RXGK_NOW(), a quick routine to get the current timestamp as an rxgkTime,
and secondsToRxgkTime for the more general scaling factor.
Change-Id: I0051b5c8e5ad61e35431d97454bf2741daba90cb
Reviewed-on: https://gerrit.openafs.org/10566
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Solaris Studio issues warnings for statements which can not be reached,
such as statements following an infinite loop. For example, the return
statement will generate a 'statement not reached' warning in the
following code:
while (1) {
/* no breaks or gotos in this body */
}
return 0;
Suppress these warnings by conditionally removing such statements when
building under Solaris Studio.
Change-Id: Ib4f465bf9c00eff0d603e5bd643db7d3a5aa0ba0
Reviewed-on: https://gerrit.openafs.org/12958
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Remove spurious semi-colon which generates a warning when
building under Solaris Studio.
"./src/afs/UKERNEL/sysincludes.h", line ...: warning: syntax error: empty declaration
Change-Id: I022728ddfd4b8229db0a247de2470846c802a462
Reviewed-on: https://gerrit.openafs.org/12957
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Ignore build artifacts generated when building the kernel
module for Solaris:
src/libafs/inet
src/libafs/nfs
src/libafs/ufs
Change-Id: Ie791c45c48ffc15547864bee568f52f74ab6020f
Reviewed-on: https://gerrit.openafs.org/12955
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
We need oafs_h_krb5_generate_random_block when generating random
keys and oafs_h_krb5_crypto_fx_cf2 for CombineTokens.
Having oafs_h_krb5_crypto_prf_length proves very convenient for
key derivation of transport keys, so move it to the public header
and export it.
oafs_h_krb5_enctype_keysize is needed so that we can tell whether or not we
need to pass through random_to_key() when making rxgk_keys.
oafs_h_krb5_random_to_key is needed for that random_to_key() operation.
Change-Id: Ia34c8028b07df203b3885157e2d46c6bb512f608
Reviewed-on: https://gerrit.openafs.org/10936
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
We have a special rx_identity_kind for superusers, let it actually
be useful for something.
Change-Id: I1d551ed8e5fcfd6bdc29c6c27eee4c2ae67e1a89
Reviewed-on: https://gerrit.openafs.org/10575
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a configure check to see if the map_addr() function contains the
'vacalign' argument or not. The argument was removed sometime around
Solaris 11.4.
Change-Id: Id11c10cf849511635bd9490c97d978b4bdaa5e06
Reviewed-on: https://gerrit.openafs.org/12947
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Our HAVE_ARC4RANDOM symbol represents the availability of arc4random()
in userspace, not in the kernel. On Solaris, we'll define
HAVE_ARC4RANDOM, but the built kernel module will be unusable, since
we cannot resolve the arc4random symbol.
To to avoid this, undef HAVE_ARC4RANDOM when building hcrypto for the
kernel, just like we do with HAVE_GETUID.
Change-Id: I17472420b35e7be6b4f698082714c2e51bdb064b
Reviewed-on: https://gerrit.openafs.org/12946
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Starting around Solaris 11.3, '/usr/bin/nm -p' starts reporting some
symbols with the 'C' code. libtool cannot handle this (libtool bug
#22373), which causes global_symbol_pipe in the generated libtool
script to be empty. This causes a rather confusing error when we go to
actually use libtool to link something ("syntax error near unexpected
token '|'"; see libtool bug #20947), and prevents the build from
continuing.
Address this in two ways:
For all Solaris 11 builds, default to /usr/sfw/bin/gnm over
/usr/bin/nm. This avoids any interop issues with libtool and nm, since
libtool of course works very well with GNU tooling.
In addition, try to catch any nm-related errors with libtool at
configure time, to provide a more helpful error message.
To implement these changes, create a wrapper around LT_INIT, called
AFS_LT_INIT.
Change-Id: I7d47c17f9d9401dc5dcc9676279bf1e4f53554c4
Reviewed-on: https://gerrit.openafs.org/12945
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Recent versions of gcc generate a format overflow warning on the dfstring
buffer in fs.c. Increase the size of the buffer to avoid a possible buffer
overflow.
fs.c: In function ‘AclToString’:
fs.c:770:30: error: ‘%s’ directive writing up to 1024 bytes
into a region of size between 13 and 23 [-Werror=format-overflow=]
sprintf(dfsstring, " dfs:%d %s", acl->dfs, acl->cell);
^~
fs.c:770:2: note: ‘sprintf’ output between 8 and 1042 bytes into
a destination of size 30
sprintf(dfsstring, " dfs:%d %s", acl->dfs, acl->cell);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: Iead8b153a62f2928fabaeee1ed126535f67d7d49
Reviewed-on: https://gerrit.openafs.org/12917
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Recent versions of gcc generate an overflow warning in the butc DUMPNAME macro
when copying values into the finishedMsg1 buffer. Increase the size of the
destination buffer to avoid a possible buffer overflow.
dump.c:88:24: error: ‘%s’ directive writing up to 63 bytes into
a region of size 50 [-Werror=format-overflow=]
sprintf(dumpname, "%s (DumpId %u)", name, dbDumpId);
^
dump.c:1294:5: note: in expansion of macro ‘DUMPNAME’
DUMPNAME(finishedMsg1, nodePtr->dumpSetName, dparams.databaseDumpId);
^~~~~~~~
dump.c:88:6: note: ‘sprintf’ output between 12 and 84 bytes into
a destination of size 50
sprintf(dumpname, "%s (DumpId %u)", name, dbDumpId);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dump.c:1294:5: note: in expansion of macro ‘DUMPNAME’
DUMPNAME(finishedMsg1, nodePtr->dumpSetName, dparams.databaseDumpId);
^~~~~~~~
Change-Id: Iadf87a308ab6c500a8407a269bc0fd443ff0c735
Reviewed-on: https://gerrit.openafs.org/12916
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
In SDISK_SendFile, we return a USYNC error if the caller is not the
sync site. Say who the sync site is when we do this, to possibly help
post-mortem debugging.
Change-Id: I62a3565fca20171be20481638c261c4659c68ab2
Reviewed-on: https://gerrit.openafs.org/12943
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, in LT_LDLIB_shlib_missing, we construct our
-export-symbols-regex pattern like so (with some escaping):
"($(sed -e 's/^/^/' -e 's/$/$/' xxx.sym | tr '\n' '|' | sed -e 's/|$//'))"
The idea is that for a .sym file consisting of, for example:
foo
bar
We then generate a regex like (^foo$|^bar$). However, since the 'tr'
removes all newlines, the line given to the last 'sed' in the pipeline
has no trailing newline. On some systems, such as Solaris, this causes
sed to not output anything at all, resulting in a regex pattern of
just "()".
For example:
# on Debian
$ echo -n foo | sed -e 's/foo/bar/'
bar$
# on Solaris
$ echo -n foo | sed -e 's/foo/bar/'
$
To avoid this, we can change the sed pipeline to not remove the
newlines until the very end. Change the way we construct our regex to
this instead:
"($(sed -e 's/^/^/' -e 's/$/$|/' -e '$ s/|$//' xxx.sym | tr -d '\n'))"
So the sed removes the extra '|' in the last element by looking at the
last line, instead of looking at the end of the line after the 'tr'
conversion.
Change-Id: Id382132f6b400bf961dbaa52138a9abd0168118d
Reviewed-on: https://gerrit.openafs.org/12944
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Red Hat Linux 7.5 beta introduces a new file->f_mode flag
FMODE_KABI_ITERATE as a means for certain in-tree filesystems to
indicate that they have implemented file operation iterate() instead of
readdir(). The kernel routine iterate_dir() tests this flag to decide
whether to invoke the file operation iterate() or readdir().
The OpenAFS configure script detects that the file operation iterate()
is available under RH7.5 and so implements iterate() as
afs_linux_readdir(). However, since OpenAFS does not set
FMODE_KABI_ITERATE on any of its files, the kernel's iterate_dir() will
not invoke iterate() for any OpenAFS files. OpenAFS has also not
implemented readdir(), so iterate_dir() must return -ENOTDIR.
Instead, modify OpenAFS to fall back to readdir() in this case.
Change-Id: I242276150ab2a506e1e9c5c752e3f17d36c98935
Reviewed-on: https://gerrit.openafs.org/12935
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Change the declaration of 'addr' to be a signed int, to match
RXAFS_CallBackRxConnAddr() and the afsd_pd_GetInt() used with it.
This was detected by clang 4.0 in FreeBSD 11.1, via -Wpointer-sign.
Change-Id: Ibd2679e6a4519db46f57693ff58221f18f6a2fe1
Reviewed-on: https://gerrit.openafs.org/12934
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
If our attempt to receive a fresh database from a peer fails, we will
overwrite the version.epoch field of our current local copy of the
database with an invalid value, "0". The idea behind this approach is
to make sure that this database will not be seen as a legit copy if the
transfer is not completed properly. Although it is questionable if this
approach is still necessary (since the current version writes the data
into a temporary file), it is undisputed that the database version does
not have to be invalidated if the transfer fails in a early stage where
no data has been written and we could safely continue to reuse the local
copy for read-only queries. Early failures may happen if:
1. The peer sending the database to us is not the peer we believe to be
the sync site;
2. The sender is not authorized to call DISK_SendFile;
In both cases, the database epoch is invalidated. As a result of that,
we may have the following consequences:
1. Reads may not be allowed
Once the on disk epoch is invalidated, if the server in question is
rebooted, the invalid on disk epoch will be used to initialize the in
memory epoch. At this point, reads may not be allowed since
urecovery_AllBetter checks if the in memory epoch is greater than 1.
Reads should not be blocked forever since the sync-site will send a new
database to this remote and, as a result of that, the invalid version
will be corrected.
2. Data can be lost
If the site with the invalid epoch is the one with the most recent
database, the database can be rolled back to an earlier version during a
new quorum establishment. Consider the following scenario where we have
three sites:
Site A (up - database up to date) (sync-site)
Site B (up - database up to date)
Site C (down - old database)
The epoch of B is invalidated due to the problem fixed by this patch.
Then, A is turned off and C is turned on. In this scenario, the new
sync-site will distribute the old database held by C since its epoch is
greater than 0.
To fix the problem in question, do not set the database epoch to 0
if the local database was not modified.
Acknowledgements:
Hartmut Reuter <hartmut.reuter@gmx.de>
- found the problem;
- suggested a possible solution;
Benjamin Kaduk <kaduk@mit.edu>
- submitted the first version;
Andrew Deason <adeason@sinenomine.net>
- suggested changes;
Change-Id: I4f6a6e92aa0bd4282fab4743ea622815a009fecf
Reviewed-on: https://gerrit.openafs.org/12924
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Change the afs call which sets the volume ttl value to return EFAULT
instead of EINVAL when given an out of range value for the volume ttl
parameter. This is more consistent with the other op codes, which
return EFAULT when given an out of range parameter and allows the caller
to distinguish between an invalid opcode and a bad parameter.
Move the volume ttl range constants to afs_args.h, which is where
constants related to the op codes are supposed to be defined. This makes
the constants available to the caller in afsd.c as well as the
implementation in afs_call.c.
Update afsd to print a more sensible error message when the volume ttl
set calls fails due to an out of range parameter.
Change-Id: I6b3ab7d38a60464017daf06f70080a90d2a7a429
Reviewed-on: https://gerrit.openafs.org/12918
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Require the swig package as a build dependency. Build and package the
libuafs perl bindings. Place these libraries in the openafs-devel
package, along with the man page (moved from the openfs-client package).
This fixes an rpm build error when the swig package is present on the
build system,
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/lib64/perl/AFS/ukernel.pm
/usr/lib64/perl/ukernel.so
FIXES 134470
Change-Id: Ifa8a0938f0c16e6099cd2923a71dd6466052a4d8
Reviewed-on: https://gerrit.openafs.org/12919
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
An RXGEN_OPCODE is returned for opcodes that are not implemented by the
rx service. These opcodes might be deprecated opcodes that are no
longer supported or more recently registered opcodes that have yet to
be implemented. Clients should not be punished for issuing unsupported
calls. The clients might be old and are issuing no longer supported
calls or they might be newer and are issuing yet to be implemented calls
as part of a feature test and fallback strategy.
This change ignores RXGEN_OPCODE errors when deciding how to adjust the
rx_call.abortCount. When an RXGEN_OPCODE abort is sent the
rx_call.abortCount and rx_call.abortError are left unchanged which
preserves the state for the next failing call.
Note that this change intentionlly prevents the incrementing of the
abortCount for client connections as they never send delay aborts.
Change-Id: I87787e7ad0a85d52a01711bb75e2be1af9a868b8
Reviewed-on: https://gerrit.openafs.org/12906
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Make a few misc changes to the text for the new -volume-ttl option:
- Minor grammatical/typo fixes
- Emphasize a little more that the default behavior allows for vldb
info to be cached _forever_
- Provide some info on the effects of changing this value
- Provide a suggested "typical" value, to give some clue as to what
should be set here, so a curious user doesn't just set this to the
first value they see (10 minutes)
Change-Id: Ib6b2871b111c392260ea80e26273201b09d4c402
Reviewed-on: https://gerrit.openafs.org/12909
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Currently, 'rxdebug -version' never initializes the buffer we read the
version string into. Usually this is not noticeable, since all OpenAFS
binaries tend to pad the Rx version response packet with NULs, so we
get back several NULs to terminate the string. However, this is not
guaranteed, and if we do not get back a NUL-terminated string, we can
easily read beyond the end of the buffer.
To avoid this, initialize the 'version' buffer with NULs before we do
anything, and set the last byte to NUL, in case we exactly filled the
buffer.
Change-Id: I1b1ae546c01f018a9b4e198f918c2d9eb86015d6
Reviewed-on: https://gerrit.openafs.org/12908
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Add support for the arm64/aarch64 architecture on Linux 2.6+. The
param header file is mostly combined from arm and amd64.
Note that the code for syscall interception has not been updated for
arm64, so this will not build on arm64 without support for kernel
keyrings. This also does not define any AFS syscall number, since no
number in the Linux arm64 syscall table is "free" for us to use, as
far as I am aware.
Adapted from initial patches from Micheal Waltz <mwaltz@qualcomm.com>.
Change-Id: I1ee239ded17d8fea3b91b70405215aa1b3f7a6e9
Reviewed-on: https://gerrit.openafs.org/11940
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Currently, the RAND_add function in hcrypto uses a floating point
argument (specifically, a 'double'), as well as any implementations of
RAND_add. On Linux arm64, we cannot use floating point code in the
kernel, since the kernel module is compiled with -mgeneral-regs-only,
which prevents the use of floating point registers. No code in the
tree actually makes use of this argument, but its mere presence is
enough to cause an error with at least some versions of gcc with
certain arguments.
To get around this, simply change all instances of 'double' in hcrypto
to be a void pointer instead. This allows the code to compile as long
as nobody actually uses that argument in the kernel. If the code is
changed such that we do actually use that argument, the argument will
be a void* and so will probably (hopefully) cause a compiler error,
and the code will need to be examined to make sure this workaround
doesn't break anything.
We already do this on Solaris, which has similar issues for different
compiler versions and compiler flags. Add arm64 Linux to the cases
where we do this, but restrict this to kernel code only, to try to
avoid doing this more often than necessary.
Change-Id: Ifd10786cd9ac6c9d5152b927e180b7362131f359
Reviewed-on: https://gerrit.openafs.org/11939
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, afs_args.h will define an AFS_SYSCALL value by default (31)
if the current platform does not define an AFS_SYSCALL value on its
own (via its param.h info).
This is dangerous, since if a platform does not define an AFS_SYSCALL,
or if it happens to not be defined for any reason, some code may try
to call syscall 31, which could be anything.
So get rid of this. If this breaks the build on any platform, then
that platform should define AFS_SYSCALL in its own platform-specific
header, or get rid of the problematic AFS_SYSCALL usage.
Change-Id: I9583c8e5adc4106848a437d81306000490787ef3
Reviewed-on: https://gerrit.openafs.org/11938
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Various parts of the code make use of AFS_SYSCALL in order to
communicate with the libafs kernel module. Even though most modern
platforms do not use an actual syscall anymore (instead using an
ioctl-based method or similar to emulate the traditional AFS syscall),
some code paths rely on AFS_SYSCALL as a fallback, or just use
AFS_SYSCALL because they were never updated to use the newer methods.
Even platforms that do not use the traditional AFS syscall still
define the AFS_SYSCALL number, in case someone still uses it for
something. However, some platforms do not have an AFS syscall number;
there is no "slot" allocated to us, so we cannot safely issue any
syscall.
For those platforms, we must not reference AFS_SYSCALL at all, or we
will fail to build. So, get rid of these references to AFS_SYSCALL if
it is not defined. In some places, we can just avoid the relevant code
making the syscall. In a few other places, we just pretend like the
libafs kernel module was not loaded and yield an ENOSYS error, to make
the code simpler.
Change-Id: I38e033caf7149c2b1b567f9877221ca8551db2ea
Reviewed-on: https://gerrit.openafs.org/11937
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ian Wienand <iwienand@redhat.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a macro to help with easily printing the value of #define'd
constants, called AFS_STRINGIZE(). For example:
printf("The value of AFS_SYSCALL is: " AFS_STRINGIZE(AFS_SYSCALL) "\n");
Change-Id: I19a3e9d930f1ca2085506957b4e96dff5bf1c22e
Reviewed-on: https://gerrit.openafs.org/12893
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ian Wienand <iwienand@redhat.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add the -Wu,-save_args compiler option when building kernel modules
under Solaris 10 and 11 for the amd64 architecture.
Binaries generated with this option save function arguments on the stack
during function entry for debugging purposes. Up to six integer
arguments are saved on function entry, and are not modified during the
execution of the function.
[mmeffie: commit message update]
Change-Id: I7ee50e5108a46685efa17d0380883c6d1702a5e4
Reviewed-on: https://gerrit.openafs.org/12798
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
CTF is a reduced form of debug information similar to DWARF and stab. It
describes types and function prototypes. The principal objective of the
format is to shrink the data size as much as possible so that it could
be included in a production environment. MDB, DTrace, and other tools
use CTF debug information to read and display structures correctly.
This commit introduces a new configure option called --with-ctf-tools.
This option can be used to specify an alternative path where the tools
can be found. If the path is not provided, the tools will be searched
in a set of default directories (including $PATH). The CTF debugging
information will only be included if the corresponding --enable-debug /
--enable-debug-kernel is specified.
Note: at the moment, the Solaris kernel module is the only module
benefited by this commit.
Change-Id: If0a584377652a573dd1846eae30d42697af398d0
Reviewed-on: https://gerrit.openafs.org/12680
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
We have multiple code paths that hold the following locks at the same
time:
- avc->lock for a vcache
- The page lock for a page in 'avc'
In order to avoid deadlocks, we need a consistent ordering for obtaining
these two locks. The code in afs_putpage() currently obtains avc->lock
before the page lock (Obtain*Lock is called before pvn_vplist_dirty).
The code in afs_getpages() also obtains avc->lock before the page lock,
but it does so in a loop for all requested pages (via pvn_getpages()).
On the second iteration of that loop, it obtains avc->lock, and the page
from the first iteration of the loop is still locked. Thus, it obtains a
page lock before locking avc->lock in some cases.
Since we have two code paths that obtain those two locks in a different
order, a deadlock can occur. Fixing this properly requires changing at
least one of those code paths, so the locks are taken in a consistent
order. However, doing so is complex and will be done in a separate
future commit.
For this commit, we can avoid the deadlock for RO volumes by simply
avoiding taking avc->lock in afs_putpages() at all while the pages are
locked. Normally, we lock avc->lock because pvn_vplist_dirty() will call
afs_putapage() for each dirty page (and afs_putapage() requires
avc->lock held). But for RO volumes, we will have no dirty pages
(because RO volumes cannot be written to from a client), and so
afs_putapage() will never be called.
So to avoid this deadlock issue for RO volumes, avoid taking avc->lock
across the pvn_vplist_dirty() call in afs_putpage(). We now pass a dummy
pageout callback function to pvn_vplist_dirty() instead, which should
never be called, and which panics if it ever is.
We still need to hold avc->lock a few other times during afs_putpage()
for other minor reasons, but none of these hold page locks at the same
time, so the deadlock issue is still avoided.
[mmeffie: comments, and fix missing write lock, fix lock releases]
[adeason: revised commit message]
Change-Id: Iec11101147220828f319dae4027e7ab1f08483a6
Reviewed-on: https://gerrit.openafs.org/12247
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Export this header to the kernel sources in the libafs_tree, since it is
needed for the kernel module build.
FIXES 134476
Change-Id: Id359c6d065c259601d14ee5c02b93647f86a0288
Reviewed-on: https://gerrit.openafs.org/12882
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Update all remaining copies of CellServDB in the tree, and make the
Red Hat packaging use it by default too.
Change-Id: I5a70a7c658ad0056cd10945bb730e84f0edfb730
Reviewed-on: https://gerrit.openafs.org/12880
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add files for FreeBSD 10.4, 11.1, and 12.0 (12-CURRENT), for i386 and amd64.
Change-Id: I904f576914bb965a659750e6302f011acf66ba81
Reviewed-on: https://gerrit.openafs.org/12863
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add sysnames for i386 and amd64 10.4, 11.1, and 12.0 (12-CURRENT, at present).
Change-Id: If38ecca7b2b3e40c186b7e9321ce017b4711139c
Reviewed-on: https://gerrit.openafs.org/12862
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The sync-site relabels its database at the end of the first write
transaction. The new label will be equal to the time at which the
sync-site in question first received its coordinator mandate. This time
is stored by a global called ubik_epochTime. In order to make sure that
the new database label is sane, only relabel the database if
ubik_epochTime is within a specific range.
Change-Id: I2408569e5de46d387f63cbc2fab05ea1264a505c
Reviewed-on: https://gerrit.openafs.org/12640
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The ubik_dbVersion global represents the sync site's database version
and it is mostly used by the remote sites for sanity checks. Currently,
this global is updated when database changes are made on the sync site
(SDISK_Commit or SDISK_SetVersion), as well as every time we vote "yes"
for the sync-site in a beacon reply. Unfortunately, ubik_dbVersion is
not updated when a copy of the sync site's database is received via
DISK_SendFile, and it won't get updated until our next "yes" vote.
During this window, the current database version will not match
ubik_dbVersion. As a result, any write transaction during this time
frame will fail on the remote site in question.
To fix this problem, do not wait for the next beacon packet to update
ubik_dbVersion when the sync site's database is received; just update
it when we get the new database. Since no write transactions are
allowed while the db is transferring, ubik_dbVersion can be safely
updated.
Change-Id: Ide7a695a69cb3229ad585d9e56c5ddc2efb76dd7
Reviewed-on: https://gerrit.openafs.org/12716
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, check_dentry_race locks the parent inode in order to ensure
it is not running in parallel with d_splice_alias for the same inode.
(For old Linux kernel versions; see commit b0461f2d: "LINUX:
Workaround d_splice_alias/d_lookup race".)
However, it is possible to hit this area of code when the parent inode
is already locked. When someone tries to create a file, directory, or
symlink, Linux tries to lookup the dentry for the target path, to see
if it already exists. While looking up the last component of the path,
Linux locks the directory, and if it finds a dentry for the target
name, it calls d_invalidate on it while the parent directory is
locked.
For a dentry with a NULL inode, we'll then try to lock the parent
inode in check_dentry_race. But since the inode is already locked, we
will deadlock.
From a user's point of view, the hang can be reproduced by doing
something similar to:
$ mkdir dir # succeeds
$ rmdir dir
$ ls -l dir
ls: cannot access dir: No such file or directory
$ mkdir dir # hangs
To avoid this, we can just change which lock we're using to avoid
check_dentry_race/d_splice_alias from running in parallel. Instead of
locking the parent inode, introduce a new global lock (called
dentry_race_sem), and lock that in check_dentry_race and around our
d_splice_alias call. We know that those are the only two users of this
new lock, so this should avoid any such deadlocks.
This does potentially reduce performance, since all tasks that hit
check_dentry_race or d_splice_alias will take the same global lock.
However, this at least still allows us to make use of negative
dentries, and this entire code path only applies to older Linux
kernels. It could be possible to add a new lock into struct vcache
instead, but using a global lock like this commit does is much
simpler.
Change-Id: Ide0f21145c83d6fbb34c637d8a36c8cd21549940
Reviewed-on: https://gerrit.openafs.org/12868
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit 443dd5367e added support for a
separate debuginfo package for the kernel module. Unfortunately, the
%files directive for the kernel module debuginfo package was incorrectly
placed in the %if stanza of the build_userspace condition, so the
rpmbuild fails when attempting to build just the kernel module.
That is, when running rpmbuild with the options:
rpmbuild --define "build_userspace 0" --define "build_modules 1" ...
rpmbuild fails with:
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/lib/debug/lib/modules/.../extra/openafs/openafs.ko.debug
Fix this by moving the new %files directive out of the build_userspace
conditional.
Change-Id: I46e74b660048022a4cc4327835c6055402a34ccf
Reviewed-on: https://gerrit.openafs.org/12874
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Further refactoring of the autoconf macros. Divy up the linux kernel
checks into smaller files.
This is a non-functional change. Care has been taken preserve the
ordering of the autoconf tests. Except for whitespace, the generated
configure file has not been changed by this refactoring. This has been
verified with a 'diff -u -w -B' comparison of the generated configure
file before and after applying this commit.
Change-Id: I5ea4c9e3a0aeff1767ef561bdb8361781694ee28
Reviewed-on: https://gerrit.openafs.org/12844
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Further refactoring of the autoconf macros. Move more linux and solaris
specific checks into their own files.
This is a non-functional change. Care has been taken preserve the
ordering of the autoconf tests. Except for whitespace, the generated
configure file has not been changed by this refactoring. This has been
verified with a 'diff -u -w -B' comparison of the generated configure
file before and after applying this commit.
Change-Id: Ib3e7b1270826970c541a695230f4e3cd13cf9e3d
Reviewed-on: https://gerrit.openafs.org/12843
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The acinclude.m4 is very large and often requires to be changed for
unrelated commits. Divy up the large acinclude.m4 into a number of
smaller files to avoid so many contentions and to make the autoconf
system easier to maintain.
This is a non-functional change. Care has been taken preserve the
ordering of the autoconf tests. Except for whitespace, the generated
configure file has not been changed by this refactoring. This has been
verified with a 'diff -u -w -B' comparison of the generated configure
file before and after applying this commit.
Change-Id: I70e7f846dea0055d00a60a47422aa73bff25c4c6
Reviewed-on: https://gerrit.openafs.org/12842
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Since the first introduction of FreeBSD support, the macros
(MUTEX_ENTER, etc.) for kernel mutex operations have included
trailing semicolons, unique among all the platforms.
This did not cause problems until the recent work on rx event
handlers, which put a MUTEX_ENTER() in the body of an 'if' clause
with no brackets, and attempted to follow it with an 'else' clause.
This results in the following (rather obtuse) compiler error:
/root/openafs/src/rx/rx.c:3666:5: error: expected expression
else
^
Which is more visible in the preprocessed source, as
if (condition)
expression;;
else
other_expression;
is clearly invalid C.
To fix the FreeBSD kernel module build, remove the unneeded semicolons.
Change-Id: I191009ad412852dcc03cd71a0982fe41a953301d
Reviewed-on: https://gerrit.openafs.org/12853
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
afs_nfsdisp.lo is not used, so we do not need a build rule for it.
Change-Id: I4ca53a4823b0ccd5bfd769867f6766bd05ea4ceb
Reviewed-on: https://gerrit.openafs.org/12802
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Our in-tree xdr.h appears to have started life as a concatenation of
rpc/types.h and rpc/xdr.h, and should include all the needed functionality.
Indeed, commit 7293ddf325 even indicates
that we expect to be using our in-tree XDR everywhere anyway, so the
system XDR is superfluous.
Note that afs/sysincludes.h (not afsincludes.h!) already includes
rx/xdr.h ifndef AFS_LINUX22_ENV.
This change should help systems running glibc 2.26 or newer, which has
stopped providing the Sun RPC headers by default.
While here remove some duplicate includes of rpc/types.h in the
AIX-specific sources.
The Solaris NFS translator bits cannot really be changed, since the system
headers are used and have tight interdependencies.
Update rxgen to not emit rpc/types.h inclusion.
[mmeffie: squash 12801 to not emit rpc/types.h from rxgen]
Change-Id: I0b195216affa06ab9e259cb0bab0c8286a1636d9
Reviewed-on: https://gerrit.openafs.org/12800
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
With recent changes to d_invalidate's semantics (it returns void in Linux 3.11,
and always returns success in RHEL 7.4), it has become increasingly clear that
d_invalidate() is not the best function for use in our best-effort
(nondisruptive) attempt to free up vcaches that is afs_ShakeLooseVCaches().
The new d_invalidate() semantics always force the invalidation of a directory
dentry, which contradicts our desire to be nondisruptive, especially when
that directory is being used as the current working directory for a process.
Our call to d_invalidate(), intended to merely probe for whether a dentry
can be discarded without affecting other consumers, instead would cause
processes using that dentry as a CWD to receive ENOENT errors from getcwd().
A previous commit (c3bbf0b444) tried to address
this issue by calling d_prune_aliases() instead of d_invalidate(), but
d_prune_aliases() does not recursively descend into children of the given
dentry while pruning, leaving it an incomplete solution for our use-case.
To address these issues, modify the shakeloose routine TryEvictDentries() to
call shrink_dcache_parent() and maybe __d_drop() for directories, and
d_prune_aliases() for non-directories, instead of d_invalidate(). (Calls to
d_prune_aliases() for directories have already been removed by reverting commit
c3bbf0b4444db88192eea4580ac9e9ca3de0d286.)
Just like d_invalidate(), shrink_dcache_parent() has been around "forever"
(since pre-git v2.6.12). Also like d_invalidate(), it "walks" the parent
dentry's subdirectories and "shrinks" (unhashes) unused dentries. But unlike
d_invalidate(), shrink_dcache_parent() will not unhash an in-use dentry, and
has never changed its signature or semantics.
d_prune_aliases() has also been available "forever", and has also never changed
its signature or semantics. The lack of recursive descent is not an issue for
non-directories, which cannot have such children.
[kaduk@mit.edu: apply review feedback to fix locking and avoid extraneous
changes, and reword commit message]
Change-Id: Icb6138ee5785e0ef82a9b85b1d2651dfd0830043
Reviewed-on: https://gerrit.openafs.org/12830
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The two stanzas for HAVE_DCACHE_LOCK are now functionally identical;
remove the preprocessor conditionals and duplicate code.
Minor functional change is incurrred for very old (before 2.6.38) Linux
versions that have dcache_lock; we are now obtaining the d_lock as well.
This is safe because d_lock is also quite old (pre-git, 2.6.12), and it
is a spinlock that's only held for checking d_unhashed. Therefore, it
should have negligible performance impact. It cannot cause deadlocks or
violate locking order, because spinlocks can't be held across sleeps.
Change-Id: I08faf204e6bd82c4401cdf6048d12cd551dd18fc
Reviewed-on: https://gerrit.openafs.org/12792
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@dson.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
