Andrew Deason [Thu, 22 Dec 2011 20:48:49 +0000 (15:48 -0500)]
afs: Panic on afs_conn refcount imbalance
An undercounted afs_conn can easily cause a panic and/or memory
corruption later on, since we put an rx_connection reference with each
afs_conn reference. Panic as soon as we detect this, as this indicates
a serious bug.
Andrew Deason [Wed, 21 Dec 2011 22:01:16 +0000 (17:01 -0500)]
afs: Add afs_WriteDCache sanity checks
Writing a non-free non-discarded dcache entry with a zero volume id
can easily cause hash table corruption later on, so make sure we don't
do that. Also log something if the write itself fails, as this usually
indicates an unusual situation involving I/O errors or something.
Andrew Deason [Wed, 21 Dec 2011 21:05:40 +0000 (16:05 -0500)]
afs: Cope with afs_GetValidDSlot errors
Make callers of afs_GetValidDSlot deal with getting a NULL dcache,
which can occur if an error is encountered. Some of these just panic
at least for now, since a code path for recovery is complex, but this
is at least better than dereferencing a NULL pointer.
Andrew Deason [Wed, 21 Dec 2011 20:04:32 +0000 (15:04 -0500)]
afs: Do not always ignore errors in afs_GetDSlot
Currently afs_UFSGetDSlot will silently swallow any error in reading
the specified dslot from disk, and will return a "blank" dcache to the
caller. However, many callers of afs_GetDSlot will be asking for a
dcache that we know exists, and more importantly, we know is on the
global hash table. If a disk error is encountered and we're given a
"blank" dcache, we will erroneously believe the dcache entry is not on
the hash table, causing corruption of the hash table later on.
So instead, modify all callers of afs_GetDSlot to use either
afs_GetValidDSlot or afs_GetNewDSlot. Calling afs_GetValidDSlot
indicates that the given dentry index is known to be valid, and any
error encountered while reading the entry from disk should result in
an error (for disk I/O errors we have no control over, this results in
a NULL dentry returned; for internal consistency errors we panic).
Calling afs_GetNewDSlot indicates that the specified index may not
exist or may not be valid, and so returning a "blank" dentry in that
case is fine.
For memcache, the situation is the same, except any time we go to
"disk" it is an (internal) error, since there is no disk.
Andrew Deason [Wed, 21 Dec 2011 22:25:29 +0000 (17:25 -0500)]
afs: Remove second argument to afs_GetDSlot
All callers of afs_GetDSlot were passing NULL as the second argument
to afs_GetDSlot. So, remove the argument, and behave as if tmpdc was
NULL unconditionally.
Andrew Deason [Thu, 22 Dec 2011 20:01:52 +0000 (15:01 -0500)]
afs: Indicate error from afs_osi_Read/Write better
Currently afs_osi_Read and afs_osi_Write just return -1 on any I/O
error, even though they know the error code given from the OS VFS.
Just return that code instead so the caller can see what the error
was; but negate it, so it's clear that it is an error.
Andrew Deason [Thu, 22 Dec 2011 19:50:09 +0000 (14:50 -0500)]
afs: afs_osi_Read/Write returns negative on error
afs_osi_Read and afs_osi_Write need to return negative values on
error. EIO is not negative; return -EIO so we don't accidentally
return "success" if someone requested to read or write EIO bytes.
Andrew Deason [Thu, 22 Dec 2011 18:50:53 +0000 (13:50 -0500)]
klog.krb5: cast get_cred_keylen to unsigned
get_cred_keylen can yield a type besides an unsigned int (such as a
size_t on heimdal). But we are printing it with %u, which causes a
warning, so cast it to an unsigned int.
Andrew Deason [Thu, 22 Dec 2011 03:00:12 +0000 (22:00 -0500)]
afsd: Parse cacheinfo during argument parsing
Currently we parse cacheinfo in afsd_run, when the client is
initialized and started. Parsing cacheinfo can change
afsd_cacheMountDir, however, which may be of interest to afsd.o users;
in particular, libuafs exposes this via uafs_MountDir(). This means
that if a mount dir is not explicitly specified in the libcmd
arguments to afsd, a libuafs-using program will see the mountpoint as
the empty string if it is queried after afsd_parse but before
afsd_run. For afsd.fuse, this causes the cryptic error message:
fuse: bad mount point `': No such file or directory
since the mountpoint is the empty string if it is not specified
explicitly on the command line.
To fix this, move cacheinfo parsing to effectively near the end of
afsd_parse, so the mountpoint is calculated in afsd_parse().
Andrew Deason [Fri, 2 Dec 2011 22:06:42 +0000 (16:06 -0600)]
fuse: Add -oallow_other by default where possible
By default, fuse mountpoints are only accessible by the same uid as
that which mounted the fuse filesystem. When we're running as root,
specify -oallow_other so by default anyone can access the afs
mountpoint.
Peter Scott [Sat, 24 Dec 2011 00:00:57 +0000 (17:00 -0700)]
Windows: Avoid bottleneck on VolumeLock
The VolumeLock resource was obtained during each AFSParseName()
and held across a wide range of operations including volume
info queries, renames, and extent requests. These operations can
take a long time to complete and as long as the VolumeLock was
held exclusively there could only be one operation in flight at
a time on a given volume. This significantly reduced the parallelism
of operations.
The VolumeLock was not required in almost all cases. This patchset
adjusts the use of the VolumeLock and avoids the bottleneck.
Jeffrey Altman [Sat, 24 Dec 2011 08:15:53 +0000 (03:15 -0500)]
Windows: avoid race in cm_GetNewSCache
The cm_scacheLock is dropped while walking the scache LRU queue.
As a result it is possible for the cm_scache_t that is being
considered for recycling to be accessed and moved to the head
of the queue.
Track the prev and next pointers so it is possible to detect if
the cm_scache_t that is about to be recycled has been moved. If
so, restart the search from the tail.
Jeffrey Altman [Sat, 24 Dec 2011 08:11:04 +0000 (03:11 -0500)]
Windows: cm_BufWrite() must wait in cm_SyncOp()
Now that it is permissible for more than one store data operation
to construct BIOD lists in parallel, cm_BufWrite() must be willing
to wait in cm_SyncOp(). Otherwise, the daemon threads will spin.
Simon Wilkinson [Sat, 24 Dec 2011 17:23:48 +0000 (17:23 +0000)]
rx: Don't adjust non-existent events
If we notice that time has gone backwards (that is, the current
time is older than the time of the last event we fired), then we
reschedule all pending events.
On Windows, immediately after we have resumed from a suspend, this
code path can be executed with an empty event tree, causing an
exception:
Resolve this by checking for an empty tree before we attempt to adjust
event times. If the tree is empty, we just zero the last event time
(so we don't keep running the adjustTimes routine), and continue as
normal.
Jeffrey Altman [Thu, 22 Dec 2011 02:47:56 +0000 (21:47 -0500)]
Windows: AFSCleanup extent processing
1. Perform a CcFlushCache() any time the file is cached
and the Context Control Block indicates that the handle
has FILE_WRITE_DATA permission.
2. Perform an AFSFlushExtents() whenever there are dirty
extents and the handle has FILE_WRITE_DATA permission.
No point flushing the extents if the AuthGroup does not
have write permission. Another Ccb must exist that does
have write permission.
Change-Id: I3ece011b484c12e7dc936b81c272ba6a42f6c7d6
Reviewed-on: http://gerrit.openafs.org/6399 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Jeffrey Altman [Thu, 22 Dec 2011 02:34:14 +0000 (21:34 -0500)]
Windows: AFSRequestExtentsAsync retry with alt authgroup
If AFSRequestExtentsAsync() fails to obtain requested extents
due to STATUS_ACCESS_DENIED using the AuthGroup associated with
the Context Control Block, try to find an alternate AuthGroup
to use to perform the extent request. We have already told
Windows what permissions the application has when the file was
opened. Windows will perform its own validation checks prior
to permitting the data to be accessed or altered.
Jeffrey Altman [Thu, 22 Dec 2011 02:17:33 +0000 (21:17 -0500)]
Windows: Use AuthGroups for extent request error reporting
The afs redirector current tracks the most recent extent error
in the File Control Block. Prior to this patchset the error
was returned to the requesting thread when the process Id matched
the most recent Process to issue a request. This approach resulted
in a couple of problems.
1. There are multiple threads that can issue an extent request
on the same file at the same time representing different processes.
Resetting the process Id with each new request could clear the
error prior to its receipt.
2. The failure may be due to inappropriate permissions. Permissions
are not associated with proceses but with Authentication Groups.
This patchset makes several changes:
1. It enables the afsd_service to track the active authgroup as
part of the cm_user_t structure and associates that object with
the BIOD object to ensure that the active authgroup can be
reported to the afs redirector.
2. It modifies the AFSExtentFailureCB structure to include the
AuthGroup GUID.
3. It tracks the AuthGroup GUID associated with the extent
failure in the non-paged file control block.
4. It converts all tests on Process Id to use AuthGroup instead.
5. It alters the behavior of error delivery such that reported
error is only cleared after it has been reported once to a
thread using the matching AuthGroup.
These changes make the situation better but not perfect as error
states can still be lost. However, it avoids the case most often
seen in production where two processes (a end user process and an
anti-malware process) are fighting over a file and the anti-malware
process has no permission to access the file under its own credentials.
Change-Id: Ia5c3877b8d46de695c86884c4166dc812885a72c
Reviewed-on: http://gerrit.openafs.org/6396 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com> Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Jeffrey Altman [Thu, 22 Dec 2011 02:10:45 +0000 (21:10 -0500)]
Windows: Explicit permission check on extent release
When a data extent is released by the afs redirector or the
afsd_service performs an extent claw back during a cleanup
operation, perform an explicit permission check before attempting
to store dirty buffers to the file server. Instead of waiting
for the file server to fail the request, fail it immediately.
The permission check is performed using the currently active
authentication group.
Jeffrey Altman [Thu, 22 Dec 2011 02:08:59 +0000 (21:08 -0500)]
Windows: RDR_CleanupFileEntry restrict extent claw back
Only demand that extents be returned by the afs redirector
if this cleanup is the last open handle or the redirector has
requested that the file be flushed to the file server.
Jeffrey Altman [Thu, 22 Dec 2011 01:49:59 +0000 (20:49 -0500)]
Windows: Bad DV invalidate only when new DV not 0
If the current DV is BAD_VERSION and the new DV is 0, do not send
an invalidation to the redirector. It only results in wasteful work.
If the current DV is BAD_VERSION the object either:
1. was never previously known
2. was recently flushed
3. the cm_scache_t was recycled
In all cases, the redirector does not have knowledge of the object
since either it didn't exist or a previous invalidation was sent.
Jeffrey Altman [Thu, 22 Dec 2011 01:45:19 +0000 (20:45 -0500)]
Windows: Define times in terms of AFS_ONE_SECOND
The afs redirector defines the macro AFS_ONE_SECOND to indicate
the number of 100ns units necessary to indicate one second of time.
Use that definition when defining other time values. Also define
AFS_ONE_MILLISECOND and AFS_ONE_MICROSECOND.
Change-Id: Ie2a173b4037af61e9a1c5aa06129520c36d714bb
Reviewed-on: http://gerrit.openafs.org/6391 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com> Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Andrew Deason [Mon, 19 Dec 2011 22:11:31 +0000 (17:11 -0500)]
Include afsconfig.h before anything else
afsconfig.h can define various preprocessor symbols that can affect
how system headers behave. For example, the presence of the
_POSIX_PTHREAD_SEMANTICS symbol changes the number of arguments to
getpwnam_r on at least Solaris 8. So, we must include afsconfig.h
before including anything else, to ensure consistency.
Jeffrey Altman [Sun, 18 Dec 2011 23:36:14 +0000 (18:36 -0500)]
Windows: avoid deadlock during SetRenameInformation
The VolumeLock must be held before the Fcb->NPFcb->Resource.
Obtain the VolumeLock in AFSSetFileInformation only in the
rename case instead of obtaining the VolumeLockin AFSSetRenameInformation.
Peter Scott [Wed, 14 Dec 2011 19:27:54 +0000 (12:27 -0700)]
Windows: Track AuthGroup in Context Control Block
Tracking the AuthGroup in the File Control Block proved to be
insufficient to ensure that dirty extents can be stored back
to the file server when an anti-virus service opens a file
in authgroup without 'write' permission immediate after the
application performing a WriteFile() opens it. In this situation
the Fcb ends up with the AuthGroup set to the anti-virus value
and not the one that belongs to the writing application.
Tracking the AuthGroup by Ccb provides the ability to select
an AuthGroup from the list of open handles instead of tracking
the most recent one.
Jeffrey Altman [Sat, 17 Dec 2011 17:08:49 +0000 (12:08 -0500)]
Windows: forget data version only for flushing
The AFS redirector was intentionally forgetting the data version
number for AFS_INVALIDATE_DATA_VERSION events. The point of that
event is to ensure that clean data be purged if the data version
in fact changed. Checking the data version for change cannot be
performed if the data version is reset to -1.
Only when AFS_INVALIDATE_FLUSHED is processed should the data
version be reset to ensure that all of the data is purged.
Andrew Deason [Wed, 14 Dec 2011 20:42:08 +0000 (14:42 -0600)]
afs: Clear VHardMount on ResetVolumeInfo
afs_Analyze sets VHardMount on a volume struct when a hard-mount
scenario is encountered, and clears it after sleeping. However, if the
volume struct has VRecheck set, or if it's not in memory, afs_Analyze
cannot retrieve the volume struct in order to clear VHardMount again.
For the VRecheck case, this can results in VHardMount never getting
cleared, and so hard-mount messages for the volume seem to disappear.
So, clear VHardMount when we set VRecheck so this does not occur.
For the case where the volume struct is not in memory, this is not a
problem, since when we allocate a volume struct again, the VHardMount
state will not be retained.
Andrew Deason [Wed, 14 Dec 2011 20:16:16 +0000 (14:16 -0600)]
viced: Yell when we GetSomeSpace_r
A GetSomeSpace_r call indicates we don't have enough callbacks
configured. For many people, this can happen without the administrator
realizing anything is wrong, since we never give any indication that
something is amiss, unless the administrator checks the xstat
statistics.
Since this can indicate a serious performance problem, yell in the log
when this happens. Only do it once, so we don't spam the log.
cs_CZ localization cannot be committed to the repository until:
1. Resource DLLs for all components are built in the tree.
2. All built components have been successfully tested so that OpenAFS is not shipping code that caused executable components to crash in the cs_CZ locale.
Michael Meffie [Thu, 29 Sep 2011 18:44:11 +0000 (14:44 -0400)]
bozo: retry start after error stops
After a bnode is stopped because of two many consecutive exits
delay for some time and attempt to start the bnode again. Countine
to retry on each error stop, doubling the delay for each retry
attempt until a maxium number of attempts.
Michael Meffie [Fri, 30 Sep 2011 16:22:27 +0000 (12:22 -0400)]
bozo: preserve all options over restart
On unix, save all the bosserver command-line options and reuse
them on bosserver restarts. On Windows, the SCM integrator saves
the argument list, just use them.
Andrew Deason [Thu, 3 Feb 2011 22:11:38 +0000 (16:11 -0600)]
volser: Do not reset copyDate in ReClone
When we ReClone in the volserver, do not reset the clone's copyDate to
the current time. If we retain the copyDate between ReClone
operations, then we can know when the clone was first created (and
thus makes local RO clones more consistent with remote RO sites).
It appears that we don't actually need an interface to set the name
of an arbitrary thread (which Mac OS can't do), so remove the
afs_pthread_setname() interface and promote afs_pthread_setname_self()
to the status of primary.
Michael Meffie [Tue, 26 Jul 2011 13:18:44 +0000 (09:18 -0400)]
volscan: print vnode metadata information
volscan program to print vnode meta-data in a grep/awk/perl friendly
format. Optionally, find the paths of each vnode relative to the volume
root. Access control list data can be reported, and are listed as one
access entry per line. Mount point information can be shown to which
volumes are mounted from given volumes.
The path lookup code originally written by Tom Keiser.
Jeffrey Altman [Fri, 9 Dec 2011 23:40:42 +0000 (18:40 -0500)]
Windows: Suspend/Resume for afsd_service
The power mgmt events are received in the service. The service
can block all requests from the redirector from being processed
until it knows that it is safe to process them.
The service will receive a SERVICE_CONTROL_APMSUSPEND just before
the system goes to sleep. The service has two seconds to respond
and it uses that time to attempt to send RXAFS_GiveUpAllCallBacks
to all file servers as an rx_multi with no wait. It also marks
all servers down and updates the callback expirations to be just
after the servers were marked down so that they will be forced to
be refreshed when the server is marked up.
Upon resume the service receives two events. First,
SERVICE_CONTROL_APMRESUMEAUTOMATIC which is used to perform an
SMB lan adapter change detection and perform a probe of all down
servers. The second, SERVICE_CONTROL_APMRESUMESUSPEND is used to
resume SMB listeners, perform a 2nd lan adapter change check (just
in case), check the status of all down servers in additional
networks have come up, and finally resume processing of redirector
requests.
With these changes no special logic in the redirector is required.
Jeffrey Altman [Thu, 8 Dec 2011 15:00:57 +0000 (10:00 -0500)]
Windows: increase timeout for extent request retries
The AFS Redirector requests file data extents from the afsd_service.exe. If
it does not receive the requested extent within 10 seconds it issues another
request for that extent. Extent processing in the afsd_service is handled
by background daemons that process tasks serially from a work queue. When
the load on the system is large enough that satisfying the work queue takes
longer than 10 seconds, the redirector would retry the request. This would
increase the length of the work queue and increase lock contention.
Increasing the timeout period for extent retries to two minutes
significantly reduces the number of retry attempts while maintaining
protection against a lost extent request. Two minutes is selected because
that is the rx hard dead call timeout.
Simon Wilkinson [Sun, 20 Nov 2011 23:11:53 +0000 (18:11 -0500)]
rx: Make CALL_RELE and CALL_HOLD lock refcnt mutex
The reference count mutex must always be held when calling CALL_RELE
or CALL_HOLD. Instead of requiring that the caller obtain, and release
the mutex, do so within the HOLD and RELE macros, greatly simplifying
calling code. Provide CALL_RELE_R and CALL_HOLD_R as versions of these
macros which can be used by callers who already hold the reference
count mutex for other purposes.
Ben Kaduk [Sat, 3 Dec 2011 19:37:09 +0000 (14:37 -0500)]
FBSD: switch afsi_SetServerIPRank implementation
Upstream has removed the ia_net{,mask} elements from
struct in_ifaddr, so we can no longer use them directly.
Switch to passing an rx_ifaddr_t (i.e. struct ifaddr*) in instead,
as that uses a slightly different codepath which still works
for our purposes.
We compile the kernel module with -Werror, so storing a pointer
(memcpy return value) in an int is forbidden, hence the conditional
declaration of 't'.
Simon Wilkinson [Sun, 20 Nov 2011 23:07:41 +0000 (18:07 -0500)]
rx: Helper function for decrementing conn refcnt
The code to lock the reference count mutex, reduce the connection
reference count, then unlock the mutex, is duplicated many times
throughout rx.c. Replace all of these multiple copies with a single
inline function.
Simon Wilkinson [Sun, 20 Nov 2011 16:31:28 +0000 (16:31 +0000)]
rx: Hide the rx_packet.h
Hide the rx_packet.h, and hence the rx_packet structure from
application view. rx_packet.h is currently still installed, and is
included directly by RX security classes, to reduce the per-packet
overhead there.
Simon Wilkinson [Sun, 20 Nov 2011 14:58:28 +0000 (14:58 +0000)]
rx: Make the rx_call structure private
Hide the rx_call structure for public view. Provide accessors for
those elements which are currently accessed by applications.
Note that this change as it currently stands removes the visibility
of the last sent time, and sequence number information, from the
VolMonitor function.
Simon Wilkinson [Tue, 15 Nov 2011 10:40:44 +0000 (10:40 +0000)]
rx: Make struct rx_connection private
Move the rx_connection structure into a private header file, so that
it is only visible from within the rx module. This allows us to use
types within the structure that are not visible to everywhere that
includes rx.h, as well as being a step towards a more stable ABI for
RX.
Add accessor functions for all of the connection members which are
currently used by external callers, and modify those accessors
which were implemented as macros to also be functions.
Change all external access to the connection structures to use these
new functions.
Jeffrey Altman [Sat, 3 Dec 2011 22:49:47 +0000 (17:49 -0500)]
Windows: apply Nat Pings only to cm_rootUser connections
Use CM_UCELLFLAG_ROOTUSER flag to identify the cm_rootUser
connections and only apply Nat pings to those connections
instead of examining the security state of the connection.
Simon Wilkinson [Sat, 3 Dec 2011 21:10:43 +0000 (21:10 +0000)]
rx: Some kernels have no reschedule function
If RXK_TIMEDSLEEP_ENV isn't set, then Unix kernel cache managers
call rxevent_Init without a reschedule function. Check for this so
we don't end up calling a NULL function in these situations.
Change-Id: I5e89f5247aeffc4c27d3f81c0ccabe4979232846
Reviewed-on: http://gerrit.openafs.org/6206 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Jeffrey Altman [Sat, 3 Dec 2011 04:38:01 +0000 (23:38 -0500)]
Windows: npdll connected query returns no usage
In response to a NPEnumResources CONNECTED scope query, the usage
field is always set to zero. If the CONNECTABLE flag is set,
mpr.dll will filter the entry out of the result list.
Simon Wilkinson [Sun, 20 Nov 2011 16:29:55 +0000 (16:29 +0000)]
rx: Refactor MaxMTU error checking
The error checking on the rxMaxMTU parameter was done individually by
every server that sets it, using "internal" RX #defines to do so.
Instead, do the error checking within the function that actually sets
the MTU, reducing both the amount of code duplication, and the amount
of RX knowledge held within the servers.
Andrew Deason [Fri, 2 Dec 2011 20:36:59 +0000 (14:36 -0600)]
salvager: Create link table with volume group id
The link table needs to be created with the VG id or RW vol id, not
the non-RW vol id. Unlike other special inodes, this goes for both the
'parent' and 'volume' volume ids, not just the 'parent' id, since
there is only one link table per VG.
Without this, the salvager can generate invalid linktable special
inodes if it encounters a VG with no inodes for the RW vol.
Andrew Deason [Wed, 30 Nov 2011 23:41:53 +0000 (17:41 -0600)]
DAFS: Ensure logging on attach2 errors
The attach2 error path transitions a volume to VOL_STATE_ERROR, in
case whatever got us to that error path did not already put the volume
in an appropriate state. Log when we do this, to make sure we do not
end up with a volume in VOL_STATE_ERROR state silently.
Andrew Deason [Wed, 30 Nov 2011 23:35:56 +0000 (17:35 -0600)]
DAFS: Avoid unnecessary preattach on FSYNC_VOL_ON
FSYNC_VOL_ON/FSYNC_VOL_ATTACH can be called to "online" a volume that
was actually kept online for the duration of the volume operation.
Avoid calling VPreAttachVolumeByVp_r for such a volume if it's already
attached, in order to avoid an unnecessary log message and to save a
tiny bit of processing.
Andrew Deason [Wed, 30 Nov 2011 23:21:32 +0000 (17:21 -0600)]
DAFS: Log more for VPreAttachVolumeByVp odd states
When we encounter "odd" states in VPreAttachVolumeByVp_r, say what the
actual state we encountered was, along with the attach flags, so we
have a better idea of what's going on.
Andrew Deason [Wed, 30 Nov 2011 23:08:57 +0000 (17:08 -0600)]
DAFS: Ensure GetVolume errors on ERROR volumes
In GetVolume, after we call VAttachVolumeByVp_r, there is no explicit
check to see if vp is in VOL_STATE_ERROR state. Make sure we don't try
to use such a volume, or blindly transition the volume away from that
state.
Andrew Deason [Wed, 30 Nov 2011 20:36:06 +0000 (14:36 -0600)]
DAFS: Do not transition to ERROR on trivial errors
attach2 can result in many different errors; some indicate that the
volume is in an inconsistent state, but many others just indicate that
the volume cannot be attached for benign reasons (such as VNOVOL if
the volume doesn't exist, or VOFFLINE if the volume is being used by a
volume utility). Currently, for DAFS, attach2 transitions the relevant
volume to the VOL_STATE_ERROR state for almost all errors encountered,
even the benign ones. Instead, skip the error state transition for
error handling paths that do not reflect a "broken" volume.
Jeffrey Altman [Fri, 2 Dec 2011 18:41:38 +0000 (13:41 -0500)]
Windows: memset in RDR_RequestFileExtentsAsync
The logic in RDR_RequestFileExtentsAsync() made it possible
for memset() to be called multiple times on a buffer that
is already known to be up to date. Restructure the code to
make things faster.
Jeffrey Altman [Fri, 2 Dec 2011 18:36:01 +0000 (13:36 -0500)]
Windows: cm_MergeStatus redirector invalidation
The redirector maintains its own cached status information which
must be updated when a DV change occurs that is not the result
of a redirector initiated data change.
If the current old DV is BAD, send a DV change notification.
If the DV has changed and request was not initiated by the
redirector, send a DV change notification.
If the request was initiated by the redirector, send a notification
for store and directory operations that result in a DV change greater
than the number of active RPCs or any other operation that results
in an unexpected DV change such as FetchStatus.
Jeffrey Altman [Fri, 2 Dec 2011 18:31:15 +0000 (13:31 -0500)]
Windows: cm_MergeStatus use new DV to purge buffers
When deciding whether or not to purge buffers on a DV change
it is the new DV that matters not the old DV. If the new DV
is 0, there should be no purging because there are no buffers
to purge.
Jeffrey Altman [Fri, 2 Dec 2011 16:21:46 +0000 (11:21 -0500)]
Windows: buf_GetNewLocked should use cleaned cm_buf
buf_GetNewLocked() searches the free buffer list for a buffer
that has a 0 refcnt, is not in the chunk that is being populated,
is not actively having I/O performed on it and is not dirty.
If it comes across a dirty buffer, it calls buf_Clean() with
the assumption that buf_CleanAsync() (as it was previously called)
was in fact asynchronous and would return immediately. Instead
buf_Clean() is synchronous and when it completes the buffer will
in most cases be clean. buf_GetNewLocked() should use the newly
cleaned buffer if it is still available and not continue the
search from the next entry in the free buffer list.
Jeffrey Altman [Fri, 2 Dec 2011 16:14:11 +0000 (11:14 -0500)]
Windows: buf_CleanAsync is not async; rename it
buf_CleanAsync() calls cm_BufWrite() which stores the dirty
buffers synchronously. There is nothing asynchronous about
buf_CleanAsync() so rename it to buf_Clean() and buf_CleanAsyncLocked()
to buf_CleanLocked(). Update the comments to remove the references
to the asynchronous processing which doesn't exist.
That is not to say that the call to buf_Clean() in buf_GetNewLocked()
should not be asynchronous; it should. There is no such functionality
at the moment. One approach would be to modify buf_IncrSyncer to
trigger on an event set by buf_GetNewLocked() instead of the call
to buf_Clean(). Another approach would be registering a background
store event. In any case, that is for another patchset.
Jeffrey Altman [Thu, 1 Dec 2011 04:29:56 +0000 (23:29 -0500)]
Windows: invalidate rdr for CM_SCACHE_VERSION_BAD
If the cm_scache_t.dataVersion is set to CM_SCACHE_VERSION_BAD,
invalidate the redirector notion of status so that we do not
leak info to users that do not have permission.
If the dataVersion is CM_SCACHE_VERSION_BAD and is updated
with real status info, invalidate the redirector so it attempts
to read the directory contents.
projects / packages / o / openafs.git / log