Simon Wilkinson [Fri, 30 Mar 2012 18:41:17 +0000 (19:41 +0100)]
afs: Handle reading past the end of a file
... except that this change doesn't actually handle this, it just
stops clang from throwing an error about the bogus code that's already
in there. This needs fixed properly ...
This change differs slightly from the one on master because on master,
afs_MemRead and afs_UFSRead were consolidated into afs_read(). On the
1.6 branch, we must patch the two functions separately.
Change-Id: I7d8d104c89355c0a3294372340af0e02ab170b59
Reviewed-on: http://gerrit.openafs.org/10744 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: D Brashear <shadow@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Tue, 10 Dec 2013 23:02:34 +0000 (17:02 -0600)]
cellconfig: Do not use 'long' for dbserver IPs
A few places in this file assume that our dbserver IP addresses are
"long"s. A long int can be 8 bytes on some platforms, but we know
these IP addresses are all 4-byte integers. In the rare instances
where we have the maximum number of dbservers, this can overwrite a
bit of extra memory. This can also result in a misaligned access on
platforms such as SPARC v9, since the elements of he->h_addr_list are
not guaranteed to be 8-byte aligned.
So instead, treat these as 4-byte integers. For copying out of
he->h_addr_list, also use a memcpy anyway to be safe, since we are not
guaranteed alignment.
Andrew Deason [Thu, 6 Feb 2014 20:27:12 +0000 (14:27 -0600)]
ihandle: Make _ONCLOSE the sync behavior default
The _DELAYED behavior has had serious problems in the past, so change
the default to be _ONCLOSE instead.
This is a 1.6-only change. On master, the _DELAYED option does not
exist at all, and the _ONCLOSE behavior was made the default when this
option was introduced in master, in commit eb5190eb4a7cd95166866a89e0a8f3a69bbc6e8f.
Change-Id: I01a50e1d829c141c38fbbbaba2c6d2d5a371b130
Reviewed-on: http://gerrit.openafs.org/10809 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: D Brashear <shadow@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Wed, 5 Feb 2014 23:32:16 +0000 (18:32 -0500)]
afs_fetchstore: re-avoid uninitialized variable
As noted in the gerrit comments for change 10742, commit baf6af8a8f2207ce39b746d59ca4bc661c002883 does not handle the case
where the second rx_Read() call fails, and the 'length' variable
can still be used uninitialized.
Instead of using an err label and jumping to it on the case of
errors, initialize length to zero and take care to neither
set nor access *alength if an error has occurred. This is
more consistent with the style of the surrounding code while still
avoiding the use of an uninitialized variable.
Benjamin Kaduk [Fri, 10 Jan 2014 03:42:26 +0000 (22:42 -0500)]
afs_fetchstore: avoid use of uninitialized variable
rxfs_fetchInit() attempts to do a 64-bit RPC first, but falls back
to the 32-bit StartRXAFS_FetchData() if the server appears to not
support the 64-bit RPCs.
We correctly did not read a length from the call if the FetchData
RPC(s) failed, but proceeded to assign from the 'length' local
variable into the 'alength' output variable unconditionally later on.
Instead of blindly continuing on, jump to the error-handling part of
the routine when we cannot read a length from the call. This has the
side effect of skipping an afs_Trace3() point in the error case.
Reviewed-on: http://gerrit.openafs.org/10694 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit baf6af8a8f2207ce39b746d59ca4bc661c002883)
Change-Id: Icf14d5e8a6abf8a8a014ab7d48b767e3dcc7a6a9
Reviewed-on: http://gerrit.openafs.org/10742 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: D Brashear <shadow@your-file-system.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Tue, 17 Dec 2013 23:30:26 +0000 (17:30 -0600)]
LINUX: Use sock_create_kern where available
Currently, we use sock_create to create our Rx socket. This means that
accesses to that socket (sendmsg, recvmsg) are subject to SELinux
restrictions. For all recvmsg accesses and some sendmsg accesses, this
doesn't matter, since the access will be performed by one of our
kernel threads (running as kernel_t or something similar, which is
unrestricted). Such as: the rx listener, a background daemon, the rx
event thread, etc.
However, sometimes we do run in the context of a normal user process.
For some RPCs like FetchStatus, we tend to run the RPC in the
accessing user thread, which can result in us sendmsg()ing the data
packets with the initial arguments in the user thread. We can also
send delayed ACKs via rx_EndCall, and possibly a variety of other
scenarios.
In any of these situations when we are sendmsg()ing from a user
thread, SELinux can prevent us from sending to the socket, if the
calling user thread context is not able to write to an afs_t
udp_socket. This will result in packets not being sent immediately,
but the packets will be resent later, so access will work, but appear
very slow. This can easily happen for processes that are specifically
constrained by SELinux; for example, webservers are often constrained,
even if most of the rest of the system is not. This can be noticed by
seeing the 'resends' and 'sendFailed' counters rising in 'rxdebug
-rxstat', as well as noticing SELinux access failures if 'dontaudit'
rules are ignored.
To avoid this, use sock_create_kern to create the Rx socket, to
indicate that this is a socket for use by kernel code, and not
accessible by a user. This should cause us to bypass any LSM
restrictions (SELinux, AppArmor, etc). Add a configure check for this,
since this function has not always existed, according to
<https://lists.openafs.org/pipermail/openafs-devel/2004-June/010651.html>
Reviewed-on: http://gerrit.openafs.org/10594 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit e988aa45d765c935fef4bcd35585d6a3594cc497)
Change-Id: Ie04a8ac166dabf9fb8368d47d5624d1f319174bd
Reviewed-on: http://gerrit.openafs.org/10598 Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: D Brashear <shadow@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Simon Wilkinson [Fri, 30 Mar 2012 18:34:53 +0000 (19:34 +0100)]
viced: Remove pointless braces
Doing if ((a==b)) is unecessary. It's also potentially dangerous, as
that's the syntax required to do assignment within an if statement.
clang now issues warnings (errors in -Werror mode) when it encounters
these.
Remove pointless braces from viced to make clang happy.
Marc Dionne [Thu, 30 Jan 2014 18:50:37 +0000 (13:50 -0500)]
Linux: When revalidating, don't drop in-use dentries
The Linux client can get into a state where the current working
directory is seen as "deleted" by some tools, while it is still
there and accessible to "ls" and other tools. This has been
reported by several users and sites.
One scenario that has been observed while debugging:
- A process does a chdir() into a directory
- This stores a pointer to the dir's dentry in the task structure
- The server hosting the volume goes offline temporarily
- The dentry for the directory is passed to afs_linux_dentry_revalidate
- afs_linux_dentry_revalidate calls afs_lookup which returns an
error (110 - ETIMEDOUT)
- It then considers the dentry not valid, and calls d_drop()
- d_drop unhashes the dentry unconditionally
- Server comes back up, but dentry is still unhashed
- getcwd() fetches the task structure pointer to the current dir
dentry. If unhashed, it returns ENOENT, and the vfs layer is
not involved at all.
At that point, many things won't work and there is no obvious way
for the user to get the directory rehashed.
Instead of calling d_drop directly, call d_invalidate instead, as
it will only drop (unhash) the dentry if we're the only one holding
a reference. Since d_invalidate will also call shrink_dcache_parent,
also remove that call from our code so it doesn't get called twice.
Reviewed-on: http://gerrit.openafs.org/10774 Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 997f7fce437787a45ae0584beaae43affbd37cce)
Change-Id: I1e2b46fd076e96a7acbf3443f118fac8355d3e8c
Reviewed-on: http://gerrit.openafs.org/10804 Tested-by: Anders Kaseorg <andersk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: D Brashear <shadow@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Fri, 10 Jan 2014 04:34:30 +0000 (23:34 -0500)]
Disable some explicit sbrk() usage
Mac OS X 10.9 now considers this function deprecated and warns on
its use, causing the buildslave configuration to error out.
On master, we added a library routine to get a process's size to opr;
opr is not present on the 1.6 branch so another route is needed here.
Since use of the OS X malloc implementation appears to have no
effect on the result of sbrk(0), there is no loss of functionality
by replacing the function call with a (different) constant value.
There may still be some value in sbrk(0) on other systems, so
only disable sbrk() for OS X, on the stable branch.
This change is specific to the 1.6 branch.
Change-Id: Ie5f96e923b78be22a9ce83d0a35a7675d517b073
Reviewed-on: http://gerrit.openafs.org/10746 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: D Brashear <shadow@your-file-system.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Wed, 22 Jan 2014 05:00:00 +0000 (06:00 +0100)]
cmd: Avoid unsafe use of strncat
The NName function was using strncat(a, b, sizeof(a)), which doesn't
work as you would expect if 'a' already contains data, giving a potential
buffer overflow.
This was fixed on master in commit 9a007a9df43645b63a8b642029b4931928f9268b
by using strlcat from libroken, but we do not use libroken on the 1.6
branch. Instead, modify the strncat invocation to use a safer maximum
length to copy.
This is a 1.6-specific change.
Change-Id: Ifa41e603a1c98682550afadd063def4b9706d9e2
Reviewed-on: http://gerrit.openafs.org/10731 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: D Brashear <shadow@your-file-system.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Tue, 21 Jan 2014 19:59:59 +0000 (14:59 -0500)]
Search srcdir and objdir paths for rxkad includes
The addition of rxkad-k5 support in 1.6.5 introduced dependencies
on rxkad to the auth and afsauthent libraries. However, the rxkad
headers used are both source files and generated files, so we must
add both the source and build tree rxkad directories to the include
search path.
This is a 1.6-only change, since on master we are using libtool
and do not need to reach into other parts of the source tree
to rebuild certain files into these libraries.
Change-Id: I819095a3e0ac259bba43205d0462659cbd2c6f03
Reviewed-on: http://gerrit.openafs.org/10736 Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Simon Wilkinson [Fri, 22 Feb 2013 10:30:56 +0000 (10:30 +0000)]
afsmonitor: Allow CBSTATS collection to work
The switch which selects the collection number was missing a
'break', so selecting the CBSTATS collection would always fall
through to the default, error, case.
Simon Wilkinson [Fri, 30 Mar 2012 18:14:38 +0000 (19:14 +0100)]
libadmin: read returns an ssize_t, not a size_t
size_t is unsigned, and therefore can never be less than 0. Using it as
a return code from read() means that we never catch read errors. read()
is defined as returning ssize_t, so just use this to capture its return
code.
it's claimed these are not initialized before use.
squelch compiler errors. has to be in parent as otherwise
we will zero them in our loop where we potentially want the
parent group id, which is not on "this" line as we add members.
Benjamin Kaduk [Fri, 10 Jan 2014 04:54:45 +0000 (23:54 -0500)]
Disable deprecated warnings for krb5 routines
In OS X 10.9 Mavericks, Apple has marked all of the krb5 routines
as deprecated (in favor of the GSS framework). We must disable
these warnings in order to allow the buildslave to have a successful
build.
Luckily, Apple has left in rope for us to programmatically disable
the deprecated attribute with a preprocessor macro. Defining this
macro should be safe everywhere, so do so unconditionally.
This commit touches a few more files than the version on master does,
since the 1.6 branch is using the krb5 library for its rxkad-k5
implementation; the files in auth/ and rxkad/ are specific to 1.6.
Simon Wilkinson [Fri, 30 Mar 2012 18:37:36 +0000 (19:37 +0100)]
rx: Handle negative returns on packet reads
rxi_RecvMsg returns an int, because it can return a negative value upon
error. Don't store its return value as an unsigned int, because this may
hide the potential errors.
Modify the error handling loop so that errors get to where they are
intended.
Simon Wilkinson [Fri, 30 Mar 2012 18:12:37 +0000 (19:12 +0100)]
Unix CM: Purge needless brackets
Doing if ((a==b)) is unecessary. It's also potentially dangerous, as
that's the syntax required to do assignment within an if statement.
clang now issues warnings (errors in -Werror mode) when it encounters
these.
Remove pointless braces from the Unix CM to make clang happy.
Simon Wilkinson [Fri, 30 Mar 2012 18:30:18 +0000 (19:30 +0100)]
vol: Remove unneeded braces
Doing if ((a==b)) is unecessary. It's also potentially dangerous, as
that's the syntax required to do assignment within an if statement.
clang now issues warnings (errors in -Werror mode) when it encounters
these.
Remove pointless braces from vol to make clang happy.
Simon Wilkinson [Fri, 30 Mar 2012 18:24:23 +0000 (19:24 +0100)]
ptserver: Remove redundant braces
Doing if ((a==b)) is unecessary. It's also potentially dangerous, as
that's the syntax required to do assignment within an if statement.
clang now issues warnings (errors in -Werror mode) when it encounters
these.
Remove pointless braces from ptserver to make clang happy.
Simon Wilkinson [Fri, 30 Mar 2012 18:39:51 +0000 (19:39 +0100)]
rx: Remove needless braces
Doing if ((a==b)) is unecessary. It's also potentially dangerous, as
that's the syntax required to do assignment within an if statement.
clang now issues warnings (errors in -Werror mode) when it encounters
these.
Remove pointless braces from the Unix CM to make clang happy.
Reviewed-on: http://gerrit.openafs.org/7088 Tested-by: Simon Wilkinson <simonxwilkinson@gmail.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
(cherry picked from commit 5e107724f3661254cfdb693ae2d4d1c5238eba7d)
Change-Id: I99a04d9a2c547e34a3daca6f9e6714f6c7b76b9c
Reviewed-on: http://gerrit.openafs.org/10732 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Arne Wiebalck [Fri, 13 Dec 2013 10:46:04 +0000 (11:46 +0100)]
make openafs uninstallable even if /afs is missing
The preuninstall scriptlet of the openafs RPM removes /afs. If, for
whatever reason, that directory does not exist, the scriptlet will
fail and hence break the deinstallation of the openafs package. The
proposed patch makes the scriptlet evaluate to true even if the /afs
has been removed by some other means and allows the package to be
uninstalled.
Andrew Deason [Thu, 26 Dec 2013 17:56:37 +0000 (12:56 -0500)]
Fedora: Handle new kernel variant paths
With Fedora 20, Fedora now separates the variant from the rest of the
kernel version with a plus (+) instead of a period (.) . This results
in directories called e.g. 3.12.5-302.fc20.i686+PAE, where right now
we look for 3.12.5-302.fc20.i686.PAE.
Use this new directory scheme for Fedora 20 builds, so we can build
against non-default kernel variants on Fedora 20 and beyond.
Reviewed-on: http://gerrit.openafs.org/10620 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
(cherry picked from commit 837ec9dd41c4b1e10ad9d32a52b0f34dd665026a)
Change-Id: I513ab231a9d7b61ec7790eb99a27da698a355f17
Reviewed-on: http://gerrit.openafs.org/10622 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Mon, 23 Dec 2013 18:32:28 +0000 (13:32 -0500)]
RedHat: Munge future kernel versions
We currently look for "fc1?" (that is, fc10 through fc19) when trying
to munge the kernel version in some ways. This broke on Fedora 20,
since 20 obviously does not match "fc1?". Similarly, we look
specifically for "el6" for RHEL6 versioning quirks, but these will
break on RHEL7 and beyond.
Change the version checks so that this will work all the way through
Fedora 99 and RHEL 9. That won't work forever, but it will keep us
working for a few versions if the versioning quirks do not change.
Reviewed-on: http://gerrit.openafs.org/10618 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
(cherry picked from commit cddc732ec5fd40c94126e5f0b7103136592a2efe)
Change-Id: I439cd3101ea360b775c638cd67961fc0e4ffcaf6
Reviewed-on: http://gerrit.openafs.org/10619 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Tue, 17 Dec 2013 23:27:53 +0000 (17:27 -0600)]
rx: Remove obsolete comment
This comment refers to the fact that we used to be just checking for
SELinux to see if we should pass that extra argument. Ever since
commit cb1b41b159b98881f66319d7f65d941ba9fab911, we do have a better
test for this.
Reviewed-on: http://gerrit.openafs.org/10593 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 2ed7023b26acb3277e42eac803a0702b95167e6e)
Change-Id: I5a8ebcda7fcb85931638ab0bec807b1da8ebed3f
Reviewed-on: http://gerrit.openafs.org/10597 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The fileserver-side "NAT ping" behavior has yet to be proven to be helpful in
situations with NATs. If the behavior is not helpful, this generates
potentially a significant amount of extra useless traffic. So until it can be
shown to what degree this is helpful, keep this behavior out of the fileserver.
Ben Kaduk [Tue, 26 Mar 2013 21:42:38 +0000 (17:42 -0400)]
Fix DARWIN build with clang
In 1d8937b86050 we added a function call to kauth_cred_unref in the
DARWIN100 case (replacing a macro), but added the inclusion of
sys/kauth.h only when using versions older than DARWIN80.
On DARWIN100 and above, clang detects that the now-implicit function
declaration is in conflict with the actual prototype, which is included
later through afs/sysincludes.h when compiling the kernel rx code.
Since including sys/kauth.h seems to have been harmless for old versions,
just include it always.
Ken Hornstein [Thu, 5 Dec 2013 18:57:36 +0000 (13:57 -0500)]
Remove extra whitespace from macro invocations
On MacOS X 10.9, the compiler has switched to LLVM and as a consequence
generates an error if there is a space between a macro invocation and
the starting left parenthesis.
Based on code originally done by Matt Haught <dmhaught@ncsu.edu>.
Ken Hornstein [Wed, 20 Nov 2013 18:37:52 +0000 (13:37 -0500)]
Support for changes to OS X Mavericks VNOP_SYMLINK() function.
Add support for an extra argument to afs_symlink() to return the
newly-created symlink vnode if requested (this is needed on OS X
Mavericks). On OS X Mavericks return the newly-created symlink vnode in
the symlink vnops functions, on all other platforms ignore it.
It turns out that technically OS X has required the symlink to be
created for a while, but code inside of symlink() would call namei() on
the symlink name if the returned vnode point was NULL. The difference
is that on Mavericks the Manditory Access Control Framework has been
enabled, and that turns on some extra code which unconditionally calls
vnode_mount() on the returned vnode pointer, which ends up causing a
panic
Stephan Wiesand [Thu, 21 Nov 2013 14:01:29 +0000 (15:01 +0100)]
Linux: Fix build for older kernels w/o bool
Commit b7f4f2023b2b3e1aac46715176940fb50cc75265 broke builds against
older kernels which don't have bool defined in linux/types.h . Fix
this by using unsigned char instead of bool for the static inline
functions.
Reviewed-on: http://gerrit.openafs.org/10483 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 5b67620c7b3ad224ea53075e37ecf1f7e6a7c51a)
Change-Id: Iccb8ca2625211b94b105c6eb60764f4a064b345a
Reviewed-on: http://gerrit.openafs.org/10518 Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Thu, 7 Nov 2013 20:37:25 +0000 (15:37 -0500)]
Linux: Get rid of !STRUCT_KEY_UID_IS_KUID_T case
On the few kernel versions before struct key.uid was converted to
kuid_t (v3.7-rc1~147^2~76), it was not possible to enable both
CONFIG_KEYS and CONFIG_UIDGID_STRICT_TYPE_CHECKS, so this case was
impossible. That’s good, because it also had a typo in its
implementation (and was confusing to deal with correctly).
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/10443 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit d0a13fe678412464452afae9379d63fa48d41d83)
Change-Id: I081115d13b6deb3b10e6da442bed7a7bb9347296
Reviewed-on: http://gerrit.openafs.org/10458 Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Thu, 31 Oct 2013 13:11:59 +0000 (09:11 -0400)]
Linux: Fix build with CONFIG_UIDGID_STRICT_TYPE_CHECKS (user namespaces)
With CONFIG_UIDGID_STRICT_TYPE_CHECKS (a dependency of user namespace
support, CONFIG_USER_NS) turned on, uid_t and kuid_t are different
types, as are gid_t and kgid_t, and we need to use namespace-dependent
functions to convert between them.
We can’t use init_user_ns as the namespace because it’s GPL-only, so
instead we grab the current user_ns at module load time.
This is required to support kernels with user namespace support. We
don’t yet have full support for independent AFS use by different users
in a multiuser container; that will need to wait for future work.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/10386 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit b7f4f2023b2b3e1aac46715176940fb50cc75265)
Change-Id: I55fb7d4ccbed2b4381937270955b117244b80719
Reviewed-on: http://gerrit.openafs.org/10457 Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Tue, 5 Nov 2013 06:11:15 +0000 (01:11 -0500)]
afs_linux_pag_from_groups: Stop checking for NOGROUP sentinel
Linux hasn’t used NOGROUP as a sentinel like this since before kernel
2.1.12, and OpenAFS hasn’t used it on Linux since commit 109927bf6f54b58b76ac48ba41c2012c74937fed (Remove pre-Linux 2.6
support).
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/10426 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 231e50ff9742927188d67099f0e1dbaf09858c3c)
Change-Id: I9ad46eb5a2aafa75e5412eafb1e26bd2c6f0d317
Reviewed-on: http://gerrit.openafs.org/10456 Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The afs_CacheTruncateDeamon() thread will not sleep until both
'afs_CacheTooFull' and 'afs_WaitForCacheDrain' are true but the
thread will stop freeing space in the cache when 'afs_CacheTooFull'
is true which prevents 'afs_WaitForCacheDrain' from ever becoming
true if it is not already.
Make the conditional for doing work include 'afs_WaitForCacheDrain'.
Change-Id: Id25929080eecd390d4ed56e5fffd6fe56cc8502c
Reviewed-on: http://gerrit.openafs.org/10436 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
afs_WakeCacheWaitersIfDrained is called as the last statement
of both afs_DiscardDCache and afs_FreeDCache. There is no need
to perform the same check again before exiting afs_FlushDCache.
Change-Id: I111d7dc1638fa8fc0a4c35d9cc4c0a1631300f89
Reviewed-on: http://gerrit.openafs.org/10433 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
For consistency with afs_FlushDCache and afs_DiscardDCache
include afs_blocksDiscarded in the free space test. When afs_FreeDCache
is called it should be zero.
Change-Id: I84a5dea626258c628d24bf647088e2cbfd233c9a
Reviewed-on: http://gerrit.openafs.org/10431 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
WARNING: CPU: 3 PID: 657 at /build/buildd/linux-3.12.0/lib/kobject.c:196 kobject_add_internal+0x1f4/0x300()
kobject_add_internal failed for afs with -EEXIST, don't try to register things with the same name in the same directory.
and leads to general system instability. This can be reproduced by
starting AFS twice with an empty cache, dynroot disabled, and no
network.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/10448 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit f5f53cb0a1f326ed4695621f6a5a63f798444549)
Change-Id: I6dda2fb561279d445bb7fdfdb601b64b326cd4c1
Reviewed-on: http://gerrit.openafs.org/10454 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Ben Kaduk [Wed, 16 Oct 2013 00:57:26 +0000 (20:57 -0400)]
Tidy up MakefileProto.FBSD.in
We don't support FreeBSD 6.x and older now. As such, we can convert
entirely to the "new" world order, and not have to worry about adding
new sysnames to the conditionals every time we add them. FreeBSD 7.x
is no longer supported by upstream, but it does not impose an undue
burden on us to continue to build on FreeBSD 7.1 and higher; the code
needed for 7.0 exactly can be removed, though.
(The sense of the conditionals should really have been reversed anyway,
so that the default case would catch new sysnames correctly. Too late now.)
This is a 1.6-only change, as the libafs build system on master is quite
different.
Ben Kaduk [Wed, 29 May 2013 23:18:22 +0000 (19:18 -0400)]
FBSD: plug refcount leak in pioctl
When gop_lookupname_user returns a non-NULL vnode, the vnode came
from afs_GetVCache (by way of afs_lookup) which takes a reference
on the vnode entry. There's no need to take another spurious
reference here. The existing code already knows that there's a
reference in place, as there is an AFS_RELE down where FBSD80_ENV
unlocks the vnode if it's locked (that code is also suspicious).
Prior to this patch, things like 'fs flush /path/to/file' would
leak a reference on that cache entry, preventing clean shutdown.
Reviewed-on: http://gerrit.openafs.org/9957 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 2bbba424ad6728a221688f782b4df90bf6da4a63)
Change-Id: If9435903b32ca7001b418bc7a0fb611bda4d424e
Reviewed-on: http://gerrit.openafs.org/10380 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Wed, 25 Sep 2013 20:57:41 +0000 (16:57 -0400)]
Fix build for FreeBSD 10.0
Move a rmlock.h inclusion up a bit so that the vm headers can get the
rmlock assertion (and other) macros they need.
The filedesc structure has been expanded on FreeBSD to support a
stronger capabilities system; getting to the actual file descriptor
requires another structure access.
limits.h and stdarg.h need sys/ and machine/ prefixes for inclusion in the
kernel on FreeBSD. Unlike on master, there are not spurious include search
path directives to remove.
Catch up to VM layer changes.
This builds, but crashes at runtime due to some ABI incompatibilities
that appear in the rx event layer; those will be fixed in a separate patch.
Reviewed-on: http://gerrit.openafs.org/10339 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit e222b08c4049dae95475eda2d5c54bd43dd45e2e)
Change-Id: Ia8f0f31b000292fd160b8752ad5839852e11f0e0
Reviewed-on: http://gerrit.openafs.org/10379 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Ben Kaduk [Fri, 22 Mar 2013 17:51:02 +0000 (13:51 -0400)]
Catch up to FreeBSD VM object read/write locks
Upstream r248084 changed the vm_object mutex to be a rwlock,
allowing for future optimizations. This is a KPI change, so
introduce conditionals to be compatible with both versions of the KPI.
Ben Kaduk [Thu, 28 Mar 2013 21:10:29 +0000 (17:10 -0400)]
FreeBSD: VOP_MMAP has been dead since 1996
Clang complains that our (K&R!) declaration of struct vop_mmap_args
will only be visible within the (empty) function.
With the kernel's CFLAGS, though, this is fatal.
Remove the dead code.
Ben Kaduk [Tue, 15 Oct 2013 20:00:01 +0000 (16:00 -0400)]
Adjust for microtime() ABI on all XBSD
On the BSDs, struct timeval is not two 32-bit integers like our
struct clock, so the ABI is quite incompatible. Use the native type
for the function call and translate to our local type accordingly.
Unlike on master, there was no workaround in the FreeBSD kernel build
to remove.
Andrew Deason [Thu, 1 Nov 2012 21:46:13 +0000 (16:46 -0500)]
afs: Add some comments on GetValidDSlot panics
A couple of call sites for afs_GetValidDSlot currently panic if an
error is returned, but no explanation is given. Add a few comments
helping explain why there is a panic there, instead of graceful error
handling.
Andrew Deason [Thu, 1 Nov 2012 21:33:31 +0000 (16:33 -0500)]
afs_FreeDiscardedDCache: Avoid assert on error
Currently afs_FreeDiscardedDCache will assert if it cannot read in any
discarded dcache entry to free. Return an error instead of asserting,
so the caller can figure out what to do about the error.
Adjust the callers to handle the error, or panic.
afs_MaybeFreeDiscardedDCache still just panics anyway, as making it
handle the error gracefully is beyond the scope of this commit, and is
work for another day.
This changes afs_FreeDiscardedDCache to return an int.
Andrew Deason [Thu, 1 Nov 2012 20:43:09 +0000 (15:43 -0500)]
afs: Handle afs_AllocDCache errors
Do not panic if afs_AllocDCache encounters an error and returns NULL.
Instead, go into the normal retry loop that occurs if we couldn't free
up any more free/discard dcache entries.
Andrew Deason [Thu, 1 Nov 2012 20:32:31 +0000 (15:32 -0500)]
afs_AllocDCache: return NULL instead of panic
Currently afs_AllocDCache will panic if we cannot get a valid dcache
from the free/discard lists. Instead, return NULL, so the caller can
decide how to handle the error.
Currently the caller will just panic anyway, but that will be
addressed in a future commit.
Andrew Deason [Thu, 1 Nov 2012 18:41:06 +0000 (13:41 -0500)]
afs: Traverse discard/free dslot list if errors
Currently, when we pull a dslot off of the discard or free list, we
just try to get the first entry from the list, and panic if we cannot
get it. Instead, traverse through the whole list, trying to find an
entry we can successfully get. This introduces the helper function
afs_GetDSlotFromList to do this traversal.
This does not yet address the case where we cannot get any entry on
the relevant list.
Stephan Wiesand [Mon, 21 Oct 2013 12:23:50 +0000 (14:23 +0200)]
Revert "build: compile_et rules for parallel make"
This reverts commit 6c3adb6db781ef4b15d9336a63b40d3a79b11264.
While gerrit 10310 may be correct, it at least triggers some
other problem, causing significantly higher failure rates for
parallel builds. This is especially true in combination with
gerrit 10337, where there's at least one known case of 100%
failure rate. A different solution, modifying compile_et to
allow it to emit a single file per invocation, is being worked
on. For the time being, revert 10310 on the 1.6 branch to get
parallel build stability back to the previous level.
Change-Id: I372d64868f7f7d0e7185f575212f16e453299b1c
Reviewed-on: http://gerrit.openafs.org/10349 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Tue, 10 Sep 2013 02:25:50 +0000 (22:25 -0400)]
build: compile_et rules for parallel make
Change all makefile rules which run compile_et in order support parallel
make. The compile_et generates two outputs, so special care must be
taken in rules which run compile_et.
All the rules for compile_et have been changed to the form:
therefore a parallel make will serialize the builds of foo.c and foo.h,
and should detect that the second is no longer needed once the first is
over. This form works since foo.et is not a phony target, and does not
depend on a phony target.
Previously, the rules for compile_et were of the one of the two forms:
a) foo.c foo.h: foo.et
compile_et foo.et -h foo
or
b) foo.h: foo.c
foo.c: foo.et
compile_et foo.et -h foo
Form a) is problematic for parallel makes, since it is equivalent to:
In a parallel make, compile_et will be run concurrently, clobbering
each other's output files.
Form b) is better, but is problematic when foo.h is removed, since foo.h
will not be updated.
Thanks to Russ Allbery for pointing out the automake documentation which
describes issues with commands that produce multiple outputs, and
portable solutions.
Andrew Deason [Wed, 11 Sep 2013 16:22:20 +0000 (11:22 -0500)]
Probe directly for com_err.h
com_err.h can be in com_err.h, et/com_err.h, or krb5/com_err.h (for
netbsd 6.1 and possibly other netbsd). aklog currently only includes
either com_err.h or et/com_err.h, depending on autoconf probes
performed by the krb5.m4 macros.
So, also look for krb5/com_err.h. The krb5.m4 macros currently only
look for com_err.h at all if certain other libkrb5 tests return
certain results, so just look for all of them directly in some of our
openafs-specific krb5 probing logic in configure.ac.
Also remove the duplicate check for et/com_err.h in acinclude.m4 while
we're here. We only use et/com_err.h if krb5 support is enabled, so
only check for it in the second of krb5 probes.
Andrew Deason [Wed, 25 Sep 2013 05:25:48 +0000 (00:25 -0500)]
Whine if single-DES keys are in use
If we are using single-DES keys in our KeyFile, yell at the
administrator, so they have a chance at realizing that they should
migrate to stronger crypto.
Michael Meffie [Mon, 13 May 2013 17:59:50 +0000 (13:59 -0400)]
vldb_check: print vlentry file offsets
To aid in debugging, consistently print the vlentry database "address"
and the file offset when displaying errors for vlentries. Print the
vlentry file offsets when printing all the entries with the -entries
option.
Reviewed-on: http://gerrit.openafs.org/9906 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit ccb66323a0a74b35b44aa901a49490a5021d46e0)
Andrew Deason [Wed, 9 May 2012 23:45:51 +0000 (18:45 -0500)]
vos: Minimize release impact for new RO sites
Currently, if a new RO site is added with 'vos addsite', the only way
to populate the new site with data is a 'vos release' (excepting hacks
using 'vos restore' and 'vos addsite -live', etc). Due to safeguards
in 'vos' ensuring that RO sites always all contain the same data when
marked as up-to-date in the VLDB, such a release always incurs some
amount of data to be transmitted to all sites, as well as remote sites
being brought offline briefly, even when the RW data has not changed
in very long time.
To alleviate this situation, make 'vos release' detect if new,
unpopulated RO sites have been added, and if the RW volume has not
changed since the release of any existing RO sites. If both of these
conditions are true, do not update any of the existing sites, but only
transmit volume data to the sites that did not already contain RO
volumes.
Andrew Deason [Fri, 20 Sep 2013 20:13:43 +0000 (15:13 -0500)]
rx: Always call rxi_StartListener
Commit c10f5296 made rx_Init only call rxi_StartListener in the kernel
if we have RXK_LISTENER_ENV. But this doesn't make any sense, since
rxi_StartListener only does anything if RXK_LISTENER_ENV is _not_
defined. As a result, for any non-rxk-listener non-rx-upcall platform,
we never receives rx packets in the kernel, since we never set up our
rx packet callback. The only such platform appears to be AIX, since
while other platforms (HPUX, FBSD, IRIX) have a non-rxk-listener mode,
they also implement an rxk-listener mode that we always turn on.
So, just always call rxi_StartListener, and let the ifdef guards for
the various implementations of rxi_StartListener do the right thing.
Andrew Deason [Thu, 1 Aug 2013 19:06:52 +0000 (14:06 -0500)]
DAFS: Remove AFS_DEMAND_ATTACH_UTIL
Currently we have two DAFS-related preprocessor defines in the
codebase: AFS_DEMAND_ATTACH_FS and AFS_DEMAND_ATTACH_UTIL. DAFS_FS is
the symbol for enabling DAFS code, and turns on demand attachment and
all of the related complicated volume handling; it requires pthreads.
DAFS_UTIL is supposed to be used for utilities interacting with DAFS,
but do not have pthreads and so cannot build the relevant threads for
e.g. the VLRU, so they don't support demand attachment and a lot of
more advanced volume handling techniques.
Having both of these exist is confusing. For example, currently in
partition.c we only initialize dp->volLockFile for DAFS_FS, even
though the structure exists if _either_ DAFS_FS or DAFS_UTIL is
defined. This means when only DAFS_UTIL is defined, volLockFile will
exist in the partition structure, but will be uninitialized!
Amongst other possible issues, this means right now that DAFS_UTIL
users (dasalvager is the only one right now) will try to use an
uninitialized volLockFile whenever they try to use a volume that needs
locking. Since the partition struct is usually initialized to all
zeroes, this means we'll try to issue a lock request for FD 0,
whatever FD 0 is. If FD 0 is not open, we'll fail with EBADF and bail
out. But if FD 0 is open to some random file, the lock will probably
succeed, and we'll proceed without actually locking the volume lock
file. While the fssync volume checkout mechanism still works, the
on-disk locking mechanism protects against race conditions the fssync
volume checkout mechanism cannot protect against, and so handling
volumes in this way is not safe.
This is just one example; there are other issues with the partition
headerLockFile and probably may other things; most instances of
DAFS_FS really should be enabled for DAFS_UTIL as well.
So, instead of trying to account for and fix all of these problems
individually, get rid of AFS_DEMAND_ATTACH_UTIL, and just use
AFS_DEMAND_ATTACH_FS. This means that all relevant code must be
pthreaded, but since the only relevant code is for the dasalvager, we
can just make dasalvager pthreaded. Salvaging does not make use of any
threads or LWPs, so this should not have any side-effects.
Thanks to Ralf Brunckhorst for reporting the issue where we encounter
EBADF when FD 0 is not open, leading to the discovery of this.
Michael Meffie [Thu, 29 Sep 2011 18:44:11 +0000 (14:44 -0400)]
bozo: retry start after error stops
After a bnode is stopped because of two many consecutive exits
delay for some time and attempt to start the bnode again. Countine
to retry on each error stop, doubling the delay for each retry
attempt until a maxium number of attempts.
Marc Dionne [Tue, 3 Sep 2013 11:55:14 +0000 (07:55 -0400)]
Linux 3.11: Adapt to d_count changes
In preparation for upcoming changes in the 3.12 cycle, d_lockref
was introduced late in the 3.11 cycle. The dentry's d_lock and
d_count are moved to this new structure. A new d_lock macro makes
the change transparent for locking, but direct users of d_count
must adapt. A new d_count() helper function is provided and
should now be used.
Use the new d_count() helper function if available, and move
some of the ifdef logic into a helper compatibility function.
Reviewed-on: http://gerrit.openafs.org/10219 Tested-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 1f577e41b65e9bd213a915a296ecf5bedd17fcc1)
Change-Id: I43db7b00f966a214259b6814d0308b7164e31295
Reviewed-on: http://gerrit.openafs.org/10241 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Simon Wilkinson [Fri, 30 Mar 2012 18:16:50 +0000 (19:16 +0100)]
libadmin: Clear structures according to their size.
memset(a, 0, sizeof(a)) is rarely correct, unless a is an error. Use the
size of the destination structure, rather than the size of a pointer to it
when deciding how much memory to clear.
projects / packages / o / openafs.git / log