Andrew Deason [Tue, 15 Apr 2014 17:30:19 +0000 (12:30 -0500)]
doc: Clarify some BosConfig.new text
It is not always clear to users whether BosConfig.new is noticed
during an automatic restart, or if it requires stopping and starting
the bosserver. Slightly reword the relevant text and add a small note
that a "general restart" does cause BosConfig.new to be noticed, so
this is explicitly clear.
Marc Dionne [Fri, 2 May 2014 18:10:06 +0000 (14:10 -0400)]
Linux: Prevent some fakestat data inconsistencies
When fakestat is enabled for a mount point, the parent vcache
entry is not the right place to find the DataVersion of
the target volume root directory. This can lead to data
inconsistency since the revalidation checks rely on the parent's
DataVersion to determine if a file entry is still valid. If the
file was replaced or deleted remotely, the only callback we
get is for the parent directory, and in that case the client
will think the file entry is still valid and give back stale
data to the user.
If fakestat is enabled and we have a mountpoint, always use
the parent vcache pointer returned by FakeStat before using it
to either store (in the lookup and create ops) or compare
(in the revalidate op) the DataVersion.
FIXES 131855
Change-Id: I03c05c1dab39e663b74635700e80ba70861b1c2e
Reviewed-on: http://gerrit.openafs.org/11118 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Reviewed-by: D Brashear <shadow@your-file-system.com>
Jeffrey Altman [Thu, 8 May 2014 13:06:07 +0000 (09:06 -0400)]
Windows: cm_Analyze retries vs CM_REQ_NORETRY (2)
Commit a1b5a1d42280753de13094006dcc130fede978a1 left out a critical
part of the patch. The check for "retry < 2" when determining whether
retries should be skipped due to CM_REQ_NORETRY.
Michael Meffie [Thu, 24 Apr 2014 17:40:06 +0000 (13:40 -0400)]
libafs: fix lock leak during shutdown
afs_getattr returns EIO when afs is in the process of shutting
down. Be sure to unlock the locks taken before returning.
The bozon lock leak has been present since IBM AFS.
Rod Widdowson [Sun, 4 May 2014 18:33:11 +0000 (14:33 -0400)]
Windows: Adjust Last Write time handling for -1
The "what date/time gets changed when and by whom" in Windows is badly
defined, but all filesystems support the semantic that if a date is set
using a specific file object (or the timestamp is set to the magic number
-1)
then other changes provoked by that file object will be ignored.
AFS redirector timestamp handling does not support this behavior.
For the LastWrite timestamp (other timestamps are pretty much advisory and
maintained on a best effort basis) the timestamp would be updated by a
write operation even after -1 is set via the file handle.
This patchset implements the -1 behavior for LastWrite. It also follows
the standard Windows practice of setting the LastWrite timestamp to be the
time of close of the handle that performed the write, not the time of the
write itself.
Finally, it should be noted that since RX*FS_StoreXXX operations update
the last write time on the server the client must restore the LastWrite
timestamp at handle close if -1 was specified.
The 'ComponentName' parameter to AFSSubstituteName() is a UNICODE_STRING
pointer. Its address should not be passed to AFSDbgTrace when used
in conjunction with a %wZ format.
Anders Kaseorg [Sun, 4 May 2014 09:30:25 +0000 (05:30 -0400)]
Fix buffer length validation in ktc_GetToken and knfs
The signed int tktLen is checked against a maximum size, then passed
as the unsigned size_t argument to memcpy. So we need to make sure it
isn’t negative.
This doesn’t appear to be exploitable: tktLen comes from the kernel,
which should have previously validated the length within the SETTOK
pioctl.
This bug was found with STACK <http://css.csail.mit.edu/stack/>.
Ken Dreyer [Wed, 6 Mar 2013 20:53:29 +0000 (13:53 -0700)]
doc: recommend cleanup steps in "vos convertROtoRW" man page
vos convertROtoRW leaves the older RW copy on the original fileserver,
although it is no longer in the VLDB. Provide the user with some hints
regarding clean up.
Change-Id: I5f6fcf7d5a516b59438d84e60f163a567d3a64fd
Reviewed-on: http://gerrit.openafs.org/9408 Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com> Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Benjamin Kaduk [Mon, 7 Apr 2014 21:55:09 +0000 (17:55 -0400)]
vol: Fix build with separate objdir
The volscan-main and volinfo-main source files are in the source
tree, not the object tree; refer to the objects in the Makefile
as dependencies, so that they will be picked up properly. The
objects will be made just fine by the implicit .c.o rule.
Change-Id: Ieec4b32cfbe5d260e1560a08d4ed8162720f9222
Reviewed-on: http://gerrit.openafs.org/10988 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows: Deny writes/truncation to files w RO attr
If the readonly file attribute is set on a file, refuse to process
writes, truncations or overwrites. The afsd_service will do so
and this can lead to data corruption.
At the same time, writes from the redirector to afsd_service must
not be denied because of the readonly attribute. That check was
performed during the CreateFile. Otherwise, a new file can be
created with the readonly attribute and then not be writable.
Jeffrey Altman [Wed, 12 Mar 2014 16:49:40 +0000 (12:49 -0400)]
Windows: NP Fail requests if AFSGetAuthenticationId fails
If during the processing of a network provider request the Logon
Session AuthenticationId is zero and the AFSGetAuthenticationId()
function is unable to obtain the current thread's AuthenticationId,
then fail the request.
The prior behavior of AFSSetBasicInfo() was to let the caller
set whatever it wanted as the new file attributes regardless of
the attributes that are supported by AFS. In doing so, reparse
point and directory attributes could be cleared, and other values
could be set even though they would be lost as soon as the
DirectoryCB object was garbage collected.
New behavior:
1. return STATUS_INVALID_PARAMETER if reparse point attribute
would be altered
2. return STATUS_INVALID_PARAMETER if directory attribute would
be altered.
Rod Widdowson [Mon, 14 Apr 2014 20:50:36 +0000 (16:50 -0400)]
Windows: Pin write position prior to defer
If we extend the file prior to defrring the write *and* the write
is set up FILE_WRITE_TO_END_OF_FILE then we have to convert the
FILE_WRITE_TO_END_OF_FILE to an absolute position since we have
already moved the FCB->Header.FileSize.
Rod Widdowson [Mon, 14 Apr 2014 20:45:37 +0000 (16:45 -0400)]
Windows: Do not defer Synchronous operations
There is nothing to be gained by posting a synchronous write.
Let it hang out in CcCopyWrite until there is enough memory
unless the write became synchronous after a deferral in which
case it can be deferred again.
Introduce bWait variable which is set to the result of
IoIsSynchronousWrite( Irp).
This change is being introduced after further analysis of the
FastFat example.
Andrew Deason [Thu, 30 Jan 2014 19:50:11 +0000 (13:50 -0600)]
Fix rx_EndCall error precedence
Callers of rx_EndCall in various parts of the code handle errors a bit
differently from each other. The correct way to use rx_EndCall is
almost always some form of:
code = rx_EndCall(call, code);
This will cause the call to abort with 'code' if the call is not
already aborted, and will return the abort code for the call (or 0 if
the call ended successfully). It is thus impossible for 'code' to
start out with a non-zero value in the code snippet above, and end up
with a value of 0 after the code snippet.
Most code follows this pattern, because this is how the
rxgen-generated client RPC wrappers are written. So for any non-split
Rx call, this is how the error precedence works.
However, some code (mostly for Rx split calls), needs to handle
calling rx_EndCall itself, and some code appears to think it is
possible for rx_EndCall to return 0 when we already had a non-zero
error. Such code tries to ensure that we don't ignore an error we
already got by doing something like this:
However, this is not correct. If a call gets killed with an abort code
partway through executing an RPC, and the client tries to end the RPC
with e.g. EndRXAFS_FetchData, the client will get an error code of
-451 (RXGEN_CC_UNMARSHAL). The actual error code is in the abort code
for the call, but with the above 'code2' snippet, we can easily return
an error of -451 instead, which will usually get interpreted as some
unknown network-related error.
This can manifest as a problem in the unix client, where if a
FetchData call fails due to, for example, an "idle dead" timeout, we
should result with an error code of RX_CALL_TIMEOUT. But because of
the above issue, we'll instead yield an error of -451, causing the
server to be marked down with the following message:
afs: Lost contact with file server ... (code -451) ...
So, fix most rx_EndCall callers to follow the 'code = rx_EndCall(call,
code);' pattern. Not all of the changes here are to "wrong" code, but
try to make all of the rx_EndCall call sites look more consistent.
There are a few exceptions to this pattern, which warrant some
variations:
- A few instances in src/WINNT/afsd/cm_dcache.c do seem to want to
record the original error before we ran rx_EndCall, instead of
seeing the rx abort code. We still return the rx_EndCall-returned
value to the caller, though.
- Any caller of RXAFS_FetchData* needs to read a 'length' raw from
the rx split stream. If this fails, we need to abort the call, but
we don't really have an error code to give to rx_EndCall. Failure
to read a length indicates that the server is not following
protocol properly, so give rx_EndCall RX_PROTOCOL_ERROR in these
instances. The call should already be aborted by this point, so
most of the time this code will be ignored; it will only make a
difference if the server tries to end the call successfully without
sending a length, which is indeed a protocol error.
- Some Rx clients can encounter a local error they don't want to send
to the server via an abort, so they just end the call successfully,
and only use the rx abort code if they don't already have a local
error. This is in a few places like src/butc/dump.c and
src/volser/vsprocs.c.
- Several places don't care what the error from rx_EndCall is, such
as various call sites in server-side code.
The behavior of the Windows client w.r.t rx_EndCall was changed a bit
into its current behavior in commit a50fa631cad6919d15721ac2c234ebbdda2b4031 (ticket 125018), which just
appears to be wrong. This was partially reverted by commit ae7ef5f5b963a5c8ce4110a7352e0010cb6cdbc1 (ticket 125351), but some of
the other call sites were unchanged. The Unix client appears to have
been doing this incorrectly for at least FetchData calls since OpenAFS
1.0.
To make it hopefully more clear that rx_EndCall cannot return 0 if
given a non-zero error code, add an assert to rx_EndCall that asserts
that fact.
Andrew Deason [Wed, 27 Mar 2013 23:12:41 +0000 (18:12 -0500)]
afs: Raise fake free space reporting
We report 'fake' values for free space, free file nodes, etc for the
'AFS' filesystem, since these values are not meaningful for AFS
itself. Currently we report about 9G of free space for most platforms,
and a few different values for a few others. Raise all of these to
2^32-1, so that trying to copy over 9G of data into AFS does not fail
for those applications that check the destination free space with
statfs(2). Note that one such application is KDE 4.8.x.
Consolidate all places that do this, and put the 'fake' value in one
place, AFS_VFS_FAKEFREE, along with the relevant comments.
Related issues reported by Lars Schimmer, Richard Brittain, and
others.
Change-Id: Ia15175da32744e11f62489c29bedfe1f5560d2b4
Reviewed-on: http://gerrit.openafs.org/9688 Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Markus Koeberl <markus.koeberl@tugraz.at> Tested-by: Markus Koeberl <markus.koeberl@tugraz.at> Reviewed-by: D Brashear <shadow@your-file-system.com>
ptserver: Optionally restrict anonymous access to the ptserver
Currently, one could simply query from 0 to 'pts listmax' to determine
all the usernames in a cell. The -restrict_anonymous option will block
access to almost all of the unauthenticated RPC's. PR_NameToID is still
open since aklog still needs access to this RPC. An "attack" against
this RPC would have to scan a much larger key space to determine valid
usernames in a cell.
Change-Id: I7e475bc004f08d28d195c199804befa89f0ceb0c
Reviewed-on: http://gerrit.openafs.org/10951 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Gergely Risko <gergely@risko.hu> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: D Brashear <shadow@your-file-system.com>
Michael Meffie [Sat, 15 Feb 2014 17:03:43 +0000 (12:03 -0500)]
viced: fix get-statistics64 buffer overflow
Range check the statsVersion argument of the GetStatisitics64 RPC to
avoid a buffer overflow in the fileserver, or a huge memory allocation,
by a rogue client.
Andrew Deason [Fri, 21 Feb 2014 21:30:49 +0000 (15:30 -0600)]
rx: Avoid rxi_Delay on RXS_CheckResponse failure
Currently we rxi_Delay whenever RXS_CheckResponse fails for any
reason. This can result in disastrous performance degradations if a
client keeps sending "bad" responses, since rxi_Delay'ing here will
delay the Rx listener thread. This means we cannot receive any packets
for about a second, which can easily cause us to drop a lot of
incoming packets.
Instead, send the abort after 1 second by scheduling an event. This
will retain existing behavior from the point of view of the client
(it will get the abort after 1 second), but avoids hanging the Rx
listener thread.
Andrew Deason [Fri, 21 Feb 2014 21:26:35 +0000 (15:26 -0600)]
rx: Split out rxi_SendConnectionAbortLater
Take the functionality in rxi_SendConnectionAbort that schedules a
delayed abort, and split it out into a new function,
rxi_SendConnectionAbortLater. This allows callers an easy interface to
send such a delayed abort with their own delay.
This commit should incur no change in behavior; it is just code
reorganization.
Benjamin Kaduk [Fri, 28 Mar 2014 13:19:30 +0000 (09:19 -0400)]
Disable kauth by default
We should actively be discouraging the use of the kaserver and related
utilities.
The src/kauth/ directory will still be compiled, just not installed.
(If we stopped compiling it, it would likely bitrot very quickly so
as to become unbuildable, and having it still build seems a reasonable
goal given our obligations with respect to compatibility with IBM
AFS for the use of the AFS name.)
Michael Meffie [Thu, 27 Mar 2014 08:24:16 +0000 (09:24 +0100)]
viced: disable hot threads
Turn off the rx hot threads feature in the file server. This feature
was an old optimization intended to reduce context switching, however
generally makes performance worse on modern hardware.
Performance improvements from disabling hot threads was identified by
Simon Wilkinson (YFS) at the European AFS and Kerberos Conference (EAKC)
2014 at CERN.
Change-Id: Id3053a61ebdb2d49d2bf36ebe07a35cc07b5d65c
Reviewed-on: http://gerrit.openafs.org/10957 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Reviewed-by: D Brashear <shadow@your-file-system.com>
Stephan Wiesand [Wed, 12 Mar 2014 09:47:17 +0000 (10:47 +0100)]
doc: bos setrestricted -mode 0 does make sense
Commit 070230ab76e1df338db3f2a7971111ca976a0c1a added documentation of
the mode parameter to bos setrestricted, claiming that the value 0 is
useless, and commit eee0bf5871944d919951cc8b7b4908ee909c3b62 added
documentation of the restrictmode entry in BosConfig, claiming that it
can only be set back to 0 with an editor. Both claims are wrong, since
bos setrestricted -mode 0 will do exactly that (if it succeeds, which
it only can if the server is running in unrestricted mode, which can
be achieved by sending it the FPE signal). Fix the man pages
accordingly.
Change-Id: I07b75f7d0cea2e247fa4f346121de258e35119f5
Reviewed-on: http://gerrit.openafs.org/10885 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: D Brashear <shadow@your-file-system.com>
Client host too busy while handling request from host %s:%d viceid %d fid %lu.%lu.%lu, failing request
Cannot get CPS for client while handling request [...], failing request
Cannot reconnect to ptserver while handling request [...], failing request
While the new messages are more informative, and (in my opinion)
better describe what is happening in those situations, they do look
very different from the old messages. This can break scripts that try
to parse these logs, but in general it is also not clear to
administrators that these messages still refer to the same events.
So instead, put these messages back the way they were. Still include
the extra information, of course, but revert the language to look more
like the old messages. Now we log:
CallPreamble: Couldn't get client while handling request from host %s:%d viceid %d fid %lu.%lu.%lu, failing request
CallPreamble: Couldn't get CPS while handling request [...], failing request
CallPreamble: couldn't reconnect to ptserver while handling request [...], failing request
Thanks to Ben Kaduk for bringing this up.
Change-Id: Ie2389fb598640d79f0f0725c3161c7af7924ffb4
Reviewed-on: http://gerrit.openafs.org/10857 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: D Brashear <shadow@your-file-system.com> Reviewed-by: D Brashear <shadow@your-file-system.com>
Michael Meffie [Wed, 12 Mar 2014 19:15:32 +0000 (15:15 -0400)]
volinfo: separate volscan binary
Refactor vol-info.c into several files and change the makefile to
build a separate volscan binary, instead of using the program name
to determine if the user is running volinfo or volscan.
This commit adds new source files for the volinfo and volscan main()
function and a common header file.
Change-Id: I53a2a503812237a850170c39c81ee3fb56c8282e
Reviewed-on: http://gerrit.openafs.org/10903 Reviewed-by: D Brashear <shadow@your-file-system.com> Tested-by: D Brashear <shadow@your-file-system.com>
Michael Meffie [Sat, 15 Mar 2014 15:04:31 +0000 (11:04 -0400)]
volscan: hide -mask option
The -mask option is unneccessary and sets a bad precedent, so
deprecate and hide this option. The vnodes of interest can be found
can be found easily and much more flexibly with a simple command
pipeline.
Change-Id: Ibe75928c6b041d135c0cb5867228947cd7f4e889
Reviewed-on: http://gerrit.openafs.org/10901 Reviewed-by: D Brashear <shadow@your-file-system.com> Tested-by: D Brashear <shadow@your-file-system.com>
Benjamin Kaduk [Thu, 6 Feb 2014 21:11:49 +0000 (16:11 -0500)]
pioctl.c: removed unused variable
The 'rval' variable is only actually used in the LINUX20 case;
adding another conditional block is making the LINUX20 case
different enough that it should get split out entirely.
Doing so lets the 'else' clause be simpler.
Found by clang on FreeBSD 10.0.
Change-Id: I60c56af355fdb68752d9596ff2cd7a4259b43fe9
Reviewed-on: http://gerrit.openafs.org/10819 Tested-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Reviewed-by: D Brashear <shadow@your-file-system.com>
Michael Meffie [Fri, 7 Feb 2014 14:55:31 +0000 (06:55 -0800)]
fs: display cell not available on ESRCH
The cache manager pioctls abuse ESRCH to represent errors due to
unavailable cell information. Give a more sensible error message to
the user when a pioctl returns an ESRCH error, instead of "no such
process", which is the conventional meaning of ESRCH.
The new error message is consistent with the Windows implementation
of fs.
For example, on a host with a misconfigured ThisCell and/or CellServDB.
Michael Meffie [Sat, 8 Mar 2014 19:30:27 +0000 (14:30 -0500)]
libafs: afs_SetupVolSlot function
Move the code block to get and setup volume slots out of
afs_SetupVolume to a new local function called afs_SetupVolSlot.
This new function acquires the afs_xvolume lock and releases it
before returning.
Michael Meffie [Sat, 8 Mar 2014 17:35:23 +0000 (12:35 -0500)]
libafs: put volume disk cache i/o in afs_UFSGetVolSlot
Move the reading of the volume items file to the afs_UFSGetVolSlot()
to make it more clear the volume items file is not accessed when
memcache is in effect.
This changes the afs_GetVolSlot to return an intialized volume slot,
if one can be gotten.
Michael Meffie [Sat, 8 Mar 2014 16:41:26 +0000 (11:41 -0500)]
libafs: afs_InitVolSlot function
Add a new local function to initialize newly gotten volume slots and
move that code out of afs_SetupVolume(). Initialize the slot before
putting the volume in the volume hash table list.
Make it more clear to avoid using record 0. The volume items record 0 is
not used, so avoid setting the tf pointer to the static fvolume buffer
when reading record 0.
Marc Dionne [Wed, 19 Mar 2014 15:15:13 +0000 (11:15 -0400)]
Linux: Do drop dentry if lookup returns ENOENT
Commit 997f7fce437787a45ae0584beaae43affbd37cce switched to using
d_invalidate instead of d_drop to prevent unhashing dentries
which are only temporarily invalid and may still be referenced
by someone having a current working directory pointing to it.
This could result in getting ENOENT from getcwd() after some
transient problems, even when the directory is there and
accessible.
The change had the side effect of potentially leaving something
visible when it has actually been removed, for instance a mountpoint
removed by "fs rm".
If afs_lookup returns ENOENT, we want to forcibly drop (unhash)
the dentry, even if it has current users.
Jeffrey Altman [Sun, 15 Dec 2013 00:38:50 +0000 (19:38 -0500)]
vos: GetServer search for non-loopback address
GetServer() is used to obtain an IP address for the 'aname' parameter.
'aname' can be either a dotted address or a host name. If it is a dotted
address, it is returned immediately. If it is a host name, then
gethostbyname() is used to obtain an IP address.
The prior version of this function had two failings:
1. It assumed that a struct hostent only contained a single address.
It used the former h_addr field. For all platforms supported by
OpenAFS h_addr is a macro referencing the first address in the
h_addr_list array. If h_addr was a loopback address, it would
ignore any additional addresses that might be in the list.
2. It assumed that if gethostbyname(aname) returned a loopback
address as h_addr that 'aname' must be referring to the machine
that the vos command is being executed on. It therefore used
gethostname() to obtain an alternate name to use for a gethostbyname()
query. The results of this query were not checked to be a loopback.
As a result, a loopback address could be returned to the caller which
in turn could be set into the VLDB.
Change-Id: Ib8d513be9daf650045e9c40718b0187f6b9770a2
Reviewed-on: http://gerrit.openafs.org/10585 Reviewed-by: D Brashear <shadow@your-file-system.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Harald Barth <haba+gerrit@kth.se> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Michael Meffie [Tue, 11 Mar 2014 16:40:33 +0000 (12:40 -0400)]
libafs: reset global icl set pointers on shutdown
Avoid panicking when an icl tracing function is called after
shutdown_icl.
There is a window during shutdown in which pioctls can be requested
after the shutdown_icl is issued. Reset the global icl set pointers
so tracing is disabled after the shutdown_icl, instead of using
pointers to freed memory.
Removed the unneeded afs_icl_FindSet calls and use the global
pointers which were set during the initialization.
Change-Id: I3310868a28850236a2870b8dab858ecb7a815c11
Reviewed-on: http://gerrit.openafs.org/10884 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: D Brashear <shadow@your-file-system.com>
Benjamin Kaduk [Fri, 14 Mar 2014 15:13:15 +0000 (11:13 -0400)]
libafs: DARWIN: update for Xcode 5.1
(1) remove -mlong-branch from amd64 build
Random internet postings suggest that it has triggered a warning
since at least Xcode 3.2, and the gcc manual page suggests that
it is only applicable on ppc, anyway.
(2) remove -mpreferred-stack-boundary=4 from the amd64 build
The evidence here shows up less readily in an internet search,
but it seems that Apple's compilers will force the stack alignment
to 16 bytes regardless of what is passed here. One poster had
trouble with -mpreferred-stack-boundary being unused in Xcode 4.4.1
This change only fixes warnings reported as errors by buildbot; it
does not attempt to fully synchronize with the flags that Xcode 5.1
uses for kernel module builds.
Benjamin Kaduk [Thu, 13 Mar 2014 19:30:42 +0000 (15:30 -0400)]
Remove static const char copyright[]
We do not have copyright strings in our other executables for the other
copyright statements applicable to them, so these are rather exceptional.
They also cause build failures with OS X Xcode 5.1 and --enable-checking .
Jeffrey Altman [Sat, 15 Mar 2014 16:44:09 +0000 (12:44 -0400)]
Windows: XP do not mark rdr devices as secure
Commit 9174531dca75f1f2d235ed806f784422792c3ab2 introduced the use
of device characteristics (secure and remote) to the IoCreateDevice()
and IoCreateDeviceSecure() calls for the AFSRedirector device objects.
After this change end users began to report problems on 32-bit Windows
XP SP3 when the initial access to the AFS redirector was performed by
a Limited Access Account.
This patchset conditionalizes the specification of the secure device
characteristic when registering the redirector with MUP on 32-bit
Windows XP.
Jeffrey Altman [Wed, 12 Mar 2014 16:41:45 +0000 (12:41 -0400)]
Windows: NP AFSGetConnectionInfo AuthId == 0
During the processing of a network provider GetConnectionInfo request
if the provided Authentication Logon Session Id is zero, the redirector
should attempt to obtain the Logon Session Id in kernel. This was
not performed within AFSGetConnectionInfo().
When processing a network provider GetConnection requestion obtain
the Authentication Logon Session Id earlier in the function so that
it can be logged as part of subsequent trace messages.
Jeffrey Altman [Mon, 10 Feb 2014 10:13:37 +0000 (05:13 -0500)]
Windows: AFSShareWrite do not assign pFcb too soon
In AFSShareWrite the value of pFcb is used to determine whether
or not the pfcb->NPFcb->Resource must be released upon exit.
Therefore, it must not be assigned a value until just before the
resource is acquired.
Commit 54eb2485b59550ba42569ed3a8d76211a3a35019 removed the
implementation of bnode_Deactivate(), which had been #ifdef'd out
for a long time, but left the prototype in place. Remove the
obsolete declaration in bosprototypes.h as well.
Stephan Wiesand [Fri, 7 Mar 2014 10:03:36 +0000 (11:03 +0100)]
doc: improve man pages related to bos restricted mode
Mention the restrictmode entry and the commands for setting and
querying it in the BosConfig man page, and add/fix cross references
between the BosConfig, bos, bos_getrestricted and bos_setrestricted
ones.
Change-Id: I938ef4c43c1a248335f09975c454b36f7570782c
Reviewed-on: http://gerrit.openafs.org/10874 Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Stephan Wiesand [Thu, 21 Nov 2013 09:44:05 +0000 (10:44 +0100)]
redhat: don't package kpasswd
While kpasswd was in the separate openafs-kpasswd package to avoid
clashing with the krb5 executable, openafs-debuginfo still conflicted
with krb5-debuginfo.
Don't package kpasswd at all. Package the renamed executable, kapasswd,
in openafs-kpasswd instead of openafs, together with the renamed man
page. Once we're here, provide the man page for the other executable in
there too.
FIXES 131771
Change-Id: I0d7af82072847a19f0e1ce34dbeeb34623d2ef38
Reviewed-on: http://gerrit.openafs.org/10481 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com> Reviewed-by: D Brashear <shadow@your-file-system.com>
Garrett Wollman [Fri, 14 Feb 2014 04:03:59 +0000 (23:03 -0500)]
doc: Document dependencies required for building everything
Add a new section to README.DEVEL that describes the packages required
to build everything (including all optional code like the FUSE-based
user-mode client). Start with what I figured out for FreeBSD (tested
on a clean 10.0 install) and what Russ Allbery described on the
openafs-devel list in
<https://lists.openafs.org/pipermail/openafs-devel/2014-February/019759.html>.
Benjamin Kaduk [Wed, 5 Feb 2014 23:32:16 +0000 (18:32 -0500)]
afs_fetchstore: re-avoid uninitialized variable
As noted in the gerrit comments for change 10742, commit baf6af8a8f2207ce39b746d59ca4bc661c002883 does not handle the case
where the second rx_Read() call fails, and the 'length' variable
can still be used uninitialized.
Instead of using an err label and jumping to it on the case of
errors, initialize length to zero and take care to neither
set nor access *alength if an error has occurred. This is
more consistent with the style of the surrounding code while still
avoiding the use of an uninitialized variable.
Benjamin Kaduk [Thu, 6 Feb 2014 22:01:19 +0000 (17:01 -0500)]
FBSD: Switch the dummy 'data' for mount(2)
The mount(2) API takes a void*, but 'rn' is const char*, which
is const-incorrect. Our vfs_cmount implementation ignores the 'data'
parameter, but upstream's kernel mount(2) implementation did
have a NULL check until r158611 (in the 6.1 or 7.0 timeframe),
so leave that comment for now.
Arguably we should be using nmount(2) instead of mount(2) anyway,
but leave that for a separate patch.
Benjamin Kaduk [Thu, 6 Feb 2014 21:22:49 +0000 (16:22 -0500)]
pointers are not castable to unsigned int
When printing a pointer's value for debugging purposes, use the
dedicated printf format specifier for pointers instead of assuming
that unsigned int ('x') is good enough.
Benjamin Kaduk [Thu, 6 Feb 2014 20:52:49 +0000 (15:52 -0500)]
Satisfy clang's aggressive strlcpy warnings
Passing something related to the length of the source as the
length argument to strlcpy triggers a warning, which is converted
to an error with --enable-checking (on FreeBSD 10.0). The current
code is safe, since it is using the same expression that was used
to allocate the destination buffer, but switch to using a separate
variable to hold the length and use that variable for both allocation
and copying, to appease the compiler.
Jeffrey Altman [Thu, 23 Jan 2014 03:17:56 +0000 (22:17 -0500)]
Windows: cm_GetCell_gen Fixup cm_server cellp on race
If a race occurs during the instantiation of a new cm_cell_t object,
the created servers will point at the wrong cm_cell_t object after
the race is detected. Before cm_GetCell_gen completes the cm_server_t
objects must be fixed to point to the correct cm_cell_t.
Jeffrey Altman [Fri, 31 Jan 2014 05:49:44 +0000 (00:49 -0500)]
Windows: cm_AddCellProc always call cm_NewServer
The current implementation of cm_NewServer handles races and
collisions. There is no need to perform a cm_FindServer() check
first. Just call cm_NewServer() for all server entries.
Move the logging of server creation and cell assignment to
cm_NewServer().
Andrew Deason [Fri, 31 Jan 2014 22:46:12 +0000 (16:46 -0600)]
afs: Throttle byte-range locks warnings per-file
Currently, the warning messages about byte-range locks are throttled
only according to what the last PID of the locking process was. So, if
that same process performs a bunch of byte-range locks a bunch of
times, we log this warning message at most once every 2 minutes.
However, if we have even just one other process also performing
byte-range locks, the throttling can become pretty useless as
lastWarnPid ping-pongs back and forth between the two different PIDs.
This can happen if multiple unrelated byte-range-lock-using pieces of
software just happen to be running on the same machine, or if a piece
of software uses byte-range locks after forking into separate
processes.
To avoid flooding the log in situations like this, keep track of the
last warn time in the relevant vcache, so we don't get frequent
warnings for byte-range lock requests on the same file.
Andrew Deason [Fri, 30 Aug 2013 19:21:16 +0000 (14:21 -0500)]
namei: Ignore misplaced files
The namei salvaging/ListViceInodes code currently ignores files where
we cannot derive an inode number from a given filename. However, if a
file is a valid inode filename, but is in the wrong directory, we
still record it. This can cause the salvager to abort, since it
assumes inode e.g. 12345 is present, but when it tries to open 12345,
namei translates the inode to a nonexistant path, and we bail out.
It is unknown how a namei directory structure can reach this state,
but try to handle it. To be on the safe side, just ignore the files,
and log a message about them. That way, if the files are required for
reconstructing the volume or contain important data, they are still
available if needed. And if they contain incorrect or old data, we
don't screw up the volume by trying to use them.
Thanks to Sabah S. Salih for reporting a related issue.
Andrew Deason [Thu, 3 Oct 2013 17:51:41 +0000 (12:51 -0500)]
salvager: Handle multiple/inconsistent linktables
The ListAFSSubDirs code in namei_ops.c currently detects
incorrectly-named linktable files, and whines about them and says the
salvager will handle them. However, the salvager doesn't really handle
them, since we just use the first linktable we find (FindLinkHandle)
without checking any of the information about it.
So, check for these. Fix FindLinkHandle to only consider a linktable
the "real" linktable to use if it actually matches the volume group id
we're salvaging. Also delete any inconsistent linktables via the new
function CheckDupLinktable later on.
Note that inconsistently-named linktables have been known to have been
created in the past due to a bug in the salvager (fixed by ae227049),
and possibly due to other unknown issues.
Change-Id: Iac461e1254e1f73406a2bc74eaa5a5f53d697304
Reviewed-on: http://gerrit.openafs.org/10322 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: D Brashear <shadow@your-file-system.com>
Andrew Deason [Fri, 31 Jan 2014 22:36:44 +0000 (16:36 -0600)]
afs: Refactor DoLockWarning
Change DoLockWarning around a little bit, so subsequent changes are
easier to follow. Move lastWarnTime/lastWarnPid so they are only
usable within this function.
Marc Dionne [Thu, 30 Jan 2014 18:50:37 +0000 (13:50 -0500)]
Linux: When revalidating, don't drop in-use dentries
The Linux client can get into a state where the current working
directory is seen as "deleted" by some tools, while it is still
there and accessible to "ls" and other tools. This has been
reported by several users and sites.
One scenario that has been observed while debugging:
- A process does a chdir() into a directory
- This stores a pointer to the dir's dentry in the task structure
- The server hosting the volume goes offline temporarily
- The dentry for the directory is passed to afs_linux_dentry_revalidate
- afs_linux_dentry_revalidate calls afs_lookup which returns an
error (110 - ETIMEDOUT)
- It then considers the dentry not valid, and calls d_drop()
- d_drop unhashes the dentry unconditionally
- Server comes back up, but dentry is still unhashed
- getcwd() fetches the task structure pointer to the current dir
dentry. If unhashed, it returns ENOENT, and the vfs layer is
not involved at all.
At that point, many things won't work and there is no obvious way
for the user to get the directory rehashed.
Instead of calling d_drop directly, call d_invalidate instead, as
it will only drop (unhash) the dentry if we're the only one holding
a reference. Since d_invalidate will also call shrink_dcache_parent,
also remove that call from our code so it doesn't get called twice.
Arne Wiebalck [Fri, 10 Jan 2014 16:29:11 +0000 (17:29 +0100)]
Log shutdown progress
Shutting down fileservers with thousands of volumes can take a while and
it is helpful for operations to actually see that there is progress when
detaching volumes. This patch adds a log message to the fileserver log
every time 100 volumes have been detached.
Andrew Deason [Thu, 30 Jan 2014 20:43:57 +0000 (14:43 -0600)]
afs: Pay attention to fetchOps->destroy error code
The ->destroy function in our fetchops could change our error code, or
even raise a new error. Don't ignore it. This currently doesn't do
much, since fetchDestroy currently won't change the error code if it's
given an error, but this can change in the future.
projects / packages / o / openafs.git / log