Michael Meffie [Mon, 22 Aug 2016 23:53:34 +0000 (19:53 -0400)]
tests: avoid passing NULL strings to vprintf
Some libc implementations will crash when NULL string arguments are given to
*printf. Avoid passing NULL string arguments in the make check tests that did
so, and pass the string "(null)" instead.
Reviewed-on: https://gerrit.openafs.org/12377 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 2fe3a28c6ec0ff9d19ddec5500b3a5e69b483210)
Change-Id: Id8f1635444b5b49e3250addf36b64fccafd59941
Reviewed-on: https://gerrit.openafs.org/12396 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Mon, 19 Sep 2016 01:29:34 +0000 (21:29 -0400)]
ubik: Return an error from ContactQuorum when inquorate
Currently, when we need to contact all other servers in the ubik
quorum (to create a write transaction, and send db changes, etc), we
call the ContactQuorum_* family of functions. To contact each server,
those functions follow an algorithm like the following pseudocode:
{
int rcode = 0;
int code;
int okcalls = 0;
for (ts = ubik_servers; ts; ts = ts->next) {
if (ts->up) {
code = contact_server(ts);
if (code) {
rcode = code;
} else {
okcalls++;
}
}
}
This means that if we successfully contact a majority of ubik sites,
we return success, even if some sites returned an error. If most sites
fail, then we return an error (we arbitrarily pick the last error we
got).
This means that in most situations, a successful write transaction is
guaranteed to have been transmitted to a majority of ubik sites, so
the written data cannot be lost (at least one of the sites that got
the new data will be in a future elected quorum).
However, if a site is already known to be down (ts->up is 0), then we
skip trying to contact that site, but we also don't set any errors.
This means that if a majority of sites are already known to be down
(ts->up is 0), then we can indicate success for a write transaction,
even though the relevant data has not been written to a majority of
sites. In that situation, it is possible to lose data.
Most of the time this is not possible, since a majority of sites must
be 'up' for the sync site to be elected and to allow write
transactions at all. There are a few ways, though, in which we can get
into a situation where most other sites are 'down', but we still let a
write transaction go through.
An example scenario:
Say we have sites A, B, and C. All 3 sites come up at the same time,
and A is the lowest IP so it starts an election (after around BIGTIME
seconds). Right after A is elected the sync site, sites B and C will
have 'lastYesState' set to 0, since site A hasn't yet sent out a
beacon as the sync site.
A client can then start a write to the ubik database on site A, which
site A will allow since it's the sync site (and presumably all the
relevant recovery flags are set). Site A will try to contact sites B
and C for a DISK_Begin call, but lastYesState is set to 0 on those
sites. This will cause DISK_Begin to return UNOQUORUM
(urecovery_AllBetter will return 0, because uvote_HaveSyncAndVersion
will return 0, because lastYesState is not set).
So site A will get a UNOQUORUM error from sites B and C, and so site A
will set 'ts->up' to 0 for sites B and C, and will return UNOQUORUM to
the client. The client may then try to retry the call (because
UNOQUORUM is not treated as a 'global' error in ubikclient.c's
ubik_Call_New), or another client write request could come in. Now
that 'ts->up' is unset for both sites B and C, we skip trying to
contact any remote sites, and the ContactQuorum functions will return
success. So the ubik write will go through successfully, but the new
data will only be on site A.
At this point, if site A crashes, then sites B and C will elect a
quorum, and will not have the modifications that were written to site
A (so the data written to site A is lost). If site A stays up, then it
will go through database recovery, sending the entire database file to
sites B and C.
In addition, it's very possible in this scenario for a client to write
to the database, and then try to read back data and confusingly get a
different result. For example, if someone issues the following two
commands while triggering the above scenario:
$ pts createuser testuser
$ pts examine testuser
If the second command contacts site B or C, then it will always fail,
saying that the user doesn't exist (even though the first command
succeeded). This is because sites B and C don't have the new data
written to site A, at least temporarily. While this confusing behavior
is not completely avoidable in ubik (this can always happen
'sometimes' due to network errors and such), with the scenario
described here, it happens 100% of the time.
The general scenario described above can also happen if sites B and C
are suddenly legitimately unreachable from site A, instead of throwing
the UNOQUORUM error. All of the steps are pretty much the same, but
there is a bit of a delay while we wait for the DISK_Begin call to
fail.
To fix this, do not let 0 be returned if a quorum has not been
reached. In some sense, UNOQUORUM could *always* be returned in
that case, but it is more in keeping with historical behavior to
return a "real" error if there is one available.
It is somewhat questionable whether we should even be propagating
errors received from calls like DISK_Begin/DISK_Commit to the ubik
client (e.g. if we get a -1 from trying to contact a remote site, we
return -1 to the client, so the client may think it couldn't reach the
site at all). But this commit does not change any of that logic, and
should only change behavior when a majority of sites have 'ts->up'
unset. A later commit might effect the change to always return
UNOQUORUM and ignore the actual error values from the DISK_ calls,
but that is not needed to fix the immediate issue.
An important note:
Before this commit, there was a window of about 15 seconds after a
sync site is elected where a write to the ubik db would appear to be
successful, but would only modify the ubik db on the sync site.
(Details described above.) With this commit, writes during that
15-second window will instead fail, because we cannot guarantee that
we won't lose that data. If someone relies on 'udebug' data from the
sync site to let them know when writes will go through successfully,
this commit could appear to cause new errors.
[kaduk@mit.edu: transfer long commit message describing the issue
from an alternative fix, and tidy up accordingly]
Reviewed-on: https://gerrit.openafs.org/12289 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit fac0b742960899123dca6016f6ffc6ccc944f217)
Change-Id: Ic9b4ceada6c743dde49aba82217bb3a9f440bb69
Reviewed-on: https://gerrit.openafs.org/12389 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@dson.org> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Mon, 22 Aug 2016 23:53:34 +0000 (19:53 -0400)]
tests: avoid passing NULL strings to vprintf
Some libc implementations will crash when NULL string arguments are given to
*printf. Avoid passing NULL string arguments in the make check tests that did
so, and pass the string "(null)" instead.
Michael Meffie [Sat, 6 Aug 2016 14:41:24 +0000 (10:41 -0400)]
afsd: fix afsd -help crash
afsd crashes after the usage is displayed with the -help option.
$ afsd -help
Usage: ./afsd [-blocks <1024 byte blocks in cache>] [-files <files in cache>]
...
Segmentation fault (core dumped)
The backtrace shows the crash occurs when calling afsconf_Open() with an
invalid pointer argument, even though afsconf_Open() is not even needed
when -help is given.
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:32
#1 0x00007ffff726fc36 in *__GI___strdup (s=0x0) at strdup.c:42
#2 0x0000000000408383 in afsconf_Open (adir=0x0) at cellconfig.c:444
#3 0x00000000004054d5 in afsd_run () at afsd.c:1926
#4 0x0000000000407dc5 in main (argc=2, argv=0x7fffffffe348) at afsd_kernel.c:577
afsconf_Open() is called with an uninitialized pointer because commit d72df5a18e0bb8bbcbf23df3e8591072f0cdb770 changed the libcmd
cmd_Dispatch() to return 0 after displaying the command usage when the
-help option is specified. (That fix was needed for scripts which use
the -help option to inspect command options with the -help option.)
The afsd_kernel main function then incorrectly calls the afsd_run()
function, even though mainproc() was not called, which sets up the afsd
option variables. The afsconf_Open() is the first function we call in
afsd_run().
Commit f77c078a291025d593f3170c57b6be5f257fc3e5 split afsd into afsd.c
and afsd_kernel.c to support libuafs (and fuse). This split the parsing
of the command line arguments and the running of the afsd command into
two functions. The mainproc(), which originally did both, was split
into two functions; one (still called mainproc) to check the option
values given and setup/auto-tune values, and another (called afsd_run)
to do the actual running of the afsd command. The afsd_parse() function
was introduced as a wrapper around cmd_Dispatch() which "dispatches"
mainproc.
With this fix, take the opportunity to rename mainproc() to the now more
accurately named CheckOptions() and change afsd_parse() to parse the
command line options with cmd_Parse(), instead of abusing
cmd_Dispatch().
Change the main fuction to avoid running afsd_run() when afsd_parse()
returns the CMD_HELP code which indicates the -help option was given.
afsd.fuse splits the command line arguments into afsd recognized options
and fuse options (everything else), so only afsd recognized arguments
are passed to afsd_parse(), via uafs_ParseArgs(). The -help argument is
processed as part of that splitting of arguments, so afsd.fuse never
passes -help as an argument to afsd_parse(). This means we to not need
to check for CMD_HELP as a return value from uafs_ParseArgs(). But
since this is all a bit confusing, at least check the return value in
uafs_ParseArgs().
Andrew Deason [Wed, 8 Jan 2014 00:24:54 +0000 (18:24 -0600)]
SOLARIS: Support VSW_STATS
Specify the VSW_STATS flag to the vfsdef_t structure we give to
Solaris. This turns on statistics that can be retrieved via fsstat(1M)
and allows the fsinfo::: DTrace provider to work with AFS files.
We don't need to actually maintain these statistics; Solaris does that
for us. This flag just signifies that our vfs_t structure is capable
of storing the information. Since we get our vfs_t from Solaris (via
domount(), it gives us a vfs_t when it calls our afs_mount function)
and do not allocate a vfs_t ourselves, we are safe and this is fine to
do.
Reviewed-on: http://gerrit.openafs.org/10679 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit b0f433986ce344bf153cce1f6372de20750e052b)
Change-Id: I2403703f9caeb190563360d8571ee0be46890f4d
Reviewed-on: https://gerrit.openafs.org/12371 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Thu, 20 Aug 2015 17:55:02 +0000 (13:55 -0400)]
Make setting of CFLAGS_NOSTRICT make sense
Previously, we would set -fno-strict-aliasing only when
--enable-checking was given to configure but not
--enable-checking=all. The intent seems to have been to
only warn about strict aliasing violations when --enable-checking=all
is in use, but that there was no need to disable the strict-aliasing
diagnostics when -Werror was not enabled.
Unfortunately, -fno-strict-aliasing affects not only the diagnostics
emitted by the compiler, but also the code generation! So we were
leaving the normal (no --enable-checking) case with the compiler
assuming C's strict aliasing rules. The OpenAFS codebase has
historically not been strict-aliasing safe (for example,
commit 15e8678661ec49f5eac3954defad84c06b3e0164 refers to a
runtime crash using a certain compiler version, which is diagnosed
as the compiler using the C strict aliasing rules to make
optimizations that exposed the invalid program code.
To avoid futher surprises due to new compiler optimizations
that utilize the C strict aliasing rules, always disable
strict aliasing except when --enable-checking=all is used.
Reviewed-on: https://gerrit.openafs.org/11988 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 687b4d8af07dbcf187dea685e75b420884727efd)
Change-Id: I03b64465a29243f2b4fdaa12e962f078c45ae344
Reviewed-on: https://gerrit.openafs.org/12308 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Andrew Deason [Sun, 1 May 2016 16:24:30 +0000 (11:24 -0500)]
ubik: Don't RECFOUNDDB if can't contact most sites
Currently, the ubik recovery code will always set UBIK_RECFOUNDDB
during recovery, after asking all other sites for their dbversions.
This happens regardless of how many sites we were actually able to
successfully contact, even if we couldn't contact any of them.
This can cause problems when we are unable to contact a majority of
sites with DISK_GetVersion. Since, if we haven't contacted a majority
of sites, we cannot say with confidence that we know what the best db
version available is (which is what UBIK_RECFOUNDDB represents; that
we've found which database is the one we should be using). This can
also result in UBIK_RECHAVEDB in a similar situation, indicating that
we have the best db version locally, even though we never actually
asked anyone else what their db version was.
For example, say site A is the sync site going through recovery, and
DISK_GetVersion fails for the only other sites B and C. Site A will
then set UBIK_RECFOUNDDB, and will claim that site A has the best db
version available (UBIK_RECHAVEDB). This allows site A to process ubik
write transactions (causing the db to be labelled with a new epoch),
or possibly to send the db to the other sites via DISK_SendFile, if
they quickly become available during recovery. Ubik write transactions
can succeed in this situation, because our ContactQuorum_* calls will
succeed if we never try to contact a remote site ('rcode' defaults to
0).
This situation should be rather rare, because normally a majority of
sites must be reachable by site A for site A to be voted the sync site
in the first place. However, it is possible for site A to lose
connectivity to all other sites immediately after sync site election.
It is also possible for site A to proceed far enough in the recovery
process to set UBIK_RECHAVEDB before it loses its sync site status.
As a result of all of this, if a site with an old database comes
online and there are network connectivity problems between the other
sites and a ubik write request comes in, it's possible for the "old"
database to overwrite the "new" database. This makes it look as if the
database has "rolled back" to an earlier version.
This should be possible with any ubik database, though how to actually
trigger this bug can change due to different ubik servers setting
different network timeouts. It is probably the most likely with the
VLDB, because the VLDB is typically the most frequently written
database.
If a VLDB reverts to an earlier version, it can result in existing
volumes to appear to not exist in the VLDB, and can result in new
volumes re-using volume IDs from existing volumes. This can result in
rather confusing errors.
To fix this, ensure that we have contacted a majority of sites with
DISK_GetVersion before indicating that we have located the best db
version. If we've contacted a majority of sites, then we are
guaranteed (under ubik assumptions) that we've found the best version,
since previous writes to the database should be guaranteed to hit a
majority of sites (otherwise they wouldn't be successful).
If we cannot reach a majority of sites, we just don't set
UBIK_RECFOUNDDB, and the recovery process restarts. Presumably on the
next iteration we'll be able to contact them, or we'll lose sync site
status if we can't reach the other sites for long enough.
Reviewed-on: https://gerrit.openafs.org/12281 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit d3dbdade7e8eaf6da37dd6f1f53d9f1384626071)
Change-Id: I4f4e7255efd3e16e3acfec8f90bf2019cab1fb63
Reviewed-on: https://gerrit.openafs.org/12339 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Tue, 2 Aug 2016 20:52:42 +0000 (16:52 -0400)]
revert: "LINUX: Fix oops during negative dentry caching"
Commit fd23587a5dbc9a15e2b2e83160b947f045c92af1 was done to fix an oops
when parent_vcache_dv() was called without the GLOCK held. Since the
lockless code paths have been removed, and parent_vcache_dv() is always
called with the GLOCK held, revert the extra locked flag argument and
the calls obtain and release the GLOCK within parent_vcache_dv().
This commit made it possible to execute afs_linux_dentry_revalidate
without taking the GLOCK under some circumstances. However, it
achieved this by examining structure members outside of the GLOCK that
were previously only examined under the GLOCK (such as vcp->f.states
and vcp->f.m.DataVersion).
While that does of course improve performance, it is not known to be
completely safe. Revert this commit so we may implement a fastpath
through afs_linux_dentry_revalidate using more trusted lockless
techniques (atomics, RCU, etc).
Andrew Deason [Thu, 26 Jun 2014 22:47:46 +0000 (15:47 -0700)]
afs: Create afs_SetDataVersion
Several different places in the codebase change avc->f.m.DataVersion
for a particular vcache, when we've noticed that the DV for the vcache
has changed. Consolidate all of these occurrences into a single
afs_SetDataVersion function, to make it easier to change what happens
when we notice a change in DV number.
This should incur no behavior change; it is just simple code
reorganization.
Change-Id: I5dbf2678d3c4b5a2fbef6ef045a0b5bfa8a49242
Reviewed-on: https://gerrit.openafs.org/11791 Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Thomas Keiser <tkeiser@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Andrew Deason [Mon, 23 May 2016 02:54:30 +0000 (21:54 -0500)]
ubik: Return an error from ContactQuorum when inquorate
Currently, when we need to contact all other servers in the ubik
quorum (to create a write transaction, and send db changes, etc), we
call the ContactQuorum_* family of functions. To contact each server,
those functions follow an algorithm like the following pseudocode:
{
int rcode = 0;
int code;
int okcalls = 0;
for (ts = ubik_servers; ts; ts = ts->next) {
if (ts->up) {
code = contact_server(ts);
if (code) {
rcode = code;
} else {
okcalls++;
}
}
}
This means that if we successfully contact a majority of ubik sites,
we return success, even if some sites returned an error. If most sites
fail, then we return an error (we arbitrarily pick the last error we
got).
This means that in most situations, a successful write transaction is
guaranteed to have been transmitted to a majority of ubik sites, so
the written data cannot be lost (at least one of the sites that got
the new data will be in a future elected quorum).
However, if a site is already known to be down (ts->up is 0), then we
skip trying to contact that site, but we also don't set any errors.
This means that if a majority of sites are already known to be down
(ts->up is 0), then we can indicate success for a write transaction,
even though the relevant data has not been written to a majority of
sites. In that situation, it is possible to lose data.
Most of the time this is not possible, since a majority of sites must
be 'up' for the sync site to be elected and to allow write
transactions at all. There are a few ways, though, in which we can get
into a situation where most other sites are 'down', but we still let a
write transaction go through.
An example scenario:
Say we have sites A, B, and C. All 3 sites come up at the same time,
and A is the lowest IP so it starts an election (after around BIGTIME
seconds). Right after A is elected the sync site, sites B and C will
have 'lastYesState' set to 0, since site A hasn't yet sent out a
beacon as the sync site.
A client can then start a write to the ubik database on site A, which
site A will allow since it's the sync site (and presumably all the
relevant recovery flags are set). Site A will try to contact sites B
and C for a DISK_Begin call, but lastYesState is set to 0 on those
sites. This will cause DISK_Begin to return UNOQUORUM
(urecovery_AllBetter will return 0, because uvote_HaveSyncAndVersion
will return 0, because lastYesState is not set).
So site A will get a UNOQUORUM error from sites B and C, and so site A
will set 'ts->up' to 0 for sites B and C, and will return UNOQUORUM to
the client. The client may then try to retry the call (because
UNOQUORUM is not treated as a 'global' error in ubikclient.c's
ubik_Call_New), or another client write request could come in. Now
that 'ts->up' is unset for both sites B and C, we skip trying to
contact any remote sites, and the ContactQuorum functions will return
success. So the ubik write will go through successfully, but the new
data will only be on site A.
At this point, if site A crashes, then sites B and C will elect a
quorum, and will not have the modifications that were written to site
A (so the data written to site A is lost). If site A stays up, then it
will go through database recovery, sending the entire database file to
sites B and C.
In addition, it's very possible in this scenario for a client to write
to the database, and then try to read back data and confusingly get a
different result. For example, if someone issues the following two
commands while triggering the above scenario:
$ pts createuser testuser
$ pts examine testuser
If the second command contacts site B or C, then it will always fail,
saying that the user doesn't exist (even though the first command
succeeded). This is because sites B and C don't have the new data
written to site A, at least temporarily. While this confusing behavior
is not completely avoidable in ubik (this can always happen
'sometimes' due to network errors and such), with the scenario
described here, it happens 100% of the time.
The general scenario described above can also happen if sites B and C
are suddenly legitimately unreachable from site A, instead of throwing
the UNOQUORUM error. All of the steps are pretty much the same, but
there is a bit of a delay while we wait for the DISK_Begin call to
fail.
To fix this, do not let 0 be returned if a quorum has not been
reached. In some sense, UNOQUORUM could *always* be returned in
that case, but it is more in keeping with historical behavior to
return a "real" error if there is one available.
It is somewhat questionable whether we should even be propagating
errors received from calls like DISK_Begin/DISK_Commit to the ubik
client (e.g. if we get a -1 from trying to contact a remote site, we
return -1 to the client, so the client may think it couldn't reach the
site at all). But this commit does not change any of that logic, and
should only change behavior when a majority of sites have 'ts->up'
unset. A later commit might effect the change to always return
UNOQUORUM and ignore the actual error values from the DISK_ calls,
but that is not needed to fix the immediate issue.
An important note:
Before this commit, there was a window of about 15 seconds after a
sync site is elected where a write to the ubik db would appear to be
successful, but would only modify the ubik db on the sync site.
(Details described above.) With this commit, writes during that
15-second window will instead fail, because we cannot guarantee that
we won't lose that data. If someone relies on 'udebug' data from the
sync site to let them know when writes will go through successfully,
this commit could appear to cause new errors.
[kaduk@mit.edu: transfer long commit message describing the issue
from an alternative fix, and tidy up accordingly]
Change-Id: If6842d7122ed4d137f298f0f8b7f20350b1e9de6
Reviewed-on: https://gerrit.openafs.org/12289 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
There are some variations here and there, but all locations usually
involve at least some code like that. But they all do the same general
thing: invalidate a vcache so we hit the net the next time we need
that vcache.
In order to make it easier to modify what happens when we invalidate a
vcache, and just to improve the code, take all of these instances and
put the functionality in a single function, called afs_StaleVCache,
which marks the vcache as 'stale'.
To handle a few different situations that must be handled, we have
some flags that can also be passed to the new function. These are
primarily necessary to handle variations in the circumstances under
which we hit this code path; for instance, we may already have
afs_xcbhash locked, or we may be invalidating the entire osidnlc (if
we're invalidating vcaches in bulk, for example).
This should result in the same general behavior in all cases. The only
slight differences in a few cases is that we hold locks for a few more
operations than we used to; for example, we may clear an osidnlc entry
while holding the vcache lock. But these are minor and shouldn't
result in any actual differences in behavior.
So, this commit should just be code reorganization and should incur no
behavior change. However, this reorganization is complex, and should
not be considered a simple risk-free refactoring.
[kaduk@mit.edu: implement Tom Keiser's suggestion of a third argument
to afs_StaleVCacheFlags, add AFS_STALEVC_CLEARCB and
AFS_STALEVC_SKIP_DNLC_FOR_INIT_FLUSHED]
Change-Id: I2b2f606c56d5b22826eeb98471187165260c7b91
Reviewed-on: https://gerrit.openafs.org/11790 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Wed, 17 Aug 2016 14:57:48 +0000 (10:57 -0400)]
CODING: one-line if statements should not have braces
Update the style guide with a declaration of the prevailing and
preferred brace style for one-line if statements and loops. Provide an
example and counter-example.
Change-Id: Iafeea977203b76c0e67385779fb4ed57f3c6699a
Reviewed-on: https://gerrit.openafs.org/12370 Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Thu, 11 Jun 2015 15:25:51 +0000 (11:25 -0400)]
libafs: update the volume setup time when the vldb is rechecked
The vldb is rechecked when the fileserver returns certain error codes,
such as VMOVED. When the vldb is rechecked, update the volume
setupTime to reflect the most recent time the volume vldb information
is known to be correct.
Be sure the VRecheck flag is cleared after checking the vldb, since
the volume write lock was dropped after finding the volume.
Change-Id: I0ba389ee408de602e0059fbe8013012501c337d3
Reviewed-on: https://gerrit.openafs.org/11897 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Andrew Deason [Sat, 8 Aug 2015 21:13:54 +0000 (16:13 -0500)]
afs: Make ONEGROUP_ENV not Linux-specific
The functionality in AFS_LINUX26_ONEGROUP_ENV does not really need to
be Linux-specific (it's just only implemented for Linux right now).
Rename it to AFS_PAG_ONEGROUP_ENV, and remove some Linux-specific
checks when checking for "onegroup" PAG GIDs.
[mmeffie@sinenomine.net: Move AFS_PAG_ONEGROUP_ENV to param.h]
Michael Meffie [Wed, 29 Apr 2015 16:00:24 +0000 (12:00 -0400)]
afs: add afsd -inumcalc option
This commit adds the afsd -inumcalc command line switch to specify the
inode number calculation method in a platform neutral way.
Inode numbers reported for files within the AFS filesystem are generated
by the cache manager using a calculation which derives a number from a
FID. Long ago, a new type of calculation was added which generates inode
numbers using a MD5 message digest of the FID. The MD5 inode number
calculation variant is computationally more expensive but greatly
reduces the chances for inode number collisions.
The MD5 calculation can be enabled on the Linux cache manager using the
Linux sysctl interface. Other than the sysctl method of selecting the
inode calculation type, the MD5 inode number calculation method is not
specific to Linux.
This change introduces a command-line option which accepts a value to
indicate the calculation method, instead of a simple flag to enable MD5
inode numbers. This should allow for new inode calculation methods
in the future without the need for additional afsd command-line flags.
Two values are currently accepted for -inumcalc. The value of 'compat'
specifies the legacy inode number calculation. The value 'md5' indicates
that the new MD5 calculation is to be used.
Marcio Barbosa [Tue, 28 Jun 2016 15:48:06 +0000 (12:48 -0300)]
venus: fix memory leak
The fs getserverprefs command displays preference
ranks for file / volume location server machine
interfaces. In order to get the complete set of
preference ranks, the VIOC_GETSPREFS system call
might have to be called several times. If so, the
memory previously allocated should be released.
Reviewed-on: https://gerrit.openafs.org/12315 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit d3b8a05d229a80100f40fca4dfdcd820313fcea8)
Michael Meffie [Thu, 28 Apr 2016 21:23:23 +0000 (17:23 -0400)]
afs: remove commented out sleep in afs_call.c
The cell info setup was moved to the beginning of the startup sequence
and an unnecessary sleep commented out in the syscall in which the cell
info was set in commit 3fa5f389b2b7778cf0df5a506c91b427b147c4c2.
Clean up afs_call.c a bit by removing this commented out code.
Reviewed-on: https://gerrit.openafs.org/12277 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 591da537e22be88da23216b2640331a7338ce0ae)
Change-Id: I9964603d68feea840cb70056dafad96d2c6adea2
Reviewed-on: https://gerrit.openafs.org/12307 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Thu, 28 Apr 2016 21:15:06 +0000 (17:15 -0400)]
afs: remove commented out AIX specific tweak
This AIX specific code block has been commented out since
openafs-ibm-1_0. The comments seem to indicate this was a networking
tweak specific to AIX, but the kernel variables involved were not
exported. Clean up afs_call.c by removing this dead code.
Reviewed-on: https://gerrit.openafs.org/12276 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 5277460eaa300fc973b59d007cd3eaea93d30873)
Change-Id: Idcf94dc5962a6bb183af3bfccead3b17cff2ee58
Reviewed-on: https://gerrit.openafs.org/12306 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Michael Meffie [Thu, 28 Apr 2016 20:52:42 +0000 (16:52 -0400)]
afs: cleanup remnant afs_vfs_mount prototype in afs_call.c
The call to afs_vfs_mount() in afs_call.c was removed in commit a5ab24af71efe6b80eb0f78d1979c5ab1d1e594d. Remove the remnant prototype
and the useless conditionals around it.
Reviewed-on: https://gerrit.openafs.org/12275 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 91f5cecc937923e16c5feda675fccd36d2b95164)
Change-Id: I6463d012c0c00b4a2738fa1045e822cda5c3304a
Reviewed-on: https://gerrit.openafs.org/12305 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Sat, 14 May 2016 18:37:54 +0000 (13:37 -0500)]
Fix typo in kaserver appendix
Though it's very unlikely that someone would actually want to
set up a new kaserver installation, if we have documentation for
it, it ought to at least do what it claims to do.
Thus, change kinit to klog where it was intended.
Reported by Karl-Philipp Richter.
FIXES 133043
Reviewed-on: https://gerrit.openafs.org/12286 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 4bd716223492aec23599a5ac01bce3cc47160bfd)
Change-Id: I0390a260e53a978e5a45aaff19b832c2d4dc4f9b
Reviewed-on: https://gerrit.openafs.org/12304 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Benjamin Kaduk [Wed, 13 Jul 2016 23:23:50 +0000 (18:23 -0500)]
Document minimum supported compiler versions
Pick some fairly old versions of clang and gcc and document them
as the minimum supported version. This will let us make assumptions
about compiler features that are available when using those compilers.
Change-Id: Ibb8df72c9b12cc7adff39ece9708a428975ba703
Reviewed-on: https://gerrit.openafs.org/12331 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Stephan Wiesand [Wed, 3 Aug 2016 12:11:12 +0000 (14:11 +0200)]
Make OpenAFS 1.6.18.3
Update configure version strings for 1.6.18.2. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.18.3.
Switch to 1.6.19 dev 3 for macos.
Change-Id: I30fed9209c101d290b8bd182c8f90efd83062caf
Reviewed-on: https://gerrit.openafs.org/12356 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Anders Kaseorg [Tue, 26 Jul 2016 01:04:59 +0000 (21:04 -0400)]
Linux 4.7: Follow key_alloc API change
Linux v4.7-rc1~124^2~2^2^2~9 adds an eighth optional argument
restrict_link. The same commit adds a KEY_ALLOC_BYPASS_RESTRICTION
macro, which we test so we can avoid adding another configure test.
Reviewed-on: https://gerrit.openafs.org/12345 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 83a0f2a9ef88e63fbd300fbb436c17ca80c245b4)
Change-Id: I1ba16468888e160fdedf90ff1a9007d90dce9c3b
Reviewed-on: https://gerrit.openafs.org/12348 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Fri, 27 May 2016 20:44:17 +0000 (16:44 -0400)]
SOLARIS: corrupted content of mmap'd files over 4GiB
Many Solaris programs and utilities (notably mdb and cp) use mmap() in
their implementation. When AFS files exceeding 4GiB are mmap'd, the
contents of the file will be incorrectly mapped into memory. Starting at
4GiB + 1, the first 4GiB will be repeated for the remainder of the file.
If the mmap'd file is written back to storage (AFS or otherwise), the
newly created file will also be corrupted.
This is due to a bug in the afs_map() routine that supports mmap() of
AFS files on Solaris. The segvn_crarg.offset passed to the Solaris
virtual memory APIs is incorrectly cast to u_int, causing it to wrap at
4GiB.
Although Solaris passes the offset from fop_map() to afs_map() as type
offset_t, the destination segvn_crargs.offset is actually type
u_offset_t. Existing examples of other Solaris filesystems (e.g.
zfs_map() ) cast the offset from offset_t to u_offset_t when assigning to
segvn_crargs.offset. If it's good enough for ZFS, it's good enough for
AFS.
Correctly cast the offset to u_offset_t.
Thanks to Robert Milkowski for the report and diagnosis.
Reviewed-on: https://gerrit.openafs.org/12292 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit fa5af899319b69fa9542add78beca388521e3450)
Change-Id: I9c00afeb88c089fe34d25015dbbe02c50b7e9437
Reviewed-on: https://gerrit.openafs.org/12350 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Thu, 26 May 2016 20:53:47 +0000 (16:53 -0400)]
SOLARIS: support mmap() over 4GiB
When mmap() is issued for exactly 4GiB of a large AFS-resident file,
mmap() fails with ENOMEM. This is because the AFS code is handling the
requested length as u_int instead of size_t, resulting in a 0 being
passed back to the caller.
When mmap() is issued for non-multiples of 4GiB, the subsequent mapping
will not contain all the requested pages, and for the same reason - the
mapped size has been truncated to 32 bits. This results in SIGSEGV when
accessing the non-mapped page(s).
Fix the signature of afs_map() to specify the correct type for the length.
Thanks to Robert Milkowski for the report and diagnosis.
Reviewed-on: https://gerrit.openafs.org/12291 Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 75325fc9ab1cec4a338e1aaf1b32de1922492b12)
Change-Id: I8677aebf3afa6a6c0596f7d9afc06fe36d728fd3
Reviewed-on: https://gerrit.openafs.org/12349 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The automatically generated pkgbuild.sh file should not be tracked by
git. To fix this problem, add the name of this file to the proper
.gitignore file.
Reviewed-on: https://gerrit.openafs.org/12343 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 19ffa2b7f09bffea816dda4713ad53f4d8cb93cb)
Change-Id: I581f09deea271dd26e065d35dbf12d6c8480bb8f
Reviewed-on: https://gerrit.openafs.org/12351 Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
macos: use pkgbuild to build the package on 10.10/10.11
PackageMaker is no longer part of OS X. As a result, it
is not possible to build the package on OS X 10.10 and
OS X 10.11 using the existing code.
To solve this problem, a new script, along with a couple
of new files, are provided.
- pkgbuild.sh
This script uses the command line tools pkgbuild and
productbuild to build the package on OS X 10.10 and
OS X 10.11. By default, the package built by this
script will not be signed. Optionally, the package
might be signed.
- Distribution.xml
This file is nothing more than an XML file used by
productbuild. It is mainly used to configure how the
installer will look and behave.
- conclusion.txt
Contains the text that is displayed by Installer at
the end of the installation process. Only used by
El Capitan and further.
- Uninstall.14.15
This script can be used by OS X 10.10/10.11 users
to uninstall OpenAFS.
Notes:
- This work is based on a patch made by Brandon Allbery
<ballbery@sinenomine.net> with fixes and updates from
Andrew Deason <adeason@dson.org>.
- El Capitan and further prevent us from touching
/usr/bin directly. As a result, /opt is used.
- If the package is not signed, the user will have
to disable the OS X security protections. Otherwise,
the client will not work.
- Now we have two different scripts to build the
package on OS X. For OS X 10.10 and newer versions,
pkgbuild.sh will be used. For older versions,
the existing buildpkg.sh will be used.
Reviewed-on: https://gerrit.openafs.org/12239 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 48ce41a447c354b8a20b769e4aa5b502ba5bcc09)
Anders Kaseorg [Tue, 26 Jul 2016 01:04:59 +0000 (21:04 -0400)]
Linux 4.7: Follow key_alloc API change
Linux v4.7-rc1~124^2~2^2^2~9 adds an eighth optional argument
restrict_link. The same commit adds a KEY_ALLOC_BYPASS_RESTRICTION
macro, which we test so we can avoid adding another configure test.
Change-Id: I83e27b54ba5711124dccaa41de7155be77054f47
Reviewed-on: https://gerrit.openafs.org/12345 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Anders Kaseorg <andersk@mit.edu> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Anders Kaseorg [Mon, 25 Jul 2016 23:04:15 +0000 (19:04 -0400)]
Bump Standards-Version to 3.9.8
No changes needed. At some point we may want to move the documentation
in openafs-doc from /usr/share/doc/openafs-doc to
/usr/share/doc/openafs, but that is preferred and not required by
policy.
Mark Vitale [Fri, 27 May 2016 20:44:17 +0000 (16:44 -0400)]
SOLARIS: corrupted content of mmap'd files over 4GiB
Many Solaris programs and utilities (notably mdb and cp) use mmap() in
their implementation. When AFS files exceeding 4GiB are mmap'd, the
contents of the file will be incorrectly mapped into memory. Starting at
4GiB + 1, the first 4GiB will be repeated for the remainder of the file.
If the mmap'd file is written back to storage (AFS or otherwise), the
newly created file will also be corrupted.
This is due to a bug in the afs_map() routine that supports mmap() of
AFS files on Solaris. The segvn_crarg.offset passed to the Solaris
virtual memory APIs is incorrectly cast to u_int, causing it to wrap at
4GiB.
Although Solaris passes the offset from fop_map() to afs_map() as type
offset_t, the destination segvn_crargs.offset is actually type
u_offset_t. Existing examples of other Solaris filesystems (e.g.
zfs_map() ) cast the offset from offset_t to u_offset_t when assigning to
segvn_crargs.offset. If it's good enough for ZFS, it's good enough for
AFS.
Correctly cast the offset to u_offset_t.
Thanks to Robert Milkowski for the report and diagnosis.
Change-Id: Id25363255ec011f2ad7e003ca3e4a1385bebff7e
Reviewed-on: https://gerrit.openafs.org/12292 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Mark Vitale [Thu, 26 May 2016 20:53:47 +0000 (16:53 -0400)]
SOLARIS: support mmap() over 4GiB
When mmap() is issued for exactly 4GiB of a large AFS-resident file,
mmap() fails with ENOMEM. This is because the AFS code is handling the
requested length as u_int instead of size_t, resulting in a 0 being
passed back to the caller.
When mmap() is issued for non-multiples of 4GiB, the subsequent mapping
will not contain all the requested pages, and for the same reason - the
mapped size has been truncated to 32 bits. This results in SIGSEGV when
accessing the non-mapped page(s).
Fix the signature of afs_map() to specify the correct type for the length.
Thanks to Robert Milkowski for the report and diagnosis.
Change-Id: I8a9f0cb04ff9b80de5516e14d0679b06ef0b3f9a
Reviewed-on: https://gerrit.openafs.org/12291 Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The automatically generated pkgbuild.sh file should not be tracked by
git. To fix this problem, add the name of this file to the proper
.gitignore file.
Change-Id: I9bdbad8e7cc02926de61e337ccb94d8a2c27ae43
Reviewed-on: https://gerrit.openafs.org/12343 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Stephan Wiesand [Wed, 13 Jul 2016 12:25:58 +0000 (14:25 +0200)]
Make OpenAFS 1.6.18.2
Update configure version strings for 1.6.18.2. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.18.2.
Switch to 1.6.19 dev 2 for macos.
Andrew Deason [Sun, 1 May 2016 16:24:30 +0000 (11:24 -0500)]
ubik: Don't RECFOUNDDB if can't contact most sites
Currently, the ubik recovery code will always set UBIK_RECFOUNDDB
during recovery, after asking all other sites for their dbversions.
This happens regardless of how many sites we were actually able to
successfully contact, even if we couldn't contact any of them.
This can cause problems when we are unable to contact a majority of
sites with DISK_GetVersion. Since, if we haven't contacted a majority
of sites, we cannot say with confidence that we know what the best db
version available is (which is what UBIK_RECFOUNDDB represents; that
we've found which database is the one we should be using). This can
also result in UBIK_RECHAVEDB in a similar situation, indicating that
we have the best db version locally, even though we never actually
asked anyone else what their db version was.
For example, say site A is the sync site going through recovery, and
DISK_GetVersion fails for the only other sites B and C. Site A will
then set UBIK_RECFOUNDDB, and will claim that site A has the best db
version available (UBIK_RECHAVEDB). This allows site A to process ubik
write transactions (causing the db to be labelled with a new epoch),
or possibly to send the db to the other sites via DISK_SendFile, if
they quickly become available during recovery. Ubik write transactions
can succeed in this situation, because our ContactQuorum_* calls will
succeed if we never try to contact a remote site ('rcode' defaults to
0).
This situation should be rather rare, because normally a majority of
sites must be reachable by site A for site A to be voted the sync site
in the first place. However, it is possible for site A to lose
connectivity to all other sites immediately after sync site election.
It is also possible for site A to proceed far enough in the recovery
process to set UBIK_RECHAVEDB before it loses its sync site status.
As a result of all of this, if a site with an old database comes
online and there are network connectivity problems between the other
sites and a ubik write request comes in, it's possible for the "old"
database to overwrite the "new" database. This makes it look as if the
database has "rolled back" to an earlier version.
This should be possible with any ubik database, though how to actually
trigger this bug can change due to different ubik servers setting
different network timeouts. It is probably the most likely with the
VLDB, because the VLDB is typically the most frequently written
database.
If a VLDB reverts to an earlier version, it can result in existing
volumes to appear to not exist in the VLDB, and can result in new
volumes re-using volume IDs from existing volumes. This can result in
rather confusing errors.
To fix this, ensure that we have contacted a majority of sites with
DISK_GetVersion before indicating that we have located the best db
version. If we've contacted a majority of sites, then we are
guaranteed (under ubik assumptions) that we've found the best version,
since previous writes to the database should be guaranteed to hit a
majority of sites (otherwise they wouldn't be successful).
If we cannot reach a majority of sites, we just don't set
UBIK_RECFOUNDDB, and the recovery process restarts. Presumably on the
next iteration we'll be able to contact them, or we'll lose sync site
status if we can't reach the other sites for long enough.
Andrew Deason [Fri, 13 May 2016 02:34:31 +0000 (21:34 -0500)]
vlserver: rx_SetRxDeadTime before ubik init
Currently, vlserver calls rx_SetRxDeadTime to set the default rx
deadtime to 50 seconds, but it does so after calling
ubik_ServerInitByInfo. ubik_ServerInitByInfo creates several rx
connections before it returns, and so these connections get the
default rx deadtime (12 seconds), instead of the 50 seconds vlserver
tries to set.
When ubik detects that a remote site is down, ubik recreates the rx
connections for that site, and this new connection gets the new
deadtime of 50 seconds.
This means that ubik behavior can have different timings in the
vlserver, depending on if any remote sites have ever been detected as
being 'down' or not. This can result in seemingly-inconsistent or
confusing behavior, since some sequences of operations that appear
identical can produce different results, depending on if the 12-second
timeout or the 50-second timeout is being used.
This behavior is not directly to blame for any problems, but it can be
very confusing, especially when trying to diagnose or reproduce bugs.
So to make things more consistent, just call rx_SetRxDeadTime earlier,
so all conns always get the 50-second timeout.
In order to do this, though, we must also ensure that rx_Init is
called before rx_SetRxDeadTime (otherwise, rx_Init will overwrite our
configured deadtime). So also call rx_Init earlier; rx_Init is
idempotent, so it's okay that it may be called again after or before
this.
Note that vlserver is currently the only ubik server that sets a
deadtime of 50 seconds, and it's not clear why. Another way to solve
this is to just remove the call to rx_SetRxDeadTime, to make vlserver
behave more similar to ptserver. But this commit takes a conservative
approach to result in a deadtime that is probably the most common in
current use. Since, most long-running vlservers will probably
eventually lose contact with remote sites at one time or another, and
so will eventually use a deadtime of 50 seconds.
Change-Id: I49430144d9a62eb8cad1509c1aeafc9fcc927f8e
Reviewed-on: https://gerrit.openafs.org/12285 Tested-by: Andrew Deason <adeason@dson.org> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
macos: use pkgbuild to build the package on 10.10/10.11
PackageMaker is no longer part of OS X. As a result, it
is not possible to build the package on OS X 10.10 and
OS X 10.11 using the existing code.
To solve this problem, a new script, along with a couple
of new files, are provided.
- pkgbuild.sh
This script uses the command line tools pkgbuild and
productbuild to build the package on OS X 10.10 and
OS X 10.11. By default, the package built by this
script will not be signed. Optionally, the package
might be signed.
- Distribution.xml
This file is nothing more than an XML file used by
productbuild. It is mainly used to configure how the
installer will look and behave.
- conclusion.txt
Contains the text that is displayed by Installer at
the end of the installation process. Only used by
El Capitan and further.
- Uninstall.14.15
This script can be used by OS X 10.10/10.11 users
to uninstall OpenAFS.
Notes:
- This work is based on a patch made by Brandon Allbery
<ballbery@sinenomine.net> with fixes and updates from
Andrew Deason <adeason@dson.org>.
- El Capitan and further prevent us from touching
/usr/bin directly. As a result, /opt is used.
- If the package is not signed, the user will have
to disable the OS X security protections. Otherwise,
the client will not work.
- Now we have two different scripts to build the
package on OS X. For OS X 10.10 and newer versions,
pkgbuild.sh will be used. For older versions,
the existing buildpkg.sh will be used.
ptuser: guarantee that all names are valid C strings
The prname type is represented in XDR as a vector[PR_MAXNAMELEN]
of char, not as a string, which means that the XDR (de)serializer
will not guarantee null-termination. Guarantee that all buffers
used in the public protection server API are in fact valid strings
by disallowing any names that are exactly PR_MAXNAMELEN (64)
characters long. DO NOT silently truncate names that are even
longer than this. Consistently use the prname typedef in
declarations to reinforce the length limitation to those reading
the header file. Introduces a new protection error code,
PRNAMETOOLONG, which will be returned if either IN or OUT parameters
would exceed the limit.
[kaduk@mit.edu convert macro to static_inline function and expand
at call sites; add string_ wrapper to add checking to viced and libadmin;
export the string_ wrapper from libafsauthent for the windows build]
Change-Id: I65f850afcfea2fd2bc0110ca7b7f6ecca247dd58
Reviewed-on: https://gerrit.openafs.org/7896 Reviewed-by: Chas Williams <3chas3@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Joe Gorse [Thu, 9 Jun 2016 18:11:23 +0000 (14:11 -0400)]
Linux 4.6: rm PAGE_CACHE_* and page_cache_{get,release} macros
This is an automatic patch generated by Coccinelle (spatch) from the commit message of the linked commit:
https://github.com/torvalds/linux/commit/09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a
We will not add an autoconfig test because the PAGE_{...} macros should exist
where the PAGE_CACHE_{...} were previously.
The spatch used:
@@
expression E;
@@
- E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
expression E;
@@
- E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
Reviewed-on: https://gerrit.openafs.org/12297 Reviewed-by: Michael Laß <lass@mail.uni-paderborn.de> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Tested-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f14d263a73f0be75e4de92f62e836fb2e55680dd)
Change-Id: Id3973fc55db102d1472fa1dd0aa37c5d67664342
Reviewed-on: https://gerrit.openafs.org/12332 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Stephan Wiesand [Wed, 13 Jul 2016 14:55:11 +0000 (16:55 +0200)]
redhat: Use a secure URL to retrieve CellServDB
By default, makesrpm.pl will use wget to retrieve the CellServDB
as specified in the spec file. Even though the script need not and
thus should not be run by a privileged UID, make this a bit more
secure by specifying an https URL.
Reviewed-on: https://gerrit.openafs.org/12329 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 16463b602a210768f80bec9ef7c6896ea8a9909d)
Change-Id: I13d924d6a8e3b5ac31359a85b9a07ee041570b61
Reviewed-on: https://gerrit.openafs.org/12330 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Joe Gorse [Thu, 9 Jun 2016 18:11:23 +0000 (14:11 -0400)]
Linux 4.6: rm PAGE_CACHE_* and page_cache_{get,release} macros
This is an automatic patch generated by Coccinelle (spatch) from the commit message of the linked commit:
https://github.com/torvalds/linux/commit/09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a
We will not add an autoconfig test because the PAGE_{...} macros should exist
where the PAGE_CACHE_{...} were previously.
The spatch used:
@@
expression E;
@@
- E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
expression E;
@@
- E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
Stephan Wiesand [Wed, 13 Jul 2016 14:55:11 +0000 (16:55 +0200)]
redhat: Use a secure URL to retrieve CellServDB
By default, makesrpm.pl will use wget to retrieve the CellServDB
as specified in the spec file. Even though the script need not and
thus should not be run by a privileged UID, make this a bit more
secure by specifying an https URL.
Change-Id: I0f14bbac35e7dc30a6e194f8706f7f3674d15a3f
Reviewed-on: https://gerrit.openafs.org/12329 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Thu, 11 Jun 2015 15:02:20 +0000 (11:02 -0400)]
libafs: rename volume accessTime to setupTime
Since OpenAFS 1.0, the struct volume accessTime member has been the time
time the volume structure is setup, not the last time the volume was
used (as indicated by the comments). This time stamp is only used to
find the oldest available volume slot in the disked backed volume cache.
(Perhaps in pre-OpenAFS this was updated each time the volume was
referenced.)
Rename this structure member and update the comments for it.
Change-Id: I33a6371e8800b2d0f7b2700db0785fc365a8649e
Reviewed-on: https://gerrit.openafs.org/11896 Reviewed-by: Perry Ruiter <pruiter@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Commit a0f416e3504929b304fefb5ca65e2d6a254ade2e unconditionally turned
on the new ubik_BeginTransReadAnyWrite functionality for the vlserver,
which allows us to read data from ubik during a conflicting ubik write
lock.
This feature is not ready for production use. Make it a build time
option, marked as experimental, until more testing can be done.
Change-Id: If64702e7a7ed2340066df5faf82ce8b0875fc610
Reviewed-on: https://gerrit.openafs.org/12240 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Fri, 5 Jun 2015 14:09:54 +0000 (10:09 -0400)]
libafs: avoid resetting the dynroot volume every 10 minutes
The dynroot volumes are synthetic, so do not need to be reset every time
the background daemon checks the volumes.
The results of osi_Time() is a signed 32-bit integer, and the volume
expireTime is an signed 32-bit integer, so use signed 32-bit integers
for the expiry check.
Benjamin Kaduk [Sun, 15 May 2016 18:51:56 +0000 (13:51 -0500)]
viced: make -vhashsize usable for non-DAFS
The ability to set the size of the volume hash table was added
at the same time that DAFS was introduced, and got caught up
in the same preprocessor conditional. However, -vhashsize can
be useful for the traditional fileserver as well (even though
we recommend DAFS over the traditional fileserver), so let it
be used in that case.
Update the man pages accordingly and fix some grammar while here.
Noted by Mark Vitale.
Change-Id: Ic3282c9d661d60cf36f9ffb197e723a3f71da167
Reviewed-on: https://gerrit.openafs.org/12287 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Tue, 28 Jun 2016 15:48:06 +0000 (12:48 -0300)]
venus: fix memory leak
The fs getserverprefs command displays preference
ranks for file / volume location server machine
interfaces. In order to get the complete set of
preference ranks, the VIOC_GETSPREFS system call
might have to be called several times. If so, the
memory previously allocated should be released.
Stephan Wiesand [Mon, 13 Jun 2016 08:51:13 +0000 (10:51 +0200)]
Make OpenAFS 1.6.18.1
Update configure version strings for 1.6.18.1. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.18.1.
Switch to 1.6.19 dev 1 for macos.
projects / packages / o / openafs.git / log