Joe Gorse [Thu, 16 Feb 2017 23:01:50 +0000 (18:01 -0500)]
LINUX: Bring debug symbols back to the Linux kernel module.
Starting with 4.8 Linux kernels our existing build script
generator, make_kbuild_makefile.pl, does not pass the debugging
symbols CFLAGS that were present when building for previous kernels.
This fix appends the $(KERN_DBG) variable which will only be defined
when the configuration includes the --enable-debug-kernel option.
Reviewed-on: https://gerrit.openafs.org/12519 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 961cee00b8f5c302de5f66beb81caa33242c7971)
Change-Id: I1d16382c4a744d4624cac9a9ba2810fa664abe93
Reviewed-on: https://gerrit.openafs.org/12534 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Sergio Gelato [Wed, 22 Feb 2017 21:55:33 +0000 (13:55 -0800)]
LINUX: Debian/Ubuntu build regression on kernel 3.16.39
Now that kernel 4.9 has hit jessie-backports, it becomes desirable to
also backport the associated openafs patches.
Unfortunately, Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch
causes a build failure against jessie's current default kernel,
3.16.39-1, due to the fact that setattr_prepare() is available (it was
cherrypicked to address CVE-2015-1350) but file_dentry() is not (it was
introduced in kernel 4.6).
This makes it difficult to have a version of openafs for jessie that
supports both kernels.
To deal with this, follow the implementation of file_dentry() in 4.6,
and simplify it to account for the lack of d_real() support in older
kernels.
Note that inode_change_ok() has been added back to 3.16.39-1 to avoid
ABI changes. That means the current openafs packages in jessie continue
to work with kernel 3.16.39-1 since they do not include
Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch.
Originally reported at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855366
FIXES RT134158
Reviewed-on: https://gerrit.openafs.org/12523 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 6ea6c182c7fb6c22dafbbf203abcc23726e06cba)
Change-Id: I06951dacef3f7639f749e82439df89ec3d78b592
Reviewed-on: https://gerrit.openafs.org/12535 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Marcio Barbosa [Thu, 2 Mar 2017 21:01:48 +0000 (18:01 -0300)]
osx: build afscell only for active architecture
The InstallerPlugins framework provided by the MacOSX10.12.sdk does not
define symbols for architecture i386. As a result, the OpenAFS code
cannot be built on OS X 10.12.
To fix this problem, build the afscell xcode project only for active
architecture.
Reviewed-on: https://gerrit.openafs.org/12531 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit d39e7c7af77b4e1b043611e1a6e78267f5f956ef)
Michael Meffie [Sat, 5 Nov 2016 16:42:19 +0000 (12:42 -0400)]
SOLARIS: convert from ancient _depends_on to ELF dependencies
The ancient way of declaring module dependencies with _depends_on has
been deprecated since SunOS 2.6 (circa 1996). The presence of the old
_depends_on symbol triggers a warning message on the console starting
with Solaris 12, and the kernel runtime loader (krtld) feature of using
the _depends_on symbol to load dependencies may be removed in a future
version of Solaris.
Convert the kernel module from the ancient _depends_on method to modern
ELF dependencies. Remove the old _depends_on symbol and specify the -dy
and -N <name> linker options to set the ELF dependencies at link time,
as recommended in the Solaris device driver developer guidelines [1].
This commit does not change the declared dependencies, which may be
vestiges of ancient afs versions.
Michael Meffie [Wed, 21 Jan 2015 19:58:35 +0000 (14:58 -0500)]
bozo: do not exit when the client config already exists
The bosserver creates symlinks for the client CSDB and ThisCell config
files during initialization. Avoid exiting if the client CSDB or
ThisCell configuration already exists, otherwise the bosserver cannot be
restarted with bos restart.
This change fixes numerous places where the return values of various
system calls and standard library routines are not checked. In
particular, this fixes occurrances called out when building on Ubuntu
12.10, with gcc 4.7.2 and eglibc 2.15-0ubuntu20.1, when the possible
failure is one we actually do (or should) care about. This change
does not consider calls where the failure is one we deliberately
choose to ignore.
Mark Vitale [Wed, 7 Dec 2016 16:11:45 +0000 (11:11 -0500)]
Linux 4.10: have_submounts is gone
Linux commit f74e7b33c37e vfs: remove unused have_submounts() function
(v4.10-rc2) removes have_submounts from the tree after providing a
replacement (path_has_submounts) for its last in-tree caller, autofs.
However, it turns out that OpenAFS is better off not using the new
path_has_submounts. Instead, OpenAFS could/should have stopped using
have_submounts() much earlier, back in Linux v3.18 when d_invalidate
became void. At that time, most in-tree callers of have_submounts had
already been converted to use check_submounts_and_drop back in v3.12.
At v3.18, a series of commits modified check_submounts_and_drop to
automatically remove child submounts (instead of returning -EBUSY if a
submount was detected), then subsumed it into d_invalidate. The end
result was that VFS now implicitly handles much of the housekeeping
previously called explicitly by the various filesystem d_revalidate
routines:
- shrink_dcache_parent
- check_submounts_and_drop
- d_drop
- d_invalidate
All in-tree filesystem d_revalidate routines were updated to take
advantage of this new VFS support.
Modify afs_linux_dentry_revalidate to no longer perform any special
handling for invalid dentries when D_INVALIDATE_IS_VOID. Instead, allow
our VFS caller to properly clean up any invalid dentry when we return 0.
Reviewed-on: https://gerrit.openafs.org/12506 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 789319bf0f2b26ad67995f8cbe88cee87a1bbdc0)
Change-Id: I7ed22338e7896f69a204be78ed0a4f6136a3dab8
Reviewed-on: https://gerrit.openafs.org/12530 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Neale Ferguson [Thu, 8 Dec 2016 16:47:09 +0000 (11:47 -0500)]
s390: desupport 32-bit Linux kernels on s390/s390x
Remove the obsolete and custom lwp assembler for the s390 and s390x
architectures. That assembler is no longer needed since 32-bit
mainframe Linux distributions are no longer supported and are very
unlikely to be in use.
The generic process.default.s is sufficient for modern 64-bit Linux
distributions on s390/s390x.
[mmeffie@sinenomine.net: commit message wording]
Reviewed-on: https://gerrit.openafs.org/12475 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 1d8cb56999a4ab25ae4cbc8e8a688b8100aedd3b)
Change-Id: Iee572ef3a86f5502e37ddc0775da13b874add669
Reviewed-on: https://gerrit.openafs.org/12499 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Marcio Barbosa [Wed, 11 Jan 2017 14:05:04 +0000 (06:05 -0800)]
osx: let prefpane knows where binaries can be found
Starting from OS X 10.11, the OpenAFS binaries were moved to the
following directories: /opt/openafs/bin and /opt/openafs/sbin. However,
the OpenAFS prefpane is not aware of the change mentioned above. As a
result, some functionalities provided by the OpenAFS prefpane are not
working properly.
To fix this problem, add the new paths to the proper environment
variable.
Change-Id: Idaa2f0329af2092cf9ad1d63f1a01300b150227a
Reviewed-on: https://gerrit.openafs.org/12507 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit a92a3a0675d941536103b60d708a6b3305b9b8fa)
Reviewed-on: https://gerrit.openafs.org/12512 Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Stephan Wiesand [Mon, 12 Dec 2016 14:09:50 +0000 (15:09 +0100)]
Make OpenAFS 1.6.20.1
Update configure version strings for 1.6.20.1. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.20.1.
Switch to 1.6.21 dev 1 for macOs.
Change-Id: If9a54680d6807687136f6149ca48ad8c33db32f7
Reviewed-on: https://gerrit.openafs.org/12485 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Fixes these warnings (errors with --enable-checking) from GCC 6.2:
curseswindows.c: In function ‘gator_cursesgwin_drawchar’:
curseswindows.c:574:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (params->highlight)
^~
curseswindows.c:576:9: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
if (code)
^~
curseswindows.c:579:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (params->highlight)
^~
curseswindows.c:581:9: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
if (code)
^~
curseswindows.c: In function ‘gator_cursesgwin_drawstring’:
curseswindows.c:628:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (params->highlight)
^~
curseswindows.c:630:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
if (code)
^~
curseswindows.c:633:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (params->highlight)
^~
curseswindows.c:635:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
if (code)
^~
Reviewed-on: https://gerrit.openafs.org/12439 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 85cf397ec18ecfde36433fb65e5d91ecd325b76e)
Change-Id: I33acb742a6c03046a0fa698bd08a910effc05de8
Reviewed-on: https://gerrit.openafs.org/12484 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Sat, 5 Nov 2016 00:38:08 +0000 (20:38 -0400)]
src/rx/rx_packet.c: Fix misleading indentation
Fixes these warnings (errors with --enable-checking) from GCC 6.2:
rx_packet.c: In function ‘rxi_ReceiveDebugPacket’:
rx_packet.c:2009:9: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (rx_stats_active)
^~
rx_packet.c:2011:6: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
s = (afs_int32 *) & rx_stats;
^
rx_packet.c:2017:9: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (rx_stats_active)
^~
rx_packet.c:2019:6: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
rxi_SendDebugPacket(ap, asocket, ahost, aport, istack);
^~~~~~~~~~~~~~~~~~~
Reviewed-on: https://gerrit.openafs.org/12436 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 0aeb8c17a2701169ddb7397d951c73cf361087c8)
Change-Id: Ic7db23cecdcb7f02d1529326b336d62339af8460
Reviewed-on: https://gerrit.openafs.org/12483 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Sat, 5 Nov 2016 00:36:51 +0000 (20:36 -0400)]
src/rxgen/rpc_parse.c: Fix misleading indentation
Fixes this warning (error with --enable-checking) from GCC 6.2:
rpc_parse.c: In function ‘analyze_ProcParams’:
rpc_parse.c:861:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
if (tokp->kind != TOK_RPAREN)
^~
rpc_parse.c:863:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
*tailp = decls;
^
Reviewed-on: https://gerrit.openafs.org/12435 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit bd70a176c19c09c49c6c3c01ea088ca947c45966)
Change-Id: I099cba14fbe53c510886c0d342ad3fce60750411
Reviewed-on: https://gerrit.openafs.org/12482 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Tue, 2 Sep 2014 22:51:46 +0000 (17:51 -0500)]
systemd: RemainAfterExit in openafs-client.service
Currently, if the client is started without any options that require
an extra thread (like -afsdb), all processes spawned by afsd will
exit. There may be some kernel threads still active, but those are
spawned by the kernel module, and are not child processes of the
parent afsd process, or anything like that.
Since we are a Type=forking service in systemd, systemd interprets
this situation to mean that the service has stopped successfully, and
then runs the ExecStop commands. So, for example, if our AFSD_ARGS in
our sysconfig is "-fakestat -afsdb", the service starts as normal. But
if it is changed to "-fakestat", then when openafs-client.service is
started, it immediately stops again.
To avoid this, turn on the systemd option RemainAfterExit, which tells
systemd that the service has not stopped if all of our processes have
exited. The client service will thus remain running until it is
stopped.
Issue reported by Rich Sudlow.
FIXES 133482
Reviewed-on: http://gerrit.openafs.org/11440 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit cb8195d2d6ce1c01e132c05c1bf5593eab45b2c6)
Change-Id: I4005d5dabae8ef72194938475cf46f5bc1f222f8
Reviewed-on: https://gerrit.openafs.org/12481 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Thu, 20 Oct 2016 04:49:37 +0000 (00:49 -0400)]
Linux 4.9: inode_change_ok() becomes setattr_prepare()
Linux commit 31051c85b5e2 "fs: Give dentry to inode_change_ok() instead
of inode" renames and modifies inode_change_ok(inode, attrs) to
setattr_prepare(dentry, attrs).
Modify OpenAFS to cope.
Reviewed-on: https://gerrit.openafs.org/12418 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 8aeb711eeaa5ddac5a74c354091e2d4f7ac0cd63)
Change-Id: I7f08c57b7f61465a1ea18333306f52f77bd65084
Reviewed-on: https://gerrit.openafs.org/12480 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Fri, 16 Sep 2016 23:01:19 +0000 (19:01 -0400)]
Linux 4.9: inode_operation rename now takes flags
In Linux 3.15 commit 520c8b16505236fc82daa352e6c5e73cd9870cff,
inode_operation rename2() was added. It takes the same arguments as
rename(), with an added flags argument supporting the following values:
RENAME_NOREPLACE: if "new" name exists, fail with -EEXIST. Without
this flag, the default behavior is to replace the "new" existing file.
RENAME_EXCHANGE: exchange source and target; both must exist.
OpenAFS never implemented a .rename2() routine because it was optional
when introduced at Linux v3.15.
In Linux 4.9-rc1 the following commits remove the last in-tree uses of
.rename() and converts .rename2() to .rename(). aadfa8019e81 vfs: add note about i_op->rename changes to porting 2773bf00aeb9 fs: rename "rename2" i_op to "rename" 18fc84dafaac vfs: remove unused i_op->rename 1cd66c93ba8c fs: make remaining filesystems use .rename2 e0e0be8a8355 libfs: support RENAME_NOREPLACE in simple_rename() f03b8ad8d386 fs: support RENAME_NOREPLACE for local filesystems
With these changes, it is now mandatory for OpenAFS afs_linux_rename()
to accept a 5th flag argument.
Add an autoconfig test to determine the signature of .rename(). Use this
information to implement afs_linux_rename() with the appropriate number
of arguments. Implement "toleration support" for the flags option by
treating a zero flag as a normal rename; if any flags are specified,
return -EINVAL to indicate the OpenAFS filesystem does not yet support
any flags.
Reviewed-on: https://gerrit.openafs.org/12391 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f21e3ef8ce5093b4e0578d29666f76bd99aef1a2)
Change-Id: I071d41cd1ef1c9cdcda257c091d7167221f58fb7
Reviewed-on: https://gerrit.openafs.org/12479 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Wed, 14 Sep 2016 22:01:22 +0000 (18:01 -0400)]
Linux 4.9: deal with demise of GROUP_AT
Linux commit 81243eacfa40 "cred: simpler, 1D supplementary groups"
refactors the group_info struct, removing some members (which OpenAFS
references only through the GROUP_AT macro) and adding a gid member.
The GROUP_AT macro is also removed from the tree.
Add an autoconfigure test for the new group_info member gid and define a
replacement GROUP_AT macro to do the right thing under the new regime.
Reviewed-on: https://gerrit.openafs.org/12390 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 8e81b182e36cde28ec5708e5fcbe56e4900b1ea3)
Change-Id: I46b5cd4571452f9506647aada2caf3a68c4fa7d5
Reviewed-on: https://gerrit.openafs.org/12478 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Marcio Barbosa [Fri, 11 Nov 2016 21:21:58 +0000 (13:21 -0800)]
macos: do not quit prefpane unexpectedly
If the user opens the OpenAFS preference pane and choose the Mounts
tab, the preference pane crashes.
To fix the problem, do not assume that we can cast a NSdictionary
object to NSMutableDictionary.
Reviewed-on: https://gerrit.openafs.org/12446 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 9d4be0bd01696768602a313f627a802b358b5885)
Change-Id: I7ff8c6cbc599f3e80d6365d9a56587bf5c641f5b
Reviewed-on: https://gerrit.openafs.org/12447 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Mon, 7 Nov 2016 19:16:50 +0000 (14:16 -0500)]
dir: do not leak contents of deleted directory entries
Deleting an AFS directory entry (afs_dir_Delete) merely removes the
entry logically by updating the allocation map and hash table. However,
the entry itself remains on disk - that is, both the cache manager's
cache partition and the fileserver's vice partitions.
This constitutes a leak of directory entry information, including the
object's name and MKfid (vnode and uniqueid). This leaked information
is also visible on the wire during FetchData requests and volume
operations.
Modify afs_dir_Delete to clear the contents of deleted directory
entries.
Patchset notes:
This commit only prevents leaks for newly deleted entries. Another
commit in this patchset prevents leaks of partial object names upon
reuse of pre-existing deleted entries. A third commit in this
patchset prevents yet another kind of directory entry leak, when
internal buffers are reused to create or enlarge existing directories.
All three patches are required to prevent new leaks. Two additional
salvager patches are also included to assist administrators in the
cleanup of pre-existing leaks.
[kaduk@mit.edu: style nit for sizeof() argument]
Reviewed-on: https://gerrit.openafs.org/12460 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f591f6fae3d8b8d44140ca64e53bad840aeeeba0)
Change-Id: I41f76649f4bed609793b944db32c5ae62aa07458
Reviewed-on: https://gerrit.openafs.org/12465 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Mon, 7 Nov 2016 05:29:22 +0000 (23:29 -0600)]
afs: do not leak stale data in buffers
Similar to the previous commit, zero out the buffer when fetching
a new slot, to avoid the possibility of leaving stale data in
a reused buffer.
We are not supposed to write such stale data back to a fileserver,
but this is an extra precaution in case of bugs elsewhere -- memset
is not as expensive as it was in the 1980s.
Reviewed-on: https://gerrit.openafs.org/12459 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit a26c5054ee501ec65db3104f6a6a0fef634d9ea7)
Change-Id: Id60559ed84581e2f6a50cd4313f64780b8a0bafd
Reviewed-on: https://gerrit.openafs.org/12464 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Fri, 13 May 2016 04:01:31 +0000 (00:01 -0400)]
dir: fileserver leaks names of file and directories
Summary:
Due to incomplete initialization or clearing of reused memory,
fileserver directory objects are likely to contain "dead" directory
entry information. These extraneous entries are not active - that is,
they are logically invisible to the fileserver and client. However,
they are physically visible on the fileserver vice partition, on the
wire in FetchData replies, and on the client cache partition. This
constitutes a leak of directory information.
Characterization:
There are three different kinds of "dead" residual directory entry
leaks, each with a different cause:
1. There may be partial name data after the null terminator in a live
directory entry. This happens when a previously used directory entry
becomes free, then is reused for a directory entry with a shorter name.
This may be addressed in a future commit.
2. "Dead" directory entries are left uncleared after an object is
deleted or renamed. This may be addressed in a future commit.
3. Residual directory entries may be inadvertently picked up when a new
directory is created or an existing directory is extended by a 2kiBi
page. This is the most severe problem and is addressed by this commit.
This third kind of leak is the most severe because the leaked
directory information may be from _any_ other directory residing on the
fileserver, even if the current user is not authorized to see that
directory.
Root cause:
The fileserver's directory/buffer package shares a pool of directory
page buffers among all fileserver threads for both directory reads and
directory writes. When the fileserver creates a new directory or
extends an existing one, it uses any available unlocked buffer in the
pool. This buffer is likely to contain another directory page recently
read or written by the fileserver. Unfortunately the fileserver only
initializes the page header fields (and the first two "dot" and "dotdot"
entries in the case of a new directory). Any residual entries in the
rest of the directory page are now logically "dead", but still
physically present in the directory. They can easily be seen on the
vice partition, on the wire in a FetchData reply, and on the cache
partition.
Note:
The directory/buffer package used by the fileserver is also used by the
salvager and the volserver. Therefore, salvager activity may also leak
directory information to a certain extent. The volserver vos split
command may also contribute to leaks. Any volserver operation that
creates volumes (create, move, copy, restore, release) may also have
insignificant leaks. These less significant leaks are addressed by this
commit as well.
Exploits:
Any AFS user authorized to read directories may passively exploit this
leak by capturing wire traffic or examining his local cache as he/she
performs authorized reads on existing directories. Any leaked data will
be for other directories the fileserver had in the buffer pool at the
time the authorized directories were created or extended.
Any AFS user authorized to write a new directory may actively exploit
this leak by creating a new directory, flushing cache, then re-reading
the newly created directory. Any leaked data will be for other
directories the fileserver had in the buffer pool within the last few
seconds. In this way an authorized user may sample current fileserver
directory buffer contents for as long as he/she desires, without being
detected.
Directories already containing leaked data may themselves be leaked,
leading to multiple layers of leaked data propagating with every new or
extended directory.
The names of files and directories are the most obvious source of
information in this leak, but the FID vnode and uniqueid are leaked as
well. Careful examination of the sequences of leaked vnode numbers and
uniqueids may allow an attacker to:
- Discern each layer of old directories by observing breaks in
consecutive runs of vnode and/or uniqueid numbers.
- Infer which objects may reside on the same volume.
- Discover the order in which objects were created (vnode) or modified
(uniqueid).
- Know whether an object is a file (even vnode) or a directory (odd
vnode).
Prevent new leaks by always clearing a pool buffer before using it to
create or extend a directory.
Existing leaks on the fileserver vice partitions may be addressed in a
future commit.
Reviewed-on: https://gerrit.openafs.org/12458 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 70065cb1831dbcfd698c8fee216e33511a314904)
Change-Id: Ifa9d9266368ed3775898b7628ca980edcb230356
Reviewed-on: https://gerrit.openafs.org/12463 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Sun, 6 Nov 2016 21:06:02 +0000 (15:06 -0600)]
bos: allow salvage -salvagedirs with -all
Allow the -salvagedirs option on bos salvage when invoked with the -all
option to salvage the whole server. The -salvagedirs -all options will
rebuild every directory on the server.
Reviewed-on: https://gerrit.openafs.org/12457 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 1637c4d7c1ce407390f65509a3a1c764a0c06aa6)
[not actually cherry picked, but is the equivalent functionality]
Change-Id: I3978a5c4a704e0a0f2aab1cfad75573c16496a4d
Reviewed-on: https://gerrit.openafs.org/12462 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Sun, 6 Nov 2016 20:31:22 +0000 (14:31 -0600)]
dafs: honor salvageserver -salvagedirs
Do not ignore the -salvagedirs option when given to the salvageserver.
When the salvageserver is running with this option, all directories will
be rebuilt by salvages spawned by the dafs salvageserver, including all
demand attach salvages and salvages of individual volumes initiated by
bos salvage.
This does not affect the whole partition salvages initiated by bos
salvage -all.
Reviewed-on: https://gerrit.openafs.org/12456 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 9e66234951cca3ca77e94ab431f739e85017a23a)
Change-Id: I121299a5524cb46a519aead7818b0a7bd2fd4f69
Reviewed-on: https://gerrit.openafs.org/12461 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Sun, 9 Oct 2016 10:39:12 +0000 (06:39 -0400)]
tests/util/ktime-t.c: Specify EST offset in TZ
This fixes test failures observed on new Debian build servers that no
longer install tzdata by default. As the tests expect, EST is defined
as UTC−05:00 with no daylight saving time.
Reviewed-on: https://gerrit.openafs.org/12414 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit e17cd5df703b8a924591f92c76636dd9e0d9eaf9)
Andrew Deason [Mon, 24 Sep 2012 18:03:34 +0000 (13:03 -0500)]
LINUX: Define printf/uprintf as variadic macros
Instead of defining the string 'printf' itself, make printf (and
uprintf) variadic macros. This avoids renaming printf to printk for
things like '__attribute__((format(printf,X,Y)))'.
Note that this is Linux-specific; compilers on other platforms may not
support variadic macros.
This avoids many warnings in the Linux kernel module build if we
include Linux headers after AFS headers.
Reviewed-on: http://gerrit.openafs.org/8150 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 179096d9b2c461f02236bbf670b46597ff2d4c3c)
Change-Id: I5c1c80cb5bd6996b0329969e16f9359fa1dcbc91
Reviewed-on: https://gerrit.openafs.org/12365 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Mon, 22 Aug 2016 23:53:34 +0000 (19:53 -0400)]
tests: avoid passing NULL strings to vprintf
Some libc implementations will crash when NULL string arguments are given to
*printf. Avoid passing NULL string arguments in the make check tests that did
so, and pass the string "(null)" instead.
Reviewed-on: https://gerrit.openafs.org/12377 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 2fe3a28c6ec0ff9d19ddec5500b3a5e69b483210)
Change-Id: Id8f1635444b5b49e3250addf36b64fccafd59941
Reviewed-on: https://gerrit.openafs.org/12396 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Mon, 19 Sep 2016 01:29:34 +0000 (21:29 -0400)]
ubik: Return an error from ContactQuorum when inquorate
Currently, when we need to contact all other servers in the ubik
quorum (to create a write transaction, and send db changes, etc), we
call the ContactQuorum_* family of functions. To contact each server,
those functions follow an algorithm like the following pseudocode:
{
int rcode = 0;
int code;
int okcalls = 0;
for (ts = ubik_servers; ts; ts = ts->next) {
if (ts->up) {
code = contact_server(ts);
if (code) {
rcode = code;
} else {
okcalls++;
}
}
}
This means that if we successfully contact a majority of ubik sites,
we return success, even if some sites returned an error. If most sites
fail, then we return an error (we arbitrarily pick the last error we
got).
This means that in most situations, a successful write transaction is
guaranteed to have been transmitted to a majority of ubik sites, so
the written data cannot be lost (at least one of the sites that got
the new data will be in a future elected quorum).
However, if a site is already known to be down (ts->up is 0), then we
skip trying to contact that site, but we also don't set any errors.
This means that if a majority of sites are already known to be down
(ts->up is 0), then we can indicate success for a write transaction,
even though the relevant data has not been written to a majority of
sites. In that situation, it is possible to lose data.
Most of the time this is not possible, since a majority of sites must
be 'up' for the sync site to be elected and to allow write
transactions at all. There are a few ways, though, in which we can get
into a situation where most other sites are 'down', but we still let a
write transaction go through.
An example scenario:
Say we have sites A, B, and C. All 3 sites come up at the same time,
and A is the lowest IP so it starts an election (after around BIGTIME
seconds). Right after A is elected the sync site, sites B and C will
have 'lastYesState' set to 0, since site A hasn't yet sent out a
beacon as the sync site.
A client can then start a write to the ubik database on site A, which
site A will allow since it's the sync site (and presumably all the
relevant recovery flags are set). Site A will try to contact sites B
and C for a DISK_Begin call, but lastYesState is set to 0 on those
sites. This will cause DISK_Begin to return UNOQUORUM
(urecovery_AllBetter will return 0, because uvote_HaveSyncAndVersion
will return 0, because lastYesState is not set).
So site A will get a UNOQUORUM error from sites B and C, and so site A
will set 'ts->up' to 0 for sites B and C, and will return UNOQUORUM to
the client. The client may then try to retry the call (because
UNOQUORUM is not treated as a 'global' error in ubikclient.c's
ubik_Call_New), or another client write request could come in. Now
that 'ts->up' is unset for both sites B and C, we skip trying to
contact any remote sites, and the ContactQuorum functions will return
success. So the ubik write will go through successfully, but the new
data will only be on site A.
At this point, if site A crashes, then sites B and C will elect a
quorum, and will not have the modifications that were written to site
A (so the data written to site A is lost). If site A stays up, then it
will go through database recovery, sending the entire database file to
sites B and C.
In addition, it's very possible in this scenario for a client to write
to the database, and then try to read back data and confusingly get a
different result. For example, if someone issues the following two
commands while triggering the above scenario:
$ pts createuser testuser
$ pts examine testuser
If the second command contacts site B or C, then it will always fail,
saying that the user doesn't exist (even though the first command
succeeded). This is because sites B and C don't have the new data
written to site A, at least temporarily. While this confusing behavior
is not completely avoidable in ubik (this can always happen
'sometimes' due to network errors and such), with the scenario
described here, it happens 100% of the time.
The general scenario described above can also happen if sites B and C
are suddenly legitimately unreachable from site A, instead of throwing
the UNOQUORUM error. All of the steps are pretty much the same, but
there is a bit of a delay while we wait for the DISK_Begin call to
fail.
To fix this, do not let 0 be returned if a quorum has not been
reached. In some sense, UNOQUORUM could *always* be returned in
that case, but it is more in keeping with historical behavior to
return a "real" error if there is one available.
It is somewhat questionable whether we should even be propagating
errors received from calls like DISK_Begin/DISK_Commit to the ubik
client (e.g. if we get a -1 from trying to contact a remote site, we
return -1 to the client, so the client may think it couldn't reach the
site at all). But this commit does not change any of that logic, and
should only change behavior when a majority of sites have 'ts->up'
unset. A later commit might effect the change to always return
UNOQUORUM and ignore the actual error values from the DISK_ calls,
but that is not needed to fix the immediate issue.
An important note:
Before this commit, there was a window of about 15 seconds after a
sync site is elected where a write to the ubik db would appear to be
successful, but would only modify the ubik db on the sync site.
(Details described above.) With this commit, writes during that
15-second window will instead fail, because we cannot guarantee that
we won't lose that data. If someone relies on 'udebug' data from the
sync site to let them know when writes will go through successfully,
this commit could appear to cause new errors.
[kaduk@mit.edu: transfer long commit message describing the issue
from an alternative fix, and tidy up accordingly]
Reviewed-on: https://gerrit.openafs.org/12289 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit fac0b742960899123dca6016f6ffc6ccc944f217)
Change-Id: Ic9b4ceada6c743dde49aba82217bb3a9f440bb69
Reviewed-on: https://gerrit.openafs.org/12389 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@dson.org> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Wed, 8 Jan 2014 00:24:54 +0000 (18:24 -0600)]
SOLARIS: Support VSW_STATS
Specify the VSW_STATS flag to the vfsdef_t structure we give to
Solaris. This turns on statistics that can be retrieved via fsstat(1M)
and allows the fsinfo::: DTrace provider to work with AFS files.
We don't need to actually maintain these statistics; Solaris does that
for us. This flag just signifies that our vfs_t structure is capable
of storing the information. Since we get our vfs_t from Solaris (via
domount(), it gives us a vfs_t when it calls our afs_mount function)
and do not allocate a vfs_t ourselves, we are safe and this is fine to
do.
Reviewed-on: http://gerrit.openafs.org/10679 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit b0f433986ce344bf153cce1f6372de20750e052b)
Change-Id: I2403703f9caeb190563360d8571ee0be46890f4d
Reviewed-on: https://gerrit.openafs.org/12371 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Thu, 20 Aug 2015 17:55:02 +0000 (13:55 -0400)]
Make setting of CFLAGS_NOSTRICT make sense
Previously, we would set -fno-strict-aliasing only when
--enable-checking was given to configure but not
--enable-checking=all. The intent seems to have been to
only warn about strict aliasing violations when --enable-checking=all
is in use, but that there was no need to disable the strict-aliasing
diagnostics when -Werror was not enabled.
Unfortunately, -fno-strict-aliasing affects not only the diagnostics
emitted by the compiler, but also the code generation! So we were
leaving the normal (no --enable-checking) case with the compiler
assuming C's strict aliasing rules. The OpenAFS codebase has
historically not been strict-aliasing safe (for example,
commit 15e8678661ec49f5eac3954defad84c06b3e0164 refers to a
runtime crash using a certain compiler version, which is diagnosed
as the compiler using the C strict aliasing rules to make
optimizations that exposed the invalid program code.
To avoid futher surprises due to new compiler optimizations
that utilize the C strict aliasing rules, always disable
strict aliasing except when --enable-checking=all is used.
Reviewed-on: https://gerrit.openafs.org/11988 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 687b4d8af07dbcf187dea685e75b420884727efd)
Change-Id: I03b64465a29243f2b4fdaa12e962f078c45ae344
Reviewed-on: https://gerrit.openafs.org/12308 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Sun, 1 May 2016 16:24:30 +0000 (11:24 -0500)]
ubik: Don't RECFOUNDDB if can't contact most sites
Currently, the ubik recovery code will always set UBIK_RECFOUNDDB
during recovery, after asking all other sites for their dbversions.
This happens regardless of how many sites we were actually able to
successfully contact, even if we couldn't contact any of them.
This can cause problems when we are unable to contact a majority of
sites with DISK_GetVersion. Since, if we haven't contacted a majority
of sites, we cannot say with confidence that we know what the best db
version available is (which is what UBIK_RECFOUNDDB represents; that
we've found which database is the one we should be using). This can
also result in UBIK_RECHAVEDB in a similar situation, indicating that
we have the best db version locally, even though we never actually
asked anyone else what their db version was.
For example, say site A is the sync site going through recovery, and
DISK_GetVersion fails for the only other sites B and C. Site A will
then set UBIK_RECFOUNDDB, and will claim that site A has the best db
version available (UBIK_RECHAVEDB). This allows site A to process ubik
write transactions (causing the db to be labelled with a new epoch),
or possibly to send the db to the other sites via DISK_SendFile, if
they quickly become available during recovery. Ubik write transactions
can succeed in this situation, because our ContactQuorum_* calls will
succeed if we never try to contact a remote site ('rcode' defaults to
0).
This situation should be rather rare, because normally a majority of
sites must be reachable by site A for site A to be voted the sync site
in the first place. However, it is possible for site A to lose
connectivity to all other sites immediately after sync site election.
It is also possible for site A to proceed far enough in the recovery
process to set UBIK_RECHAVEDB before it loses its sync site status.
As a result of all of this, if a site with an old database comes
online and there are network connectivity problems between the other
sites and a ubik write request comes in, it's possible for the "old"
database to overwrite the "new" database. This makes it look as if the
database has "rolled back" to an earlier version.
This should be possible with any ubik database, though how to actually
trigger this bug can change due to different ubik servers setting
different network timeouts. It is probably the most likely with the
VLDB, because the VLDB is typically the most frequently written
database.
If a VLDB reverts to an earlier version, it can result in existing
volumes to appear to not exist in the VLDB, and can result in new
volumes re-using volume IDs from existing volumes. This can result in
rather confusing errors.
To fix this, ensure that we have contacted a majority of sites with
DISK_GetVersion before indicating that we have located the best db
version. If we've contacted a majority of sites, then we are
guaranteed (under ubik assumptions) that we've found the best version,
since previous writes to the database should be guaranteed to hit a
majority of sites (otherwise they wouldn't be successful).
If we cannot reach a majority of sites, we just don't set
UBIK_RECFOUNDDB, and the recovery process restarts. Presumably on the
next iteration we'll be able to contact them, or we'll lose sync site
status if we can't reach the other sites for long enough.
Reviewed-on: https://gerrit.openafs.org/12281 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit d3dbdade7e8eaf6da37dd6f1f53d9f1384626071)
Change-Id: I4f4e7255efd3e16e3acfec8f90bf2019cab1fb63
Reviewed-on: https://gerrit.openafs.org/12339 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Marcio Barbosa [Tue, 28 Jun 2016 15:48:06 +0000 (12:48 -0300)]
venus: fix memory leak
The fs getserverprefs command displays preference
ranks for file / volume location server machine
interfaces. In order to get the complete set of
preference ranks, the VIOC_GETSPREFS system call
might have to be called several times. If so, the
memory previously allocated should be released.
Reviewed-on: https://gerrit.openafs.org/12315 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit d3b8a05d229a80100f40fca4dfdcd820313fcea8)
Michael Meffie [Thu, 28 Apr 2016 21:23:23 +0000 (17:23 -0400)]
afs: remove commented out sleep in afs_call.c
The cell info setup was moved to the beginning of the startup sequence
and an unnecessary sleep commented out in the syscall in which the cell
info was set in commit 3fa5f389b2b7778cf0df5a506c91b427b147c4c2.
Clean up afs_call.c a bit by removing this commented out code.
Reviewed-on: https://gerrit.openafs.org/12277 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 591da537e22be88da23216b2640331a7338ce0ae)
Change-Id: I9964603d68feea840cb70056dafad96d2c6adea2
Reviewed-on: https://gerrit.openafs.org/12307 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Thu, 28 Apr 2016 21:15:06 +0000 (17:15 -0400)]
afs: remove commented out AIX specific tweak
This AIX specific code block has been commented out since
openafs-ibm-1_0. The comments seem to indicate this was a networking
tweak specific to AIX, but the kernel variables involved were not
exported. Clean up afs_call.c by removing this dead code.
Reviewed-on: https://gerrit.openafs.org/12276 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 5277460eaa300fc973b59d007cd3eaea93d30873)
Change-Id: Idcf94dc5962a6bb183af3bfccead3b17cff2ee58
Reviewed-on: https://gerrit.openafs.org/12306 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Thu, 28 Apr 2016 20:52:42 +0000 (16:52 -0400)]
afs: cleanup remnant afs_vfs_mount prototype in afs_call.c
The call to afs_vfs_mount() in afs_call.c was removed in commit a5ab24af71efe6b80eb0f78d1979c5ab1d1e594d. Remove the remnant prototype
and the useless conditionals around it.
Reviewed-on: https://gerrit.openafs.org/12275 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 91f5cecc937923e16c5feda675fccd36d2b95164)
Change-Id: I6463d012c0c00b4a2738fa1045e822cda5c3304a
Reviewed-on: https://gerrit.openafs.org/12305 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Sat, 14 May 2016 18:37:54 +0000 (13:37 -0500)]
Fix typo in kaserver appendix
Though it's very unlikely that someone would actually want to
set up a new kaserver installation, if we have documentation for
it, it ought to at least do what it claims to do.
Thus, change kinit to klog where it was intended.
Reported by Karl-Philipp Richter.
FIXES 133043
Reviewed-on: https://gerrit.openafs.org/12286 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 4bd716223492aec23599a5ac01bce3cc47160bfd)
Change-Id: I0390a260e53a978e5a45aaff19b832c2d4dc4f9b
Reviewed-on: https://gerrit.openafs.org/12304 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Stephan Wiesand [Wed, 3 Aug 2016 12:11:12 +0000 (14:11 +0200)]
Make OpenAFS 1.6.18.3
Update configure version strings for 1.6.18.2. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.18.3.
Switch to 1.6.19 dev 3 for macos.
Change-Id: I30fed9209c101d290b8bd182c8f90efd83062caf
Reviewed-on: https://gerrit.openafs.org/12356 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Tue, 26 Jul 2016 01:04:59 +0000 (21:04 -0400)]
Linux 4.7: Follow key_alloc API change
Linux v4.7-rc1~124^2~2^2^2~9 adds an eighth optional argument
restrict_link. The same commit adds a KEY_ALLOC_BYPASS_RESTRICTION
macro, which we test so we can avoid adding another configure test.
Reviewed-on: https://gerrit.openafs.org/12345 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 83a0f2a9ef88e63fbd300fbb436c17ca80c245b4)
Change-Id: I1ba16468888e160fdedf90ff1a9007d90dce9c3b
Reviewed-on: https://gerrit.openafs.org/12348 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Fri, 27 May 2016 20:44:17 +0000 (16:44 -0400)]
SOLARIS: corrupted content of mmap'd files over 4GiB
Many Solaris programs and utilities (notably mdb and cp) use mmap() in
their implementation. When AFS files exceeding 4GiB are mmap'd, the
contents of the file will be incorrectly mapped into memory. Starting at
4GiB + 1, the first 4GiB will be repeated for the remainder of the file.
If the mmap'd file is written back to storage (AFS or otherwise), the
newly created file will also be corrupted.
This is due to a bug in the afs_map() routine that supports mmap() of
AFS files on Solaris. The segvn_crarg.offset passed to the Solaris
virtual memory APIs is incorrectly cast to u_int, causing it to wrap at
4GiB.
Although Solaris passes the offset from fop_map() to afs_map() as type
offset_t, the destination segvn_crargs.offset is actually type
u_offset_t. Existing examples of other Solaris filesystems (e.g.
zfs_map() ) cast the offset from offset_t to u_offset_t when assigning to
segvn_crargs.offset. If it's good enough for ZFS, it's good enough for
AFS.
Correctly cast the offset to u_offset_t.
Thanks to Robert Milkowski for the report and diagnosis.
Reviewed-on: https://gerrit.openafs.org/12292 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit fa5af899319b69fa9542add78beca388521e3450)
Change-Id: I9c00afeb88c089fe34d25015dbbe02c50b7e9437
Reviewed-on: https://gerrit.openafs.org/12350 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Thu, 26 May 2016 20:53:47 +0000 (16:53 -0400)]
SOLARIS: support mmap() over 4GiB
When mmap() is issued for exactly 4GiB of a large AFS-resident file,
mmap() fails with ENOMEM. This is because the AFS code is handling the
requested length as u_int instead of size_t, resulting in a 0 being
passed back to the caller.
When mmap() is issued for non-multiples of 4GiB, the subsequent mapping
will not contain all the requested pages, and for the same reason - the
mapped size has been truncated to 32 bits. This results in SIGSEGV when
accessing the non-mapped page(s).
Fix the signature of afs_map() to specify the correct type for the length.
Thanks to Robert Milkowski for the report and diagnosis.
Reviewed-on: https://gerrit.openafs.org/12291 Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 75325fc9ab1cec4a338e1aaf1b32de1922492b12)
Change-Id: I8677aebf3afa6a6c0596f7d9afc06fe36d728fd3
Reviewed-on: https://gerrit.openafs.org/12349 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The automatically generated pkgbuild.sh file should not be tracked by
git. To fix this problem, add the name of this file to the proper
.gitignore file.
Reviewed-on: https://gerrit.openafs.org/12343 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 19ffa2b7f09bffea816dda4713ad53f4d8cb93cb)
Change-Id: I581f09deea271dd26e065d35dbf12d6c8480bb8f
Reviewed-on: https://gerrit.openafs.org/12351 Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
macos: use pkgbuild to build the package on 10.10/10.11
PackageMaker is no longer part of OS X. As a result, it
is not possible to build the package on OS X 10.10 and
OS X 10.11 using the existing code.
To solve this problem, a new script, along with a couple
of new files, are provided.
- pkgbuild.sh
This script uses the command line tools pkgbuild and
productbuild to build the package on OS X 10.10 and
OS X 10.11. By default, the package built by this
script will not be signed. Optionally, the package
might be signed.
- Distribution.xml
This file is nothing more than an XML file used by
productbuild. It is mainly used to configure how the
installer will look and behave.
- conclusion.txt
Contains the text that is displayed by Installer at
the end of the installation process. Only used by
El Capitan and further.
- Uninstall.14.15
This script can be used by OS X 10.10/10.11 users
to uninstall OpenAFS.
Notes:
- This work is based on a patch made by Brandon Allbery
<ballbery@sinenomine.net> with fixes and updates from
Andrew Deason <adeason@dson.org>.
- El Capitan and further prevent us from touching
/usr/bin directly. As a result, /opt is used.
- If the package is not signed, the user will have
to disable the OS X security protections. Otherwise,
the client will not work.
- Now we have two different scripts to build the
package on OS X. For OS X 10.10 and newer versions,
pkgbuild.sh will be used. For older versions,
the existing buildpkg.sh will be used.
Reviewed-on: https://gerrit.openafs.org/12239 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 48ce41a447c354b8a20b769e4aa5b502ba5bcc09)
Stephan Wiesand [Wed, 13 Jul 2016 12:25:58 +0000 (14:25 +0200)]
Make OpenAFS 1.6.18.2
Update configure version strings for 1.6.18.2. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.18.2.
Switch to 1.6.19 dev 2 for macos.
Joe Gorse [Thu, 9 Jun 2016 18:11:23 +0000 (14:11 -0400)]
Linux 4.6: rm PAGE_CACHE_* and page_cache_{get,release} macros
This is an automatic patch generated by Coccinelle (spatch) from the commit message of the linked commit:
https://github.com/torvalds/linux/commit/09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a
We will not add an autoconfig test because the PAGE_{...} macros should exist
where the PAGE_CACHE_{...} were previously.
The spatch used:
@@
expression E;
@@
- E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
expression E;
@@
- E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
Reviewed-on: https://gerrit.openafs.org/12297 Reviewed-by: Michael Laß <lass@mail.uni-paderborn.de> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f14d263a73f0be75e4de92f62e836fb2e55680dd)
Change-Id: Id3973fc55db102d1472fa1dd0aa37c5d67664342
Reviewed-on: https://gerrit.openafs.org/12332 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Stephan Wiesand [Wed, 13 Jul 2016 14:55:11 +0000 (16:55 +0200)]
redhat: Use a secure URL to retrieve CellServDB
By default, makesrpm.pl will use wget to retrieve the CellServDB
as specified in the spec file. Even though the script need not and
thus should not be run by a privileged UID, make this a bit more
secure by specifying an https URL.
Reviewed-on: https://gerrit.openafs.org/12329 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 16463b602a210768f80bec9ef7c6896ea8a9909d)
Change-Id: I13d924d6a8e3b5ac31359a85b9a07ee041570b61
Reviewed-on: https://gerrit.openafs.org/12330 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Stephan Wiesand [Mon, 13 Jun 2016 08:51:13 +0000 (10:51 +0200)]
Make OpenAFS 1.6.18.1
Update configure version strings for 1.6.18.1. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.18.1.
Switch to 1.6.19 dev 1 for macos.
Marc Dionne [Tue, 3 Dec 2013 19:10:00 +0000 (14:10 -0500)]
Linux 3.13: Check return value from bdi_init
The use of the bdi_init function now gets a warning because the
return value is unused and the function is now defined with
the warn_unused_result attribute.
Assign and check the return value.
Reviewed-on: http://gerrit.openafs.org/10530 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit ccc5d3f7adceda4d8cf41f04fe02d5cfe376befd)
Change-Id: I2ccd9bbdce396a003030e3e09f9f6d75a1c4fa7c
Reviewed-on: https://gerrit.openafs.org/12274 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Sun, 1 May 2016 23:48:40 +0000 (19:48 -0400)]
Linux 4.5: don't access i_mutex directly
Linux commit 5955102c, in preparation for future work, introduced
wrapper functions to lock/unlock inode mutexes. This is to
prepare for converting it to a read-write semaphore, so that
lookup can be done with only the shared lock held.
Adopt the afs_linux_*lock_inode() functions accordingly, and
convert afs_linux_fsync() to using those wrappers, since the
FOP_FSYNC_TAKES_RANGE case appears to be the current case.
Amusingly, afs_linux_*lock_inode() already have a branch to
handle the case when inode serialization is protected by a
semaphore; it seems that this is going to come full-circle.
Reviewed-on: https://gerrit.openafs.org/12268 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 360f4ef53c454494cd5212a5ea46c658bdb2879c)
Change-Id: I52f29cdb6f0bf85bcbb6624ed62e071b1f3807c9
Reviewed-on: https://gerrit.openafs.org/12302 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Linux 4.5: get_link instead of follow_link+put_link
In linux commit 6b255391, the follow_link inode operation was
replaced by the get_link operation, which is basically the same
but takes the inode and dentry separately, allowing for the
possibility of staying in RCU mode.
For now, only support this if page_get_link is available and we are
using the USABLE_KERNEL_PAGE_SYMLINK_CACHE
The previous test for USABLE_KERNEL_PAGE_SYMLINK_CACHE used a bogus,
undefined configure variable (ac_cv_linux_kernel_page_follow_link).
Remove it, as it was not needed
Reviewed-on: https://gerrit.openafs.org/12265 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 2ef27ea1bb032cee8d26980e60e02b52a0805763)
Change-Id: I828823ad16f24bae583de9cf436844565217918d
Reviewed-on: https://gerrit.openafs.org/12301 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Thu, 27 Aug 2015 17:06:05 +0000 (13:06 -0400)]
afs: shake harder in shake-loose-vcaches
Linux based cache managers will allocate vcaches on demand and
deallocate batches of vcaches in the background. This feature is called
dynamic vcaches.
Vcaches to be deallocated are found by traversing the vcache LRU list
(VLRU) from the oldest vcache to the newest. Up to a target number of
vcaches are attempted to be evicted. The afs_xvcache lock protecting
the VLRU may be dropped and re-acquired while attempting to evict a
vcache. When this happens, it is possible the VLRU may have changed, so
the traversal of the VLRU is restarted. This restarting of the VLRU
transversal is limited to 100 iterations to avoid looping indefinitely.
Vcaches which are busy cannot be evicted and remain in the VLRU. When a
busy cache was not evicted and the afs_xvache lock was dropped, the VLRU
traversal is restarted from the end of the VLRU. When the busy vcache is
encountered on the retry, it will trigger additional retries until the
loop limit is reached, at which point the target number of vcaches will
not be deallocated.
This can leave a very large number of unbusy vcaches which are never
deallocated. On a busy machine, tens of millions of unused vcaches can
remain in memory. When the busy vcache at the end of the VLRU is finally
evicted, the log jam is broken, and the background deamon will hold the
afs_xvcache lock for an excessively long time, hanging the system.
Fix this by moving busy vcaches to the head of the VLRU before
restarting the VLRU traversal. These busy vcaches will be skipped when
retrying the VLRU traversal, allowing the cache manager to make progress
deallocating vcaches down to the target level.
This was already done on the mac osx platform while attempting to evict
vcaches. Move the code to move busy vcaches to the head of the VLRU up
the the platform agnostic caller.
Thanks to Andrew Deason for the initial version of this patch.
Reviewed-on: https://gerrit.openafs.org/11654 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@dson.org> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 5c136c7d93ed97166f39bf716cc7f5d579b70677)
Michael Meffie [Thu, 25 Feb 2016 23:49:20 +0000 (18:49 -0500)]
LINUX: hold vcache while dropping dcache refs
Hold a reference on a vcache while attempting to evict the inode from
the dcache. Since the afs_xvcache lock is dropped, it could be possible
for the vcache to be flushed during this time, making it unsafe to use
the vcache after the eviction attempt.
Reviewed-on: https://gerrit.openafs.org/12206 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@dson.org> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 961875cbedc2c91cdba6dc34a43c6136ea9797fb)
Andrew Deason [Sun, 12 Apr 2015 01:51:09 +0000 (20:51 -0500)]
afs: Log abnormally large chunk files
Any chunk in our cache for a regular file should be smaller than or
equal to our configured chunksize. If someone sets a chunk to be
larger than that, it is very strange and may cause other confusing
issues. Specifically, afs_DoPartialWrite determines if our cache is
"too full" by counting the number of dirty chunks. If we have a dirty
chunk that is much larger than the chunksize, it can throw off the
afs_DoPartialWrite calculation.
This is only true for dcaches backing regular files, though. For
directories, we fetch the entire directory into a single chunk file,
and the size of a directory blob can easily exceed the chunksize
without issues. The aforementioned issue with afs_DoPartialWrite does
not apply, since directory chunks cannot be dirty (we only locally
modify the chunk if we modify the dir on the server, and the DVs
match).
Anyway, it should not be possible to get a chunk for a regular file
larger than the chunksize. Log a message if it does occur, to help
assist anyone in tracking down issues when this does occur.
[mmeffie@sinenomine.net remove unnecessary casts in afs_warn args.]
Reviewed-on: http://gerrit.openafs.org/11831 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 11845765c75a2f15404ac55a882358c3f88595b9)
Change-Id: I7c9f4aa147ba63e51bb805484bac5785259847cb
Reviewed-on: https://gerrit.openafs.org/12216 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Fri, 10 Apr 2015 02:26:25 +0000 (21:26 -0500)]
afs: Log weird 'size' fetchdata errors
There are a couple of situations that should never happen when issuing
a fetchdata, but cause errors when they do:
- The fileserver responds with more than 2^32 bytes of data
- The fileserver responds with more data than requested (but still
smaller than 2^32)
While these should normally never be encountered, it can be very
confusing when they do, since they cause file fetches to fail. To give
the user or investigating developer some hope of figuring out what is
going on, at least log a warning in these situations, to at least
indicate this is the area in which something is breaking.
Only log these once, in case something causes these conditions to be
hit, e.g., every fetch. Once is at least enough to say this is
happening.
[mmeffie@sinenomine.net remove unneeded casts in afs_warn args and
explicit static initializers.]
Reviewed-on: http://gerrit.openafs.org/11830 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 5fbf45b56298aa5a93cf9015f2d6346c7a0f615c)
Change-Id: I2f15255f33f44bef038ac9926d1ed47eca73d89a
Reviewed-on: https://gerrit.openafs.org/12215 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Wed, 8 Apr 2015 03:10:53 +0000 (22:10 -0500)]
afs: Fix fetchInit for negative/large lengths
Currently, the 'length64' variable in rxfs_fetchInit is almost
completely unused (it just goes into an icl logging function). For the
length that we actually use ('*alength'), we just take the lower 32
bits of the length that the fileserver told us. This method is
incorrect in at least the following cases:
- If the fileserver returns a length that is larger than 2^32-1,
we'll just take the lower 32 bits of the 64-bit length the
fileserver told us about. The client currently never requests a
fetch larger than 2^32-1, so this would be an error, but if this
occurred, we would not detect it until much later in the fetch.
- If the fileserver returns a length that is larger than 2^31-1, but
smaller than 2^32, we'll interpret the length as negative (which we
assume is just 0, due to bugs in older fileservers). This is also
incorrect.
- If the fileserver returns a negative length smaller than -2^31+1,
we may interpret the give length as a positive value instead of a
negative one. Older fileservers can do this if we fetch data beyond
the file's EOF (this was fixed in the fileserver in commit 529d487d65d8561f5d0a43a4dc71f72b86efd975). This positive length
will cause an error (usually), instead of proceeding without error
(which is what would happen if we correctly interpreted the length
as negative).
On Solaris, this can manifest as a failed write, when writing to a
location far beyond the file's EOF from the fileserver's point of
view, because Solaris writes can trigger a fetch for the same area.
Seeking to a location far beyond the file's EOF and writing can
trigger this, as can a normal copy into AFS, if the file is large
enough and the cache is large enough. To explain in more detail:
When copying a file into AFS, the cache manager will buffer the dirty
data in the disk cache until the file is synced/closed, or we run out
of cache space. While this data is buffering, the application will
write into an offset, say, 3GiB into the file. On Solaris, this can
trigger a read for the same region, which will trigger a fetch from
the fileserver at the offset 3GiB into the file. If the fileserver
does not contain the fix in commit 529d487d65d8561f5d0a43a4dc71f72b86efd975, it will respond with a large
negative number, which we interpret as a large positive number; much
larger than the requested length. This will cause the fetch to fail,
which then causes the whole write() call to fail. Specifically this
will fail with EINVAL on Solaris, since that is the error code we
return from afs_GetOnePage when we fail to acquire a dcache. If the
cache is small enough, this will not happen, since we will flush data
to the fileserver before we have a large amount of dirty data,
e.g., 3GiB. (The actual error occurs closer to 2GiB, but this is just
for illustrative purposes.)
To fix this, detect the various ranges of values mentioned above, and
handle them specially. Lengths that are too large will yield an error,
since we cannot handle values over 2^31-1 in the rxfs_* framework
currently.
For lengths that are negative, just act as if we received a length of
0. Do this for both the 64-bit codepath and the non-64-bit codepath,
just so they remain identical.
[mmeffie@sinenomine.net: directly use 64 bit comparisons, don't mask
end call error code, commit nits.]
Reviewed-on: http://gerrit.openafs.org/11829 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit c0f52c3a3d76059c9d8b2df3374df844d8d6861b)
Change-Id: If6b9debe3f6381634b15be4529931422d908c2aa
Reviewed-on: https://gerrit.openafs.org/12214 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Most of the time, this is fine. However, if 'position' is more than
2GiB greater than file_length, 'size' will calculated to be smaller
than -2GiB. Since 'size' in this code is a signed 32-bit integer, this
can cause 'size' to underflow, and result in a value closer to
(positive) 2GiB.
This has two potential effects:
The afs_AdjustSize call in afs_GetDCache will cause the underlying
cache file for this dcache to be very large (if our offset is around
2GiB larger than the file size). This can confuse other parts of the
client, since our cache usage reporting will be incorrect (and can be
even way larger than the max configured cache size).
This will also cause a read request to the fileserver that is larger
than necessary. Although 'size' will be capped at our chunksize, it
should be 0 in this situation, since we know there is no data to
fetch. At worst, this currently can just result in worse performance
in rare situations, but it can also just be very confusing.
Note that an afs_GetDCache request beyond EOF can currently happen in
non-race conditions on at least Solaris when performing a file write.
For example, with a chunksize of 256KiB, something like this will
trigger the overflow in 'size' in most cases:
Michael Meffie [Tue, 16 Dec 2014 21:13:01 +0000 (16:13 -0500)]
vlserver: do not perform ChangeAddr on mh entries, except for removal
Fix a long standing bug in the ChangeAddr RPC which damages the vldb,
When vos changeaddr is run with -oldaddr and -newaddr, and the -oldaddr
is present in an multi-homed entry, instead of changing the address in
the mh entry, the server slot is "downgraded" to a single homed entry
and the mh entry is orphaned in the vldb.
Instead, if the -oldaddr is in a multi-home entry, refuse to change the
address with a VL entry not found error and log the event.
Multi-homed addresses can be changed manually using the vos setaddrs
command which calls the RegisterAddrs() RPC.
Reviewed-on: http://gerrit.openafs.org/11639 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Daria Brashear <shadow@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 1cc77cd43732cca1c617db329a71693903d2b699)
Change-Id: I14a77317d582dd1cb8490e643b8fdfc86f4942c0
Reviewed-on: https://gerrit.openafs.org/12089 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Stephan Wiesand [Thu, 7 Apr 2016 08:58:30 +0000 (10:58 +0200)]
Linux: Fix misleading indentation and other whitespace
Commit 7edc6694e7632c9736bd1516935604a638165313 introduced a
misleading indentation of a line in afs_linux_prefetch. Correct
it, and once here remove trailing whitespace throughout the file.
Reviewed-on: https://gerrit.openafs.org/12253 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 3609ebcfa3f70ca7612364c0cc2345b1d7f1096b)
Change-Id: I0d42c6751b835308c692c0ebb7d217f56ad5cf2a
Reviewed-on: https://gerrit.openafs.org/12254 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Jeff Blaine [Thu, 19 May 2011 01:46:52 +0000 (21:46 -0400)]
Hide -noexecute in favor of -dryrun
Makes all previous -noexecute arguments hidden (still callable)
and replaces them with -dryrun whose help text has been made
common where appropriate instead of the 3 previous ways the
argument was explained.
Marcio Barbosa [Tue, 29 Dec 2015 13:31:43 +0000 (10:31 -0300)]
afs: do not allow two shutdown sequences in parallel
Often, ‘afsd -shutdown’ is called right after ‘umount’.
Both commands hold the glock before calling ‘afs_shutdown’.
However, one of the functions called by 'afs_shutdown', namely,
‘afs_FlushVCBs’, might drop the glock when the global
'afs_shuttingdown' is still equal to 0. As a result, a scenario
with two shutdown sequences proceeding in parallel is possible.
To fix the problem, the global ‘afs_shuttingdown’ is used as an
enumerated type to make sure that the second thread will not run
‘afs_shutdown’ while the first one is stuck inside ‘afs_FlushVCBs’.
Reviewed-on: http://gerrit.openafs.org/12016 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 70fd9bc6dcc79cb25e98cdcfd0f085c4bf4f310a)
Change-Id: I073d1914a7daa858a78305ff154074f2a51a9f5f
Reviewed-on: https://gerrit.openafs.org/12179 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
"local" links to section heads inside the same pod page should be written
L</OPTIONS> instead of L<OPTIONS>. the other broken links are assorted
typos and capitalization changes.
Note: This crash was exposed by other bugs (to be addressed in future
commits) in OpenAFS large volume support. However, there may
be other failure paths (unrelated to large volumes) that expose
this error as well.
When VAllocVnode() must allocate a new vnode but fails while
updating the vnode index file (e.g. an "addled bitmap" due to other
bugs in working with a vnode index larger than 2^31 bytes), it branches
to common recovery logic at label error_encountered:.
Part of this recovery is to call VFreeBitmapEntry_r(). Commit 08ffe3e81d875b58ae5fe4c5733845d5132913a0 added a VOL_FREE_BITMAP_WAIT
flag to VFreeBitmapEntry() in order to prevent races with VAllocBitmapEntry().
If the caller specifies VOL_FREE_BITMAP_WAIT, VFreeBitmapEntry_r will
call VCreateReservation_r() and VWaitExclusiveState_r(). However, the
exit from VFreeBitmapEntry_r() calls VCancelReservation_r() unconditionally.
This works correctly with the majority of callers to VFreeBitmapEntry_r,
which do specify the VOL_FREE_BITMAP_WAIT flag.
However, the VAllocVnode() error_encountered logic must specify 0 for
this flag because the thread is already in an exclusive state
(VOL_STATE_VNODE_ALLOC). This correctly causes VFreeBitmapEntry_r() to
forgo both the reservation and wait-for-exclusive-state. However, before
exit it erroneously calls VCancelReservation_r(). We now have unbalanced
reservations (nWaiters); this causes an assert when the VAllocVnode()
error_encountered recovery code later calls VCancelReservation_r()
for what it believes is its own prior reservation.
Modify VFreeBitmapEntry_r() to make its final VCancelReservation_r()
conditional on flag VOL_FREE_BITMAP_WAIT.
Reviewed-on: http://gerrit.openafs.org/11983 Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Jeffrey Altman <jaltman@auristor.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit d833ba768064a32a19c6b0b94ffb0d8a3a40a089)
Change-Id: Ia146ca55b1c0497d475357e61eaeb061a11bd597
Reviewed-on: https://gerrit.openafs.org/12209 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Commit a14e791541bf19c6c377e68bc2f978fba34f94b1
refactored and corrected the counting of requests and aborts.
However, it inadvertently introduced a new undercount for
VL_GetEntryByName* requests, counting them only if
NameIsId(volname), e.g. volname="536870911".
Ensure that the normal case of a non-"numeric" volname is
also counted.
Discovered during review of pullup to 1.6.x.
Reviewed-on: http://gerrit.openafs.org/12106 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 670381aa5d3a7bc91ad74c7499605cca2c33d612)
Change-Id: Ic41f8775e4897efe5f6280b56d06d733865556a2
Reviewed-on: https://gerrit.openafs.org/12113 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Simon Wilkinson [Thu, 19 May 2011 14:06:15 +0000 (15:06 +0100)]
vlserver: Tidy up request counting
Tidy up the counting of requests and aborts in the vlserver. Don't
hide a variable allocation within a macro, convert macros to inline
functions, and make it possible to not count particular operations
by passing in an opcode of 0.
Michael Meffie [Fri, 30 Jan 2015 17:20:10 +0000 (12:20 -0500)]
volser: detect eof in dump stream while reading acl
Detect an EOF condition while reading the ACL in a dump stream
and return a restore error, instead of filling the ACL with
0xFF and then failing the restore due to an invalid tag.
Reviewed-on: http://gerrit.openafs.org/11703 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit ed52d65fe98549e13023e0a8997da479b626085a)
Change-Id: I9aacd635b8bbf89923db0121639d5112ab775c19
Reviewed-on: https://gerrit.openafs.org/12185 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Sun, 22 Nov 2015 20:23:49 +0000 (14:23 -0600)]
cellconfig: check for invalid dotted quads
IP addresses entered into the CellServDB with components larger
than 255 would silently be trucated down to 8-bit unsigned integer
representations. This could cause confusing behavior with
occasional hangs.
FIXES 131794
Reviewed-on: http://gerrit.openafs.org/12109 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 97150150e6d12cbbc0c4a5af3424c9bf1e56918c)
Change-Id: I4e628ab7e12e33b23cc513a268879de115ddec2e
Reviewed-on: https://gerrit.openafs.org/12210 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Fri, 30 Jan 2015 17:12:03 +0000 (12:12 -0500)]
volser: range check acl header fields during dumps and restores
Perform range checks on the acl header fields when reading an
acl from a dump stream and when writing an acl to a dump
stream.
Before this change, a bogus value in the total, positive, or
negative acl fields from a dump stream could cause an out of
bounds access of the acl entries table, crashing the volume
server.
Reviewed-on: http://gerrit.openafs.org/11702 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 0bf9fba458b39035a09f45c1b63f1e65672d4c00)
Change-Id: Icebeb1d62900a7978f02177627a30e41de49a182
Reviewed-on: https://gerrit.openafs.org/12127 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Wed, 24 Feb 2016 21:57:11 +0000 (16:57 -0500)]
LINUX: ifconfig is deprecated
ifconfig is deprecated and is no longer installed by default on RHEL 7 and
Centos 7. Use the replacement ip command in the init script for linux.
Fallback to ifconfig in the event the ip command is not available.
Thanks to Ben Kaduk for pointing out the hash built-in command.
Reviewed-on: http://gerrit.openafs.org/12192 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit b702ab5da216976ed01ad3b1c474ecd4cc522ff2)
Change-Id: I9ffdfee233555f1e06bc4f980e2905851224ecc9
Reviewed-on: https://gerrit.openafs.org/12193 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Sun, 22 Nov 2015 19:24:43 +0000 (13:24 -0600)]
volser: set error, not code, before rfail
The rfail cleanup handler overwrites 'code' ~unconditionally, but
does use an existing 'error' value if present. Since the intent
is to return failure to the caller, preserve the code in the error
variable and do so.
projects / packages / o / openafs.git / log