Currently, when we go to the fileserver to fetch some data, we try to
make sure that we do not ask for data beyond the end of the file. For
example, if our chunk size is 1M, and we need to get the first chunk
for a file that is 4 bytes long, we will only ask the fileserver for 4
bytes.
This can cause issues when the file is being extended at the same time
as when we are trying to read the file. Consider the following
example. There is a file named X that has contents "abcd" at dv 1, and
we issue a FetchData64 request for X, only requesting 4 bytes. Right
before the fileserver gets the FetchData64 request, another client
writes the contents "12345" to file X.
The client will then fetch the contents "1234" for that file, at dv 2,
and store that as the contents of the first chunk for file X. On
subsequent reads for file X, applications will now get "1234<NUL>" as
the contents, since the size of the file will be updated to 5, but the
cache manager thinks that "1234" is the correct contents for the first
chunk of X at dv 2. The cache manager will continue to think so until
the cache entry is evicted or invalidated for whatever reason.
To avoid this scenario, always request a full chunk of data if we have
any data to fetch and the file has not been locally truncated. We can
still avoid the fetch at all if it looks like we're fetching beyond
end-of-file, since we know that at least at some point that was
correct information about the file. If this results in us trying to
fetch beyond end-of-file, the fileserver will respond with the correct
length anyway.
We still need to restrict the fetch request length based on
avc->f.truncPos, since the dcache data after avc->f.truncPos needs to
stay empty, since we don't track truncated data any other way. If we
also avoided this restriction, extending a file via truncation after
reducing a file's length via truncation could cause the old file data
to appear again, instead of filling the new file range with NULs.
Note that on at least Linux, with this fix an application can still
read the contents "1234" on the first read in the above example, and
"12345" on subsequent reads. This is just due to when we give the VFS
updates about file metadata, and could be remedied by updating file
metadata immediately from the FetchStatus information from the
FetchData64 call. However, just reading the contents "1234" in the
above example seems like a somewhat plausible outcome; at the very
least, it is an improvement.
Change-Id: I158593502ac96ba2c856a0b5997355a53d4173aa
Reviewed-on: http://gerrit.openafs.org/6882
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
When we truncate a file, we truncate the contents of the relevant
dcache entry chunks, and prevent future FetchData operations from
fetching data beyond the truncation offset. If we never write anything
to that chunk, we never set DWriting, and so on disk it looks like
that dcache entry has valid data for the specified DV. However, since
the data is truncated, this is not true.
If a process holds a file open, truncates it without writing to it,
and then the client crashes (or we have trouble contacting the
fileserver when we close the file), the dcache entry will appear valid
on disk. So the next time we read the dcache entry, we will use the
incorrect cache contents as if they were accurate for the specified
DV.
To avoid this, set DWriting when we truncate a chunk. Normally we only
clear DWriting when we actually send data to the fileserver, so to
clear DWriting in this case, add an additional line to clear it in
afs_StoreAllSegments, after the StoreMini has completed.
Change-Id: Ifc3bfc21712ab37b1f2865ce59fa45bf03811dd8
Reviewed-on: http://gerrit.openafs.org/6937
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
If we get an invalid AFSFetchStatus structure from a server, log a
message to indicate as such. This serves as a warning to urge people
to fix their fileservers, and to explain what is doing.
Change-Id: I33845f6228f96f693dcbfddcee38dae583f1b092
Reviewed-on: http://gerrit.openafs.org/6881
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
We currently do not do any sanity checking on the AFSFetchStatus
structures returned from fileservers. Add some sanity checking for
BulkStatus and FetchStatus calls, so we do not screw up our cache if a
fileserver gives us bogus data.
If we do get an invalid AFSFetchStatus structure, act as if the server
gave us a VBUSY error code, so we will retry the request. For OpenAFS
fileservers prior to 1.6.1 that yield this situation, VBUSY is likely
the error code the fileserver should have responded anyway.
Change-Id: Ie16a5210149b21dd5945380f5d7b6a4d9ee01a72
Reviewed-on: http://gerrit.openafs.org/6880
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Also, fix afsxbsa.h to always include <time.h> since this should get
struct tm on any fairly modern operating system.
Change-Id: Idfb39f12d28a2a0aa470c8549e4149d0b2ccde9e
Change-Id: Ia1c563e5954c533f18bd56155f2ae1825813efe3
Reviewed-on: http://gerrit.openafs.org/6923
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
InlineBulkStatus currently returns 0 unconditionally, no matter what
errors are encountered. If we encounter an error early enough, from
CallPreamble for example, we do not fill in the OutStats nor CallBacks
structures at all. Since we return success anyway, this results in the
client getting AFSFetchStatus structures full of zeroes (or garbage,
before commit 726e1e13ff).
Since current OpenAFS clients do not perform any sanity checks on the
information received, this can result in cache corruption of files
being seen incorrectly as empty, and, before commit 726e1e, more
arbitrary corruption.
So instead, return an error if we encounter an error before we iterate
over the given FIDs. We still of course do not return an error for any
errors encountered during the actual metadata retrieval, as those are
reflected in the individual per-fid status structures.
Change-Id: Icfab4516e510be5f0063ddf9c69f11ab3d511b35
Reviewed-on: http://gerrit.openafs.org/6871
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
As the process is being created, assign the AuthGroup so that
the must up to date information is used to assign AuthGroup
inheritance from Impersonation states and to prevent the parent
process from being destroyed before the AuthGroup is determined.
Change-Id: I176360a589d7f2bcf4b1ededad069424e3ce5393
Reviewed-on: http://gerrit.openafs.org/6927
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Breakup AFSProcessNotify() into AFSProcessCreate() and
AFSProcessDestroy().
Correct inconsistencies with ETHREAD vs ThreadId HANDLE.
Add AFSProcessNotifyEx() and use PsSetCreateProcessNotifyRoutineEx()
to register it on Vista SP1 and above.
Change-Id: I2be85c3e8229883b4e239e1fdba9a65fc704daaa
Reviewed-on: http://gerrit.openafs.org/6926
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
OpenAFS changed the behavior of implicit administrator permission
for directory ownership. In OpenAFS only the volume root directory
owner has implicit administrator permissions and they apply to all
directories in the volume not just those with matching ownership.
Change-Id: I8ca0a8874fe17cf7fc575107bd76efb5dc472b10
Reviewed-on: http://gerrit.openafs.org/6951
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Do not install afs/softsig.h on Windows from src/util
Do not include it in src/viced/viced.c
Change-Id: I8b6dcb1508dcda7da297a0c9a6bfeaf037c40c88
Reviewed-on: http://gerrit.openafs.org/6950
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The cmd/command-t test needs libopr, so give it to it
Change-Id: I74ca08efffb0c0f6245498c9dc0dcf5287915bbd
Reviewed-on: http://gerrit.openafs.org/6949
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Add various connection accessor functions to the export map file for
libafsrpc so they can be used from within RX security layers.
Change-Id: I0b5c75d987aadd6942dcb87fb1b98586bcc9e553
Reviewed-on: http://gerrit.openafs.org/6948
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Since this library could be use anywhere (including a shared library)
it should be built as position independent code.
Change-Id: I9e9c8b5c08e73ce43c04341b1106126f7774c405
Reviewed-on: http://gerrit.openafs.org/6925
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
VNOSERVICE should not be grouped together with the volume status
error codes. It is used to indicate that the RPC was not serviced.
The file server issues it when its idle dead timeout period is reached
while receiving rx call data. The client's existing status information
is still valid and the client can retry the call.
Change-Id: I51e447824366381e740361576c96559f1c4f3fd3
Reviewed-on: http://gerrit.openafs.org/6938
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Add additional logging to handle the case where the afsd_service
returns STATUS_NOT_A_DIRECTORY for eval by id/name.
Change-Id: Ib510fcea6102a92e5e810af5923f06dffbba1ed9
Reviewed-on: http://gerrit.openafs.org/6930
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
If d_make_root is available, use it instead of d_alloc_root.
The helper was introduced in 3.3, and d_alloc_root gets removed
in 3.4.
Change-Id: I39aaa6fd14d04c05ad9cb5b610e7f12f70fe0c94
Reviewed-on: http://gerrit.openafs.org/6931
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
AFS's own ntpd and runntp are obsolete. Remove them from the
documentation, and recommend the OS vendor-supplied NTP instead.
Change-Id: If0cd837aa407eb49049881790e618ccd75ca6e5b
Reviewed-on: http://gerrit.openafs.org/6903
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Use min and max instead of the non-standard MIN and MAX macros.
Commit 64b00c3a1a removed inclusion of
rx_packet.h, which included definitions of MIN and MAX on various platforms.
Change-Id: I3d3c75af375704b8baddd72aec3aecf3c4fd43d7
Reviewed-on: http://gerrit.openafs.org/6924
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
When processing a directory verification, if a change of data
version is detected or if the FileID of a FileName changes,
be sure to invalidate and verify the directory entry. Setting
the verify flag on the parent after updating the directory
entry's metadata does not result in the correct behavior.
Change-Id: Ib24bd71b82964e150a6ce730071106c9cbea0d23
Reviewed-on: http://gerrit.openafs.org/6914
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
the number of things which can return success without succeeding is
truly sad.
Change-Id: Iab3a6ef72afc8075462dfd98548ad7aa3051d40f
Reviewed-on: http://gerrit.openafs.org/6911
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
Some versions of the Solaris Studio compiler on SPARC (at least 12.2
and possibly others, but not 12.3) get a little confused by code like
this:
extern int foo;
int
somefunc(void) {
if (0) return foo;
return 0;
}
When optimization is turned off, this results in an undefined symbol
reference to 'foo' (which is normal), but the resulting object file
lacks a relocation entry for the symbol 'foo', so the symbol remains
undefined after linking. In the OpenAFS tree, this occurs in
afs_daemons.c which references afs_vcount and afs_cacheStats in this
manner due to afsd_dynamic_vcaches being defined as '0' on Solaris.
The end result is that the libafs kernel module is not loadable, since
it complains about afs_vcount and afs_cacheStats being undefined, even
though the symbol definitions are also in the module.
While this is a bug in Solaris Studio and has since been fixed, it is
simple to work around this so we are usable with more compilers. If we
just always declare afsd_dynamic_vcaches as a regular variable, it
works around this issue and keeps the code a tiny bit simpler. So, do
that.
Change-Id: I3f8fc6aafd52487d729289e393fc59dac84d36ea
Reviewed-on: http://gerrit.openafs.org/6888
Tested-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
RX Security Classes have a right to assume that when RXS_PreparePacket
is called that they have exclusive access to the rx_call structure.
Commit e445faa68c unintentionally
failed to acquire the call->lock prior to RXS_PreparePacket being
called.
Change-Id: I5a9dfb2818fa17ba6fc1ab6f76ec5cde602c6f16
Reviewed-on: http://gerrit.openafs.org/6904
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The kernel has a limited pool of memory. If there is no memory
available to satisfy a request, that request will fail initially
with a STATUS_OUT_OF_RESOURCES error which in most cases is exposed
to the user-mode application as STATUS_ACCESS_DENIED. This can
produce inconsistent results.
This patchset introduces an Event object, MemoryAvailableEvent,
which is signalled when the redirector deallocates memory. This
should in many cases permit requests to succeed where they otherwise
would have failed immediately.
The WaitingForMemoryCount field tracks the number of threads that
are waiting for memory to become available. A subsequent patch
could use this value to accelerate the tear down of cached data.
To avoid deadlocks, blocking threads will only wait for a maximum
of 30 seconds at a time. As long as the redirector continues to
free memory, the thread can re-queue itself. However, if a timeout
occurs, the allocation request will fail.
Change-Id: I0aa549be3852b31b68d7b42ecab4ca982c75f6ba
Reviewed-on: http://gerrit.openafs.org/6886
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The data version must be checked and set while the ObjectInformation
DirectoryNodeHdr.TreeLock is held exclusive. Otherwise, it is
possible for a race to occur.
Change-Id: Ia4d94cca1d161062e9d98675976ba8fad5731032
Reviewed-on: http://gerrit.openafs.org/6883
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Currently, volscan ignores the -delim command-line option,
using the hardcoded default. This patch adds processing
for this option, allowing alternative characters.
Corrects an error in a08c320725
Change-Id: I750f2d998cff029fc02556ed0baaaa0ca1c95e08
Reviewed-on: http://gerrit.openafs.org/6894
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The previous setting for three %config files mentioned in the spec file:
%config /etc/sysconfig/openafs
%config %{_prefix}/vice/etc/ThisCell
%config %{_prefix}/vice/etc/cacheinfo
When using an unadorned %config, it's possible that these files will
be replaced by the packaged version during a package update. Changing
%config to %config(noreplace) means that the packaged file will be
installed with the extension .rpmnew if there is already a modified
(from the existing package's version) file with the same name on the
installed machine.
The concern here is that updating an existing system could potentially
change the configuration if the person installing doesn't pay close
attention. The Rule of Least Surprise indicates that we should
try to preserve existing configuration changes whenever possible.
Change-Id: Ie132c12a3c5defe9bf6fec9ec0f8bd08f3d98646
Reviewed-on: http://gerrit.openafs.org/6887
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
Advance only once per realm argument when processing the
realm command line option.
Change-Id: Id3873fbe213f27be673ec0c02a27a032dd33c002
Reviewed-on: http://gerrit.openafs.org/6860
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
The wrong dir object is used to log an error in hpr
initialize.
Change-Id: I4460b541a6458742839b47e8277990f426b233a7
Reviewed-on: http://gerrit.openafs.org/6845
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
if we get success but still no client, don't crash
Change-Id: I6be28ac6ecece3448123a84cf442a791eebc93cc
Reviewed-on: http://gerrit.openafs.org/6868
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
Wrap potential exception locations in __try ... __except so
that the exceptions can be caught by us instead of Cc/Mm which
use exceptions to signal status.
Change-Id: Ifef02bbf2c76b8583b538e4b67d4136c832b6cc6
Reviewed-on: http://gerrit.openafs.org/6859
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
During data version invalidation the AFS redirector must CcPurge
any non-dirty extents on a file. This operation can be intercepted
by a filter driver which in turn might open the file and close it
again before the CcPurge completes.
The AFSPerformObjectInvalidate call holds the ExtentsResource
shared which can deadlock if AFSClose attempts an extent tear down
which requires exclusive access to the ExtentsResource.
Change-Id: I7cb0289d8036aabf56bb11fd12a79308be45faa8
Reviewed-on: http://gerrit.openafs.org/6856
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
commit 8e0aaae076 , while fixing dkms.conf for
Fedora, broke dkms.conf for RHEL. In RHEL, you get a dkms.conf with too
many backslashes in the "mv" line. The dkms.conf should have the mv line
reading:
mv src/libafs/MODLOAD-*/\$KMODNAME \$DSTKMOD"
for Fedora.
This change checks if we are building on Fedora, and if so, maintains
the extra backslashes. Otherwise, not.
modified: src/packaging/RedHat/openafs.spec.in
Uses the dist tags as specified at
http://fedoraproject.org/wiki/Packaging:DistTag
Change-Id: I7fd7531758a63b2634424c2fcba23ae1b0fc8f2f
Reviewed-on: http://gerrit.openafs.org/6851
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
RX_CALL_BUSY is an indication that the call channel is busy not
that the server is down or otherwise cannot respond. Unconditionally
retry the RPC and do not alter state. We just want to force the use
of a different call channel.
Change-Id: Ic4ef9bac800087f1b287d3da08fcd5eec84374ef
Reviewed-on: http://gerrit.openafs.org/6852
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Hartmut Reuter <reuter@rzg.mpg.de>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The SMB specification permits the server to save a round trip
in the GSS negotiation by sending an initial security blob.
Unfortunately, doing so trips a bug in Windows 7 and Server 2008 R2
whereby the SMB 1.x redirector drops the blob on the floor after
the first connection to the server and simply attempts to reuse
the previous authentication context. This bug can be avoided by
the server sending no security blob in the SMB_COM_NEGOTIATE
response. This forces the client to send an initial GSS init_sec_context
blob under all circumstances which works around the bug in Microsoft's
code.
Do not call smb_NegotiateExtendedSecurity(&secBlob, &secBlobLength);
As a result of the SMB 1.x bug, all attempts to reconnect fail due to
SMB connection resets. The SMB 1.x redirector will retry indefinitely
but all processes with outstanding requests to \\AFS will block until
the machine is rebooted.
Change-Id: Iedd58fccbf85495d48871935f6e61ede1e1240ff
Reviewed-on: http://gerrit.openafs.org/6846
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
When we receive interface information from a client to determine its
alternate IP addresses, ignore any addresses that look like loopback.
Change-Id: I245ebfc74ad1e8bd2fcd235a00f000d29229668d
Reviewed-on: http://gerrit.openafs.org/2368
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The Freelance.Local.Cell is updated by the registry monitor
thread and cm_UpdateCell should be a no-op. Make it so.
Change-Id: I2961114590af6b64b8ae06d608a97513e83aad4e
Reviewed-on: http://gerrit.openafs.org/6791
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
A successful open must have FileObject->FsContext set to a structure
with a valid/initialized FSRTL_ADVANCED_FCB_HEADER object.
Not having this breaks assumptions in the kernel.
Patchset edited by Jeffrey Altman <jaltman@your-file-system.com>
Change-Id: I70c9045bfa02c54074c015e6e871ead63efb6769
Reviewed-on: http://gerrit.openafs.org/6782
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The AFSOpenRedirector functionality must exist in the framework,
AFSRedir.sys, not the library, AFSRedirLib.sys.
Change-Id: Id688efba016d94df558b241e9bee421c86c60e27
Reviewed-on: http://gerrit.openafs.org/6781
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
If the Bug Check flag is set, the call to AFSBreakPoint() in
AFSExAllocatePoolWithTag() will trigger. There is no need for
an explicit bug check test in AFSExAllocatePoolWithTag().
If AFSExAllocatePoolWithTag() returns NULL there is no need
to ASSERT() the return value since AFSBreakPoint() would already
have been called to signal a debugger.
Change-Id: Ie8564f41f811c3afd99dc2e9c02f4aa68d63ef8e
Reviewed-on: http://gerrit.openafs.org/6780
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
This reverts commit 209df87d08.
Turning on BugCheck by default was a good idea because we needed
to track down the cause of exceptions that were otherwise being
thrown resulting in resource leaks. However, it is a bad idea
because it results in out of memory conditions throwing bug checks
that result in a BSOD.
Change-Id: If0965657957ed73b83686a9be42b0d7f89964f2f
Reviewed-on: http://gerrit.openafs.org/6779
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The current usage of make_h_tree.pl adds a build requirement of
/usr/bin/perl that we did not have prior to commit
1d6593e952. Do the same thing in a
bourne shell script instead, so we don't need perl.
Note that this is not as generalized as make_h_tree.pl, but it doesn't
need to be. Specifically, this does not strip a leading ../ from found
include directives (nothing in the tree that includes h/* files uses
this), and header filenames containing whitespace almost certainly do
not work correctly.
The h => sys mapping is also much more hardcoded, but that's all we
were using this for anyway.
Change-Id: If07888abfdb9e8ec822b33abed0bf744b7210a52
Reviewed-on: http://gerrit.openafs.org/6790
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Currently we always fork a child in the salvager in order to salvage a
volume group. I believe this is in order to protect SEGV, exit(), etc
in one salvage operation from preventing salvaging anything else. When
salvaging a single volume group, though, there appears to be little
benefit.
In addition, we need to keep the VG salvaging code in the same process
as the cleanup code for single-volume salvages, so we can know which
volumes were deleted by SalvageVolumeGroup, so we know which volumes
to bring back online. So, do not fork for the singleVolumeNumber case.
Note that for DAFS, we already never fork for the entire salvage
operation when salvaging an individual volume group. So, this is
effectively a non-DAFS-only change.
Change-Id: I2b646b9ff932a673c714bc27ac32ed41cc3e22e6
Reviewed-on: http://gerrit.openafs.org/6787
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The 'fileName' field in VolumeSummary serves two apparent purposes:
- Storing the filename of the volume header file (V0XXX.vol).
- Indicating whether or not a given VolumeSummary object is
referenced by any inodes on disk. fileName is set by
AskVolumeSummary/GetVolumeSummary, and is cleared in
SalvageFileSys1 when a matching inodeSummary entry is found.
This is very confusing. The first purpose is completely unnecessary;
we can always calculate the filename from the volume id for the
volume, and we already enforce the filename to be of that specific
format. The second purpose is very unclear in the current code, and
overloads the meaning of the field.
So instead, remove fileName entirely. Code that was using it to locate
the header file are changed to use VolumeExternalName_r. Code that was
using the field to determine if the volume is "unused" is changed to
use a field just called "unused", set to 0 or 1.
Change-Id: I5e257ea633b7ae821136c88e1b2024f62125ab30
Reviewed-on: http://gerrit.openafs.org/6786
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
In MaybeZapVolume, currently we do not remove the volume header if the
given isp->volSummary->fileName is not set. This effectively means
that we only actually "zap" volumes for which we have just created the
header, or which are not referenced by any inodes.
For readonly volumes that have errors, we want to delete the volumes
instead of salvaging. Readonly volumes with valid headers will have
fileName as NULL, though (set back in SalvageFileSys1), so
MaybeZapVolume will refuse to remove them. What ends up happening is
that the headers will stay around, but since we do not finish checking
the volume, all of the inodes for the data in the volume will be
dec'd. This results in a volume whose header exists, but none of its
inodes (including special inodes) exist, so the volume will need to be
salvaged again, and during that salvage will be deleted (because there
are no inodes for the volume).
Avoid all this, and just delete volume headers for volumes that lack a
valid fileName. Instead try to avoid deleting headers with
volSummary->deleted set, just so we don't try to delete the same
headers twice.
Related issue reported by Åsa Andersson.
Change-Id: I4797d0cabe3851debdc78f4ed9ee619534397970
Reviewed-on: http://gerrit.openafs.org/6784
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
