The Linux 6.6 commit "fs: add ctime accessors infrastructure"
(9b6304c1d5) added accessor functions for an inode's ctime member.
A follow on commit "fs: rename i_ctime field to __i_ctime" (13bc244578)
changed the name of the inode member ctime to __i_ctime to indicate it's
a private member.
Add an autoconf test for the ctime accessor function
'inode_set_ctime()'.
Add an afs_inode_set_ctime to LINUX/osi_machdep.h that is either defined
as a macro to Linux's inode_set_ctime, or implements a static inline
function to set a inode's ctime.
Convert the setting of an inode's ctime to use afs_inode_set_ctime().
For more information behind the Linux change, see the commit message
for:
"Merge tag 'v6.6-vfs.ctime'
of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs" (615e95831)
Reviewed-on: https://gerrit.openafs.org/15560
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 072c7934cd1b99052882f02294f7036d422b6cf1)
Conflicts:
src/cf/linux-kernel-func.m4 (context)
Change-Id: I729408d12a7946f5778b036ca7e2c14299f3ce8e
Reviewed-on: https://gerrit.openafs.org/15589
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The Linux 6.5 commit:
'vfs: get rid of old '->iterate' directory operation' (3e32715496)
removed the filesystem_operations iterate method. The replacement
method, iterate_shared, was introduced with the Linux 4.6 commit:
'introduce a parallel variant of ->iterate()' (6192269444)
The above commits indicate that the iterate_shared is an "almost"
drop-in replacement for iterate. The vfs documentation for
iterate_shared has caveats on the implementation (serializing in-core
per-inode or per-dentry modifications and using d_alloc_parallel if
doing dcache pre-seeding). A wrapper is provided to assist filesystems
with the migration from iterate to iterate_shared. Until it can be
verified that afs_linux_readdir meets the above requirements, we will
use the wrapper (ref 3e32715496 commit)
Add configure tests for the iterate_shared file_operations member and
for the wrap_directory_iterator function.
Update osi_vnodeops.c to use iterate_shared and the wrapper if they are
both available.
Reviewed-on: https://gerrit.openafs.org/15528
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 7437f4d37719ea53711e06ac9675dad1abd6769e)
Change-Id: Id00cfab2c0b51c2167fe19cd9cf7f136450ff174
Reviewed-on: https://gerrit.openafs.org/15558
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The Linux 6.6 commit "sysctl: Add size to register_sysctl" (9edbfe92a0)
renamed the Linux function register_sysctl() to register_sysctl_sz() and
added a size parameter. For backward compatibility, a macro,
register_sysctl, is provided. The macro calculates the size of the
ctl_table being registered and passes the size to register_sysctl_sz.
However, in order to perform the size calculation, an array of ctl_table
structures must be passed as the 2nd parameter.
This change only affects the autoconf test used to determine if Linux
provides register_sysctl.
Update the autoconf test for register_sysctl to use an actual ctl_table
structure for the 2nd parameter instead of a NULL.
Reviewed-on: https://gerrit.openafs.org/15559
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 76879b28798840fa0df441c328ada9667f06b154)
Change-Id: I9209d9fbc4514ab658f373510decfc2e81a5dc5f
Reviewed-on: https://gerrit.openafs.org/15575
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
In rxi_ReceiveServerCall(), we compare the callNumber in the given
packet to the callNumber on the conn's channel. If the packet's
callNumber is smaller, it indicates the packet is for an earlier call
that has since ended, and we ignore it.
However, we perform this check after checking whether we need to
allocate a new call (conn->call[channel] is NULL), or use an existing
call. If we allocate a new call, we don't check the conn's callNumber
at all, and unconditionally set it to the callNumber in the packet.
This means that if a server call ends and is successfully
rxi_FreeCall()'d, the server will accept any callNumber on the same
channel. If the server sees an old DATA packet from an earlier call
after this happens, it means the server can effectively re-run an RPC
that has already completed successfully, or that the client has
already seen fail.
A server can see a DATA packet for an old call under a variety of
situations, which is, after all, why we check it (dup'd/delayed
packets, the client could still be trying to run an old call, etc).
Seeing one for a freed call is less likely since that usually requires
more time to have passed, but is still possible.
Checking the callNumber was effectively moved in commit 99b43273c0
(rx: prevent connection channel assignment race) in the 1.7.x series.
This commit makes the check similar to how it was in 1.6.x and
earlier.
Reviewed-on: https://gerrit.openafs.org/15524
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 448e82b45268e8b339bdaa6ab0cd5858a04250a9)
Change-Id: I4a0c8a578cef32da8411bd33610aed9c67dc47c6
Reviewed-on: https://gerrit.openafs.org/15562
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The Linux kernel module build will issue a warning when a stack frame
exceeds a specific size via the -Wframe-larger-than= compiler flag (with
a default size of 2048 bytes on most architectures).
At least one distribution, Oracle's Linux with the Unbreakable
Enterprise Kernel (UEK), hardens this check by changing the warning to
an error (-Werror=frame-larger-than=).
Several of the openafs autoconf tests use objects that are allocated on
the stack when testing for structures, or members of a structure.
When the warning is changed to an error, configure fails in several
locations when testing against Linux's task_struct structure, which
exceeds 2048 bytes in size.
openafs/conftest.dir/conftest.c:72:1: error: the frame size of 9984
bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
Update the autoconf Linux tests that allocate structures to use a
statically allocated structure instead of one allocated on the stack.
Reviewed-on: https://gerrit.openafs.org/15477
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit a939eb7ffd2517a127aeb02ebd962e00e9acb960)
Change-Id: Ib1d5b8218981890751187fbcf724dd6643356e98
Reviewed-on: https://gerrit.openafs.org/15549
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The Gentoo distribution changed the default fortify_source setting for
clang (to match the default being used for gcc). This change causes the
following build error:
src/dir/salvage.c:26:9: error: 'printf' macro redefined
[-Werror,-Wmacro-redefined]
^
/usr/include/bits/stdio2.h:89:11: note: previous definition is here
^
1 error generated.
If the fortify_source level is greater than 1, glibc can define printf
as a macro. The clang compiler has a default check for macro
redefinitions (-Wmacro-redefined), while gcc does not provide this
option.
Remove the:
#define printf Log
in src/dir/salvage.c and update callers to use Log() instead of
printf().
Clean up lines that split the call to Log and its first parameter. Fix
the indentation for Log's parameters.
There are no functional changes with this commit.
Reviewed-on: https://gerrit.openafs.org/15462
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit df7f841f3852b5417a1d4ebc981780f2d7651b60)
Change-Id: I9a7d9e70184eb1dbd04f2b1a0e9a668138baaabe
Reviewed-on: https://gerrit.openafs.org/15548
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Indira Sawant <indira.sawant@ibm.com>
Reviewed-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Originally '%x' was commonly used as the printf specifier for formatting
pointer values.
Commit 37fc3b01445cd6446f09c476ea2db47fea544b7d introduced the
AFS_PTR_FMT macro to support platform-dependent printf format specifiers
for pointer representation. This macro defined the format specifier as
'%p' for Windows, and '%x' for non-Windows platforms.
Commit 2cf12c43c6a5822212f1d4e42dca7c059a1a9000 changed the printf
pointer format specifier from '%x' to '%p' on non-Windows platforms as
well, so at this point '%p' is the printf pointer format specifier for
all supported platforms.
Since the AFS_PRT_FMT macro is no longer platform-dependent, and all C89
compilers support the '%p' specifier, retire the macro to simplify the
printf format strings.
Reviewed-on: https://gerrit.openafs.org/13830
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
(cherry picked from commit a133f1b1e7eb605c36ac16a6ed115bef03e8a004)
[cwills@sinenomine.net] As part of the 1.8.x pullup, remove AFS_PTR_FMT
from the files in src/xstat
Change-Id: I1fbb6a9b1c957adf45ca528d744a373809d1b780
Reviewed-on: https://gerrit.openafs.org/15547
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Since the original IBM import, DirSalvage() has ignored the return code
from afs_dir_MakeDir() (f.k.a. MakeDir). This has been safe because, as
the comment states, afs_dir_MakeDir returns no (non-zero) error code.
In preparation for a future commit, add a check for the return from
afs_dir_MakeDir and remove the comment.
Reviewed-on: https://gerrit.openafs.org/13799
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 0639ca8d221231309d59882a63e5a95a10cfdac3)
Change-Id: I13def0fdda5911b16704ba426c4fe2df389311a2
Reviewed-on: https://gerrit.openafs.org/15546
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Indira Sawant <indira.sawant@ibm.com>
Reviewed-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The directory package (src/dir) salvage routines DirOK and DirSalvage
check a global variable 'DErrno' to distinguish logical errors (e.g.
short read) from physical errors (e.g. EIO). However, since the
original IBM import, this logic has not worked correctly because there
is no longer any code that sets the value of DErrno - its value is
always zero.
Instead, modify all implementations of ReallyRead to optionally return
the errno for low-level IO errors.
Also, create a new userspace-only variant - DReadWithErrno() - of the
src/dir/buffer.c version of DRead (the version called by DirOK and
DirSalvage, and the only caller of ReallyRead) to return the ReallyRead
errno upon request.
Also create an analogous variant of afs_dir_GetBlobs,
afs_dir_GetBlobsWithErrno().
Finally, convert DirOK and DirSalvage to use the new variants and
replace DErrno with equivalent logic. Remove all other references to
DErrno.
Reviewed-on: https://gerrit.openafs.org/13798
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 735fa5fb090ee0efc2161597a3974f6fa45126f6)
Change-Id: Ic7b87d1de71feb7ae741b43d534a3d94cd277125
Reviewed-on: https://gerrit.openafs.org/15545
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Commit d566c1cf874d15ca02020894ff0af62c4e39e7bb
'dread-do-validation-20041012' modified directory checking (in the
afs_buffer.c implementation of DRead()) to use size information passed
to DRead, rather than obtained from the cache via afs_CFileOpen.
Because this directory checking does not require any information from
the cache buffers or the cache partition, we can make the check right
away, before searching the cache buffers or calling afs_newslot.
To clarify and simplify, move the directory sanity checking logic to the
beginning of DRead. Remove the afs_newslot cleanup logic which is no
longer needed.
While here, add Doxygen comments for DRead.
Reviewed-on: https://gerrit.openafs.org/13803
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 1aa7d3c199e77e3ebdffe9cea4dee8ee82e81fcd)
Change-Id: I53f4d330c5a4c44ae8619619ba9584006375bf29
Reviewed-on: https://gerrit.openafs.org/15544
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-by: Indira Sawant <indira.sawant@ibm.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Most users of cond vars follow this general pattern when waiting for a
condition:
while (!condition) {
CV_WAIT(cv, mutex);
}
But a few places in src/vol do this:
if (!condition) {
CV_WAIT(cv, mutex);
}
It is important to always re-check for the relevant condition after
waiting for a CV, even if it seems like we only need to wait exactly
once, because pthread_cond_wait() is allowed to wake up its caller
spuriously even the CV hasn't been signalled. On Solaris, this can
actually happen if the calling thread is interrupted by a signal.
In VInitPreAttachVolumes() for DAFS, currently this can cause a
segfault if CV_WAIT returns while 'vq' is empty. We will try to
queue_Remove() the head of the queue itself, resulting in vq.head.next
being set to NULL, which will segfault when we try to pull the next
item off of the queue.
We generally cannot be interrupted by a signal when using opr's
softsig, because signals are only delivered to the softsig thread and
blocked in all other threads. It is technically possible to trigger
this situation on Solaris by sending the (unblockable) SIGCANCEL
signal, though this would be very unusual.
To make sure issues like this cannot happen and to avoid weird corner
cases, adjust all of our CV waiters to wait for a CV using a while()
loop or similar pattern. Spurious wakeups may be impossible with LWP,
but just try to make all code use a similar structure to be safe.
Thanks for mvitale@sinenomine.net for finding and investigating the
relevant issue.
Reviewed-on: https://gerrit.openafs.org/15327
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 9bc06a059121207b354fdf97f65029d8c2b3df30)
Change-Id: Ib1fdf06570e441b4a322a1e9b90ff084e07ad1fb
Reviewed-on: https://gerrit.openafs.org/15543
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Commit 0a58d2188[1] "cf: Run AFS_LT_INIT after setting CC" moved the
location of LT_INIT (libtool initialization) to a common macro, so it is
now expanded in configure-libafs. This breaks the linux DKMS packaging,
which uses configure-libafs to build the kernel module, since the
ltmain.sh aux file is not included in the dkms package.
For now, just include the ltmain.sh aux file in the libafs_tree files to
fix DKMS build. Later, we should restructure the autoconf macros so the
LT_INIT macro is not expanded in the configure-libafs configure script,
since we do not need libtool to build the kernel module.
Thanks to Alex T Prengel for reporting this issue on the openafs-info
mail list.
1) 0a58d21881d7e91deccb416e8d2c272e14b412dd cf: Run AFS_LT_INIT after setting CC
Reviewed-on: https://gerrit.openafs.org/15076
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 76f26c63c7fe9661dfcf267cf75638747c81b7ef)
Change-Id: I595811dec056b8ec4a7cf36f6f96532a1e452e4e
Reviewed-on: https://gerrit.openafs.org/15542
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Indira Sawant <indira.sawant@ibm.com>
Reviewed-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The clang compiler complains that this function pointer cast is not a
prototype.
.../osi_file.c:141:27: error: this function declaration is not a
prototype [-Werror,-Wstrict-prototypes]
afile->proc = (int (*)())0;
^
void
Just use NULL instead of trying to create a cast to 0.
Reviewed-on: https://gerrit.openafs.org/14902
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 689fb56fca57274e73c8394e8588650449565cd8)
Change-Id: I61cf49178a80d011b0169a729c3a08e9829cddad
Reviewed-on: https://gerrit.openafs.org/15541
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Indira Sawant <indira.sawant@ibm.com>
Reviewed-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Currently, two of the Linux-related autoconf macros try to compile code
containing nested C functions (AC_CHECK_LINUX_OPERATION and
LINUX_KMEM_CACHE_CREATE_CTOR_TAKES_VOID). For example, the
AC_CHECK_LINUX_OPERATION check for 'follow_link' generates this code
where 'op' is a nested function inside 'conftest':
#include <linux/module.h>
#include <linux/fs.h>
void conftest(void)
{
struct inode_operations ops;
const char *op(struct dentry *dentry, void **link_date) {
return (const char *)0;
};
ops.follow_link = op;
}
Nested functions are a gcc-specific feature, and are not supported by
other compilers (e.g. clang), causing these checks to always fail when
using clang, leading to incorrect configure results.
To fix this, change AC_CHECK_LINUX_OPERATION and
LINUX_KMEM_CACHE_CREATE_CTOR_TAKES_VOID macros to just define the
relevant function as a proper top-level function.
(these were discovered by forcing a clang build of both the Linux kernel
and the openafs kernel module)
Reviewed-on: https://gerrit.openafs.org/14901
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit a4878a5e26b9997e40a3b197cea5f8c3b24f2539)
Change-Id: Ie186658167a3f9e162fe85722aa0792cbe4fcfda
Reviewed-on: https://gerrit.openafs.org/15540
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
At the beginning of UKERNEL's rx_ServerProc a call to AFS_GUNLOCK
panics with 'afs global lock not held'.
The commit 'afs: Drop GLOCK for various Rx calls' (d5e1428a3b) altered
afs_RXCallBackServer so the global lock is released prior to calling
rx_ServerProc, and to reacquire the lock after rx_ServerProc returns.
Remove the AFS_GUNLOCK at the start and the AFS_GLOCK at the end of
UKERNEL's rx_ServerProc.
Reviewed-on: https://gerrit.openafs.org/14963
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 07076d63edfb9fe7a2311958e9410d5eadb227d9)
Change-Id: If7b0b755e693cb5d892d3300c47fbbdaf76f2f59
Reviewed-on: https://gerrit.openafs.org/15539
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Although the volname string passed to FindByName() is currently always
limited 65 characters (including the terminating nul), to be on the safe
side, use the bounded strlcpy() function when coping the volname to the
temporary tname local variable to avoid the possibility of overwriting
the stack with an unbounded strcpy().
Reviewed-on: https://gerrit.openafs.org/14763
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 494ec08cd04da6f96be02c7dc22d9bb0c409d63b)
Change-Id: I87b225de7d4ce81a4017f47f2d5088ebffd7c66a
Reviewed-on: https://gerrit.openafs.org/15538
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Log a warning to the BosLog when the bosserver is not started in
restricted mode to encourage admins to enable restricted mode.
Also, log a notice when restricted mode is enabled to reassure admins
restricted mode is enabled on start up.
Reviewed-on: https://gerrit.openafs.org/14762
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit d91b92e308dc2ac2e489581839c1fc1bf9147e16)
Change-Id: Id35b089855797541bbc2f59982b3da7b4fab824e
Reviewed-on: https://gerrit.openafs.org/15537
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Currently, when afs_ShakeLooseVCaches runs osi_TryEvictVCache, we
check if osi_TryEvictVCache slept (i.e. dropped afs_xvcache/GLOCK). If
we sleep over 100 times, then we stop trying to evict vcaches and
return.
If we have recently accessed a lot of AFS files, this limitation can
severely reduce our ability to keep our number of vcaches limited to a
reasonable size. For example:
Say a Linux client runs a process that quickly accesses 1 million
files (a simple 'find' command) and then does nothing else. A few
minutes later, afs_ShakeLooseVCaches is run, but since all of the
newly accessed vcaches have dentries attached to them, we will sleep
on each one in order to try to prune the attached dentries. This means
that afs_ShakeLooseVCaches will evict 100 vcaches, and then return,
leaving us with still almost 1 million vcaches. This will happen
repeatedly until afs_ShakeLooseVCaches finally works its way through
all of the vcaches (which takes quite a while, if we only clear 100 at
once), or the dentries get pruned by other means (such as, if Linux
evicts them due to memory pressure).
The limit of 100 sleeps was originally added in commit 29277d96
(newvcache-dont-spin-20060128), but the current effect of it was
largely introduced in commit 9be76c0d (Refactor afs_NewVCache). It
exists to ensure that afs_ShakeLooseVCaches doesn't take forever to
run, but the limit of 100 sleeps may seem quite low, especially if
those 100 sleeps run very quickly.
To avoid the situation described above, instead of limiting
afs_ShakeLooseVCaches based on a fixed number of sleeps, limit it
based on how long we've been running, and set an arbitrary limit of
roughly 3 seconds. Only check how long we've been running after 100
sleeps like before, so we're not constantly checking the time while
running.
Log a new warning if we exit afs_ShakeLooseVCaches prematurely if
we've been running for too long, to help indicate what is going on.
Reviewed-on: https://gerrit.openafs.org/14254
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit cd65475e95e25c8e7071e099a682bdcc03d2cce1)
Change-Id: I6c8e440a3c4dec5e6d769f40d9638a3edc6ad333
Reviewed-on: https://gerrit.openafs.org/15536
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
When reading a file with a file length of >= 4G, the cache manager is
failing the read with an EIO error.
In afs_GetDCache, the call to IsDCacheSizeOK is passed a parameter that
contains only the lower 32bits of the file length (which requires a 64
bit value). This results in the EIO error if the length is over 2^32 -1.
The AFSFetchStatus.Length member needs to be combined with the
AFSFetchStatus.Length_hi to obtain the full 64bit file length.
Fix the calls to IsDCacheSizeOK to use the full 64bit file length.
Commit "afs: Check dcache size when checking DVs
7c60a0fba11dd24494a5f383df8bea5fdbabbdd7" - gerrit 13436 - added the
IsDCacheSizeOK function and the associated calls.
As a note, the AFSFetchStatus.DataVersion is the lower 32 bits of the
full 64bit version number, AFSFetchStatus.dataVersionHigh contains
the high order 32bits. The function IsDCacheSizeOK is passed just the
32bit component, the only use of the parameter is in an error message.
Reviewed-on: https://gerrit.openafs.org/14002
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit bebae936b4ef3bf47624c0ff0baae5521bad804e)
Change-Id: I68f3ee04af25c7e99e0795804226ba5075af0ea8
Reviewed-on: https://gerrit.openafs.org/15535
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
IsDCacheSizeOK currently can incorrectly flag a dcache as corrupted,
since the size of a dcache may not match the size of the underlying
file in a couple of RW conditions:
- If someone is writing to a file beyond EOF, the intermediate
'sparse' area may be populated by 0-length dcaches until the data is
written to the fileserver.
- Directories may be modified locally instead of being fetched from
the fileserver, which can sometimes result in a directory blob of
differing sizes.
To avoid false positives detecting dcache corruption, just skip the
IsDCacheSizeOK check for directories, and any file with pending writes
(CDirty).
Also add some extra information to the logging messages when this
"corruption" is detected, so false positives may be more easily
detected in the future.
Reviewed-on: https://gerrit.openafs.org/13747
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit e6b97b337bc97fdb1c8e4f1a0572c62dfc82d979)
Change-Id: I177020c37ba92d8730fe4c68ca610f1b39c3d69b
Reviewed-on: https://gerrit.openafs.org/15533
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Currently, if the dcache for a file has nonsensical length (due to
cache corruption or other bugs), we never notice, and we serve
obviously bad data to applications. For example, the vcache metadata
for a file may say the file is 2k bytes long, but the dcache for that
file only has 1k bytes in it (or more commonly, 0 bytes).
This situation is easily detectable, since the dcache and vcache refer
to the same version of the same file (when the DVs match), and so we
can check if the two lengths make sense together. So to avoid giving
bad data to userspace applications, perform a sanity check on the
lengths at the same time we check for DV matches (to see if the dcache
looks "fresh" and not stale). If the lengths do not make sense
together, we just pretend that the dcache is old, and so we'll ignore
it and fetch a new copy from the fileserver.
Also check the size of the data fetched from the fileserver for a
newly-fetched dcache in afs_GetDCache, to avoid returning a bad dcache
if the dcache isn't already present in the cache.
Reviewed-on: https://gerrit.openafs.org/13436
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 7c60a0fba11dd24494a5f383df8bea5fdbabbdd7)
Change-Id: I197d197f3f2eaf0473c76c60c9df842a3bed934a
Reviewed-on: https://gerrit.openafs.org/15532
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Volume restores work by overwriting vnodes with the data in the given
volume dump. If we restore a partial incremental dump from an older
version of the volume, this generally results in a partly-corrupted
volume, since directory vnodes may contain references that don't exist
in the current version of the volume (or are supposed to be in a
different directory).
Currently, the volserver does not prevent restoring older volume data
to a volume, and this doesn't necessarily always result in corrupted
data (for instance, if we are restoring a full volume dump over an
existing volume). But restoring old volume data seems more likely to
be a mistake, since reverting a volume back to an old version, even
without corrupting data, is a strange thing to do and may cause
problems with our methods of cache consistency.
So, log a warning when this happens, so if this is a mistake, it
doesn't happen silently. But we still do not prevent this action, since
it's possible something could be doing this intentionally. We detect
this just by checking if the updateDate in the given header is older
than the current updateDate for the volume on disk.
Note: Restoring a full dump file (-overwrite f) will not result in
corrupted data. In this scenario, the restore operation removes the
volume on disk first (if present). After that, the dump file is
restored. In this case, we do not log anything (the volume is not
corrupted).
Reviewed-on: https://gerrit.openafs.org/13251
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 8375a7f7dd0e3bcbf928a23f874d1a15a952cdef)
Change-Id: Ic119b0a7b1eac5e01fabbadc0aa679d5f2617d53
Reviewed-on: https://gerrit.openafs.org/15531
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Indira Sawant <indira.sawant@ibm.com>
Reviewed-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The Linux 6.5 commit:
panic: make function declarations visible (d9cdb43189)
added a declaration for abort into panic.h.
When building the Linux kernel module, the build fails with the
following:
src/crypto/hcrypto/kernel/config.h:95:20: error: static declaration of
‘abort’ follows non-static declaration
95 | static_inline void abort(void) {osi_Panic("hckernel aborting\n"
);}
| ^~~~~
...
from ./include/linux/wait.h:9,
from /openafs/src/afs/sysincludes.h:118,
from /openafs/src/crypto/hcrypto/kernel/config.h:30:
./include/linux/panic.h:36:6: note: previous declaration of ‘abort’
with type ‘void(void)’
36 | void abort(void);
| ^~~~~
Update the declaration in hcrypto/kernel/config.h to change the function
name from abort to _afscrypto_abort and use a preprocessor define to
map abort to _afscrypto_abort.
Reviewed-on: https://gerrit.openafs.org/15501
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c4c16890d9d2829f6bef1ef58feafb30b1d59da3)
Change-Id: I54cc9156b98320d04fe6f7bb595a150d5ba87b49
Reviewed-on: https://gerrit.openafs.org/15523
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The linux 6.5 commit:
"sysctl: Remove register_sysctl_table" (b8cbc0855a)
removed the Linux function register_sysctl_table(). The replacement
function is register_sysctl(), which offers a simpler interface.
Add an autoconf test for the Linux function register_sysctl and add a
call to register_sysctl when available.
Notes:
The Linux function register_sysctl was added in Linux 3.3 with the
commit:
'sysctl: Add register_sysctl for normal sysctl users' (fea478d410)
with a note that it is a simpler interface.
The function register_sysctl_table was marked as deprecated with the
Linux 6.3 commit:
'proc_sysctl: enhance documentation' (1dc8689e4c)
Reviewed-on: https://gerrit.openafs.org/15500
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit fb31d299e6caa015f6288ba9186da6277d3d6a8d)
Change-Id: I60f68f1dd95c32bada7179e98250fd44d7c2ddf3
Reviewed-on: https://gerrit.openafs.org/15522
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Our sysctl definitions are quite verbose, and adding new ones involves
copying a bunch of lines. Make these a little easier to specify, by
defining some new preprocessor macros.
Reviewed-on: https://gerrit.openafs.org/13700
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 1b0bb8a7fcbd69d513ed30bb76fd0693d1bd3319)
Change-Id: Ib656634ed956b845c89656069aa297253acce785
Reviewed-on: https://gerrit.openafs.org/15521
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The Linux 6.5 commit:
'splice: Remove generic_file_splice_read()' (c6585011bc)
replaces the function generic_file_splice_read() with the function
filemap_splice_read().
The Linux function 'filemap_splice_read()' was introduced with the
Linux 6.3 commits:
'splice: Add a func to do a splice from a buffered file without
ITER_PIPE' (07073eb01c)
'splice: Export filemap/direct_splice_read()' (7c8e01ebf2)
With updates in Linux 6.5:
'splice: Fix filemap_splice_read() to use the correct inode'
(c37222082f) -- which fixes a problem in the code.
'splice: Make filemap_splice_read() check s_maxbytes' (83aeff881e)
Due to the fact that there could be problems with splice support prior
to Linux 6.5 (where filemap_splice_read()'s use was expanded to
additional filesystems other than just cifs), we only want to use
'filemap_splice_read()' in Linux 6.5 and later.
The LINUX/osi_vnodeops.c file is updated to use 'filemap_splice_read()',
for Linux 6.5 and later, for the splice_read member of the
file_operations structure.
Reviewed-on: https://gerrit.openafs.org/15486
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 0e06eb78f293bb295b0fe12da24abd8dc1160149)
Change-Id: I3b5436234d275253a37987dc40a522ae8f3cae1e
Reviewed-on: https://gerrit.openafs.org/15520
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Currently, 'linktest' in libuafs is built with a weird custom rule
that specifies several various CFLAGS and LDFLAGS, etc. One
side-effect of this is that linktest is built without specifying -O,
even if optimization is otherwise enabled.
Normally nobody would care about the optimization of linktest, since
it's never supposed to be run, but this can cause an error when
building with -D_FORTIFY_SOURCE=1 on some systems (such as RHEL7):
In file included from /usr/include/sys/types.h:25:0,
from /.../src/config/afsconfig.h:1485,
from /.../src/libuafs/linktest.c:15:
/usr/include/features.h:330:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
# warning _FORTIFY_SOURCE requires compiling with optimization (-O)
^
cc1: all warnings being treated as errors
make[3]: *** [linktest] Error 1
For now, to fix this just include $(COMMON_CFLAGS) in the flags we
give for linktest, so $(OPTMZ) also gets pulled in, and building
linktest gets a little closer to a normal compilation step.
Reviewed-on: https://gerrit.openafs.org/14324
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c4f853aa00f1650b678cbd22ad1e2a9cf01c1303)
Change-Id: I842fc630979fa98950f09326a556da1f7d1cd23b
Reviewed-on: https://gerrit.openafs.org/15519
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Commit f2003ed68c (gcc: Avoid false positive use-after-free in crypto)
added a configure check to detect whether the compiler we're using
exhibits the use-after-free warning bug. We add -O0 to CFLAGS for the
test to make sure the bug triggers for gcc 12, but if the user has
specified, for example, CFLAGS=-D_FORTIFY_SOURCE=1, this causes
the compile check to always fail:
/usr/include/features.h:330:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
# warning _FORTIFY_SOURCE requires compiling with optimization (-O)
This causes _OPENAFS_UAF_COMPILE_IFELSE to always fail, and so we
throw an AC_MSG_ERROR during configure.
To allow the build to continue with _FORTIFY_SOURCE, make sure
_FORTIFY_SOURCE is undefined for this specific test. The compile test
can then succeed with -O0 (unless we trigger the use-after-free bug,
of course).
Reviewed-on: https://gerrit.openafs.org/15499
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 2e6b80e4bcdb476e95c8cff46ebaae69f092abec)
Change-Id: Ibafe136c2d0364741f0ea2e3d823e181d7983f20
Reviewed-on: https://gerrit.openafs.org/15518
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Since the original IBM code import, attach2 has set the volume's index
bitmaps to NULL in preparation for allocating and initalizing new
bitmaps. However, the volume may already have bitmaps from previous
operations, and this is much more likely with DAFS. In this case, the
old bitmaps are leaked.
Instead, free any existing bitmap before allocating a new one.
Discovered via Solaris libumem.so.1.
Reviewed-on: https://gerrit.openafs.org/15428
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 4b42b07fde2cb87ecb0f3135612a4c086227fa09)
Change-Id: I8d67a4ef75218acc6e5852b77b90e7898e78585e
Reviewed-on: https://gerrit.openafs.org/15517
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Since its introduction with commit 7e4e06b87a09 "Derive DES/fcrypt
session key from other key types", rxkad_derive_des_key has failed to
free the memory associated with its HMAC context struct.
This results in a leak of at least 352 bytes for each rxkad challenge
response processed by an OpenAFS server when using rxkad-kdf.
Free the memory by calling HMAC_CTX_cleanup after each round of the
loop.
Discovered via Solaris libumem.so.1.
Reviewed-on: https://gerrit.openafs.org/15427
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 915c9ec007810f99a5ea8be73426fc8882f615fd)
Change-Id: I4710c1180cdca19cc963d7409ef15e74efd51498
Reviewed-on: https://gerrit.openafs.org/15516
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Our 'fs flush' and related commands (flushall, flushvolume) clear the
relevant entries in the OpenAFS stat cache and data cache, which can
fix problems if the cache ever becomes incorrect for any reason. (This
can happen after bugs, repairing corrupted volumes, disaster recovery
scenarios, and similar edge cases.)
However, on Linux, these commands don't affect the VFS dentry cache.
If someone needs to use an 'fs flush' command to fix a problem, this
will fix the OpenAFS cache, but the Linux dcache can still be wrong.
The only way to manually flush dcache entries is to use the global
'drop_caches' mechanism, which is a very heavweight operation, only
accessible to root.
For example:
$ ls -l
ls: cannot access foo.1: No such file or directory
total 2
drwxrwxr-x. 2 bin adeason 2048 Apr 6 14:20 dir
-?????????? ? ? ? ? ? foo.1
$ fs flush .
$ ls -l
ls: cannot access foo.1: No such file or directory
total 2
drwxrwxr-x. 2 bin adeason 2048 Apr 6 14:20 dir
-?????????? ? ? ? ? ? foo.1
$ sudo sysctl -q -w vm.drop_caches=3
$ ls -l
total 3
drwxrwxr-x. 2 bin adeason 2048 Apr 6 14:20 dir
-rw-rw-r--. 1 bin adeason 29 Sep 22 2022 foo.1
To make the 'fs flush' commands be effective in more situations,
change afs_ResetVCache() to also invalidate the dcache entries
associated with each vcache we reset. To make things simpler and
reduce locking complexity, do this by setting d_time to 0, and don't
directly run dcache-managing functions like d_invalidate or d_drop,
etc.
The above example now becomes:
$ ls -l
ls: cannot access foo.1: No such file or directory
total 2
drwxrwxr-x. 2 bin adeason 2048 Apr 6 14:20 dir
-?????????? ? ? ? ? ? foo.1
$ fs flush .
$ ls -l
total 3
drwxrwxr-x. 2 bin adeason 2048 Apr 6 14:20 dir
-rw-rw-r--. 1 bin adeason 29 Sep 22 2022 foo.1
Reviewed-on: https://gerrit.openafs.org/15391
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit d460b616ebad763f7e480e194b2bffc28df99721)
Change-Id: I184046469c396b0421752d91c47477ebe8eaed13
Reviewed-on: https://gerrit.openafs.org/15515
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Add a top-level makefile target to build RPMs for Red Hat distributions
from the currently checked out commit. The resulting rpms are placed in
the packages/rpmbuild/RPMS/<arch> directory.
The rpm target is intended to be a convenience for testing changes to
the rpm packaging or generating packages for local testing.
Reviewed-on: https://gerrit.openafs.org/14114
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 8b68f1a4e1e3ae06de0d6c5a8af60ef99cacb83a)
Change-Id: I31fcd579d9610303cb44b4813ecaf8dd00e09e7e
Reviewed-on: https://gerrit.openafs.org/15514
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The makesrpm.pl script generates a source RPM by creating a temporary
rpmbuild workspace, populating the SOURCES and SPECS directories in that
workspace, running rpmbuild to build the source RPM, and finally copying
the resulting source RPM out of the temporary workspace.
The name of the source RPM file created by rpmbuild depends on the
package version and release strings. Unfortunately, the format of the
source RPM file name changed around OpenAFS 1.6.0, so makesrpm.pl has
special logic to find the version string and extra code depending on the
detected OpenAFS version.
Instead of trying to predict the name of the resulting source RPM file
from the OpenAFS version string, and having different logic for old
versions of OpenAFS, use a filename glob to find resulting source RPM
file name in the temporary rpmbuild workspace.
Remove the major, minor, and patch level variables, which were only used
to guess the name of the resulting source RPM file name.
Convert '-' characters to '_' in the package version and package
release, since the '-' character is reserved by rpm as a field
separator.
While here, add the --dir option to specify the path of the generated
source RPM, and change the 'srpm' makefile target to use the new --dir
option, instead of changing the current directory before running
makesrpm.pl. Also, add a dependency on the 'dist' makefile target,
since the the source and document tarballs are required to build the
source RPM.
Add pod documentation and add the --help (-h) option to print a brief
help message, and add the --man option to print the full man page.
With this change, we can build a source RPM even when the .version file
in the src.tar.bz file has a custom format or was created from a
checkout of the master branch or other non-release reference.
Reviewed-on: https://gerrit.openafs.org/14116
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 7cc6b97ad26089ecb88019468f3ef7c0222cebe1)
Change-Id: I6f533aa4dff42c8e256fd7cf07831e0f6c0b0c63
Reviewed-on: https://gerrit.openafs.org/15513
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Each time the bosserver starts, it checks for the presence of the client
configuration directory and the CellServDB and ThisCell files within it.
When not found, the bosserver creates the client cell configuration
directory. When the CellServDB and ThisCell files are not present in the
client configuration directory, the bosserver creates symlinks to the
server's CellServDB and ThisCell files. This feature of the bosserver
was a convenience when older versions of vos and pts required a client
configuration directory.
However, modern deployments tend to use packaging, with separate client
and server packages. The client configuration directory and files in it
are typically managed by the client packaging. Currently, packagers
must work around these symlinks created by the bosserver. Additionally,
the CellServDB and ThisCell symlinks are hazardous since writing to the
client-side configuration will overwrite the server configuration.
This commit removes the creation the client configuration directory and
the CellServDB and ThisCell symlinks during bosserver startup. This
change is intended to decouple the server from the client, help to avoid
overwriting the server configuration, and avoid requiring client artifacts
on a server.
Reviewed-on: https://gerrit.openafs.org/12586
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c8aae4da4fcfd22c19fc9c8835960005554ac9d6)
Change-Id: I76d24eadaecd19d21f12b8bd85eca2a4888d3e4c
Reviewed-on: https://gerrit.openafs.org/15512
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Add an initialization retry in the bos, vos, and pts commands to
fallback to the server configuration directory when initialization fails
with the client configuration directory. This allows admins to run
unauthenticated bos, vos, and pts commands on servers without a client
configuration (including symlinks created by the bosserver) without
any extra command line options.
Perform the initialization retry only when the -localauth or -config
options are not given. The bos, vos, and pts commands already use the
server configuration path when the -localauth option is given, so there
is no point in retrying the same path. The vos and pts -config option
specifies the path to be used, so we do not fallback to a different
directory when the user specifies the configuration path to be used.
While here, change the scope of the confdir variable in vos.c from a
global to a local variable, since it is only used within the
MyBeforeProc() function.
This change does not add a vsu_ClientInit() retry in the bos salvage
command. That command always requires authorization, so when run without
-localauth requires a token (and therefore a cache manager and client
cell configuration).
Update the bos, vos, and pts man pages to describe this new fallback
method to lookup the configuration directory. (The AFSCONF environment
variable and .AFSCONF files are currently undocumented in the man pages.
They should be documented or removed from the code in a future change.)
Reviewed-on: https://gerrit.openafs.org/15351
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 77eb1728331e0825ecb6fbe29db334c61b5276d0)
Conflicts: (1.8.x does not have rxgk support)
src/ptserver/pts.c
src/volser/vos.c
Change-Id: I1e0ffb8a074098ed6d4750d8e02cbfb8c0dbaff5
Reviewed-on: https://gerrit.openafs.org/15511
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Update pts to use cmd_AddParmAtOffset and symbolic constants for our
common parameters, instead of using bare literals like '16'.
Reviewed-on: https://gerrit.openafs.org/13946
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit d0941e81b2f1f499cebb57d8a81d82802913d9be)
Conflicts: (1.8.x does not have rxgk support)
src/ptserver/pts.c
Change-Id: I0bc2c6038c0d7983c6364ec186aef18105b02d3a
Reviewed-on: https://gerrit.openafs.org/15510
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Currently, h_stateVerifyHost verifies that all of the valid entries on
h->z.interface are on the host address hashtable. If we don't have a
h->z.interface, we check the primary address h->z.host/h->z.port
instead.
But if we do have a h->z.interface, we don't check h->z.host/h->z.port
at all. Normally, the primary address should always be included in the
h->z.interface list (in a 'valid==1' entry), and so checking the
primary address is redundant. However, currently it is possible in
some edge cases for the primary address to be missing from the
hashtable and to not be listed as a valid address in h->z.interface.
In such cases, we don't flag an error or even log a warning, since we
don't check the primary address separately. (These cases are bugs, and
will be addressed in future commits.)
To detect this case, change h_stateVerifyHost to always check
h->z.host, just like we do for the entries in h->z.interface.
Reviewed-on: https://gerrit.openafs.org/15070
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 9d144491d94e7e19e2d710601a37045ef1ef1fdc)
Change-Id: Icdd65c081372e1057df67401643973e1ac6f016e
Reviewed-on: https://gerrit.openafs.org/15509
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Due to a bug in gcc-12 and gcc-13, several warnings are generated for a
use-after-free in crypto.c, which leads to a build failure with
--enable-checking:
src/external/heimdal/krb5/crypto.c:1157:9: error: pointer ‘p’ may be
used after ‘realloc’ [-Werror=use-after-free]
1157 | free(p);
| ^~~~~~~
src/external/heimdal/krb5/crypto.c:1155:20: note: call to ‘realloc’
here
1155 | result->data = realloc(p, sz);
| ^~~~~~~~~~~~~~
However, reviewing the code around these warnings shows that the
use-after-free warnings are incorrectly generated (false positive). The
documentation for realloc states that realloc will return a NULL and not
alter the storage passed if there was an error allocating and the size
passed is non-zero.
There is a possible work-around for the false positive. One can use a
variable that is not a member of a structure to hold and test the value
returned from realloc, then update the structure member from that
variable.
However, the code that is producing the message is in a heimdal external
file, so we cannot modify the source. So just use the compiler flag
-Wno-use-after-free to avoid the warning/error.
Update configure to add tests for the -Wno-use-after-free flag, update
the Makefile to add the flag for CFLAGS.crypto.lo, and update CODING
for the new exception.
Because this is an important check, only disable the warning if the
compiler exhibits this specific bug. We do this by adding specific
configure tests for the compiler bug and conditionally set a CFLAG
variable if the bug is present.
NOTE: The false positive and work-around can be demonstrated with the
following code using gcc-12 (with -O0) or gcc-13 (not sensitive to the
optimization level):
somestruct->somepointer = realloc(ptr, somesize);
if (somestruct->somepointer == NULL && somesize != 0) {
free(ptr); << gets flagged as use-after-free
handle enomem...
}
However the following doesn't get flagged:
char *tmpptr = realloc(ptr, somesize);
if (tmpptr == NULL && somesize != 0) {
free(ptr);
handle enomem...
}
somestruct->somepointer = tmpptr;
The GCC ticket https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110501
has been marked as confirmed.
Reviewed-on: https://gerrit.openafs.org/15471
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit f2003ed68c2fecf679d0b04146427258d39369ea)
Change-Id: Ib7ae86c66f0ef1fc12d4ff4b796b712dc97e2e13
Reviewed-on: https://gerrit.openafs.org/15508
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
If the Linux kernel has CONFIG_WERROR enabled, and openafs is configured
with --disable-checking, the libafs kernel module fails to build:
/src/libafs/MODLOAD-5.14.0-305.el9.x86_64-MP/evp.c:501:9:
error: cast between incompatible function types from
‘void (*)(void *)’ to ‘int (*)(EVP_MD_CTX *)’ {aka
‘int (*)(struct hc_EVP_MD_CTX *)’} [-Werror=cast-function-type]
501 | (hc_evp_md_init)null_Init,
| ^
The openafs commit:
Linux-5.17: Kernel build uses -Wcast-function-type (6bdfa97673)
fixed above error when the Linux kernel has CONFIG_WERROR enabled and
openafs is configured with --enable-checking. But we will still fail
when CONFIG_WERROR is enabled and openafs is configured with
--disable-checking (which is the default).
Update osconf.m4 to always set CFLAGS_NOCAST_FUNCTION_TYPE, so that it
can be used to avoid the above compiler check even when checking is
disabled.
NOTE: The only use of CFLAGS_NOCAST_FUNCTION_TYPE is to correct the
warnings flagged in external/heimdal/hcrypto/evp.c and evp-algs.c.
NOTE: --enable-checking=all can be used to bypass setting the define.
Reviewed-on: https://gerrit.openafs.org/15417
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit 2357ac6ae59ad1908b14b5e76e5931c7071ee9a2)
Change-Id: I96ccf89a7316449a0492d08dbfc0e625e143d933
Reviewed-on: https://gerrit.openafs.org/15507
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
It looks that EndTimestamp holds the user’s token expiration time even after
function afs_MarkUserExpired() gets called from afs_pag_destroy(). So it
seems that the PAGs/tokens are not being reclaimed. This will lead to pag
buildup on the system.
The PAG/'struct unixuser' is not being freed because afs_GCUserData() checks
afs_HasUsableTokens(), which checks EndTimestamp, which says the tokens still
haven't expired. So the PAG doesn't get freed.
This behavior has existed since commit ba1d050c6e (Make unixuser's vid
advisory).
To fix this, change afs_GCuserData() to check for the UHasTokens flag, and
ignore any tokens if UHasTokens isn't set. This causes the PAG to be freed,
since we don't look at the EndTimestamp of the tokens at all.
Thanks Todd DeSantis for your support.
Signed-off-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-on: https://gerrit.openafs.org/15404
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 630d423897e5fffed1873aa9d12c4e74a8481041)
Change-Id: I74b1ea1173df904928ad027e48b231058c1e0f1d
Reviewed-on: https://gerrit.openafs.org/15506
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Kailas Zadbuke <kailashsz@in.ibm.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Update version strings for the 1.8.10 release, and add the
finishing touch to NEWS.
Change-Id: I5ade3bf8eb05474c5e4344e7c727545e807a0053
Reviewed-on: https://gerrit.openafs.org/15490
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Update version strings for the first 1.8.10 prerelease.
Change-Id: I116eb9852e7799540fea4cd439f513d571231f45
Reviewed-on: https://gerrit.openafs.org/15282
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Ben Huntsman <ben@huntsmans.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Release notes for the first 1.8.10 prerelease.
Change-Id: Ie7ed1b65444239528edcb4861ad3e99af54c4bbb
Reviewed-on: https://gerrit.openafs.org/15440
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
On Linux, we can define a .getattr callback for files and directories,
which is called when a caller requests metadata for the file, such as
during lstat(). For regular files and directories, we set this to
afs_linux_getattr(), which updates the metadata for the file in
question if it's out of date (CStatd not set).
For symlinks, however, we don't set .getattr at all. This would seem
to allow symlink metadata to become stale if another client changes
it, but the metadata often happens to stay up to date via other means.
For example, we can see the following happen:
- Another client changes, for example, the owner of a symlink we have
cached.
- The fileserver sends us a callback break, and so we clear CStatd for
the vcache for the symlink.
- lstat() is called for the symlink, which causes
afs_linux_dentry_revalidate() to be called for the cached dentry.
Since CStatd is not set for the vcache, we verify the entry by
calling afs_lookup(), and then update the symlink's metadata via
afs_getattr() and vattr2inode().
However, if CStatd _is_ set for the symlink when lstat() is called,
afs_linux_dentry_revalidate() will not update anything, and will just
return success. So, if we manage to set CStatd for the symlink without
updating it's Linux VFS metadata, the Linux metadata won't be updated,
and we'll report the old metadata to the caller of lstat().
We can set CStatd without updating the Linux VFS info in a few
different ways. A few pioctls such as PRemoveMount or PFlushMount can
do this if they encounter an error, but the only code paths that call
these pioctls in OpenAFS (via the 'fs' utility) also lstat() the
relevant path, so this doesn't happen in practice.
A more common way that this can occur is via afs_DoBulkStat(). If
userspace triggers a bulkstat that includes the symlink in question,
the symlink would gain the CStatd flag without any interaction with
the Linux VFS.
For example, say a symlink was chown'd from 'adeason' to 'root'. On
another client with the symlink cached, running 'ls -l' on the symlink
itself would show the updated owner, because
afs_linux_dentry_revalidate() updates the metadata:
$ ls -l dir.slink
lrwxr-xr-x. 1 root root 3 May 5 14:48 dir.slink -> dir
But if we 'ls -l' the entire directory, which contains other entries,
we will bulkstat many of the entries, possibly including the symlink.
And so we may see the old metadata:
$ ls -l
total 9
[...]
lrwxr-xr-x. 1 adeason root 3 May 5 14:48 dir.slink -> dir
Triggering this behavior requires a bulkstat to be triggered before we
access the symlink itself, and so triggering this behavior depends on
the order of the entries in the directory as well as whether the other
items in the dir are cached. As such, triggering this behavior during
normal operation tends to be inconsistent and confusing.
The only lstat() info for symlinks that can change like this is the
owner, group, and modtime; mode bits cannot change, and neither can
the length/size (or the contents in general). So, stale metadata tends
to not be very noticeable.
To fix all of this, set .getattr to afs_linux_getattr() for symlinks,
just like we do for regular files and directories. This ensures that
we will update the Linux VFS metadata for the symlink when it is
requested, so we won't return stale metadata to callers.
This behavior appears to have existed for symlinks on Linux for quite
a while, possibly since our Linux 2.6 support was added. The behavoir
may have been introduced around commit b860b359d58
(initial-linux24-support-20001105) or commit 00543744955
(linux22-fix-20040405). Before those commits, we defined a .revalidate
callback for symlinks, which was called on older Linux versions before
fetching file metadata, and so probably ensured that an lstat() on a
symlink returned properly updated info.
Reviewed-on: https://gerrit.openafs.org/15423
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 2b32b130f534068251ce9fd1b621de6e480d56d7)
Change-Id: I194308e2a4783cc3205c6cfd54880421635f6b38
Reviewed-on: https://gerrit.openafs.org/15443
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Currently, the AFS_MOUNT_AFS #define is used to mean two completely
different things:
- The string "afs", corresponding to the first argument to mount(2) on
many platforms and some related calls inside libafs (e.g.
getnewvnode() on FBSD).
- An integer identifying the AFS filesystem (e.g. gfsadd() on AIX).
Depending on the platform and the build context (UKERNEL vs KERNEL),
AFS_MOUNT_AFS gets defined to one of those two things. This is very
confusing, and has led to mistakes in the past, such as those fixed in
commit 446457a1 (afs: Set AFS_VFSFSID to a numerical value).
To avoid such confusion, get rid of AFS_MOUNT_AFS completely, and
replace it with two new symbols:
- AFS_MOUNT_STR, the string "afs".
- AFS_FSNO, the integer given to gfsadd() et al.
When AFS_MOUNT_AFS is split this way, AFS_MOUNT_STR then is always
defined to the same value, so remove it from the param.h files for our
platforms. Instead, define it in afs.h for libafs use, and in
afsd_kernel.c (the only place outside of src/afs that uses it).
Also remove the logic for conditionally defining MOUNT_AFS from the
param.h files, moving the logic to the same locations as
AFS_MOUNT_STR.
Note that this commit removes the numeric definition for AFS_MOUNT_AFS
in param.sgi_65.h (aka AFS_FSNO). We never actually used this value,
since AFS_FSNO is not used on IRIX; instead, we tend to use the
'afs_fstype' global instead of a constant number.
Reviewed-on: https://gerrit.openafs.org/14323
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 6b96a49eb6268adf9fc7e077fe849af7802a1575)
Change-Id: Iebb35b323ceb50f9603387c46168b80ec800735d
Reviewed-on: https://gerrit.openafs.org/15422
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ben Huntsman <ben@huntsmans.net>
Tested-by: Ben Huntsman <ben@huntsmans.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
We should only assign to 'ev' once, rather than assigning a second
time to an uninitialized value.
Reported by Ben Huntsman and diagnosed by Jeffrey Altman.
Reviewed-on: https://gerrit.openafs.org/15106
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit e51ed7be3849025e9b47d1a644a4fcd99b774b30)
Change-Id: I06ac2155170d8f005afd9551c69d5ef3e60afff3
Reviewed-on: https://gerrit.openafs.org/15442
Reviewed-by: Ben Huntsman <ben@huntsmans.net>
Tested-by: Ben Huntsman <ben@huntsmans.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
On AIX, calling sigwait() on a sigset containing SIGWAITING (or
SIGKILL or SIGSTOP), causes sigwait to return with an EINVAL error.
Currently, signalHandler() calls sigwait() with SIGWAITING, because
SIGWAITING is in the sigset returned by softsigSignalSet(). And so,
sigwait() returns EINVAL, and our opr_Verify in signalHandler() fails,
causing a crash.
To avoid this, remove SIGWAITING from the sigset in
softsigSignalSet(). This is AIX-specific, since the SIGWAITING signal
is AIX-specific.
Reviewed-on: https://gerrit.openafs.org/14705
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c2db41258370159c1257ee79df10afa4a2a2d9e8)
Change-Id: I433e4842b684c5f0f453e20d2f5d455b10a792eb
Reviewed-on: https://gerrit.openafs.org/15441
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ben Huntsman <ben@huntsmans.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
During shutdown, the function shutdown_osisleep is called in
src/afs/afs_osi.c. The body of this function is platform-
specific, and on AIX there is a call to xmfree:
xmfree(tmp);
However, on AIX, xmfree actually takes two arguments:
int xmfree ( ptr, heap)
caddr_t ptr;
caddr_t heap;
This is called elsewhere in the OpenAFS code correctly for
kernel_heap. In src/afs/AIX/osi_sleep.c we start using the
pinned_heap, but never xmfree it. Therefore, we need to do so here
during the shutdown. Here we include a header file which defines
pinned_heap, and then supply it as an argument to xmfree. This
prevents a kernel panic during OS shutdown.
The panic might go unnoticed in many environments, as during a
reboot, the system will normally dump and restart anyway. However,
if kdb is loaded (bosboot -a -D), the system will break into the
debugger before the full shutdown procedure completes. The stack
trace shows the following:
KDB(0)> stack
pvthread+01D200 STACK:
[00023900]abend_trap+000000 ()
[000EFF24]xmfree_frontend+0000A4 (??, ??, ??)
[F1000000C064CF1C]shutdown_osisleep@AF72_5+0000BC (??)
[F1000000C064CB7C]shutdown_osi+00001C ()
[F1000000C064A51C]afs_shutdown+0003BC (0000000100000001)
[F1000000C05A8DD4]afs_unmount+000094 (F1000A01501D4C10, 0000000000000000)
[F1000000C059FCE0]vfs_unmount+0000A0 (F1000A01501D4C10, 0000000000000000,
F1000A015047B07C)
[00014D70].hkey_legacy_gate+00004C ()
[006A6AAC]vfs_unmount+00008C (??, ??, ??)
[006B4228]kunmount+000228 (??, ??, ??, ??)
[006B4944]uvmount+000204 (??, ??)
[00003954]syscall+00024C ()
[100084FC]helper_UMfunc+00027C (??, ??)
[10003D48]dounmount+0000C8 (??, ??, ??, ??)
[100044DC]umountmain+0001BC (??, ??)
[10000AD4]main+0000B4 (??, ??)
[10000168]__start+000068 ()
Reviewed-on: https://gerrit.openafs.org/15419
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 4810cca10bc32df7ba7809fc2bf095d20e2febd8)
Change-Id: I687caa6daae83fc7986e76d370b55f90f5ca53cc
Reviewed-on: https://gerrit.openafs.org/15425
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ben Huntsman <ben@huntsmans.net>
Tested-by: Ben Huntsman <ben@huntsmans.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Addresses a situation where a write in AFS space can cause a kernel
panic. In src/afs/afs_osi_uio.c in the function afsio_partialcopy:
size_t space_len = sizeof(struct uio) +
sizeof(struct iovec) * AFS_MAXIOVCNT;
/* Allocate a block that can contain both the UIO and the iovec */
space = osi_AllocSmallSpace(space_len);
On newer AIX systems (since at least 6.1), space_len is larger than
AFS_SMALLOCSIZ. When osi_AllocSmallSpace is called, the following
test in src/afs/afs_osi_alloc.c causes a kernel panic:
if (size > AFS_SMALLOCSIZ)
osi_Panic("osi_AllocSmallS: size=%d\n", (int)size);
This is due to the following definition in src/config/afs_args.h:
/*
* Note that the AFS_*ALLOCSIZ values should be multiples of sizeof(void*) to
* accomodate pointer alignment.
*/
/* Used in rx.c as well as afs directory. */
/* XXX Because of rxkad_cprivate... XXX */
All the supported AIX platforms define AFS_AIX32_ENV in
src/config/param.rs_aixXX.h, where XX is the AIX version. Therefore,
all the AIX platforms end up with AFS_SMALLOCSIZ = 152 bytes instead
of 256. To resolve this, we will modify the preprocessor test to use
the second case for AIX versions greater than 6.1. This issue may be
present on earlier releases of AIX as well, but AIX 5.3 and older
test systems were not available at this time.
Also, a spelling error in the comment was fixed.
Reviewed-on: https://gerrit.openafs.org/15418
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 8a2d4faa73d0f2e03a4016d7f84c5d5437040cec)
Change-Id: I5a2fc4ad1a829f1ee30387da20ce477c84fa020f
Reviewed-on: https://gerrit.openafs.org/15424
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ben Huntsman <ben@huntsmans.net>
Tested-by: Ben Huntsman <ben@huntsmans.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The msghdr structure is used as a parameter to the Linux kernel
functions kernel_sendmsg() and kernel_recvmsg(). Some required fields
need to be set prior to calling these functions, but there are also
additional structure members that may not be used by the calling code.
Some of these fields may be initialized by the Linux kernel functions
being used, but there may be some that are left uninitialized.
To ensure that all fields in the msghdr structure are cleared, use
memset to zero the entire structure. This will eliminate the need to set
individual fields to 0 or NULL.
Reviewed-on: https://gerrit.openafs.org/15409
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 795ef90d4041f1a5a1139435cc70f96457e0f64b)
Change-Id: Id037e2e548c27b23e2746f804ddcaf7b79d905c4
Reviewed-on: https://gerrit.openafs.org/15411
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
