Mark Vitale [Tue, 4 Sep 2012 13:06:44 +0000 (09:06 -0400)]
vos: convertROtoRW incorrect warning when RO not in VLDB
vos convertROtoRW will issue an incorrect warning about a partition
mismatch if the RO to convert is not in the VLDB. Only check the
partition if the RO is in the VLDB.
Simon Wilkinson [Mon, 21 May 2012 07:57:05 +0000 (08:57 +0100)]
Add libtool support
Add support for using libtool to the Unix build system to build
both pthreaded and lwp libraries. For purely pthread libraries,
this just provides convenience macros to invoke the standard GNU
libtool from the OpenAFS build system. For libraries that have
lwp variants, we provide an initial wrapper script - lwptool,
which handles building a non-PIC LWP object before asking libtool
to build the pthread variants.
For a given source example.c, example.o is the non-PIC pthread
object, .libs/example.o is the PIC pthread object, and
.lwp/example.o is the LWP object.
To use libtool for a particular library directory, add the line
include @TOP_OBJDIR@/src/config/Makefile.libtool
to the file's preamble. Makefile.pthread, or Makefile.lwp should be
included as normal to indicate whether the libraries in this Makefile
are pthread only, or should be built for both pthread and LWP objects.
The variables LT_current, LT_revision and LT_age may be used to control
the version of the shared objects produced. They have the same meaning
as that documented in the Versioning section of the libtool manual.
The LT_objs variable should be set to a space separated list of the .lo
objects included in the library. Note that there should _never_ be a
dependency on the .o form of these objects in the Makefile, as this
breaks parallel builds.
LT_deps is a list of the libtool dependencies of the library, and
LT_libs is a list of the external (non-OpenAFS) library dependencies.
A file called <libraryname>.sym should be created which contains a
newline seperated list of all of the symbols exported from this
library.
LWP library names remain the same as always. To distinguish the
pthreaded static and shared libraries these
LWP libraries should be linked using
libexample.a: $(LT_objs)
$(LTLWP_LDLIB) $(LT_objs)
Shared libraries should be linked using
libexample.la: $(LT_objs) $(LT_deps)
(note that the pattern rules in the included Makefile take care of the
build rule here)
If necessary, static convenience libraries can be produced using:
libconvenience.a: $(LT_objs)
$(LTLWP_LDLIB_static) $(LT_objs)
PIC convenience libaries can be linked using:
libconvenience_pic.a: $(LT_objs)
$(LTLWP_LDLIB_pic) $(LT_objs)
Libtool libraries should be installed using the $(LT_INSTALL_DATA) macro
Binaries linking agains libtool libraries should be linked using the
$(LT_LDRULE) or $(LT_LRDULE_static) options, with library paths in the
built locations relative to the top of the tree. For example
Simon Wilkinson [Wed, 22 Aug 2012 08:31:03 +0000 (09:31 +0100)]
util: Don't use rx-internal locking macros
The MUTEX_INIT, MUTEX_ENTER, MUTEX_EXIT and MUTEX_DESTROY macros
are intended for RX internal use only (they're an abstraction
interface so that the same locking code can be used in userspace and
in the kernel). They aren't appropriate for general purpose use.
Just use pthread calls directly for the serverLog locks.
Simon Wilkinson [Sun, 10 Jul 2011 12:50:03 +0000 (13:50 +0100)]
lwp: Don't depend on RX locking macros
The lwp library should be independent of RX (in fact, bits of it are
a dependency for RX). So, LWP cannot use the MUTEX_ENTER, CV_WAIT, and
so on macros that RX defines.
Just implement these natively within the pthreaded bits of lock.c to
remove the dependency.
Simon Wilkinson [Wed, 7 Sep 2011 13:59:17 +0000 (14:59 +0100)]
Further rationalise our usage of assert()
This patch futher improves our usage of assert() and friends. The
intention is to bring clarity to which forms of assert are used in
which situations, and to solve the problem of assert(X), or
osi_Assert(X) being used in a situation where X has side-effects.
It introduces two new assertion macros opr_Assert() and opr_Verify(),
and clarifies the usage of osi_Assert() and assert().
*) opr_Assert is a direct equivalent of assert(), with the exception
that its output can be redirected to a log file when used in server
code. It is the preferred version of assert for libraries, and server
side code. Note that whilst opr_Assert doesn't currently become a
no-op when NDEBUG is defined, the intention is that it will do so at
some point in the future.
*) opr_Verify(X) asserts if the value of X is false. Unlike assert()
it will always run X, regardless of whether the value is checked or
not. The eventual intention is that when NDEBUG is defined,
opr_Verify(X) => X
*) osi_Assert is an assertion macro intended for use in kernel code,
or in mixed kernel/userland code. When code is built for userspace,
osi_Assert(X) => opr_Assert(X)
*) assert is the system's own assert macro. It should only be used
in client code. Whilst a header (opr_assert.h) is provided to map
assert() to opr_Assert(), its use is discouraged
Simon Wilkinson [Thu, 24 May 2012 09:55:07 +0000 (10:55 +0100)]
viced: Don't use fasttime
For pthreaded builds, the FT_ routines are just wrappers around
gettimeofday() and time(). As viced is now an entirely pthreaded
directory, improve readibility, and reduce our dependencies, by
just calling the operating system routines directly.
Simon Wilkinson [Tue, 4 Sep 2012 11:33:02 +0000 (12:33 +0100)]
Fix aliasing problems in tptserver
Commit f2db78a346112f5320efc6f0b6b9fe4ae0d893d3 disabled strict
aliasing for ptutils.c and ptprocs.c when built in the ptserver
directory. Similarly disable aliasing checks for these files when
built in the tptserver directory.
This doesn't actually fix the significant problems with these files,
but doing so is going to require completely reworking the way that
supergroups is implemented, so just disable these optimisations in
the compiler for now.
Simon Wilkinson [Sun, 20 May 2012 16:43:10 +0000 (17:43 +0100)]
log: Relocate pagsh
Move the pagsh utility out of sys, and into log. This moves it closer
to other token and PAG related utilities, and resolves a circular
dependency between sys and auth.
Simon Wilkinson [Sun, 20 May 2012 11:57:00 +0000 (12:57 +0100)]
auth: Relocate NetRestrict support functions
Pull the NetRestrict and NetInfo support functions out of libutil,
and into libauth. This starts to concentrate all of our configuration
file parsing functions into the same place.
It also gets rid of a circular dependency. NetRestrict parsing relies
on functions from rx, so with this in libutil, we had the dependency
chain util->rx->util
Simon Wilkinson [Sat, 19 May 2012 19:36:12 +0000 (20:36 +0100)]
Use rk_rename from roken
Rather than using our own renamefile() implementation on Windows,
pull in rk_rename() from libroken wherever a rename which unlinks
the destination file is required.
Andrew Deason [Wed, 29 Aug 2012 19:14:39 +0000 (14:14 -0500)]
LINUX: Detect non-vectorized aio functions
In kernels before 027445c3, the functions generic_file_aio_read and
generic_file_aio_write, as well as the fs operations aio_read and
aio_write, do not deal with iovecs but rather just use a single
buffer. Detect this, so our aio_read and aio_write implementations
have the correct signatures.
Michael Meffie [Fri, 17 Aug 2012 17:25:17 +0000 (13:25 -0400)]
LINUX: make d_automount work properly on rhel5 kernels
Recent centos/rhel 5 kernels (2.6.18-308.*) started providing the
d_automount operation, but renamed the DCACHE_NEED_AUTOMOUNT flag to
DMANAGED_AUTOMOUNT.
Andrew Deason [Wed, 29 Aug 2012 16:39:01 +0000 (11:39 -0500)]
LINUX: Use struct vfs_path on RHEL5
Some revisions of the kernel from RHEL5 (2.6.18-308.* and possibly
others) renamed 'struct path' to 'struct vfs_path'. So, use
'struct vfs_path' when it exists.
This introduces the afs_linux_path_t typedef, which is defined as
either a struct path, or struct vfs_path.
Michael Meffie [Wed, 15 Aug 2012 21:19:07 +0000 (17:19 -0400)]
vldb_check: fix cross-linked mh entries
When run with -fix, consolidate server numbers in vl entries which
point to the same multi-homed entry. Use the lowest server number
from the set of server numbers which point to the same multi-homed
entry.
Remove unreferenced address entries which are duplicate multi-homed
indexes.
Two passes of vldb_check -fix may be required; first to fix the
vl entry server numbers; then to remove the duplicate address
entries.
Mark Vitale [Mon, 20 Aug 2012 21:39:06 +0000 (17:39 -0400)]
vos: convertROtoRW susceptible to VLDB changes during override prompt
vos convertROtoRW obtains a VLDB entry, then peforms some setup logic
(including a possible user prompt) before obtaining a volume lock.
This exposes the code to possible time-of-check/time-of-use issues.
After obtaining the volume lock, get a second copy of the VLDB entry
and compare it to the first copy; if it has changed, fail the conversion
with an error message asking the user to re-issue the vos convertROtoRW
command.
Marc Dionne [Tue, 14 Aug 2012 22:08:51 +0000 (18:08 -0400)]
Linux 3.6: revalidate dentry op API change
The nameidata argument is dropped, replaced by an unsigned flags
value. The configure test is very specific; kernels with the
older API with a signed int flags value should fall through.
Marc Dionne [Tue, 14 Aug 2012 01:55:25 +0000 (21:55 -0400)]
Linux 3.6: d_alias and i_dentry are now hlists
The d_alias pointer is now the head of an hlist. This means the
iterator is a different macro and has no "reverse" version since
hlists have no direct pointer to the list tail.
inode->i_dentry gets the same treatment. Adjust where we use it.
Marc Dionne [Tue, 14 Aug 2012 01:36:15 +0000 (21:36 -0400)]
Linux 3.6: dentry_open API change
dentry_open now takes a path argument that combines the dentry and
the vfsmount pointers.
Add a configure test and a new compat inline function to keep things
cleaner in the main source file.
Jeffrey Altman [Wed, 15 Aug 2012 04:53:21 +0000 (00:53 -0400)]
Windows: disable short names on Win7 and 2008 R2
After listening to a presentation from Microsoft's file system
team and speaking with anti-virus vendors, it is not only safe
to disable ShortNames on non-boot volumes in Win7 and 2008 R2
but it is a definite win for performance, stability and security
of the system.
afs_server: afs_SetServerPrefs() can never be called with null
The one and only call site never calls afs_SetServerPrefs() with a
null pointer, and some but not all of the paths through the #ifdefs
assume this. Remove code that checks for this; it confuses both
humans and the static analyzer.
Simon Wilkinson [Tue, 17 Jul 2012 15:50:59 +0000 (16:50 +0100)]
opr: Add UUID handling functions
Add a set of functions to the opr library to handle creating and
manipulating UUIDs.
The opr_uuid_t type is held as a 16 octet character string, which
comprises the UUID encoded into network byte order. This is the
primary form for manipulating UUIDs with this library, as it avoids
any nbo/hbo problems.
For applications which require raw access to the UUID components,
the opr_uuid_unpacked structure is provided, and
opr_uuid_pack/opr_uuid_unpack can be used to convert to and from
this format.
Finally, functions to print the UUID as a string, and parse a UUID
from a string, are provided. When printing, we use the standard UUID
format of 000000-0000-0000-0000-00000000. However, the afsUUID library
used to print UUIDs as 000000-0000-0000-00-00-00000000, so we also
accept this format.
Tom Keiser [Tue, 10 Apr 2012 20:26:42 +0000 (16:26 -0400)]
libafs: use kthread_run when available
Use the kthread_run interface on linux to create kernel
threads. This interface allows all the cpus to schedule
afsd threads, instead of just inheriting the cpu affinity of
the main afsd thread.
Michael Meffie [Sat, 28 Jul 2012 15:37:59 +0000 (11:37 -0400)]
vlserver: fix vldb header initialization
Avoid creating new vldb files with zeroed header data.
The code path is as follows; The call to Init_VLdbase makes several
passes. On the first pass, the header is found to be empty, and so a
write lock is obtained on the second pass. On this second pass,
UpdateCache creates a newly initialized header and writes it to the
db. The rd_cheader is set to the newly created header data, and the
wr_cheader is still cleared at this point.
When the transaction on the second pass ended in Init_VLdbase, the
data is committed and vlsynccache() is called. In this call to
vlsynccache(), the cleared write header buffer (wr_cheader) is
copied over the newly initialized rd_cheader buffer. Init_VLdbase
then returns to the caller, and if the caller writes to the db, the
header on disk is then cleared.
Instead of initializing the read header buffer when rebuilding the
db header, initialize the write header buffer. When the ubik
transaction is ended, the call to vlsynccache() updates the contents
of the read header buffer with contents of the new/rebuilt header.
Michael Meffie [Thu, 28 Jun 2012 21:12:24 +0000 (17:12 -0400)]
vldb_check: remove unreferenced mh entries with -fix
When running vldb_check with -fix, clear any mh extent entries which
are set but are not referenced by an address entry in the
IpMappedAddr table. These unreferenced entries already generated a
warning. This commit adds the feature to clear the unreferenced mh
entries using vldb_check -fix option.
Michael Meffie [Fri, 29 Jun 2012 22:10:31 +0000 (18:10 -0400)]
vldb_check: warn about cross-linked mh entries
Warn if an mh extent entry is referenced by more than one server
number in the IpMappedAddr table.
The serveraddr table is used to determine which server numbers have
IP addresses. If, for some reason, multiple server numbers
reference the same mh entry, currently, the correct serveraddr value
is calculated only for the lowest server number in the set of server
numbers which reference the same mh entry. Handle this case, and
warn about the duplicated values in the IpMappedAddr table.
Warn about IpMappedAddr entries which reference non-existent mh
blocks.
Jeffrey Altman [Mon, 13 Aug 2012 21:56:02 +0000 (17:56 -0400)]
Windows: AFSProcessUserFsRequest NULL dereference
Protect against an Irp with a NULL FsContext2 field.
These represent Irps that are not intended for our device
since they do not have an AFSCcb associated with it.
Jeffrey Altman [Mon, 13 Aug 2012 02:51:54 +0000 (22:51 -0400)]
Windows: reset volume NOEXIST flag
In response to fs checkvolumes the NOEXIST flag should be reset.
It should also be reset if the volume location update fails
because of a commumicaton (or other) error with the VLDB server.
The volume's lastUpdateTime is refreshed on error.
Jeffrey Altman [Wed, 8 Aug 2012 20:42:47 +0000 (16:42 -0400)]
Windows: Freelance Discovery configuration
Add new "FreelanceDiscovery" configuration option to permit
Freelance dynroot mode to be used without the automatic discovery
of cells and generation of mount points.
Jeffrey Altman [Wed, 8 Aug 2012 17:54:48 +0000 (13:54 -0400)]
Windows: disable short names on Windows 8
Add "ShortNames" option to control whether 8.3 compatible short
names are generated for objects stored in AFS. Set the default
to on for all operating systems prior to Windows 8 and Server 2012.
Peter Scott [Tue, 7 Aug 2012 13:07:41 +0000 (09:07 -0400)]
Windows: FileNormalizedNameInformation take one
Add a response to FileNormalizedNameInformation requests.
Respond with the long file name. As yet there is no translation
from short name to long name for full paths.
Peter Scott [Mon, 6 Aug 2012 19:15:57 +0000 (15:15 -0400)]
Windows: FSCTL_SET_PURGE_FAILURE_MODE
Windows 8 adds FSCTL_SET_PURGE_FAILURE_MODE. Failure to respond
with success prevents anti-virus filters from scanning the file
system. For now just return success.
Peter Scott [Mon, 6 Aug 2012 19:12:12 +0000 (15:12 -0400)]
Windows: disable short names in redirector option
If requested during redirector initialization, disable short
name processing. Future versions of Windows (8, Server 2012,
and beyond) will no longer require short names.
Derrick Brashear [Mon, 21 Nov 2011 17:06:59 +0000 (12:06 -0500)]
ihandle: don't keep reallyclosing future fds
given that we can mark something invalid for future use, ever,
once we have done so for all fds, we ih_reallyclose is done.
don't persist the setting to the detriment of new fds
Michael Meffie [Thu, 2 Aug 2012 21:24:02 +0000 (17:24 -0400)]
libafs: revert init req to use the real uid
The commit to use wrappers for creditial structure access
inadvertently changed the user id to be the effective uid instead of
the real uid, when no PAG is present, on linux. Revert this so
setuid programs continue to work.
Mark Vitale [Thu, 2 Aug 2012 22:37:05 +0000 (18:37 -0400)]
vos: convertROtoRW may create 2nd RW on a fileserver
If an RW is already present on disk on the target server (any partition),
'vos convertROtoRW' will still convert the RO, creating a second RW on the server.
Detect this and refuse to convert the RO by returning EXDEV (invalid cross-device link).
Andrew Deason [Thu, 2 Aug 2012 15:58:12 +0000 (11:58 -0400)]
rx: Process ICMP unreachable errors
When a machine receives ICMP errors, we can detect them in
AFS_RXERRQ_ENV environments. Many of these errors indicate that a
machine is not reachable, so we are guaranteed to not get a response
from them. When we get such an error for a particular peer, mark all
relevant calls with an RX_CALL_DEAD error, since we know we won't get
a response from them. This allows some calls to dead/unreachable hosts
to fail much more quickly.
Do not immediately kill new calls, since obviously the host may have
come back up since then (or the routing/firewall/etc was fixed), but
only calls that were started before the current error was received.
Note that a call doesn't actually notice until the next rxi_CheckCall,
since directly killing each of the relevant calls would be rather
slow. So, we don't notice a dead peer immediately, though we notice
much more quickly than we used to.
Reorganize the error queue processing a little bit to make this easier
to do.
Andrew Deason [Wed, 1 Aug 2012 20:31:09 +0000 (16:31 -0400)]
LINUX: Fix error queue processing
Receiving error queues in the Linux kernel is a little different from
userspace. When we encounter a cmsg that is not CMSG_OK, we need to
break out of the loop, and not just continue, since we can keep trying
to process the same cmsg over and over. In addition, on successful
return, the msg_control buffer has been modified to point to the next
available buffer space, and msg_controllen contains how many bytes are
remaining. So, we need to adjust the msg_control and msg_controllen
values to get something more familiar.
Andrew Deason [Wed, 1 Aug 2012 19:56:27 +0000 (15:56 -0400)]
LINUX: Avoid SO_ERROR for RXERRQ_ENV
SO_ERROR is for receiving errors from some nonblocking operations; it
has little relevance to our network operations. For Linux, use a
similar structure as userspace error detection, instead of SO_ERROR.
Andrew Deason [Wed, 1 Aug 2012 19:19:02 +0000 (15:19 -0400)]
rx: Create AFS_ADAPT_PMTU and AFS_RXERRQ_ENV
Currently we have the ADAPT_PMTU define, which turns on functionality
in Linux to detect PMTU-related ICMP errors for Rx. However, this is
really turning on two separate pieces of functionality: the PMTU
processing, and the processing for ICMP errors in general.
So split this out into two defines: AFS_ADAPT_PMTU, and
AFS_RXERRQ_ENV. The former is for processing PMTU discovery, and the
latter is for processing ICMP errors. Both of these are left disabled
due to issues in the error processing. Although PMTU discovery is the
only functionality which makes use of ICMP errors, this will change in
the future.
Andrew Deason [Wed, 1 Aug 2012 18:57:06 +0000 (14:57 -0400)]
rx: Remove ADAPT_MTU and MISCMTU
Ever since 5bcf626ddaf92e199c4b46c11ad276013a47db52, ADAPT_MTU has
been unconditionally defined. MISCMTU has always been unconditionally
defined, and not used anywhere. Remove both of these, assuming they
are always defined.
Michael Meffie [Wed, 1 Aug 2012 15:42:34 +0000 (11:42 -0400)]
bozo: avoid canceling the sigkill timer for hung processes
A sigkill signal is sent to fileserver processes when a timeout is
exceeded for shutting down processes for the fs/dafs bnode.
(Currently 30 minutes for the fileserver, 1 minute for the other
server processes.)
If the bnode goal is set to run before this timeout expires, the
timer is incorrectly stopped, and a wedged process is never killed.
Fix this by not canceling the timer when a fs/dafs process has been
signaled to shutdown, regardless of the current goal.
Andrew Deason [Fri, 30 Mar 2012 19:56:52 +0000 (14:56 -0500)]
libafscp: Add afscp_LocalAuthAs
Add the function afscp_LocalAuthAs to libafscp. This allows the caller
to generate credentials based on the KeyFile on local disk, in order
to appear as an arbitrary user.
Andrew Deason [Tue, 31 Jul 2012 18:40:41 +0000 (14:40 -0400)]
LINUX: Always hold afs_xuser for unixuser read
We were failing to hold the afs_xuser lock when we entered our
unixuser traversal for the first time (when the given position is 0).
This means we can release the lock without acquiring it, causing all
kinds of weird behavior.
Just always grab afs_xuser on entry. We could possibly do some tricks
to avoid grabbing this lock until after we've printed the column
headers, but it does not seem worth it.
Andrew Deason [Fri, 6 Apr 2012 19:56:07 +0000 (14:56 -0500)]
LINUX: Do not lookup immediately recursive mtpts
On Linux, having a mountpoint in a volume root that points to the same
volume can cause serious problems. By 'immediately recursive', I mean
a situation like the following:
fs mkm mtpt vol
fs mkm mtpt/mtpt vol
If there are multiple dentry aliases for the directory (which is
possible if the directory is a mountpoint), an 'rmdir' on the
recursive mountpoint can cause the client to deadlock. Since the
'rmdir' code path in Linux locks the parent directory inode to perform
the rmdir, and locks the child directory inode after performing a
couple of sanity checks. For an immediately recursive mountpoint,
these two inodes are the same, and so we will deadlock.
Andrew Deason [Fri, 6 Jul 2012 21:37:39 +0000 (16:37 -0500)]
Linux: Make dir dentry aliases act like symlinks
Currently, we try to invalidate other dentries that exist for a
particular dir inode when we look up a dentry. This is so we try to
avoid duplicate dentries for a directory, which Linux does not like
(you cannot have hardlinks to a dir).
If we cannot invalidate the other aliases (because they are being
used), right now we just return the alias. This can make it very easy
to panic the client, due to the sanity checks Linux performs when dong
things like 'rmdir'. If we do something like this:
For the 'rmdir', we will lookup 'mtpt2'. Since 'mtpt' and 'mtpt2'
are mountpoints for the same volume, their dentries point to the same
directory inode. So when we lookup 'mtpt2', we will try to invalidate
the other dentry, but we cannot do that since it is the cwd. So we
return the alias dentry (for 'mtpt'). The Linux VFS layer then does a
sanity check for the rmdir operation, checking that the child dentry's
parent inode is the same as the inode we're performing the rmdir for.
Since the dentry we returned was for 'mtpt', whose parent is 'dir1',
and the actual dir we're performing the rmdir for is 'dir2', this
sanity check fails and we BUG.
To avoid this, make the dentry alias act like a symlink when we
encounter an uninvalidateable dentry alias. That is, we allow multiple
dentry aliases for a directory, however, when the dentry aliases are
actually used, we redirect to a common dentry (via d_automount where
possible, and follow_link elsewhere).
This means that such mountpoints will behave similarly to symlinks, in
that we 'point' to a specific mountpoint dentry. This means that if we
have multiple different ways to get to the same volume, and all are
accessed at the same time, all but one of those mountpoints will
behave like symlinks, pointing to the same mountpoint. So, the '..'
entries for each path will all point to the parent dir of one
mountpoint, meaning that the '..' entry will be "wrong", but for most
cases it will still be correct.
In order to try to make the 'target', pointed-to directory consistent,
we add a new field to struct vcache: target_link. This points to the
dentry we should redirect to, whenever that vcache is referenced. To
avoid (possibly not-feasibly-solvable) problems with refcounting, this
pointer is not actually a reference to the target dentry, but just
serves as a pointer to compare to.
afs_server: delete code that has been ifdef'ed out for years
The comments in afs_SetServerPrefs() said "clean up, delete this".
The oldest one is a decade old. Removing these #ifdefs will make
following the rest of the spaghetti #ifdefs a bit easier.
Garrett Wollman [Tue, 9 Aug 2011 04:28:27 +0000 (00:28 -0400)]
libafs: afs_CacheFetchProc can't be called without a dcache pointer
An inspection of the only call site suggests that afs_CacheFetchProc()
can't be called with a null dcache pointer, and code further down
in this function dereferences adc unconditionally (assuming
rxfs_fetchInit() doesn't crash first) so remove the conditional
here.
Probably more of these parameters can and should be included in the
AFS_NONNULL.
OpenAFS does not have separate distributions for the United States
and the rest of the world. Nor are there any restrictions on the
capabilities of the Update Server.
volser: restructure GetNextVol and clients to remove duplicate code
There are several odd-looking but stylized loops involving GetNextVol()
which can be radically simplified if only GetNextVol() would return
a meaningful value. Move all of the code that skips non-volume-header
files in the directory into GetNextVol and have it return a truth value
(instead of always returning zero) that indicates whether it saw
something that looks like a volume header. Then all the odd while
loops and strcmps just collapse into while(GetNextVol(...)).
GetNextVol() had external scope, but there are no callers in the
tree that use it outside of volprocs.c, and it's not part of a
public library interface, so make it static.
While here, don't strcmp() past the end of a filename that begins with
'V' but is too short to be a valid volume name.
afscp: avoid null dereference in _GetSecurityObject error case
Handle the possible error return from krb5_get_host_realm in the
same way as the other error cases (using an anonymous security
object); otherwise "realm" would be left null.
Andrew Deason [Thu, 26 Jul 2012 21:40:03 +0000 (16:40 -0500)]
LINUX: Hold GLOCK for proc traversal
The functions that traverse unixuser structures for display via /proc
(uu_start et al) call various libafs functions hold and release locks,
etc. To do any of that, we need GLOCK. Amongst other issues, we can
panic if we try to acquire a contested lock without GLOCK, since we
assert glock is held when we sleep for the lock or try to wake other
waiters. The same goes for the legacy CellServDB proc file.
rx: protect against ACKs with serial as prevPacket
patchset 4e71409fe1305cde4b9b341247ba658d8d24f4d0 introduced a
check in rxi_ReceiveAckPacket for out of order ack packets which
relied upon the value of the previousPacket field. Unfortunately,
some versions of RX store the previous packet's serial number in
the field instead of previous packet's sequence number. Modify
the check to only discard out of order ACKs if the previousPacket
sequence number is within the valid window.
patchset 1f0cf8b2b4bb6e36d8d82323a15ced72d91db0ec tested for
an empty queue but what is really required is a test for end of
queue after the queue_Scan(). If the queue_Scan() completes
at the end of the queue, in other words, pointing at the list
head, then return NULL because no match was found.
Andrew Deason [Wed, 9 May 2012 23:45:51 +0000 (18:45 -0500)]
vos: Minimize release impact for new RO sites
Currently, if a new RO site is added with 'vos addsite', the only way
to populate the new site with data is a 'vos release' (excepting hacks
using 'vos restore' and 'vos addsite -live', etc). Due to safeguards
in 'vos' ensuring that RO sites always all contain the same data when
marked as up-to-date in the VLDB, such a release always incurs some
amount of data to be transmitted to all sites, as well as remote sites
being brought offline briefly, even when the RW data has not changed
in very long time.
To alleviate this situation, make 'vos release' detect if new,
unpopulated RO sites have been added, and if the RW volume has not
changed since the release of any existing RO sites. If both of these
conditions are true, do not update any of the existing sites, but only
transmit volume data to the sites that did not already contain RO
volumes.
tabular_output: don't leak table struct on error exit
The caller is almost certainly going to exit when we return, but
all the same, don't leak the table description structure in the
error exit. Makes the static analyzer happier.
afsdump_extract: clarify logic to avoid freeing local buffer
Sometimes vnodepath is set to a local buffer. Sometimes it is set
to malloc'ed storage. Simplify the logic for freeing vnodepath
by checking explicitly for this condition rather than the state
of other variables. As a bonus, avoids a false (?) positive from
the static analyzer.
Michael Meffie [Fri, 22 Jun 2012 03:44:31 +0000 (23:44 -0400)]
vlserver: always use the hostaddress table in GetAddrsU
Use the hostaddress (IpMappedAddr) table when looking up hosts by IP
address and when listing addresses by index, instead of accessing
the multi-homed extensions directly.
The existing vos client calls the old GetAddrs rpc to first retrieve
a count of the number of addresses expected. This count is the
number of addresses in the hostaddress table. If there are
unreferenced entries in the mh extension blocks, then vos can return
an incorrect or incomplete list of addresses.
To be consistent with the rest of the host address processing, use
the hostaddress table in GetAddrsU to lookup hosts by index or by IP
address.
The hostaddress table is already used when looking up addresses by
UUID.
afs_conn: make release_conns_vector() actually work
release_conns_vector must never have been called before with
a non-null parameter, because it could not possibly work.
The first line of the loop is a null pointer dereference, and
if that were fixed, there's also a modify-after-free bug as well.
It's not clear how what the old version was trying to do; this
version makes a stab at doing something sensible but might be
less than required. (Note that this would be much simpler if
converted to queue(3) macros or a similar standard linked-list
data structure.)
kauth: ka_CellToRealm's "realm" parameter cannot be null
Annotate ka_CellToRealm with AFS_NONNULL to indicate that its
"realm" parameter cannot be null; it does not make sense to call
this routine without this parameter. (The static analyzer inlines
the call to ka_ExpandCell and concludes that "realm" might be null;
the annotation will prevent that and avoid a false positive.)
Andrew Deason [Wed, 25 Jul 2012 20:48:34 +0000 (15:48 -0500)]
crypto: Use our strcasecmp in kernel
A few pieces of heimdal we use in the kernel call strcasecmp
(hcrypto/evp.c, krb5/crypto.c). The strcasecmp function does not exist
in all kernels (specifically, it does not exist in at least Linux 2.4,
2.6.9, and probably not on Solaris pre-10). Since we have our own copy
of strcasecmp (called afs_strcasecmp), just use that for now.
Ideally we would have some kind of configure test for detecting the
presence of the function in the kernel, and use the roken
implementation when we don't. We currently have the framework for
neither of those in place at the moment, though, so just get by with
this for now.
Change-Id: Ia96b17596da6cb168c80c92486fa049c05205da4
Reviewed-on: http://gerrit.openafs.org/7881 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@dementix.org>
projects / packages / o / openafs.git / log