Mark Vitale [Fri, 21 Dec 2012 22:56:14 +0000 (17:56 -0500)]
dafs: preattach should wait for exclusive states
In rare circumstances an FSYNC_VOL_ON operation may fail silently,
leaving the volume in its previous state. The only clue is a FileLog
message "volume <nnnn> not in quiescent state".
This is caused by a race condition in the volume package: an
FSYNC_VOL_ON operation is attempting to preattach a volume
(in VPreAttachVolumeByVp_r()) at the same time a fileserver RPC
(e.g. FetchStatus) is detaching the volume (in VReleaseVolumeHandles_r())
at the conclusion of attach2() logic.
The fix calls VWaitExclusiveState_r() before calling
VPreAttachVolumeByVp_r().
After lots of intermediate steps a call to ubik_print(), ubik_vprint()
and ubik_dprint*() ends in vFSLog() which adds a timestamp to the output.
So any call to ubik_print(), that does not contain a \n at the end,
makes a mess of the logfile.
The least invasive change will simply add this newline at the end
of any ubik_print() call.
This also prevents long lines in the log, which might appear on
multi-homed hosts with lots of interfaces.
FIXES 1446
Change-Id: I2e44588fcc5b27704dd5fec5a83d99d3a86f86e4
Reviewed-on: http://gerrit.openafs.org/9059 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Jeffrey Altman [Tue, 29 Jan 2013 02:12:10 +0000 (21:12 -0500)]
Windows: More RDR Garbage Collection
This patchset addresses the failure of AFSVolumeCB, AFSDirectoryCB,
and AFSObjectInformationCB objects to be garbage collected by the
AFSPrimaryVolumeWorker thread. The AFSPrimaryVolumeWorker thread
is broken up into smaller pieces.
Jeffrey Altman [Sun, 27 Jan 2013 20:06:09 +0000 (15:06 -0500)]
Windows: AFSEvaluateTargetByID Sanity Check Result
If the file server provides the service with bogus status info
and that status info is inconsistent with the allocated fields
in the associated ObjectInformationCB and FCB structures, it can
result in a BSOD. Perform some basic sanity checks and if an
inconsistency is discovered, fail the request. This may result
in the inability to access a file/directory but will prevent a
BSOD.
Jeffrey Altman [Fri, 1 Feb 2013 18:40:22 +0000 (13:40 -0500)]
Windows: Replace ParentObjectInformation pointer
Although rare there have been crashes which were the result of
the ObjectInformationCB being freed while another ObjectInformationCB
is pointing to it via the ParentObjectInformation pointer.
This patchset removes the pointer and replaces it with the ParentFileId
which is used to lookup the Parent ObjectInformationCB via the VolumeCB
BTree of all volume objects. The reference counting rules remain the
same.
Jeffrey Altman [Fri, 25 Jan 2013 05:18:37 +0000 (00:18 -0500)]
Windows: .readonly space reporting
.readonly volumes can be stored on multiple partitions which each
have a different size and free space available. To ensure consistency
regardless of which partition the .readonly is accessed from and
because .readonly volume sizes cannot change, report the allocation
size of the volume as the partition size. Continue to report that
volume has zero free sectors because the volume cannot be written to.
Jeffrey Altman [Fri, 25 Jan 2013 05:17:25 +0000 (00:17 -0500)]
Windows: FILE_READ_ONLY_VOLUME not FILE_DEVICE_READ_ONLY
Instead of stating that the AFS device is read only; report
that the volume in question is read only using the FILE_READ_ONLY_VOLUME
file system characteristic.
Jeffrey Altman [Fri, 25 Jan 2013 05:13:03 +0000 (00:13 -0500)]
Windows: AFSQueryFsAttributeInfo use service response
The File System attributes are set by the service in the volume
information request. Use the values the service provides instead
of returning an incomplete hard coded list.
Jeffrey Altman [Fri, 25 Jan 2013 05:11:41 +0000 (00:11 -0500)]
Windows: FILE_FS_DEVICE_INFORMATION Device Type
Consistently report our device type as FILE_DEVICE_NETWORK_FILE_SYSTEM
instead of FILE_DEVICE_DISK or FILE_DEVICE_DISK_FILE_SYSTEM except
when returning FILE_FS_DEVICE_INFORMATION where we must lie and state
that the device type is FILE_DEVICE_DISK. Otherwise, the Win32 API
GetFileType() returns FILE_TYPE_UNKNOWN instead of FILE_TYPE_DISK.
Applications built from msys (but not current cygwin) treat files
of type FILE_TYPE_UNKNOWN as special character devices instead of
files. This breaks msysGit.
Jeffrey Altman [Tue, 22 Jan 2013 17:44:21 +0000 (12:44 -0500)]
Windows: AFSCleanupFile always flush on last handle
Do not rely on a count of dirty extents to determine if the
service should flush a file during a cleanup operation. Simply
because there are no dirty extents held by the redirector does
not imply that the service has no dirty buffers for the file.
Jeffrey Altman [Thu, 17 Jan 2013 06:44:27 +0000 (01:44 -0500)]
Windows: Convert BkgDaemon Procedures to use rock
The BkgDaemon functions accepted four 32-bit parameters into
which 64-bit offsets and lengths were fit. Convert the routines
to use a procedure specific rock type which is allocated by the
caller to cm_QueueBkgRequest and freed by cm_BkgDaemon.
The use of a rock will permit greater flexibility for future
background procedures to be implemented that require more complex
data to be passed around.
Jeffrey Altman [Thu, 17 Jan 2013 06:42:54 +0000 (01:42 -0500)]
Windows: Set dirty page limit to 2 x ChunkSize / 4096
4096 is the size of a memory manager page. ChunkSize is in octets.
Windows doesn't wait until the limit is reached to begin flushing
and ChunkSize is not a hard limit.
Jeffrey Altman [Fri, 25 Jan 2013 00:42:41 +0000 (19:42 -0500)]
Windows: Add CM_MERGEFLAG_CACHE_BYPASS
If a store operation is performed direct to the file server
bypassing the AFSCache, call cm_MergeStatus() with
CM_MERGEFLAG_CACHE_BYPASS to ensure that the valid version
numbers for the cm_scache_t object are incremented appropriately.
After a cache bypass occurs, only buffers with the current
data version number are valid since the cached data will be
incomplete.
Jeffrey Altman [Thu, 31 Jan 2013 02:45:44 +0000 (21:45 -0500)]
Windows: AFSInitPIOCtlDirectoryCB fixes
Rename ObjectInfo parameter to ParentObjectInfo since
it does represent the parent of the PIOCtlDirectoryCB
that is being allocated.
If the AFS_DIR_ENTRY_TAG allocation fails, do not call
AFSDeleteObjectInfo( pObjectInfoCB) prior to the try_return
because AFSDeleteObjectInfo() will be executed in the try_exit
block.
Finally, do not increment the pDirNode->ObjectInformationCB
reference count when returning STATUS_REPARSE. The reference
count is tracked by the pDirNode pointer and has already been
allocated.
Jeffrey Altman [Fri, 25 Jan 2013 00:25:37 +0000 (19:25 -0500)]
Windows: AFSProcessCreate drop DirOpenRefCount on exit
AFSProcessCreate() must not maintain its DirOpenReferenceCount
when bFileCreated is true because the AFSCcb maintains its own
count and the one obtained by AFSProcessCreate() will only be
leaked.
Jeffrey Altman [Thu, 24 Jan 2013 23:55:24 +0000 (18:55 -0500)]
Windows: Introduce NameArray Reference Counts
Split the DirOpenReferenceCounts into those related to DirectoryCB
reference counting unrelated to the NameArrays and those that are
related to the NameArrays. This helps track down the source of
overcounts and undercounts.
Jeffrey Altman [Thu, 24 Jan 2013 23:44:33 +0000 (18:44 -0500)]
Windows: Categorize ObjectInformationCB RefCnts
To assist in tracking down the source of ObjectInformationCB
overcounts and undercounts, add an advisory array which tracks
the reference counts by category. In the procress ensure that
all reference count changes are logged by tracing.
Jeffrey Altman [Thu, 24 Jan 2013 23:24:55 +0000 (18:24 -0500)]
Windows: AFS_SUBSYSTEM_OBJECT_REF_COUNTING fixes
A large number of trace messages monitoring ObjectInformationCB
reference counting were categorized under AFS_SUBSYSTEM_FCB_REF_COUNTING
instead of AFS_SUBSYSTEM_OBJECT_REF_COUNTING. This patchset applies
the correct subsystem category.
Jeffrey Altman [Thu, 24 Jan 2013 21:29:52 +0000 (16:29 -0500)]
Windows: Reduce RDR Object Lifetime
Adjust the redirector object lifetime from 10 minutes (600 seconds)
to 20 seconds. The object lifetime is how long an object can remain
idle before garbage collection is permitted.
Jeffrey Altman [Sun, 13 Jan 2013 15:15:02 +0000 (10:15 -0500)]
windows: Update raw fetch/store operations
rawops.c is a hold over from Eric Williams' original attempt
to implement an AFS redirector. When the rest of the his code
was purged from the tree and replaced with a more complete
implementation based upon the Kernel Drivers's File System
framework rawops.c was left behind.
Although the source file has been compiled as part of the build,
its functions ReadData and WriteData have never been called. This
patchset:
1. renames the functions to raw_ReadData and raw_WriteData
2. modifies the function signatures and provides a header
with prototypes
3. requires that cm_scache.rw be write-locked upon entry
4. renames variables
5. removes the #define CM_BUF_BUFSIZE and relies upon
cm_data.blockSize instead
6. Always write back the current range as an async store
instead of the previous chunk as random write patterns
will fail to store all of the dirty buffers.
Michael Meffie [Wed, 16 Jan 2013 17:10:02 +0000 (12:10 -0500)]
vlclient: add -probe option
Add a new option to the vlclient test program to call the
probe server RPC to ping the vlservers in a cell. Uses a multi
rx call to do the probes in parallel.
The existing -host option can be used to ping a single
vlserver.
Simon Wilkinson [Sat, 2 Feb 2013 07:20:14 +0000 (07:20 +0000)]
auth: Permit NULL fallback in localauth case
Allow the caller of afsconf_PickClientSecObj to specify both
local authentication, and to request fallback to null authentication
if local auth isn't available.
Simon Wilkinson [Sat, 2 Feb 2013 07:17:53 +0000 (07:17 +0000)]
rx: Fix AIX test_and_set_bit
The AIX definition of rx_atomic_test_and_set_bit had its test the
wrong way round - so an already set bit would return false, and a clear
bit would return true. Fix this.
Derrick Brashear [Mon, 21 Jan 2013 21:10:17 +0000 (16:10 -0500)]
darwin: stop processing upcalls once rx shutdown starts
we have a chicken and egg. can't stop upcall without
killing socket; can't kill socket while rx might try to transmit on it.
cheat, and if rx is shut down, don't process things upcall receives.
Jeffrey Altman [Wed, 19 Dec 2012 21:52:34 +0000 (16:52 -0500)]
Windows: Disable hard dead timeout for RDR File Server connections
The UNIX cache manager does not implement hard dead timeouts
on file server connections. The Windows cache manager had to
because of the SMB connection timeout requirements. For the
AFS redirector there is no timeout requirement. Therefore,
when the SMB stack is disabled the Windows cache manager can
disable the hard dead timeout.
The idle dead timeouts are in place to cancel connections when
file servers stop replying with real data.
libtool gets confused if it is running two instances in the same
directory, so make sure we build libafsrpc.a after the other things
we already single-stream.
Simon Wilkinson [Mon, 21 Jan 2013 21:50:25 +0000 (16:50 -0500)]
rx: atomic bit ops
Add rx_atomic_test_bit, rx_atomic_set_bit, and rx_atomic_clear_bit
to provide bitwise operations over atomic types. These allow the
use of atomic flag variables.
Uses native platform atomic operations wherever these are available,
otherwise falls back to our 'standard' MUTEX based implementation.
Jeffrey Altman [Fri, 25 Jan 2013 08:25:46 +0000 (03:25 -0500)]
Windows: rename 'rbytes' to 'rxbytes' for clarity
Throughout cm_dcache.c, the various 'rbytes' represents the number
of bytes to be read from the next rx_Read or rx_Readv call.
Rename the variable to 'rxbytes' to improve clarity.
Jeffrey Altman [Thu, 3 Jan 2013 19:11:31 +0000 (14:11 -0500)]
Windows: Update Bulk I/O Descriptor
Update the cm_bulkIO_t and associated functions such that
the 'reserved' field is no longer a boolean indicated whether
or not buffers have been reserved but instead becomes a count
of the number of buffers that have been reserved.
buf_TryReserveBuffers is modified to return an afs_uint64
count of the number of buffers reserved instead of a boolean.
cm_SetupStoreBIOD, cm_SetupFetchBIOD, and cm_ReleaseBIOD altered
to store the reserved buffer count and use it when freeing the
BIOD.
Prior to this change it was not possible to reserve a count other
than the number of buffers it takes to store one chunkSize of data.
Jeffrey Altman [Sat, 29 Dec 2012 20:58:06 +0000 (15:58 -0500)]
Windows: Decrement Fcb OpenHandleCount while locked
AFSCleanup performs tests on the Fcb Open Handle Count to determine
when to perform final cleanup tasks on the last handle close. The
test is protected by holding the Fcb Resource. If the Open Handle
Count is decremented after dropping the Resource, it creates a
race with other threads that might be blocked entering AFSCleanup
to close their handle on the same object.
In AFSOpenRoot obtain the VolumeRoot reference count before performing
any operations that require use of the VolumeRoot. If the operations
fail, release the reference count.
This patchset completes the reorganizing of the DirOpenReferenceCount
handling. Now that every AFSCcb is given a refCount in AFSInitCcb()
which is released in AFSRemoveCcb() it is possible to simplify some
of the logic surrounding DirOpenReferenceCount handling across
the AFSCommonCreate -> XXX -> AFSLocateNameEntry -> {MountPoint, Symlink}
call sequences.
Wherever possible releasing of DirOpenReferenceCounts occur in a
functions try_exit block. AFSCommonCreate() uses the new variables
bReleaseDir and bReleaseParentDir to track whether these refcounts
need to be released. Additional comments document the decision
making.
There was at least one code path in AFSLocateNameEntry() where
the DirOpenReferenceCount could be dropped when it should not have
been. (pExistingDirNode == pDirNode).
Jeffrey Altman [Sat, 29 Dec 2012 05:51:55 +0000 (00:51 -0500)]
Windows: NameArray DIRENTRY_REF_COUNT logging
Include the NameArray pointer in the AFS_SUBSYSTEM_DIRENTRY_REF_COUNTING
log messages generated from the NameArray management routines. This
permits correlation between the reference count changes and the
NameArray to which they were associated.
Jeffrey Altman [Sat, 29 Dec 2012 05:49:43 +0000 (00:49 -0500)]
Windows: AFSSetRenameInfo DIRENTRY_REF_COUNTING
When logging the result of the DirOpenReferenceCount increment,
use lCount instead of referencing the DirOpenReferenceCount field
which could have been changed.
AFSSetFileLinkInfo() would leak a DirOpenReferenceCount when
pNewTargetDirEntry is not NULL upon exit. It also did not
properly handle a STATUS_REPARSE response from AFSNotifyHardLink().
The AFSInsertDirectoryNode() call should not be performed when
the result is STATUS_REPARSE since that means the entry already
exists.
This patchset consolidates the releasing of the DirOpenReferenceCount
within AFSNotifyHardLink() into the try_exit block. This clarifies
the logic and avoids duplicate code blocks.
This patchset consolidates the releasing of the DirOpenReferenceCount
within AFSNotifyFileCreate() into the try_exit block. This clarifies
the logic and avoids duplicate code blocks.
Unless the caller of AFSRemoveCcb() steals the DirectoryCB object
from the AFSCcb before calling AFSRemoveCcb(), AFSRemoveCcb() will
release the reference count.
In all but one case where the DirectoryCB must be accessed after
the AFSCcb is destroyed AFSClose() can now let AFSRemoveCcb() do the
work.
Jeffrey Altman [Sat, 29 Dec 2012 05:17:59 +0000 (00:17 -0500)]
Windows: AFSInitCcb redefinition
The new AFSInitCcb() allocates its own DirOpenReferenceCount to
associate with the AFSCcb.DirectoryCB.
It also accepts the GrantedAccess mask and the FileAccess values
which are stored in the AFSCcb.
These changes simplify the callers and remove responsibility of
tracking whether or not the DirOpenReferenceCount was successfully
associated with the AFSCcb.
The allocated DirOpenReferenceCount is always released by
AFSRemoveCcb().
Marc Dionne [Sat, 22 Dec 2012 12:54:54 +0000 (07:54 -0500)]
Rework set_header_word macros
Rework the set_header_word macros so that all compilers are
happy:
- the use of offsetof() is avoided, as it has an issue on IRIX
when the result is not constant
- the assignment within the macro is explicitely sequenced before
the function call to avoid a gcc sequence-point warning
Change-Id: I2355233e865b155f958379bfa2736fee19ef2680
Reviewed-on: http://gerrit.openafs.org/8816 Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Ken Dreyer [Wed, 12 Dec 2012 17:37:47 +0000 (10:37 -0700)]
NEWS updates for 1.6.2
Add an entry for 1.6.2 with "in progress" instead of a date to hold the
release notes for 1.6.2pre4 rather than creating separate entries for
each release candidate. Users who track the release candidates can refer
to the public announcements, and this will be cleaner when reading
history later on.
Change-Id: I625044e20836e072b62ffa738eca23f1d11813a5
Reviewed-on: http://gerrit.openafs.org/8750 Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com> Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Michael Meffie [Thu, 7 Jun 2012 18:46:04 +0000 (14:46 -0400)]
libafs: fs flushall for unix cm
Implement the fs flushall command on the unix cache manager to flush
all volume data. Uses a new common pioctl code point VIOC_FLUSHALL (14),
registered with the grand.central.org assigned numbers.
Andrew Deason [Fri, 18 Jan 2013 20:27:16 +0000 (14:27 -0600)]
SOLARIS: Use vn_renamepath as early as possible
Commit 6c509601 uses the vn_renamepath when we are building on Solaris
11. However, some recent patch level of Solaris 10 (more recent than
stock 10u10) has the same problem fixed by that commit, where
vn_setpath takes an additional argument. So instead, just test for the
existence of vn_renamepath itself, so we also use it on Solaris 10
when we can.
Simon Wilkinson [Fri, 18 Jan 2013 22:54:03 +0000 (22:54 +0000)]
rx: Remove warning inhibition on rx.c
The CFLAGS_NOERROR rule for rx.c seems to have crept back in as
part of the libtool changes. The LWP build of rx.c has never had
warning inhibition on rx.c, and the inhibition in the pthread
builds was removed by 327762071be3806c5d08be0218982c7027754756
Rod Widdowson [Sun, 30 Dec 2012 11:13:24 +0000 (11:13 +0000)]
Windows: Police Library IOCTLs
Ensure that the callers of the various library ioctls have
the correct identity or privs. All this policing is done in
the fs (non unloadable) layer, and to ensure that the library
layer cannot receive these calls directly we forbid non
create Opens of the library control device.
Rod Widdowson [Fri, 28 Dec 2012 15:00:15 +0000 (15:00 +0000)]
Windows: Police the DEBUG TRACE ioctls
When we get a IOCTL_AFS_GET_TRACE_BUFFER, a IOCTL_AFS_CONFIGURE_DEBUG_TRACE
or a IOCTL_AFS_FORCE_CRASH, we check to see whether the caller is in the
Administrators group and if it isn't we fail the request with ACCESS_DENIED.
NOTE that this does not check whether the user has done the "run as admin"
thing. We actually need to determine which priviledges are appropriate to
this action and use that rather than group membership to police these actions
and this will be added in a later patch. Meanwhile this represents a
significant increment in security from previously.
Andrew Deason [Thu, 17 Jan 2013 21:37:06 +0000 (15:37 -0600)]
Improve libroken configure check
It is not sufficient to just check if libroken is available; we need
to check if the specific functionality we want is there. So, try to
compile and link while referencing specific functions.
As mentioned in the comments, testing every single function we use may
not be practical, and we should perhaps just add functions to test as
we find breakage. This commit tests rk_rename, which is missing in at
least the Debian package heimdal-dev, version
1.4.0~git20100726.dfsg.1-2+squeeze1.
Michael Meffie [Mon, 10 Dec 2012 23:00:25 +0000 (18:00 -0500)]
xstat: length check cm call info
Define the cm xstat function call counters with an xmacro to avoid
duplicating the list of cm function names. This obviates the need
to update xstat_cm_test.c when new function names are added to the
cm xstat collection id 0.
Check the number of returned records when printing the function call
counts to avoid over-running when a newer xstat_cm_test client
receives data from an older cm.
OpenBSD: Add support for missing routine memmove() in kernel.
OpenBSD does not have the memmove() routine available to dynamically
loaded modules in its kernel. It exists but is not exported so it
winds up "mia" on dynamic load of the kernel module. It's needed for
the Heimdal code that's been added into OpenAFS. This patch deals
with this issue by creating an inline version in the OS-specific
param.h file.
Note that this issue does not seem to exist in the amd64 version of
OpenBSD so (at least for now) tis fix is only applied to the i386
version of the header files.
For OpenBSD 4.6 and 4.7, the rx_atomic.h header ultimately resorts
to the use of the default atomic routines that rely on MUTEX
macros. Those macros require that 'curproc' be defined, which in
turn requires the presence of the 'sys/proc.h' header. This patch
inserts that header into the param.h file for those systems.
Note that subsequent versions of OpenBSD have __sync_fetch_and_add
and don't require 'curproc' as a result.
Marc Dionne [Sat, 19 Jan 2013 03:40:03 +0000 (22:40 -0500)]
Linux: setpag() may replace credentials
For recent Linux. setpag() may replace the current process' cred
structure with a new one. This is not a problem for most callers,
but in the case of processing a SetTokens2 pioctl with the setpag
option, the new credentials should be used to determine the target
for the token.
Ben Kaduk [Fri, 11 Jan 2013 18:03:02 +0000 (13:03 -0500)]
Catch up to FreeBSD KPI for vfs_cmount
Almost a year ago, mckusick changed the VFS KPI/KBI for the cmount
VFS operation, making the flags argument a 64-bit quantity.
Introduce appropriate conditionals for our prototype of afs_cmount
for the change on the 10.x and 9.x branches.
LINUX: fix array indexing issue in memory statistics
The comma is a sequence point and i gets incremented and then used.
This results in writing past the end of the array by one (and failing
to initialize the first element as well).
Andrew Deason [Thu, 17 Jan 2013 22:35:09 +0000 (16:35 -0600)]
ubik: Remove bare global ubik_epochTime
Commit e4ac552a moved ubik_epochTime into a global version_globals
struct. However, it missed a references to the existing
ubik_epochTime value it was moving, as well as its declaration. Remove
the declaration, and move the reference to use the version_globals
structure.
Andrew Deason [Tue, 8 Jan 2013 23:50:57 +0000 (17:50 -0600)]
SOLARIS: Avoid open count cleanup for Solaris 11
The comments in here no longer apply to Solaris, as of OpenSolaris
commit 11736:63a134e1f09c by Donghai Qiao (4492533 Filesystems may
need VOP_CLOSE() for executables following a VOP_OPEN()). This means
that this workaround should no longer be necessary for any Solaris 11
release, any illumos release, and anything else based off of
OpenSolaris. So, stop doing it.
Thanks to Frank Batschulat for pointing this out, and providing all of
the details.
Andrew Deason [Tue, 8 Jan 2013 23:41:21 +0000 (17:41 -0600)]
SOLARIS: Use vn_renamepath when available
In Solaris 11.1, the signature of vn_setpath changes; it gains an
extra boolean_t argument called 'force'. Instead of trying to adapt to
it, call vn_renamepath() instead, which will do the correct thing and
call vn_setpath &co for us. vn_renamepath has existed since Solaris 10
Update 8, and is in all releases of Solaris 11. Only call it in
Solaris 11, since it makes the ifdefs easier, and there are no
problems with calling vn_setpath on Solaris 10.
Thanks to Frank Batschulat for all of the relevant information.
Rod Widdowson [Fri, 28 Dec 2012 15:43:52 +0000 (15:43 +0000)]
Windows: Restrict the Service IOCTLS to the service process
When the service starts the system we save it's PID and when we see a
IOCTL_AFS_INITIALIZE_REDIRECTOR_DEVICE,
IOCTL_AFS_PROCESS_IRP_REQUEST, IOCTL_AFS_PROCESS_IRP_RESULT,
IOCTL_AFS_SYSNAME_NOTIFICATION or IOCTL_AFS_SYSNAME_NOTIFICATION
ioctl we check that the calling process has that PID.
projects / packages / o / openafs.git / log