Commit 6c9fe7f80e4b5d9fb21609ee6743470d39dfb8f5 missed one instance
of "code" (as used on the master branch) that should have been changed
to "errorcode" (as used on the 1.6 branch) as part of the cherry-pick.
Fix this so that the right varlue is returned.
This is a 1.6-only change.
Change-Id: I97d9ac5961836843b617bab007d0c4d8bed82fef
Reviewed-on: http://gerrit.openafs.org/11970
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
In the interest of fostering a friendly, welcoming environment
for contributors, institute a code of conduct for the project.
Adapted from the Contributor Covenant.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/11987
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jonathan A. Kollasch <jakllsch@kollasch.net>
Reviewed-by: Thomas L. Kula <kula@tproa.net>
Reviewed-by: Nathaniel Filardo <nwfilardo@gmail.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c6a8739a67edca8a7e987bd1f3d5dcc226ad47a0)
Change-Id: I797bd8256a8509e3b75c8d5cd708fa5edeab64c4
Reviewed-on: http://gerrit.openafs.org/12056
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
In older versions of OpenAFS (prior to 2001), the backupDate was
never set. Try to provide somewhat more reasonable behavior in
this case, by using a different date in that case.
Reviewed-on: http://gerrit.openafs.org/11627
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 34e495d69a8831c57cac2ccf18898e63f02c7745)
Change-Id: Ia8250ed6e699d2ed8e2b5de7481c54ae65b0718c
Reviewed-on: http://gerrit.openafs.org/11826
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
This patch modifies a patch committed as 1e6fb1b7b7, the dumpTimes.to is now
set to creationDate for R/O volumes. The old value copyDate is wrong, if the
R/O volumes is re-cloned. This does not happen with "vos dump -clone", but
may happen with dumping a R/O volume directly: "vos dump <R/O volume>".
Reviewed-on: http://gerrit.openafs.org/11468
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit cb6de07fb8a12199ad0f1c4990f19074a9a54fcc)
Change-Id: I65df02bc4f98d58ba1461d36e79be2f72098ef7c
Reviewed-on: http://gerrit.openafs.org/11825
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Hans-Werner Paulsen <hans@mpa-garching.mpg.de>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Volume dumps can be created from backup volumes, cloned volumes, or
directly from RW volumes. The beginning and end of the time range
covered by the dump is recorded in the DumpHeader. The end time is
based on the type of the volume. Use backupDate for backup volumes,
use copyDate for cloned volumes, and updateDate for RW volumes.
Reviewed-on: http://gerrit.openafs.org/11389
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
(cherry picked from commit 1e6fb1b7b7ed32e2035452db9fc221f38a8b4956)
Change-Id: I7372a1f46b96c4c42fb45b71f0d71017216f3830
Reviewed-on: http://gerrit.openafs.org/11433
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Hans-Werner Paulsen <hans@mpa-garching.mpg.de>
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
CVE-2015-7762:
The CMU/Transarc/IBM definition of rx_AckDataSize(nAcks) was mistakenly
computed from sizeof(struct rx_ackPacket) and inadvertently added three
octets to the computed ack data size due to C language alignment rules.
When constructing ack packets these three octets are not assigned a
value before writing them to the network.
Beginning with AFS 3.3, IBM extended the ACK packet with the "maxMTU" ack
trailer value which was appended to the packet according to the
rx_AckDataSize() computation. As a result the three unassigned octets
were unintentionally cemented into the ACK packet format.
In OpenAFS commit 4916d4b4221213bb6950e76dbe464a09d7a51cc3 Nickolai
Zeldovich <kolya@mit.edu> noticed that the size produced by the
rx_AckDataSize(nAcks) macro was dependent upon the compiler and processor
architecture. The rx_AckDataSize() macro was altered to explicitly
expose the three octets that are included in the computation.
Unfortunately, the failure to initialize the three octets went unnoticed.
The Rx implementation maintains a pool of packet buffers that are reused
during the lifetime of the process. When an ACK packet is constructed
three octets from a previously received or transmitted packets will be
leaked onto the network. These octets can include data from a
received packet that was encrypted on the wire and then decrypted.
If the received encrypted packet is a duplicate or if it is outside the
valid window, the decrypted packet will be used immediately to construct
an ACK packet.
CVE-2015-7763:
In OpenAFS commit c7f9307c35c0c89f7ec8ada315c81ebc47517f86 the ACK packet
was further extended in an attempt to detect the path MTU between two
peers. When the ACK reason is RX_ACK_PING a variable number of octets is
appended to the ACK following the ACK trailers.
The implementation failed to initialize all of the padding region.
A variable amount of data from previous packets can be leaked onto the
network. The padding region can include data from a received packet
that was encrypted on the wire and then decrypted.
OpenAFS 1.5.75 through 1.5.78 and all 1.6.x releases (including release
candidates) are vulnerable.
Credits:
Thanks to John Stumpo for identifying both vulnerabilities.
Thanks to Simon Wilkinson for patch development.
Thanks to Ben Kaduk for managing the security release cycle.
Change-Id: I29e47610e497c0ea94033450f434da11c367027c
On recent Debian, we run into runtime errors in the test suite
because _POSIX_PATH_MAX is only 256, and that buffer is too small
for a call to realpath(). Use PATH_MAX if it's available and larger
than _POSIX_PATH_MAX, in a way that should be safe even when PATH_MAX
is not defined.
Reviewed-on: http://gerrit.openafs.org/11453
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: D Brashear <shadow@your-file-system.com>
(cherry picked from commit ec2382e060753dfdcaf84b9ac03e1534c65fcdbc)
Change-Id: I37222dcb019ed9593a499b84a3e4ab30b8a9cf9c
Reviewed-on: http://gerrit.openafs.org/11588
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Currently we use call->lastSendData to attempt to detect a stalled
call, if it's been too long since the last time the call sent any
data. However, we never initialize lastSendData to anything when
creating a new call.
This means that when rx_NewCall (or rxi_NewCall) returns, lastSendData
can be nonzero. This can happen if we reuse a DALLY call, or if we
pull a call off of rx_freeCallQueue. This can be a time very far in
the past, since the lastSendData time has not changed since the last
time the call was used; it will remain unchanged until a user of the
new call writes something to the call stream.
This can be a problem between the time when a caller creates a new
call with rx_NewCall and when the caller actually writes something to
the stream. Between those two times, if lastSendData happens to be set
to a time in the past, we may call rxi_CheckCall on that call, and
abort the call for being idle. The call will thus be aborted before it
even sent any data on the wire.
This is of particular concern for multi_Rx calls, since those can
create a large number of call structures, possibly introducing a delay
between calling rx_NewCall and writing anything to the stream (if one
of the later rx_NewCall invocations blocks waiting for an open call
channel, for instance, all of the previous allocated calls will stick
around unused for potentially a long time).
One such multi_Rx call is done by the cache manager, where it
periodically uses multi_Rx to call RXAFS_GetCapabilities to probe
fileservers for reachability. If this issue occurs during that
operation you can see a large number of servers get marked down for
code -9 (RX_CALL_IDLE), and then get marked as coming back up.
To fix this, set lastSendData to 0 when resetting a call, along with
most of the other fields in a call, to indicate that the call has
never sent any data. As long as lastSendData is 0, the call will never
get aborted with RX_CALL_IDLE, and this situation will be avoided.
This ensures that this issue cannot happen, since rxi_ResetCall is
guaranteed to be called at some point whenever we reuse a call
structure for any reason.
Reviewed-on: http://gerrit.openafs.org/11557
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 8c78a44cf5197ceee6907e947074973138c442f0)
Change-Id: I1016de366bbd6d3d3cf542b42d7689b60dbacafe
Reviewed-on: http://gerrit.openafs.org/11594
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
If the number of dump times claimed in the volume header was greater
than MAXDUMPTIMES, restorevol would happily write over random stack
memory and crash. Sanity-check the loaded value and cap it to
MAXDUMPTIMES with a warning.
Bug found by Mayhem and reported by Alexandre Rebert.
Reviewed-on: http://gerrit.openafs.org/10025
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit d5fb2c2bdccedbd539cb2629cf918d5f37b82c7b)
Change-Id: I0b4718afd3c3330581ce5da875f9f8a83fe6b132
Reviewed-on: http://gerrit.openafs.org/11553
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The -toname argument was not followed with the vos clone command. The name
of the clone volume was always ".clone".
Reviewed-on: http://gerrit.openafs.org/11431
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
(cherry picked from commit 65ec004ce5fdca7446f65cb70f720a77a861762c)
Change-Id: Iddae8e1531838270e48b8d32ba8d7e82e3441033
Reviewed-on: http://gerrit.openafs.org/11434
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Hans-Werner Paulsen <hans@mpa-garching.mpg.de>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
In various places where we intentionally ignore the return values of system
calls and standard library routines, this changes the way in which we do so,
to avoid compiler warnings when building on Ubuntu 12.10, with gcc 4.7.2 and
eglibc 2.15-0ubuntu20.1.
Reviewed-on: http://gerrit.openafs.org/9980
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 73cad3be0a3489237ab7e66d3b12c52ffb0b67d0)
Change-Id: I934406d67d7409655a7084894fd231c410d72c58
Reviewed-on: http://gerrit.openafs.org/11715
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Print a better diagnostic message for cross-device link errors, which
happens when a clone volume is not in the same partition as the
parent read-write volume.
Reviewed-on: http://gerrit.openafs.org/10850
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit da1597d74a0f56e35a156ec27df231f965934910)
Change-Id: I30cb0e87612732bfbce2c001831324d1a9e54409
Reviewed-on: http://gerrit.openafs.org/11587
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Add a log entry to the volume server to help diagnose those pesky
'Invalid cross-link device' errors returned by vos, which occur when
a clone volume is located in a different partition than the parent
read-write volume, or when a read-only volume is on the incorrect
partition on the server.
With this change, a new log entry is added when the volume server
fails to create a clone or a read-write volume because a volume with
the target volume id already exists on a different partition. For a
clone volume, this would be a different partition than the
read-write volume. For a read-only volume, this would be a different
partition than indicated in the vldb.
Examples:
Volume foobar is on /vicepb, but foobar.backup is incorrectly on
partition /vicepa.
$ vos backup foobar
Failed to clone the volume 536870934
: Invalid cross-device link
VolserLog:
VCreateVolume: volume 536870936 for parent 536870934 found on /vicepa; unable to create volume on /vicepb.
1 Volser: Clone: Couldn't create new volume 536870936 for parent 536870934; clone aborted
...
The vldb indicates a read-only volume should be on /vicepa on a
remote site, but the actual volume is on /vicepb.
$ vos release xyzzy
Failed to create the ro volume: : Input/output error
The volume 536870921 could not be released to the following 1 sites:
mantis /vicepa
VOLSER: release could not be completed
...
VolserLog on mantis:
VCreateVolume: volume 536870922 for parent 536870921 found on /vicepb; unable to create volume on /vicepa.
...
Reviewed-on: http://gerrit.openafs.org/10849
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: D Brashear <shadow@your-file-system.com>
(cherry picked from commit 21a85792c44e2145eea6d10dc31d58028ba933b8)
Change-Id: Ib0a8a12e61948ed45b0b0a87723cac8668c987ff
Reviewed-on: http://gerrit.openafs.org/11586
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Fix a logic bug in fs flushall in which only the first volume in each
hash chain is reset (invalidated). Instead, reset all the volumes in
the volume hash.
This bug was introduced in commit 4197bbecd9d0b2ff0b8eaec75a0df9a64f713cf0
(libafs: fs flushall for unix cm)
Also, when flushing a single volume with fs flushvolume, don't bother
searching all the hash chains, instead start on the hash chain
containing the volume being flushed.
Reviewed-on: http://gerrit.openafs.org/11892
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 82e02157fec248293e7336f0e0b3d1c9da545228)
Change-Id: I5dddbaed265ee1ce5dc14e88e22abcb29d96db58
Reviewed-on: http://gerrit.openafs.org/11894
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
We clearly do not need to modify the format string; declare it const.
This makes the signature of bozo_Log identical to FSLog, which can
make it easier to use these functions interchangeably.
Reviewed-on: http://gerrit.openafs.org/10830
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit ed1b1df3c8acf9a2c5d4dface88ac15dcb8d7a2e)
Change-Id: I29fb3df82866dc8457d92a0b88eb02ae50879db7
Reviewed-on: http://gerrit.openafs.org/11931
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
AFS_FBSD_110_ENV is not defined anywhere, so this conditional
did not behave as expected.
Introduced by me in commit e51d3b13c2b208efe72b584b532a28444633feff
which was apparently not as well tested as it could have been.
Change-Id: I57da8f69ba963b7602092bc524c6435059d8ae12
Reviewed-on: http://gerrit.openafs.org/11944
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Since OpenAFS 1.0 bosserver automatically puts itself into the
background and removes it's controlling terminal. Update the examples in
the Admin and Quick Start Guides to remove the unneeded '&' on the
command line to start the bosserver.
Reviewed-on: http://gerrit.openafs.org/11906
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 4ef47f787a64dc5c8ebb73a454b0851c86d7c06b)
Change-Id: Ife77c07bb5a00244ef346c0eb70782685c2bb2b1
Reviewed-on: http://gerrit.openafs.org/11932
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Update configure version strings for 1.6.14.1. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.14.1.
Switch to 1.6.15 dev 1 for macos.
Change-Id: I733de0ef5d359bffdb7ffe6a7c12cf60f18618c0
Reviewed-on: http://gerrit.openafs.org/11982
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
As long as we avoid using directory aliases when crossing
a mount point (at the volume root), we should always get
to a given non root directory with the same dentry.
The mechanism added by commit de381aa0 ("Linux: Make dir
dentry aliases act like symlinks") is therefore only really
necessary for a volume root.
With kernel 4.2 it is not possible to tweak the "total link
count", resulting in ELOOP errors when looking up a path
with 40 or more directories that are being looked up for
the first time. With this change, only mountpoints will
count against the limit.
Reviewed-on: http://gerrit.openafs.org/11945
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 05f64de7d723a8d5430d9b5928c2025838a6fa52)
Change-Id: I16e855c8322174604288b7d440b342951dd3a015
Reviewed-on: http://gerrit.openafs.org/11989
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The follow_link and put_link operations are revised.
Test for the new signature and adapt the code.
Reviewed-on: http://gerrit.openafs.org/11928
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 6c3ac6dc1ea865153a65b5c5c4f288617a3e6d0f)
Change-Id: I779fe8a29ec75a5db545b5d370927b810c1165c9
Reviewed-on: http://gerrit.openafs.org/11951
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Add a new macro to check the signature of a particular
operation against a provided typed argument list.
One of the arguments is an arbitrary label that is used
to construct the pre-processor define name. This will
allow for testing of different forms for the same
operation.
This can be used to replace many of the remaining odd
checks in src/cf/linux_test4.m4.
Reviewed-on: http://gerrit.openafs.org/11927
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit c2c0b6bc86c6d67814d0f7fe14fa8eefc445b4a4)
Change-Id: Id929412d87bb9fc38b2b599abbe3fddca3cda4b1
Reviewed-on: http://gerrit.openafs.org/11950
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The value is now stored in the nameidata structure which
is private to fs/namei.c, so we can't modify it here.
The effect is that using a path that contains 40+ directories
may fail with ELOOP, depending on which directories in the
path were previously used. After a directory is accessed once
its D_AUTOMOUNT flag is reset and it will no longer count
against the symlink limit in later path lookups.
Reviewed-on: http://gerrit.openafs.org/11926
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 89aeb71a3e23c944f58cfa9572e9eae4d2130d37)
Change-Id: Ib6282f3029c4112c510217eacf270a56d679fccd
Reviewed-on: http://gerrit.openafs.org/11949
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
In another few locations within the Linux portion of the cache
manager, directly use the kernel allocator. We can do so here
because we can guarantee that the amount of memory being allocated
is less than the page size, and there is a kfree() in all of the
exit paths, so we don't need the magic freeing behaviour, either.
Reviewed-on: http://gerrit.openafs.org/4752
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Tested-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 7a70c2907b0435653098a611a140fea1ac0b2fac)
Change-Id: I72fd6a2109022af5e14d90ce147705da7ccec587
Reviewed-on: http://gerrit.openafs.org/11933
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Update version strings for release 1.6.14.
Change-Id: I123d9f764a4b8496e0a85032ec8848e9a46a0428
Reviewed-on: http://gerrit.openafs.org/11974
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
The vlserver ListAttributesN2 RPC permits filtering the result set
by volume name in addition by site or volume id.
Two issues identified by Andrew Deason (Sine Nomine Associates) are
addressed by this patch. First, the size of the volumename[] buffer
is insufficient to store the valid input read over the network. The
buffer needs to be able to store VL_MAXNAMELEN characters of the volume
name, two characters for the regular expression '^' and '$', and the
trailing NUL.
Second, sprintf() is used to write to the buffer and even with valid
input from the caller SVL_ListAttributesN2 can overflow the buffer
when ".backup" and ".readonly" are appended to the volume name. If
there is an overflow the search name is invalid and there can not be
a valid match.
This patch increases the size of volumename[] to VL_MAXNAMELEN+3.
It also uses snprintf() instead of sprintf() and performs error
checking. The error VL_BADNAME is returned when the network input is
invalid.
Reviewed-on: http://gerrit.openafs.org/11969
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Nathaniel Filardo <nwfilardo@gmail.com>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit c9f430fd8f479bbfe28829f7032ecd325a4f833d)
Change-Id: I1b48cc8ed1a52afc36465f2fbd5bfd5345e90c41
Reviewed-on: http://gerrit.openafs.org/11976
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
allow regexes only if the querying user is a superuser.
if the superuser uses up all the resources, well, they could just do
whatever damage directly anyway. means even in unrestricted mode
we are not vulnerable
Reviewed-on: http://gerrit.openafs.org/11968
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 049323e7e03c64f534a73ff452d218f19d5b8132)
Change-Id: I1e3f11bd14b071be69eb6e00c26ea2209596c82a
Reviewed-on: http://gerrit.openafs.org/11975
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
For the interim and until it is needed, this is most prudently
simply disabled.
FIXES 131890
(cherry picked from commit 22481ab3705522ac1988b7de038c4dbc1e5009a9)
Change-Id: I612ea4a1c85fdb895acc6a71801e659869e849c2
Our ngroups management (since PAGs are still encoded as 2 groups) needs
to ensure that we do not overflow what we are prepared to handle,
and do not panic due to misheld mutexes if we have to return an error
when handling it.
FIXES 131878 (CVE-2015-3286)
(cherry-picked from commit 8ce4a3905268385d3f5a0e11f20594875467cae6)
Change-Id: I34a298ab776f69d52c8f621f79aafc79199f9cc4
MRAFS added the FsCmd pioctl for passing messages to the fileserver;
a bug causes it to write into the wrong memory and potentially panic
clients.
FIXES 131896 (CVE-2015-3285)
(cherry picked from commit ef671f497e9161ec2759446d594789495d3346f1)
Change-Id: I1ee1fa7dff1d2594cfe9fab5ae0b7fc9245803de
Avoid leaking data in pioctl interchange buffers; clear the memory
when one is allocated.
FIXES 131892 (CVE-2015-3284)
(cherry picked from commit 592a99d6e693bc640e2bdfc2e7e5243fcedc8f93)
Change-Id: I90fef404978bd7aae3eb88836bcd4f95587fd45c
bos defaults to not requiring crypt in a lot of cases, instead using clear.
As the simplest way to secure the channel is to enable crypt, do so.
FIXES 131782 (CVE-2015-3283)
(cherry picked from commit 62926630a82b8635d1cb1514b852f9f7a2609311)
Change-Id: Ib9e2514c4d14a77eead69677da1dabf86e526ebc
The CPageWrite flag was originally added to prevent a scenario
where a thread doing "writepage" would realize that the cache
was too full and that some of its contents need to be written
back to the server. Before writing back it would ask the OS to
flush any dirty VM associated with the vcache entries that are
to be written, to make sure the data is not stale. This flush
could itself trigger writeback, leading to deadly recursion.
One such scenario is a process doing mmap writes to a file larger
than the cache.
With some kernel versions and some callers of writepage, this
can cause the mapping to be marked as being in an error state,
leading to EIO errors passed back to user space.
Make the recursion check more specific to only bail when the
calling thread is one that was originally seen writing. A list
of current writers is maintained instead of a single state flag.
This lets other threads (like the flusher thread) go on with
writeback to the same file, and limits the WRITEPAGE_ACTIVATE
return case to call sites that can deal with it.
In testing this helps avoid EIO errors when writing large
chunks of data through mmap.
Thanks to Yadav Yadavendra for extensive analysis and testing.
Reviewed-on: http://gerrit.openafs.org/11124
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 95b857399d71cb1f6619e625bff256f8c4c72c6a)
Change-Id: I08ced97c4f58f95375fda2ed9c707cdf7657e493
Reviewed-on: http://gerrit.openafs.org/11877
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
We no longer have to define a ->write operation, and we can't
expect the underlying disk cache filesystem to have one. Use
the new __vfs_read/write helpers that will select the operation
to use based on what's available for that particular filesystem.
Reviewed-on: http://gerrit.openafs.org/11849
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 5c1237432edf4600111845d175c92252430d5f76)
Change-Id: I21bca85637e07d0e03ef471896d0454eeef68a14
Reviewed-on: http://gerrit.openafs.org/11873
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Make the test here a bit more specific. do_sync_read no longer
exists, but we don't use it for new kernels. Trying to define it
here in terms of generic_file_read is not helpful as that doesn't
exist anymore.
Reviewed-on: http://gerrit.openafs.org/11848
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit fcfa5ae2468d878db962a93d6013fcd3042e6c13)
Change-Id: I87bf0fc856d244d15bdae300f0cd6b80ecb63797
Reviewed-on: http://gerrit.openafs.org/11872
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The current version of BreakUpPath is slightly broken, since
commit 4e68282e26b0c4569d25d076d54274f0da47a691 -- it has two
output parameters but takes only one length parameter for the
size of the output buffers passed in. The callers ended up using
the shorter of the buffer lengths in question, so there is not
a risk of a buffer overrun, but long paths would not be properly
handled.
There is not really any need to pass in a length at all, since
what is going on is conceptually strdup, and there is no real
need to use strlcpy at all. Make the change from strlcpy to
str(n)dup, and adjust callers to free the outputs as appropriate.
While here, convert writeFile() to use goto and a cleanup handler
to avoid leaks.
Reviewed-on: http://gerrit.openafs.org/11874
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
(cherry picked from commit b8648dbefb3968329d20cad8976ce15947428678)
Change-Id: I13d4ffd4ef46cbb7423d229cf6a6e85f7a42ecc1
Reviewed-on: http://gerrit.openafs.org/11879
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Windows file paths can use either '\' or '/' as a path
separator. libafscp on the other hand requires '/' and argv[0]
will always use '\'.
Introduce a new function ConvertAFSPath() which converts the
input path to '/' and converts \\afs to /afs. A future commit
should access the registry and make use of the NetbiosName and
MountRoot values to perform the conversion correctly.
Reviewed-on: http://gerrit.openafs.org/8430
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 0bef3159d3698a941154bd21352eb35bd94edb8c)
Change-Id: Id174313afae9c64a27133477e43e13731c0ac6b7
Reviewed-on: http://gerrit.openafs.org/11878
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
clang now expects that strlcpy will always be used to prevent overflow
of the destination string, and gives a warning if the size parameter is
based solely on the length of the source string.
Modify the BreakUpPath function so that it takes the size of the
destination string as an argument, and uses this to limit the amount of
data pasted into it.
Reviewed-on: http://gerrit.openafs.org/7086
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
(cherry picked from commit 4e68282e26b0c4569d25d076d54274f0da47a691)
Change-Id: I31003fa06fc331a6313ca17840dcb46f61299921
Reviewed-on: http://gerrit.openafs.org/11845
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
A = malloc(strlen(B)+ 1);
memset(A, 0, strlen(B) + 1);
strlcpy(A, B, strlen(B) + 1);
can be more simply written as
A = strdup(B);
Doing so also avoids a warning from clang that strlcpy isn't checking
for A overflowing.
Reviewed-on: http://gerrit.openafs.org/7077
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
(cherry picked from commit 1e30c00e7d9b45d65e819d39414939f2d5f7631b)
Change-Id: I886bef77fdedb63d1c83e657c25d112e0a635db2
Reviewed-on: http://gerrit.openafs.org/11844
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
