Michael Meffie [Wed, 29 Apr 2015 15:54:45 +0000 (11:54 -0400)]
libafs: remove linux conditionals for md5 inode number calculation
Remove the conditionals which hide the md5 digest calculation for inode
numbers on non-linux platforms. This feature was originally added to
support sites running on linux, but is generally useful and the
implementation is not specific to linux.
Reviewed-on: http://gerrit.openafs.org/11854 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit ac05e8ceebd05c2d8496759e70cf7b1b92541134)
Change-Id: I8fd613c436120a6436f48920ce4f33570dfb1fb8
Reviewed-on: https://gerrit.openafs.org/12632 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Fri, 2 Jun 2017 19:19:26 +0000 (15:19 -0400)]
bozo: do not fail silently on unknown bosserver options
Instead of failing silently when the bosserver is started with an
unknown option, print an error message and exit with a non-zero value.
Continue to exit with 0 when the -help option is given to request the
usage message.
This change should help make bosserver startup failures more obvious
when an unsupported option is specified. Example systemd status message:
systemd[1]: Starting OpenAFS Server Service...
bosserver[32308]: Unrecognized option: -bogus
bosserver[32308]: Usage: bosserver [-noauth] ....
systemd[1]: openafs-server.service: main process exited,
code=exited, status=1/FAILURE
Reviewed-on: https://gerrit.openafs.org/12630 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f5491119ff7d422b1c0c311a50e30bec1c15296c)
Change-Id: I5c3ffbb21915fd0a2773873e360cee85504796f8
Reviewed-on: https://gerrit.openafs.org/12631 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Jeffrey Altman [Sat, 27 May 2017 18:59:04 +0000 (14:59 -0400)]
rx: wake up send after 'twind' has been updated
Beginning in AFS 3.4 and 3.5 the ack trailer includes the size of the
peer's receive window. This value is used to update the sender's
transmit window (twind). When the twind is increased the application
thread is signaled to indicate that more packets can be sent.
This change wakes the application thread after twind is updated by
the peer's receive window instead of beforehand. Failure to do so
can result in 100ms transmit delays when the receive window transitions
from closed to open.
Reviewed-on: https://gerrit.openafs.org/12625 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit aaa47dc1077f0dd5b0040006c831f64cc8a303b5)
Change-Id: Icfbe10f93a34adfb14f5c34198f78b67aa043c53
Reviewed-on: https://gerrit.openafs.org/12627 Tested-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Joe Gorse [Wed, 10 May 2017 19:46:38 +0000 (19:46 +0000)]
LINUX: CURRENT_TIME macro goes away.
Check if the macro exists, define it if it does not.
Reviewed-on: https://gerrit.openafs.org/12611 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit b47dc5482da614742b01dcc62d5e11d766a9432f)
Change-Id: I1ed3706e830b98436a5a22d99fa338b01fd5b997
Reviewed-on: https://gerrit.openafs.org/12624 Tested-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Wed, 29 Apr 2015 16:00:24 +0000 (12:00 -0400)]
afs: add afsd -inumcalc option
This commit adds the afsd -inumcalc command line switch to specify the
inode number calculation method in a platform neutral way.
Inode numbers reported for files within the AFS filesystem are generated
by the cache manager using a calculation which derives a number from a
FID. Long ago, a new type of calculation was added which generates inode
numbers using a MD5 message digest of the FID. The MD5 inode number
calculation variant is computationally more expensive but greatly
reduces the chances for inode number collisions.
The MD5 calculation can be enabled on the Linux cache manager using the
Linux sysctl interface. Other than the sysctl method of selecting the
inode calculation type, the MD5 inode number calculation method is not
specific to Linux.
This change introduces a command-line option which accepts a value to
indicate the calculation method, instead of a simple flag to enable MD5
inode numbers. This should allow for new inode calculation methods
in the future without the need for additional afsd command-line flags.
Two values are currently accepted for -inumcalc. The value of 'compat'
specifies the legacy inode number calculation. The value 'md5' indicates
that the new MD5 calculation is to be used.
Reviewed-on: https://gerrit.openafs.org/11855 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 0028ea92ad3e7aac6a4c51f63703a4d9d7b9dcd6)
Change-Id: I9021eea9f64c754157061d039f63b6f744ec2ec5
Reviewed-on: https://gerrit.openafs.org/12608 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
when processing "fs sysname" on a client, a rmtsys-related
checks are executed by default. These prevent a user with gid
2748 and 2750 (0xabc and 0xabe) from executing this command.
Add a new flag inside the cachemanager for the rmtsys-
functionality. This flag is set through a new ioctl by the afsd
on startup.
When the OpenAFS client is unmounted on DARWIN, the blocks of packets
allocated by RX are released. Historically, the memory used by those
packets was never properly released.
As we can see, ‘rx_mallocedP’ is a global pointer that stores the
first address of the last allocated block of packets. As a result, when
‘rxi_FreeAllPackets’ is called, only the last block is released.
However, 230dcebcd61064cc9aab6d20d34ff866a5c575ea moved the global
pointer in question to the end of the last block. As a result, when the
OpenAFS client is unmounted on DARWIN, the ‘rxi_FreeAllPackets’
function releases the wrong block of memory. This problem was exposed
on OS X 10.12 Sierra where the system crashes when the OpenAFS client
is unmounted.
To fix this problem, store the address of every single block of packets
in a queue and release one by one when the OpenAFS client is unmounted.
Reviewed-on: https://gerrit.openafs.org/12427 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 5b28061fb593f5f48df549b07f0ccd848348b93c)
Change-Id: Id8606b1c1444861df69ed4af8169e343964a691d
Reviewed-on: https://gerrit.openafs.org/12602 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Marcio Barbosa [Tue, 31 Jan 2017 14:43:18 +0000 (11:43 -0300)]
vol: detach offline volumes on dafs
Taking a volume offline always clears the inService bit. Taking a
volume out of service also takes it offline. Therefore, if the
inService flag is false, the volume in question should be offline.
On dafs, an offline volume should be unattached.
The attach2() function does not change the state of the volume received
as an argument to unattached when the inService flag is false. Instead,
this function changes the state of the volume in question to
pre-attached and returns VNOVOL to the client. As result, subsequent
accesses to this volume will make the server try and fail to attach
this offline volume over and over again, writing to the FileLog each
time.
To fix this problem, detach the volume received as an argument if the
inService flag is false. Since the new state of this volume will be
unattached, subsequent accesses will not hit attach2().
This situation where a volume is not offline but is also not in service
can occur if a volume is taken offline with vos offline and some time
later the DAFS fileserver is shutdown and restarted; the volume is
placed into the preattach state by default when the server restarts.
Each access to the volume by clients then causes the fileserver to
attempt to attach the volume, which fails, since the in-service flag in
the volume header is false from the previous vos offline. The
fileserver will log a warning to the FileLog on each attempt to attach
the volume, and this will fill the FileLog with duplicate messages
corresponding to the number of attempted accesses.
Reviewed-on: https://gerrit.openafs.org/12515 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 2421da2bf327525216ec7e79b9aa81fa2c4f77d5)
Change-Id: I95cffb6a91797341d9202cbbef3b205c11348d5e
Reviewed-on: https://gerrit.openafs.org/12569 Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Tue, 21 Feb 2017 01:16:47 +0000 (20:16 -0500)]
DAFS: do not save or restore host state if CPS in progress
If a fileserver is shutdown while one or more PR_GetHostCPS calls
are in progress, this state is saved in the fsstate.dat file as
hostFlags HCPS_WAITING, HCPS_INPROGRESS. Other hosts that are
merely waiting will have HCPS_WAITING recorded.
However, it makes no sense to restore host structs in this state,
because the GetCPS calls will no longer be in progress. Once these
hosts become active, they will block server threads and quickly cause
all server threads to be exhausted as other CPS requests are blocked
behind them.
Instead, exclude these states from both save and restore.
Reviewed-on: https://gerrit.openafs.org/12561 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 38a3f51fb8b3910ecdd7cacb06f35ec681990aea)
Change-Id: I0e02543fd2e547fcc9f95db0973f09e5951a1da1
Reviewed-on: https://gerrit.openafs.org/12568 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Tue, 12 Jan 2016 23:06:51 +0000 (18:06 -0500)]
afs: fs getcacheparms miscounts dcaches for large files
fs getcacheparms issued with the -excessive option tabulates in-memory
dcaches ("DCentries") by size. However, any dcache with validPos > 2^31
is miscounted in the 4k-16k bucket. This is caused by a type mismatch
between 'validPos' (afs_size_t) and 'size' (int) which leads to a
negative value for size by sign-extension. The size comparison "sieve"
fails for negative numbers; it skips the first bucket (0-4K) and dumps
them in the second one (4k-16k).
Move the declaration of 'size' closer to its use, and declare it with
the same type as 'validPos' (afs_size_t) so the comparison sieve
correctly places these dcaches in the last (>=1M) bucket.
Reviewed-on: https://gerrit.openafs.org/12347 Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit b5e4e8c14130f601bbf43dee5927222ebf7613fa)
Change-Id: I659fd86f05b29c1eac1a262d340bcc1ce2640797
Reviewed-on: https://gerrit.openafs.org/12605 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Sat, 7 Jan 2017 11:22:47 +0000 (06:22 -0500)]
LINUX: eliminate unused variable warning
Commit c3bbf0b4444db88192eea4580ac9e9ca3de0d286 added routine
osi_TryEvictDentries and included new logic for D_INVALIDATE_IS_VOID.
Unfortunately, this new code path no longer uses dentry; it also should
have been made conditional at that time.
Wrap the declaration of dentry in #ifndef D_INVALIDATE_IS_VOID to
eliminate the unused variable warning.
Reviewed-on: https://gerrit.openafs.org/12505 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 19599b5ef5f7dff2741e13974692fe4a84721b59)
Change-Id: Ic15df733fcbccfaf9870ecd335bb2d549ab0d43d
Reviewed-on: https://gerrit.openafs.org/12513 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Thu, 27 Aug 2015 17:06:05 +0000 (13:06 -0400)]
afs: shake harder in shake-loose-vcaches
Linux based cache managers will allocate vcaches on demand and
deallocate batches of vcaches in the background. This feature is called
dynamic vcaches.
Vcaches to be deallocated are found by traversing the vcache LRU list
(VLRU) from the oldest vcache to the newest. Up to a target number of
vcaches are attempted to be evicted. The afs_xvcache lock protecting
the VLRU may be dropped and re-acquired while attempting to evict a
vcache. When this happens, it is possible the VLRU may have changed, so
the traversal of the VLRU is restarted. This restarting of the VLRU
transversal is limited to 100 iterations to avoid looping indefinitely.
Vcaches which are busy cannot be evicted and remain in the VLRU. When a
busy cache was not evicted and the afs_xvache lock was dropped, the VLRU
traversal is restarted from the end of the VLRU. When the busy vcache is
encountered on the retry, it will trigger additional retries until the
loop limit is reached, at which point the target number of vcaches will
not be deallocated.
This can leave a very large number of unbusy vcaches which are never
deallocated. On a busy machine, tens of millions of unused vcaches can
remain in memory. When the busy vcache at the end of the VLRU is finally
evicted, the log jam is broken, and the background deamon will hold the
afs_xvcache lock for an excessively long time, hanging the system.
Fix this by moving busy vcaches to the head of the VLRU before
restarting the VLRU traversal. These busy vcaches will be skipped when
retrying the VLRU traversal, allowing the cache manager to make progress
deallocating vcaches down to the target level.
This was already done on the mac osx platform while attempting to evict
vcaches. Move the code to move busy vcaches to the head of the VLRU up
the the platform agnostic caller.
Thanks to Andrew Deason for the initial version of this patch.
Reviewed-on: https://gerrit.openafs.org/11654 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@dson.org> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 5c136c7d93ed97166f39bf716cc7f5d579b70677)
Change-Id: If60b1889d012a739aa5b43e842abb80a6ebfdb6a
Reviewed-on: https://gerrit.openafs.org/12451 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Thu, 4 Aug 2016 22:42:27 +0000 (18:42 -0400)]
LINUX: do not use d_invalidate to evict dentries
When working within the AFS filespace, commands which access large
numbers of OpenAFS files (e.g., git operations and builds) may result in
active files (e.g., the current working directory) being evicted from the
dentry cache. One symptom of this is the following message upon return
to the shell prompt:
"fatal: unable to get current working directory: No such file or
directory"
Starting with Linux 3.18, d_invalidate returns void because it always
succeeds. Commit a42f01d5ebb13da575b3123800ee6990743155ab adapted
OpenAFS to cope with the new return type, but not with the changed
semantics of d_invalidate. Because d_invalidate can no longer fail with
-EBUSY when invoked on an in-use dentry. OpenAFS must no longer trust it
to preserve in-use dentries.
Modify the dentry eviction code to use a method (d_prune_aliases) that
does not evict in-use dentries.
Reviewed-on: https://gerrit.openafs.org/12363 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c3bbf0b4444db88192eea4580ac9e9ca3de0d286)
Change-Id: Ic72a280f136cc414b54d4b8ec280f225290df122
Reviewed-on: https://gerrit.openafs.org/12450 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Thu, 4 Aug 2016 22:18:15 +0000 (18:18 -0400)]
LINUX: split dentry eviction from osi_TryEvictVCache
To make osi_TryEvictVCache clearer, and to prepare for a future change
in dentry eviction, split the dentry eviction logic into its own routine
osi_TryEvictDentries.
No functional difference should be incurred by this commit.
Reviewed-on: https://gerrit.openafs.org/12362 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Joe Gorse <jhgorse@gmail.com>
(cherry picked from commit 742643e306929ac979ab69515a33ee2a3f2fa3fa)
Change-Id: I750fc7606ca56e784a60bdbc13a32d21fe307429
Reviewed-on: https://gerrit.openafs.org/12448 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Modify the helpfile to describe the actual restrictions imposed by
-restricted mode.
Reviewed-on: https://gerrit.openafs.org/12454 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 3af0460a4a6d7bf22e1789fd9e375659e20c3a55)
Change-Id: Ifa544c322e67da712a0bc96b3797e51786e4d399
Reviewed-on: https://gerrit.openafs.org/12476 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Stephan Wiesand [Tue, 11 Apr 2017 09:58:55 +0000 (11:58 +0200)]
Linux: only include cred.h if it exists
Commit c89fd17df1032ec2eacc0d0c9b73e19c5e8db7d2 introduced an explicit
include of linux/cred.h since the latest kernel no longer includes it
implicitly in sched.h. Alas, older kernels (like 2.6.18) don't have this
file. Add a configure test for the existence of cred.h and only include
it if actually present.
Reviewed-on: https://gerrit.openafs.org/12593 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 6b7b4239ab22fbb301e3b50e2ca4072445ba4e9e)
Change-Id: I64970ba471180d32fa5af5445e7604bbe8511b32
Reviewed-on: https://gerrit.openafs.org/12598 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Several components of libafs which require cred.h were picking it by
including sched.h.
Instead, explicitly add an include for cred.h. cred.h begins with a
customary one-shot to prevent multiple loads:
#ifndef _LINUX_CRED_H
#define _LINUX_CRED_H
Therefore we don't need a new autoconf test or preprocessor conditional
to prevent redundant includes on older Linux releases.
Reviewed-on: https://gerrit.openafs.org/12574 Tested-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
(cherry picked from commit c89fd17df1032ec2eacc0d0c9b73e19c5e8db7d2)
Change-Id: I235a6272c55a8f734be07b578bbb1a324cf34e2e
Reviewed-on: https://gerrit.openafs.org/12590 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
This breaks existing OpenAFS autoconf tests for recalc_sigpending() and
task_struct.signal->rlim, so that the OpenAFS kernel module can no
longer build.
Modify OpenAFS autoconfig tests to cope.
Reviewed-on: https://gerrit.openafs.org/12573 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
(cherry picked from commit ad001550949b612ff6b4899fa8da50ee58f87533)
Change-Id: I491208d77e45d45cc0089b8033892a6408da431c
Reviewed-on: https://gerrit.openafs.org/12589 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
statx: Add a system call to make enhanced file info available
The Linux getattr inode operation is altered to take two additional
arguments: a u32 request_mask and an unsigned int flags that indicate
the synchronisation mode. This change is propagated to the
vfs_getattr*() function.
- int (*getattr) (struct vfsmount *, struct dentry *, struct kstat *);
+ int (*getattr) (const struct path *, struct kstat *,
+ u32 request_mask, unsigned int sync_mode);
The first argument, request_mask, indicates which fields of the statx
structure are of interest to the userland call. The second argument,
flags, currently may take the values defined in
include/uapi/linux/fcntl.h and are optionally used for cache coherence:
(1) AT_STATX_SYNC_AS_STAT tells statx() to behave as stat() does.
(2) AT_STATX_FORCE_SYNC will require a network filesystem to
synchronise its attributes with the server - which might require
data writeback to occur to get the timestamps correct.
(3) AT_STATX_DONT_SYNC will suppress synchronisation with the server in
a network filesystem. The resulting values should be considered
approximate.
This patch provides a new autoconf test and conditional compilation to
cope with the changes in our getattr implementation.
Reviewed-on: https://gerrit.openafs.org/12572 Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit de5ee1a67d1c3284d65dc69bbbf89664af70b357)
Change-Id: I41ff134e1e71944f0629c9837d38cfbc495264c8
Reviewed-on: https://gerrit.openafs.org/12588 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Jonathon Weiss [Thu, 10 Nov 2016 22:06:18 +0000 (17:06 -0500)]
Prevent double-starting client on RHEL7
On RHEL7 if the AFS client is stopped with 'service openafs-client
stop', but that fails for some reason (most commonly because some
process has a file or directory in AFS open) systemd will decide that
the openafs-client is in a failed state when it is actually running.
If one then runs 'service openafs-client start' systemd will start a
new AFS client. At this point AFS access will continue to work until
the functional AFS client is (successfully) stopped, at which point a
reboot is required to recover.
Have systemd check the status of 'fs sysname' before starting the
AFS client, so we avoid getting into a state that requires a reboot.
Reviewed-on: https://gerrit.openafs.org/12443 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c666bfee8848183ccbc566c9e0fa019088e56505)
Stephan Wiesand [Wed, 1 Mar 2017 12:57:41 +0000 (13:57 +0100)]
Make OpenAFS 1.6.20.2
Update configure version strings for 1.6.20.2. Note that macOS kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.20.2.
Switch to 1.6.21 dev 2 for macOS.
Change-Id: Iccc613ea6b7d1194e7a1b20fa38c54b192c3c7b4
Reviewed-on: https://gerrit.openafs.org/12532 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Tue, 28 Feb 2017 23:02:39 +0000 (18:02 -0500)]
SOLARIS: prevent BAD TRAP panic with Studio 12.5
Starting with Solaris Studio 12.3, it is documented that Solaris kernel
modules (such as libafs) must not use any floating point, vector, or
SIMD/SSE instructions on x86 hardware. However, each new Studio
compiler release (12.4 and especially 12.5) is more likely to use these
types of instructions by default.
If the libafs kernel module includes any forbidden kernel instructions,
Solaris will panic the system with:
BAD TRAP: type=7 (#nm Device not available)
Provide a new autoconfig test to specify the required compiler options
(-xvector=%none -xregs=no%float) when building the OpenAFS kernel module
for Solaris, so that no invalid x86 instructions are used.
In addition, reinstate default kernel module optimization for Solaris.
It had been disabled in commit 80592c53cbb0bce782eb39a5e64860786654be9f
to address this same issue in Studio 12.3 and 12.4. However, Studio
12.5 started using some SSE instructions even with no optimization.
This commit has been tested with OpenAFS master and Studio 12.5 at all
optimization levels (none, -xO1 through -xO5) and verified to contain no
XMM register instructions via the following command:
$ gobjdump -dlr libafs64.o | grep xmm | wc -l
[wiesand: limit change to solaris 5.11 for stable branch]
Reviewed-on: https://gerrit.openafs.org/12558 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 22d841a45fff7026318b529a41dd957ce8bb0ddf)
Change-Id: I2e87f26dbac47289694346639b396dfc556368f4
Reviewed-on: https://gerrit.openafs.org/12567 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Wed, 8 Mar 2017 16:48:14 +0000 (11:48 -0500)]
linux24: remove unused NUMPAGGROUPS define
Remove the unused NUMPAGGROUPS define in the pag group handling
implementation for linux24. PAGS always take two group ids in linux24,
so the NUMPAGGROUPS define was not used in linux24. Remove the unused
constant.
This is a 1.6.x only change, since linux24 support has been removed on
the master branch.
Change-Id: I10d4d5744420b075a10deecf052d2ecc128ad8fe
Reviewed-on: https://gerrit.openafs.org/12563 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Sat, 8 Aug 2015 21:49:50 +0000 (16:49 -0500)]
SOLARIS: Use AFS_PAG_ONEGROUP_ENV for Solaris 11
On Solaris 11 (specifically, Solaris 11.1+), the supplemental group
list for a process is supposed to be sorted. Starting with Solaris
11.2, more authorization checks are done that assume the list is
sorted (e.g., to do a binary search), so having them out of order
can cause incorrect behavior. For example:
$ echo foo > /tmp/testfile
$ chmod 660 /tmp/testfile
$ sudo chown root:daemon /tmp/testfile
$ cat /tmp/testfile
foo
$ id -a
uid=100(adeason) gid=10(staff) groups=10(staff),12(daemon),20(games),21(ftp),50(gdm),60(xvm),90(postgres)
$ pagsh
$ cat /tmp/testfile
cat: cannot open /tmp/testfile: Permission denied
$ id -a
uid=100(adeason) gid=10(staff) groups=33536,32514,10(staff),12(daemon),20(games),21(ftp),50(gdm),60(xvm),90(postgres)
Solaris sorts the groups given to crsetgroups() on versions which
required the group ids to be sorted, but we currently manually put our
PAG groups in our own order in afs_setgroups(). This is currently
required, since various places in the code assume that PAG groups are
the first two groups in a process's group list.
To get around this, do not require the PAG gids to be the first two
gids anymore. To more easily identify PAG gids in group processes, use
a single gid instead of two gids to identify a PAG, like modern Linux
currently uses (under the AFS_PAG_ONEGROUP_ENV). High-numbered groups
have been possible for quite a long time on Solaris, allegedly further
back than Solaris 8. Only do this for Solaris 11, though, to reduce
the platforms we affect.
[mmeffie@sinenomine.net: Define AFS_PAG_ONEGROUP_ENV in param.h.]
Reviewed-on: https://gerrit.openafs.org/11979 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit aab1e71628e6a4ce68c5e59e2f815867438280d1)
Change-Id: I54c1f4c1be4eed1804293aebae795b165954a3a4
Reviewed-on: https://gerrit.openafs.org/12526 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Sat, 8 Aug 2015 21:13:54 +0000 (16:13 -0500)]
afs: Make ONEGROUP_ENV not Linux-specific
The functionality in AFS_LINUX26_ONEGROUP_ENV does not really need to
be Linux-specific (it's just only implemented for Linux right now).
Rename it to AFS_PAG_ONEGROUP_ENV, and remove some Linux-specific
checks when checking for "onegroup" PAG GIDs.
[mmeffie@sinenomine.net: Move AFS_PAG_ONEGROUP_ENV to param.h]
Reviewed-on: https://gerrit.openafs.org/11978 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit ee08dbe37d9db4fe314bd88b9280bf73c92c37bd)
Change-Id: Ifef8f833599eca4241b41035142e74f32e6efa99
Reviewed-on: https://gerrit.openafs.org/12525 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Joe Gorse [Thu, 16 Feb 2017 23:01:50 +0000 (18:01 -0500)]
LINUX: Bring debug symbols back to the Linux kernel module.
Starting with 4.8 Linux kernels our existing build script
generator, make_kbuild_makefile.pl, does not pass the debugging
symbols CFLAGS that were present when building for previous kernels.
This fix appends the $(KERN_DBG) variable which will only be defined
when the configuration includes the --enable-debug-kernel option.
Reviewed-on: https://gerrit.openafs.org/12519 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 961cee00b8f5c302de5f66beb81caa33242c7971)
Change-Id: I1d16382c4a744d4624cac9a9ba2810fa664abe93
Reviewed-on: https://gerrit.openafs.org/12534 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Sergio Gelato [Wed, 22 Feb 2017 21:55:33 +0000 (13:55 -0800)]
LINUX: Debian/Ubuntu build regression on kernel 3.16.39
Now that kernel 4.9 has hit jessie-backports, it becomes desirable to
also backport the associated openafs patches.
Unfortunately, Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch
causes a build failure against jessie's current default kernel,
3.16.39-1, due to the fact that setattr_prepare() is available (it was
cherrypicked to address CVE-2015-1350) but file_dentry() is not (it was
introduced in kernel 4.6).
This makes it difficult to have a version of openafs for jessie that
supports both kernels.
To deal with this, follow the implementation of file_dentry() in 4.6,
and simplify it to account for the lack of d_real() support in older
kernels.
Note that inode_change_ok() has been added back to 3.16.39-1 to avoid
ABI changes. That means the current openafs packages in jessie continue
to work with kernel 3.16.39-1 since they do not include
Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch.
Originally reported at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855366
FIXES RT134158
Reviewed-on: https://gerrit.openafs.org/12523 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 6ea6c182c7fb6c22dafbbf203abcc23726e06cba)
Change-Id: I06951dacef3f7639f749e82439df89ec3d78b592
Reviewed-on: https://gerrit.openafs.org/12535 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Marcio Barbosa [Thu, 2 Mar 2017 21:01:48 +0000 (18:01 -0300)]
osx: build afscell only for active architecture
The InstallerPlugins framework provided by the MacOSX10.12.sdk does not
define symbols for architecture i386. As a result, the OpenAFS code
cannot be built on OS X 10.12.
To fix this problem, build the afscell xcode project only for active
architecture.
Reviewed-on: https://gerrit.openafs.org/12531 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit d39e7c7af77b4e1b043611e1a6e78267f5f956ef)
Michael Meffie [Sat, 5 Nov 2016 16:42:19 +0000 (12:42 -0400)]
SOLARIS: convert from ancient _depends_on to ELF dependencies
The ancient way of declaring module dependencies with _depends_on has
been deprecated since SunOS 2.6 (circa 1996). The presence of the old
_depends_on symbol triggers a warning message on the console starting
with Solaris 12, and the kernel runtime loader (krtld) feature of using
the _depends_on symbol to load dependencies may be removed in a future
version of Solaris.
Convert the kernel module from the ancient _depends_on method to modern
ELF dependencies. Remove the old _depends_on symbol and specify the -dy
and -N <name> linker options to set the ELF dependencies at link time,
as recommended in the Solaris device driver developer guidelines [1].
This commit does not change the declared dependencies, which may be
vestiges of ancient afs versions.
Michael Meffie [Wed, 21 Jan 2015 19:58:35 +0000 (14:58 -0500)]
bozo: do not exit when the client config already exists
The bosserver creates symlinks for the client CSDB and ThisCell config
files during initialization. Avoid exiting if the client CSDB or
ThisCell configuration already exists, otherwise the bosserver cannot be
restarted with bos restart.
This change fixes numerous places where the return values of various
system calls and standard library routines are not checked. In
particular, this fixes occurrances called out when building on Ubuntu
12.10, with gcc 4.7.2 and eglibc 2.15-0ubuntu20.1, when the possible
failure is one we actually do (or should) care about. This change
does not consider calls where the failure is one we deliberately
choose to ignore.
Mark Vitale [Wed, 7 Dec 2016 16:11:45 +0000 (11:11 -0500)]
Linux 4.10: have_submounts is gone
Linux commit f74e7b33c37e vfs: remove unused have_submounts() function
(v4.10-rc2) removes have_submounts from the tree after providing a
replacement (path_has_submounts) for its last in-tree caller, autofs.
However, it turns out that OpenAFS is better off not using the new
path_has_submounts. Instead, OpenAFS could/should have stopped using
have_submounts() much earlier, back in Linux v3.18 when d_invalidate
became void. At that time, most in-tree callers of have_submounts had
already been converted to use check_submounts_and_drop back in v3.12.
At v3.18, a series of commits modified check_submounts_and_drop to
automatically remove child submounts (instead of returning -EBUSY if a
submount was detected), then subsumed it into d_invalidate. The end
result was that VFS now implicitly handles much of the housekeeping
previously called explicitly by the various filesystem d_revalidate
routines:
- shrink_dcache_parent
- check_submounts_and_drop
- d_drop
- d_invalidate
All in-tree filesystem d_revalidate routines were updated to take
advantage of this new VFS support.
Modify afs_linux_dentry_revalidate to no longer perform any special
handling for invalid dentries when D_INVALIDATE_IS_VOID. Instead, allow
our VFS caller to properly clean up any invalid dentry when we return 0.
Reviewed-on: https://gerrit.openafs.org/12506 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 789319bf0f2b26ad67995f8cbe88cee87a1bbdc0)
Change-Id: I7ed22338e7896f69a204be78ed0a4f6136a3dab8
Reviewed-on: https://gerrit.openafs.org/12530 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Neale Ferguson [Thu, 8 Dec 2016 16:47:09 +0000 (11:47 -0500)]
s390: desupport 32-bit Linux kernels on s390/s390x
Remove the obsolete and custom lwp assembler for the s390 and s390x
architectures. That assembler is no longer needed since 32-bit
mainframe Linux distributions are no longer supported and are very
unlikely to be in use.
The generic process.default.s is sufficient for modern 64-bit Linux
distributions on s390/s390x.
[mmeffie@sinenomine.net: commit message wording]
Reviewed-on: https://gerrit.openafs.org/12475 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 1d8cb56999a4ab25ae4cbc8e8a688b8100aedd3b)
Change-Id: Iee572ef3a86f5502e37ddc0775da13b874add669
Reviewed-on: https://gerrit.openafs.org/12499 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Marcio Barbosa [Wed, 11 Jan 2017 14:05:04 +0000 (06:05 -0800)]
osx: let prefpane knows where binaries can be found
Starting from OS X 10.11, the OpenAFS binaries were moved to the
following directories: /opt/openafs/bin and /opt/openafs/sbin. However,
the OpenAFS prefpane is not aware of the change mentioned above. As a
result, some functionalities provided by the OpenAFS prefpane are not
working properly.
To fix this problem, add the new paths to the proper environment
variable.
Change-Id: Idaa2f0329af2092cf9ad1d63f1a01300b150227a
Reviewed-on: https://gerrit.openafs.org/12507 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit a92a3a0675d941536103b60d708a6b3305b9b8fa)
Reviewed-on: https://gerrit.openafs.org/12512 Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Stephan Wiesand [Mon, 12 Dec 2016 14:09:50 +0000 (15:09 +0100)]
Make OpenAFS 1.6.20.1
Update configure version strings for 1.6.20.1. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.20.1.
Switch to 1.6.21 dev 1 for macOs.
Change-Id: If9a54680d6807687136f6149ca48ad8c33db32f7
Reviewed-on: https://gerrit.openafs.org/12485 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Fixes these warnings (errors with --enable-checking) from GCC 6.2:
curseswindows.c: In function ‘gator_cursesgwin_drawchar’:
curseswindows.c:574:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (params->highlight)
^~
curseswindows.c:576:9: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
if (code)
^~
curseswindows.c:579:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (params->highlight)
^~
curseswindows.c:581:9: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
if (code)
^~
curseswindows.c: In function ‘gator_cursesgwin_drawstring’:
curseswindows.c:628:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (params->highlight)
^~
curseswindows.c:630:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
if (code)
^~
curseswindows.c:633:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (params->highlight)
^~
curseswindows.c:635:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
if (code)
^~
Reviewed-on: https://gerrit.openafs.org/12439 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 85cf397ec18ecfde36433fb65e5d91ecd325b76e)
Change-Id: I33acb742a6c03046a0fa698bd08a910effc05de8
Reviewed-on: https://gerrit.openafs.org/12484 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Sat, 5 Nov 2016 00:38:08 +0000 (20:38 -0400)]
src/rx/rx_packet.c: Fix misleading indentation
Fixes these warnings (errors with --enable-checking) from GCC 6.2:
rx_packet.c: In function ‘rxi_ReceiveDebugPacket’:
rx_packet.c:2009:9: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (rx_stats_active)
^~
rx_packet.c:2011:6: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
s = (afs_int32 *) & rx_stats;
^
rx_packet.c:2017:9: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (rx_stats_active)
^~
rx_packet.c:2019:6: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
rxi_SendDebugPacket(ap, asocket, ahost, aport, istack);
^~~~~~~~~~~~~~~~~~~
Reviewed-on: https://gerrit.openafs.org/12436 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 0aeb8c17a2701169ddb7397d951c73cf361087c8)
Change-Id: Ic7db23cecdcb7f02d1529326b336d62339af8460
Reviewed-on: https://gerrit.openafs.org/12483 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Sat, 5 Nov 2016 00:36:51 +0000 (20:36 -0400)]
src/rxgen/rpc_parse.c: Fix misleading indentation
Fixes this warning (error with --enable-checking) from GCC 6.2:
rpc_parse.c: In function ‘analyze_ProcParams’:
rpc_parse.c:861:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (tokp->kind != TOK_RPAREN)
^~
rpc_parse.c:863:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
*tailp = decls;
^
Reviewed-on: https://gerrit.openafs.org/12435 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit bd70a176c19c09c49c6c3c01ea088ca947c45966)
Change-Id: I099cba14fbe53c510886c0d342ad3fce60750411
Reviewed-on: https://gerrit.openafs.org/12482 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Tue, 2 Sep 2014 22:51:46 +0000 (17:51 -0500)]
systemd: RemainAfterExit in openafs-client.service
Currently, if the client is started without any options that require
an extra thread (like -afsdb), all processes spawned by afsd will
exit. There may be some kernel threads still active, but those are
spawned by the kernel module, and are not child processes of the
parent afsd process, or anything like that.
Since we are a Type=forking service in systemd, systemd interprets
this situation to mean that the service has stopped successfully, and
then runs the ExecStop commands. So, for example, if our AFSD_ARGS in
our sysconfig is "-fakestat -afsdb", the service starts as normal. But
if it is changed to "-fakestat", then when openafs-client.service is
started, it immediately stops again.
To avoid this, turn on the systemd option RemainAfterExit, which tells
systemd that the service has not stopped if all of our processes have
exited. The client service will thus remain running until it is
stopped.
Issue reported by Rich Sudlow.
FIXES 133482
Reviewed-on: http://gerrit.openafs.org/11440 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit cb8195d2d6ce1c01e132c05c1bf5593eab45b2c6)
Change-Id: I4005d5dabae8ef72194938475cf46f5bc1f222f8
Reviewed-on: https://gerrit.openafs.org/12481 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Thu, 20 Oct 2016 04:49:37 +0000 (00:49 -0400)]
Linux 4.9: inode_change_ok() becomes setattr_prepare()
Linux commit 31051c85b5e2 "fs: Give dentry to inode_change_ok() instead
of inode" renames and modifies inode_change_ok(inode, attrs) to
setattr_prepare(dentry, attrs).
Modify OpenAFS to cope.
Reviewed-on: https://gerrit.openafs.org/12418 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 8aeb711eeaa5ddac5a74c354091e2d4f7ac0cd63)
Change-Id: I7f08c57b7f61465a1ea18333306f52f77bd65084
Reviewed-on: https://gerrit.openafs.org/12480 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Fri, 16 Sep 2016 23:01:19 +0000 (19:01 -0400)]
Linux 4.9: inode_operation rename now takes flags
In Linux 3.15 commit 520c8b16505236fc82daa352e6c5e73cd9870cff,
inode_operation rename2() was added. It takes the same arguments as
rename(), with an added flags argument supporting the following values:
RENAME_NOREPLACE: if "new" name exists, fail with -EEXIST. Without
this flag, the default behavior is to replace the "new" existing file.
RENAME_EXCHANGE: exchange source and target; both must exist.
OpenAFS never implemented a .rename2() routine because it was optional
when introduced at Linux v3.15.
In Linux 4.9-rc1 the following commits remove the last in-tree uses of
.rename() and converts .rename2() to .rename(). aadfa8019e81 vfs: add note about i_op->rename changes to porting 2773bf00aeb9 fs: rename "rename2" i_op to "rename" 18fc84dafaac vfs: remove unused i_op->rename 1cd66c93ba8c fs: make remaining filesystems use .rename2 e0e0be8a8355 libfs: support RENAME_NOREPLACE in simple_rename() f03b8ad8d386 fs: support RENAME_NOREPLACE for local filesystems
With these changes, it is now mandatory for OpenAFS afs_linux_rename()
to accept a 5th flag argument.
Add an autoconfig test to determine the signature of .rename(). Use this
information to implement afs_linux_rename() with the appropriate number
of arguments. Implement "toleration support" for the flags option by
treating a zero flag as a normal rename; if any flags are specified,
return -EINVAL to indicate the OpenAFS filesystem does not yet support
any flags.
Reviewed-on: https://gerrit.openafs.org/12391 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f21e3ef8ce5093b4e0578d29666f76bd99aef1a2)
Change-Id: I071d41cd1ef1c9cdcda257c091d7167221f58fb7
Reviewed-on: https://gerrit.openafs.org/12479 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Wed, 14 Sep 2016 22:01:22 +0000 (18:01 -0400)]
Linux 4.9: deal with demise of GROUP_AT
Linux commit 81243eacfa40 "cred: simpler, 1D supplementary groups"
refactors the group_info struct, removing some members (which OpenAFS
references only through the GROUP_AT macro) and adding a gid member.
The GROUP_AT macro is also removed from the tree.
Add an autoconfigure test for the new group_info member gid and define a
replacement GROUP_AT macro to do the right thing under the new regime.
Reviewed-on: https://gerrit.openafs.org/12390 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 8e81b182e36cde28ec5708e5fcbe56e4900b1ea3)
Change-Id: I46b5cd4571452f9506647aada2caf3a68c4fa7d5
Reviewed-on: https://gerrit.openafs.org/12478 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Marcio Barbosa [Fri, 11 Nov 2016 21:21:58 +0000 (13:21 -0800)]
macos: do not quit prefpane unexpectedly
If the user opens the OpenAFS preference pane and choose the Mounts
tab, the preference pane crashes.
To fix the problem, do not assume that we can cast a NSdictionary
object to NSMutableDictionary.
Reviewed-on: https://gerrit.openafs.org/12446 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 9d4be0bd01696768602a313f627a802b358b5885)
Change-Id: I7ff8c6cbc599f3e80d6365d9a56587bf5c641f5b
Reviewed-on: https://gerrit.openafs.org/12447 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Mon, 7 Nov 2016 19:16:50 +0000 (14:16 -0500)]
dir: do not leak contents of deleted directory entries
Deleting an AFS directory entry (afs_dir_Delete) merely removes the
entry logically by updating the allocation map and hash table. However,
the entry itself remains on disk - that is, both the cache manager's
cache partition and the fileserver's vice partitions.
This constitutes a leak of directory entry information, including the
object's name and MKfid (vnode and uniqueid). This leaked information
is also visible on the wire during FetchData requests and volume
operations.
Modify afs_dir_Delete to clear the contents of deleted directory
entries.
Patchset notes:
This commit only prevents leaks for newly deleted entries. Another
commit in this patchset prevents leaks of partial object names upon
reuse of pre-existing deleted entries. A third commit in this
patchset prevents yet another kind of directory entry leak, when
internal buffers are reused to create or enlarge existing directories.
All three patches are required to prevent new leaks. Two additional
salvager patches are also included to assist administrators in the
cleanup of pre-existing leaks.
[kaduk@mit.edu: style nit for sizeof() argument]
Reviewed-on: https://gerrit.openafs.org/12460 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f591f6fae3d8b8d44140ca64e53bad840aeeeba0)
Change-Id: I41f76649f4bed609793b944db32c5ae62aa07458
Reviewed-on: https://gerrit.openafs.org/12465 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Mon, 7 Nov 2016 05:29:22 +0000 (23:29 -0600)]
afs: do not leak stale data in buffers
Similar to the previous commit, zero out the buffer when fetching
a new slot, to avoid the possibility of leaving stale data in
a reused buffer.
We are not supposed to write such stale data back to a fileserver,
but this is an extra precaution in case of bugs elsewhere -- memset
is not as expensive as it was in the 1980s.
Reviewed-on: https://gerrit.openafs.org/12459 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit a26c5054ee501ec65db3104f6a6a0fef634d9ea7)
Change-Id: Id60559ed84581e2f6a50cd4313f64780b8a0bafd
Reviewed-on: https://gerrit.openafs.org/12464 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Fri, 13 May 2016 04:01:31 +0000 (00:01 -0400)]
dir: fileserver leaks names of file and directories
Summary:
Due to incomplete initialization or clearing of reused memory,
fileserver directory objects are likely to contain "dead" directory
entry information. These extraneous entries are not active - that is,
they are logically invisible to the fileserver and client. However,
they are physically visible on the fileserver vice partition, on the
wire in FetchData replies, and on the client cache partition. This
constitutes a leak of directory information.
Characterization:
There are three different kinds of "dead" residual directory entry
leaks, each with a different cause:
1. There may be partial name data after the null terminator in a live
directory entry. This happens when a previously used directory entry
becomes free, then is reused for a directory entry with a shorter name.
This may be addressed in a future commit.
2. "Dead" directory entries are left uncleared after an object is
deleted or renamed. This may be addressed in a future commit.
3. Residual directory entries may be inadvertently picked up when a new
directory is created or an existing directory is extended by a 2kiBi
page. This is the most severe problem and is addressed by this commit.
This third kind of leak is the most severe because the leaked
directory information may be from _any_ other directory residing on the
fileserver, even if the current user is not authorized to see that
directory.
Root cause:
The fileserver's directory/buffer package shares a pool of directory
page buffers among all fileserver threads for both directory reads and
directory writes. When the fileserver creates a new directory or
extends an existing one, it uses any available unlocked buffer in the
pool. This buffer is likely to contain another directory page recently
read or written by the fileserver. Unfortunately the fileserver only
initializes the page header fields (and the first two "dot" and "dotdot"
entries in the case of a new directory). Any residual entries in the
rest of the directory page are now logically "dead", but still
physically present in the directory. They can easily be seen on the
vice partition, on the wire in a FetchData reply, and on the cache
partition.
Note:
The directory/buffer package used by the fileserver is also used by the
salvager and the volserver. Therefore, salvager activity may also leak
directory information to a certain extent. The volserver vos split
command may also contribute to leaks. Any volserver operation that
creates volumes (create, move, copy, restore, release) may also have
insignificant leaks. These less significant leaks are addressed by this
commit as well.
Exploits:
Any AFS user authorized to read directories may passively exploit this
leak by capturing wire traffic or examining his local cache as he/she
performs authorized reads on existing directories. Any leaked data will
be for other directories the fileserver had in the buffer pool at the
time the authorized directories were created or extended.
Any AFS user authorized to write a new directory may actively exploit
this leak by creating a new directory, flushing cache, then re-reading
the newly created directory. Any leaked data will be for other
directories the fileserver had in the buffer pool within the last few
seconds. In this way an authorized user may sample current fileserver
directory buffer contents for as long as he/she desires, without being
detected.
Directories already containing leaked data may themselves be leaked,
leading to multiple layers of leaked data propagating with every new or
extended directory.
The names of files and directories are the most obvious source of
information in this leak, but the FID vnode and uniqueid are leaked as
well. Careful examination of the sequences of leaked vnode numbers and
uniqueids may allow an attacker to:
- Discern each layer of old directories by observing breaks in
consecutive runs of vnode and/or uniqueid numbers.
- Infer which objects may reside on the same volume.
- Discover the order in which objects were created (vnode) or modified
(uniqueid).
- Know whether an object is a file (even vnode) or a directory (odd
vnode).
Prevent new leaks by always clearing a pool buffer before using it to
create or extend a directory.
Existing leaks on the fileserver vice partitions may be addressed in a
future commit.
Reviewed-on: https://gerrit.openafs.org/12458 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 70065cb1831dbcfd698c8fee216e33511a314904)
Change-Id: Ifa9d9266368ed3775898b7628ca980edcb230356
Reviewed-on: https://gerrit.openafs.org/12463 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Sun, 6 Nov 2016 21:06:02 +0000 (15:06 -0600)]
bos: allow salvage -salvagedirs with -all
Allow the -salvagedirs option on bos salvage when invoked with the -all
option to salvage the whole server. The -salvagedirs -all options will
rebuild every directory on the server.
Reviewed-on: https://gerrit.openafs.org/12457 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 1637c4d7c1ce407390f65509a3a1c764a0c06aa6)
[not actually cherry picked, but is the equivalent functionality]
Change-Id: I3978a5c4a704e0a0f2aab1cfad75573c16496a4d
Reviewed-on: https://gerrit.openafs.org/12462 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Sun, 6 Nov 2016 20:31:22 +0000 (14:31 -0600)]
dafs: honor salvageserver -salvagedirs
Do not ignore the -salvagedirs option when given to the salvageserver.
When the salvageserver is running with this option, all directories will
be rebuilt by salvages spawned by the dafs salvageserver, including all
demand attach salvages and salvages of individual volumes initiated by
bos salvage.
This does not affect the whole partition salvages initiated by bos
salvage -all.
Reviewed-on: https://gerrit.openafs.org/12456 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 9e66234951cca3ca77e94ab431f739e85017a23a)
Change-Id: I121299a5524cb46a519aead7818b0a7bd2fd4f69
Reviewed-on: https://gerrit.openafs.org/12461 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Sun, 9 Oct 2016 10:39:12 +0000 (06:39 -0400)]
tests/util/ktime-t.c: Specify EST offset in TZ
This fixes test failures observed on new Debian build servers that no
longer install tzdata by default. As the tests expect, EST is defined
as UTC−05:00 with no daylight saving time.
Reviewed-on: https://gerrit.openafs.org/12414 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit e17cd5df703b8a924591f92c76636dd9e0d9eaf9)
Andrew Deason [Mon, 24 Sep 2012 18:03:34 +0000 (13:03 -0500)]
LINUX: Define printf/uprintf as variadic macros
Instead of defining the string 'printf' itself, make printf (and
uprintf) variadic macros. This avoids renaming printf to printk for
things like '__attribute__((format(printf,X,Y)))'.
Note that this is Linux-specific; compilers on other platforms may not
support variadic macros.
This avoids many warnings in the Linux kernel module build if we
include Linux headers after AFS headers.
Reviewed-on: http://gerrit.openafs.org/8150 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 179096d9b2c461f02236bbf670b46597ff2d4c3c)
Change-Id: I5c1c80cb5bd6996b0329969e16f9359fa1dcbc91
Reviewed-on: https://gerrit.openafs.org/12365 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Mon, 22 Aug 2016 23:53:34 +0000 (19:53 -0400)]
tests: avoid passing NULL strings to vprintf
Some libc implementations will crash when NULL string arguments are given to
*printf. Avoid passing NULL string arguments in the make check tests that did
so, and pass the string "(null)" instead.
Reviewed-on: https://gerrit.openafs.org/12377 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 2fe3a28c6ec0ff9d19ddec5500b3a5e69b483210)
Change-Id: Id8f1635444b5b49e3250addf36b64fccafd59941
Reviewed-on: https://gerrit.openafs.org/12396 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Mon, 19 Sep 2016 01:29:34 +0000 (21:29 -0400)]
ubik: Return an error from ContactQuorum when inquorate
Currently, when we need to contact all other servers in the ubik
quorum (to create a write transaction, and send db changes, etc), we
call the ContactQuorum_* family of functions. To contact each server,
those functions follow an algorithm like the following pseudocode:
{
int rcode = 0;
int code;
int okcalls = 0;
for (ts = ubik_servers; ts; ts = ts->next) {
if (ts->up) {
code = contact_server(ts);
if (code) {
rcode = code;
} else {
okcalls++;
}
}
}
This means that if we successfully contact a majority of ubik sites,
we return success, even if some sites returned an error. If most sites
fail, then we return an error (we arbitrarily pick the last error we
got).
This means that in most situations, a successful write transaction is
guaranteed to have been transmitted to a majority of ubik sites, so
the written data cannot be lost (at least one of the sites that got
the new data will be in a future elected quorum).
However, if a site is already known to be down (ts->up is 0), then we
skip trying to contact that site, but we also don't set any errors.
This means that if a majority of sites are already known to be down
(ts->up is 0), then we can indicate success for a write transaction,
even though the relevant data has not been written to a majority of
sites. In that situation, it is possible to lose data.
Most of the time this is not possible, since a majority of sites must
be 'up' for the sync site to be elected and to allow write
transactions at all. There are a few ways, though, in which we can get
into a situation where most other sites are 'down', but we still let a
write transaction go through.
An example scenario:
Say we have sites A, B, and C. All 3 sites come up at the same time,
and A is the lowest IP so it starts an election (after around BIGTIME
seconds). Right after A is elected the sync site, sites B and C will
have 'lastYesState' set to 0, since site A hasn't yet sent out a
beacon as the sync site.
A client can then start a write to the ubik database on site A, which
site A will allow since it's the sync site (and presumably all the
relevant recovery flags are set). Site A will try to contact sites B
and C for a DISK_Begin call, but lastYesState is set to 0 on those
sites. This will cause DISK_Begin to return UNOQUORUM
(urecovery_AllBetter will return 0, because uvote_HaveSyncAndVersion
will return 0, because lastYesState is not set).
So site A will get a UNOQUORUM error from sites B and C, and so site A
will set 'ts->up' to 0 for sites B and C, and will return UNOQUORUM to
the client. The client may then try to retry the call (because
UNOQUORUM is not treated as a 'global' error in ubikclient.c's
ubik_Call_New), or another client write request could come in. Now
that 'ts->up' is unset for both sites B and C, we skip trying to
contact any remote sites, and the ContactQuorum functions will return
success. So the ubik write will go through successfully, but the new
data will only be on site A.
At this point, if site A crashes, then sites B and C will elect a
quorum, and will not have the modifications that were written to site
A (so the data written to site A is lost). If site A stays up, then it
will go through database recovery, sending the entire database file to
sites B and C.
In addition, it's very possible in this scenario for a client to write
to the database, and then try to read back data and confusingly get a
different result. For example, if someone issues the following two
commands while triggering the above scenario:
$ pts createuser testuser
$ pts examine testuser
If the second command contacts site B or C, then it will always fail,
saying that the user doesn't exist (even though the first command
succeeded). This is because sites B and C don't have the new data
written to site A, at least temporarily. While this confusing behavior
is not completely avoidable in ubik (this can always happen
'sometimes' due to network errors and such), with the scenario
described here, it happens 100% of the time.
The general scenario described above can also happen if sites B and C
are suddenly legitimately unreachable from site A, instead of throwing
the UNOQUORUM error. All of the steps are pretty much the same, but
there is a bit of a delay while we wait for the DISK_Begin call to
fail.
To fix this, do not let 0 be returned if a quorum has not been
reached. In some sense, UNOQUORUM could *always* be returned in
that case, but it is more in keeping with historical behavior to
return a "real" error if there is one available.
It is somewhat questionable whether we should even be propagating
errors received from calls like DISK_Begin/DISK_Commit to the ubik
client (e.g. if we get a -1 from trying to contact a remote site, we
return -1 to the client, so the client may think it couldn't reach the
site at all). But this commit does not change any of that logic, and
should only change behavior when a majority of sites have 'ts->up'
unset. A later commit might effect the change to always return
UNOQUORUM and ignore the actual error values from the DISK_ calls,
but that is not needed to fix the immediate issue.
An important note:
Before this commit, there was a window of about 15 seconds after a
sync site is elected where a write to the ubik db would appear to be
successful, but would only modify the ubik db on the sync site.
(Details described above.) With this commit, writes during that
15-second window will instead fail, because we cannot guarantee that
we won't lose that data. If someone relies on 'udebug' data from the
sync site to let them know when writes will go through successfully,
this commit could appear to cause new errors.
[kaduk@mit.edu: transfer long commit message describing the issue
from an alternative fix, and tidy up accordingly]
Reviewed-on: https://gerrit.openafs.org/12289 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit fac0b742960899123dca6016f6ffc6ccc944f217)
Change-Id: Ic9b4ceada6c743dde49aba82217bb3a9f440bb69
Reviewed-on: https://gerrit.openafs.org/12389 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@dson.org> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
projects / packages / o / openafs.git / log