Jeffrey Altman [Wed, 27 Feb 2013 20:19:41 +0000 (15:19 -0500)]
Windows: afsio reduce library link list
When linking afsio many of the libraries specified in the EXELIB3
list were unnecessary. The only lib in the list that is required
is libcmd.lib. Rename EXELIB3 to LIBCMD and prune the rest.
Jeffrey Altman [Wed, 27 Feb 2013 20:07:57 +0000 (15:07 -0500)]
Windows: Remove RXAFS* from afsrpc.dll
afsrpc.dll is supposed to be the multi-threaded dynamic loadable
version of the RX package. It has also included the RXAFS and
RXAFSCB client functions from src/fsint. Including the RXAFS* is
nice in theory but in practice the afsd_service.exe must link to
afsint.lib anyway in order to obtain access to RXAFSCB_ExecuteRequest()
which is part of the server portion. Linking to both results in
multiple instances of the same symbols in which case afsint.lib
must be linked to first and the dynamic version of the functions
are ignored.
The only other module that used RXAFS* functions from afsrpc.dll
is the adminutil library from the libadmin package. adminutil
doesn't implement the server functions but it can just as easily
link against afsint.lib.
Removing RXAFS* from afsrpc.dll results in a library that only
contains RX, RXSTATS, core xdr and rxkad.
This patchset also fixes some minor bugs:
1. $(UTILOBJS) were not being linked to the library due to
a typo.
2. Always use multi-thread safe versions of afsutil.lib
even though a dedicated afspthread.dll existed and all pthreaded
modules must link to afspthread.dll and not all link to
afsauthent.dll. Move these functions and the global mutex variable
to afspthread.dll to ensure that only one instance of the variable
is present in any binary.
Also remove from src/libafsauthent/NTMakefile the local building
of src/util object files and link to mtafsutil.lib.
Simon Wilkinson [Wed, 27 Feb 2013 10:34:59 +0000 (10:34 +0000)]
ubik: Avoid unlinking garbage
If SDISK_SendFail fails before the pathname to the temporary file
has been constructed, then the failure handler will unlink stack
garbage, with variable results.
Initialise the string, and check to see if it has contents before
calling unlink
Simon Wilkinson [Wed, 27 Feb 2013 10:28:05 +0000 (10:28 +0000)]
Unix CM: Don't free cell, then release lock on it
If afs_NewCell fails, then we can end up releasing a lock on a
section of memory that we have already freed. As this only happens
if the memory we're operating on is newly allocated and not yet
visible to anyone else, it is safe to release the lock before
starting to tidy things up.
Simon Wilkinson [Wed, 27 Feb 2013 10:11:21 +0000 (10:11 +0000)]
libafscp: Can't unlock something we've freed
When we call _StatCleanup on a stored statent structure, it
deletes the mutex, and frees the structure itself. This means it
can't be called with a locked structure as the mutex deletion
will fail, and then we'll try to reference freed memory when we
later unlock that mutex.
Fix this by unlocking the mutex before calling _StatCleanup. This
is safe because the only reference to the structure visible to other
threads must have been deleted by the time we reach this point.
Simon Wilkinson [Wed, 27 Feb 2013 09:23:07 +0000 (09:23 +0000)]
pt_util: Protect against corrupt input files
If we have an input file which contains a group membership line
(with a leading space) before any group definitions occur, pt_util
would use stack garbage as the group to create these members in.
Avoid this by requiring the presence of a group line before any
membership lines.
Simon Wilkinson [Tue, 26 Feb 2013 22:27:25 +0000 (22:27 +0000)]
auth: Fix buffer overflow in afsconf_Open
If we fallback to the .AFSCONF file in the user's homedirectory,
the results of getenv("HOME") are copied into a fixed length string,
without checking for overflows.
Instead of risking this, just use asprintf to dynamically construct
a string, and free it when we are done.
Simon Wilkinson [Tue, 26 Feb 2013 21:30:20 +0000 (21:30 +0000)]
bos_util: Fix buffer overflow
Get rid of a buffer overflow in the bos_util utility, by just
printing the key from the 'tbuffer' string, rather than copying
it into 'x' which is too small for it.
Simon Wilkinson [Tue, 26 Feb 2013 21:28:52 +0000 (21:28 +0000)]
volser: Fix bad readlink usage
readlink fills the buffer passed to it with a non-terminated string.
It can legitimately fill the whole of this buffer. So, if we require
a string to be NUL terminated, we must give readlink one less than
the string length so that the termination character can be safely
appended.
ptserver/testpt.c: remove dead code in ListUsedIds
A part of the current ListUsedIds code is:
range = abs(startId - maxId);
if (range < 0)
range = -range;
The only way abs() could return a negative value would be if its
argument was INT_MIN (-2147483648) to begin with, because -INT_MIN
cannot be represented in two's complement. However, calling
abs(INT_MIN) is undefined behavior in C [see C99 7.20.6.1], and for
that matter, so would be computing -range (-INT_MIN) in that case,
so we could still be left with a negative range value.
Luckily, (startId - maxId) can never be INT_MIN. If startId < 0,
then maxId <= startId, so in the worst case, when maxId = INT_MIN
and startId = -1, (startId-maxId)=INT_MAX. If startId >= 0, then
maxId >= startId, so in the worst case, when maxId = INT_MAX and
startId = 0, (startId-maxId)=-INT_MAX=INT_MIN+1.
Simon Wilkinson [Tue, 26 Feb 2013 12:30:00 +0000 (12:30 +0000)]
ptserver: Zero ubik header before writing to it
When using pt_util's ubik shim, if we're creating a new ubik label
make sure to zero the whole structure before writing it out to disk.
Otherwise we get a shorts worth of stack garbage in the resulting
file.
Mark Vitale [Tue, 26 Feb 2013 14:31:43 +0000 (09:31 -0500)]
vos: Unrecognized or ambiguous switch '-c'
The documented abbreviation '-c' for '-cell' no longer works since
the -config option was added. Add a parm alias '-c' to restore
compatibility with previous syntax.
Simon Wilkinson [Tue, 26 Feb 2013 12:26:36 +0000 (12:26 +0000)]
ptserver: Rename ubik.c as ptubik.c
Coverity gets confused between ubik/ubik.c and ptserver/ubik.c,
and produces a load of false positives. Rename the ptserver ubik
shim (which is only used by pt_util) in order to reduce this
confusion.
Simon Wilkinson [Tue, 26 Feb 2013 12:21:59 +0000 (12:21 +0000)]
ubik: Zero header before writing to disk
The ubik disk header contains a padding field, which is never
zeroed before being written out to disk. This means that there is
a shorts worth of stack garbage in every ubik label!
Just zero the whole structure with memset before we populate it.
Simon Wilkinson [Tue, 26 Feb 2013 12:17:29 +0000 (12:17 +0000)]
viced: Don't write out garbage when extending file
When we extend a file, we write a single byte of data to it - tlen
is used as a source for this single byte. However, in the current
code, tlen is used uninitialised. Set it to 0, so we don't write a
byte of stack garbage.
Simon Wilkinson [Mon, 25 Feb 2013 23:13:47 +0000 (23:13 +0000)]
Add krb5_enomem for config parser & kernel crypto
The imported code form Heimdal that forms our config file parser
and kernel rfc3961 library now makes use of krb5_enomem. Provide
an implementation so we build again ...
Kumar Thangavelu (1):
unning "kinit --fast-armor-cache=xxx" against a Win2K3 domain resulted in a crash with the attached backtrace. FAST is not supported with RC4 keys which are used in Win2K3. The code already handles this but the error code is not propagated up the stack.
Love Hornquist Astrand (1):
add socket_set_nonblocking
Roland C. Dowdeswell (3):
Optimise _krb5_n_fold() a bit.
Use krb5_enomem() more consistently in lib/krb5.
Further improvements to lib/krb5/n-fold.c:
Simon Wilkinson [Wed, 20 Feb 2013 14:54:55 +0000 (14:54 +0000)]
volser: Make it clear what's copied from partList
XVolListPartitions uses partList to maintain a list of partition
IDs - it does not use the partFlags field. Make it clear when we
populate the partEntries field that we are only copying the
partition list.
Simon Wilkinson [Sun, 24 Feb 2013 12:53:59 +0000 (12:53 +0000)]
budb: Store dumper information correctly
Change f498c18a6f7300eb89ca3b9d9b85c4d461fa8474 attempted to fix
a problem with using an inappropriate function to copy the
ktc_principal value 'principal' into the d.dumper structure element.
Originally the code read:
principal_hton(&principal, &d.dumper)
which copies the 'host' principal principal into the 'net' structure
d.dumper. However, this was changed to
principal = d.dumper
Which populates 'principal' with whatever garbage is in the d.dumper
structure.
Fix this so that the assignment is done the right way around.
Simon Wilkinson [Sun, 24 Feb 2013 12:43:27 +0000 (12:43 +0000)]
budb: Simplify scanHashTableBlock
We don't need to maintain two copies (entryAddr and nextEntryAddr)
of the entry address - rework the while loop so we just use one,
and make clang a little happier
Simon Wilkinson [Sun, 24 Feb 2013 12:36:02 +0000 (12:36 +0000)]
viced: Unused sentinel in h_stateVerifyUuuidHash
The 'found' sentinel in h_stateVerifyUuidHash is unused, because
as soon as we set it, we jump out to the 'done' label. Simplify the
function's logic, and remove a static analysis warning, by just
removing the variable.
Simon Wilkinson [Sun, 24 Feb 2013 10:48:14 +0000 (10:48 +0000)]
bucoord: Remove dead initialisation
offset is simply used as a copy of nextOffset for the GetText
function call. We don't need to initialise it to 0 at the start of
the loop (and arguably, as it is passed to the function by value,
we could just remove the copy entirely)
Simon Wilkinson [Sun, 24 Feb 2013 10:43:52 +0000 (10:43 +0000)]
budb: Fail if afsconf_GetExtendedCellInfo does
Rather than silently ignoring the failure of
afsconf_GetExtendedCellInfo, and then using garbage cell
configuration, just fail to start if afsconf can't parse the
config directory.
Jeffrey Altman [Mon, 25 Feb 2013 05:17:46 +0000 (00:17 -0500)]
Windows: Test NameArrayReferenceCount before deletion
In commit c753d398f2005c886932f20b49af15efc489a829 the
AFSDirectoryCB.DirOpenReferenceCount was split and the
NameArrayReferenceCount field was added. However, it failed to modify all
of the DirOpenReferenceCount checks prior to calling AFSDeleteDirEntry()
to include a check on the NameArrayReferenceCount. This patchset corrects
that oversight.
Simon Wilkinson [Tue, 19 Feb 2013 15:25:12 +0000 (15:25 +0000)]
kauth: realm can't be NULL when calling CellToRealm
Despite what the static analyzer thinks, ka_CellToRealm can't be
called with a NULL realm. Just add an assert to close down that
code path, and stop it from producing an error.
Simon Wilkinson [Fri, 22 Feb 2013 10:23:43 +0000 (10:23 +0000)]
viced: Allow GetCapabilities to return an error
At the moment, the GetCapabilities RPC handler ignors errors from
CallPreamble or CallPostamble. Instead of silently swallowing these,
and potentially reutnring a bogus capabilities structure, make
it possible for the RPC to return failure to the caller.
Simon Wilkinson [Fri, 22 Feb 2013 10:16:10 +0000 (10:16 +0000)]
viced: Don't store rc from IH_DEC on error path
If CopyOnWrite has already failed, and is taking the volume offline
for salvage we can't (and don't) do anything with further errors from
IH_DEC. Instead of assigning these to 'rc', just ignore them.
Simon Wilkinson [Fri, 22 Feb 2013 10:30:56 +0000 (10:30 +0000)]
afsmonitor: Allow CBSTATS collection to work
The switch which selects the collection number was missing a
'break', so selecting the CBSTATS collection would always fall
through to the default, error, case.
Simon Wilkinson [Thu, 21 Feb 2013 20:36:19 +0000 (20:36 +0000)]
libadmin: Fix a lot of dead assignments in vsprocs
Tidy up a lot of places where we initialise a variable, then
immediately assign a proper value to it, or store a return value
that we don't actually care about.
Simon Wilkinson [Wed, 20 Feb 2013 11:17:41 +0000 (11:17 +0000)]
volser: Don't assign code when we don't care
When we're cleaning up temporary volumes, we don't care whether
it succeeds or not. Don't assign code to the results of these
volume deletions, only to then discard it.
Simon Wilkinson [Tue, 19 Feb 2013 17:22:08 +0000 (17:22 +0000)]
fs: Free parent_dir later in lsmount and flushmount
If lsmount or flushmount encounter an error, then they may include
the contents of parent_dir in their error message. However, in both
cases, this was freed a couple of lines earlier.
Just move the free() later, so that the contents of this variable
are still available.
Simon Wilkinson [Tue, 19 Feb 2013 17:15:42 +0000 (17:15 +0000)]
fstrace: Avoid accessing icl log after zapping it
The for loop in icl_EnumerateLogs looks up the next pointer in the
current entry after zapping it. Depending on reference counts, this
may result in us looking up freed memory.
Take a copy of the next point before zapping the current entry, just
in case.
Simon Wilkinson [Fri, 22 Feb 2013 16:54:17 +0000 (16:54 +0000)]
Unix CM: Fix byte accounting for storebehind
In the current version of CacheStoreDCaches, the stored variable is
maintained within the for loop that iterates over the chunk list. This
means that it is reset to 0 each time we handle a new chunk.
However, this means that our progress is no longer accurately tracked,
as (bytes - stored) no longer gives the number of bytes which remain to
be transfered. In fact, as stored is zeroed with each loop iteration,
(bytes - stored) == bytes. This means that store behind is no longer
activated according to the users settings.
Prior to commit 334114ac58b0039ae90d7e29fa2f019fe068bd79, the
stored variable was maintained within the outer, function, scope.
Just move it back there to restore the previous behaviour.
Simon Wilkinson [Thu, 21 Feb 2013 22:15:11 +0000 (22:15 +0000)]
Unix CM: Don't zero args on dcache failure
Even if allocating the dcache fails, there's no point zeroing the
parameters to the allocation function, as those changes aren't
visible outside of that function.
Jeffrey Altman [Sun, 16 Dec 2012 17:42:17 +0000 (12:42 -0500)]
Windows: Direct IO Support for Service
This patchset implements and enables by default the new
Direct IO pathway between the AFS redirector and the afsd_service.exe.
When Direct IO is enabled all reads and writes are performed by the
AFS redirector locking memory allocated by the kernel and mapping it into
the service's memory address space.
The service supports cache bypass in this mode when the
AFS_REQUEST_FLAG_CACHE_BYPASS flag is set in the request from the
redirector. When cache bypass is active, the AFSCache file is ignored and
data is either directly fetched from or stored to the file server. Cache
bypass is enabled by IIS and other applications that request no
intermediate buffering when opening file handles. This is often done
because the application implements its own data caching. All cache bypass
store operations are synchronous.
When cache bypass is not enabled, the memory region provided by the AFS
redirector is either used to populate the cm_buf_t objects or is populated
by them. When cache bypass is not enabled, one outstanding store
operation can be in flight asynchronously to improve performance.
Direct IO is enabled by default and can be disabled by creating the
registry value.
Peter Scott [Fri, 25 Jan 2013 05:46:37 +0000 (00:46 -0500)]
Windows: Direct IO for AFS Redirector
Implement a new IO processing model in which extents are not passed between
afsredirlib.sys and afsd_service.exe. Instead the AFSCache file is
maintained exclusively by the service and the redirector locks kernel
memory, maps it into the service's address space, and permits the service
to manage all IO directly.
This interface adds an AFS Cache Bypass option to the AFS Redirector which
is activated when the file handle has been opened with the no intermediate
buffering option.
This patchset implements the kernel interface. A subsequent
patchset will implement the service component.
Assisted by Jeffrey Altman <jaltman@your-file-system.com>
Change-Id: I25a4764db060b3b3f2b0de4006479dd3a220c6eb
Reviewed-on: http://gerrit.openafs.org/9210 Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Jeffrey Altman [Fri, 25 Jan 2013 07:21:27 +0000 (02:21 -0500)]
Windows: Add flag BUF_GET_FLAG_BUFCREATE_LOCKED
Modify the buf_Get() and buf_GetNewLocked() interfaces to
permit the cm_scache.bufCreateLocked lock to be held prior to
calling to buf_Get(). Holding the cm_scache.bufCreateLocked lock
before the buf_Get() call prevents a race with another thread
that attempts to set the file size.
Peter Scott [Fri, 15 Feb 2013 13:44:06 +0000 (08:44 -0500)]
Windows: Permit direct to service non-wildcard lookups
The AFS redirector has required that directories be fully enumerated
when the directory object is opened. This is a very expensive
operation involving large numbers of file server RPC round trips for
directories with tens of thousands of objects and those containing
symlinks.
This patchset delays directory enumeration for the last component
in a path until such time as dirctory data is requested by the
application. If the request is for a non-wildcard pattern, the
service will be asked to provide the details for just the one required
object.
Delaying the directory enumeration improves performance for
GetFileAttributes[Ex], GetDiskFreeSpace[Ex], GetVolumeInformation,
and GetNamedSecurityInfo Win32 API calls. In those cases it is
no longer necessary to enumerate the target directory at all.
Change-Id: I7ef2fbafff925697d8b40e56837ef53bfcc78542
Reviewed-on: http://gerrit.openafs.org/9118 Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Jeffrey Altman [Tue, 19 Feb 2013 04:11:27 +0000 (23:11 -0500)]
Windows: EvalByName pass LastComponent flag
Add AFS_REQUEST_FLAG_LAST_COMPONENT flag for use with
AFS_REQUEST_TYPE_EVAL_TARGET_BY_NAME requests to the service.
When set the service will perform cm_Lookup calls without the
CM_FLAG_CHECKPATH flag set.
Change-Id: I47ec2fb8b1e2699f2d87a6625b1db549ecb4e03d
Reviewed-on: http://gerrit.openafs.org/9133 Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Jeffrey Altman [Tue, 19 Feb 2013 02:26:23 +0000 (21:26 -0500)]
Windows: EvaluateByName support case-insensitive lookups
Directory lookups in AFS should favor case-sensivite matches
but permit case-insensitive matches otherwise. The service
should not follow mount points. The redirector exposes mount
points as junctions.
Rod Widdowson [Tue, 19 Feb 2013 16:12:26 +0000 (16:12 +0000)]
Windows: Move work item queues over to the Control Device
Currently, when the library is unloaded it stops all worker
threands and then evaporates the work item queues. Thus
any work items which are pending will disappear.
Whilst it is OK that the threads going away, any work items need to
remain queued so that when the library is restarted the work
can continue. This checkin does this by moving the work item
queues and their synchronization primitives into the FS maintained
Control Device Object Extension. The list of worker threads
remains in the Library Device Object Extension.
Change-Id: If5c7cd3bdfea1a368c8df69649e627bac3a9585f
Reviewed-on: http://gerrit.openafs.org/9139 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
projects / packages / o / openafs.git / log