Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / 08d3d06cf6291a7ea7218a45f3a1ae996541ca53
commit08d3d06cf6291a7ea7218a45f3a1ae996541ca53[log] [tgz]
authorJayaprakash Mutyala <mutyalax.jayaprakash@intel.com>Fri Oct 01 16:01:57 2021 +0000
committerJayaprakash Mutyala <mutyalax.jayaprakash@intel.com>Tue Jan 18 23:57:26 2022 +0000
treeb784ea7e67d6670120e6bb7d8eb9d7a7303f417a
parentd3d2fe29d550e2557704444267881b842573f450 [diff]
user_mgmt: Fix for user privilege race condition

The ipmid and netipmid processes cache IPMI user data in a shared file.
The current implementation has coherency and consistency problems:

Coherence: If a user account is created and immediately enabled with
IPMI commands, the updated data may not be propagated to netipmid. This
condition can last indefinitely, so the cache is not coherent. The
problem is caused by a lock that doesn't work and allows both processes
to register signal handlers that write to the file.

Consistency: This cache scheme does not have a strict (or linearizable)
consistency model. The ipmid and netipmid processes have an inconsistent
view of the user database until changes propagate to netipmid. Cache
file reads are controlled by mtime comparisons with a one-second
granularity.

So mitigated the second problem by using the full 10ms resolution of
mtime. Now a new user is ready to use much faster than a client can
submit two commands.

Mitigating the second (consistency) problem does not fix the first
problem. It might hide it, but the result will still depend on
non-deterministic timing of DBus signals and mtime granularity.

To fix the coherency problem, changed sigHndlrLock to use a different
file that isn't closed after each operation. Closing a POSIX file lock
releases the lock.

Tested:
1. Verified using IPMI commands by creating multiple users continuously.
Successfully created all users and able to perform RMCPP with that user.

Command: ipmitool user set name <used id> <username>
Response:               //User created successfully
Command: ipmitool user set password <used id> <password>
Response: Set User Password command successful <user name>
Command: ipmitool channel setaccess <channel#> <user id> link=on ipmi=on
         callin=on privilege=4
Response: Set User Access (channel<number > id <user id>) successful.
Command: ipmitool raw 0x6 0x43 0x9<channel #> <user id> 0x4 0x0
                                      // Set User Access Command
Response:                //Success
Command: ipmitool user enable <user id>
Response:                //Success
Command: ipmitool -H <BMC IP> -U <user name> -P <password> -C 17 -I
         lanplus raw 0x06 0x01
Response: <device ID>           //Success

Signed-off-by: Luke Phillips <lucas.phillips@intel.com>
Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: If5ede3b0f97a2ba2b33cf358a9aaaf93d765d359
2 files changed
tree: b784ea7e67d6670120e6bb7d8eb9d7a7303f417a
  1. app/
  2. dbus-sdr/
  3. docs/
  4. include/
  5. libipmid/
  6. libipmid-host/
  7. scripts/
  8. softoff/
  9. test/
  10. user_channel/
  11. xyz/
  12. .build.sh
  13. .clang-format
  14. .gitignore
  15. .shellcheck
  16. .travis.yml
  17. apphandler.cpp
  18. apphandler.hpp
  19. bootstrap.sh
  20. chassishandler.cpp
  21. chassishandler.hpp
  22. configure.ac
  23. dcmihandler.cpp
  24. dcmihandler.hpp
  25. elog-errors.hpp
  26. entity_map_json.cpp
  27. entity_map_json.hpp
  28. error-HostEvent.hpp
  29. fruread.hpp
  30. generate_whitelist.sh
  31. globalhandler.cpp
  32. globalhandler.hpp
  33. groupext.cpp
  34. host-cmd-manager.cpp
  35. host-cmd-manager.hpp
  36. host-interface.cpp
  37. host-interface.hpp
  38. host-ipmid-whitelist.conf
  39. ipmi_fru_info_area.cpp
  40. ipmi_fru_info_area.hpp
  41. ipmid-new.cpp
  42. ipmisensor.cpp
  43. ipmiwhitelist.hpp
  44. LICENSE
  45. MAINTAINERS
  46. Makefile.am
  47. OWNERS
  48. read_fru_data.cpp
  49. read_fru_data.hpp
  50. README.md
  51. sample.cpp
  52. sample.h
  53. selutility.cpp
  54. selutility.hpp
  55. sensordatahandler.cpp
  56. sensordatahandler.hpp
  57. sensorhandler.cpp
  58. sensorhandler.hpp
  59. settings.cpp
  60. settings.hpp
  61. storageaddsel.cpp
  62. storageaddsel.hpp
  63. storagehandler.cpp
  64. storagehandler.hpp
  65. sys_info_param.cpp
  66. sys_info_param.hpp
  67. systemintfcmds.cpp
  68. systemintfcmds.hpp
  69. testaddsel.cpp
  70. testit.cpp
  71. transporthandler.cpp
  72. transporthandler.hpp
  73. whitelist-filter.cpp
README.md

To build this package, do the following steps:

1. ./bootstrap.sh
2. ./configure ${CONFIGURE_FLAGS}
3. make

To clean the repository run ./bootstrap.sh clean.