When afs_linux_readdir detects a corrupt directory, the resulting
error message is more useful if it includes the directory's FID
instead of just a kernel inode pointer.
When a corrupt directory is discovered, scanning stops immediately and
readdir returns ENOENT. Currently, the vcache lock is unlocked and the
dcache containing the directory is released, but that's not enough.
It's also necessary to unlock the dcache, on which we hold a read lock,
and to clear the vcache state which records an in-progress readdir.
When reading a callback state dump, check the return values from
read(2) instead of ignoring them. This adds a new static function,
ReadBytes(), which handles reading a requested number of bytes from a
file and bailing if there is an error.
Michael Meffie [Thu, 4 Apr 2013 14:53:00 +0000 (10:53 -0400)]
vlserver: increase the max lwp threads
Increase the maximum LWP threads allowed from 16 to 64. Increasing the number
of LWP threads can reduce the number of calls waiting for threads on
busy vlservers.
Ben Kaduk [Tue, 25 Jun 2013 00:51:53 +0000 (20:51 -0400)]
Make KeyFileExt comment match reality
There is no file format version field as implemented.
Remove it from the format laid out in the comment, and change the
associated text to make more sense.
Ben Kaduk [Wed, 15 May 2013 15:38:53 +0000 (11:38 -0400)]
Document the prdb (ubik) file format
Briefly cover the ubik header and mention that it is not part of the
logical database (since it is just used for the consistency procedure).
Describe the fields of the prheader and how they are used. Mention that
all subsequent entries are blocks of the same size, whose type can be
distinguished by a shared flags field. User and group entries are similar,
and supergroup entries are described as a diff from regular group entries,
as only a handful of fields change. Continuation entries can be used
for user, regular group, or supergroup entries.
Call out what fields are invariant within which classes of entry, so that
these properties can be preserved (or knowingly eliminated) for future
extensions to the format.
Russ Allbery [Sat, 29 Jun 2013 21:29:06 +0000 (14:29 -0700)]
Fix restorevol sanity check on afs_int32
restorevol reads various values of different lengths into an
afs_int32 and does a sanity check to ensure that there is enough
room to store the desired value length. However, the check was
done against the wrong variable, making it ineffective.
This check is unlikely to ever trigger, but fix it just in case.
Russ Allbery [Sat, 29 Jun 2013 21:27:55 +0000 (14:27 -0700)]
Fix restorevol crash on corrupt nDumpTimes value
If the number of dump times claimed in the volume header was greater
than MAXDUMPTIMES, restorevol would happily write over random stack
memory and crash. Sanity-check the loaded value and cap it to
MAXDUMPTIMES with a warning.
Bug found by Mayhem and reported by Alexandre Rebert.
Michael Meffie [Thu, 16 Jul 2009 21:50:53 +0000 (17:50 -0400)]
bosserver dir creation for non-transarc paths
The bosserver attempts to create the server directories with the correct
permissions when bosserver starts. Make the parent directories if needed
as well, using the umask permissions for the parent directories, instead
of failing.
This adds a Perl program, src/afs/findlocks, which grovels through the
kernel module source tree, finds every location where a lock is obtained,
and produces an index of lock site ID numbers. This can be used to find
a lock when debugging, or when picking a new number.
Michael Meffie [Tue, 9 Apr 2013 08:00:16 +0000 (04:00 -0400)]
libafs: initialize hard mount last errors
Initialize the values of the server last errors
introduced in commit 94a8ce970d57498583e249ea61725fce1ee53a50
to avoid logging garbage for the last error codes.
Marc Dionne [Mon, 8 Jul 2013 14:53:00 +0000 (10:53 -0400)]
Linux 3.11: Convert from readdir to iterate file operation
Convert the readdir function so that it can be used as the new
"iterate" file operation. This new operation is passed a context
that contains a pointer to the filldir function and the offset.
The context is passed into the new dir_emit function that will
call the function specified by the context.
The new dir_emit function returns true on success, so we must be
careful about how we check for failure since this is different
behaviour from what filldir currently does.
IBM created a global variable 'afsconf_SawCell' in the kauth package
and manipulated its value from within bos.c as part of the calling
of ka_Init(). Patchset d52398940d58ccdba4114a9975762f48cc24ad15
exported afsconf_SawCell from afsauthent.dll since bos.exe is built
pthreaded. It was previously mixing pthread and not-pthread libraries
to access the variable.
Unfortunately, the export was declared as a function pointer instead
of DATA. Importing a DATA element from a library also requires that
the variable be __declspec(dllimport). The use of afsconf_SawCell
needs to be replaced but in the meantime fix the import so that bos.exe
can start without crashing.
Build the 3961 library in userspace, with support for the common
kerberos enctypes des3-hmac-sha1, arcfour-hmac-md5, and aesXXX-cts-hmac-sha1-96.
Export new symbols as well, and suppress deprecated warnings.
Rename all symbols, both exported and not, with an oafs_h_ prefix
so as to reduce the chance of conflicts.
Rename heim_octet_string to avoid confusion about where things are coming
from.
Ben Kaduk [Tue, 2 Jul 2013 15:13:25 +0000 (11:13 -0400)]
Disable some heimdal bits
For the rfc3961 library, we don't want linker exposure to an
entropy-gathering daemon, and we don't want to be leaving entropy
seed files around in user homedirs.
Ben Kaduk (1):
Be friendly to krb5_generate_random_block consumers
Jeffrey Altman (6):
roken: include limits.h unconditionally
Avoid unused variable warning on Windows
roken: include direct.h if HAVE_DIRECT_H
roken: Define S_IRWXU and friends on Windows
roken: Add rk_mkdir()
libkrb5: Add missing KRB5_LIB_FUNCTION/KRB5_LIB_CALL
Marc Dionne [Fri, 5 Jul 2013 16:50:36 +0000 (12:50 -0400)]
bos: Do encryption if requested
Commit d008089a79 didn't replace the processing of the aencrypt
flag passed to the GetConn() function, causing all bos connections
to be un-encrypted. This causes "addkey" to fail with an error
from the server, and "listkeys" to silently ignore the -showkey
option to display keys.
Set the AFSCONF_SECOPTS_ALWAYSENCRYPT flag, and don't set
AFSCONF_SECOPTS_FALLBACK_NULL since fallback is not acceptable if
the caller requested enrcyption.
Jeffrey Altman [Wed, 26 Jun 2013 15:00:00 +0000 (11:00 -0400)]
Windows: Protect all Mm and Cc calls with try..except
Wrap all Memory Manager and Cache Manager operations in a try..except
block to protect against leaking the SectionObjectResource if an exception
is thrown. Failure to release the SectionObjectResource will result in
subsequent deadlocks.
Don't assume that converting a UUID to a string will always succeed.
Instead, opr_uuid_toString should return a status result to indicate
whether the operation was successful or not.
Jeffrey Altman [Wed, 19 Jun 2013 17:53:51 +0000 (13:53 -0400)]
Windows: Wake waiters on failed cm_SyncOp exit
If cm_SyncOp exits due to failure and there are threads waiting
to use the cm_scache object, wake them before exiting because there
will be no cm_SyncOpDone() operation to wake them later.
Andrew Deason [Thu, 30 May 2013 22:53:56 +0000 (17:53 -0500)]
namei: Create the IH_CREATE_INIT function
Create a new function that combines calls to IH_CREATE and IH_INIT
into one operation; the new function is called IH_CREATE_INIT. This
allows a caller to create a file and then use it, without needing to
open() the file twice.
This is currently only implemented for the Unix namei backend; other
backends result in effectively the same functionality (but can use the
same API).
Andrew Deason [Thu, 30 May 2013 22:52:32 +0000 (17:52 -0500)]
ihandle: Refactor ih_open to split out ih_attachfd
Refactor the function ih_open, so part of its logic gets split out
into the new ih_attachfd_r (and ih_attachfd) function. This allows
other code to splice in an existing fd, without going through the
normal "open" path.
This patch should incur no functional change; it is just code
reorganization.
Andrew Deason [Thu, 30 May 2013 22:40:58 +0000 (17:40 -0500)]
ihandle: Fix fdInUseCount leak on EMFILE
Here, we close closeFd, but currently we don't decrement fdInUseCount.
Since we retry the open immediately afterwards, this means we can leak
fdInUseCount references. For example, if we retry this 5 times and get
EMFILE on each attempt, we will close 5 FDs, but not decrement
fdInUseCount at all.
To fix this, decrement fdInUseCounter when we close a file for EMFILE.
Several functions in src/auth/userok.c construct pathnames in fixed
size buffers on their stacks. Those buffers are simultaneously too
small for the purpose for which they are used and too large to be
placed on the stack. This change replaces these fixed-size buffers
with dynamically-allocated buffers which are either exactly the right
size (due to asprintf) or have size AFSDIR_PATH_MAX.
When writing a callback state dump, test the return values from
write(2), but don't do anything based on the test. This avoids
compiler warnings when building on Ubuntu 12.10, with gcc 4.7.2 and
eglibc 2.15-0ubuntu20.1. This adds a new macro, WriteBytes(), which
handles writing a requested number of bytes to a file and ignoring
errors.
Fix potential buffer overflows caused by misuse of the scanf function
in the fileserver and ptserver.
Also fix similar issues in the client side fs command and libadmin
library.
Change-Id: Ia6a46981c50537da1673507c2bc777f96e43f95a
(This change was applied to the 1.6 branch as a security fix for 1.6.2 as
commit d1855f8e04; this commit brings the fix into master.)
Reviewed-on: http://gerrit.openafs.org/9962 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Jeffrey Altman [Sat, 25 May 2013 21:05:10 +0000 (17:05 -0400)]
rx: test for active calls in rxi_ChallengeEvent
The challenge event fires when an outstanding challenge request
has not been responded to. If there are no calls in the ACTIVE or PRECALL
state on the connection when the challenge event fires do not re-issue the
challenge. Clients do not respond to challenges when there are no active
calls.
Make the version string used in AFSVersion and cml_version_number
include the names of the user doing the build and the host on which
it is done. Also, remove extraneous whitespace and the content-free
word 'built' from cml_version_string, since Rx debug packages provide
space for only 64 characters of version string.
Change-Id: I128f6c175bb93b1fb5a4d531f64aa81bd2841ce7
Reviewed-on: http://gerrit.openafs.org/2279 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Jeffrey Altman [Sat, 1 Jun 2013 04:48:51 +0000 (00:48 -0400)]
Windows: Protect against cm_GetVolServerList failures
In cm_Analyze, if cm_GetVolServerList() fails volServerpp will be
NULL which will trigger an exception if passed to either
cm_SetServerBusyStatus or cm_ResetServerBusyStatus.
Marc Dionne [Wed, 3 Apr 2013 20:09:53 +0000 (16:09 -0400)]
tests: Improve afstest_UnlinkTestConfig cleanup
Make afstest_UnlinkTestConfig clean up and remove the specified
directory regardless of which files are present. This means
the function no longer has to track the current state of which
files may be present as tests are added and modified.
A sanity check is added to prevent damage in case the function is
called for an inappropriate directory.
As before, no cleaning is done if the test is run outside of a
"make check".
Marc Dionne [Wed, 22 May 2013 13:26:57 +0000 (09:26 -0400)]
Linux: Fix tmpfs cache support
As of kernel 3.1, tmpfs no longer has a readpage() operation in its
address space operations. Some of the cache manager code relies on
this, causing an oops if tmpfs is used as backing store for the
cache.
As a minimal fix, detect that there is no readpage() and disable
the optimizations that depend on it.
Jeffrey Altman [Mon, 13 May 2013 10:45:34 +0000 (06:45 -0400)]
vol: return VNOVNODE if vnode is not allocated
If a request for a vnode fails because the vnode is not allocated
within the volume, the error returned to the client should be VNOVNODE to
indicate that the requested FID does not exist and not VIO indicating a
transient disk i/o error or other transient internal inconsistency.
Simon Wilkinson [Sat, 11 May 2013 19:20:38 +0000 (20:20 +0100)]
Sort all libtool symbol lists
The original plan for the libtool symbol lists was that they be in
alphabetical order. This should make them easier to maintain, as it
becomes harder to accidentaly introduce duplicates, and makes merge
conflicts when adding new symbols less likely.
However, not all of them are properly sorted. Update the ones that
aren't. This was done with
for A in `find . -name *.la.sym`; do sort $A -o $A; done
Marc Dionne [Wed, 6 Mar 2013 00:38:34 +0000 (19:38 -0500)]
libafs: fix Afs_syscall definition for UKERNEL
For the UKERNEL case, Afs_syscall is prototyped and used as (void).
Make the function definition use the void keyword to avoid a warning
about an old style definition.
Remove the uafs_klog() apis from afs_usrops. Nothing uses it except
the obsolete afsweb stuff that isn't built anymore.
Stop linking in all kauth and pts components. Also remove some other
objects from libauth, rxkad, and com_err, that were only present as
dependencies of kauth and pts components
Marc Dionne [Sat, 25 May 2013 14:43:45 +0000 (10:43 -0400)]
volser: Adjust TLV tag range
Tag values up to D_MAX cannot be used as TLV tags, as the parsing
logic assumes anything up to D_MAX is a control tag. Adjust
MIN_TLV_TAG to 21 so that the TLV range sits just above D_MAX.
Dan van der Ster [Fri, 24 May 2013 08:12:14 +0000 (10:12 +0200)]
linux: remove linux osi_alloc hash stats
The bucket stat vector is maintained but never read. And it is
occasionally annoying since it can flood messages with
"afs_get_hash_stats: Warning! exceeded max bucket len ..."
Remove it.
Jeffrey Altman [Thu, 23 May 2013 20:57:21 +0000 (16:57 -0400)]
Windows: Return bytes_read count from cm_GetData
The existing interface for cm_GetData takes an input buffer and
a buffer size and no method by which the number of bytes read into
the buffer can be returned. Add an output parameter to permit it.
Andrew Deason [Mon, 13 May 2013 20:33:42 +0000 (15:33 -0500)]
DAFS: Avoid useless attach2 error message
Since commit 53230846a202a50f6c3a61b38d62ccba8876f89d, attach2 logs an
error when we force a volume to an error state due to attachment
errors. This is to ensure that we never end up with a volume in an
error state without logging a message about it.
However, while this is useful for the fileserver, for non-fileserver
programs this situation is very common for VNOVOL errors and does not
represent an actual problem. For the fileserver, nonexistent volumes
should be caught before we hit attach2 (in e.g. GetVolume when we
can't find a volume structure), so errors here can be significant and
should be rare. But for e.g. the volserver, when we try to use a given
volume id, we just try to attach it directly, so if the volume doesn't
exist, we will hit this code path.
This can happen pretty often for the volserver, since many volume
operations try to determine if a volume already exists by trying to
attach it. In those cases, this error message is pretty much useless
noise. So, get rid of it if we are non-fileserver, and the error we
got is VNOVOL. It is not as important for non-fileserver that we put a
volume in an error state, since volume states are much more transient
for non-fileserver programs, since the volume structs don't stay
around very long.
Michael Meffie [Mon, 13 May 2013 17:59:50 +0000 (13:59 -0400)]
vldb_check: print vlentry file offsets
To aid in debugging, consistently print the vlentry database "address"
and the file offset when displaying errors for vlentries. Print the
vlentry file offsets when printing all the entries with the -entries
option.
Marc Dionne [Wed, 24 Apr 2013 13:11:09 +0000 (09:11 -0400)]
linux: Fix leaked dentry reference in the revalidate op
In one error case, we exit the function without release the
reference on the parent dentry. This dangling reference can cause
an oops when the client is shut down.
Jeffrey Altman [Mon, 13 May 2013 14:09:11 +0000 (10:09 -0400)]
Windows: NotifyHardLink avoid null ptr reference
In AFSNotifyHardLink, if the TargetDirectoryCB out parameter is non-NULL
but pDirNode is NULL, do not attempt to increment the
DirOpenReferenceCount because doing so will trigger an exception.
Anders Kaseorg [Tue, 7 May 2013 04:27:33 +0000 (00:27 -0400)]
Linux: osi_TryEvictVCache: Don’t skip the first dentry if D_ALIAS_IS_HLIST
An hlist doesn’t begin with a sentinel like a list does, so the old
code would skip the first dentry or crash with a NULL dereference if
there wasn’t one. Use the kernel’s list_for_each_entry or
hlist_for_each_entry macros instead of trying to do it manually.
Should fix a crash observed by Alex Chernyakhovsky on kernel 3.6 and
newer.
Change-Id: I6d7bd190013a0250ca896af8d5182df55a3376b0 Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/9857 Reviewed-by: Alex Chernyakhovsky <achernya@mit.edu> Tested-by: Alex Chernyakhovsky <achernya@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
it's claimed these are not initialized before use.
squelch compiler errors. has to be in parent as otherwise
we will zero them in our loop where we potentially want the
parent group id, which is not on "this" line as we add members.
projects / packages / o / openafs.git / log