]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2751501)
dir: do not leak contents of deleted directory entries
authorMark Vitale <mvitale@sinenomine.net>
Mon, 7 Nov 2016 19:16:50 +0000 (14:16 -0500)
committerStephan Wiesand <stephan.wiesand@desy.de>
Wed, 30 Nov 2016 20:06:42 +0000 (15:06 -0500)
Deleting an AFS directory entry (afs_dir_Delete) merely removes the
entry logically by updating the allocation map and hash table.  However,
the entry itself remains on disk - that is, both the cache manager's
cache partition and the fileserver's vice partitions.

This constitutes a leak of directory entry information, including the
object's name and MKfid (vnode and uniqueid).  This leaked information
is also visible on the wire during FetchData requests and volume
operations.

Modify afs_dir_Delete to clear the contents of deleted directory
entries.

Patchset notes:
This commit only prevents leaks for newly deleted entries.  Another
commit in this patchset prevents leaks of partial object names upon
reuse of pre-existing deleted entries.  A third commit in this
patchset prevents yet another kind of directory entry leak, when
internal buffers are reused to create or enlarge existing directories.
All three patches are required to prevent new leaks.  Two additional
salvager patches are also included to assist administrators in the
cleanup of pre-existing leaks.

[kaduk@mit.edu: style nit for sizeof() argument]

Reviewed-on: https://gerrit.openafs.org/12460
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f591f6fae3d8b8d44140ca64e53bad840aeeeba0)

Change-Id: I41f76649f4bed609793b944db32c5ae62aa07458
Reviewed-on: https://gerrit.openafs.org/12465
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
src/dir/dir.c patch | blob | history

diff --git a/src/dir/dir.c b/src/dir/dir.c
index 51a78eb42b71a22d16d07562847935d1ef10e96f..1b8ec5c7ccc9fbcb4aa842d0360e0f68e62362c4 100644 (file)
--- a/src/dir/dir.c
+++ b/src/dir/dir.c
@@ -206,7 +206,9 @@ Delete(void *dir, char *entry)
     DRelease(previtem, 1);
     index = DVOffset(firstitem) / 32;
     nitems = NameBlobs(firstitem->name);
-    DRelease(firstitem, 0);
+    /* Clear entire DirEntry and any DirXEntry extensions */
+    memset(firstitem, 0, nitems * sizeof(*firstitem));
+    DRelease(firstitem, 1);
     FreeBlobs(dir, index, nitems);
     return 0;
 }