The fileserver-side "NAT ping" behavior has yet to be proven to be helpful in
situations with NATs. If the behavior is not helpful, this generates
potentially a significant amount of extra useless traffic. So until it can be
shown to what degree this is helpful, keep this behavior out of the fileserver.
Ben Kaduk [Tue, 26 Mar 2013 21:42:38 +0000 (17:42 -0400)]
Fix DARWIN build with clang
In 1d8937b86050 we added a function call to kauth_cred_unref in the
DARWIN100 case (replacing a macro), but added the inclusion of
sys/kauth.h only when using versions older than DARWIN80.
On DARWIN100 and above, clang detects that the now-implicit function
declaration is in conflict with the actual prototype, which is included
later through afs/sysincludes.h when compiling the kernel rx code.
Since including sys/kauth.h seems to have been harmless for old versions,
just include it always.
Ken Hornstein [Thu, 5 Dec 2013 18:57:36 +0000 (13:57 -0500)]
Remove extra whitespace from macro invocations
On MacOS X 10.9, the compiler has switched to LLVM and as a consequence
generates an error if there is a space between a macro invocation and
the starting left parenthesis.
Based on code originally done by Matt Haught <dmhaught@ncsu.edu>.
Ken Hornstein [Wed, 20 Nov 2013 18:37:52 +0000 (13:37 -0500)]
Support for changes to OS X Mavericks VNOP_SYMLINK() function.
Add support for an extra argument to afs_symlink() to return the
newly-created symlink vnode if requested (this is needed on OS X
Mavericks). On OS X Mavericks return the newly-created symlink vnode in
the symlink vnops functions, on all other platforms ignore it.
It turns out that technically OS X has required the symlink to be
created for a while, but code inside of symlink() would call namei() on
the symlink name if the returned vnode point was NULL. The difference
is that on Mavericks the Manditory Access Control Framework has been
enabled, and that turns on some extra code which unconditionally calls
vnode_mount() on the returned vnode pointer, which ends up causing a
panic
Stephan Wiesand [Thu, 21 Nov 2013 14:01:29 +0000 (15:01 +0100)]
Linux: Fix build for older kernels w/o bool
Commit b7f4f2023b2b3e1aac46715176940fb50cc75265 broke builds against
older kernels which don't have bool defined in linux/types.h . Fix
this by using unsigned char instead of bool for the static inline
functions.
Reviewed-on: http://gerrit.openafs.org/10483 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 5b67620c7b3ad224ea53075e37ecf1f7e6a7c51a)
Change-Id: Iccb8ca2625211b94b105c6eb60764f4a064b345a
Reviewed-on: http://gerrit.openafs.org/10518 Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Thu, 7 Nov 2013 20:37:25 +0000 (15:37 -0500)]
Linux: Get rid of !STRUCT_KEY_UID_IS_KUID_T case
On the few kernel versions before struct key.uid was converted to
kuid_t (v3.7-rc1~147^2~76), it was not possible to enable both
CONFIG_KEYS and CONFIG_UIDGID_STRICT_TYPE_CHECKS, so this case was
impossible. That’s good, because it also had a typo in its
implementation (and was confusing to deal with correctly).
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/10443 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit d0a13fe678412464452afae9379d63fa48d41d83)
Change-Id: I081115d13b6deb3b10e6da442bed7a7bb9347296
Reviewed-on: http://gerrit.openafs.org/10458 Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Thu, 31 Oct 2013 13:11:59 +0000 (09:11 -0400)]
Linux: Fix build with CONFIG_UIDGID_STRICT_TYPE_CHECKS (user namespaces)
With CONFIG_UIDGID_STRICT_TYPE_CHECKS (a dependency of user namespace
support, CONFIG_USER_NS) turned on, uid_t and kuid_t are different
types, as are gid_t and kgid_t, and we need to use namespace-dependent
functions to convert between them.
We can’t use init_user_ns as the namespace because it’s GPL-only, so
instead we grab the current user_ns at module load time.
This is required to support kernels with user namespace support. We
don’t yet have full support for independent AFS use by different users
in a multiuser container; that will need to wait for future work.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/10386 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit b7f4f2023b2b3e1aac46715176940fb50cc75265)
Change-Id: I55fb7d4ccbed2b4381937270955b117244b80719
Reviewed-on: http://gerrit.openafs.org/10457 Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Tue, 5 Nov 2013 06:11:15 +0000 (01:11 -0500)]
afs_linux_pag_from_groups: Stop checking for NOGROUP sentinel
Linux hasn’t used NOGROUP as a sentinel like this since before kernel
2.1.12, and OpenAFS hasn’t used it on Linux since commit 109927bf6f54b58b76ac48ba41c2012c74937fed (Remove pre-Linux 2.6
support).
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/10426 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 231e50ff9742927188d67099f0e1dbaf09858c3c)
Change-Id: I9ad46eb5a2aafa75e5412eafb1e26bd2c6f0d317
Reviewed-on: http://gerrit.openafs.org/10456 Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The afs_CacheTruncateDeamon() thread will not sleep until both
'afs_CacheTooFull' and 'afs_WaitForCacheDrain' are true but the
thread will stop freeing space in the cache when 'afs_CacheTooFull'
is true which prevents 'afs_WaitForCacheDrain' from ever becoming
true if it is not already.
Make the conditional for doing work include 'afs_WaitForCacheDrain'.
Change-Id: Id25929080eecd390d4ed56e5fffd6fe56cc8502c
Reviewed-on: http://gerrit.openafs.org/10436 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
afs_WakeCacheWaitersIfDrained is called as the last statement
of both afs_DiscardDCache and afs_FreeDCache. There is no need
to perform the same check again before exiting afs_FlushDCache.
Change-Id: I111d7dc1638fa8fc0a4c35d9cc4c0a1631300f89
Reviewed-on: http://gerrit.openafs.org/10433 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
For consistency with afs_FlushDCache and afs_DiscardDCache
include afs_blocksDiscarded in the free space test. When afs_FreeDCache
is called it should be zero.
Change-Id: I84a5dea626258c628d24bf647088e2cbfd233c9a
Reviewed-on: http://gerrit.openafs.org/10431 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
WARNING: CPU: 3 PID: 657 at /build/buildd/linux-3.12.0/lib/kobject.c:196 kobject_add_internal+0x1f4/0x300()
kobject_add_internal failed for afs with -EEXIST, don't try to register things with the same name in the same directory.
and leads to general system instability. This can be reproduced by
starting AFS twice with an empty cache, dynroot disabled, and no
network.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/10448 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit f5f53cb0a1f326ed4695621f6a5a63f798444549)
Change-Id: I6dda2fb561279d445bb7fdfdb601b64b326cd4c1
Reviewed-on: http://gerrit.openafs.org/10454 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Ben Kaduk [Wed, 16 Oct 2013 00:57:26 +0000 (20:57 -0400)]
Tidy up MakefileProto.FBSD.in
We don't support FreeBSD 6.x and older now. As such, we can convert
entirely to the "new" world order, and not have to worry about adding
new sysnames to the conditionals every time we add them. FreeBSD 7.x
is no longer supported by upstream, but it does not impose an undue
burden on us to continue to build on FreeBSD 7.1 and higher; the code
needed for 7.0 exactly can be removed, though.
(The sense of the conditionals should really have been reversed anyway,
so that the default case would catch new sysnames correctly. Too late now.)
This is a 1.6-only change, as the libafs build system on master is quite
different.
Ben Kaduk [Wed, 29 May 2013 23:18:22 +0000 (19:18 -0400)]
FBSD: plug refcount leak in pioctl
When gop_lookupname_user returns a non-NULL vnode, the vnode came
from afs_GetVCache (by way of afs_lookup) which takes a reference
on the vnode entry. There's no need to take another spurious
reference here. The existing code already knows that there's a
reference in place, as there is an AFS_RELE down where FBSD80_ENV
unlocks the vnode if it's locked (that code is also suspicious).
Prior to this patch, things like 'fs flush /path/to/file' would
leak a reference on that cache entry, preventing clean shutdown.
Reviewed-on: http://gerrit.openafs.org/9957 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 2bbba424ad6728a221688f782b4df90bf6da4a63)
Change-Id: If9435903b32ca7001b418bc7a0fb611bda4d424e
Reviewed-on: http://gerrit.openafs.org/10380 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Wed, 25 Sep 2013 20:57:41 +0000 (16:57 -0400)]
Fix build for FreeBSD 10.0
Move a rmlock.h inclusion up a bit so that the vm headers can get the
rmlock assertion (and other) macros they need.
The filedesc structure has been expanded on FreeBSD to support a
stronger capabilities system; getting to the actual file descriptor
requires another structure access.
limits.h and stdarg.h need sys/ and machine/ prefixes for inclusion in the
kernel on FreeBSD. Unlike on master, there are not spurious include search
path directives to remove.
Catch up to VM layer changes.
This builds, but crashes at runtime due to some ABI incompatibilities
that appear in the rx event layer; those will be fixed in a separate patch.
Reviewed-on: http://gerrit.openafs.org/10339 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit e222b08c4049dae95475eda2d5c54bd43dd45e2e)
Change-Id: Ia8f0f31b000292fd160b8752ad5839852e11f0e0
Reviewed-on: http://gerrit.openafs.org/10379 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Ben Kaduk [Fri, 22 Mar 2013 17:51:02 +0000 (13:51 -0400)]
Catch up to FreeBSD VM object read/write locks
Upstream r248084 changed the vm_object mutex to be a rwlock,
allowing for future optimizations. This is a KPI change, so
introduce conditionals to be compatible with both versions of the KPI.
Ben Kaduk [Thu, 28 Mar 2013 21:10:29 +0000 (17:10 -0400)]
FreeBSD: VOP_MMAP has been dead since 1996
Clang complains that our (K&R!) declaration of struct vop_mmap_args
will only be visible within the (empty) function.
With the kernel's CFLAGS, though, this is fatal.
Remove the dead code.
Ben Kaduk [Tue, 15 Oct 2013 20:00:01 +0000 (16:00 -0400)]
Adjust for microtime() ABI on all XBSD
On the BSDs, struct timeval is not two 32-bit integers like our
struct clock, so the ABI is quite incompatible. Use the native type
for the function call and translate to our local type accordingly.
Unlike on master, there was no workaround in the FreeBSD kernel build
to remove.
Andrew Deason [Thu, 1 Nov 2012 21:46:13 +0000 (16:46 -0500)]
afs: Add some comments on GetValidDSlot panics
A couple of call sites for afs_GetValidDSlot currently panic if an
error is returned, but no explanation is given. Add a few comments
helping explain why there is a panic there, instead of graceful error
handling.
Andrew Deason [Thu, 1 Nov 2012 21:33:31 +0000 (16:33 -0500)]
afs_FreeDiscardedDCache: Avoid assert on error
Currently afs_FreeDiscardedDCache will assert if it cannot read in any
discarded dcache entry to free. Return an error instead of asserting,
so the caller can figure out what to do about the error.
Adjust the callers to handle the error, or panic.
afs_MaybeFreeDiscardedDCache still just panics anyway, as making it
handle the error gracefully is beyond the scope of this commit, and is
work for another day.
This changes afs_FreeDiscardedDCache to return an int.
Andrew Deason [Thu, 1 Nov 2012 20:43:09 +0000 (15:43 -0500)]
afs: Handle afs_AllocDCache errors
Do not panic if afs_AllocDCache encounters an error and returns NULL.
Instead, go into the normal retry loop that occurs if we couldn't free
up any more free/discard dcache entries.
Andrew Deason [Thu, 1 Nov 2012 20:32:31 +0000 (15:32 -0500)]
afs_AllocDCache: return NULL instead of panic
Currently afs_AllocDCache will panic if we cannot get a valid dcache
from the free/discard lists. Instead, return NULL, so the caller can
decide how to handle the error.
Currently the caller will just panic anyway, but that will be
addressed in a future commit.
Andrew Deason [Thu, 1 Nov 2012 18:41:06 +0000 (13:41 -0500)]
afs: Traverse discard/free dslot list if errors
Currently, when we pull a dslot off of the discard or free list, we
just try to get the first entry from the list, and panic if we cannot
get it. Instead, traverse through the whole list, trying to find an
entry we can successfully get. This introduces the helper function
afs_GetDSlotFromList to do this traversal.
This does not yet address the case where we cannot get any entry on
the relevant list.
Stephan Wiesand [Mon, 21 Oct 2013 12:23:50 +0000 (14:23 +0200)]
Revert "build: compile_et rules for parallel make"
This reverts commit 6c3adb6db781ef4b15d9336a63b40d3a79b11264.
While gerrit 10310 may be correct, it at least triggers some
other problem, causing significantly higher failure rates for
parallel builds. This is especially true in combination with
gerrit 10337, where there's at least one known case of 100%
failure rate. A different solution, modifying compile_et to
allow it to emit a single file per invocation, is being worked
on. For the time being, revert 10310 on the 1.6 branch to get
parallel build stability back to the previous level.
Change-Id: I372d64868f7f7d0e7185f575212f16e453299b1c
Reviewed-on: http://gerrit.openafs.org/10349 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Tue, 10 Sep 2013 02:25:50 +0000 (22:25 -0400)]
build: compile_et rules for parallel make
Change all makefile rules which run compile_et in order support parallel
make. The compile_et generates two outputs, so special care must be
taken in rules which run compile_et.
All the rules for compile_et have been changed to the form:
therefore a parallel make will serialize the builds of foo.c and foo.h,
and should detect that the second is no longer needed once the first is
over. This form works since foo.et is not a phony target, and does not
depend on a phony target.
Previously, the rules for compile_et were of the one of the two forms:
a) foo.c foo.h: foo.et
compile_et foo.et -h foo
or
b) foo.h: foo.c
foo.c: foo.et
compile_et foo.et -h foo
Form a) is problematic for parallel makes, since it is equivalent to:
In a parallel make, compile_et will be run concurrently, clobbering
each other's output files.
Form b) is better, but is problematic when foo.h is removed, since foo.h
will not be updated.
Thanks to Russ Allbery for pointing out the automake documentation which
describes issues with commands that produce multiple outputs, and
portable solutions.
Andrew Deason [Wed, 11 Sep 2013 16:22:20 +0000 (11:22 -0500)]
Probe directly for com_err.h
com_err.h can be in com_err.h, et/com_err.h, or krb5/com_err.h (for
netbsd 6.1 and possibly other netbsd). aklog currently only includes
either com_err.h or et/com_err.h, depending on autoconf probes
performed by the krb5.m4 macros.
So, also look for krb5/com_err.h. The krb5.m4 macros currently only
look for com_err.h at all if certain other libkrb5 tests return
certain results, so just look for all of them directly in some of our
openafs-specific krb5 probing logic in configure.ac.
Also remove the duplicate check for et/com_err.h in acinclude.m4 while
we're here. We only use et/com_err.h if krb5 support is enabled, so
only check for it in the second of krb5 probes.
Andrew Deason [Wed, 25 Sep 2013 05:25:48 +0000 (00:25 -0500)]
Whine if single-DES keys are in use
If we are using single-DES keys in our KeyFile, yell at the
administrator, so they have a chance at realizing that they should
migrate to stronger crypto.
Michael Meffie [Mon, 13 May 2013 17:59:50 +0000 (13:59 -0400)]
vldb_check: print vlentry file offsets
To aid in debugging, consistently print the vlentry database "address"
and the file offset when displaying errors for vlentries. Print the
vlentry file offsets when printing all the entries with the -entries
option.
Reviewed-on: http://gerrit.openafs.org/9906 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit ccb66323a0a74b35b44aa901a49490a5021d46e0)
Andrew Deason [Wed, 9 May 2012 23:45:51 +0000 (18:45 -0500)]
vos: Minimize release impact for new RO sites
Currently, if a new RO site is added with 'vos addsite', the only way
to populate the new site with data is a 'vos release' (excepting hacks
using 'vos restore' and 'vos addsite -live', etc). Due to safeguards
in 'vos' ensuring that RO sites always all contain the same data when
marked as up-to-date in the VLDB, such a release always incurs some
amount of data to be transmitted to all sites, as well as remote sites
being brought offline briefly, even when the RW data has not changed
in very long time.
To alleviate this situation, make 'vos release' detect if new,
unpopulated RO sites have been added, and if the RW volume has not
changed since the release of any existing RO sites. If both of these
conditions are true, do not update any of the existing sites, but only
transmit volume data to the sites that did not already contain RO
volumes.
Andrew Deason [Fri, 20 Sep 2013 20:13:43 +0000 (15:13 -0500)]
rx: Always call rxi_StartListener
Commit c10f5296 made rx_Init only call rxi_StartListener in the kernel
if we have RXK_LISTENER_ENV. But this doesn't make any sense, since
rxi_StartListener only does anything if RXK_LISTENER_ENV is _not_
defined. As a result, for any non-rxk-listener non-rx-upcall platform,
we never receives rx packets in the kernel, since we never set up our
rx packet callback. The only such platform appears to be AIX, since
while other platforms (HPUX, FBSD, IRIX) have a non-rxk-listener mode,
they also implement an rxk-listener mode that we always turn on.
So, just always call rxi_StartListener, and let the ifdef guards for
the various implementations of rxi_StartListener do the right thing.
Andrew Deason [Thu, 1 Aug 2013 19:06:52 +0000 (14:06 -0500)]
DAFS: Remove AFS_DEMAND_ATTACH_UTIL
Currently we have two DAFS-related preprocessor defines in the
codebase: AFS_DEMAND_ATTACH_FS and AFS_DEMAND_ATTACH_UTIL. DAFS_FS is
the symbol for enabling DAFS code, and turns on demand attachment and
all of the related complicated volume handling; it requires pthreads.
DAFS_UTIL is supposed to be used for utilities interacting with DAFS,
but do not have pthreads and so cannot build the relevant threads for
e.g. the VLRU, so they don't support demand attachment and a lot of
more advanced volume handling techniques.
Having both of these exist is confusing. For example, currently in
partition.c we only initialize dp->volLockFile for DAFS_FS, even
though the structure exists if _either_ DAFS_FS or DAFS_UTIL is
defined. This means when only DAFS_UTIL is defined, volLockFile will
exist in the partition structure, but will be uninitialized!
Amongst other possible issues, this means right now that DAFS_UTIL
users (dasalvager is the only one right now) will try to use an
uninitialized volLockFile whenever they try to use a volume that needs
locking. Since the partition struct is usually initialized to all
zeroes, this means we'll try to issue a lock request for FD 0,
whatever FD 0 is. If FD 0 is not open, we'll fail with EBADF and bail
out. But if FD 0 is open to some random file, the lock will probably
succeed, and we'll proceed without actually locking the volume lock
file. While the fssync volume checkout mechanism still works, the
on-disk locking mechanism protects against race conditions the fssync
volume checkout mechanism cannot protect against, and so handling
volumes in this way is not safe.
This is just one example; there are other issues with the partition
headerLockFile and probably may other things; most instances of
DAFS_FS really should be enabled for DAFS_UTIL as well.
So, instead of trying to account for and fix all of these problems
individually, get rid of AFS_DEMAND_ATTACH_UTIL, and just use
AFS_DEMAND_ATTACH_FS. This means that all relevant code must be
pthreaded, but since the only relevant code is for the dasalvager, we
can just make dasalvager pthreaded. Salvaging does not make use of any
threads or LWPs, so this should not have any side-effects.
Thanks to Ralf Brunckhorst for reporting the issue where we encounter
EBADF when FD 0 is not open, leading to the discovery of this.
Michael Meffie [Thu, 29 Sep 2011 18:44:11 +0000 (14:44 -0400)]
bozo: retry start after error stops
After a bnode is stopped because of two many consecutive exits
delay for some time and attempt to start the bnode again. Countine
to retry on each error stop, doubling the delay for each retry
attempt until a maxium number of attempts.
Marc Dionne [Tue, 3 Sep 2013 11:55:14 +0000 (07:55 -0400)]
Linux 3.11: Adapt to d_count changes
In preparation for upcoming changes in the 3.12 cycle, d_lockref
was introduced late in the 3.11 cycle. The dentry's d_lock and
d_count are moved to this new structure. A new d_lock macro makes
the change transparent for locking, but direct users of d_count
must adapt. A new d_count() helper function is provided and
should now be used.
Use the new d_count() helper function if available, and move
some of the ifdef logic into a helper compatibility function.
Reviewed-on: http://gerrit.openafs.org/10219 Tested-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 1f577e41b65e9bd213a915a296ecf5bedd17fcc1)
Change-Id: I43db7b00f966a214259b6814d0308b7164e31295
Reviewed-on: http://gerrit.openafs.org/10241 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Simon Wilkinson [Fri, 30 Mar 2012 18:16:50 +0000 (19:16 +0100)]
libadmin: Clear structures according to their size.
memset(a, 0, sizeof(a)) is rarely correct, unless a is an error. Use the
size of the destination structure, rather than the size of a pointer to it
when deciding how much memory to clear.
Andrew Deason [Thu, 30 May 2013 22:53:56 +0000 (17:53 -0500)]
namei: Create the IH_CREATE_INIT function
Create a new function that combines calls to IH_CREATE and IH_INIT
into one operation; the new function is called IH_CREATE_INIT. This
allows a caller to create a file and then use it, without needing to
open() the file twice.
This is currently only implemented for the Unix namei backend; other
backends result in effectively the same functionality (but can use the
same API).
Andrew Deason [Thu, 30 May 2013 22:52:32 +0000 (17:52 -0500)]
ihandle: Refactor ih_open to split out ih_attachfd
Refactor the function ih_open, so part of its logic gets split out
into the new ih_attachfd_r (and ih_attachfd) function. This allows
other code to splice in an existing fd, without going through the
normal "open" path.
This patch should incur no functional change; it is just code
reorganization.
Andrew Deason [Thu, 30 May 2013 22:40:58 +0000 (17:40 -0500)]
ihandle: Fix fdInUseCount leak on EMFILE
Here, we close closeFd, but currently we don't decrement fdInUseCount.
Since we retry the open immediately afterwards, this means we can leak
fdInUseCount references. For example, if we retry this 5 times and get
EMFILE on each attempt, we will close 5 FDs, but not decrement
fdInUseCount at all.
To fix this, decrement fdInUseCounter when we close a file for EMFILE.
Michael Meffie [Thu, 12 Sep 2013 16:20:33 +0000 (12:20 -0400)]
auth: fix cellservdb update check
Fix a bug introduced by the check to avoid excessive stats of the
cellservdb. Fixes a bug where cached cell config data is served for up
to one second after a write.
Check the timeRead field which is reset after a write to indicate the
data should be read.
Mark Vitale [Fri, 25 Jan 2013 23:47:49 +0000 (18:47 -0500)]
salvager: prevent assertion during -orphans attach
Improve JudgeEntry() detection of orphaned directories to
prevent unintentional deletion of their '.' and '..' entries.
This in turn prevents a later assert (opr_Verify) when we try to
delete and re-add '..' in order to attach the orphan.
In JudgeEntry(), 2 sources of information about a
directory entry are compared for consistency:
- vnodeEssence (unique) from its vnode index entry
- name, vnodeNumber and unique from its dir blob entry
A directory entry may be ignored, deleted, or repaired/replaced,
based upon the results of these and other tests (e.g. dirOprhaned).
The '.' and '..' entries are treated as special cases because
we do not want to delete them at this point if this directory
is orphaned. However, the current test for orphanhood
(vnodeEssence->unique == 0) is not sufficient; it could be
zero for other reasons. This commit now uses the dirOrphaned
flag to test for this.
However, we are still interested in doing the right thing
for '.' and '..' entries with vnodeEssence->unique == 0.
This may indicate that the dir blob entry is pointing at the
wrong vnode, and that vnode has unique==0. The current code
incorrectly ignores (returns 0) this case. This commit now
now falls through to the repair/replace code so that we can
find the correct vnode for this entry.
The current code assumes that the 'vnodeEssence == 0 &&
!dirOrphaned' case doesn't exist.
Make sure the 'sigw' parameter for sigwait is declared if it's going to be
used (it was missing for netbsd)
Derived from 18b932f (http://gerrit.openafs.org/2767)
Change-Id: I53f79ef5eb9ff132e99b78ca87f125e832d2e5f0
Reviewed-on: http://gerrit.openafs.org/10138 Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Ben Kaduk [Wed, 17 Jul 2013 00:39:56 +0000 (20:39 -0400)]
Check for over/underflow while allocating PTS ids
The behavior of signed integer over/underflow is implementation-defined,
but even if the compiler is nice and just wraps around, we could get
ourselves into trouble later on.
Andrew Deason [Thu, 28 Mar 2013 21:42:58 +0000 (16:42 -0500)]
aklog: Probe for libasn1 on heimdal
aklog uses encode_EncTicketPart and some other encode_* ASN.1 routines
when we're building against heimdal. Our krb5 autoconf logic from
c-rra-util is not guaranteed to include libasn1 in KRB5_LIBS, since
it's not required for functions in the krb5 API. So, specifically test
for it.
Andrew Deason [Tue, 26 Mar 2013 22:50:31 +0000 (17:50 -0500)]
volser: Make VolListOneVolume errors consistent
Currently, VolXListOneVolume errors out with ENODEV if any attachment
error occurs with the specified volume. But VolListOneVolume always
returns success if it can find the indicated volume, and any
attachment errors and such are reported in the 'status' field of the
volume info structure.
These two functions do pretty much the same thing; VolXListOneVolume
just provides more info than VolListOneVolume. So make them behave the
same way, and provide more specific information, whether or not
somebody ran 'vos examine' or 'vos examine -extended'.
The 'vos' binary has always handled errors in the 'status' volume info
structure for both "extended" and non-"extended" queries. This
difference appears to just have been a mistake from OpenAFS 1.0.
Reviewed-on: http://gerrit.openafs.org/9680 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 199cfb4a885b98b583f538ed14dff7ec5c9f9990)
Change-Id: I397c6b49eb7cfaef1c4dae16c1158dc0411701a3
Reviewed-on: http://gerrit.openafs.org/9916 Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Tue, 26 Mar 2013 22:26:23 +0000 (17:26 -0500)]
volser: Restore Vol*ListOneVolume error handling
In the 1.4 series, the volserver VolListOneVolume function always
returned success if the specified volume was found in any way, and
ENODEV otherwise. The VolXListOneVolume returned ENODEV if the volume
was not found, or if any error occurred.
DAFS (specifically, commit ed25934c1fe96b143715025b49104e75dce9a361)
changed these so they both behave the same way. That is, they both
return success if the volume was found at all, and ENODEV otherwise.
These changes mean that a 'vos examine' for a volume with an existing
volume transaction now indicates that a volume is offline/unattached,
but in the 1.4 series, the volume was indicated as "busy".
So, restore the original 1.4 behavior of these functions, so the
volume status is reported as it always was. This effectively reverts 53cc2ebaea5e5488d5285f0d13ffa47069ee986f, and slightly changes the
post-DAFS code to look more like the 1.4 code. This also removes the
'code' variable from VolListOneVolume and adds an explicit comment
about what's going on, to make this a little more clear.
While changing the behavior of VolXListOneVolume to match that of
VolListOneVolume perhaps makes sense, for now just restore the exact
1.4 behavior, and make the function flow look a little more like the
1.4 code did. A future change may make them the same again.
Andrew Deason [Tue, 26 Mar 2013 22:00:05 +0000 (17:00 -0500)]
volser: Indicate busy volume with VBUSY
Commit 34fc86bcc749f3bd059831b7e5dae03dc09a9393 changed several uses
of VBUSY to VOLSERVOLBUSY in order to detect retriable operations.
However, one such change did not change an Rx abort code, but instead
was used for the 'status' field for a volintInfo or volintXInfo
structure. That is not really a general error code, but a field with a
few specific known values (at least, that is how existing clients
interpret it).
Go back to using VBUSY, so clients indicate the volume as busy,
instead of as offline/unattached.
Marc Dionne [Wed, 22 May 2013 13:26:57 +0000 (09:26 -0400)]
Linux: Fix tmpfs cache support
As of kernel 3.1, tmpfs no longer has a readpage() operation in its
address space operations. Some of the cache manager code relies on
this, causing an oops if tmpfs is used as backing store for the
cache.
As a minimal fix, detect that there is no readpage() and disable
the optimizations that depend on it.
Michael Meffie [Thu, 4 Nov 2010 13:26:25 +0000 (09:26 -0400)]
avoid private stdio fields in waitkey
Use the stdio_ext functions provided by solaris and glibc
instead of directly accessing private stdio FILE structure
members. This is needed for 64-bit solaris builds and is more
portable in general since the FILE structure is meant to be
opaque.
Michael Meffie [Wed, 16 Jan 2013 17:10:02 +0000 (12:10 -0500)]
vlclient: add -probe option
Add a new option to the vlclient test program to call the
probe server RPC to ping the vlservers in a cell. Uses a multi
rx call to do the probes in parallel.
The existing -host option can be used to ping a single
vlserver.
Reviewed-on: http://gerrit.openafs.org/8911 Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit bb733da134ce7d7742d5b7359edb36f67ec85632)
Change-Id: I9d26e072fafa3e785bb1bc2eb0d8db43fbc1ff57
Reviewed-on: http://gerrit.openafs.org/9570 Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Tue, 19 Jun 2012 19:42:23 +0000 (14:42 -0500)]
viced: Clear all client CPS on FlushCPS
Currently the fileserver only finds the first applicable 'client'
structure (via h_ID2Client) for a FlushCPS operation, and invalidates
the CPS for it. However, there may be many 'client' structures in
memory for the given viceid, since we may have many connections for
the same user (possibly from different hosts).
So, modify FlushCPS to find all relevant client structures, and
invalidate the CPS calculation on them.
Andrew Deason [Thu, 31 May 2012 21:15:33 +0000 (16:15 -0500)]
vol-salvage: Unlock volumes before exiting
Normally, volume locks acquired by an exiting salvaging process would
be automatically given up when the process exits, since our FDs are
closed. However, if we exit by calling Exit() or Abort(), we
gracefully shutdown our SYNC channels before exiting. For FSSYNC, this
can result in the fileserver trying to online the volumes we had
checked out but had not yet checked back in, so the fileserver may try
to online a volume we have locked, before the locks have been
released.
To avoid this, unlock all volume locks for all partitions before we
shutdown SYNC channels on exit.
Michael Meffie [Tue, 17 Apr 2012 02:29:24 +0000 (22:29 -0400)]
bozo: increase salvage instance poll rate
Increase the bos client poll rate of the salvager temporary bnode
instance status, from every 5 seconds to 1 second. This reduces the
minimum time bos salvage takes, from 5 seconds to 1 second, which
can add up when doing a large number of volume salvages.
Reviewed-on: http://gerrit.openafs.org/7231 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Tom Keiser <tkeiser@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@dementix.org>
(cherry picked from commit 2460e132a9ed63714754745fe24f6f3a5712c81d)
Change-Id: Ic86d3f3ed5791f880b41533edcd405a8fec24c0b
Reviewed-on: http://gerrit.openafs.org/9476 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Thu, 23 Feb 2012 19:02:13 +0000 (13:02 -0600)]
salvager: Do not fork for single VG salvage
Currently we always fork a child in the salvager in order to salvage a
volume group. I believe this is in order to protect SEGV, exit(), etc
in one salvage operation from preventing salvaging anything else. When
salvaging a single volume group, though, there appears to be little
benefit.
In addition, we need to keep the VG salvaging code in the same process
as the cleanup code for single-volume salvages, so we can know which
volumes were deleted by SalvageVolumeGroup, so we know which volumes
to bring back online. So, do not fork for the singleVolumeNumber case.
Note that for DAFS, we already never fork for the entire salvage
operation when salvaging an individual volume group. So, this is
effectively a non-DAFS-only change.
Andrew Deason [Wed, 22 Feb 2012 00:05:32 +0000 (18:05 -0600)]
salvager: Remove VolumeSummary->fileName
The 'fileName' field in VolumeSummary serves two apparent purposes:
- Storing the filename of the volume header file (V0XXX.vol).
- Indicating whether or not a given VolumeSummary object is
referenced by any inodes on disk. fileName is set by
AskVolumeSummary/GetVolumeSummary, and is cleared in
SalvageFileSys1 when a matching inodeSummary entry is found.
This is very confusing. The first purpose is completely unnecessary;
we can always calculate the filename from the volume id for the
volume, and we already enforce the filename to be of that specific
format. The second purpose is very unclear in the current code, and
overloads the meaning of the field.
So instead, remove fileName entirely. Code that was using it to locate
the header file are changed to use VolumeExternalName_r. Code that was
using the field to determine if the volume is "unused" is changed to
use a field just called "unused", set to 0 or 1.
Andrew Deason [Thu, 31 Mar 2011 22:22:12 +0000 (17:22 -0500)]
salvager: Error volumes on GetInodeSummary errors
When GetInodeSummary fails due to an internal failure (not from just
failing to find applicable inodes), currently it just returns an
error, and does not return the checked-out singleVolumeNumber back to
the fileserver.
When we fail to gather inodes, we should force the volume to an error
state, since we haven't salvaged the volume. But if we fail to find
any applicable inodes, we just want to VOL_DONE the volume, since the
header has possibly been destroyed, and the volume doesn't exist.
So, issue an FSYNC_VOL_FORCE_ERROR command when we encounter errors in
GetInodeSummary, except when we fail to find applicable inodes.
Andrew Deason [Tue, 21 Feb 2012 23:46:41 +0000 (17:46 -0600)]
salvager: Do not require MaybeZapVolume fileName
In MaybeZapVolume, currently we do not remove the volume header if the
given isp->volSummary->fileName is not set. This effectively means
that we only actually "zap" volumes for which we have just created the
header, or which are not referenced by any inodes.
For readonly volumes that have errors, we want to delete the volumes
instead of salvaging. Readonly volumes with valid headers will have
fileName as NULL, though (set back in SalvageFileSys1), so
MaybeZapVolume will refuse to remove them. What ends up happening is
that the headers will stay around, but since we do not finish checking
the volume, all of the inodes for the data in the volume will be
dec'd. This results in a volume whose header exists, but none of its
inodes (including special inodes) exist, so the volume will need to be
salvaged again, and during that salvage will be deleted (because there
are no inodes for the volume).
Avoid all this, and just delete volume headers for volumes that lack a
valid fileName. Instead try to avoid deleting headers with
volSummary->deleted set, just so we don't try to delete the same
headers twice.
Andrew Deason [Tue, 21 Feb 2012 23:40:46 +0000 (17:40 -0600)]
salvager: Do not set fileName on header fixup
Currently, SalvageVolumeHeaderFile will set isp->volSummary->fileName
to a new string whenever the volume header needs to be created or
re-written. When control reaches back to SalvageFileSys1, this can
cause DeleteExtraVolumeHeaderFile to delete the header, since
vsp->fileName is used as a sort of indicator to see whether or not a
volume has been referenced by the inode summary.
When we create a new header, we avoid this because we allocate a new
VolumeSummary struct, which is not caught by the last
DeleteExtraVolumeHeaderFile for loop in SalvageFileSys1. However, we
do delete the header when we simply re-write a header, since we use
the existing VolumeSummary struct. Set fileName in neither, for
consistency.
Andrew Deason [Fri, 2 Dec 2011 22:06:42 +0000 (16:06 -0600)]
fuse: Add -oallow_other by default where possible
By default, fuse mountpoints are only accessible by the same uid as
that which mounted the fuse filesystem. When we're running as root,
specify -oallow_other so by default anyone can access the afs
mountpoint.
Andrew Deason [Thu, 22 Apr 2010 22:09:18 +0000 (17:09 -0500)]
Remove the global tempHeader/stuff structures
Currently, volinodes.h defines an array ('stuff') for easily accessing
information about different inode types. Part of the array points to
parts of a global 'tempHeader' structure, making this not threadsafe.
Change this into an interface which utilizes local storage to make
this threadsafe and remove those horridly-named global variables.
This adds the init_inode_info static inline function, for initializing
a local inode information table.
Mark Vitale [Fri, 21 Dec 2012 23:26:18 +0000 (18:26 -0500)]
vol: correct old conditional for IH_CONDSYNC
Two places in the vol package performed IH_CONDSYNC(vp->linkHandle)
only if AFS_NT40_ENV. This was correct when the namei implementation
was windows only; however, this ifdef was apparently overlooked
when namei was implemented for UNIX.
Reviewed-on: http://gerrit.openafs.org/8815 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 19f424ecc26b02b210a3ba54b93846dddba14ede)
Change-Id: I944004d77ab17938465aa39f37d931df0adcd725
Reviewed-on: http://gerrit.openafs.org/9510 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Wed, 28 Nov 2012 23:22:21 +0000 (17:22 -0600)]
vol: Let non-usable volumes attach for non-DAFS
Before DAFS, volumes that were not inService/blessed were not
accessible by normal clients, but were still allowed to attach. That
is, access to clients was prevented at VGetVolume-time, rather than at
attach-time. Commit 939382c5 tried to short-circuit this by detecting
this volume state at attach-time. However, volume utilities (e.g.
volserver) can give us back a volume over FSSYNC when they are done
with the volume, and for non-DAFS, we then try to attach the volume.
So, with 939382c5 that attachment will fail when volserver gives us
back a volume that is not inService/blessed (which can happen for some
normal volume operations).
This situation is not terrible, since either way the volume is not
usable by clients (since the volume didn't attach), and the volume is
still usable by volserver (since volserver is allowed to check out
nonexistent volumes). But it is a deviation from pre-DAFS behavior and
it can result in confusing error messages, so revert the 939382c5
behavior for non-DAFS.
For DAFS, this behavior is fine, since the fileserver does not attach
a volume unless it is trying to service a client request. So, leave it
for DAFS.
Andrew Deason [Thu, 31 May 2012 22:45:56 +0000 (17:45 -0500)]
vol: Avoid getting stuck in ATTACHING in attach2
Since commit 5fc2365f, a VNOVOL error early in attach2 meant that we
skipped changing the volume state to anything, and just returned
instead. When we do this, the volume is in VOL_STATE_ATTACHING for
DAFS, and so if we return, the volume will forever be in
VOL_STATE_ATTACHING. The next thing that tries to access the volume
will wait forever for the volume to come out of that state.
So, revert half of 5fc2365f, and transition to ERROR state instead.
This code path should not be hit during normal usage, since a
nonexistant volume access for the fileserver will be detected earlier.
If the volume does not appear to exist at this stage of attachment,
something is wrong with the volume, so this warrants the ERROR state.
For the volserver and other volume utilities, we may hit this when a
request just plain references a nonexistant volume for whatever
reason, but in that case the vp should go away soon. For non-DAFS,
this commit does not change much, since the difference between
error_notbroken and unlocked_error is very small.
The other half of 5fc2365f is not changed, since it is correct. For
VOFFLINE errors at this point, the volume has already been
transitioned to VOL_STATE_UNATTACHED, so it is okay to return. Add a
comment to help make this more explicit.
Anders Kaseorg [Tue, 23 Jul 2013 18:30:20 +0000 (14:30 -0400)]
Do not expose afs_assert.h from other public headers
afs_assert.h redefines the standard assert macro, which is evil and
breaks some applications that might want to include our public headers
(e.g. some versions of Cython). This was fixed on master by commit cac74242728ad97e3ce9cef0a949d58c237250f6, which removes afs_assert.h
entirely and adds opr_Assert. Since that patch may be too invasive
for 1.6.x, here’s a minimal patch that just stops exposing
afs_assert.h from our other public headers.
Change-Id: I39a7b9ae8d43cfe0059e10e47ce4b1c22e01c544 Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/10096 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
projects / packages / o / openafs.git / log