Rainer Toebbicke [Wed, 24 Feb 2010 11:02:08 +0000 (12:02 +0100)]
Do not leak information on partial success in RXAFS_InlineBulkStatus
Initialize all RXAFS_InlineBulkStatus return parameters in case portions
remain unset on FetchStatus failures. Also ensure VolSync info is set even if
the first FetchStatus fails.
Derrick Brashear [Wed, 24 Feb 2010 16:13:23 +0000 (11:13 -0500)]
remove dropbox attribute leak fix
change 6ec18461649d3e4f44b2476f886bcc480c456500, avoid leaking stat info,
appears to have side effects on at least macos, crashing the system
coreservicesd. revoke the change until the exact behavior we want is
better understood.
Andrew Deason [Thu, 18 Feb 2010 17:42:27 +0000 (11:42 -0600)]
VLockFile: Do not close fd on lock failure
When we fail to acquire a lock in _VLockFd, do not close the fd if we
fail to acquire the lock for any reason, since VLockFile does that for
us already. There also may be other locks on that file, and we clearly
do not want to release them when just one lock fails. VLockFile takes
care of the necessary refcounting and fd closing, so don't do it in
_VLockFd too.
Chaz Chandler [Tue, 23 Feb 2010 22:20:39 +0000 (17:20 -0500)]
add limits.h to sysincludes.h on IRIX
xdr_mem.c wasn't including limits.h on IRIX when KERNEL was declared, so i
INT_MAX was undefined. this adds limits.h to sysincludes.h so it's included
for all other places where it might be needed.
Anders Kaseorg [Sat, 20 Feb 2010 18:28:59 +0000 (13:28 -0500)]
Linux: Use kbuild to check for UML
<linux/autoconf.h> is automatically included by kbuild; you aren’t
supposed to include it directly. That breaks in 2.6.33 because
<linux/autoconf.h> is moving to <generated/autoconf.h>.
Anders Kaseorg [Sun, 21 Feb 2010 01:28:42 +0000 (20:28 -0500)]
Linux: Fix conversion of whole-file locks
An overflow bug in commit 49b7bbdd3b45df694fadbef48f9ed99d9bfe07b9
caused whole-file locks to be treated as byte-range locks, which fail
to be propagated to other machines.
Fix this by setting l_len = 0 for locks that range to the end of the
file.
Andrew Deason [Wed, 27 Jan 2010 21:08:34 +0000 (15:08 -0600)]
Abstract /vicepX header traversal
The code for examining all of the headers on a vice partition now exists
in two places: the VGC scanner, and the salvager. Create the
VWalkVolumeHeaders function that contains the common logic so it's in
one place, and take a couple of function callbacks for the differences.
Andrew Deason [Mon, 15 Feb 2010 22:22:56 +0000 (16:22 -0600)]
Allow GetSomeSpace_r to select an optimal host
Previously GetSomeSpace_r would never find an 'ideal' host for which to
clear callbacks, since lih0_r and lih1_r required a non-NULL rock to do
anything. Remove the requirement for the passed-in host rock to be
non-NULL, and make lih*_r more threadsafe, by passing in a parameter
struct for the rock.
Also attempt to make the GSS_r code a bit more clear with some
descriptive variable names and such.
Andrew Deason [Tue, 16 Feb 2010 17:08:38 +0000 (11:08 -0600)]
h_TossStuff_r: make sure host does not go away
When h_TossStuff_r h_NBLock_r's a host, it is not only possible for
someone else to grab a hold on the host, but in theory it's also
possible for someone to hold a host, release it, and for the host to be
deleted again (assuming some callers hold HOSTDELETED hosts, which they
should not be doing).
To make this safety check a bit more robust, hold the host in
h_TossStuff_r before h_NBLock_r'ing, to ensure that it does not go away
while we're waiting for H_LOCK.
Andrew Deason [Mon, 22 Feb 2010 17:56:07 +0000 (11:56 -0600)]
Prevent deadlock if fs_stateSave panics
fs_stateSave can call ShutDownAndCore(PANIC) if it detects host list
corruption. Right now this will deadlock the shutdown thread, since
we're still holding a read lock on the FS state when we do so, and
ShutDownAndCore will attempt to acquire a write lock. Do two things to
make this a bit better:
-- Unlock the FS state before calling fs_stateSave, sine we're no
longer looking at the FS state (the 'state' in fs_stateSave refers to
the host list and callback lists, not the state locked by
FS_STATE_*LOCK)
-- If ShutDownAndCore detects that it was called inside of
ShutDownAndCore, skip shutting down the volume and host packages, since
they have already been shut down
Andrew Deason [Fri, 12 Feb 2010 23:44:31 +0000 (17:44 -0600)]
Check for HOSTDELETED before h_Hold_r
A few places h_Hold_r a host and later drop and reacquire H_LOCK without
checking if the hostFlags contains HOSTDELETED. This can cause a race
with h_TossStuff_r where we later reference a host that is about to be
freed or already has been freed.
Add checks for HOSTDELETED in these places, and skip over the deleted
hosts.
Andrew Deason [Fri, 12 Feb 2010 22:30:44 +0000 (16:30 -0600)]
Correct the h_Enumerate_r hostList safety check
Ide1e5aca7c2c4a4af3f62bc07821db694f2f9999 added safety checks for a few
traversals through hostList, including the traversal in h_Enumerate_r.
Unfortunately, h_Enumerate_r may not hold H_LOCK over its entire
traversal (h_Release_r can drop and reacquire it), so the value of
hostCount is not guaranteed to stay the same.
A host may be deleted during the loop, or right near the end, decreasing
hostCount to below our current running 'count' of hosts, triggering the
panic unnecessarily.
Also, we break out of the loop if the H_ENUMERATE_ISSET_BAIL test
succeeds, making the panic also incorrectly trigger then.
So instead, remember the value of hostCount, and ensure that we've
actually exceeded that count in the post-loop check.
Andrew Deason [Mon, 15 Feb 2010 16:55:33 +0000 (10:55 -0600)]
h_TossStuff_r: check held-ness after lock
h_TossStuff_r checks if a host is held or locked by another thread
before trying to delete the host. Unfortunately, it checks if it is
locked before checking if it is held, and the lock check drops H_LOCK.
Thus, another thread could hold the host while we don't have H_LOCK, and
we could delete a host that is being held.
Although it is a bug if any thread holds a host that is being deleted,
some instances of this still exist, so make the check more robust.
Reverse the order of the tests, so we detect if someone held the host
while the lock check dropped H_LOCK.
Also log when this happens, as it indicates a bug occurring.
Derrick Brashear [Sun, 21 Feb 2010 22:15:26 +0000 (17:15 -0500)]
idledead client dont interrupt writes
allowing failover is nonsensical, there's nothing to fail to. keep trying to
write. if we want to change this, we need to handle it better than just this.
Simon Wilkinson [Wed, 17 Feb 2010 13:46:23 +0000 (13:46 +0000)]
Unix: Fix objdir builds
Make some changes to the Unix build system so that object directory
builds work again. In particular, change the way that we call
xcodebuild on Darwin, so that source and binary can live in different
places.
Andrew Deason [Wed, 17 Feb 2010 18:56:51 +0000 (12:56 -0600)]
Include stdint.h when using intptr_t
Some platforms such as OpenBSD require including stdint.h before you can
use intptr_t. So, include stdint.h (if it is available) whenever we use
intptr_t.
Andrew Deason [Wed, 2 Dec 2009 19:37:27 +0000 (13:37 -0600)]
salvager: avoid needing temp files to stay around
The salvager makes use of a couple of temporary files to store some
information while doing a salvage. Instead of referring to these files
by path name everywhere, pass around file handles instead. That way we
can unlink the files immediately, and they will be deleted on close.
This removes one of the roadblocks to allowing multiple salvages on the
same partition to occur at once (since otherwise other salvagers would
remove the temporary files on startup), and also makes it much less
likely that old temporary files will be left lying around in the first
place.
Andrew Deason [Thu, 4 Feb 2010 22:47:19 +0000 (16:47 -0600)]
DAFS: Maintain viced volume group hierarchy cache
When salvaging a volume (with DAFS or not), it is required to read the
volume headers of all volumes on the partition, so we know what volumes
are in the same volume group as the salvaged volume. Currently with
DAFS, this requirement can make demand-salvages very slow, since each
demand-salvage must read each volume header on the partition.
So, instead of having each demand-salvage read the volume headers
itself, have a demand-salvage request the required volume group
hierarchy information from the fileserver. The fileserver will scan the
partition's volume headers, and will keep the hierarchy cached in
memory. Any modifications to this hierarchy from volume
creation/deletion will update this volume group cache (VGC) via FSSYNC
commands.
This results in a dramatic salvaging speedup when many demand-salvages
are requested, and eliminates the cases where DAFS salvaging can be
significantly slower than non-DAFS salvaging.
Andrew Deason [Thu, 4 Feb 2010 22:08:48 +0000 (16:08 -0600)]
Add a general file-level locking API
Add an API for acquiring and releasing file-level locks. This abstracts
away the platform-specific aspects of file locking, and also makes the
locking work when several threads attempt to acquire a lock within the
same process.
This commit just adds the functions and datatypes; nothing actually uses
them. The users will be added in (hopefully nearby) future commits.
Simon Wilkinson [Sat, 13 Feb 2010 01:14:07 +0000 (01:14 +0000)]
aklog: Refactor token management operations
Pull the token management operations (get, set and compare tokens) out
into their own functions. Again, this is purely a refactoring exercise -
no behaviour changes are anticipated as a result of this change.
Simon Wilkinson [Fri, 12 Feb 2010 23:38:09 +0000 (23:38 +0000)]
aklog: Refactor token acquisition code
This change refactors all of the rxkad specific token acquisition code
out of the common auth_cell loop, and into a number of functions of its
own. There should be no functional changes.
Simon Wilkinson [Fri, 12 Feb 2010 11:13:16 +0000 (11:13 +0000)]
aklog: Tidy realm handling
Assorted small changes to the way realms are handled by aklog:
* Remove static buffers when realms are passed between functions
* Add cleanup for all dynamically allocated strings to auth_to_cell
* Create an extract_realm helper function to handle extracting realm
information from principals.
* Add a function to handle extracting realm information from decoded
tickets
Simon Wilkinson [Fri, 12 Feb 2010 10:29:00 +0000 (10:29 +0000)]
aklog: Dispose of the pointless confname string
confname makes a static copy of the AFSDIR_CLIENT_ETC_DIRPATH string. As
pr_Initialize takes it as const, there's no need to maintain our own
copy, and so this is superfluous. Remove it.
Simon Wilkinson [Fri, 12 Feb 2010 10:19:26 +0000 (10:19 +0000)]
aklog: Clean up cell handling
Clean up the aklog get_cellconfig routine, so that it is no longer
reliant upon global variables.
* Tidy the handling of local_cell, and use dynamically allocated,
rather than fixed length buffers.
* Use the cell name contained within the afsconf_cell structure,
rather than a local copy
* Access linked cell information from afsconf_cell, rather than
explicitly returning it
* Don't use globals for linkedcell
Simon Wilkinson [Fri, 12 Feb 2010 09:48:44 +0000 (09:48 +0000)]
aklog: Cosmetic cleanup
Fix indentation so that code lines up correctly,
Fix function declarations so they match the house style.
Remove some dead code and comments
Move comment blocks so they're above the code that they're describing.
Remove unused 'lastcell' string
Simon Wilkinson [Sun, 7 Feb 2010 20:51:55 +0000 (21:51 +0100)]
Unix CM: Tidy up the statistics interface
Sort out the function call statistics interface. Whilst it's still
wretched, this makes it a little less so.
*) Add some warnings at the start of the afs_CMStats structure about
what needs to be done when adding things there
*) Remove the conditionals around the CacheBypass counters, so that stats
clients don't need to be built with the same options as servers
*) Add all of the stats entries added after IBM to the xstat_cm_test
routine
*) Add a warning to xstat_cm_test if the data returned from the server
differs in size to the local stats structure.
Jason Rogers [Mon, 15 Feb 2010 23:19:12 +0000 (17:19 -0600)]
prdb_verify -rebuild with supergroups fix
This change eliminates the redundant iteration over the
supergroup[] array in DumpRecreate. By iterating over both
this array and entries[], duplicate au lines are created
and the count variable becomes incorrect. Furthermore,
the au lines created in the supergroups[] section were
incorrectly in the form of au <group> <member> instead
of au <member> <group>.
FIXES 126500
Change-Id: I087772b63934406273f153f4b8a581d965f1e4d5
Reviewed-on: http://gerrit.openafs.org/1316 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com> Reviewed-by: Derrick Brashear <shadow@dementia.org>
Simon Wilkinson [Sat, 6 Feb 2010 13:20:34 +0000 (14:20 +0100)]
Remove the old new token interface
ktc.c has had for a long, long time a 'new' token interface, which
was only enabled if KERNEL_KTC_COMPAT is set. However, this is never
defined in our tree, relies on a syscall that just won't work on
platforms such as Linux, and won't support any of the new token
formats we're planning. So, just remove this interface from our
code - it's in version control should we want to revisit it in the
future.
Adam Megacz [Mon, 15 Feb 2010 01:30:42 +0000 (17:30 -0800)]
Have bosserver catch SIGTERM and shut down gracefully.
Many modern process supervision systems (runsv, daemontools, sysvinit)
expect to be able to terminate a process gracefully by sending it a
SIGTERM; although SIGQUIT is nominally used for this purpose it seems
to have fallen into disuse as a matter of practice. Therefore, to
integrate as smoothly as possible with the outside world, bosserver
should catch SIGTERM and interpret it as a request to shut down
gracefully.
When used with process supervision (runsv or daemontools), the
previous behavior would cause bosserver to die but leave its children
running, and then bosserver would get restarted by the supervisor.
The result is a situation where there would be two copies of every
bnode process. Mayhem ensues.
Marc Dionne [Sat, 13 Feb 2010 00:23:52 +0000 (19:23 -0500)]
Initialize variable that can potentially be used uninitialized
Some compiler versions complain that "code" might be used uninitialized
here. If opening the configuration files fails, conf would be null
and the condition would indeed test an uninitialized variable.
Derrick Brashear [Wed, 10 Feb 2010 20:57:48 +0000 (15:57 -0500)]
irix stdarg printing
use icmn_err facility to print error (and panic for osi_Panic)
note that solaris vcmn_err is basically the same, but there
may be issues per some commenters.
Jeffrey Altman [Fri, 12 Feb 2010 02:45:40 +0000 (21:45 -0500)]
Windows: Prevent explorer shell extension from crashing if symbolic link add fails
The explorer shell extension was passing the wrong parameters to
the MessageBox API when a symbolic link add failed. The end result
was stack corruption.
Derrick Brashear [Thu, 11 Feb 2010 03:12:04 +0000 (22:12 -0500)]
set minimum darwin kernel rx sleep
never be willing to sleep less than 500ms. additional tweaks to the
rx scheduler may be needed however before we always slept for 500; now
we'll sleep longer if no events are pending (but not forever)
Simon Wilkinson [Tue, 9 Feb 2010 19:53:40 +0000 (19:53 +0000)]
Linux: Use current_creds() if stashed creds fail
If we can't use our stashed credentials (because SELinux hates us,
most likely), then fall back to trying the processes current credentials
instead of just oopsing.
Andrew Deason [Thu, 4 Feb 2010 22:26:21 +0000 (16:26 -0600)]
Consolidate code for reading/writing vol headers
The code for reading in and overwriting/replacing volume headers is
duplicated many times throughout the volume package. Consolidate the
code into the functions VReadVolumeHeader, VWriteVolumeHeader,
VCreateVolumeHeader, and VDestroyVolumeHeader. This makes it easy to
change the semantics of how headers are read/written, though this commit
should not change them.
afs_TruncateAllSegments() make sure correct afs_size_t comparison is
used when selecting dcache entries for truncation
Insure that afs_TruncateAllSegments() uses the correct [64-bit]
comparison when deciding whether to truncate chunks:
alen - AFS_CHUNKTOBASE(tdc->f.chunk) for a file > 2GB would fail
to be recognised negative with an "afs_int32 newSize", even with
alen = 0 and big tdc->f.chunk.
this interface works how osi_Wait *should*, except on some platforms Wait
appears to wake up all waiters(!) by using a single wait channel in the
backend. rather than change that and risk problems, introduce an interface
using the same system of events we use for osi_Sleep
Simon Wilkinson [Fri, 5 Feb 2010 12:49:27 +0000 (13:49 +0100)]
Unix CM: Just use Bogus for VenusLogging
The VenusLogging function no longer exists - instead of having a
stub the returns EINVAL, just use the existing Bogus stub (which
returns EINVAL) instead.
Simon Wilkinson [Thu, 4 Feb 2010 17:27:32 +0000 (17:27 +0000)]
Refactor afs_ioctl code
The ioctl code was a nightmare of #ifdefs. This patch reworks it
so that there is a single function for each operating system, which
makes it much easier to see what's going on. Eventually it should be
possible to move these reworked functions out into the osi directories
Simon Wilkinson [Thu, 4 Feb 2010 16:08:26 +0000 (16:08 +0000)]
UKERNEL: End the #define u insanity
UKERNEL redefines the character 'u' to do a function call. This
hurts other kernel developers in all sorts of interesting ways. Remove
the definition, and instead explicitly reference the get_user_struct()
function in those places that we need to.
Simon Wilkinson [Thu, 4 Feb 2010 15:09:34 +0000 (15:09 +0000)]
Add rx security index enum
Add a enumerated type for rx security indexes, initially containing
the values reserved for null, kad, gk, and k5. Start to use this type,
and related names, rather than hard values throughout the code.
Andrew Deason [Mon, 8 Feb 2010 21:03:08 +0000 (15:03 -0600)]
salvager: alias -f to -force
DAFS added the -forceDAFS flag, which made the '-f' flag ambiguous, when
it used to be short for '-force'. Restore the previous meaning of '-f'
to reduce backwards incompatibility.
Simon Wilkinson [Tue, 9 Feb 2010 16:26:57 +0000 (16:26 +0000)]
Initialise ptuser to NULL
Fix fallout from d008089a79ef268bbca91d660a840f32cb416865 - sc wasn't
being initialised when it was declared, and some code paths would fail
to set it. This led to the == NULL check failing, and a new rx
connection being created with an invalid pointer as a security context.
Disaster ensued ...
OpenBSD: don't use AFS_GLOBAL_SUNLOCK on single processor system
Put back the header directives that only turns on AFS_GLOBAL_SUNLOCK
when compiling for multiprocessors system. When enabled on a single
processor OpenBSD system, it is possible to put the entire system
into a lengthy (minutes) lock state when performing multiple AFS
activities. The system behaves MUCH better when AFS_GLOBAL_SUNLOCK
is not set (no problems encopuntered). This whole locking mechanism
needs a bit more examination on OpenBSD before this is useful in
single processor mode.
A shutdown or unmount of AFS on OpenBSD will invariably result in a kernel
panic. This is because the afs_unmount() routine does not (can not?) force
vnode releases if the vnode is still busy. However, it continues on
nonetheless and dies a horrible death a little later.
This update causes a return from afs_unmount() with EBUSY if all the vnodes
weren't released. This results in error messages on shutdown but the overall
process continues more reliably and reboots, for example, work.
There is likely a better solution to this but at least this is no worse than
a system crash and it doesn't require console (or power button) intervention
so it should do until I have the chance to explore further.
Starting with OpenBSD 4.2, the interface list returned by sysctl using
NET_RT_IFLIST contains multiple versions of the data. This really
messes up the rx_getAllAddr_internal() routine that returns a list of
valid interfaces for the system (to the point where none are returned).
This change adds a routine that cleans up the data returned by sysctl
so it returns only a single (the most current) version of the data.
That stops afsd (among others) from being cranky when it starts up.
The internal malloc memory types for IPv6 (M_IP6OPT, ...) conflict
with the type numbers used to designate AFS memory (M_AFSFID, etc.).
This change moves the AFS memory type to a new number that does not
conflict. This is not a serious issue but can create real confusion
when trying to debug or track memory issues, among other things.
When determining the volume type of a volume, vsu_GetVolumeID() checks
to see if the volume name ends in '.backup' or '.readonly' by backing
up the appropriate number of characters from the end of the name. It
does not, however, check to see if it skips past the beginning of the
volume name. This can result in a segmentation fault (which it has for
me on many occasions during a vos release) depending on where memory
is allocated or how/if memory is protected.
This patch corrects this behaviour by checking the volume name string
length prior to doing the string comparison.
Add config param header and sysname number for OpenBSD 4.6.
As well, add an additional parameter to a call to ifa_ifwithnet()
when looking up the MTU for an interface to indicate that the call
should use the default routing table. With the advent of OpenBSD
4.6, the system has started to make provisions for multiple routing
tables which included a change to the calling sequence for this
routine.
projects / packages / o / openafs.git / log