Protect against a heap overwrite that could occur is the number of file
servers or vldb servers grows while the maximum number of connections
is computed and when the connection list is populated.
plus and equal are not valid characters in short names.
we replace them with left and right brace in order to
minimize the instability in the file names.
1. In multi-threaded applications deadlocking is always a problem.
Deadlock avoidance requires a strict adherence to a documented
hierarchy. The lock hierarchy for OAFW is described in a file
called locks.txt. There are two problems. First, some of the
locks are not included in locks.txt. Second, it is nearly
impossible given the depth of function calls for any programmer
to identify all of the locks that are held at any given time
a function is called. This patch implements a new locking order
verification mechanism. Each lock is assigned a lock level at
initialization. Each thread maintains a queue of held locks.
Each time a lock is acquired the queue is checked to ensure that
no locks with a higher level than the requested lock has already
been acquired. If a violation occurs, the service panics.
2. When the service panics ensure that a minidump will always be generated.
3. Remove unused lock cm_bufGetMutex.
4. The lock order verifier identified approximately a dozen
lock order violations that are corrected.
5. A race condition within the function path cm_GetSCache() ->
cm_GetNewSCache() -> cm_RecycleSCache() permitted a cm_scache_t
object to be issued simultaneously to two threads. This would
eventually result in a panic due to the resulting under count.
6. Fix interpretation of the empty string as the ioctl path to
mean the current directory. "fs lsm", "symlink list", etc.
now return a "not a ..." error instead of "does not exist".
7. Add SMB_STRF_SRCNULTERM flag to smb_ParseStringXXX functions
to indicate that the input string is a nul terminated string.
Assign it when input strings are nul terminated.
8. The CIFS protocol specification for handling NT_TRANSACT_CREATE
does not match the observed behavior. The 'nameLength' is specified
in bytes not in characters. Fix the implementation to match.
9. The cm_HaveAccessRights() attempt at deadlock avoidance by calling
lock_TryRead() on the parent directory cm_scache_t rw-lock does not
avoid the deadlock. Avoid the deadlock by enforcing the lock order
of lowest vnode first. Then remove the infinite loop avoidance in
cm_SyncOp() that was returning an unwarranted access denied error.
Another casaulty of the Unicode transition, the return value of the
ListLink operation was not being convered from wchar to char before
it was copied into the output buffer.
When afsd_service.exe is not running as a service do not call the
Service Manager functions. Doing so causes invalid access exceptions
to be thrown in the kernel and can corrupt the heap.
Use GetDriveType() to check if the current path is a local disk.
If it is, fail the pioctl attempt immediately. This should avoid
the reported 30 second delay in the AFS Shell Extension.
Prevent rxi_MorePacketsNoLock() from dereferencing a NULL pointer if
the requested allocation size cannot be satsified. In that case back
off the number of packets until osi_Alloc() succeeds or panic if no
packets can be allocated at all.
In AllocPacketBufs() do not transfer more than rx_TSFPQGlobSize packets.
Modify RX_TS_FPQ_GTOL2() macro to protect against transfering more packets
that are actually free.
Modify RX_TS_FPQ_COMPUTE_LIMITS() to enforce a rx_TSFPQGlobSize maximum
value of 64 packets to prevent ever increasing allocation sizes within
AllocPacketBufs()
make the nls module compatible with windows 2000.
cannot use LOCALE_INVARIANT instead must lie and
say everyone is US English. windows 2000 does not
have normalization functions and now doesn't have
case insensitive string comparison functions either
for languages other than English.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
LICENSE MIT
not all applications that link to cm_nls perform initialization.
Call initialization if it has not already been done explicitly.
Derrick helped identify a few locations where rw or mx locks where
not properly being tracked. As a result there were some locations
in which an assertion could be thrown due to releasing the wrong
type of lock.
Also added lock_AssertXXX calls to some locations to ensure that
the correct lock type is being held when the calls are made. volume
location updates, cm_SyncOp, cm_SyncOpDone.
Return CM_ERROR_READONLY if the caller wants PRSFS_DELETE and the
volume is readonly.
In cm_CheckNTDelete() do not call cm_SyncOpDone if cm_SyncOp failed
Do not force the use of fake directory data if the user does not
have PRSFS_READ on the directory. Let the bulkstatus call take
place now that it is actually being used efficiently.
In ApplyV3SearchDirPatches, use cm_SyncOp(CM_SCACHESYNC_GETSTATUS)
to obtain the status info for Freelance entries instead of the
bulkstatus call.
Fix the truncation of 8.3 names in directory search responses.
Do not permit GetAccessRights() to be called multiple times within
cm_SyncOp for the same rights check. If the GetAccessRights() succeeded
and in the next loop the rights check fails, the user simply doesn't
have the rights.
Move a call to cm_SyncOpDone(FETCHSTATUS) from GetBuffer() to MergeStatus().
Anytime an RPC completes successfully we get updated status info for
the object. Might as well allow threads waiting for status info to us
it.
Only return 50 items at a time to the caller.
Do not apply patches based on buffer boundaries. Instead
apply patches when AFSCBMAX entries are ready to be processed
in order to minimize the number of RPCs.
Apply the bulk stat improvements to smb_ApplyDirListPatches() and
smb_ReceiveCoreSearchDir() for consistency even though
smb_ReceiveCoreSearchDir() is no longer called by any of the platforms
we support.
minimize the number of RPCs sent to the file server. only request
status for objects that we are actually reporting on and only if
we do not already have status for the object
and then make sure that we return as much as we can at once but
not so much that it exceeds the RDR timeout
When the cache manager is shutting down, return an error to all
callback requests. Otherwise, it is possible for a callback to get
stuck waiting for a lock and when the lock clears to be left with
nothing but invalid memory addresses to crash on.
In the meantime, the file server is waiting for the response.
define DEBUG_SMB_REFCOUNT in smb.h to activate refcount debugging
versions of the functions that log the file and line number as
well as object and refcount. This is for use in debugging refcount
leaks.
rename GetPacket and GetNCB to smb_GetPacket and smb_GetNCB, etc.,
to enforce the name space. Do not confuse with similar Win32 API
functions.
restructure some code that refers to smb_vc_t references in order
to clarify where the refcount is dropped.
deltas windows-smb-dead-vc-gc-20080627 and
windows-dead-vc-cleanup-take-two-20080703 attempted to
protect against an infinite recursion when cleaning up
dead smb virtual circuits. they failed to address the
incrementing of the vc refcount in smb_ReleaseVCInternal
when it is about to call smb_CleanupDeadVC. If the vc
is already being cleaned, then smb_ReleaseVCInternal
should not increment the refCount and should not call
smb_CleanupDeadVC.
validate the specified volume to make sure it exists before permitting
the mount point to be created. This will catch many instances in which
the user swaps the parameters to "fs mkmount".
When recycling cm_volume_t objects, avoid a race condition that could
result in the same cm_volume_t object being recycling simultaneously
in two threads. The end result would be a reference count miscount
and an undercount assertion being thrown.
When an error such as access denied, out of space, out of quota,
invalid fid, etc. is received while writing a dirty buffer to the
file server, apply that error code to all outstanding dirty buffers
immediately instead of attempting to write each buffer to the file
server only to obtain the same error.
as part of the restructuring of code to separate the smb layer
from the cm layer, large file support was broken. Define AFS_LARGEFILES
in the right place so that it will be used in the cm.
avoid corrupting length in vnodeds when salvaging directories.
avoid tag reuse leaving data behind (not verified)
avoid not marking something busy during salvage
The ioctl-prefix-data can be accessed either via a char_t or a wchar_t.
Copy the data buffer with memcpy() and not strcpy() because we need to
copy the entire string if it happens to be Unicode.
projects / packages / o / openafs.git / log