Simon Wilkinson [Mon, 6 Sep 2010 08:37:23 +0000 (09:37 +0100)]
aklog: Fix weak_crypto tests
The tests for the various ways of enabling weak cryptography fail
with current Heimdal master, because it defines krb5_allow_weak_crypto
but does not prototype it.
Fix this by testing for the Heimdal version (which MIT does not provide)
first, and only if that's not available, try to use allow_weak_crypto.
Marc Dionne [Fri, 10 Sep 2010 01:02:05 +0000 (21:02 -0400)]
Warning fix for gcc 4.5 "operation may be undefined" warnings
The inc_header_word and set_header_word macros make repeated use of their
argument, which triggers many (~30) warnings with gcc 4.5, like this one:
./ptutils.c:473:6: warning: operation on ‘cheader.foreigncount’ may be undefined
Removing the cast to afs_int32 in the macros gets rid of the warning,
and should be safe since we're just getting a small positive integer value
- the offset of the member in the structure - and passing it to the
pr_Write function which expects an afs_int32.
Andrew Deason [Fri, 10 Sep 2010 16:17:40 +0000 (11:17 -0500)]
udebug: Always show tidCounter
If the queried site doesn't have an active write transaction,
currently udebug doesn't show the tidCounter. The tidCounter can still
be useful to know (especially since some sites will become buggy when
tidCounter rolls over), so always show it.
This adds the "The last trans I handled was" message to udebug.
Andrew Deason [Thu, 9 Sep 2010 19:10:01 +0000 (14:10 -0500)]
namei: Do not remove n_voldir1
When removing data directories in namei_RemoveDataDirectories, do not
remove the n_voldir1 directory (directory X in /vicepa/AFSIDat/X).
Removing this directory can race against the creation of an entirely
unrelated volume, causing the create op to fail (since it tries to
create a directory in a directory that no longer exists).
We don't currently have the necessary locking to make this safe, and
since the overhead of n_voldir1 existing is pretty negligible, just
leave it there. Also add some comments briefly justifying this.
Note that other similar races probably exist for directories under
n_voldir1, but they would only be between volumes in the same VG, and
so are much less likely to occur.
Andrew Deason [Thu, 2 Sep 2010 16:25:27 +0000 (11:25 -0500)]
vol: Add VInit cond var and remove busywaits
In DAFS, FSYNC_sync was waiting for VInit to reach at least 2 by
looping around pthread_yield(). For a server with a large number of
volumes, it can take a while for volumes to preattach, and so we are
effectively busy-waiting for preattach to finish. This can slow
fileserver startup and peg the cpu.
So instead, add a condition variable for when VInit changes, and wait
on that. Also modify other checkers of VInit to use the cond var.
Andrew Deason [Thu, 2 Sep 2010 20:05:21 +0000 (15:05 -0500)]
namei: Limit traversal when removing data dirs
namei_RemoveDataDirectories currently calls delTree with 'tree'
pointing to the part of the path immediately following n_base (i.e.
starting at the beginning of n_voldir1). This causes delTree to
traverse all of n_voldir1, trying to delete every directory it finds.
Since we are typically only trying to remove a single volume when
calling namei_RemoveDataDirectories, instead call delTree with 'tree'
pointing to immediately after n_voldir1, and beginning at n_voldir2
and try to just rmdir n_voldir1 afterwards. This way, we do not
traverse a large fraction of the entire partition when just trying to
delete a single volume, and so can significantly speed up volume
removals.
the file propagation "out of band" changes should not hardcode recovery
on file 0, but instead work on any file the interface is acting on.
use the provided file number.
Windows: Improve SMB detection of Local System account
Depending on the authentication method, the smb session authenticated
name for the "local system" account may be the nul string. In this
case it is impossible to use the name to determine if the authenticated
entity is the "local system" account as required by smb_SetToken.
To work around this problem, smb_AuthenticateUserExt() will now obtain
the Security Identifier (SID) for the authenticated account. The string
representation of the SID will be used in place of the name by
smb_ReceiveV3SessionSetupX() when constructing the smb_user_t object.
A new flag, SMB_USERNAMEFLAG_SID, indicates when the name is in fact
a SID.
smb_userIsLocalSystem() checks for the SMB_USERNAMEFLAG_SID flag and
performs a SID comparison when it is set.
smb_SetToken() will accept either MACHINE\user or a SID string as
the smbname. It will obtain the SID if possible and create a SID-based
smb_user_t.
It is possible that a SYSTEM service will use an anonymous (S-1-5-7)
SMB connection. In that case, we also check the RPC Impersonation
SID to see if it is SYSTEM. If so, the RPC identity supercedes the
SMB identity for SetToken.
smb_IoctlRead, smb_IoctlV3Read and smb_IoctlRawRead are now all
consistent with regards to name processing.
Windows: Modify signature of buf_CleanAsync and buf_CleanAsyncLocked
The buf_CleanAsync() and buf_CleanAsyncLocked() signature does
not include a cm_scache_t pointer even though buf_CleanAsyncLocked()
needs a pointer to the matching cm_scache_t object. There are
some calls when the cm_scache_t object is already known. For those
cases it is more efficient to avoid the additional lookup especially
when buf_CleanAsync*() is being called on every buffer associated
with the cm_scache_t object.
At the same time add a flags field and a constant
CM_BUF_WRITE_SCP_LOCKED to permit the lock state of the cm_scache_t
to be passed in.
Finally, fix up the usage in buf_FlushCleanPages() which gains
the most from these changes.
Windows: Permit cm_scache rwlock to be dropped when "Stablized"
The cm_buf_opts_t cm_BufStabilize() function was implemented
such that holding the cm_scache_t.rw lock had to be exclusively
held until cm_BufUnstablize() was called. Unfortunately, this
prevents using Stabilize/Unstabilize to protect the cm_scache_t
during Flush operations as the cm_scache_t.rw lock must be
acquired after the cm_buf_t mutex and not before it.
This patchset reimplements the synchronization logic using
the new CM_SCACHEFLAG_SIZESETTING flag and cm_SyncOp().
Jeffrey Altman [Mon, 30 Aug 2010 03:41:02 +0000 (23:41 -0400)]
Windows: fail cm_CheckNTOpen if READ|DELETE for readonly file
If the readonly file attribute is set (stored as a unix mode)
then a CreateFile operation should fail if the file is opened
for DELETE in combination with any other privilege.
Jeffrey Altman [Thu, 26 Aug 2010 15:33:43 +0000 (11:33 -0400)]
Windows: Add validation for directory buffer contents
If the directory buffer contents are garbage we can crash
the service. Add some simple validation checks to ensure
that cm_dirEntry_t objects have the correct flag value and
that the name strings are not too long.
Jeffrey Altman [Tue, 24 Aug 2010 20:46:45 +0000 (16:46 -0400)]
Windows: cm_TryBulkStatRPC must process VIO errors
If the bulkStat errorCode indicates that a particular object
is inaccessible due to a VIO error, we must update the server
status appropriately in order to permit failover.
Jeffrey Altman [Tue, 24 Aug 2010 20:42:57 +0000 (16:42 -0400)]
Windows: better handle RX_MSGSIZE errors
An RX_MSGSIZE error is returned by the new PMTU detection
code. It is critical that such an error result in a retry of
the operation that failed. Otherwise, the PMTU detection can't
work and the server will be marked down.
Secondly, it is important that such errors not leak to the
application layer. Map them to CM_ERROR_RETRY in all cases.
Jeffrey Altman [Sat, 21 Aug 2010 04:23:45 +0000 (00:23 -0400)]
Windows: Log cell along with volume id for server errors
When logging server volume instance errors to the windows
application event log, be sure to log the cell as well.
Translating from server ip address is non-trivial. Make it
easier for administrators triaging issues to plug the volume
and cell info into vos commands.
Andrew Deason [Fri, 3 Sep 2010 20:20:10 +0000 (15:20 -0500)]
vos: Show after effects in dryrun mode
The dryrun mode of operation for 'vos syncvldb' and 'vos syncserv'
does not currently show the "status after" portion of its output, so
they don't really show what the commands will do. Change them so
"status after" is shown for -dryrun when sync'ing servers or
partitions, and count changes towards the count at the end.
Marc Dionne [Sun, 5 Sep 2010 14:48:52 +0000 (10:48 -0400)]
afs_DoBulkStat: don't call afs_Analyze without holding the GLOCK
Limit the scope of the GUNLOCK-GLOCK blocks to cover only the RX
calls. This prevents afs_Analyze from being called without the
GLOCK, which causes an oops in afs_icl_Event4() where there's
an ASSERT_GLOCK.
Andrew Deason [Wed, 1 Sep 2010 16:14:37 +0000 (11:14 -0500)]
RedHat: Do not force krb5-config path
If the %krb5config macro is not defined, do not force using
/usr/kerbers/bin/krb5-config, since sometimes that is not where it is
(RHEL6 puts it in /usr/bin). Instead only specify KRB5_CONFIG if
krb5config is defined; otherwise let configure find krb5-config for
us.
Andrew Deason [Wed, 1 Sep 2010 15:32:53 +0000 (10:32 -0500)]
RedHat: Update openafs.spec for configure changes
We no longer have the configure options --enable-disconnected and
--with-krb5-conf. Remove them from the spec file and instead specify
krb5-config via the KRB5_CONFIG variable.
Andrew Deason [Wed, 1 Sep 2010 15:18:17 +0000 (10:18 -0500)]
RedHat: Use git-version in makesrpm.pl
We no longer have the OpenAFS version in the AM_INIT_AUTOMAKE. Get the
version from the equivalent AC_INIT version, which is determined by
running build-tools/git-version. So, run git-version to get the
version.
Hartmut Reuter [Tue, 31 Aug 2010 11:30:41 +0000 (13:30 +0200)]
Let SRXAFS_GetStatistics64 return correct values for the workstations
h_GetWorkstats was called also for 64bit which let random contents
in the other half of the 64bit field. Worse: little and big endian
machines filled different parts of the field so that a later masking
in fsprobe would net help for all kinds of servers.
Now a small wrapper h_GetWorkstats64 is called which calls h_GetWorkstats
correctly.
Andrew Deason [Wed, 9 Jun 2010 17:46:29 +0000 (12:46 -0500)]
ubik: Protect ubik_servers in urecovery_Interact
urecovery_Interact can modify the global ubik_servers structures,
including destroying and recreating the RX connection objects. In the
pthreaded case, DBHOLD the database, so we do not modify the
structures out from under another thread trying to use them.
Andrew Deason [Wed, 9 Jun 2010 17:45:57 +0000 (12:45 -0500)]
ubik: Drop dbase versionLock during I/O and sleeps
Currently we hold versionLock during all ubik network I/O and while we
are sleeping for whatever reason. For pthreaded ubik, to allow other
things to happen during those times, drop the lock and reacquire when
we hit the net or sleep.
Matt Benjamin [Sun, 29 Aug 2010 19:06:22 +0000 (15:06 -0400)]
cache bypass Also increment page refcount in readpage
As noticed by a commenter, afs_linux_bypass_readpage needs
the same get_page operation as in afs_linux_bypass_readpages,
as background page accounting assumes we have done it.
Matt Benjamin [Fri, 27 Aug 2010 23:11:32 +0000 (19:11 -0400)]
DFBSD update dfbsd userland
Add new sysnames. Fix some userland header inclusions,
defend against kernel-mode ioctl interpretation when
building UKERNEL. Add fragments missing from DFBSD
MakefileProto template.
Matt Benjamin [Sun, 29 Aug 2010 21:33:03 +0000 (17:33 -0400)]
FBSD try-relax child vnode locking (recurse only)
In cases where afs_vop_lookup would return a child vnode
locked, continue to take an exclusive lock, but allow
recursion (LK_CANRECURSE). Allow recursion also at
afs_vop_link, where we specifically encountered a conflict
due to recursion.
Matt Benjamin [Sun, 29 Aug 2010 00:43:41 +0000 (20:43 -0400)]
FBSD, DFBSD (future) vnode_pager_setsize updates
Based on review of bundled filesystems on FBSD and DFBSD,
call vnode_pager_setsize in three unhandled cases (getattr,
setattr, and io growing a file; truncation was handled
correctly already). Following up on a suggestion by Ben
Kaduk.
Marc Dionne [Sat, 28 Aug 2010 19:50:04 +0000 (15:50 -0400)]
Make hcrypto depend on config
hcrypto needs the top-level include structure to be present so it
can install its header files. Add a dependency to "config" in
the Makefile to make this explicit and prevent occasional failures
with parallel builds.
Change-Id: If588d6a15fa1fdf371ec2841cc3a6e75077cccb0
Reviewed-on: http://gerrit.openafs.org/2620 Tested-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk> Reviewed-by: Derrick Brashear <shadow@dementia.org> Tested-by: Derrick Brashear <shadow@dementia.org>
Matt Benjamin [Fri, 27 Aug 2010 02:54:20 +0000 (22:54 -0400)]
FBSD restore old syscall register logic for older kernels
The syscall_register code appears to depend on coordination
with FreeBSD upstream, which hopefully can be completed by
RELENG_9. Use the original code for installation of the AFS
syscall everything older than that.
Simon Wilkinson [Sun, 14 Feb 2010 01:14:54 +0000 (01:14 +0000)]
Add new SetTokenEx pioctl
This change implements the new, XDR based, SetTokenEx pioctl. This
pioctl permits sending multiple tokens, of multiple types, into the
kernel in a single pioctl call. This patch provides a kernel
implementation of the pioctl, and a new library function
ktc_SetTokenEx, which will use either the new pioctl, or fall back
to the old one should SetTokenEx not be available.
Simon Wilkinson [Sun, 7 Feb 2010 14:15:26 +0000 (15:15 +0100)]
Make unixuser's vid advisory
The 'vid' element of the unixuser structure was performing two
functions. It was used in debug messages to clarify which user's
token had expired and, in a few locations, to signify whether the
user had tokens or not.
This patch removes this dual usage. 'vid' is renamed to viceId, so
all uses are found and fixed. Where it is used for debugging, it remains,
but we only set the viceId for a user when we first use an rxkad token
on that context. Other uses of 'vid' have been replaced with tests
against the UHasTokens flag in the user's states.
Simon Wilkinson [Fri, 5 Feb 2010 11:12:45 +0000 (11:12 +0000)]
Unix CM: Generalise token storage
This generalises token storage in the Unix CM, so that it isn't
rxkad specific. We add a new, dynamically allocated, list of tokens
hanging off each unixuser structure. Each token is expressed as
a discrimated union keyed on the security class of that token,
with the token's details contained within that Union.
All token handling is performed through a set of functions in
afs_token.c - token access is modified to use this interface
throughout the rest of the code.
Ben Kaduk [Thu, 26 Aug 2010 03:21:30 +0000 (23:21 -0400)]
FBSD: properly register our syscall
Use the provided interface, syscall_register(), instead of
manually tweaking the sysent table.
Starting afsd will still fail at present on FreeBSD HEAD
without an additional kernel patch to syscalls.master.
Matt Benjamin [Wed, 25 Aug 2010 20:19:18 +0000 (16:19 -0400)]
FBSD: give osi_NetReceive time to shutdown, reprise
The delay logic needs to follow soshutdown, and precede
soclose. The thread in osi_NetReceive is racing to do
another soreceive. That thread needs to win the race
and notice the socket is shut down before rx_socket is
torn down.
Matt Benjamin [Wed, 25 Aug 2010 07:34:35 +0000 (03:34 -0400)]
FBSD CM: don't call afs_close when recycling
Don't call afs_close when handling VOP_CLOSE on a recycled
vnode, since there was no matching open. This corrects the
opens count, which was seen to go have gone negative in the
reclaim vop. For clarity, assert if afs_vop_close is entered
with a VI_DOOMED vnode and avc->opens != 0.
Andrew Deason [Mon, 23 Aug 2010 17:55:21 +0000 (12:55 -0500)]
venus: make cacheout build again
Make src/venus/cacheout buildable again, by fixing several compiler
errors and warnings. Also clean up a few small things, like adding
'static' qualifiers.
Andrew Deason [Fri, 21 May 2010 21:26:53 +0000 (16:26 -0500)]
vlserver: Allow reading during ubik writes
Turn on the new ubik_BeginTransReadAnyWrite functionality for the
vlserver, which allows us to read data from ubik during a conflicting
ubik write lock. When writing, we now update a copy of the
application-level cache, and write back the changes during a commit.
Andrew Deason [Fri, 21 May 2010 20:54:33 +0000 (15:54 -0500)]
vlserver: Access cache via vl_ctx
The vlserver application-level ubik cache (which consists of
HostAddress, ex_addr, and cheader) is currently being accessed via
global variables everywhere. Instead, access these via the new vl_ctx
struct that is passed to functions during a transaction, so we have
the ability to modify the cache without making all changes visible as
we change it.
Andrew Deason [Fri, 21 May 2010 16:12:50 +0000 (11:12 -0500)]
vlserver: Add a struct for trans-specific data
Instead of passing a ubik_trans pointer to many functions inside the
vlserver, pass a vlserver-defined vl_ctx struct, so we can add new
things to keep track of in a transaction that are not part of ubik.
Andrew Deason [Thu, 20 May 2010 20:22:11 +0000 (15:22 -0500)]
ubik: add interface for reading during write locks
Add ubik_BeginTransReadAnyWrite, which allows for reading from the
database, even while there is a conflicting ubik write lock. Reads are
still blocked while the local database is updating due to a write
transaction commit.
Andrew Deason [Tue, 22 Jun 2010 19:36:42 +0000 (14:36 -0500)]
ubik: Fix buffers for reading-during-writes
If we are reading while a write transaction is in progress, we can
encounter a buffer that is dirty if we're on the same site as the
writer. Ignore these buffers for readers, since they contain
uncommitted changes. Then, when the writer commits, invalidate the
resultant duplicate buffer, if one exists.
Andrew Deason [Tue, 22 Jun 2010 18:24:27 +0000 (13:24 -0500)]
ubik: Abstract buffer matching and pass trans ptrs
Abstract the code for matching buffers in DRead, and pass around
ubik_trans pointers instead of ubik_dbase pointers. This changes no
behavior, but makes changing ubik buffer code a bit easier.
Simon Wilkinson [Sat, 21 Aug 2010 11:05:37 +0000 (12:05 +0100)]
Don't include afsconfig.h in rxgen headers
Some headers generated by rxgen are installed. We can't use
afsconfig.h in installed headers, as it isn't installed (and it
shouldn't be, as it contains autoconf defines which will almost
certainly have namespace conflicts with other packages)
Revert the portion of 972a407 that added afsconfig.h to the
h_output function. This should now be safe as stds.h no longer
relies on the result of autoconf tests.
Marc Dionne [Fri, 20 Aug 2010 20:11:59 +0000 (16:11 -0400)]
s390x: only declare afs_sys_setgroups32_page where needed
Variable afs_sys_setgroups32_page is only used when __NR_setgroups32
is not defined. Make the declaration depend on it as well to clear
up an unused variable warning.
Simon Wilkinson [Thu, 19 Aug 2010 23:18:17 +0000 (00:18 +0100)]
hcrypto: Fix for IRIX
Fix the hcrypto build for IRIX, by including param.h in the
configuration header so that the platform specific redefinitions of
"inline" work correctly.
Andrew Deason [Thu, 22 Apr 2010 22:09:18 +0000 (17:09 -0500)]
Remove the global tempHeader/stuff structures
Currently, volinodes.h defines an array ('stuff') for easily accessing
information about different inode types. Part of the array points to
parts of a global 'tempHeader' structure, making this not threadsafe.
Change this into an interface which utilizes local storage to make
this threadsafe and remove those horridly-named global variables.
This adds the init_inode_info static inline function, for initializing
a local inode information table.
Andrew Deason [Thu, 24 Jun 2010 20:45:05 +0000 (15:45 -0500)]
vol-salvage: Move global vars into SalvInfo struct
Reduce the number of globals used in the salvager code, by making
functions pass around a 'salvinfo' structure that contains the
information regarding a particular salvage.
Jeffrey Altman [Mon, 16 Aug 2010 14:09:22 +0000 (10:09 -0400)]
Windows: prevent buffer overrun in cklog
The Windows version of klog.exe will overwrite the realm and
password buffers if the command line input is too long. Generate
an error and terminate the program instead.
Chaz Chandler [Wed, 4 Aug 2010 18:17:03 +0000 (11:17 -0700)]
autoconf detection of label support
acinclude.m4 now has struct label support detection and sets
HAVE_STRUCT_LABEL_SUPPORT in afsconfig.h. Obviates complicated
ifdefs in various src/afs/ and src/rx/ files. Must run regen.sh
to generate new configure and afsconfig.h.in, then configure will
detect label support and set afsconfig.h appropriately. Not sure
what to do for Windows, but should be a step in the right
direction.
Fixes issue with compilation of libuafs on IRIX and sunpro by accurately
detecting label support.
Marc Dionne [Thu, 12 Aug 2010 20:33:04 +0000 (16:33 -0400)]
Linux: avoid oops in memcpy_toiovec
With ADAPT_PMTU enabled, kernel_recvmsg can be called to receive
errors. The call is made with no iovec supplied (we pass a NULL
pointer), but with a size of 256. In the kernel, the memcpy_toiovec
function tests for size > 0, and proceeds to check iovec->iov_len,
which causes an oops. Fix by setting the size to 0.
projects / packages / o / openafs.git / log