Flag both of our assertion error handlers as being AFS_NORETURN, so
that static analysers can truncate their decision trees, and avoid
false positives, based on assertion statements.
Change-Id: I511c9c19a714cd3eaa5a886bf9561f577244360e
Reviewed-on: http://gerrit.openafs.org/7101
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
If GetNameOrId is called with no work to do, then don't attempt to
malloc a load of 0 length strings. Instead just return an empty array
to the caller.
Change-Id: I245cfde71d65b8a3b6df4217b90dad81e9e60a58
Reviewed-on: http://gerrit.openafs.org/7100
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
If there's no work to do, then don't attempt to malloc 0 bytes, and
just return success to the user
Change-Id: I060852a247acb8309c75f3670577561b5a9af591
Reviewed-on: http://gerrit.openafs.org/7099
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Handle the case where a list of keys may be empty - don't attempt
to calloc a 0 length array, and have Put handle the case where the
array being freed has no elements.
Caught by clang-analyzer
Change-Id: I665035cb00a8da411710a71a17ae66545702127f
Reviewed-on: http://gerrit.openafs.org/7098
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
At the moment, the Unix CM doesn't support entering a purely RO
disconnected mode (the historical AFS_IS_DISCONNECTED mode). If we
go disconnected, or reconnect we always toggle RW discon at the same
time as we toggle RO. Arguably, the RO disconnected mode should just
be removed, as it is now superceded.
For the moment, make it clear to the compiler that RW disconnected
implies RO disconnected, so that static analysis can make more sensible
decisions about code paths.
Change-Id: I7e2d04d2cf67740c6b6285950874c6a4eaeb0537
Reviewed-on: http://gerrit.openafs.org/7097
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
The routines which do AFSDB and SRV lookups copy the results of
gethostbyname directly into an afs_int32, and use the size of the
result to limit the copy. If, for any reason, they get a result that
isn't an int, then they will overflow this value.
Check that the result we get from gethostbyname is in the INET
address family, and also limit the size of the copy by the size of the
destination, rather than that of the source.
Caught by clang-analyzer
Change-Id: Icf1426e090bc1ed382212d5de6c291d0816fb2c9
Reviewed-on: http://gerrit.openafs.org/7096
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
When VolumeStats_int calls DisplayFormat, it isn't interested in
the total counters it provides. So, it doesn't both initialising the
variables it passes in to hold these counters - garbage in, garbage out.
However, this shows up as an uninitialises variable warning, so set them
all to 0 to keep clang happy.
Caught by clang-analyzer
Change-Id: Ia3e1eadde6eac6fa924a4ff9ad566c5c50f9ff40
Reviewed-on: http://gerrit.openafs.org/7095
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
If the SalvageHashTable for a particular node is empty, then LookupNode
can return an uninitialised value to the caller. It isn't clear from a
broader code inspection whether LookupNode can ever be called with an
empty SalvageHashTable, but returning a NULL vsp does seem like the
correct thing to do in this situation.
Caught by clang-analyzer
Change-Id: Ibee79e6acf7d3bdbc2995ef924338ade4de77d08
Reviewed-on: http://gerrit.openafs.org/7094
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
On an error GetLastComponent was freeing completely the wrong thing.
Fix this so it frees the memory it has allocated, and not some random
stack pointer.
Caught by clang-analyzer
Change-Id: I8b65f7ab36647b876fae5cbe59d82fd8d38ce0b7
Reviewed-on: http://gerrit.openafs.org/7093
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
The NName function was using strncat(a, b, sizeof(a)), which doesn't
work as you would expect if 'a' already contains data. To avoid the
potential buffer overflow, switch to just using strlcat.
Caught by clang-analyzer
Change-Id: Idd2c630c07a93b27e8d629339589aa6686290eae
Reviewed-on: http://gerrit.openafs.org/7092
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
(well, in userspace at least)
We have 3 different ways of specifying the C compiler - CC, CCOBJ and
MT_CC. On most platforms these are set to identical values by the
configure script. However, this causes problems for a user who wants
to override the default complier choice by doing
make CC=my-favorite-compiler
as this doesn't catch all of the ways we specify the compiler [1]
So, change the specification of CCOBJ and MT_CC so that, by default,
they reference CC, rather than copying its value. This means that on
platforms where CC is the appropriate compiler to use in all situations,
a user need only change CC to modify their compiler choice.
[1] - it might be argued that the correct place to substitue the
compiler is in configure's environment, which does currently work.
However, this doesn't work with special things, like static
analysers, that can build the source tree, but not the configure
tests.
Change-Id: Ib95e2ac00b36f33c3cb2491feacd6c898f8f61dc
Reviewed-on: http://gerrit.openafs.org/7091
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
... except that this change doesn't actually handle this, it just
stops clang from throwing an error about the bogus code that's already
in there. This needs fixed properly ...
Change-Id: Ifbf190a86037fced8104ed0843dd1e7aa0b999a7
Reviewed-on: http://gerrit.openafs.org/7090
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
The len parameter to xdr_len is unsigned, so can never be negative.
Don't bother testing to see if it is negative, so that clang likes us
again.
Change-Id: Iad5f8b1b2d20ec55846bc1ef7b7499a30956e17f
Reviewed-on: http://gerrit.openafs.org/7089
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Doing if ((a==b)) is unecessary. It's also potentially dangerous, as
that's the syntax required to do assignment within an if statement.
clang now issues warnings (errors in -Werror mode) when it encounters
these.
Remove pointless braces from the Unix CM to make clang happy.
Change-Id: I031db80c3f85c0e4c4db365b1c36b5d4b4a7cb48
Reviewed-on: http://gerrit.openafs.org/7088
Tested-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
rxi_RecvMsg returns an int, because it can return a negative value upon
error. Don't store its return value as an unsigned int, because this may
hide the potential errors.
Modify the error handling loop so that errors get to where they are
intended.
Change-Id: I212e5881f83a2a95c177c23dbc2da2583155f1aa
Reviewed-on: http://gerrit.openafs.org/7087
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
clang now expects that strlcpy will always be used to prevent overflow
of the destination string, and gives a warning if the size parameter is
based solely on the length of the source string.
Modify the BreakUpPath function so that it takes the size of the
destination string as an argument, and uses this to limit the amount of
data pasted into it.
Change-Id: I86f68dd2013ca8bc4c88ade78d27c4d416a9ae94
Reviewed-on: http://gerrit.openafs.org/7086
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Doing if ((a==b)) is unecessary. It's also potentially dangerous, as
that's the syntax required to do assignment within an if statement.
clang now issues warnings (errors in -Werror mode) when it encounters
these.
Remove pointless braces from viced to make clang happy.
Change-Id: Iee8c1d60cc2296fefd0e7f82127821dcefb931ec
Reviewed-on: http://gerrit.openafs.org/7085
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Maxvolidbump is defined as an unisgned int, and thus can never be less
than 0. Remove the pointless check, as it just makes clang sad.
Change-Id: I78a2c8f6fcaee17196e37183256e6935cdca183b
Reviewed-on: http://gerrit.openafs.org/7084
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Call memset with the size of the structure we're initialising to 0,
and not the size of the pointer to that structure.
Caught by clang's new warnings.
Change-Id: I8cded7bed4e289e9603778e06873f94fd3924aa8
Reviewed-on: http://gerrit.openafs.org/7083
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
The way in which rxgen handles freeing of objects allocated by the RPC
stub has evolved over the years. Originally, there appears to have been
a "somefrees" parameter which was used to track whether objects required
freeing or not. However, this parameter has fallen in to disuse, as
support for typedefs and unions were added, and which parameters
require freed is now tracked within the description structures
themselves. So, get rid of somefrees, as it is now just confusing.
The generated code to free a set of RPC arguments currently looks
something like:
fail:
z_xdrs->x_op = XDR_FREE;
if (!xdr_string(z_xdrs, &Name, AFSNAMEMAX)) goto fail1;
if (!xdr_string(z_xdrs, &OfflineMsg, AFSOPAQUEMAX)) goto fail1;
if (!xdr_string(z_xdrs, &Motd, AFSOPAQUEMAX)) goto fail1;
if (rx_enable_stats) {
rx_RecordCallStatistics(z_call, RXAFS_STATINDEX,
19, RXAFS_NO_OF_STAT_FUNCS, 0);
}
return z_result;
fail1:
if (rx_enable_stats) {
rx_RecordCallStatistics(z_call, RXAFS_STATINDEX,
19, RXAFS_NO_OF_STAT_FUNCS, 0);
}
return RXGEN_SS_XDRFREE;
Which isn't very efficient, or easy to modify. So, change the code
generator to produce code that looks like:
fail:
z_xdrs->x_op = XDR_FREE;
if ((!xdr_string(z_xdrs, &Name, AFSNAMEMAX))
|| (!xdr_string(z_xdrs, &OfflineMsg, AFSOPAQUEMAX))
|| (!xdr_string(z_xdrs, &Motd, AFSOPAQUEMAX)))
z_result = RXGEN_SS_XDRFREE;
if (rx_enable_stats) {
rx_RecordCallStatistics(z_call, RXAFS_STATINDEX,
19, RXAFS_NO_OF_STAT_FUNCS, 0);
}
return z_result;
This does the same thing, but is easier to read and is more consistent
with the way that we structure marshalling and unmarshalling.
Change-Id: I8b56f320c05c5d4270daf409d57514cbe8d076f5
Reviewed-on: http://gerrit.openafs.org/7005
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
Commit 35becabed8 added support for
the /vicepXX/NeverAttach. However this code only appears to work on
Linux. It fails build testing on (at least) Mac OS X, FreeBSD, and AIX.
Modify the code so that the NeverAttach call uses the same variable to
locate the path of the partition as the AlwaysAttach call does.
Change-Id: Ic87e112f362ac6d23376fb0a263d021c29c0b06e
Reviewed-on: http://gerrit.openafs.org/7125
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Doing if ((a==b)) is unecessary. It's also potentially dangerous, as
that's the syntax required to do assignment within an if statement.
clang now issues warnings (errors in -Werror mode) when it encounters
these.
Remove pointless braces from vol to make clang happy.
Change-Id: I805c52fd76de4d028741ae4382b747917581d2f2
Reviewed-on: http://gerrit.openafs.org/7082
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
FDH_SYNC is a macro which returns a result. This leads to clang
complaining about an unused expression when the macro is expanded.
Avoid this by just casting the macro result to (void) when we aren't
interested in it.
Change-Id: I99eaac7432211d6b0cab10c3e1af0c6d4e2092a8
Reviewed-on: http://gerrit.openafs.org/7081
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
Doing if ((a==b)) is unecessary. It's also potentially dangerous, as
that's the syntax required to do assignment within an if statement.
clang now issues warnings (errors in -Werror mode) when it encounters
these.
Remove pointless braces from ptserver to make clang happy.
Change-Id: I1bf1698b1d12f8228e0456d3d2dff4439879cfba
Reviewed-on: http://gerrit.openafs.org/7080
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
uid_t is unsigned, so checking to see if it is less than 0 is a bit
redundant.
Remove the checks to silence a warning from clang.
Change-Id: I5ae429247d328b3320063b4c035f6e5bb101620b
Reviewed-on: http://gerrit.openafs.org/7079
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
All of the LOG_MASK() checks are performing bitwise operations, and so
should be using '&', not && (which will always be true, providing
logmask is non-zero)
Caught by clang's new error messages
Change-Id: Idce9229b7351adc6c15279c94e1cc1e7fc45596e
Reviewed-on: http://gerrit.openafs.org/7078
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
Modify the tools directory to use a native 64 bit integer type, rather
than rolling its own.
Change-Id: Ib2545b43aa3bf34e8917a4ae7ae4ee3f4be6d1c0
Reviewed-on: http://gerrit.openafs.org/7118
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
add libopr after libafsutil so assert can be satisfied
Change-Id: I77494dc529f21246ae84f6522a578b14a803b6a9
Reviewed-on: http://gerrit.openafs.org/7116
Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
On AIX, building afsdump currently produces the following warnings:
"afsdump_scan.c", line 34.10: 1506-296 (S) #include file <sys/fcntl.h> not found.
"afsdump_scan.c", line 275.32: 1506-045 (S) Undeclared identifier O_RDWR.
"afsdump_scan.c", line 275.41: 1506-045 (S) Undeclared identifier O_CREAT.
"afsdump_scan.c", line 275.51: 1506-045 (S) Undeclared identifier O_TRUNC.
"afsdump_scan.c", line 305.29: 1506-045 (S) Undeclared identifier O_RDONLY.
Rather than including more platform specific goo, just add a roken.h
include to the various files to pull in the necessary headers.
Change-Id: I46db92511c804cfc9b5d67b97cd3596480d306d6
Reviewed-on: http://gerrit.openafs.org/7117
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
AIX's system headers define u_int64. Rename our local 64 bit integer
representation as dt_uint64 to avoid this collision.
Change-Id: I997e3ff89df369a5f0643921a846a759bf8fa90b
Reviewed-on: http://gerrit.openafs.org/7115
Tested-by: Derrick Brashear <shadow@dementix.org>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
A = malloc(strlen(B)+ 1);
memset(A, 0, strlen(B) + 1);
strlcpy(A, B, strlen(B) + 1);
can be more simply written as
A = strdup(B);
Doing so also avoids a warning from clang that strlcpy isn't checking
for A overflowing.
Change-Id: I0e21f86eda7bdc0ce869e651c5ceb23d7494e1e2
Reviewed-on: http://gerrit.openafs.org/7077
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
memset(a, 0, sizeof(a)) is rarely correct, unless a is an error. Use the
size of the destination structure, rather than the size of a pointer to it
when deciding how much memory to clear.
Caught by clang's new error messages
Change-Id: Ia6c566534efae2f67f1b9bd22198d352238a987c
Reviewed-on: http://gerrit.openafs.org/7076
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
size_t is unsigned, and therefore can never be less than 0. Using it as
a return code from read() means that we never catch read errors. read()
is defined as returning ssize_t, so just use this to capture its return
code.
Caught by clang's new error messages
Change-Id: Ibf61119dec2c64fd4b1e16e6ef02178e427116f0
Reviewed-on: http://gerrit.openafs.org/7075
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
Doing if ((a==b)) is unecessary. It's also potentially dangerous, as
that's the syntax required to do assignment within an if statement.
clang now issues warnings (errors in -Werror mode) when it encounters
these.
Remove pointless braces from the Unix CM to make clang happy.
Change-Id: I0f1558b42a487e1de722b77f8423500365a20eee
Reviewed-on: http://gerrit.openafs.org/7074
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
On Darwin 100, we have
#define crfree(X) kauth_cred_unref(&X)
which expands in one place to
kauth_cred_unref(&(afs_ucred_t *)avc->linkData)
clang warns about this in -Werror mode, because arguments to the
address-of operator must be lvalues.
To fix this make crfree an inline function, which will then let us do
the indirection required.
Change-Id: Ic5adb63dcdc11e04c1e428c32e85f33a987fcf42
Reviewed-on: http://gerrit.openafs.org/7073
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
Add an assert() to LogCommandLine to catch the case where it is
called without a command line to log.
Change-Id: Ia1be28b3a1d1d4e144626976f0f82b9675809c0a
Reviewed-on: http://gerrit.openafs.org/7072
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
If Testing is true, and the salvage wants to repair the '.' file,
then it will end up using a garbage value as the location of the
repaired file (vnodeNumber gets set to fid.Vnode, but fid.Vnode is
uninitialised)
Fix this by making it behave as if no repair is necessary when running
in Testing mode. It's unclear that this is entirely the correct answer,
but it's definitely better than the current behaviour.
Caught by clang-analyzer
Change-Id: I1bddd889b3350cf31fe6384573e49e82159c7095
Reviewed-on: http://gerrit.openafs.org/7071
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
The AFS Redirector does not support the Windows quota interface
therefore return STATUS_DISK_FULL for all over quota conditions.
Change-Id: Idd8755b26ab65e423330eeb6cb0e1806dd6306c9
Reviewed-on: http://gerrit.openafs.org/7111
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The parameter 'CellName' is a UNICODE_STRING *. No need to
take the pointer of it to pass to AFSDbgLogMsg().
Change-Id: Id49f95058541a1a0ddaa0db9cb2c5ef0e5a32c64
Reviewed-on: http://gerrit.openafs.org/7109
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Therefore, cm_FindACLCache() must be called with the cm_scache_t
write-locked and therefore cm_HaveAccessRights() must obtain a
write-lock and not a read-lock on 'aclScp'.
Change-Id: I884cd5a70a793d893999bf750264e76d436f40a2
Reviewed-on: http://gerrit.openafs.org/7049
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Modify the Name Array processing to store both the mount point
object and the volume root directory object in the array. This
is necessary for proper operation of
AFSPopulateNameArrayFromRelatedArray when the DirectoryCB parameter
is a mount point object.
Modify AFSBackupEntry to remove two entries if a volume root
directory entry is being removed.
Remove AFSReplaceCurrentElement() as it is no longer used.
Change-Id: Iaa0a4effc3448351d04bcdd72be9ee726ffe4e9a
Reviewed-on: http://gerrit.openafs.org/7021
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
When checking for ACL Entry expiration, obtain the current time
once per call to cm_FindACLCache() instead of once per ACL entry.
Change-Id: I4da9e290a43315bd226f6c1b5dc12abe45ed19f5
Reviewed-on: http://gerrit.openafs.org/7016
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
If a cache manager is told by a file server that the user does
not have permission to fetch status for an object, the cache
manager must avoid requesting a fetch status a second time for
that object for the same user. Doing so risks triggering the
rx call abort throttling which can have a significant impact on
end user usability of the Explorer Shell and other applications.
The cache manager cannot make a decision on whether or not to
issue an RXAFS_FetchStatus RPC based upon the type of the object
because the type is unknown to the cache manager. A file server
will succeed a FetchStatus request when the parent directory ACL
grants lookup permission if the object in question is the directory
or is a symlink/mountpoint. Only file objects require read/write
permissions to obtain status information.
The rx call abort throttling is broken is many ways and must be
avoided. Call aborts are tracked by call channel and occur whenever
ten call aborts are issued on the same call channel in a row
regardless of the amount of time that has elapsed.
The EACCES cache works by storing EACCES events by the FID and User
for which the event occurred, when it occurred and the FID of the
parent directory. By definition, the parent FID of a volume root
directory is itself.
Entries are removed from the cache under the following circumstances:
1. When the parent FID's callback expires or is replaced.
2. When the parent FID's cm_scache object is recycled.
3. When the user's tokens expire or are replaced.
Entries are not removed when the FID's cm_scache object is recycled.
This patchset also implements correct behavior if the VLF_DFSFILESET
flag is set on a volume.
Change-Id: I69507601f9872c9544e52a1d5e01064fa42efb81
Reviewed-on: http://gerrit.openafs.org/6996
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Matching the behavior of the AFS SMB server, the afs redirector
should return STATUS_ACCESS_DENIED if File ID recursion is detected
in the Name Array for any given path.
Change-Id: Ie846b42a228c634f1c38a8103332c7bb72803d1f
Reviewed-on: http://gerrit.openafs.org/7018
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
When cm_SetLength() is called with an extending file length,
check the available free space in the volume to see if the
new length will fit. If not, return CM_ERROR_SPACE.
This permits applications to discover that there is insufficient
space prior to writing all of the data into the windows page
cache at which point it will be too late.
There is still the possibility of a race that can result in
data loss if two applications are writing into the same volume
at the same time and there is insufficient room.
Change-Id: Ieef2c48f5b6edc8d101b6527af3a3f87fe55f6ca
Reviewed-on: http://gerrit.openafs.org/7057
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
If we fail to CoW a file due to ENOSPC, we try to IH_DEC the new file
copy, and if IH_DEC fails, we take the volume offline for salvaging.
But IH_DEC returns 0 on success, not on error. So take the salvaging
path when we get non-zero.
Change-Id: I4f0276fd4f077ca42087e92af8ba77b4e5347422
Reviewed-on: http://gerrit.openafs.org/7054
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
The volume size and free space cannot be obtained at volume
initialization and then re-used for all FileFsSizeInformation
and FileFsFullSizeInformation queries. Doing so prevents Windows
from being able to see changes in the available free space.
The maximum size of the volume is not the size of the partition
and the available space on the partition unless there is no quota
applied to the volume. If there is a quota, then the free space
is the smaller of the available quota and the available partition
space.
Add a new ioctl request to permit the redirector to query the
current Volume Size Information details.
Change-Id: I3414f314d7780fd12489e0d278b71bcadc1a72e6
Reviewed-on: http://gerrit.openafs.org/7052
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
cm_aclLock must be obtained after cm_user_t mx and cm_cellLock.
cm_user_t mx must be obtained before cm_cellLock.
Change-Id: Iaf9fcf17c7ea50f2f5a83aefa759b7077ef28be6
Reviewed-on: http://gerrit.openafs.org/7051
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
