Allocate new Rx error codes for Idle and Busy calls but do not
send these errors on the wire. They are only intended for local
use.
RX_CALL_IDLE is an indication to an application that requests it
that the rx peer is maintaining an open call channel but has not
sent any actual data for the length of the registered idle dead
timeout.
RX_CALL_BUSY is an indication to an application that requests it
that the rx peer believes the selected call channel is in use by
a pre-existing call.
When either RX_CALL_IDLE or RX_CALL_BUSY are assigned as the call
error and an abort must be sent to the rx peer, the errors are
translated to RX_CALL_TIMEOUT. This is necessary because it is
not possible to add new Rx error values in a method that is safe
for peers that are not expecting them.
This patchset also documents which Rx errors defined in rx.h are
used on the wire and which are not.
The Unix and Windows cache managers are updated to build with
these new error codes.
Change-Id: Ib236f27b88d503c68134534bb069e12dd83537d8
Reviewed-on: http://gerrit.openafs.org/6128
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Purge all regions of the file surrounding the extents which are to be
purged. If a failure occurs on the purge due to an existing mapping, flag
for purge during handle close
Change-Id: Id8ef81afaa614ea08e03bbd55ec2cdded0d7139f
Reviewed-on: http://gerrit.openafs.org/6573
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
An assertion in buf_Recycle() was being triggered when a cm_buf_t
object was supposed to be in the free buffer list but wasn't.
buf_Recycle() was racing with another thread. The test for
refCount == 0 was performed while holding the buf_globalLock
exclusively but the InterlockedDecrement(refCount) in buf_Release()
was performed without holding buf_globalLock at all. buf_globalLOck
must be held at least as a read lock. Otherwise, the refCount can
reach 0 prior to the thread blocking for exclusive access to the
buf_globalLock. This provides buf_Recycle() which is holding
buf_globalLock the opportunity to race.
The solution is to make sure that buf_Release() always holds
buf_globalLock as a read lock and then use buf_ReleaseLocked()
to perform the actual decrement and test.
Change-Id: Ieb67548a7e44fa5f06f9346f428b1edadfc80696
Reviewed-on: http://gerrit.openafs.org/6576
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The daemon thread worker pool has some very poor properties.
The threads spend a significant amount of time polling for
ready to process tasks because so frequently a store/fetch data
request is accompanied by many other requests for the same FID
that would block.
Lets try a new approach. Create one queue for each worker thread
and assign the tasks to a thread by a hash of the FID. This ensures
that all tasks for a single FID are serialized and prevents multiple
threads from attempting to perform the same task only to decide that
the thread would be forced to block.
Change-Id: I1d00ba0df1aa646e05b2cb3cb0796629f2e6d233
Reviewed-on: http://gerrit.openafs.org/6575
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
AFSInitFcb() is executed when the ObjectInformation->Fcb pointer
is NULL. More than one thread can make that determination at the
same time. Use InterlockedCompareExchangePointer() to detect
a race and permit cleanup to be performed.
Remove the output parameter of AFSInitFcb() to avoid a double
assignment.
Change-Id: I3870cccd5cd5e95134446523cce3547a2135d5e3
Reviewed-on: http://gerrit.openafs.org/6562
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Refactor cm_EndCallbackGrantingCall to prevent assigning a
callback to the cm_scache object in the case where it is going
to be discarded. If the race was lost the callback data was
already discarded by cm_RevokeCallback. By assigning and then
discarding we are forced to issue an additional change notification
to the smb client or afs redirector. Not only is this extra work
but the afs redirector notification can result in a deadlock with
a kernel thread that is waiting for the current thread to complete.
modify the function signature to return whether or not a race
was lost with a callback revocation.
rename 'freeFlag' to 'freeRacingRevokes' since that is what
the flag is meant to indicate.
create a new 'freeServer' flag to indicate when the server
reference should be released. There was a leak of server
references when a race occurred.
modify all calls to cm_EndCallbackGrantingCall() that provide
an AFSCallBack structure on input to check for a lost race.
If a race occurs, cm_MergeStatus() should not be performed.
Change-Id: Ib17091ed51a24826bf84d33235125b3ccbbe47d4
Reviewed-on: http://gerrit.openafs.org/6556
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The DirectoryNodeHdr.TreeLock must be obtained before the
DirEntry->NonPaged->Lock. In AFSLocateNameEntry(), the
DirEntry lock is obtained before the TreeLock when processing
a symlink object. For that case obtain the TreeLOCK first.
Drop it if it is not required.
Change-Id: I5b73f98b4bc7fcd5c02b8f255fa2423b52eb4a4d
Reviewed-on: http://gerrit.openafs.org/6558
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The code now queues a work item to perform additional work on extent
processing after a cache invalidation has occurred. This additional work
involves walking the current list of extents and purging/flushing regions of
the system cache based upon the current state of the extent.
Additional changes to filter which invlidation events result in a queued
worker to perform asynchronous work.
Change-Id: I72e4e0bac2caf69e41a095ce8fc4c2e083702b5c
Reviewed-on: http://gerrit.openafs.org/6528
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Assorted fixes for issues seen with parallel builds:
- bucoord must depend on butm, since it uses libbutm
- for most object files in roken and hcrypto, headers must be installed
before building
- remove rules with 2 targets in rxkad and ubik
- budb: add dependencies for db_dump.o
Change-Id: Ide05f223c2f1fe53bff33cb03011ca47bf741c80
Reviewed-on: http://gerrit.openafs.org/6568
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The mkdir and create inode operations have switched to using
umode_t instead of int for the file mode.
Change-Id: Ib8bbf6eaa6e87d6a9692c45b1a3fe93fcc3eff7a
Reviewed-on: http://gerrit.openafs.org/6567
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
A generic macro exists to test for functions in the kernel, use
it for set_nlink.
Change-Id: Iaec2b29e48f500bcf7a1ef80a3f2a1305e5dbb8f
Reviewed-on: http://gerrit.openafs.org/6566
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The intention of this condition is to check if the current call
being considered is the last one on the queue, but the test is
incorrect. A null next pointer indicates a removed item, not
the end of the queue.
Use the queue_IsLast macro instead to correctly determine that
this is the last item in the queue and that a call has to be
selected, either the current one or a previously seen good choice.
This can cause calls to get permanently stuck in the call queue
and never get assigned to a thread, even when all threads are
idle.
Change-Id: Ie44a45734ab25bd3d2be3635c2e8f05857ca935e
Reviewed-on: http://gerrit.openafs.org/6564
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
There have been reports that the memory extent interface which
is used when NonPersistentCache is active can lead to data corruption.
Change-Id: I3a8acae0648a67534e46c73ef1dcbf7f939a558d
Reviewed-on: http://gerrit.openafs.org/6557
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Performance drops off considerably when the number of processors
increases due to lock contention and the cm_SyncOp wait processing.
If the MaxCPUs registry value is not set, limit ourselves to two.
Setting MaxCPUs to zero permits use of all CPUs.
Change-Id: I4bae328ed589811b0ea2a514501a0c1aa74e8015
Reviewed-on: http://gerrit.openafs.org/6555
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Alter the flush delay to 5 seconds from 30 seconds
Alter the purge delay to 300 seconds from 5 seconds
Change-Id: I3f8e79d84582c4015e35d58cf1bedc9a023c0d73
Reviewed-on: http://gerrit.openafs.org/6554
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
If the input path is \afs\ behave as if the path is \afs.
If the input path is \afs\*\ detect the wildcard and return
STATUS_OBJECT_NAME_INVALID.
Change-Id: I0ef4f30fb3b6245a52160b5e7f9233bc5f599485
Reviewed-on: http://gerrit.openafs.org/6553
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
If the root is opened with the FILE_NON_DIRECTORY_FILE option,
fail the request with STATUS_FILE_IS_A_DIRECTORY.
Change-Id: Ic7d29f9032c2a19617276138833938fcf304838e
Reviewed-on: http://gerrit.openafs.org/6552
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
SYNC_FAILED is not an unknown protocol code, so stop saying it is.
Change-Id: I87ce896fe061e6b5bfd3efdbb442281682a3e652
Reviewed-on: http://gerrit.openafs.org/6530
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
In order to dec the relevant special inodes, we need to know the
parent vol id in addition to the vol id itself. Use the appropriate
volume IDs when IH_DEC'ing special inodes after we fail to create the
volume, so we don't leave behind special inodes.
Change-Id: I77cfafac80c49debf46c86faefadd2a586d6f06b
Reviewed-on: http://gerrit.openafs.org/6529
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
if cm_CheckForSingleDirChange() fails, mark the cm_scache_t
bufDataVersionLow as the current data version so that old directory
buffers are discarded.
Change-Id: I8d587a024027e74e66190fdc993564b640993b4c
Reviewed-on: http://gerrit.openafs.org/6498
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
If a file has been deleted, do not attempt to issue RPCs
to the file server in response to AFS redirector extent processing.
All RPCs will fail with VNOVNODE which will in turn trigger invalidation
requests to the AFS redirector which can deadlock.
Change-Id: I85b6b4a0ce619e54df648163392be93761f709f0
Reviewed-on: http://gerrit.openafs.org/6514
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Save the result of the interlocked operations for use in
debug logging. Do not reference the incremented or decremented
object in the log messages, it may have changed.
Local assignment is provided even in functions that are currently
not logging to assist with debugging and as a reminder to use
the result variable in future log messages.
Change-Id: Ia7ed8bf14b204b265e1db7713b96864634a731d7
Reviewed-on: http://gerrit.openafs.org/6508
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
When parsing the AFS mount point string do not overrun
the buffer if the colon cell/volume separator is not
found.
Change-Id: Id7275cc8815223730f7c39bd11a6f495beb117c4
Reviewed-on: http://gerrit.openafs.org/6507
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Hold the TreeLock exclusively across all operations that
enumerate, validate, or otherwise manipulate directory tree
lists or data versions.
Take the data version into account when deciding what to do
with directory data. If a directory enumeration takes more
than one request to service and the DV has changed from the
time the directory snapshop was taken by the service and the
enumeration completion, merge in the changes and then mark
the directory as requiring verification.
If a directory change operation completes (create, rename, remove)
and the directory DV has changed by more than one force a full
directory verification.
Set the directory data version to -1 whenever a directory
verification is required. Otherwise, the check to clear the
VERIFY flag will only update the metadata for the directory.
During a directory verification, if a new entry has been discovered
it is added to the directory. Make sure the VALID flag is set so
that the entry will not immediately be removed as invalid.
Change-Id: I6be8d00126fccf88bde8ae5f97e850dfb9a2f60f
Reviewed-on: http://gerrit.openafs.org/6460
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
This patchset returns the directory data version from AFSCleanup().
It does not do anything with it.
Change-Id: I86ac37f9e237bfec3ea612b896bec4ed7d43d068
Reviewed-on: http://gerrit.openafs.org/6505
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reorganize when open handle counts are decremented in order
to avoid a race with worker threads performing garbage collection.
Change-Id: I07c1c5e80fad48cd3439dbc9c85bd6dff9b9bf44
Reviewed-on: http://gerrit.openafs.org/6504
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
AFS does not impose a restriction on renames of open files.
Failure to permit the rename can cause problems if an anti-malware
service opens the file immediately after the application performing
the rename does so.
Change-Id: Ib23a6a893c5c575e89b8a817faec4c11300a04b7
Reviewed-on: http://gerrit.openafs.org/6503
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Performing a directory enumeration is an expensive operation
that we should be attempting to avoid. The current directory
enumeration and evaluate target requests will use inline bulk
status RPCs to the file server which obtain status for 49 items
at a time from a single directory.
Change-Id: I78e08680fec9715c3c446d0c4c5226cd79db80bd
Reviewed-on: http://gerrit.openafs.org/6502
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
When a mount point, symlink, or dfslink cannot be resolved
return STATUS_REPARSE_POINT_NOT_RESOLVED.
When an operation fails because the volume is readonly, return
STATUS_MEDIA_WRITE_PROTECTED.
Change-Id: Ib35f0d7851c087bf8aa25d4b0138ee72fb6f3c68
Reviewed-on: http://gerrit.openafs.org/6501
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
When closing file handles, do not permit dirty extents to be
released back to the service if the current handle (Ccb) does
not have write permission. The cleanup operation will fail with
STATUS_ACCESS_DENIED, the extents will be released and all of the
dirty data will be discarded.
Change-Id: Iceacf5319147d1bd6277ea160bc67d91f1a49d5b
Reviewed-on: http://gerrit.openafs.org/6500
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
we need opr for comerr, but we don't want it after. build,
then clean up.
Change-Id: I621f36bc5f6db85720b73b33578975d0dd126a18
Reviewed-on: http://gerrit.openafs.org/6525
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
A few changes to allow a "make all ; sudo make install ; make all..."
workflow to work without manually removing files in between.
Make the rebuilding of the h directory dependent on the source
files scanned to build it. This prevents it from being rebuilt
for every "make install".
While we're here, use -f when removing linktest for the clean target.
This allows "make clean" to remove it without prompting when the user
doesn't have write access to the file, as is the case when make install
rebuilds it as root.
Change-Id: I45b34ad41560ef8c905e6be4201fa438a3cc7bc3
Reviewed-on: http://gerrit.openafs.org/6519
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
opr needs a buildtools target for "make generated". Make it install
the headers, which are needed by the other generated targets.
Change-Id: I34faa81fa84407c5e6e1460dc765d0c2ce1ef3e8
Reviewed-on: http://gerrit.openafs.org/6523
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
libjafs is surprisingly close to being buildable. Fix a few misc
things which have bitrotted over the years so it is possible to
actually build:
- Add -I$SRC/config to the cflags, so we can include afsconfig.h
- Remove references to the nonexistant rxkstats.o
- Do not link with UAFS' AFS_component_version_number.o, since this
gives us duplicate version number symbols
- Include afs_vosAdmin.h in Group.c, to satisfy some missing symbols
Change-Id: Ie8da88872288073d080a58ed7fe8c8b52052488e
Reviewed-on: http://gerrit.openafs.org/6524
Reviewed-by: Steven Jenkins <steven@synaptian.com>
Tested-by: Steven Jenkins <steven@synaptian.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
in the event we got a network error, we don't know if the server
completed (or will complete) our operation. we can assume nothing.
a more complicated version of this could attempt to verify that the
state is what we expect it to be, but in extended callbacks universe
this is potentially easier to solve anyway. for now, return the
error to the caller, and mark the vcache unstat'd.
Change-Id: Iafb67f24b89d78b8236660d047da12fce1dd6061
Reviewed-on: http://gerrit.openafs.org/6510
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
we get a conn, check it for eligibility, and if not,
just abandon it. "oops"
Change-Id: Ie3841c19b05a87fb225c3e8124cd485cba3c3648
Reviewed-on: http://gerrit.openafs.org/6516
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Derrick Brashear <shadow@dementix.org>
make enabling and disabling keepalives a public function.
export the function
Change-Id: Ia553d91488511edc0b483d95326f14ac0e315332
Reviewed-on: http://gerrit.openafs.org/6517
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Update the Makefile for src/opr to use $? to reference headers, so objdir
builds work correctly
Change-Id: I3d8e0d885715a1d1bc1578f4e8ce69fe4239bb56
Reviewed-on: http://gerrit.openafs.org/6444
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
it's actually important this be more than the rx call dead time
so timing out server callbacks to clients don't result in us idle deading
a call to the server when callbacks need to be broken
FIXES 130327
Change-Id: Ibe2468edb61f307da9174d2c51cb0ea61c118c56
Reviewed-on: http://gerrit.openafs.org/6497
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
if we're not root, no nat ping at all. fix that.
Change-Id: I7ea4db77b30ba639921b11c4ccad35a2e14133b4
Reviewed-on: http://gerrit.openafs.org/6509
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
The bulk of our code uses 'code = -code' to negate an error code.
Use this, rather than 'code *= -1', as the latter form makes my
head hurt.
Change-Id: I578fbd7c123c37d89ceb1a6373409feb8b619d86
Reviewed-on: http://gerrit.openafs.org/6511
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Use offsetof() to replace a few instances where the same logic is
open coded in set_header_word and inc_header_word macros. In cases
where the field name involves a variable as an index to an array,
newer gcc gives a sequence point warning.
Change-Id: I43e3d6ef6a63b51003496a1beb72c445a9109615
Reviewed-on: http://gerrit.openafs.org/6513
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Newer gcc complains about readmeinode being potentially used
uninitialized. Doesn't look possible in the code, but initialize
it to quiet the warning.
Change-Id: I7172475a64a3bfb90a76c0266d7812d5d42a2c4c
Reviewed-on: http://gerrit.openafs.org/6512
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Reset black-listed servers on a request when retrying due to a
hard-mount retry. When hard-mounts are in effect, a request may
retry indefinitely. If all the servers have been black-listed
due to a transient error, the request may never complete.
Change-Id: I2510f729cbbb21836b139c94e25867118a6ad873
Reviewed-on: http://gerrit.openafs.org/6330
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
VGetFreeVnode_r pulls a vnode off of the vnode LRU, and removes the
vnode from the vnode hash table. In DAFS, we may drop the volume glock
immediately afterwards in order to close the ihandle for the old vnode
structure.
While we have the glock dropped, another thread may try to
VLookupVnode for the new vnode we are creating, find that it is not
hashed, and call VGetFreeVnode_r itself. This can result in two
threads having two separate copies of the same vnode, which bypasses
any mutual exclusion ensured by per-vnode locks, since they will lock
their own version of the vnode. This can result in a variety of
different problems where two threads try to write to the same vnode at
the same time. One example is calling CopyOnWrite on the same file in
parallel, which can cause link undercounts, writes to the wrong vnode
tag, and other CoW-related errors.
To prevent all this, make VGetFreeVnode_r atomically remove the old
vnode structure from the relevant hashes, and add it to the new hashes
before dropping the glock. This ensures that any other thread trying
to load the same vnode will see the new vnode in the hash table,
though it will not yet be valid until the vnode is loaded.
Note that this only solves this race for DAFS. For non-DAFS, the vol
glock is held over the ihandle close, so this race does not exist.
The comments around the callers of VGetFreeVnode_r indicate that
similar extant races exist here for non-DAFS, but they are unsolvable
without significant DAFS-like changes to the vnode package.
Change-Id: I84c5d1bdd29f9e7140e905388b4b65629932c951
Reviewed-on: http://gerrit.openafs.org/6385
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
We can drop GLOCK in several places in afs_icl_Event4 and the
afs_icl_AppendRecord callee. To ensure that the given afs_icl_set does
not get freed while we have GLOCK dropped, grab a reference to the
set.
Thanks to Ryan C. Underwood for reporting an issue triggered by this.
Change-Id: Ifeda229b444abd75b0f22c7acf18a7553d833964
Reviewed-on: http://gerrit.openafs.org/6431
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
