CVE-2024-10397
Currently, several callers call RPCs with string OUT arguments, and
provide preallocated memory for those arguments. This can easily allow a
response from the server to overrun the allocated buffer, stomping over
stack or heap memory.
We could simply make our preallocated buffers larger than the maximum
size that the RPC allows, but relying on that is error prone, and
there's no way for XDR to check if a string buffer is large enough.
Instead, to make sure we don't overrun a given preallocated buffer,
avoid giving a preallocated buffer to such RPCs, and let XDR allocate
the memory for us.
Specifically, this commit changes several callers to
RXAFS_GetVolumeStatus(), and one caller of BOZO_GetInstanceParm(), to
avoid passing in a preallocated string buffer.
All other callers of RPCs with string OUT args already let XDR allocate
the buffers for them.
FIXES 135043
Reviewed-on: https://gerrit.openafs.org/15918
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 00a1b266af)
Change-Id: Ib174d008eaf1fd10d42702bcdb607e45b26acf58
Reviewed-on: https://gerrit.openafs.org/15940
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
The maxsize argument in xdr_string() is garbage when called by
xdr_free(), since xdr_free() only passes the XDR handle and the xdr
string to be freed. Sometimes the size check fails and xdr_string()
returns early, without freeing the string and without setting the object
pointer to NULL.
Usually this just results in leaking the string's memory. But since
commit 9ae5b599c7 (bos: Let xdr allocate rpc output strings), many
callers in bos.c rely on xdr_free(xdr_string) to set the given string
to NULL; if this doesn't happen, subsequent calls to BOZO_ RPCs can
corrupt memory, often causing the 'bos' process to segfault.
We only need the maxsize check when encoding or decoding, so avoid
accessing the maxsize agument when the op mode is XDR_FREE.
In general, xdr_free() can only safely be used on xdr 2-argument xdr
functions, so must be avoided when freeing xdr opaque, byte, and union
types.
This change makes it safe to use xdr_free() to free xdr strings, but in
the future, we should provide a typesafe and less fragile function for
freeing xdr strings returned from RPCs. Currently, xdr_free(xdr_string)
is only called by the bos client and the tests.
Reviewed-on: https://gerrit.openafs.org/15343
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit bbb1e8adfe)
Change-Id: I1f190d28acab5fa1621919f283571fcacb495ce4
Reviewed-on: https://gerrit.openafs.org/15939
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10396
Several places in the tree parse ACLs using sscanf() calls that look
similar to this:
sscanf(str, "%d dfs:%d %s", &nplus, &dfs, cell);
sscanf(str, "%100s %d", tname, &trights);
Some callers check whether the scanf() returns negative or 0, but some
callers do not check the return code at all. If only some of the fields
are present in the sscanf()'d string (because, for instance, the ACL is
malformed), some of the arguments are left alone, and may be set to
garbage if the relevant variable was never initialized.
If the parsed ACL is copied to another ACL, this can result in the
copied ACL containing uninitialized memory.
To avoid this, make sure all of the variables passed to sscanf() and
similar calls are initialized before parsing. This commit does not
guarantee that the results make sense, but at least the results do not
contain uninitialized memory.
Reviewed-on: https://gerrit.openafs.org/15917
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit ac602a0a56)
Change-Id: I00245c12993683eb3b58d51cf77742f758bac120
Reviewed-on: https://gerrit.openafs.org/15938
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10396
After the preceding commits, the data returned by the VIOCGETAL
pioctl (a RXAFS_FetchAcl wrapper) will safely be NUL-terminated.
However, the callers that attempt to parse the ACL string make
assumptions that the returned data will be properly formatted,
and implement a "skip to next line" functionality (under various
names) that blindly increments a char* until it finds a newline
character, which can read past the end of even a properly
NUL-terminated string if there is not a newline where one is
expected.
Adjust the various "skip to next line" functionality to keep
the current string pointer at the trailing NUL if the end of the
string is reached while searching for a newline.
Reviewed-on: https://gerrit.openafs.org/15916
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit a4ecb05054)
Change-Id: Id2d8c0164cfaa7d03a9e37b29ff58b88cf815483
Reviewed-on: https://gerrit.openafs.org/15937
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10396
Supplement the previous commit by additionally verifying that
the returned ACL string occupies the entire XDR opaque, rejecting
any values returned that have an internal NUL prior to the end
of the opaque.
Reviewed-on: https://gerrit.openafs.org/15915
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 7e13414e8e)
Change-Id: I107f89e3d8a5c3c5cd67f6296742bfca7cace0e1
Reviewed-on: https://gerrit.openafs.org/15936
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10396
Analogously to how a call to RXAFS_StoreACL() with a malformed
ACL string can cause a fileserver to perform invalid memory operations,
a malformed ACL string returned in response to a call to RXAFS_FetchACL()
can cause a client to perform invalid memory operations.
Modify all the in-tree callers of the RPC to verify that the ACL
data, which is conveyed as an XDR 'opaque' but whose contents
are actually expected to be a string, is a valid C string. If
a zero-length opaque or one without a trailing NUL is received,
treat that as an error response from the fileserver rather than
returning success.
The Unix cache manager's pioctl handler already has logic to cope with a
zero-length reply by emitting a single NUL byte to userspace. This
special-casing seems to have been in place from the original IBM import,
though it does so by confusingly "skipping over" a NUL byte already put
in place. For historical compatibility, preserve that behavior rather
than treating the zero-length reply as an error as we do for the other
callers. It seems likely that this location should treat a zero-length
reply as an error just as the other call sites do, but that can be done
as a later change.
Reviewed-on: https://gerrit.openafs.org/15914
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 0b1ccb0dbc)
Change-Id: Ifbce762d76641f08b5fc5e79b4c8dad07c1a135a
Reviewed-on: https://gerrit.openafs.org/15935
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10396
Currently in SRXAFS_StoreACL, if CallPreamble() or check_acl() fail, we
will jump to Bad_StoreACL, which will pass the ACL string from the
client to osi_auditU. Since check_acl() hasn't yet checked if the given
ACL contains a NUL byte, the ACL may be an unterminated string. If
auditing is enabled, this can cause garbage to be logged to the audit
log, or cause the fileserver to crash.
To avoid this, set 'rawACL' to NULL at first, only setting it to the
actual ACL string after check_acl() has succeeded. This ensures that all
code accessing 'rawACL' is guaranteed to be using a terminated string.
This may mean that we pass a NULL AUD_ACL to osi_auditU. Our auditing
code explicitly checks for and handles handles NULL strings, so this is
fine.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15913
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c9eae1e8b2)
Change-Id: Ieda6f910d875c4b5179011e5e93e5694d3f4ce47
Reviewed-on: https://gerrit.openafs.org/15934
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10396
Change our StoreACL implementation to refer to the 'AccessList' argument
via a new local variable called 'rawACL'. This makes it clearer to
users that the data is a string, and makes it easier for future commits
to make sure we don't access the 'AccessList' argument in certain
situations.
Update almost all users in StoreACL to refer to 'rawACL' instead of
'AccessList'. Change the name of 'AccessList' to 'uncheckedACL' to make
sure we don't miss any users. Update our check_acl() call to use
'uncheckedACL' (and not 'rawACL'), because it must use an AFSOpaque to
check the ACL.
Change RXStore_AccessList() and printableACL() to accept a plain char*
instead of a struct AFSOpaque.
This commit should not incur any noticeable behavior change. Technically
printableACL() is changed to run strlen() on the given string, but this
should not cause any noticeable change in behavior:
This change could cause printableACL() to process less of the string
than before, if the string contains a NUL byte before the end of the
AFSOpaque buffer. But this doesn't matter, since the all of our code
after this treats the ACL as a plain string, and so doesn't look at any
data beyond the first NUL. It's not possible for printableACL() to
process more data than before, because check_acl() has already checked
that the ACL string contains a NUL byte, so we must process
AFSOpaque_len bytes or fewer.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15912
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit eb8b93a971)
[1.8: printableACL() does not exist in this branch.]
Change-Id: I65b518acab26be0bb1854c29e46c90e5fee52d41
Reviewed-on: https://gerrit.openafs.org/15933
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10396
In acl_Internalize_pr(), each line in an ACL granting rights (positive
or negative) is sscanf()'d with "%63s\t%d\n", and then we try to
advance 'nextc' beyond the next newline character.
However, sscanf()'ing "%63s\t%d\n" does not guarantee that there is a
newline in the given string. Whitespace characters in sscanf() are not
matched exactly, and may match any amount of whitespace (including
none at all). For example, a string like "foo 4" may be parsed by
sscanf(), but does not contain any newlines.
If this happens, strchr(nextc, '\n') will return NULL, and we'll
advance 'nextc' to 0x1, causing a segfault when we next try to
dereference 'nextc'.
To avoid this, check if 'nextc' is NULL after the strchr() call, and
return an error if so.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15911
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 96ab2c6f8a)
Change-Id: I666dfb2c401410865c1f98d9db1b342b52c8f628
Reviewed-on: https://gerrit.openafs.org/15932
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10396
The early parsing code in acl_Internalize_pr() tries to advance
'nextc' to go beyond the first two newlines in the given ACL string.
But if the given ACL string has no newlines, or only 1 newline, then
'nextc' will point beyond the end of the ACL string, potentially
pointing to garbage.
Intuitively, it may look like the ACL string must contain at least 2
newlines because we have sscanf()'d the string with "%d\n%\d".
However, whitespace characters in sscanf() are not matched exactly
like non-whitespace characters are; a sequence of whitespace
characters matches any amount of whitespace (including none). So, a
string like "1 2" will be parsed by "%d\n%d\n", but will not contain
any newline characters.
Usually this should result in a parse error from acl_Internalize_pr(),
but if the garbage happens to parse successfully, this could result in
unrelated memory getting stored to the ACL.
To fix this, don't advance 'nextc' if we're already at the end of the
ACL string.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15910
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 35d218c1d1)
Change-Id: I7a7d136676e548adba5fa8d0003b5f8342332a86
Reviewed-on: https://gerrit.openafs.org/15931
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10396
Currently, we don't free 'newACL' if acl_Internalize_pr() fails. If
acl_Internalize_pr() has already allocated 'newACL', then the memory
associated with newACL will be leaked. This can happen if parsing the
given ACL fails at any point after successfully parsing the first
couple of lines in the ACL.
Change acl_FreeACL() to make freeing a NULL acl a no-op, to make it
easier to make sure the acl has been freed.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15909
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f4dfc2d718)
Change-Id: If1554aa899542761ec6e6611394f2ee4f9379f22
Reviewed-on: https://gerrit.openafs.org/15930
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10396
Currently, the fileserver treats the ACL given in RXAFS_StoreACL as a
string, even though it is technically an AFSOpaque and could be not
NUL-terminated.
We give the ACL opaque/string to acl_Internalize_pr() to parse, which
will run off the end of the allocated buffer if the given ACL does not
contain a '\0' character. Usually this will result in a parse error
since we'll encounter garbage, but if the partially-garbage ACL
happens to parse successfully, some uninitialized data could make it
into the stored ACL.
In addition, if the given ACL is an opaque of length 0, we'll still
give the opaque pointer to acl_Internalize_pr(). In this case, the
pointer will point to &memZero, which happens to contain a NUL byte,
and so is treated like an empty string (which is not a valid ACL). But
the fact that this causes no problems is somewhat a coincidence, and
so should also be avoided.
To avoid both of these situations, just check if the given ACL string
contains a NUL byte. If it doesn't, or if it has length 0, refuse to
look at it and abort the call with EINVAL.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15908
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit e15decb318)
Change-Id: I0f447310db5a988b21e19bb5158bb564d4ea3d94
Reviewed-on: https://gerrit.openafs.org/15929
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10394
Currently, we only throttle PAG creation in afs_setpag(). But there
are several callers that call setpag() directly, not via afs_setpag;
notably _settok_setParentPag in afs_pioctl.c. When setpag() is called
with a PAG value of -1, it generates a new PAG internally without any
throttling. So, those callers effectively bypass the PAG throttling
mechanism, which allows a calling user to create PAGs without any
delay.
To avoid this, move our afs_pag_wait call from afs_setpag() to
afs_genpag(), which all code uses to generate a new PAG value. This
ensures that PAG creation is always throttled for unprivileged users.
FIXES 135062
Reviewed-on: https://gerrit.openafs.org/15907
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 0358648dbe)
Change-Id: I7f8f475a913c6f62ca2c7a6fb00239e51a8a8c62
Reviewed-on: https://gerrit.openafs.org/15928
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
CVE-2024-10394
Currently, several areas in the code call genpag() to generate a new
PAG id, but the signature of genpag() is very limited. To allow for
the code in genpag() to return errors and to examine the calling
user's credentials, introduce a new function, afs_genpag(), that does
the same thing as genpag(), but accepts creds and allows errors to be
returned.
Convert all existing callers to use afs_genpag() and to handle any
errors, though no errors are ever returned in this commit on its own.
To ensure there are no old callers of genpag() left around, change the
existing genpag() to be called genpagval(), and declare it static.
FIXES 135062
Reviewed-on: https://gerrit.openafs.org/14090
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f701f704c7)
Change-Id: I675d6cb111ca74638a3b856a3c989dcb2fe6d534
Reviewed-on: https://gerrit.openafs.org/15927
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
In commit:
'Linux 6.5: Replace generic_file_splice_read' (0e06eb78f2)
we check the version of Linux to determine to use the newer
filemap_splice_read() or the older generic_file_splice_read().
openSUSE 15.6 uses a Linux 6.4 kernel, but is also including the
Linux 6.5 commit:
'splice: Remove generic_file_splice_read()' (c6585011bc)
When this commit included in Linux 6.4, the kernel module fails to
build.
In order to handle the case where Linux distributions are including the
(c6585011bc) commit in earlier kernels, we need to see if
generic_file_splice_read() is present; if not, we should use the newer
filemap_splice_read().
With the (0e06eb78f2) commit there was a preference for using
generic_file_splice_read() over filemap_splice_read() until Linux 6.5
(which contained additional updates surrounding filemap_splice_read()).
See the (0e06eb78f2) commit for additional details.
With this commit, we are still preferring generic_file_splice_read()
when it is available on kernels less than Linux 6.5.
Reviewed-on: https://gerrit.openafs.org/15846
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
(cherry picked from commit 8d4d197f0a)
Change-Id: I900a30d8090b06e23c6b7f2daced3a9533a02d1b
Reviewed-on: https://gerrit.openafs.org/15858
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The grammar.y file uses a series of strcat's to build the accesslist
from the parsed tokens. There is no checking to see if the result
exceeds the size of the output buffer.
Replace the strcpy/strcat's with a simple snprintf that concatenates
the tokens, and check to see if the snprintf failed.
If there was an error concatenating the tokens, emit a message.
NOTE: With --enable-checking a build error occurs on an Ubuntu 24.04
system, where the default _FORTIFY_SOURCE is set to 3 (hardened). The
build produces the following:
...
inlined from ‘yyparse’ at ./grammar.y:130:26:
/usr/include/.../string_fortified.h:130:10: error: ‘__builtin___strcat_chk’ writing 2 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
130 | return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest));
...(repeated for the other uses of strcat)...
The build error can be duplicated by setting _FORTIFY_SOURCE to 3.
Reviewed-on: https://gerrit.openafs.org/15845
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit 00b31c7bae)
Change-Id: If5dcf75098443e03e9c843039f22e8b414c34d66
Reviewed-on: https://gerrit.openafs.org/15857
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
A prior commit:
"opr: replace MIN/MAX macros with opr_min/opr_max"
(Change I2d7b54193ec91f7ead9c5c5f714d9a8bc7533bf7)
replaced all uses of the MIN and MAX macros with opr_min and opr_max.
As a cleanup and to resolve a failure when building the Linux kernel
module with Linux 6.11, remove all the defines for MIN and MAX.
The Linux 6.11 commit:
'minmax: make generic MIN() and MAX() macros available everywhere'
(1a251f52cf)
standardized and consolidated the definitions of the MIN and MAX macros
within the Linux kernel by defining them in an include file that is
widely used already (linux/minmax.h).
With the above Linux commit, the kernel module fails with a redefined
error from the compiler:
"./include/linux/minmax.h:329: error: "MIN" redefined [-Werror]"
Reviewed-on: https://gerrit.openafs.org/15814
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 8e8ee623d1)
[mmeffie: The MIN/MAX macros are still present in the deprecated afsweb
component.]
Change-Id: I096c386682afbf7de07f7bb882ab9442cbdeb13a
Reviewed-on: https://gerrit.openafs.org/15854
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Introduce new macros, opr_min() and opr_max(), to avoid collisions with
existing MIN()/MAX() macros defined elsewhere.
Within OpenAFS, the MIN/MAX macros are defined in the platform specific
param.h include file. This same file is where AFS_{platform}_ENV is
defined, which is used throughout the OpenAFS source to determine which
platform specific headers are to be used. This can lead to collisions
if platform provided headers define MIN or MAX.
Introduce opr_min and opr_max, using the same definitions that have been
used for MIN and MAX. Put the definitions in opr.h, which is already
included in most of the code that uses the MIN or MAX macros.
Replace all uses of MIN and MAX with opr_min and opr_max.
Add or move the include for afs/opr.h as needed.
Note, this commit does not replace the min()/max() macros.
A later commit will remove the defines for MIN and MAX (which will
correct a Linux 6.11 build failure due to a collision).
Reviewed-on: https://gerrit.openafs.org/15813
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit 915c5cff16)
[mmeffie: Add an opr.h include in src/rx/rx.c. The MIN/MAX macros are
still present in the deprecated afsweb component.]
Change-Id: I05fa833e00f31f07af55cebeb00a996a280bdcef
Reviewed-on: https://gerrit.openafs.org/15853
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Since the original IBM code import, the magic number '6' has been used
to specify the number of consecutive lost keepalives (ping acks) that
indicate a dead connection. By implication, this also defines the
minimum number of seconds (at the minimum keeplive periodicity of 1
second) before a connection may be considered dead.
Define and use symbolic names for both uses of '6', and document their
relationship. Both have the same assigned value '6', but
RX_PINGS_LOST_BEFORE_DEAD is use as an ordinal count, while
RX_MINDEADTIME is expressed in units of seconds.
The magic number '12' is used in a couple of places for the default
value of rx_connDeadTime. Give this constant a name
(RX_DEFAULT_DEAD_TIME) and use it.
No functional change is incurred by this commit.
Reviewed-on: https://gerrit.openafs.org/14621
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit b4a4a2ae9c)
Change-Id: I87c2de0c1a14a9414a86e6fc0744139a120fbab9
Reviewed-on: https://gerrit.openafs.org/15852
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
With Linux 6.10 commit:
"kbuild: turn on -Wextra by default" (f5982cceb3)
there are additional compiler warnings that can turn
into build errors when --enable-checking is used.
"error: ‘inline’ is not at beginning of declaration
[-Werror=old-style-declaration]"
The error is due to the return type preceding the "inline" keyword
in function declarations.
Fix the declarations for file_can_read_pages() and
afs_linux_readpage_fastpath() to have the proper ordering of the
static/inline keywords attributes so they precede the return type.
Just a note that the `static` and `inline` keywords must precede a
function's return type.
Reviewed-on: https://gerrit.openafs.org/15768
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit 7097eec17b)
Change-Id: Ifce9c6b0b110788a054f0bad6066505e4bd86d40
Reviewed-on: https://gerrit.openafs.org/15800
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
With Linux 6.10 commit:
"kbuild: turn on -Wextra by default" (f5982cceb3)
there are additional compiler warnings that can turn
into build errors when --enable-checking is used.
"error: suggest braces around empty body in an ‘if’
statement [-Werror=empty-body]"
when there is an empty body, e.g.
if (foo)
;
Most cases are due to the macros afs_PutCell and afs_PutServer which are
"empty" macros.
Update the afs_PutCell and afs_PutServer macros so they expand to
do {} while(0)
Add a comment at the definitions for afs_PutCell and afs_PutServer to
document the reason for keeping them.
Add braces to conditionals that have an empty body.
There are no functional changes with this commit.
Reviewed-on: https://gerrit.openafs.org/15766
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit d8b56f2199)
Change-Id: I0617aeba36b638ae36678043216e2b4c145921b7
Reviewed-on: https://gerrit.openafs.org/15799
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The Linux 6.10 commit:
"x86/syscall/compat: Remove ia32_unistd.h" (e2d168328e)
Removed the header ia32_unistd.h since it was just a wrapper for the
unistd_32_ia32.h.
The commit:
"linux-afs-translator-xen-20060731" (29dd792381)
added an ia32_unistd.h include to several files; all were not needed
(as they didn't reference any of the contents from the header file, e.g
_NR_ia32_*).
The commit:
"amd64-hook-ia32-table-20030519" (831e172463)
added an include for ia32_unistd.h to osi_module.c.
A later commit:
"osi-probe-syscall-20050129" (f126dbdbe2)
removed many of the references to defines from ia32_unistd.h, but did
not remove the include for the header.
Currently the only remaining files (linux-kernel-syscall-probe.m4,
LINUX/osi_probe.c and LINUX/osi_syscall.c) continue to reference the
items from ia32_unistd.h, but only when building older kernels that
either don't have LINUX_KEYRING_SUPPORT or when
ENABLE_LINUX_SYSCALL_PROBING is enabled (in both cases, these are only
applicable for older kernels where the asm/ia32_unistd.h file would be
present).
For the files that don't have references (i.e. _NR_ia32_*), we can
simply remove the include for asm/ia32_unistd.h. For the remaining set
of files, we can leave the include for asm/ia32_unistd.h since the code
already has preprocessor conditionals so it's only included for older
Linux kernels where the header file will be present.
We noted above, the include for asm/ia32_unistd.h is already conditional
on the checks for LINUX_KEYRING_SUPPORT and ENABLE_LINUX_SYSCALL_PROBING
so we do not need to add any additional configure checks.
Reviewed-on: https://gerrit.openafs.org/15763
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit 03b280649f)
Change-Id: Ifdd7c831e46796a3c3f1f80c973f4319dc791ecc
Reviewed-on: https://gerrit.openafs.org/15798
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The Linux 6.10 commit:
"mm: vmalloc: enable memory allocation profiling" (88ae5fb755)
changed vmalloc from a function to a wrapper macro.
This change results in build errors:
"error: implicit declaration of function ‘vmalloc’; did you mean
‘kmalloc’? [-Werror=implicit-function-declaration]"
when vmalloc is passed as a parameter to the afs_atomlist_create() and
afs_lhash_create() functions.
Add a little wrapper function around vmalloc() to use for the parameter
to afs_atomlist_create() and afs_lhash_create().
Note: A configure test was not needed for this change since the name
and functionality of Linux's vmalloc did not change.
Reviewed-on: https://gerrit.openafs.org/15765
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
(cherry picked from commit 658942f279)
Change-Id: Iece75aea9c8dbc072e1dfa83cf82aee88ac647dd
Reviewed-on: https://gerrit.openafs.org/15797
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The Linux 6.10 commit:
"mm: remove page_cache_alloc()" (3f2ae4ebd5)
removed the page_cache_alloc(), with a note that callers would be using
filemap_alloc_folio instead.
The function filemap_alloc_folio() was introduced in Linux 5.15 commit:
"mm/filemap: Add filemap_alloc_folio" (bb3c579e25)
Add a configure check for filemap_alloc_folio and update the function
afs_linux_read_cache() to use a wrapper that calls filemap_alloc_folio()
if available otherwise calls page_cache_alloc().
Minor whitespace/style cleanup
Note: The function filemap_alloc_folio() was introduced in Linux 5.15,
so this change affects builds using the Linux kernel 5.15 and later.
Reviewed-on: https://gerrit.openafs.org/15764
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
(cherry picked from commit 0f6a3a402f)
Change-Id: Iabb894a606816e8ae43a4a8028ac054cc643f84f
Reviewed-on: https://gerrit.openafs.org/15796
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Update version strings for the 1.8.12 release.
Add final updates to NEWS.
Change-Id: I88fa115c20fc412541b00ed48b411e09785710f2
Reviewed-on: https://gerrit.openafs.org/15783
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Update version strings for the first 1.8.12 prerelease.
Change-Id: I0a314eb7d96183c40c995b9415aaf1c679defee5
Reviewed-on: https://gerrit.openafs.org/15759
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit aed4a0c4b9 "afs: avoid panic in
DNew when afs_WriteDCache fails" introduced Doxygen comments for DNew().
However, due to a cut-and-paste error, the name of the second parameter
is incorrect.
Correct the Doxygen comments.
No functional change is incurred by this commit; it is just
documentation.
Reviewed-on: https://gerrit.openafs.org/15757
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit abb15d449c)
Change-Id: Ie540b13a040ac47bbaa2f753a9bbd21c046d4b49
Reviewed-on: https://gerrit.openafs.org/15758
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
afs_WriteDCache may fail for an IO error, or if interrupted (EINTR).
Unfortunately, DNew will panic in this case, crashing the entire
machine.
In order to avoid an outage in this case, don't panic. Instead, reflect
the error back to the caller of DNew.
While here, add Doxygen comments to DNew.
Reviewed-on: https://gerrit.openafs.org/13804
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit aed4a0c4b9)
Change-Id: I634ce4b3c7c8b6029c5236b51f6ab8c0a5463ce9
Reviewed-on: https://gerrit.openafs.org/15744
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit 0284e65f97 'dir: Explicitly state
buffer locations for data' changed DNew and DRead to return a return
code. However, the callers of DNew were not modified to check the new
return code. (This commit applied only to the implementations dealing
with AFS directories, in afs/afs_buffer.c and dir/dir.c. The ubik
implmentations of DNew and DRead, dealing with ubik databases, were not
modified.)
Modify all (non-ubik) callers of DNew to check the return code. In
addition, modify code as needed so return codes are properly propagated
to the callers.
While here, add Doxygen comments for AddPage and FindBlobs.
Reviewed-on: https://gerrit.openafs.org/13801
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 6bd94fe29d)
Change-Id: I8d036748fa18365b843a69f2f0710eab31aa723d
Reviewed-on: https://gerrit.openafs.org/15743
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
afs_dir_MakeDir() ignores the return code from afs_dir_Create() for the
'.' and '..' ("dot" and "dotdot") directories. This has been the case
from the earliest implementation (MakeDir() calling Create()) in the
original IBM import.
Instead, check the return codes to prevent the possibility of creating
malformed directories.
Reviewed-on: https://gerrit.openafs.org/13800
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit dcce956df4)
Change-Id: Ib7066ab307fe6ab0e78407566d0fd32bd6827859
Reviewed-on: https://gerrit.openafs.org/15742
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
This reverts commit 432ac5810e (afs:
Remove DFlushDCache()). This also re-adds the caller of DFlushDCache()
removed by commit 4045f3d535
(disconnected-shadow-directory-fixes-20090121), and the prototype
removed by commit 5ad1e6cb90 (dir:
Prototype and function name cleanup).
The removal of the DFlushDCache() call in commit 4045f3d535 seems like
a mistake. If the directory in question has dirty pages in memory, we
need to flush those to the cache before making a copy of the
directory's data, because we read the existing dir's data from the
cache. If we don't flush, afs_MakeShadowDir() might make a copy of the
dcache that is missing updates to the directory blob.
Reviewed-on: https://gerrit.openafs.org/15740
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
(cherry picked from commit 799d789fba)
Change-Id: I3bffab4bae4214503591ac102aba59c7072b39af
Reviewed-on: https://gerrit.openafs.org/15741
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
In the Linux 6.9 commit:
'filelock: split common fields into struct file_lock_core' (a69ce85ec9)
several fields were relocated into a new structure, file_lock_core,
which was added as a member the file_lock structure. The names where
changed (fl_x to flc_x).
Add a configure test to determine if the new members (flc_type, flc_pid,
and flc_flags) are available as part of the file_lock_core structure.
Add static inline getter/setter routines to handle accessing the
flc_type or flc_pid members in the file_lock_core structure, or the
fl_type, fl_pid members in the file_lock structure as appropriate. Add
static inline function to clear FL_SLEEP in the flc_flag in the
file_lock_core structure or the fl_flag in the file_lock structure as
appropriate.
Minor surrounding white space cleanup.
Reviewed-on: https://gerrit.openafs.org/15708
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 9937cce3f3)
Change-Id: I51343e1c2e360b68eabe2cc4069c25948b6c0729
Reviewed-on: https://gerrit.openafs.org/15739
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The rx/perf test can occasionally fail due to the rxperf server not
being fully initialized before the client started. This can cause test
errors, even without changes to the rx code.
C_TAP_VERBOSE=1 make check TESTS="rx/perf"
...
rx/perf
1..4
ok 1 - Started rxperf server
not ok 2 - single threaded client ran successfully
RPC: threads 30, times 1, write bytes 1048576, read bytes...
ok 3 - multi threaded client ran succesfully
ok 4 - Server exited succesfully
FAILED 2 (exit status 1)
Add a routine that waits for the rx_perf server to become available.
Loop several times trying the connection via the rx_perf client, with
a short delay between retries. If the connection cannot be established,
fail the test.
Clean up trailing whitespace on a couple of lines.
Note: This failure was observed in an OpenAFS buildbot worker that
included a make tests, and which would occasionally fail when there was
no rx related code changes. The intermittent failure could be duplicated
on a slower virtual test system, but would not fail on a faster system.
Thanks to mmeffie@sinenomine.net for the 'wait_for_server' contribution.
Reviewed-on: https://gerrit.openafs.org/15676
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit 6ace773fdc)
Change-Id: I75c6cd1e4e724d4803b62e2f74e5307cb8fcb14d
Reviewed-on: https://gerrit.openafs.org/15736
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add the -o (output) option to the rxperf client specify the output file.
If not specified, the output is written to stdout, as before.
Reviewed-on: https://gerrit.openafs.org/15731
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit e6bc50524e)
Change-Id: I94a2f43c70f9cb5236c3ab4c5d2de66906eb68b3
Reviewed-on: https://gerrit.openafs.org/15735
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
When building against a Linux 6.8 kernel, functions that are missing
prototypes or declarations are flagged.
We can add the static attribute to functions that are not referenced
outside of the file that implements them to avoid having these functions
flagged by the compiler.
These functions are flagged due to missing prototypes when building
against a Linux 6.8 kernel (which sets the -Wmissing-declarations and
-Wmissing-prototypes compiler flags as default). Linux 6.8 commit:
'Makefile.extrawarn: turn on missing-prototypes globally' (0fcb70851f).
When building against a kernel with CONFIG_WERROR=y, the build fails.
This is an openafs-1.8.x specific commit.
The function afs_thread_wrapper() in LINUX/osi_misc.c on the master
branch was changed to a static function with commit:
'afs: Drop GLOCK for various Rx calls' (d5e1428a3b)
However this is a larger change than needed to fix the build problem and
the commit could have a significant impact for 1.8.x since it is
changing rx locking. To avoid introducing such a change, just change
the afs_thread_wrapper() to static as a 1.8.x specific commit.
There are no functional changes in this commit.
Change-Id: I4edc61e6a4989c16ccf41b935e205dbf209bf2a5
Reviewed-on: https://gerrit.openafs.org/15727
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The reference to the Linux symbol key_type_keyring uses a weak
attribute to assist in determining if the symbol is exported. This
method was introduced in commit: 'keyring-updated-20080310' (b7fb842b1c)
as a way to detect if the symbol was exported by the Linux kernel. A
later commit: 'linux-keyring-export-check-20090701' (4ca66112c2)
introduced an autoconf test that eliminated the need for using the weak
attribute, but the commit did not remove the attribute.
On a Debian-12 system on ARM64 the use of the weak attribute in this
case causes an error when loading the kernel module:
"ERROR: could not insert 'openafs': Exec format error".
The error is due to the Linux module loader not supporting the
relocation entry type in the openafs kernel module for the
key_type_keyring. Further investigation showed that this problem could
occur with gcc-12 on a ARM64 system (see below for additional
information).
The code in osi_groups.c uses a pointer, __key_type_keyring, to the
key_type_keyring. When this symbol is exported by the Linux kernel, the
loader would resolve the address and __key_type_keyring would contain
the address. If the key_type_keyring symbol was not exported,
__key_type_keyring would be set to NULL (due to the weak attribute
associated with key_type_keyring).
Remove the weak attribute for key_type_keyring when the configure
test, introduced in the 4ca66112c2 commit, determines that the symbol
is exported (EXPORTED_KEY_TYPE_KEYRING is defined). When the symbol
isn't exported (pre Linux 2.6.22), just set the pointer,
__key_type_keyring to NULL.
NOTE:
The load error was reported on the openafs IRC channel by "clarkb"
The problem of loading the openafs kernel module was also observed
on a NixOS system as well, and is described in the NixOS ticket
https://github.com/NixOS/nixpkgs/issues/284501
A Debian-11 system did not have a problem loading the openafs kernel
module. Investigation of the differences between Debian-11 and Debian-12
showed that the problem is due to a series of fixes in the toolchain
(in particular gcc-12) to address 'Cortex-A53 erratum #843419', which
deals with how the ARM64 ADRP instruction is used. With gcc-12, the
code generated uses a R_AARCH64_ADR_GOT for this particular case (which
isn't supported by the Linux kernel module loader). Gcc-11 created a
R_AARCH64_ABS64 relocation entry type for the symbol.
Reviewed-on: https://gerrit.openafs.org/15668
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 2f260825b9)
Change-Id: Ifce08cb01f0b642ee9c2d90480b8a1766dfc52ff
Reviewed-on: https://gerrit.openafs.org/15728
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The Linux 6.8 commit 'string: Remove strlcpy()' (d26270061a) removed the
the strlcpy function from the Linux kernel. The replacement function,
strscpy(), cannot be used as a drop-in replacement as its currently a
Linux kernel specific function and there are differences in the returned
value.
We can use roken's strlcpy() (provided in roken/strlcpy.c).
Create a configure test to that defines its own strlcpy() to test
if the kernel doesn't provide one itself. Note, we need to use a
different function signature for strlcpy() from what the kernel might
have otherwise the test build succeeds when the kernel does provide a
strlcpy().
Update the OpenAFS kernel specific roken.h to define the prototype for
strlcpy when it's not present in the Linux kernel. We need to match the
defines used in the 'real' roken.h so the roken/strlcpy.c can build
properly. Add defines for ROKEN_LIB_FUNCTION, ROKEN_LIB_CALL and
ROKEN_LIB_VARIABLE to the kernel roken.h
Update Linux's osi_machdep.h to include roken.h so the strlcpy protoype
is available.
Update the Linux MakefileProto to include the strcpy-kernel object
when building the kernel module.
Reviewed-on: https://gerrit.openafs.org/15646
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 30b18c1657)
Change-Id: I8013623e8f735d15bb7d4ac84ed0867f12b77783
Reviewed-on: https://gerrit.openafs.org/15706
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The Linux 6.8 commit 'sysctl: Remove the now superfluous sentinel
elements from ctl_table array' (c8a65501d3) was a clean up commit
that removed the sentinel entry in the ctl_table array (e.g. the
"null" entry at the end of the table).
As of Linux 6.8, including the sentinel entry (.procname =) in the
ctl_table is unnecessary, but doesn't yet break anything. But it is
likely that including the sentinel will start to cause runtime errors in
future Linux versions very soon, so avoid the sentinel when we can, to
avoid possible problems in the future.
Define a new macro that can be used as the last entry of a ctl_table
that will either add a "null" entry, or nothing.
There is not a specific build test we can use within configure, so we
must explicitly test the Linux version to decide if we need to use a
sentinel or not when defining the macro. We are selecting 6.8 to match
the version where the Linux kernel is removing the sentinels from the in
kernel filesystems.
Note: See the Linux merge commits 'Merge tag 'sysctl-6.8-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux' (a05aea98d4)
for more details behind the staged removal of the sentinels in the
ctl_table structures and the potential future change for removing the
actual check for the sentinel within the Linux kernel.
Reviewed-on: https://gerrit.openafs.org/15645
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 35c8c1bf0b)
Change-Id: I34cb7586003e10a6c7438d7205123d57af30585e
Reviewed-on: https://gerrit.openafs.org/15705
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Linux 6.8 commit 'dentry: switch the lists of children to hlist'
(da549bdd15) replaces the dentry lists d_subdirs/d_child with the hlist
d_children/d_sib.
Add an autoconf test for a d_children member in the dentry structure.
Define a macro that uses the applicable Linux function for iterating
over a dentry's children.
Reviewed-on: https://gerrit.openafs.org/15632
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 8e0bbe6a07)
Change-Id: Ief4c334c4ef3e54822e068dcdf654541e86b9176
Reviewed-on: https://gerrit.openafs.org/15704
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The function {PKG}_OpCodeStats() is generated by rxgen, however a
prototype for the function is not generated.
The functions h_ProcMainBody_setup() and h_HeadofOldStyleProc_setup()
in rpc_parse.c emit prototypes for {PKG}_ExecuteRequest() and
{PKG}_TranslateOpCode(), but do not emit a prototype for
{PKG}_OpCodeStats().
Update rxgen to emit a function prototype for {PKG}_OpCodeStats() in the
generated header file.
Use a variable to point to "PackagePrefix[PackageIndex]" in
h_ProcMainBody_setup to improve readability.
{PKG}_OpCodeStats(), specifically RXSTATS_OpCodeStats(), is flagged due
to a missing prototype when building against a Linux 6.8 kernel (which
sets the -Wmissing-declarations and -Wmissing-prototypes compiler flags
as default). Linux 6.8 commit: 'Makefile.extrawarn: turn on
missing-prototypes globally' (0fcb70851f). When building against a
kernel with CONFIG_WERROR=y, the build fails.
Reviewed-on: https://gerrit.openafs.org/15631
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 26bb4d143b)
Change-Id: I9072d22d142b5b7a2f59b0cfc4026066ef1d9501
Reviewed-on: https://gerrit.openafs.org/15703
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Ever since commit 5c77a6ca (rxgen: add *TranslateOpcode functions to
XDR code), rxgen generates a PKG_TranslateOpCode function in the
relevant .xdr.c source, which can translate an RPC opcode into the RPC
name. But we never declare this function in a header file, making it
impossible to use without compiler warnings (unless the caller
declares the function itself).
To make it possible to actually use this function, declare this
function in the generated header file.
Reviewed-on: https://gerrit.openafs.org/14871
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 9b2c27fc6d)
Change-Id: I2479ff7f6579769b3319b2939ffde60fe570c880
Reviewed-on: https://gerrit.openafs.org/15702
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
When building against a Linux 6.8 kernel, functions that are missing
prototypes or declarations are flagged.
We can add the static attribute to functions that are not referenced
outside of the file that implements them to avoid having these functions
flagged by the compiler.
These functions are flagged due to missing prototypes when building
against a Linux 6.8 kernel (which sets the -Wmissing-declarations and
-Wmissing-prototypes compiler flags as default). Linux 6.8 commit:
'Makefile.extrawarn: turn on missing-prototypes globally' (0fcb70851f).
When building against a kernel with CONFIG_WERROR=y, the build fails.
There are no functional changes in this commit.
Reviewed-on: https://gerrit.openafs.org/15626
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 55adceba2d)
Change-Id: I1b2a6e1c07bd4b75b7b83e177f17865eb903e488
Reviewed-on: https://gerrit.openafs.org/15701
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
When building against a Linux 6.8 kernel, functions that are missing
prototypes or declarations are flagged.
We can add the static attribute to functions that are not referenced
outside of the file that implements them to avoid having these functions
flagged by the compiler.
These functions are flagged due to missing prototypes when building
against a Linux 6.8 kernel (which sets the -Wmissing-declarations and
-Wmissing-prototypes compiler flags as default). Linux 6.8 commit:
'Makefile.extrawarn: turn on missing-prototypes globally' (0fcb70851f).
When building against a kernel with CONFIG_WERROR=y, the build fails.
There are no functional changes in this commit.
Reviewed-on: https://gerrit.openafs.org/15625
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit efee796f28)
Change-Id: I0d923a65731f825d6c190056b0ccc3d362236706
Reviewed-on: https://gerrit.openafs.org/15700
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
When the function rxfs_storeInit() has the static attribute, gcc flags
the variable 'ops' as possibly uninitialized.
In function 'afs_CacheStoreDCaches',
inlined from 'afs_CacheStoreVCache' at
.../src/afs/afs_fetchstore.c:630:14:
.../afs/afs_fetchstore.c:535:17: error: 'ops' may be used
uninitialized [-Werror=maybe-uninitialized]
535 | code = (*ops->destroy)(&rock, code);
| ~^~~~~~~~~~~~~~
...src/afs/afs_fetchstore.c: In function 'afs_CacheStoreVCache':
...src/afs/afs_fetchstore.c:567:22: note: 'ops' was declared here
567 | struct storeOps *ops;
| ^~~
cc1: all warnings being treated as errors
This is a false positive report by the gcc compiler.
The function rxfs_storeInit() returns a 0 only when it has successfully
assigned a value to the ops variable, and afs_CacheStoreDcaches() is
only called if the return value from rxfs_storeInit() is 0.
The ops variable is only used within a block that is within a for loop,
which could leave a stray value if the variable isn't initialized within
that loop.
Assigning a NULL to ops is sufficient to avoid the compiler error, and
relocating the declaration of the ops variable into the block where it
is actually used ensures that it's always initialized before its use
within the loop.
Clean up whitespace in the statement that follows the new location for
the ops variable.
Note, this commit is being added before a commit that adds the static
attribute to the rxfs_storeInit() function which also "fixes" the
compiler error (see: afs: Add static attribute to internal functions).
Reviewed-on: https://gerrit.openafs.org/15630
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 36e4c02ff2)
Change-Id: I9d8a07e576c6bf889f8f182c6fc0d34dc997c004
Reviewed-on: https://gerrit.openafs.org/15699
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The prototype for rxk_NewSocketHost() is not in a header file, but is
defined in the referencing .c file. The ARCH/rx_knet.c files that
implement rxk_NewSocketHost() do not have a prototype (but when the
rx_kcommon.c implementation is used it does have a prototype, since
rx_kcommon.c is the "referencing .c file").
Add the prototype for rxk_NewSocketHost() to rx_prototypes.h and
remove the prototype from rx_kcommon.c
The prototypes for the functions rx_DebugOnOff() and rx_StatsOnOff()
are defined within rx_prototypes.h, but are within a preprocessor
conditional for AFS_NT40_ENV, however the implementation for these
2 functions do not have the preprocessor conditional.
Rearrange the prototypes for rx_DebugOnOff() and rx_StatsOnOff() so they
are outside the AFS_NT40_ENV preprocessor conditional.
These functions are flagged due to missing prototypes when building
against a Linux 6.8 kernel (which sets the -Wmissing-declarations and
-Wmissing-prototypes compiler flags as default). Linux 6.8 commit:
'Makefile.extrawarn: turn on missing-prototypes globally' (0fcb70851f).
When building against a kernel with CONFIG_WERROR=y, the build fails.
There are no functional changes in this commit.
Reviewed-on: https://gerrit.openafs.org/15624
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 8528c36b96)
Change-Id: Ieae8be7f89f5c675c6580d8cfb02ea77ce4088f7
Reviewed-on: https://gerrit.openafs.org/15698
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
