Commit 6b67cac4 (convert xstat and friends to pthreads) converted the
xstat utilities to pthreads, but we still need to explicitly pass
AFS_PTHREAD_ENV on WINNT to enable various pthread-specific code
paths. So give -DAFS_PTHREAD_ENV for our objects in this dir.
Change-Id: I222b99399a5fad3df528be2bc31823eb8bc52c62
Reviewed-on: https://gerrit.openafs.org/13823
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
tbutc uses pthreads, not LWP, so link it against mtafsutil.lib (a
pthread library), and not afsutil.lib (an LWP library).
Change-Id: Id29888d88bfdd9585e017217a9951eb645c65336
Reviewed-on: https://gerrit.openafs.org/13822
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit 59d3a8b8 (vos: restore status information to 'vos status')
added the function rx_GetCallStatus to Rx, and used it in the
volserver, but didn't add the function to our .sym and .exp files,
causing a linker error on at least WINNT.
Add the function to the relevant .sym/.exp files, so we can link on
all platforms.
Change-Id: I859ac6d04d8a21eb6f8b4ba3f3720ca318e91334
Reviewed-on: https://gerrit.openafs.org/13820
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
ptclient.c contains a stub definition for osi_audit, but audit.c
already contains a real definition for osi_audit. libafsauthent
doesn't seem to actually need anything from ptclient (and the Unix
libafsauthent doesn't appear to use it), so just don't include
ptclient when linking libafsauthent.
Change-Id: I4172b80138e5ea121fc3ae2689cf4ed23c81e35b
Reviewed-on: https://gerrit.openafs.org/13819
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Since commit c43169fd (OPENAFS-SA-2018-001 Add auditing to butc server
RPC implementations), butc references symbols from audit. So add audit
to our libraries to link against, so we can link butc on WINNT.
Change-Id: I65f4d87085a8917c9b11d7c27b8e3902cd2a1c1c
Reviewed-on: https://gerrit.openafs.org/13818
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
We don't supply an implementation for opr_threadname_set for WINNT;
don't pretend that we do.
Change-Id: Ifa8042253d0aa10f365356d93cea3fad4686371a
Reviewed-on: https://gerrit.openafs.org/13817
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The current method of importing our ticket5 code from Heimdal has a
few issues:
- The der-protos.h file we generate contains numerous function
prototype declarations that looks like this:
ret-type func(parm-list, type */* comment */);
which cause numerous warnings on WINNT, because the '*/*' sequence
looks like the end of a nonexistent comment. This was previously
fixed manually in commit 8b5d3a73 (rxkad: remove warnings from
der-protos.h), but each time we regenerated our ticket5 code, the
same thing would happen.
- We manually insert an include for "asn1_err.h" in our v5der.c, and
the v5gen.c we pull in has an include for <asn1_err.h> inside it.
During a WINNT build, these can pull in different asn1_err.h files
(one from us, and one from the "Heimdal compatibility layer SDK" or
anything else in our include paths). Since the asn1_err.h in our
tree doesn't have an include guard, the code for both gets included,
which can cause various problems.
- Our current asn1_err.h file that we include is ultimately generated
by the awk-based compile_et from e2fsprogs, not the C-based
compile_et from Heimdal. This likely happened by accident because
the Heimdal build system uses the system compile_et by default. This
flavor of compile_et generates arguably inferior comerr-based header
files (they lack include guards, and they use #define constants
instead of enums).
Fix these issues with some edits to our README.v5 script:
- Apply a simple sed filter when we pull in der-protos.h to change
'*/*' into '* /*', to remove the relevant warnings.
- Instead of inserting an include for asn1_err.h into v5der.c in our
import script, just put it in ticket5.c, making it easier to see and
edit. Change this to <asn1_err.h> so it uses the same asn1_err.h as
in v5gen.c.
- Add a note to run the Heimdal build with COMPILE_ET=no, so the
Heimdal build system uses the in-tree compile_et, instead of
whatever is on the relevant system.
With these changes, redo the Heimdal import from the same version of
the Heimdal codebase.
Change-Id: I01e06f2799f1c828b8224c3425079b313ffb5b6b
Reviewed-on: https://gerrit.openafs.org/13816
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit b604ee7a (OPENAFS-SA-2018-002 kaserver: prevent KAM_ListEntry
information leak) added a memset in kamListEntry before COUNT_REQ, but
COUNT_REQ declares a local variable. This breaks the WINNT build,
because we must declare variables at the beginning of a block.
To fix this, just swap the two lines.
Change-Id: I47eb61e6f95c2e38c619e90c8f093de325892c63
Reviewed-on: https://gerrit.openafs.org/13815
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Commit 83eec909 (Implement afsconf_GetRXGKKey) added a reference to
rx/rxgk_types.h inside cellconfig.p.h. Nothing ever added src/rxgk
WINNT makefiles, so that include file is never installed into
place, breaking the WINNT build when code tries to include
cellconfig.h.
To fix this and other code that needs rxgk header files, create an
NTMakefile for src/rxgk, which just exists to install headers into
place. Call it from the top-level NTMakefile right before copying in
the auth headers.
Change-Id: Id111479f55b4c330640e80d167a8af664fe3622e
Reviewed-on: https://gerrit.openafs.org/13814
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, in rx_GetCall when building for the kernel, if we notice
that we're shutting down (that is, if afs_termState has reached
AFSOP_STOP_RXCALLBACK), we return immediately. However, 'sq' may have
been allocated much earlier in this function, and if we return here,
we never free 'sq' or set it on any list.
Returning immediately is also unnecessary here; if we just 'break' out
of our wait loop, 'call' will still be NULL, and we'll break out of
the outer loop, and go through the rest of the function like normal.
The only difference is, if we 'break' instead of 'return'ing, we'll
put 'sq' on the free list before returning.
So, just 'break' out of the loop instead of returning, so we put 'sq'
on the free list and avoid leaking its memory.
Change-Id: Ibb2f4e697a586392f76ccdbbefdae8d75740f6fe
Reviewed-on: https://gerrit.openafs.org/13715
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Commit 9ebff4c6 (OPENAFS-SA-2018-001 audit: support butc types) made
src/audit require the butc.h header, and updated Makefile.in to
reflect this. However, this dir is also built on WINNT, and the
NTMakefile was not updated to reflect this dependency. As a result, we
might fail to build src/audit on WINNT, since butc.h may not exist
yet, and we get an error like:
cl [...] /c audit.c
audit.c
cl : Command line warning D9025 : overriding '/W4' with '/W3'
audit.c(27) : fatal error C1083: Cannot open include file: 'afs/butc.h': No such file or directory
NMAKE : fatal error U1077: 'C:\PROGRA~2\MICROS~1.0\VC\bin\amd64\cl.EXE' : return code '0x2'
To fix this, move 'bubasics' to be made before 'audit' in NTMakefile,
so butc.h is available when we build 'audit'.
Change-Id: I2053db7cd95353cf6b703b4033239810338890aa
Reviewed-on: https://gerrit.openafs.org/13813
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Change afs_FreeOneToken to unlink the given token from its container,
instead of requiring its caller to do so. Rename the function to
afs_FreeFirstToken, to help indicate the change in behavior.
Also, while we are changing afs_FreeTokens to accommodate this change,
simplify afs_FreeTokens a little, making it resemble
afs_DiscardExpiredTokens a bit more.
[kaduk@mit.edu: add note about dead store elimination]
Change-Id: I0cf9d8b94236c736001a38cccfa7fdfff9f3e609
Reviewed-on: https://gerrit.openafs.org/13807
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, running any LWP program on recent FreeBSD on amd64 causes
(or can cause) a SIGBUS very quickly. This is possibly because our
stack management code in LWP only ensures our stacks are 4 or 8-byte
aligned in most cases (except DARWIN, which gets 16-byte-aligned
stacks), according to the value of STACK_ALIGN. The amd64 ABI mandates
that stacks be 16-byte-aligned, and some function calls assume that
this is followed, causing a SIGBUS when it is not. FreeBSD on amd64
currently uses process.amd64.s for its savecontext() implementation,
which does not do any checking or fixup of the stack alignment.
This behavior has been observed on amd64 with FreeBSD 11 specifically,
but it probably happens on any FreeBSD release when using clang.
FreeBSD switched to clang as the default compiler with FreeBSD 10, so
this probably occurs with FreeBSD 10 and newer.
We could perhaps try to fix this by changing our stack management
code, but we can also avoid most of this nonsense by just using
ucontext instead of our custom assembly code. So, do that, by setting
USE_UCONTEXT for FreeBSD 10+. Also enable the same 'stackvar'-based
workaround in savecontext() as Linux uses, since otherwise 'topstack'
appears to always be NULL, and triggers our stack overflow checks.
Note that while LWP use is deprecated, as of this commit many small
utilities (like 'fs') are still linked to LWP, and so are unusable
without a fix like this.
Change-Id: Ie8e928bd71e7f6e9c0fb1379259c55527b6ccdf3
Reviewed-on: https://gerrit.openafs.org/13691
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, specifying --with-bsd-kernel-build during configure causes
us to set BSD_KERNEL_BUILD, which sets KBLD in MakefileProto.FBSD.in,
but nothing ever uses KBLD. This means that when we use
--with-bsd-kernel-build, we don't actually build against the
configuration for that kernel, which can result in a libafs.ko that
cannot be loaded or causes other errors. Specifically, if trying to
build for a VIMAGE kernel, the kernel complains when trying to load
libafs:
[...] kernel: link_elf_obj: symbol in_ifaddrhead undefined
[...] kernel: linker_load_file: Unsupported file type
The FreeBSD module build system looks for KERNBUILDDIR for an
alternative build, which it uses to pull in opt_global.h and other
required pieces from the build tree. So just specify KERNBUILDDIR if
we have one.
At the same time, avoid setting our default value for BSD_KERNEL_BUILD
for FBSD when the calculated dir doesn't exist. At least for the
default GENERIC kernel on FreeBSD 11.2-RELEASE, there may not be a
build dir on the running machine, and so setting BSD_KERNEL_BUILD to
the calculated value causes the build to fail when it doesn't exist.
Change-Id: Ib3079354f9f6dba13970de5308bbcecaf9b35059
Reviewed-on: https://gerrit.openafs.org/13746
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Tim Creech <tcreech@tcreech.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
In commit 9703b023 (FBSD: VIMAGE support), we changed a couple of our
variable references to their V_* equivalents, to accommodate kernels
with VIMAGE turned on. This allows us to build, but causes us to crash
whenever we hit that code when VIMAGE is enabled, because the relevant
macros reference 'curvnet', which is NULL outside of networking code.
What we're supposed to do is to set 'curvnet' before entering
networking code by calling 'CURVNET_SET(xxx)', and reset it afterwards
by calling 'CURVNET_RESTORE()'. We must make exactly one _RESTORE call
for each _SET, and they are supposed to be run at the same level of
scope.
So to avoid the crashes, make the relevant CURVNET_* calls whenever we
look at networking info. We currently only do this in a few places:
- In afs_SetServerPrefs, to try to detect if a given server address is
in the same network as one our local interfaces (V_in_ifaddrhead)
- In rxi_GetIFInfo, for some MTU-related info (V_ifnet)
- In rxi_FindIfnet, for some MTU-related info (ifa_ifwithnet)
As for what vnet we actually set 'curvnet' to, we could set it to the
vnet of the current thread (TD_TO_VNET(curthread)), or we could set it
to the vnet of an associated network object (a socket, an interface,
etc). Since all of our network-related code goes through Rx, in this
commit we set curvnet to the vnet of the Rx socket
(rx_socket->so_vnet).
Note that VIMAGE is optional in 11-RELEASE, but is turned on by
default in 12.0-RELEASE. For more information, see:
https://wiki.freebsd.org/VIMAGE/porting-to-vimage
[adeason@dson.org: Reworded commit message; moved some code around.]
Change-Id: If631b8942d7ee5cfe38a8f0c32b282d015f0bf35
Reviewed-on: https://gerrit.openafs.org/12580
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Fix a few style nits and other minor edits in afs_tokens.c. Mark a few
functions 'static' that are not referenced outside of that file.
Change-Id: Icdae1adb8282f96c7ccc6d4d053216b360adc38e
Reviewed-on: https://gerrit.openafs.org/13806
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Fix a few style nits in rx_opaque.c
Change-Id: Ia03ba3f95911b791c63b3a07f2ab887063da36a7
Reviewed-on: https://gerrit.openafs.org/13805
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
There is a perhaps-surprisingly large amount of code disabled behind
directives like '#if 0', '#ifdef notdef', and '#ifdef notyet'. At
best, this code is clutter, and at worst some of it is
confusing/outdated, and/or confusingly nested inside other
preprocessor conditionals. Sometimes this disabled code shows up when
grepping the tree, and causes a nuisance when refactoring related
areas of code.
Get rid of all of it. If anyone ever wants this code back, it can
always be restored by reverting portions of this commit.
Also delete some comments that clearly refer to the disabled code, and
in some cases, adjust the adjacent comments to make sense accordingly.
This commit doesn't touch any files in src/external/.
Change-Id: If260a41257e8d107930bd3c177eddb8ab336f0d1
Reviewed-on: https://gerrit.openafs.org/13683
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Our sysctl definitions are quite verbose, and adding new ones involves
copying a bunch of lines. Make these a little easier to specify, by
defining some new preprocessor macros.
Change-Id: I45fc8122b18587f42f52b3d41a1f4c6937ec0f8a
Reviewed-on: https://gerrit.openafs.org/13700
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
When we build the kernel module on LINUX, we don't pass in any of our
CFLAGS, since the Linux buildsystem itself figures out what flags are
needed. However, this means that we don't pass in -Werror when
--enable-checking is turned on, so warnings may not cause the build to
fail.
To fix this, create a new autoconf variable, called CFLAGS_WERROR,
that only contains -Werror if --enable-checking is turned on. We then
pass that into the Linux module buildsystem, so -Werror is given to
the compiler when building our module.
Change-Id: I0f1ec8b1a8096d10642c67b86314604c20ea2c60
Reviewed-on: https://gerrit.openafs.org/13682
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, afs_thiscell can be allocated (via strdup) during client
startup, but is never freed. Free it in shutdown_cell() to avoid
leaking the memory.
Change-Id: I77954ef35f949c8a638ba15615148ab784f7f48f
Reviewed-on: https://gerrit.openafs.org/13714
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Add a shutdown sequence for dynroot, which frees the afs_dynrootDir
and afs_dynrootMountDir blobs, if they exist. Otherwise, we can leak
the memory allocated for those blobs.
Change-Id: I80fe41a0fcacbd272677ff778cd4ba51399f32f9
Reviewed-on: https://gerrit.openafs.org/13713
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
AFS_KALLOC is already defined to be osi_fbsd_alloc on FBSD, so this
extra #ifdef here is completely unnecessary. Remove it.
Do the same for AFS_KFREE/osi_fbsd_free.
Change-Id: I3e42ec433a732402cc9de9ba9c035774ec29c2a5
Reviewed-on: https://gerrit.openafs.org/13708
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Currently, in afs_unmount, we give vflush a 'rootrefs' arg of 1,
indicating that we hold 1 reference on the root vnode. But ever since
commit 6eb1088a (freebsd: properly track vcache references), we drop
the ref for the root vnode at the beginning of this function.
What happens currently in afs_unmount for a normal successful umount
is something like this (at least, on FreeBSD 11.2-RELEASE):
- We afs_PutVCache the afs_globalVp vcache, reducing its v_usecount
and v_holdcnt to 0, and afs_globalVp is set to NULL.
- vflush calls afs_root() to get the root vnode, which sees that
afs_globalVp is NULL, and so calls afs_GetVCache for the root fid
and returns it (and sets afs_globalVp to that vcache), with a
v_usecount of 1.
- vflush tries to vgonel() all of our vnodes, which calls our
afs_vop_reclaim, which calls afs_FlushVCache(). For the root vnode
specifically, vflush() sees that v_usecount is nonzero, and so skips
calling vgonel() at first, but later calls vgone() on it
specifically because we gave a nonzero 'rootrefs'. The resulting
afs_FlushVCache() for the root vnode fails, because the root vnode's
v_usecount is still 1. Since a failure from afs_vop_reclaim would
cause a panic, we just log a warning and try to continue on anyway.
- vflush() calls vrele() on the root vnode, right before returning.
All of this allows the unmount to proceed, but this means that most of
afs_FlushVCache() doesn't actually run for the root vcache, and it
means we always log a warning like this on unmount:
afs_vop_reclaim: afs_FlushVCache failed code 16 [...]
In addition, this means that setting afs_globalVp at the beginning of
afs_unmount() is largely pointless, since it gets set to a vcache
again near the beginning of vflush().
To avoid all of this, stop lying to vflush about how many references
to the root vnode we hold, and just say that we hold 0 references.
Change-Id: Ib434c5fc48e67c3863fcad41279c3d9e0e0b8c2b
Reviewed-on: https://gerrit.openafs.org/13709
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
When a_fl->type is F_UNLCK, FreeBSD gives our VOP_ADVLOCK an a_op of
F_UNLCK, instead of F_SETLK like we expect. This causes afs_lockctl to
return EINVAL, since F_UNLCK isn't a normal fcntl lock op, and so
userspace requests to unlock fcntl-style locks always fail. This can
be seen, for example, when trying to use sqlite3 to access a database
that lives in afs.
This F_UNLCK behavior in FreeBSD seems a bit peculiar, but has been
around effectively forever (since 4.4BSD-Lite). So just work around
it.
[adeason@dson.org: minor style adjustments and commit message/comment
rewording.]
Change-Id: I8bfaff9274e40761aa291930430a08b83b524d1b
Reviewed-on: https://gerrit.openafs.org/12579
Reviewed-by: Tim Creech <tcreech@tcreech.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Most of the ARCH/osi_vcache.c implementations were defining functions
like:
void
osi_foo(args) {
/* impl */
}
But our prevailing style is:
void
osi_foo(args)
{
/* impl */
}
Fix them to follow our prevailing style, and fix a couple of the more
obvious errors with identation and goto label.
Change-Id: Ie752ee67aa6acfec3bf9a28d7da41151f95fbbf6
Reviewed-on: https://gerrit.openafs.org/13699
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The only valid values for afs_fakestat_enable right now are 0, 1, and
2. Check if the given value actually matches one of those, in case we
have mismatched libafs/afsd versions, and future code adds new values.
Return EINVAL and log a message if we're given an unknown value.
Change-Id: I36ad4263e7e3ab311f6edb97a9c48edc035f6753
Reviewed-on: https://gerrit.openafs.org/13698
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
AFS_NEW_BKG allows libafs to request the afsd background daemon
processes to do certain userspace operations. This is currently only
used on DARWIN for handling EXDEV file moves, but this framework can
be useful on LINUX, as well. So, turn it on for LINUX.
This commit does not introduce any new background operations for LINUX
to actually use; we're just turning on the new framework. Future
commits will introduce new background operations.
Change-Id: I5d371f85b87899ce6ab2d5e520954a893679d37e
Reviewed-on: https://gerrit.openafs.org/13284
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The real lie here is that TellALittleWhiteLie exists in afs_vcache.c.
That has never been true, ever since OpenAFS 1.0.
Change-Id: I5ba121db5b4f0bbe7a37054a3d2d8c46f6c49c0a
Reviewed-on: https://gerrit.openafs.org/13697
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The 'avc' argument in afs_GetVCache has never been used, all the way
back to OpenAFS 1.0. The 'cached' argument was set correctly, but none
of its callers ever looked at the result of 'cached'. Remove these
useless arguments.
afs_LookupVCache and afs_GetRootVCache also had the same 'cached'
argument, which was also never used by callers. Remove it for those,
as well.
Change-Id: I3536259f26536acc02fbb058787f417bf0f50b9a
Reviewed-on: https://gerrit.openafs.org/13681
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Linux 5.3.0 commit 3cf5d076fb4d48979f382bc9452765bf8b79e740 "signal
Remove task parameter from force_sig" (part of siginfo-linus branch)
changes the parameters for the Linux kernel function force_sig. See LKML
thread starting at https://lkml.org/lkml/2019/5/22/1351
According to the LKML discussion and the above commit message force_sig
is only safe to deliver a synchronous signal to the current task. To
send a signal to another task, we're supposed to use send_sig instead,
which has been available since at least linux 2.6.12-rc12.
Currently, rx_knet calls force_sig to kill the rxk_ListenerTask. With
the Linux 5.3.0 kernel, this module fails to compile due to the above
noted changes.
Replace the force_sig call with send_sig. In order to use send_sig, the
rxk_listener thread must allow SIGKILL and during shutdown (umount)
SIGKILL must be unblocked for the rxk_listener thread.
Note that SIGKILL is initially blocked on rxk_listener and is only
unblocked when shutting down the thread. Having the signal blocked is
sufficient to prevent unwanted signals from reaching the rxk_listener
thread during normal operation.
Change-Id: I0c31d66f4ecd887ff9253ba506565592010e8bcb
Reviewed-on: https://gerrit.openafs.org/13753
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Linux 5.3.0 commit dcf49dbc8077e278ddd1bc7298abc781496e8a08 "keys: Add a
'recurse' flag for keyring searches" adds a new parameter to
Linux kernel keyring_search function.
Update the call to keyring_search to include the recurse parameter if
available. Setting the parameter to true (1) maintains the current
search behavior.
Change-Id: I54b7ed686bf1fb4c42789e5d251ae76789e9fc88
Reviewed-on: https://gerrit.openafs.org/13752
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
commit 98ca332c4a (rxkad: v5der.c format
truncation warnings) contains a typo in the test for clang (_clang
instead of __clang__)
Correct the typo in the #if statement to test for __clang__
Change-Id: I0dbe603072740fcf2fb2cb2cea464a48009fee74
Reviewed-on: https://gerrit.openafs.org/13754
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The rand-fortuna.c we get from Heimdal's hcrypto currently sometimes
causes a warning on LINUX when building in the kernel, because
fortuna_reseed() has a (potentially) large stack size:
.../src/libafs/MODLOAD-.../rand-fortuna-kernel.c:549:1: error: the frame size of 1032 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
Currently this does not cause the build to fail, even with
--enable-checking, since -Werror is not given in the CFLAGS when
building our kernel module. But if -Werror is passed in CFLAGS (in a
future commit), this would cause the build to fail.
Since this is an external source file, we cannot change it directly.
At least for now, just prevent this warning from breaking the build by
passing -Wno-error=frame-larger-than= into the CFLAGS for that file.
Change-Id: Ieefdf2dbc318fdcd559435e5f329eef5cf9bb9ba
Reviewed-on: https://gerrit.openafs.org/13684
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
GCC is generating format-truncations warnings. With newer levels of gcc
(e.g. gcc8) and --checking-enabled these warnings result in errors and
failed builds. In addition clang8 static analysis tools are reporting
memory leaks.
Replace snprintf with asprintf and eliminate some of the large work
buffers that are being placed on the stack. In order to correct some of
the format-truncation errors the size of the buffers grew significantly
(e.g. gcc is reporting the need to resize some of the buffers from 256
bytes to 4K in order to eliminate the warnings).
Ensure allocated work buffers are freed before function return.
Obtained a clean build with gcc9/clang8 with --enable-checking and a
clean scan-build report with clang8.
Change-Id: Ie8e22fdff2e0ba6494b1b449f413ecbe38f367bd
Reviewed-on: https://gerrit.openafs.org/13494
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
IsDCacheSizeOK currently can incorrectly flag a dcache as corrupted,
since the size of a dcache may not match the size of the underlying
file in a couple of RW conditions:
- If someone is writing to a file beyond EOF, the intermediate
'sparse' area may be populated by 0-length dcaches until the data is
written to the fileserver.
- Directories may be modified locally instead of being fetched from
the fileserver, which can sometimes result in a directory blob of
differing sizes.
To avoid false positives detecting dcache corruption, just skip the
IsDCacheSizeOK check for directories, and any file with pending writes
(CDirty).
Also add some extra information to the logging messages when this
"corruption" is detected, so false positives may be more easily
detected in the future.
Change-Id: I5130287d0de791cffea85aaec5a0899d5c8d092e
Reviewed-on: https://gerrit.openafs.org/13747
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
clang complains that these casts contain an incomplete function type
(since the function argument is omitted rather than declared to be
void). Since we just need the cast to pointer type, let the compiler
do it implicitly and pass stock NULL, rather than trying to force a
cast to function-pointer type.
Change-Id: Ia2a4cf61d51faef3b4cd469133d9143ca5f57185
Reviewed-on: https://gerrit.openafs.org/13726
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
“dput” function internally can call dentry_iput which results in
calling afs_dentry_iput. So in case before calling “dput” if global lock
was held then when afs_dentry_iput is called it will again try to lock
global lock and will result in deadlock scenario. So to avoid this
deadlock make sure if global lock is already taken before calling
afs_dentry_iput, don’t try to lock it again. This issue was partially
fixed in commit 0dac4de8 (Linux: drop GLOCK before calling dput)
Change-Id: I71f18c58d5254f0cf0c68ef04c22268ed70dd50f
Reviewed-on: https://gerrit.openafs.org/13725
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Move the dnl macros out of the AC_ARG_ENABLE to fix the
formatting of the --enable-rxgk help string.
Before this commit:
$ ./configure --help | grep -C2 rxgk
--enable-kauth install the deprecated kauth server, pam modules,
and utilities (defaults to disabled)
--enable-rxgk Include experimental support for the RXGK security
class (defaults to disabled)
--disable-strip-binaries
After this commit:
$ ./configure --help | grep -C2 rxgk
--enable-kauth install the deprecated kauth server, pam modules,
and utilities (defaults to disabled)
--enable-rxgk Include experimental support for the RXGK security
class (defaults to disabled)
--disable-strip-binaries
Change-Id: Iaf6695643f11c7b636e3fba33ee7161e21df23a6
Reviewed-on: https://gerrit.openafs.org/13722
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
GCC 9 introduced new warnings/errors and is flagging a sprintf with a
format-overflow warning. With --checking-enabled, this error is causing
testpt.c to fail during compile.
Change the buffer size from 16 bytes to PR_MAXNAMELEN+1 and use snprintf
instead of sprintf. Generate an error message and exit if snprintf
truncates the string.
Change-Id: I30fbe0971ba3e05dc6ac61e7b2ded2fd1777374d
Reviewed-on: https://gerrit.openafs.org/13663
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
GCC 9 introduced new warnings/errors and is flagging a sprintf with a
format-overflow warning. With --checking-enabled, this error is causing
uss_procs.c to fail during compile.
A file name with the full path is being composed and the size of the
buffer was triggering a possible format-overflow warning/error.
Use asprintf to allocate the buffer dynamically instead of using a
buffer sitting on the stack (reducing the stack requirements by 2K).
Produces new error message if asprintf returns an error.
Change-Id: Ib233052aab9c3bc1ec24dac7e70f97933b478d3e
Reviewed-on: https://gerrit.openafs.org/13664
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
In testpt.c the variable cdir is used to print the name of the temporary
dir. However at this point in the code cdir is NULL and the variable
tmp_conf_dir contains the actual name that should be used in the error
message.
Flagged as an error when --enable-checking is on and using GCC 9.
Change-Id: I0c854fd89c0bae1c313ae1f382e58fd410b719e6
Reviewed-on: https://gerrit.openafs.org/13662
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
GCC 7 is producing new warnings due to better compile time analysis.
With --enable-checking v5der.c is failing with 2 errors due to possible
format-truncation in some snprintf calls. The format strings are being
used to format a date and time values from a tm structure.
The actual warnings/errors are being triggered from arithmetic being
performed on the year and month members of the structure. The resulting
values should not exceed the format lengths, but the compilers are still
flagging the statements.
v5der.c is part of the heimdal package that is pulled into the openafs
source tree. v5der.c is not compiled directly but is #included in
ticket5.c
Update ticket5.c to change the severity of the format-truncation
diagnostic to a warning if using GCC 7 (or higher).
Note: since v5der.c is pulled from an external source (heimdal), any
changes to update v5der.c directly would need to be performed upstream.
Change-Id: Icda0d86444f505604abe9fa1cc2450d7538be7ef
Reviewed-on: https://gerrit.openafs.org/13661
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Since the introduction of rxkad-k5 in response to OPENAFS-SA-2013-003,
it is not strictly necessary to configure libkrb5 to allow weak crypto
in order to obtain an AFS token. A sufficient amount of time has passed
since then that it is safe to assume that the default behavior is the
more-secure one, and require opt-in for the insecure behavior.
To indicate that the use of single-DES is quite risky, add the
"-insecure_des" argument to both klog and aklog, to gate the
preexisting calls that enable weak crypto/single-DES.
These calls, and the -insecure_des option, may be removed entirely
in a future commit.
Change-Id: If175d0f95f0ede0f252844086a2a023da5580732
Reviewed-on: https://gerrit.openafs.org/13689
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Historically, there have been many subsystems in libafs that can
generate ENOENT errors for a variety of reasons. In addition to the
expected case where we lookup a name that doesn't exist, other
scenarios have caused ENOENT error codes to be generated, such as:
internal inconsistencies, I/O errors, or even abort codes from the
network.
When one of these scenarios cause an ENOENT error code in one of those
situations during afs_lookup() when the target name does actually
exist, it can be confusing to a user, or even result in incorrect
application behavior. On Linux in particular, ENOENT results from a
lookup are cached in negative dcache entries, and so can cause future
lookups for the same name to yield ENOENT errors.
Various commits have tried to avoid this abuse of the ENOENT error
code, such as 2aa4cb04 (afs: Stop abusing ENOENT). But we cannot
prevent receiving ENOENT abort codes from the network, and mistakes in
the future may cause more scenarios incorrectly yielding ENOENTs.
However, in afs_lookup, we do know that legitimate ENOENT errors can
only occur in one situation: when we have a valid directory blob, and the
afs_dir_Lookup() operation itself returns an ENOENT error for the
target name. For all other areas of afs_lookup(), we know that an
ENOENT error is not legitimate, since we may not be sure if the target
name exists or not.
So to proactively avoid incorrect ENOENT results, prevent afs_lookup
from returning ENOENT, except in the specific code path where
afs_dir_Lookup is called.
Change-Id: I1c91600fd38b1179f02fa6eadea631b6eb8edb6d
Reviewed-on: https://gerrit.openafs.org/13537
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
- Fix the formatting on afs_mount/afs_get_sb definitions
- Declare a couple of functions static that are not referenced outside
of this file
Change-Id: I4880c27dbe2acd296262d29f91736d0028a029c0
Reviewed-on: https://gerrit.openafs.org/13282
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
When AFS_NEW_BKG was added, the kernel module indicated to the
relevant afsd process that it's time to shutdown by returning -2. This
works on DARWIN, but it's difficult to make this work on all
platforms, because of the different way that platforms handle error
codes from our pioctls and other AFS syscalls.
Specifically, on LINUX, negative error codes are assumed to be
negative errno codes, and so returning -2 from the syscall handler
means we return -1 to userspace, with errno set to 2 (ENOENT).
Getting this to work consistently across platforms is probably more
trouble than its worth, so instead of relying on specific return codes
from the syscall, just add a new background daemon operation called
AFS_USPC_SHUTDOWN, which just tells the background daemon to exit.
Change-Id: I00b245c8f734dc9e49d6b4268cd0f6a4f1896894
Reviewed-on: https://gerrit.openafs.org/13281
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
GCC 9 with --enable-checking produces a new warning/error in
afs_utilAdmin.c associated with a strcpy with the potential of an
overlap. The index used is signed which triggers the new warning. The
source and target of the strcpy are contained within the same higher
level structure.
Change the variable 'index' from signed to unsigned to resolve the
warning/error. Change the variable 'total' in the same structure to
unsigned to be consistent with it's usage with 'index'.
Change-Id: Icaa99e278a5d8262caeaec0b2723e826a57554aa
Reviewed-on: https://gerrit.openafs.org/13660
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, if the dcache for a file has nonsensical length (due to
cache corruption or other bugs), we never notice, and we serve
obviously bad data to applications. For example, the vcache metadata
for a file may say the file is 2k bytes long, but the dcache for that
file only has 1k bytes in it (or more commonly, 0 bytes).
This situation is easily detectable, since the dcache and vcache refer
to the same version of the same file (when the DVs match), and so we
can check if the two lengths make sense together. So to avoid giving
bad data to userspace applications, perform a sanity check on the
lengths at the same time we check for DV matches (to see if the dcache
looks "fresh" and not stale). If the lengths do not make sense
together, we just pretend that the dcache is old, and so we'll ignore
it and fetch a new copy from the fileserver.
Also check the size of the data fetched from the fileserver for a
newly-fetched dcache in afs_GetDCache, to avoid returning a bad dcache
if the dcache isn't already present in the cache.
Change-Id: I338a4962322d8c0d06d1ea25fd7d252b5f83dc9f
Reviewed-on: https://gerrit.openafs.org/13436
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
