(&gss_auth_hash_lock);

		hash_del(&gss_auth->hash);

static void

gss_do_free_ctx(struct gss_cl_ctx *ctx)

{

	dprintk("RPC:       %s\n", __func__);

	gss_delete_sec_context(&ctx->gc_gss_ctx);

	kfree(ctx->gc_wire_ctx.data);

	kfree(ctx->gc_acceptor.data);

static void

gss_free_cred(struct gss_cred *gss_cred)

{

	dprintk("RPC:       %s cred=%p\n", __func__, gss_cred);

	kfree(gss_cred);

}

	struct gss_cred	*cred = NULL;

	int err = -ENOMEM;

	dprintk("RPC:       %s for uid %d, flavor %d\n",

		__func__, from_kuid(&init_user_ns, acred->cred->fsuid),

		auth->au_flavor);

	if (!(cred = kzalloc(sizeof(*cred), gfp)))

		goto out_err;

	return &cred->gc_base;

out_err:

	dprintk("RPC:       %s failed with error %d\n", __func__, err);

	return ERR_PTR(err);

}

	struct xdr_netobj mic;

	struct kvec	iov;

	struct xdr_buf	verf_buf;