Michael Meffie [Wed, 29 Apr 2015 15:54:45 +0000 (11:54 -0400)]
libafs: remove linux conditionals for md5 inode number calculation
Remove the conditionals which hide the md5 digest calculation for inode
numbers on non-linux platforms. This feature was originally added to
support sites running on linux, but is generally useful and the
implementation is not specific to linux.
Change-Id: I7f406f9492780c1893dc1a2892db253b05036120
Reviewed-on: http://gerrit.openafs.org/11854 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Stephan Wiesand [Fri, 14 Aug 2015 06:46:36 +0000 (08:46 +0200)]
Make OpenAFS 1.6.14.1
Update configure version strings for 1.6.14.1. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.14.1.
Switch to 1.6.15 dev 1 for macos.
Change-Id: I733de0ef5d359bffdb7ffe6a7c12cf60f18618c0
Reviewed-on: http://gerrit.openafs.org/11982 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Tue, 15 Sep 2015 17:33:12 +0000 (13:33 -0400)]
LINUX: Fix oops during negative dentry caching
Commit 2e9dcc069904aaa434787eec53c6f9821911cbab reinstated negative
dentry caching, but introduced an oops when fakestat is in use. Be sure
the GLOCK is held when looking up the parent vcache dv when the parent
is a mount point and fakestat is in use, since the calls to do the
lookup require the GLOCK to be held.
Marc Dionne [Wed, 29 Jul 2015 12:03:14 +0000 (09:03 -0300)]
Linux: Only use automount for volume roots
As long as we avoid using directory aliases when crossing
a mount point (at the volume root), we should always get
to a given non root directory with the same dentry.
The mechanism added by commit de381aa0 ("Linux: Make dir
dentry aliases act like symlinks") is therefore only really
necessary for a volume root.
With kernel 4.2 it is not possible to tweak the "total link
count", resulting in ELOOP errors when looking up a path
with 40 or more directories that are being looked up for
the first time. With this change, only mountpoints will
count against the limit.
Reviewed-on: http://gerrit.openafs.org/11945 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Daria Brashear <shadow@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 05f64de7d723a8d5430d9b5928c2025838a6fa52)
Change-Id: I16e855c8322174604288b7d440b342951dd3a015
Reviewed-on: http://gerrit.openafs.org/11989 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Thu, 15 Jan 2015 16:54:30 +0000 (11:54 -0500)]
afs: Increase vcache and dcache hash table sizes
Now that we are using a real hash function, larger hash tables
will be more useful.
The vcache hash tables are statically sized, and this increase will
add about a megabyte to the kernel module's memory footprint.
Update the algorithm used to dynamically size the dcache hash tables,
keeping the old behavior for small numbers of dcaches, but growing
the hash table's size to keep the average chain length near two
for a range of dcache numbers. Cap the dcache hash tables at 32k
entries to avoid excessive resource usage.
This involves code from opr, namely opr/ffs.h, which is acceptable
in the kernel module because that header is a standalone header
like jhash.h, with no dependencies on the system.
Change-Id: I7cdb3e993b1c2ad177a46ecc06bfa2be52e619e5
Reviewed-on: http://gerrit.openafs.org/11679 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Add a new macro to check the signature of a particular
operation against a provided typed argument list.
One of the arguments is an arbitrary label that is used
to construct the pre-processor define name. This will
allow for testing of different forms for the same
operation.
This can be used to replace many of the remaining odd
checks in src/cf/linux_test4.m4.
Marc Dionne [Mon, 6 Jul 2015 14:00:13 +0000 (11:00 -0300)]
Linux 4.2: total_link_count is no longer accessible
The value is now stored in the nameidata structure which
is private to fs/namei.c, so we can't modify it here.
The effect is that using a path that contains 40+ directories
may fail with ELOOP, depending on which directories in the
path were previously used. After a directory is accessed once
its D_AUTOMOUNT flag is reset and it will no longer count
against the symlink limit in later path lookups.
Simon Wilkinson [Sun, 17 Apr 2011 22:43:51 +0000 (23:43 +0100)]
Linux CM: Use kernel allocator directly
In another few locations within the Linux portion of the cache
manager, directly use the kernel allocator. We can do so here
because we can guarantee that the amount of memory being allocated
is less than the page size, and there is a kfree() in all of the
exit paths, so we don't need the magic freeing behaviour, either.
Reviewed-on: http://gerrit.openafs.org/4752 Reviewed-by: Derrick Brashear <shadow@dementia.org> Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 7a70c2907b0435653098a611a140fea1ac0b2fac)
Change-Id: I72fd6a2109022af5e14d90ce147705da7ccec587
Reviewed-on: http://gerrit.openafs.org/11933 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Mon, 25 Aug 2014 04:01:16 +0000 (23:01 -0500)]
LINUX: Restore negative dentry caching
One of the changes in commit 652f3bd9cb7a5d7833a760ba50ef7c2c67214bba
effectively disabled negative caching for dentries, by always
invalidating a negative dentry in afs_linux_dentry_revalidate. This
was because various temporary errors could result in ENOENT errors
being returned to afs_lookup, which created incorrect negative dentry
cache entries.
These incorrect ENOENT errors were rectified in change
Ib01e4309e44b532f843d53c8de2eae613e397bf6 . So, negative dentry cache
entries should work now, so remove the code to unconditionally
invalidate these negative entries.
Benjamin Kaduk [Tue, 27 Jan 2015 21:33:25 +0000 (16:33 -0500)]
Make compile_et output usable out-of-tree
Prior to this commit, the output C files from compile_et would
emit #includes of <afsconfig.h> and <afs/param.h>. These files
are not installed, and are only available in an OpenAFS build tree.
The output C files also emit #includes of <afs/error_table.h>, which
is an installed file, and is therefore expected to be available on
a system with OpenAFS installed. Removing the first two headers will
allow OpenAFS's compile_et binary to be used to compile error tables
which are not part of OpenAFS, on systems where OpenAFS is installed.
The inclusion of afsconfig.h was added in commit 972a4072827fb2ec680354d5adebc2c5cca06939 to ensure that it was included
prior to afs/param.h; however, the inclusion of afs/param.h in
compile_et.c stems from the original IBM import and seems of minimal
value. The only changes needed to build without param.h are to use
int instead of afs_int32 in a couple places (int is 32 bits on
all platforms currently supported) and to include <sys/types.h>
for size_t.
Benjamin Kaduk [Wed, 14 Jan 2015 01:22:59 +0000 (20:22 -0500)]
afs: use jenkins hash for dcache, vcache tables
Switch the four dcache and vcache hash tables to use the jenkins
hash from opr.
This requires making DCHash into a full-weight function in order
to properly hash all three inputs; convert all four symbols to
full functions for consistency. Just pull in <opr/jhash.h> via
afs.h so all consumers (e.g., of VCSIZE) can use it without
modification.
This is the first use of src/opr/ in src/afs/ (outside UKERNEL),
but it is permissible because opr/jhash.h is a standalone
header and there are no C files needed for its implementation which
would require anything from the system.
Benjamin Kaduk [Sun, 14 Dec 2014 21:13:39 +0000 (16:13 -0500)]
rx: Tidy up rxi_CheckCall()'s mtuout handling
We don't actually do anything that matters if lastPacketSizeSeq
is set and lastPacketSize is zero, so zero both when we're cleaning
up.
lastPacketSize and lastPacketSizeSeq are set together in
rxi_SendPacket (and rxi_SendPacketList), when we are sending a packet
larger than the current estimate of the peer's maxPacketSize.
The two fields are checked together during ack processing, but
rxi_CheckCall() only checks lastPacketSize, ignoring lastPacketSizeSeq.
Michael Meffie [Wed, 21 Jan 2015 19:31:51 +0000 (14:31 -0500)]
bozo: use the full path when renaming BosLog to BosLog.old
Use the full path when renaming the BosLog file to BosLog.old and when
checking whether the BosLog file can be opened, otherwise the rename
will fail (and go unnoticed), and the initial BosLog check opens a
handle to a file in the wrong directory.
Create the server directories, including the logs directory, before
forking and log file initialization.
Change-Id: I3733d64335f348190572f6278086b634641f2754
Reviewed-on: http://gerrit.openafs.org/11685 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Mon, 9 Feb 2015 20:04:19 +0000 (15:04 -0500)]
bozo: fix -pidfiles default
Fix the default value for the -pidfiles argument. The pidfiles
should be stored in the local state directory, not the server
configuration directory when using modern paths.
Anders Kaseorg [Fri, 31 Jul 2015 05:49:03 +0000 (01:49 -0400)]
kauth: Resolve date signedness warning in SetFields
Resolves this warning:
admin_tools.c: In function ‘SetFields’:
admin_tools.c:611:30: warning: pointer targets in passing argument 2 of ‘ktime_DateToInt32’ differ in signedness [-Wpointer-sign]
code = ktime_DateToInt32(s, &expiration);
^
In file included from /home/anders/wd/openafs/include/afs/afsutil.h:84:0,
from admin_tools.c:39:
/home/anders/wd/openafs/include/afs/afsutil_prototypes.h:101:18: note: expected ‘afs_int32 *’ but argument is of type ‘afs_uint32 *’
extern afs_int32 ktime_DateToInt32(char *adate, afs_int32 * aint32);
^
Change-Id: Id24e7a6cd1ab2291c0c05d3835f4ad7fddfec8d7
Reviewed-on: http://gerrit.openafs.org/11956 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Fri, 27 Feb 2015 22:47:45 +0000 (17:47 -0500)]
Update asetkey.8 for KeyFileExt
Prefer KeyFileExt to KeyFile ~everywhere. Make the main documentation
assume a modern cell with KeyFileExt and rxkad-k5, moving the old
rxkad and KeyFile documentation to a new section,
HISTORICAL COMPATIBILITY.
Note that kaserver is deprecated.
Do not mention the Update Server, which is also disrecommended for
new installations.
Marc Dionne [Wed, 29 Jul 2015 12:03:14 +0000 (09:03 -0300)]
Linux: Only use automount for volume roots
As long as we avoid using directory aliases when crossing
a mount point (at the volume root), we should always get
to a given non root directory with the same dentry.
The mechanism added by commit de381aa0 ("Linux: Make dir
dentry aliases act like symlinks") is therefore only really
necessary for a volume root.
With kernel 4.2 it is not possible to tweak the "total link
count", resulting in ELOOP errors when looking up a path
with 40 or more directories that are being looked up for
the first time. With this change, only mountpoints will
count against the limit.
Anders Kaseorg [Sat, 1 Aug 2015 03:26:43 +0000 (23:26 -0400)]
tests/auth/keys-t.c: Don’t ignore return value of write
Resolves this warning:
keys-t.c: In function ‘copy’:
keys-t.c:63:6: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result]
write(out, block, len);
^
Simon Wilkinson [Sat, 2 Mar 2013 09:19:13 +0000 (09:19 +0000)]
Unix CM: Make rootVolume array big enough
In afs_CheckRootVolume, the local rootVolumeName array needs to
be large enough to hold the contents of the global
afs_rootVolumeName string, which is 64 characters long. Fix our
local array to be the same length by using a new defined constant
MAXROOTVOLNAMELEN.
with the command "vos dump -clone" use the volumename of the cloned volume
instead of the fixed string "dump-clone-temp". This volumename is recorded
in the DumpHeader and VolumeHeader of the dump file.
Marc Dionne [Mon, 16 Dec 2013 21:52:17 +0000 (16:52 -0500)]
afsmonitor: Skip additional bits for large timeval
When the timeval structure uses 64-bit values for sec and usec,
64 extra bits need to be skipped in the input for every time value
that is parsed. There's a remaining assumption in this part of the
code that the time values received from the server are 32-bits, but
after decoding they will always have the local size which may well
be 64-bits.
Benjamin Kaduk [Mon, 12 Jan 2015 21:13:28 +0000 (16:13 -0500)]
Switch to jhash for VNODE_HASH
Remove the vnodeHashOffset field, as the Jenkins hash will get
a uniform-enough distribution without this extra help. Per-volume
unique hashing is retained by using the volume ID as the initial
value input to the Jenkins hash.
While here, increase the vnode hash table size from 256 to 2048.
Benjamin Kaduk [Mon, 12 Jan 2015 20:14:48 +0000 (15:14 -0500)]
Normalize on vp->hashid for hash table usage
At present the hashid is set to the same value as the volume ID
(i.e., V_id(vp) a.k.a. vp->header->diskstuff.id), but we should
not leak across the abstraction barrier without cause.
For non-objdir builds this doesn't happen, since $srcdir is just '.',
and afs_trace.et gets expanded to just afs_trace.et (or possibly
./afs_trace.et). This is also not a problem for objdir builds that are
specified as a relative path and are 'adjacent' to the srcdir. For
example, if we ran '../openafs-1.6.10pre1/configure --options', our
$top_srcdir is just '../openafs-1.6.10pre1', with some magic to
expand '..' to the correct number of levels. So in the above example,
the compile_et invocation gets expanded to:
/path/to/objdir/src/comerr/compile_et -emit h -v 2 \
-p ../../../openafs-1.6.10pre1/src/afs \
../../../openafs-1.6.10pre1/src/afs/afs_trace.et
And compile_et then tries to open the path
../../../openafs-1.6.10pre1/src/afs/../../../openafs-1.6.10pre1/src/afs/afs_trace.et
which collapses to just
../../../openafs-1.6.10pre1/src/afs/afs_trace.et, which is the correct
file.
However, if the $srcdir is specified as an absolute path, or if the
number of '..'s is wrong, this doesn't work. It is perhaps easiest to
explain why by just using another example. For an absolute path, the
invoked command is:
/path/to/objdir/src/comerr/compile_et -emit h -v 2 \
-p /path/to/openafs-1.6.10pre1/src/afs \
/path/to/openafs-1.6.10pre1/src/afs/afs_trace.et
And compile_et tries to open
/path/to/openafs-1.6.10pre1/src/afs/path/to/openafs-1.6.10pre1/src/afs/afs_trace.et,
which obviously does not exist. This results in a build failure like:
/path/to/openafs-1.6.10pre1/src/afs/path/to/openafs-1.6.10pre1/src/afs/afs_trace.et: No such file or directory
*** Error code 1
make: Fatal error: Command failed for target `afs_trace.msf'
For a non-working relative objdir, we may invoke a command like this:
/path/to/objdir/src/comerr/compile_et -emit h -v 2 \
-p ../../../../openafs-1.6.10pre1/src/afs \
../../../../openafs-1.6.10pre1/src/afs/afs_trace.et
And compile_et tries to open
../../../../openafs-1.6.10pre1/src/afs/../../../../openafs-1.6.10pre1/src/afs/afs_trace.et,
which is ../../../../../openafs-1.6.10pre1/src/afs/afs_trace.et, which
(probably) doesn't exist, since it goes one too many levels up.
To avoid this, we can just prevent the filename argument to compile_et
from undergoing VPATH expansion. compile_et never opens the given path
directly if -p is given, so it's not really a file path and so should
not be altered by VPATH.
compile_et will add a trailing .et to the filename if it doesn't have
one, so we can avoid the VPATH expansion by just leaving out the
trailing .et. We could also avoid the VPATH expansion by specifying
something like './afs_trace.et', but it is perhaps more clear to not
say the explicit filename, since we're not really specifying a path to
a file.
Just leaving out the -p option, as in this style of compile_et
invocation:
also fails for objdir builds. This is because, without the -p option,
compile_et defaults to '.' as the prefix. If the srcdir is
/path/to/openafs-1.6.10pre1, then this will expand to:
/path/to/objdir/src/comerr/compile_et -emit h \
.//path/to/openafs-1.6.10pre1/src/tools/dumpscan/dumpscan_errs.et
which will fail, since that path to dumpscan_errs.et does not exist.
So to fix this, make all compile_et invocations follow this style:
${COMPILE_ET_H} -p ${srcdir} foo
Many other invocations of compile_et in the tree are already like
this, so this commit just changes the others to match.
Andrew Deason [Mon, 13 Jan 2014 05:24:55 +0000 (23:24 -0600)]
LINUX: Fix "unused but set var" autoconf warnings
A few of the linux autoconf tests generate -Wunused-but-set-variable
warnings, unless the test is run with -Wno-unused-but-set-variable.
Since we run these tests with -Werror, this can cause the tests to
incorrectly fail if they are not run with
-Wno-unused-but-set-variable.
The Linux kernel build process normally does run with that option, but
due to some other (possibly buggy) behavior, sometimes these configure
tests do not run with that option. So, make our tests work without
generating that warning, so we will work in more cases.
Reorganize a few of these tests so we are setting a field in a global
structure, instead of a function-local one. Make the test function
names and style little more consistent while we are here, but do not
make the global structure 'static', in case the compiler recognizes we
are setting fields for a structure that cannot be used by anything.
In particular, the "revalidate takes nameidata" test had been wrongly
succeeding, but that didn't usually matter because of how the feature
tests are ordered in the code. It does matter in the case when the
"revalidate takes unsigned" check also gets a wrong result, which
can cause kernel BUGs, which should be fixed by these changes.
Andrew Deason [Mon, 10 Feb 2014 20:13:39 +0000 (14:13 -0600)]
vol: Log more info on wrong SYNC response length
We log that the length of the response was wrong, so we're dropping
the connection. Log what the actual and expected lengths were, at
least, so we can maybe get a little bit of useful information from
this message.
Andrew Deason [Sat, 14 Feb 2015 00:08:25 +0000 (18:08 -0600)]
afs: Stop abusing ENOENT
When looking up a file, the ENOENT error code is supposed to be used
if we know that the target filename does not exist. That is, the
situation is a user or application error; they specified a filename
that was not previously created.
Currently, though, we use ENOENT for a variety of different
situations, such as:
- After successfully looking up a directory entry, we fail to
afs_GetDCache or afs_GetVCache on the FID for that entry.
- We encounter an invalid mount point, in certain code paths.
In each of these situations, an ENOENT error code is incorrect, since
the target filename does indeed exist and these situations may be
caused by network or administrative errors. An ENOENT error implies
that the user may be able to then create the target filename, which is
not true most of the time in the above situations.
In addition, on LINUX we return a negative dcache entry when we
encounter an ENOENT error on lookup. This means that if any of the
above scenarios occur, Linux would cache the fact that that directory
entry did not exist, and return ENOENT for future lookups. This was
worked around in one of the changes in commit 652f3bd9cb7a5d7833a760ba50ef7c2c67214bba to always invalidate such
negative dentries, but at the cost of performance (since this caused
negative lookups to never be cached).
To avoid all of these issues, just don't use ENOENT in these
situations. For simple non-disconnected afs_GetDCache or afs_GetVCache
errors, return EIO, since we have encountered an error that is
internal to AFS (either the underlying data is inconsistent, or we
have a network error, or something else). In disconnected operation,
return ENETDOWN like in other disconnected code paths, since often the
root cause is due to us not having network access. When a bad
mountpoint is encountered, return ENODEV, since that is what we use
elsewhere in the code when encountering a bad mountpoint.
It is also noteworthy that this changes removes the translation of
VNOVNODE into ENOENT, since a nonexistent vnode is not the same as a
nonexistent filename, as described above. Some code paths have special
behavior for this situation (ignoring the error in some cases where it
does not matter). These code paths should be okay with this change,
since all of them examine error codes that have not been translated
through afs_CheckCode.
Some useless references to ENOENT were also removed in
src/afs/LINUX*/osi_misc.c. These did not result in incorrect behavior,
but removing them makes searching for bad ENOENT references easier.
Andrew Deason [Sat, 14 Feb 2015 00:02:44 +0000 (18:02 -0600)]
afs: Clarify vcache->mvid accesses
Currently, numerous places in the code treat the 'mvid' field in
struct vcache as a few different things:
- If the vcache is a mountpoint, mvid points to the fid of the root
dir of the target volume.
- If the vcache is a volume root dir, mvid points to the fid of the
parent dir for the mountpoint.
- If the vcache is a sillyrenamed file, mvid points to a string,
which is the name the vcache was renamed to.
Despite these three things being very different (and one of them is a
completely different type than the others), everywhere in the code
just accesses mvid as 'avc->mvid'. This can make it very confusing as
to what the field actually means at any particular part of the code,
and makes it very difficult to search the code for places that use
mvid in any one of these specific ways.
So, to aid in code clarity, make mvid into a union, with the following
members:
- target_root: For the "mountpoint" case.
- parent: For the "root dir" case.
- silly_name: For the "sillyrename" case.
This should have no effect on code behavior, but just makes the code a
bit clearer.
Andrew Deason [Fri, 13 Feb 2015 23:31:37 +0000 (17:31 -0600)]
afs: Use named constants for mvstat
Currently the vcache 'mvstat' field is assigned three magic values: 0
for normal files and directories, 1 for mountpoint objects, and 2 for
volume root dirs. These values are clearly defined in comments, but
everywhere we actually assign or compare these values, we use the bare
numbers.
Stop this nonsense and use named constants, to make the code less
inscrutable.
Change-Id: Ic1b133109d619b70317141431f163e552bafd109
Reviewed-on: http://gerrit.openafs.org/11747 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Andrew Deason [Mon, 11 Aug 2014 18:51:39 +0000 (13:51 -0500)]
vol: Avoid FDH_SEEK/FDH_READ
All code in the tree except for this uses positional i/o
(FDH_PREAD/FDH_PWRITE). For consistency and to ensure that we do not
mix positional and non-positional i/o, just use the positional i/o
functions here. It's simpler, too.
Michael Meffie [Mon, 31 Mar 2014 18:25:54 +0000 (14:25 -0400)]
readme: remove README.PTHREADED_UBIK
We enabled pthreaded ubik by default in commit 27cb0d38885428474b0d4287,
and it is no longer considered beta or experimental. There is no longer
a need for separate documentation of it, and adjust the options
listing in INSTALL accordingly.
[kaduk@mit.edu: adjust for the changed default behavior.]
Jeffrey Altman [Sat, 1 Aug 2015 13:32:35 +0000 (09:32 -0400)]
vlserver: ListAttributesN2 volume name safety
The vlserver ListAttributesN2 RPC permits filtering the result set
by volume name in addition by site or volume id.
Two issues identified by Andrew Deason (Sine Nomine Associates) are
addressed by this patch. First, the size of the volumename[] buffer
is insufficient to store the valid input read over the network. The
buffer needs to be able to store VL_MAXNAMELEN characters of the volume
name, two characters for the regular expression '^' and '$', and the
trailing NUL.
Second, sprintf() is used to write to the buffer and even with valid
input from the caller SVL_ListAttributesN2 can overflow the buffer
when ".backup" and ".readonly" are appended to the volume name. If
there is an overflow the search name is invalid and there can not be
a valid match.
This patch increases the size of volumename[] to VL_MAXNAMELEN+3.
It also uses snprintf() instead of sprintf() and performs error
checking. The error VL_BADNAME is returned when the network input is
invalid.
D Brashear [Fri, 18 Jul 2014 20:00:12 +0000 (16:00 -0400)]
vlserver: limit use of regex to admins always
allow regexes only if the querying user is a superuser.
if the superuser uses up all the resources, well, they could just do
whatever damage directly anyway. means even in unrestricted mode
we are not vulnerable
Reviewed-on: http://gerrit.openafs.org/11968 Reviewed-by: Daria Brashear <shadow@your-file-system.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 049323e7e03c64f534a73ff452d218f19d5b8132)
Change-Id: I1e3f11bd14b071be69eb6e00c26ea2209596c82a
Reviewed-on: http://gerrit.openafs.org/11975 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Jeffrey Altman [Sat, 1 Aug 2015 13:32:35 +0000 (09:32 -0400)]
vlserver: ListAttributesN2 volume name safety
The vlserver ListAttributesN2 RPC permits filtering the result set
by volume name in addition by site or volume id.
Two issues identified by Andrew Deason (Sine Nomine Associates) are
addressed by this patch. First, the size of the volumename[] buffer
is insufficient to store the valid input read over the network. The
buffer needs to be able to store VL_MAXNAMELEN characters of the volume
name, two characters for the regular expression '^' and '$', and the
trailing NUL.
Second, sprintf() is used to write to the buffer and even with valid
input from the caller SVL_ListAttributesN2 can overflow the buffer
when ".backup" and ".readonly" are appended to the volume name. If
there is an overflow the search name is invalid and there can not be
a valid match.
This patch increases the size of volumename[] to VL_MAXNAMELEN+3.
It also uses snprintf() instead of sprintf() and performs error
checking. The error VL_BADNAME is returned when the network input is
invalid.
D Brashear [Fri, 18 Jul 2014 20:00:12 +0000 (16:00 -0400)]
vlserver: limit use of regex to admins always
allow regexes only if the querying user is a superuser.
if the superuser uses up all the resources, well, they could just do
whatever damage directly anyway. means even in unrestricted mode
we are not vulnerable
Change-Id: Ib35d649f31e752ba5ae8373a06b67ea76f97425c
Reviewed-on: http://gerrit.openafs.org/11968 Reviewed-by: Daria Brashear <shadow@your-file-system.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Anders Kaseorg [Sat, 1 Aug 2015 03:28:49 +0000 (23:28 -0400)]
tests/volser/vos-t.c: Don’t ignore return value of pipe
Resolves this warning:
vos-t.c: In function ‘TestListAddrs’:
vos-t.c:60:5: warning: ignoring return value of ‘pipe’, declared with attribute warn_unused_result [-Wunused-result]
pipe(outpipe);
^
jhash-t.c: In function ‘main’:
jhash-t.c:60:4: warning: this decimal constant is unsigned only in ISO C90
is_int(3704403432, opr_jhash(test, 2, 0),
^
jhash-t.c:62:4: warning: this decimal constant is unsigned only in ISO C90
is_int(3704403432, opr_jhash_int2(test[0], test[1], 0),
^
Anders Kaseorg [Sat, 1 Aug 2015 07:58:19 +0000 (03:58 -0400)]
Add XBSA_XLIBS to XLIBS after it’s computed
Commit 353aa7ef2c172f574998480d6d051b3f4e95ae7b (after 1.6 was
branched) reordered things such that XBSA_XLIBS was being added to
XLIBS before it was computed, which caused link failures with
--enable-tivoli-tsm.
Anders Kaseorg [Sat, 1 Aug 2015 09:54:42 +0000 (05:54 -0400)]
tests/opr/time-t.c: Use labs instead of abs for long argument
Resolves this warning with clang:
time-t.c:46:8: warning: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause
truncation of value [-Wabsolute-value]
ok(abs(osTime - osNow) < 2, "opr_time_Now returns a reasonable value");
^
time-t.c:46:8: note: use function 'labs' instead
ok(abs(osTime - osNow) < 2, "opr_time_Now returns a reasonable value");
^~~
labs
Anders Kaseorg [Sat, 1 Aug 2015 09:52:59 +0000 (05:52 -0400)]
src/kauth/krb_udp.c: Remove redundant NULL check for array address
Resolves this warning with clang:
krb_udp.c:302:13: warning: address of array 'tentry.misc_auth_bytes' will always evaluate to 'true' [-Wpointer-bool-conversion]
if (tentry.misc_auth_bytes) {
~~ ~~~~~~~^~~~~~~~~~~~~~~
Anders Kaseorg [Fri, 31 Jul 2015 05:35:05 +0000 (01:35 -0400)]
rfc3961: prototype _krb5_internal_hmac
Resolves this warning:
src/external/heimdal/krb5/crypto-arcfour.c: In function ‘_oafs_h__krb5_HMAC_MD5_checksum’:
src/external/heimdal/krb5/crypto-arcfour.c:82:5: warning: implicit declaration of function ‘_oafs_h__krb5_internal_hmac’ [-Wimplicit-function-declaration]
ret = _krb5_internal_hmac(context, c, signature, sizeof(signature),
^
Anders Kaseorg [Sat, 1 Aug 2015 00:47:35 +0000 (20:47 -0400)]
libadmin: #define UBIK_LEGACY_CALLITER 1 in afs_kasAdmin.c
Replaces this warning:
afs_kasAdmin.c: In function ‘GetPrincipalLockStatus’:
afs_kasAdmin.c:710:6: warning: implicit declaration of function ‘ubik_CallIter’ [-Wimplicit-function-declaration]
ubik_CallIter(KAM_LockStatus, kaserver->servers, UPUBIKONLY,
^
with these marginally less alarming warnings:
In file included from ../adminutil/afs_AdminInternal.h:17:0,
from afs_kasAdmin.c:21:
/home/anders/wd/openafs/include/ubik.h:627:1: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
extern afs_int32 ubik_CallIter(int (*aproc) (), struct ubik_client *aclient,
^
/home/anders/wd/openafs/include/ubik.h:632:1: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
extern afs_int32 ubik_Call_New(int (*aproc) (), struct ubik_client
^
Change-Id: I49dbc5f6bb9199764c73c6ee8449d62518f377e6 Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/11954 Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Mark Vitale [Wed, 8 Jul 2015 18:28:50 +0000 (14:28 -0400)]
Solaris: setpag should verify that ngroups will not overflow
Our ngroups management (since PAGs are still encoded as 2 groups) needs
to ensure that we do not overflow what we are prepared to handle,
and do not panic due to misheld mutexes if we have to return an error
when handling it.
Mark Vitale [Wed, 8 Jul 2015 18:28:50 +0000 (14:28 -0400)]
Solaris: setpag should verify that ngroups will not overflow
Our ngroups management (since PAGs are still encoded as 2 groups) needs
to ensure that we do not overflow what we are prepared to handle,
and do not panic due to misheld mutexes if we have to return an error
when handling it.
Add a new macro to check the signature of a particular
operation against a provided typed argument list.
One of the arguments is an arbitrary label that is used
to construct the pre-processor define name. This will
allow for testing of different forms for the same
operation.
This can be used to replace many of the remaining odd
checks in src/cf/linux_test4.m4.
Marc Dionne [Mon, 6 Jul 2015 14:00:13 +0000 (11:00 -0300)]
Linux 4.2: total_link_count is no longer accessible
The value is now stored in the nameidata structure which
is private to fs/namei.c, so we can't modify it here.
The effect is that using a path that contains 40+ directories
may fail with ELOOP, depending on which directories in the
path were previously used. After a directory is accessed once
its D_AUTOMOUNT flag is reset and it will no longer count
against the symlink limit in later path lookups.
Michael Meffie [Fri, 26 Jun 2015 13:09:18 +0000 (09:09 -0400)]
doc: bosserver runs in the background
Since OpenAFS 1.0 bosserver automatically puts itself into the
background and removes it's controlling terminal. Update the examples in
the Admin and Quick Start Guides to remove the unneeded '&' on the
command line to start the bosserver.
projects / packages / o / openafs.git / log