commit a08327fe2e74269d26eef1cddd7c9f9b7efa96e2 Author: Benjamin Kaduk Date: Fri Mar 9 18:32:29 2018 -0600 Update NEWS for 1.8.0 final release Change-Id: I70d73b832cd69395c712b42a391cd4d6d3ea4c8f Reviewed-on: https://gerrit.openafs.org/12953 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit acb0e84df0cdff1ee1b4098b2705e5a30dd7eb38 Author: Benjamin Kaduk Date: Thu Mar 1 20:28:23 2018 -0600 afs_pioctl: avoid -Wpointer-sign Change the declaration of 'addr' to be a signed int, to match RXAFS_CallBackRxConnAddr() and the afsd_pd_GetInt() used with it. This was detected by clang 4.0 in FreeBSD 11.1, via -Wpointer-sign. Reviewed-on: https://gerrit.openafs.org/12934 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 79f33b859aeb3c91f2cce7597fdc138978c4e1d9) Change-Id: Iee85059bebfc8d6fbda3409b720576bd4f6c5f8f Reviewed-on: https://gerrit.openafs.org/12938 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit b73863b8d2669830a17c097abf1d846d0108a2f4 Author: Mark Vitale Date: Thu Mar 1 23:16:56 2018 -0500 LINUX: fix RedHat 7.5 ENOTDIR issues Red Hat Linux 7.5 beta introduces a new file->f_mode flag FMODE_KABI_ITERATE as a means for certain in-tree filesystems to indicate that they have implemented file operation iterate() instead of readdir(). The kernel routine iterate_dir() tests this flag to decide whether to invoke the file operation iterate() or readdir(). The OpenAFS configure script detects that the file operation iterate() is available under RH7.5 and so implements iterate() as afs_linux_readdir(). However, since OpenAFS does not set FMODE_KABI_ITERATE on any of its files, the kernel's iterate_dir() will not invoke iterate() for any OpenAFS files. OpenAFS has also not implemented readdir(), so iterate_dir() must return -ENOTDIR. Instead, modify OpenAFS to fall back to readdir() in this case. Reviewed-on: https://gerrit.openafs.org/12935 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit c818f86b79a636532d396887d4f22cc196c86288) Change-Id: I71386b17f0c751b69c86ef0f5766a5baf3dc36bd Reviewed-on: https://gerrit.openafs.org/12950 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 55fbc8ee055958b309011eeb62d7166ff0415905 Author: Andrew Deason Date: Thu Feb 15 16:41:33 2018 -0600 rxdebug: NUL-terminate version before printing Currently, 'rxdebug -version' never initializes the buffer we read the version string into. Usually this is not noticeable, since all OpenAFS binaries tend to pad the Rx version response packet with NULs, so we get back several NULs to terminate the string. However, this is not guaranteed, and if we do not get back a NUL-terminated string, we can easily read beyond the end of the buffer. To avoid this, initialize the 'version' buffer with NULs before we do anything, and set the last byte to NUL, in case we exactly filled the buffer. Reviewed-on: https://gerrit.openafs.org/12908 Reviewed-by: Benjamin Kaduk Tested-by: Andrew Deason (cherry picked from commit a66629eac4dda4eea37b4f06e0850641cb2a7387) Change-Id: I850ce16840ee264dce506e8b3c887004bca11e20 Reviewed-on: https://gerrit.openafs.org/12912 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 3d58c397c6935afd64e3a41017baf627106a3003 Author: Andrew Deason Date: Thu Feb 15 16:53:57 2018 -0600 doc: Edits to the 'afsd -volume-ttl' manpage Make a few misc changes to the text for the new -volume-ttl option: - Minor grammatical/typo fixes - Emphasize a little more that the default behavior allows for vldb info to be cached _forever_ - Provide some info on the effects of changing this value - Provide a suggested "typical" value, to give some clue as to what should be set here, so a curious user doesn't just set this to the first value they see (10 minutes) Reviewed-on: https://gerrit.openafs.org/12909 Reviewed-by: Benjamin Kaduk Tested-by: Andrew Deason (cherry picked from commit e6c2624249a6ab96053c1d1134aec8e3f6bcee9e) Change-Id: I781ec2e8b4873093f65d11b5883f8b74ad397cff Reviewed-on: https://gerrit.openafs.org/12913 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 2a196ba47247742fb294e5a879cb9e54c956028a Author: Michael Meffie Date: Tue Feb 20 20:31:11 2018 -0500 redhat: package libuafs perl bindings Require the swig package as a build dependency. Build and package the libuafs perl bindings. Place these libraries in the openafs-devel package, along with the man page (moved from the openfs-client package). This fixes an rpm build error when the swig package is present on the build system, RPM build errors: Installed (but unpackaged) file(s) found: /usr/lib64/perl/AFS/ukernel.pm /usr/lib64/perl/ukernel.so FIXES 134470 Reviewed-on: https://gerrit.openafs.org/12919 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 278581c24a802834719e0d57f27978321556c9bb) Change-Id: I892e1f58e92f1eb66eeae8fb0d237bed0bdb2a62 Reviewed-on: https://gerrit.openafs.org/12921 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 774df869fc1753e94f79c6a0b617b7adb9e4060c Author: Jeffrey Altman Date: Sat Feb 10 10:47:24 2018 -0500 rx: Do not count RXGEN_OPCODE towards abort threshold An RXGEN_OPCODE is returned for opcodes that are not implemented by the rx service. These opcodes might be deprecated opcodes that are no longer supported or more recently registered opcodes that have yet to be implemented. Clients should not be punished for issuing unsupported calls. The clients might be old and are issuing no longer supported calls or they might be newer and are issuing yet to be implemented calls as part of a feature test and fallback strategy. This change ignores RXGEN_OPCODE errors when deciding how to adjust the rx_call.abortCount. When an RXGEN_OPCODE abort is sent the rx_call.abortCount and rx_call.abortError are left unchanged which preserves the state for the next failing call. Note that this change intentionlly prevents the incrementing of the abortCount for client connections as they never send delay aborts. Reviewed-on: https://gerrit.openafs.org/12906 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit f82d1c7d5aeae148305e867c1f79c6ea2f9e0a2a) Change-Id: I7a4216bea3a355c31a390c5b4753b4ab0c25661c Reviewed-on: https://gerrit.openafs.org/12914 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit cabecc719195047ea321bd62e95d52503d15686e Author: Benjamin Kaduk Date: Tue Dec 26 17:42:39 2017 -0600 Make OpenAFS 1.8.0pre5 Update version strings for the fifth 1.8.0 prerelease. Change-Id: I118da0fc55013ccfb2b5cd586cefb1b0c27f10d9 Reviewed-on: https://gerrit.openafs.org/12910 Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5f0714312b211c4a6d6157df6f1f3d9e26dcc03f Author: Michael Meffie Date: Fri Feb 9 17:59:19 2018 -0500 Update NEWS for 1.8.0pre5 Change-Id: I09e509694c5f7ad59e279b89bd9e144aca2ec4e7 Reviewed-on: https://gerrit.openafs.org/12904 Reviewed-by: Michael Meffie Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 50fcd6763d4387950390b732d2a131c230d44c99 Author: Marcio Barbosa Date: Wed Jun 21 16:24:05 2017 -0400 ubik: check if epoch is sane before db relabel The sync-site relabels its database at the end of the first write transaction. The new label will be equal to the time at which the sync-site in question first received its coordinator mandate. This time is stored by a global called ubik_epochTime. In order to make sure that the new database label is sane, only relabel the database if ubik_epochTime is within a specific range. Reviewed-on: https://gerrit.openafs.org/12640 Reviewed-by: Mark Vitale Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit f5c289d00aaf7c5525b477da5b89f6675456c211) Change-Id: I78ebd2b8aeae01ef5e3b826ad6f1de5a5c1db79e Reviewed-on: https://gerrit.openafs.org/12886 Reviewed-by: Marcio Brito Barbosa Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 2b3df9b2f48dcbf3690e093000879b0f06c7e176 Author: Benjamin Kaduk Date: Sat Dec 9 11:37:59 2017 -0600 Replace with Our in-tree xdr.h appears to have started life as a concatenation of rpc/types.h and rpc/xdr.h, and should include all the needed functionality. Indeed, commit 7293ddf325b149cae60d3abe7199d08f196bd2b9 even indicates that we expect to be using our in-tree XDR everywhere anyway, so the system XDR is superfluous. Note that afs/sysincludes.h (not afsincludes.h!) already includes rx/xdr.h ifndef AFS_LINUX22_ENV. This change should help systems running glibc 2.26 or newer, which has stopped providing the Sun RPC headers by default. While here remove some duplicate includes of rpc/types.h in the AIX-specific sources. The Solaris NFS translator bits cannot really be changed, since the system headers are used and have tight interdependencies. Update rxgen to not emit rpc/types.h inclusion. [mmeffie: squash 12801 to not emit rpc/types.h from rxgen] Reviewed-on: https://gerrit.openafs.org/12800 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk (cherry picked from commit e443a9fb67dbc29e6cc36661a4ac6e91af113f23) Change-Id: I351e5c1e1223c49ca76e3d68c264ac1625abae60 Reviewed-on: https://gerrit.openafs.org/12894 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 833e2783a39367f3cebfb79f403a75752f81ab09 Author: Ian Wienand Date: Fri Feb 2 10:52:26 2018 +1100 Add .gitreview git-review [1] makes it much easier to submit changes. Add a default configuration file. [1] https://docs.openstack.org/infra/git-review/usage.html Reviewed-on: https://gerrit.openafs.org/12884 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk (cherry picked from commit c7c71d2429cf685f3ffad6b2e6d102d900edc197) Change-Id: I271cfeb6aea888ae40539e248a18131b0affeda8 Reviewed-on: https://gerrit.openafs.org/12901 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 780ed24d360df6772b2408017a5d555ae36217c0 Author: Mark Vitale Date: Tue Jun 30 01:54:21 2015 -0400 SOLARIS: Avoid vcache locks when flushing pages for RO vnodes We have multiple code paths that hold the following locks at the same time: - avc->lock for a vcache - The page lock for a page in 'avc' In order to avoid deadlocks, we need a consistent ordering for obtaining these two locks. The code in afs_putpage() currently obtains avc->lock before the page lock (Obtain*Lock is called before pvn_vplist_dirty). The code in afs_getpages() also obtains avc->lock before the page lock, but it does so in a loop for all requested pages (via pvn_getpages()). On the second iteration of that loop, it obtains avc->lock, and the page from the first iteration of the loop is still locked. Thus, it obtains a page lock before locking avc->lock in some cases. Since we have two code paths that obtain those two locks in a different order, a deadlock can occur. Fixing this properly requires changing at least one of those code paths, so the locks are taken in a consistent order. However, doing so is complex and will be done in a separate future commit. For this commit, we can avoid the deadlock for RO volumes by simply avoiding taking avc->lock in afs_putpages() at all while the pages are locked. Normally, we lock avc->lock because pvn_vplist_dirty() will call afs_putapage() for each dirty page (and afs_putapage() requires avc->lock held). But for RO volumes, we will have no dirty pages (because RO volumes cannot be written to from a client), and so afs_putapage() will never be called. So to avoid this deadlock issue for RO volumes, avoid taking avc->lock across the pvn_vplist_dirty() call in afs_putpage(). We now pass a dummy pageout callback function to pvn_vplist_dirty() instead, which should never be called, and which panics if it ever is. We still need to hold avc->lock a few other times during afs_putpage() for other minor reasons, but none of these hold page locks at the same time, so the deadlock issue is still avoided. [mmeffie: comments, and fix missing write lock, fix lock releases] [adeason: revised commit message] Reviewed-on: https://gerrit.openafs.org/12247 Tested-by: BuildBot Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk (cherry picked from commit 5e09a694ec2c0cd20f5dee500eff6bc3dd04c097) Change-Id: I5d4e4ddba12c09dc549edeee3cad7de40582ac65 Reviewed-on: https://gerrit.openafs.org/12900 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 5bb7684f07b5f346b68230c2f38edad4c46dc648 Author: Benjamin Kaduk Date: Thu Jan 4 22:00:15 2018 -0600 rx: remove trailing semicolons from FBSD mutex operations Since the first introduction of FreeBSD support, the macros (MUTEX_ENTER, etc.) for kernel mutex operations have included trailing semicolons, unique among all the platforms. This did not cause problems until the recent work on rx event handlers, which put a MUTEX_ENTER() in the body of an 'if' clause with no brackets, and attempted to follow it with an 'else' clause. This results in the following (rather obtuse) compiler error: /root/openafs/src/rx/rx.c:3666:5: error: expected expression else ^ Which is more visible in the preprocessed source, as if (condition) expression;; else other_expression; is clearly invalid C. To fix the FreeBSD kernel module build, remove the unneeded semicolons. Reviewed-on: https://gerrit.openafs.org/12853 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 0760feb7992e1e39f716c5f583fe7f6e85584262) Change-Id: I503a5967a167e9be92721af8dc82d191f3bf18ba Reviewed-on: https://gerrit.openafs.org/12899 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 2f07951a47a8a820c89e4e6ab1e347858acd8ab5 Author: Benjamin Kaduk Date: Sat Dec 9 11:44:51 2017 -0600 libuafs: remove stale afs_nfsdisp.lo rule afs_nfsdisp.lo is not used, so we do not need a build rule for it. Reviewed-on: https://gerrit.openafs.org/12802 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk (cherry picked from commit decb4308d4e18ad9f6f181e3df5f737698dba7ad) Change-Id: I53680df1c8648ceb43cc032cada573964622d5b4 Reviewed-on: https://gerrit.openafs.org/12898 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 4988628a2e41955951a49ea0032cabe13f9337d3 Author: Christof Hanke Date: Mon Dec 18 16:58:39 2017 +0100 Avoid gcc warning When using the configure option --enable-checking with gcc 7.2.1, the compilation fails with vutil.c:860:20: error: ‘%s’ directive writing up to 255 bytes into \ a region of size 63 [-Werror=format-overflow=] This can be seen in the logs of the openSUSE Tumbleweed builder for e.g. build 2368. Avoid this warning by using snprintf which is provided by libroken for all platforms. Reviewed-on: https://gerrit.openafs.org/12813 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit fd4eaebb60dbefc27be98015fee23a3cf5d9752d) Change-Id: I3be14f6f1228fd09f036da7ff4f1505c65e49406 Reviewed-on: https://gerrit.openafs.org/12897 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 35636bd9e32015bc10e09ccbb34a71a1459cdc4b Author: Marcio Barbosa Date: Mon Aug 21 14:21:54 2017 -0400 ubik: avoid DISK_Begin on sites that didn't vote for sync As already described on 7c708506, SDISK_Begin fails on remotes if lastYesState is not set. To fix this problem, 7c708506 does not allow write transactions until we know that lastYesState is set on at least quorum (ubik_syncSiteAdvertised == 1). In other words, if enough sites received a beacon packet informing that a sync-site was elected, write transactions will be allowed. This means that ubik_syncSiteAdvertised can be true while lastYesState is not set in a few sites. Consider the following scenario in a cell with frequent write transactions: Site A => Sync-site (up) Site B => Remote 1 (up) Site C => Remote 2 (down - unreachable) Since A and B are up, we have quorum. After the second wave of beacons, ubik_syncSiteAdvertised will be true and write transactions will be allowed. At some point, C is not unreachable anymore. Site A sends a copy of its database to C, but C did not vote for A yet (lastYesState == 0). A new write transaction is initialized and, since lastYesState is not set on C, DISK_Begin fails on this remote site and C is marked as down. Since C is reachable, A will mark this remote site as up. The sync-site will send its database to C, but C did not vote for A yet. A new write transaction is initialized and, since lastYesState is not set on C, DISK_Begin fails on this remote site and C is marked as down. In a cell with frequent write transactions, this cycle will repeat forever. As a result, the sync-site will be constantly sending its database to C and quorum will be operating with less sites, increasing the chances of re-elections. To fix this problem, do not call DISK_Begin on remotes that did not vote for the sync-site yet. Reviewed-on: https://gerrit.openafs.org/12715 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk (cherry picked from commit 68ec78950a6e39dc1bf15012d4b889728086d0b7) Change-Id: I3764c23125f0bc675762449cd29b282ba403f871 Reviewed-on: https://gerrit.openafs.org/12896 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 51816cfd047c05921218ecb1161c9dd7986a422f Author: Michael Meffie Date: Wed Jan 31 16:52:40 2018 -0500 add rfc3961.h to kernel sources Export this header to the kernel sources in the libafs_tree, since it is needed for the kernel module build. FIXES 134476 Reviewed-on: https://gerrit.openafs.org/12882 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 073522b3d49467af107d1143cfa015c53347e1e3) Change-Id: I4e5c7883a1dd4b66b9252f4e630ca489f05e9ad3 Reviewed-on: https://gerrit.openafs.org/12890 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 07811e3b15de8926d63b423804c620bc3501745b Author: Benjamin Kaduk Date: Mon Jan 8 22:28:24 2018 -0600 Add param.h files for recent FreeBSD Add files for FreeBSD 10.4, 11.1, and 12.0 (12-CURRENT), for i386 and amd64. Reviewed-on: https://gerrit.openafs.org/12863 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk (cherry picked from commit 88dc4d93f5ef080da8f56fac453f095e6c79d4a0) Change-Id: I6ddb0f03e209b0ce9c7ed1168c86a675d7802c23 Reviewed-on: https://gerrit.openafs.org/12888 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 0ba9b5559e112005a6f621ebe55f382bcc2aae0d Author: Benjamin Kaduk Date: Mon Jan 8 21:27:04 2018 -0600 FBSD: catch up to missing sysnames Add sysnames for i386 and amd64 10.4, 11.1, and 12.0 (12-CURRENT, at present). Reviewed-on: https://gerrit.openafs.org/12862 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk (cherry picked from commit c390f368a5012f866c1b4ce46d6ac6af6cef2fd5) Change-Id: I5183c19d446fd0c00bd26c32ca3f7f00a4d12907 Reviewed-on: https://gerrit.openafs.org/12887 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 1f10f087264cb39a8354c0baf71eb1fa13071466 Author: Marcio Barbosa Date: Mon Aug 21 15:50:14 2017 -0400 ubik: update ubik_dbVersion during SDISK_SendFile The ubik_dbVersion global represents the sync site's database version and it is mostly used by the remote sites for sanity checks. Currently, this global is updated when database changes are made on the sync site (SDISK_Commit or SDISK_SetVersion), as well as every time we vote "yes" for the sync-site in a beacon reply. Unfortunately, ubik_dbVersion is not updated when a copy of the sync site's database is received via DISK_SendFile, and it won't get updated until our next "yes" vote. During this window, the current database version will not match ubik_dbVersion. As a result, any write transaction during this time frame will fail on the remote site in question. To fix this problem, do not wait for the next beacon packet to update ubik_dbVersion when the sync site's database is received; just update it when we get the new database. Since no write transactions are allowed while the db is transferring, ubik_dbVersion can be safely updated. Reviewed-on: https://gerrit.openafs.org/12716 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk (cherry picked from commit 50c1d1088d2adcbb37b6a9d23fdd63617b1267be) Change-Id: Icbbe9efb9c8dab9ac69237380e824d4a523a53d3 Reviewed-on: https://gerrit.openafs.org/12885 Reviewed-by: Marcio Brito Barbosa Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit e9419dc895801bda6962f2ac0f5981631a0d95c7 Author: Andrew Deason Date: Thu Jan 11 21:27:28 2018 -0600 LINUX: Avoid locking inode in check_dentry_race Currently, check_dentry_race locks the parent inode in order to ensure it is not running in parallel with d_splice_alias for the same inode. (For old Linux kernel versions; see commit b0461f2d: "LINUX: Workaround d_splice_alias/d_lookup race".) However, it is possible to hit this area of code when the parent inode is already locked. When someone tries to create a file, directory, or symlink, Linux tries to lookup the dentry for the target path, to see if it already exists. While looking up the last component of the path, Linux locks the directory, and if it finds a dentry for the target name, it calls d_invalidate on it while the parent directory is locked. For a dentry with a NULL inode, we'll then try to lock the parent inode in check_dentry_race. But since the inode is already locked, we will deadlock. From a user's point of view, the hang can be reproduced by doing something similar to: $ mkdir dir # succeeds $ rmdir dir $ ls -l dir ls: cannot access dir: No such file or directory $ mkdir dir # hangs To avoid this, we can just change which lock we're using to avoid check_dentry_race/d_splice_alias from running in parallel. Instead of locking the parent inode, introduce a new global lock (called dentry_race_sem), and lock that in check_dentry_race and around our d_splice_alias call. We know that those are the only two users of this new lock, so this should avoid any such deadlocks. This does potentially reduce performance, since all tasks that hit check_dentry_race or d_splice_alias will take the same global lock. However, this at least still allows us to make use of negative dentries, and this entire code path only applies to older Linux kernels. It could be possible to add a new lock into struct vcache instead, but using a global lock like this commit does is much simpler. Reviewed-on: https://gerrit.openafs.org/12868 Tested-by: Benjamin Kaduk Reviewed-by: Benjamin Kaduk (cherry picked from commit ef1d4c8d328e9b9affc9864fd084257e9fa08445) Change-Id: Ia8e28519fff36baca7dc4061ceef6719a2a738d4 Reviewed-on: https://gerrit.openafs.org/12881 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit f523c92a74bace287d1139fab77a030b9598ef61 Author: Caitlyn Marko Date: Thu Feb 9 09:16:17 2017 -0500 SOLARIS: save kernel module function arguments for debugging Add the -Wu,-save_args compiler option when building kernel modules under Solaris 10 and 11 for the amd64 architecture. Binaries generated with this option save function arguments on the stack during function entry for debugging purposes. Up to six integer arguments are saved on function entry, and are not modified during the execution of the function. [mmeffie: commit message update] Reviewed-on: https://gerrit.openafs.org/12798 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 32d0493a7e4f74f5e5efdfde5eca29ed7d1bf3ec) Change-Id: I478ce65da78b86aa3c13e1c615bafd51d0f5d567 Reviewed-on: https://gerrit.openafs.org/12903 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 96ce04c78b5f745424165494c9b76d7ce227eeaa Author: Marcio Barbosa Date: Mon Feb 5 21:16:17 2018 +0000 autoconf: detect ctf-tools and add ctf to libafs CTF is a reduced form of debug information similar to DWARF and stab. It describes types and function prototypes. The principal objective of the format is to shrink the data size as much as possible so that it could be included in a production environment. MDB, DTrace, and other tools use CTF debug information to read and display structures correctly. This commit introduces a new configure option called --with-ctf-tools. This option can be used to specify an alternative path where the tools can be found. If the path is not provided, the tools will be searched in a set of default directories (including $PATH). The CTF debugging information will only be included if the corresponding --enable-debug / --enable-debug-kernel is specified. Note: at the moment, the Solaris kernel module is the only module benefited by this commit. Reviewed-on: https://gerrit.openafs.org/12680 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 88cb536f99dc58fdbeb9fa6c47c26774241a0cb6) Change-Id: I174347370a83b31f68d2631c965e17d72b438cd1 Reviewed-on: https://gerrit.openafs.org/12902 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 0247eb0a8c154811f495142276029a617ae0825a Author: Michael Meffie Date: Sat Dec 30 17:59:38 2017 -0500 autoconf: refactor linux-checks.m4 Further refactoring of the autoconf macros. Divy up the linux kernel checks into smaller files. This is a non-functional change. Care has been taken preserve the ordering of the autoconf tests. Except for whitespace, the generated configure file has not been changed by this refactoring. This has been verified with a 'diff -u -w -B' comparison of the generated configure file before and after applying this commit. Reviewed-on: https://gerrit.openafs.org/12844 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 6a2b85cd4c00a08e165cb96d2cb56bf87c6324bc) Change-Id: Iae325bc14fb160f27791b2f3d82198fe671badd8 Reviewed-on: https://gerrit.openafs.org/12878 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit e05b0b10b942ba3585f6d5d505a282c2de95c243 Author: Michael Meffie Date: Sat Dec 30 12:12:59 2017 -0500 autoconf: refactor ostype.m4 Further refactoring of the autoconf macros. Move more linux and solaris specific checks into their own files. This is a non-functional change. Care has been taken preserve the ordering of the autoconf tests. Except for whitespace, the generated configure file has not been changed by this refactoring. This has been verified with a 'diff -u -w -B' comparison of the generated configure file before and after applying this commit. Reviewed-on: https://gerrit.openafs.org/12843 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 3c2e39bab7d927aa5f20d02a5e327927a4b2b553) Change-Id: I4d91753afd90e4735ab61413e757f6852750a3de Reviewed-on: https://gerrit.openafs.org/12877 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit e54963757320adb95b0c73bbd84fb8bf34319210 Author: Michael Meffie Date: Fri Dec 29 14:24:28 2017 -0500 autoconf: refactor acinclude.m4 The acinclude.m4 is very large and often requires to be changed for unrelated commits. Divy up the large acinclude.m4 into a number of smaller files to avoid so many contentions and to make the autoconf system easier to maintain. This is a non-functional change. Care has been taken preserve the ordering of the autoconf tests. Except for whitespace, the generated configure file has not been changed by this refactoring. This has been verified with a 'diff -u -w -B' comparison of the generated configure file before and after applying this commit. Reviewed-on: https://gerrit.openafs.org/12842 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit c72622a244e561173e86ffe88ee3c9a8c823a76a) Change-Id: I9504eaa2430fd35f79b55c3df96c82cc7e58fafd Reviewed-on: https://gerrit.openafs.org/12876 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 0798b54b258f48cae8a5b1b3e107a22693d37937 Author: Michael Meffie Date: Mon Feb 8 12:12:22 2016 -0500 CellServDB update 14 Mar 2017 Update all remaining copies of CellServDB in the tree, and make the Red Hat packaging use it by default too. Reviewed-on: https://gerrit.openafs.org/12880 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk (cherry picked from commit 3ca1352170f87994d42578c5bc75e52c4103bc69) Change-Id: I773d35745e14903dd3069a0627932153900e0ba6 Reviewed-on: https://gerrit.openafs.org/12889 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5eb64632fd76bb7e26a90ab08c83132e7ac99e23 Author: Michael Meffie Date: Wed Jan 17 17:33:50 2018 -0500 redhat: fix conditional for kernel-debuginfo files directive Commit 443dd5367e0cd9050ad39a6594c5be521271b4e9 added support for a separate debuginfo package for the kernel module. Unfortunately, the %files directive for the kernel module debuginfo package was incorrectly placed in the %if stanza of the build_userspace condition, so the rpmbuild fails when attempting to build just the kernel module. That is, when running rpmbuild with the options: rpmbuild --define "build_userspace 0" --define "build_modules 1" ... rpmbuild fails with: RPM build errors: Installed (but unpackaged) file(s) found: /usr/lib/debug/lib/modules/.../extra/openafs/openafs.ko.debug Fix this by moving the new %files directive out of the build_userspace conditional. Reviewed-on: https://gerrit.openafs.org/12874 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk (cherry picked from commit f599e1ce6354c42a9c0c8f7205ba8a03c35ea72b) Change-Id: I07e25d3dd43b2cd7056cefb8f0f5c10f78347b85 Reviewed-on: https://gerrit.openafs.org/12875 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 781624f7f4290a1f44a0f48a04d780e10dd5b3e1 Author: Michael Meffie Date: Fri Jul 21 22:30:43 2017 -0400 redhat: avoid rpmbuild exclude directives Older versions of rpmbuild do not support the files exclude directive, so fall back to the old way in which we remove the files to be excluded and list the files to be included. Reviewed-on: https://gerrit.openafs.org/12733 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit a71288a387095ccb4be83c1abae34ada80f53185) Change-Id: I01c20bc21ec6143be76458c311d826023c370d51 Reviewed-on: https://gerrit.openafs.org/12873 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 9d62e1d5c6e9e888a029a0b6080c27c0b4353ba2 Author: Michael Meffie Date: Fri Jul 21 22:16:44 2017 -0400 redhat: move .krb variants to the kauth-client subpackage Move the deprecated klog.krb, pagsh.krb, and tokens.krb programs and man pages to the optional openafs-kauth-client subpackage. Reviewed-on: https://gerrit.openafs.org/12732 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 4d247e1ae446c512031511273d556ef1fd32dca1) Change-Id: I3c6164022b07f0c3283cb54ffd26e1f9c3dd67bb Reviewed-on: https://gerrit.openafs.org/12872 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ea1bf1bd751d391d49bdb33e2e3f2cc79fe8ccde Author: Michael Meffie Date: Thu Jul 20 04:13:04 2017 -0400 redhat: specify man pages without wildcards Currently, some of the man pages are specified with the full name and some are specified with a wildcard for the filename extension. Instead, specify all the man pages without a wildcards to be more consistent and to avoid putting incorrect man pages in packages. This change removes a stray copy the klog.krb5.1 man page from openafs-kauth-client subpackage and moves the AuthLog/AuthLog.dir man pages to the optional openafs-kauth-server subpackage. Reviewed-on: https://gerrit.openafs.org/12731 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 671db4ca5a76625d9b7133510cc1cbdda8a5d9b9) Change-Id: I9d10cc7aad94a2dc004526acb426a9b9badc8e3c Reviewed-on: https://gerrit.openafs.org/12871 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit f56ea0e095f4837a65762f5a8fbc6b5c9d58a394 Author: Michael Meffie Date: Fri Jul 21 18:05:48 2017 -0400 redhat: remove afsd.fuse man page The afsd.fuse binary is not currently packaged; do not package the man page. Reviewed-on: https://gerrit.openafs.org/12730 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit a9810b829bdccfed4d1718b11cf4dd51f9565e00) Change-Id: I7c829a492e999cc989e9341e94f56d6669722a4c Reviewed-on: https://gerrit.openafs.org/12870 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 79188311b418b39539e0772725b9754130864c11 Author: Benjamin Kaduk Date: Tue Dec 26 17:42:39 2017 -0600 Make OpenAFS 1.8.0pre4 Update version strings for the fourth 1.8.0 prerelease. Change-Id: Ib7defe21ca5e5a8c2214879633a467e002f3269b Reviewed-on: https://gerrit.openafs.org/12837 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit 90bc3cf9355e3f60455d744b3e00315507e17b92 Author: Benjamin Kaduk Date: Tue Dec 26 17:41:59 2017 -0600 Update NEWS for 1.8.0pre4 Change-Id: I0ba71b1e837309b36db39895914b6a8b9380a81f Reviewed-on: https://gerrit.openafs.org/12836 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit 4feec06c7bdc7102ae654cff20eb02650ec32800 Author: Mark Vitale Date: Thu Nov 30 20:26:46 2017 -0500 LINUX: Avoid d_invalidate() during afs_ShakeLooseVCaches() With recent changes to d_invalidate's semantics (it returns void in Linux 3.11, and always returns success in RHEL 7.4), it has become increasingly clear that d_invalidate() is not the best function for use in our best-effort (nondisruptive) attempt to free up vcaches that is afs_ShakeLooseVCaches(). The new d_invalidate() semantics always force the invalidation of a directory dentry, which contradicts our desire to be nondisruptive, especially when that directory is being used as the current working directory for a process. Our call to d_invalidate(), intended to merely probe for whether a dentry can be discarded without affecting other consumers, instead would cause processes using that dentry as a CWD to receive ENOENT errors from getcwd(). A previous commit (c3bbf0b4444db88192eea4580ac9e9ca3de0d286) tried to address this issue by calling d_prune_aliases() instead of d_invalidate(), but d_prune_aliases() does not recursively descend into children of the given dentry while pruning, leaving it an incomplete solution for our use-case. To address these issues, modify the shakeloose routine TryEvictDentries() to call shrink_dcache_parent() and maybe __d_drop() for directories, and d_prune_aliases() for non-directories, instead of d_invalidate(). (Calls to d_prune_aliases() for directories have already been removed by reverting commit c3bbf0b4444db88192eea4580ac9e9ca3de0d286.) Just like d_invalidate(), shrink_dcache_parent() has been around "forever" (since pre-git v2.6.12). Also like d_invalidate(), it "walks" the parent dentry's subdirectories and "shrinks" (unhashes) unused dentries. But unlike d_invalidate(), shrink_dcache_parent() will not unhash an in-use dentry, and has never changed its signature or semantics. d_prune_aliases() has also been available "forever", and has also never changed its signature or semantics. The lack of recursive descent is not an issue for non-directories, which cannot have such children. [kaduk@mit.edu: apply review feedback to fix locking and avoid extraneous changes, and reword commit message] Reviewed-on: https://gerrit.openafs.org/12830 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit afbc199f152cc06edc877333f229604c28638d07) Change-Id: I6d37e5584b57dcbb056385a79f67b92a363e08d2 Reviewed-on: https://gerrit.openafs.org/12851 Tested-by: BuildBot Tested-by: Benjamin Kaduk Reviewed-by: Benjamin Kaduk commit 4b633c9681057122b9266b8a775d0ad5aa0a3ac3 Author: Mark Vitale Date: Thu Nov 30 17:56:13 2017 -0500 LINUX: consolidate duplicate code in osi_TryEvictDentries The two stanzas for HAVE_DCACHE_LOCK are now functionally identical; remove the preprocessor conditionals and duplicate code. Minor functional change is incurrred for very old (before 2.6.38) Linux versions that have dcache_lock; we are now obtaining the d_lock as well. This is safe because d_lock is also quite old (pre-git, 2.6.12), and it is a spinlock that's only held for checking d_unhashed. Therefore, it should have negligible performance impact. It cannot cause deadlocks or violate locking order, because spinlocks can't be held across sleeps. Reviewed-on: https://gerrit.openafs.org/12792 Reviewed-by: Benjamin Kaduk Reviewed-by: Andrew Deason Tested-by: BuildBot (cherry picked from commit 5076dfc14b980aed310f3862875d5e9919fa199d) Change-Id: I7a17494b40c049a562dec20c50c27125f54436d0 Reviewed-on: https://gerrit.openafs.org/12850 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 16c0dbd7961fb599ed9f29d700d1a713902bd96d Author: Mark Vitale Date: Thu Nov 30 16:51:32 2017 -0500 LINUX: consolidate duplicate code in canonical_dentry The two stanzas for HAVE_DCACHE_LOCK are now identical; remove the preprocessor conditionals and duplicate code. No functional change should be incurred by this commit. Reviewed-on: https://gerrit.openafs.org/12791 Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit 0678ad26b6069040a6ea86866fb59ef5968ea343) Change-Id: If0f9516201cea747a753db04ba2d0e2cac69971b Reviewed-on: https://gerrit.openafs.org/12849 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit c42dea8e0293016ec30fa703956c8bbc5d5cb76d Author: Mark Vitale Date: Thu Nov 30 16:46:16 2017 -0500 LINUX: add afs_d_alias_lock & _unlock compat wrappers Simplify some #ifdefs for HAVE_DCACHE_LOCK by pushing them down into new helpers in osi_compat.h. No functional change should be incurred by this commit. Reviewed-on: https://gerrit.openafs.org/12790 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit 652cd597d9b3cf1a9daccbbf6bf35f1b0cd55a94) Change-Id: I6aec7d6a21e68011ca10ceaa15e83d80f52fad59 Reviewed-on: https://gerrit.openafs.org/12848 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 0ec02ef73d7b94bbe83e7532524c096799cd4b25 Author: Mark Vitale Date: Thu Nov 30 16:08:38 2017 -0500 LINUX: create afs_linux_dget() compat wrapper For dentry operations that cover multiple dentry aliases of a single inode, create a compatibility wrapper to hide differences between the older dget_locked() and the current dget(). No functional change should be incurred by this commit. Reviewed-on: https://gerrit.openafs.org/12789 Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit 74f4bfc627c836c12bb7c188b86d570d2afdcae8) Change-Id: Id854e5957547a1370cadb400f7f699c30d861fd1 Reviewed-on: https://gerrit.openafs.org/12847 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ae70407fafa3faa94706979c727f53a625939061 Author: Mark Vitale Date: Thu Nov 30 13:45:27 2017 -0500 Revert "LINUX: do not use d_invalidate to evict dentries" Linux recently changed the semantics of d_invalidate() to: - return void - invalidate even a current working directory OpenAFS commit c3bbf0b4444db88192eea4580ac9e9ca3de0d286 switched libafs to use d_prune_aliases() instead. However, since that commit, several things have happened: - RHEL 7.4 changed the semantics of d_invalidate() such that it invalidates the cwd, but did NOT change the return type to void. This broke our autoconf test for detecting the new semantics. - Further research reveals that d_prune_aliases() was not the best choice for replacing d_invalidate(). This is because for directories, d_prune_aliases() doesn't invalidate dentries when they are referenced by its children, and it doesn't walk the tree trying to invalidate child dentries. So it can leave dentries dangling, if the only references to thos dentries are via children. In preparation for future commits, revert c3bbf0b4444db88192eea4580ac9e9ca3de0d286 . Reviewed-on: https://gerrit.openafs.org/12788 Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit 367693bd7da2de593e3329f6acc4a4d07621fb97) Change-Id: I3dfa9127adf8424fe675e237194d6ade5a7fc4f1 Reviewed-on: https://gerrit.openafs.org/12846 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 2a06e32c398bbb9e74258799d87a599d286f97d9 Author: Mark Vitale Date: Thu Nov 30 14:04:48 2017 -0500 Revert "LINUX: eliminate unused variable warning" This reverts commit 19599b5ef5f7dff2741e13974692fe4a84721b59 to allow also reverting commit c3bbf0b4444db88192eea4580ac9e9ca3de0d286 . Reviewed-on: https://gerrit.openafs.org/12787 Reviewed-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit f8247078bd33a825d8734b2c8f05120d15ab3ffd) Change-Id: I023c88e19d9f1a18b2bfaec8a35bd635f157b570 Reviewed-on: https://gerrit.openafs.org/12845 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit e412a87b1f6a68a2c0b9e1baad1c328fdccbd41d Author: Pat Riehecky Date: Thu Mar 12 14:33:10 2015 -0500 redhat: separate debuginfo package for kmod rpm Place the debuginfo for the kmod into its own rpm so that it doesn't have to track against the userspace packages. FIXES 132034 Reviewed-on: https://gerrit.openafs.org/11867 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit 443dd5367e0cd9050ad39a6594c5be521271b4e9) Change-Id: I6a24bb08242ec34c123880e9cbca4580a3560cba Reviewed-on: https://gerrit.openafs.org/12822 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 7a80b4ba67b0d295df72e87da4aa638bd5e245de Author: Stephan Wiesand Date: Fri Dec 22 14:40:32 2017 +0100 Linux 4.15: check for 2nd argument to pagevec_init Linux 4.15 removes the distinction between "hot" and "cold" cache pages, and pagevec_init() no longer takes a "cold" flag as the second argument. Add a configure test and use it in osi_vnodeops.c . Reviewed-on: https://gerrit.openafs.org/12824 Tested-by: BuildBot Reviewed-by: Marcio Brito Barbosa Tested-by: Marcio Brito Barbosa Reviewed-by: Benjamin Kaduk (cherry picked from commit fb1f14d8ee963678a9caad0538256c99c159c2c4) Change-Id: Ib9e0751e4900d984a4197d18ee9ebb1bdc7bf331 Reviewed-on: https://gerrit.openafs.org/12829 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 2ff3ef2ec6f217195dc50c04ba4e3409c23e6a4d Author: Stephan Wiesand Date: Fri Dec 22 14:17:09 2017 +0100 Linux: use plain page_cache_alloc Linux 4.15 removes the distinction between "hot" and "cold" cache pages, and no longer provides page_cache_alloc_cold(). Simply use page_cache_alloc() instead, rather than adding yet another test. Reviewed-on: https://gerrit.openafs.org/12823 Tested-by: BuildBot Reviewed-by: Marcio Brito Barbosa Tested-by: Marcio Brito Barbosa Reviewed-by: Benjamin Kaduk (cherry picked from commit be5f5b2aff2d59986dd8e7dd7dd531be24c27cb2) Change-Id: I2d4df508abfa9d3c7020b8a2817ed3e882a4dbbc Reviewed-on: https://gerrit.openafs.org/12828 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit d9bb508e07f32219679c0e696f07f95e3b48886c Author: Marcio Barbosa Date: Thu Oct 12 12:42:40 2017 -0300 macos: make the OpenAFS client aware of APFS Apple has introduced a new file system called APFS. Starting from High Sierra, APFS replaces Mac OS Extended (HFS+) as the default file system for solid-state drives and other flash storage devices. The current OpenAFS client is not aware of APFS. As a result, the installation of the current client into an APFS volume will panic the machine. To fix this problem, make the OpenAFS client aware of APFS. Reviewed-on: https://gerrit.openafs.org/12743 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk (cherry picked from commit 6e57b22642bafb177e0931b8fb24042707d6d62f) Change-Id: I60d2a57fae3ee227bb3327a5e18962f46b49c991 Reviewed-on: https://gerrit.openafs.org/12827 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5857724bf60e7706bcefde63d8fa0c7b2119e662 Author: Marcio Barbosa Date: Fri Oct 6 10:01:12 2017 -0300 macos: packaging support for MacOS X 10.13 This commit introduces the new set of changes / files required to successfully create the dmg installer on OS X 10.13 "High Sierra". Reviewed-on: https://gerrit.openafs.org/12742 Tested-by: BuildBot Reviewed-by: Marcio Brito Barbosa Reviewed-by: Benjamin Kaduk (cherry picked from commit e533d0737058940d59d93467c9b4d6d3ec2834e6) Change-Id: I8932f6a3db6a0572aa36944aa339b888fac94b7d Reviewed-on: https://gerrit.openafs.org/12826 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ac8cab7fcd3abf76c39e9e08c2c3d6ec0c184837 Author: Marcio Barbosa Date: Tue Oct 3 17:01:56 2017 -0300 macos: add support for MacOS 10.13 This commit introduces the new set of changes / files required to successfully build the OpenAFS source code on OS X 10.13 "High Sierra". Reviewed-on: https://gerrit.openafs.org/12741 Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit 804c9cbf501d4ca91b69ad8fd6d64e49efa25a47) Change-Id: I9abcccf8313c8ac075eb1edbd36cbaa565968b38 Reviewed-on: https://gerrit.openafs.org/12825 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 383688fa0d6904291578eb1f9a7c2ec1e06f54ca Author: Benjamin Kaduk Date: Thu Dec 14 19:54:57 2017 -0600 Fix macro used to check kernel_read() argument order The m4 macro implementing the configure check is called LINUX_KERNEL_READ_OFFSET_IS_LAST, but it defines a preprocessor symbol that is just KERNEL_READ_OFFSET_IS_LAST. Our code needs to check for the latter being defined, not the former. Reported by Aaron Ucko. Reviewed-on: https://gerrit.openafs.org/12808 Reviewed-by: Anders Kaseorg Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit edc5463f3db4b6af2307741d9f4ee8f2c81cd98e) Change-Id: I7bc6615118f1200d3f257e7a01652b49b458a8fa Reviewed-on: https://gerrit.openafs.org/12809 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 3cae0a01d0a60dca3d3aa089c6a19d52243c75b9 Author: Benjamin Kaduk Date: Mon Dec 4 18:14:22 2017 -0600 Update NEWS for rx security fix Change-Id: I30282ac8f51a7b16dd851fdbd41464f8fdafc279 commit eae2575dc738bd69bb6a0a84f87f02f5cf2b4eb9 Author: Benjamin Kaduk Date: Mon Dec 4 17:20:57 2017 -0600 OPENAFS-SA-2017-001: rx: Sanity-check received MTU and twind values Rather than blindly trusting the values received in the (unauthenticated) ack packet trailer, apply some minmial sanity checks to received values. natMTU and regular MTU values are subject to Rx minmium/maximum packet sizes, and the transmit window cannot drop below one without risk of deadlock. The maxDgramPackets value that can also be present in the trailer already has sufficient sanity checking. Extremely low MTU values (less than 28 == RX_HEADER_SIZE) can cause us to set a negative "maximum usable data" size that gets used as an (unsigned) packet length for subsequent allocation and computation, triggering an assertion when the connection is used to transmit data. FIXES 134450 (cherry picked from commit 894555f93a2571146cb9ca07140eb98c7a424b01) Change-Id: I98e2a65d1aa291a73e8cfed9c9eaac71c6af00dc commit 352fbc811162fcdaa39cb7834475f40ba72fad11 Author: Benjamin Kaduk Date: Wed Nov 8 07:11:45 2017 -0600 Make OpenAFS 1.8.0pre3 Update the version strings for the third 1.8.0 prerelease. Change-Id: I25a4eee4de04e57ffcf9055f69ae9a3d683b8d64 Reviewed-on: https://gerrit.openafs.org/12765 Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 1efc44f397efb647a55347cb71e7d41c050f6c3c Author: Benjamin Kaduk Date: Mon Nov 6 21:30:04 2017 -0600 Update NEWS for 1.8.0pre3 Change-Id: I38110825cbe8b5c4ca18d86e4542374ae26f6fd4 Reviewed-on: https://gerrit.openafs.org/12764 Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie commit e2c47cae56ba0d804af119fb158a9fe77fa3a15e Author: Benjamin Kaduk Date: Mon Nov 27 22:17:28 2017 -0600 afs: Fix bounds check in PNewCell Reported by the opensuse buildbot: CC [M] /home/buildbot/opensuse-tumbleweed-i386-builder/build/src/libafs/MODLOAD-4.13.12-1-default-MP/rx_packet.o /home/buildbot/opensuse-tumbleweed-i386-builder/build/src/afs/afs_pioctl.c: In function ‘PNewCell’: /home/buildbot/opensuse-tumbleweed-i386-builder/build/src/afs/afs_pioctl.c:3075:55: error: ‘*’ in boolean context, suggest ‘&&’ instead [-Werror=int-in-bool-context] if ((afs_pd_remaining(ain) < AFS_MAXCELLHOSTS +3) * sizeof(afs_int32)) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~ The bug was introduced in commit 718f85a8b6. Reviewed-on: https://gerrit.openafs.org/12782 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk (cherry picked from commit 4fa0ee620cfb9991ca9748b5ee116cc8e1e6c505) Change-Id: I0963403846a62dddf2d13ce3c03d772a6d869119 Reviewed-on: https://gerrit.openafs.org/12784 Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 6e611c56c5b910e329c20c3a20ed2ba5755b0461 Author: Benjamin Kaduk Date: Mon Nov 27 22:07:53 2017 -0600 rx: fix call refcount leak in error case The recent event handling normalization in commit 304d758983b499dc568d6ca57b6e92df24b69de8 had event handlers switch to dropping their reference on the associated connection/call just before return. An early return case was missed in the conversion, leading to a refcount leak in an error case. Reviewed-on: https://gerrit.openafs.org/12781 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk (cherry picked from commit 66b74e78ba5fea6a8236dcd3b8b46e1dfa6a0ac7) Change-Id: I532c49b2ef6ec95dd26a99c02e12ea53348f9690 Reviewed-on: https://gerrit.openafs.org/12783 Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ad11867973dc2481ee4897540a6d9279ebf36c42 Author: Marcio Barbosa Date: Thu Nov 16 17:24:03 2017 -0500 afs: fix kernel_write / kernel_read arguments The order / content of the arguments passed to kernel_write and kernel_read are not right. As a result, the kernel will panic if one of the functions in question is called. [kaduk@mit.edu: include configure check for multiple kernel_read() variants, per linux commits bdd1d2d3d251c65b74ac4493e08db18971c09240 and e13ec939e96b13e664bb6cee361cc976a0ee621a] FIXES 134440 Reviewed-on: https://gerrit.openafs.org/12769 Tested-by: BuildBot Tested-by: Marcio Brito Barbosa Reviewed-by: Benjamin Kaduk (cherry picked from commit 3ce55426ee6912b78460465bcaa1428333ad1fbc) Change-Id: I28f04f7625a471c37f98515d5186f80082bf6a43 Reviewed-on: https://gerrit.openafs.org/12780 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 42993b3a33d53a6e16337d2ebe15539d0febdef1 Author: Michael Meffie Date: Mon Nov 6 17:37:46 2017 -0500 tests: fix out of bounds access in the rx-event test Use the NUMEVENTS symbol which defines the array size instead of an incorrect hard coded number when checking if a second event can be added to be fired at the same time. This fixes a potential out of bounds access of the event test array. Also update the comment which incorrectly mentions the incorrect number of events in the test. Reviewed-on: https://gerrit.openafs.org/12762 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit 50a3eb7b7ee94bffaadc98429bd404164e89ec7f) Change-Id: I7a975e7498c1c7416a800c9294c97ee4de4fd57a Reviewed-on: https://gerrit.openafs.org/12779 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 6c635a66b54bcfa2920ac532905758346c89c772 Author: Benjamin Kaduk Date: Thu Nov 16 04:49:49 2017 -0600 Sprinkle rx_GetConnection() for concision Instead of inlining the body (taking the lock, incrementing the refcount, and dropping the lock), use the convenience function designed for this purpose. Reviewed-on: https://gerrit.openafs.org/12772 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 2ae84bf053fe66b73a2c77b5d71305bae2c17587) Change-Id: I60794d877a76fbb7c8ba59207e710a20641cc8f1 Reviewed-on: https://gerrit.openafs.org/12778 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 667617b8702e797e34cc957ef200a803030ee901 Author: Benjamin Kaduk Date: Thu Nov 16 04:48:02 2017 -0600 rx: fix mutex leak in error case Reported by Mark Vitale Reviewed-on: https://gerrit.openafs.org/12771 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 01bcfd3e14f6ee1faa4b8ce5a7932de37d585fd3) Change-Id: I4384d6813a5cfb053e6991eb3c157fa59ecfa11b Reviewed-on: https://gerrit.openafs.org/12777 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 4220eadae01d09b2c54e16c689b1a58e558db19c Author: Benjamin Kaduk Date: Tue Oct 31 19:49:09 2017 -0500 Add event-related mutex assertions In utility functions that access fields of type struct rxevent *, assert that the appropriate lock is held for the access in question. These assertions are only compiled in when built with -DOPR_DEBUG_LOCKS, which can be enbled by --debug-locks at configure time. Reviewed-on: https://gerrit.openafs.org/12757 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit a7a3108e602c83176c5578c9f28b6312f71aba78) Change-Id: I147a2e475feffb1b75a08ac5b08614bd6d8f46a5 Reviewed-on: https://gerrit.openafs.org/12776 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 8ce3b5e253d980ebab34c3928720d1097b1ba342 Author: Benjamin Kaduk Date: Sat Oct 7 22:42:38 2017 -0500 Standardize rx_event usage Go over all consumers of the rx event framework and normalize its usage according to the following principles: rxevent_Post() is used to create an event, and it returns an event handle (with a reference on the event structure) that can be used to cancel the event before its timeout fires. (There is also an additional reference on the event held by the global event tree.) In all(*) usage within the tree, that event handle is stored within either an rx_connection or an rx_call. Reads/writes to the member variable that holds the event handle require either the conn_data_lock or call lock, respectively -- that means that in most cases, callers of rxevent_Post() and rxevent_Cancel() will be holding one of those aforementioned locks. The event handlers themselves will need to modify the call/connection object according to the nature of the event, which requires holding those same locks, and also a guarantee that the call/connection is still a live object and has not been deallocated! Whether or not rxevent_Cancel() succeeds in cancelling the event before it fires, whenever passed a non-NULL event structure it will NULL out the supplied pointer and drop a reference on the event structure. This is the correct behavior, since the caller has asked to cancel the event and has no further use for the event handle or its reference on the event structure. The caller of rxevent_Cancel() must check its return value to know whether or not the event was cancelled before its handler was able to run. The interaction window between the call/connection lock and the lock protecting the red/black tree of pending events opens up a somewhat problematic race window. Because the application thread is expected to hold the call/connection lock around rxevent_Cancel() (to protect the write to the field in the call/connection structure that holds an event handle), and rxevent_Cancel() must take the lock protecting the red/black tree of events, this establishes a lock order with the call/connection lock taken before the eventTree lock. This is in conflict with the event handler thread, which must take the eventTree lock first, in order to select an event to run (and thus know what additional lock would need to be taken, by virtue of what handler function is to be run). The conflict is easy to resolve in the standard way, by having a local pointer to the event that is obtained while the event is removed from the red/black tree under the eventTree lock, and then the eventTree lock can be dropped and the event run based on the local variable referring to it. The race window occurs when the caller of rxevent_Cancel() holds the call/connection lock, and rxevent_Cancel() obtains the eventTree lock just after the event handler thread drops it in order to run the event. The event handler function begins to execute, and immediately blocks trying to obtain the call/connection lock. Now that rxevent_Cancel() has the eventTree lock it can proceed to search the tree, fail to find the indicated event in the tree, clear out the event pointer from the call/connection data structure, drop its caller's reference to the event structure, and return failure (the event was not cancelled). Only then does the caller of rxevent_Cancel() drop the call/connection lock and allow the event handler to make progress. This race is not necessarily problematic if appropriate care is taken, but in the previous code such was not the case. In particular, it is a common idiom for the firing event to call rxevent_Put() on itself, to release the handle stored in the call/connection that could have been used to cancel the event before it fired. Failing to do so would result in a memory leak of event structures; however, rxevent_Put() does not check for a NULL argument, so a segfault (NULL dereference) was observed in the test suite when the race occurred and the event handler tried to rxevent_Put() the reference that had already been released by the unsuccessful rxevent_Cancel() call. Upon inspection, many (but not all) of the uses in rx.c were susceptible to a similar race condition and crash. The test suite also papers over a related issue in that the event handler in the test suite always knows that the data structure containing the event handle will remain live, since it is a global array that is allocated for the entire scope of the test. In rx.c, events are associated with calls and connections that have a finite lifetime, so we need to take care to ensure that the call/connection pointer stored in the event remains valid for the duration of the event's lifecycle. In particular, even an attempt to take the call/connection lock to check whether the corresponding event field is NULL is fraught with risk, as it could crash if the lock (and containing call/connection) has already been destroyed! There are several potential ways to ensure the liveness of the associated call/connection while the event handler runs, most notably to take care in the call/connection destruction path to ensure that all associated events are either successfully cancelled or run to completion before tearing down the call/connection structure, and to give the pending event its own reference on the associated call/connection. Here, we opt for the latter, acknowledging that this may result in the event handler thread doing the full call/connection teardown and delay the firing of subsequent events. This is deemed acceptable, as pending events are for intentionally delayed tasks, and some extra delay is probably acceptable. (The various keepalive events and the challenge event could delay the user experience and/or security properties if significantly delayed, but I do not believe that this change admits completely unbounded delay in the event handler thread, so the practical risk seems minimal.) Accordingly, this commit attempts to ensure that: * Each event holds a formal reference on its associated call/connection. * The appropriate lock is held for all accesses to event pointers in call/connection structures. * Each event handler (after taking the appropriate lock) checks whether it raced with rxevent_Cancel() and only drops the call/connection's reference to the event if the race did not occur. * Each event handler drops its reference to the associated call/connection *after* doing any actions that might access/modify the call/connection. * The per-event reference on the associated call/connection is dropped by the thread that removes the event from the red/black tree. That is, the event handler function if the event runs, or by the caller of rxevent_Cancel() when the cancellation succeed. * No non-NULL event handles remain in a call/connection being destroyed, which would indicate a refcounting error. (*) There is an additional event used in practice, to reap old connections, but it is effectively a background task that reschedules itself periodically, with no handle to the event retained so as to be able to cancel it. As such, it is unaffected by the concerns raised here. While here, standardize on the rx_GetConnection() function for incrementing the reference count on a connection object, instead of inlining the corresponding mutex lock/unlock and variable access. In contrast to what was done on master, for the 1.8 branch we do not force-enable refcount checking. Reviewed-on: https://gerrit.openafs.org/12756 Reviewed-by: Mark Vitale Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 304d758983b499dc568d6ca57b6e92df24b69de8) Change-Id: I68e6cc162a148b6ebbabe037a7bc3cccd648423c Reviewed-on: https://gerrit.openafs.org/12775 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 6db2c0a111336a24199c0acf4e02635c97f4ff2b Author: Benjamin Kaduk Date: Wed Oct 4 23:03:44 2017 -0500 Adjust rx-event test to exercise cancel/fire race We currently do not properly handle the case where a thread runs rxevent_Cancel() in parallel with the event-handler thread attempting to fire that event, but the test suite only picked up on this issue in a handful of the Debian automated builds (somewhat less-resourced ones, perhaps). Modify the event scheduling algorithm in the test so as to create a larger chunk of events scheduled to fire "right away" and thereby exercise the race condition more often when we proceed to cancel a quarter of events "right away". Reviewed-on: https://gerrit.openafs.org/12755 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk (cherry picked from commit bdb509fb1d8e0fdca05dffecdbcbf60a95ea502e) Change-Id: I27cebed3c2c3daff10b8d3f5f6f949e667791a72 Reviewed-on: https://gerrit.openafs.org/12774 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 527ead6fdd8acd241db04cf4c43677248b59d164 Author: Michael Laß Date: Thu Nov 2 21:16:49 2017 +0100 gtx: link against libtinfo if termlib is seperated If ncurses is built with "./configure --with-termlib=tinfo", gtx fails to link because of an undefined reference to the LINES symbol which is then provided by libtinfo.so and not libncurses.so. If ncurses is present, additionally check whether LINES is provided by ncurses or tinfo and set $LIB_curses accordingly. This change is based on a patch provided by Bastian Beischer. FIXES 134420 Reviewed-on: https://gerrit.openafs.org/12760 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 311f1d28a2f626350b33ad432e674055b62511bd) Change-Id: I2f69fe51bbefeeb2a17145a88aa9c891644f2f61 Reviewed-on: https://gerrit.openafs.org/12763 Tested-by: BuildBot Reviewed-by: Michael Laß Reviewed-by: Benjamin Kaduk commit d93f80622370f50d7bce5c5b00cd062f15ee9eba Author: Damien Diederen Date: Mon Sep 18 12:18:39 2017 +0200 Linux: Use kernel_read/kernel_write when __vfs variants are unavailable We hide the uses of set_fs/get_fs behind a macro, as those functions are likely to soon become unavailable: > Christoph Hellwig suggested removing all calls outside of the core > filesystem and architecture code; Andy Lutomirski went one step > further and said they should all go. https://lwn.net/Articles/722267/ Reviewed-on: https://gerrit.openafs.org/12729 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk (cherry picked from commit 5ee516b3789d3545f3d78fb3aba2480308359945) Change-Id: I28a7126bf6ab048f8d949f190e557a3fa44f3f46 Reviewed-on: https://gerrit.openafs.org/12737 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit c42a25d28fbcc76fdcac2b5f29704f8f1b353b45 Author: Damien Diederen Date: Mon Sep 18 11:59:40 2017 +0200 Linux: Test for __vfs_write rather than __vfs_read The following commit: commit eb031849d52e61d24ba54e9d27553189ff328174 Author: Christoph Hellwig Date: Fri Sep 1 17:39:23 2017 +0200 fs: unexport __vfs_read/__vfs_write unexports both __vfs_read and __vfs_write, but keeps the former in fs.h--as it is is still being used by another part of the tree. This situation results in a false positive in our Autoconf check, which does not see the export statements, and ends up marking the corresponding API as available. That, in turn, causes some code which assumes symmetry with __vfs_write to fail to compile. Switch to testing for __vfs_write, which correctly marks the API as unavailable. Reviewed-on: https://gerrit.openafs.org/12728 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 929e77a886fc9853ee292ba1aa52a920c454e94b) Change-Id: I03e3c8222360a6b04b45b45a8f56b5df054f6783 Reviewed-on: https://gerrit.openafs.org/12736 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit bc384b7d5e4818c567a64fe4a935f021d936444f Author: Benjamin Kaduk Date: Mon Oct 16 16:53:22 2017 -0500 Correct m4 conditionals in curses.m4 AS_IF does not invoke the test(1) shell builtin for us, so we must take care to consistently use it ourself. While here, sprinkle some missing double-quotes around variable expansions in AS_IF statements in this file. Submitted by Bastian Beischer. FIXES 134414 Change-Id: Iccfe311011f17de6317cf64abdc58b0812b81b8c Reviewed-on: https://gerrit.openafs.org/12738 Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk (cherry picked from commit e0c5ada214596d5adb6798682d5e280cc99f447c) Reviewed-on: https://gerrit.openafs.org/12739 commit 688b3570867cda3035ec6bcd9c7538cf651f38f6 Author: Anders Kaseorg Date: Fri Sep 1 23:37:07 2017 -0400 vol: Fix two buffers being one char too short Fixes these warnings: namei_ops.c: In function 'namei_copy_on_write': namei_ops.c:1328:31: warning: 'snprintf' output may be truncated before the last format character [-Wformat-truncation=] snprintf(path, sizeof(path), "%s-tmp", name.n_path); ^~~~~~~~ namei_ops.c:1328:2: note: 'snprintf' output between 5 and 260 bytes into a destination of size 259 snprintf(path, sizeof(path), "%s-tmp", name.n_path); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ vol_split.c: In function 'split_volume': vol_split.c:576:22: warning: 'sprintf' may write a terminating nul past the end of the destination [-Wformat-overflow=] sprintf(symlink, "#%s", V_name(newvol)); ^~~~~ vol_split.c:576:5: note: 'sprintf' output between 2 and 33 bytes into a destination of size 32 sprintf(symlink, "#%s", V_name(newvol)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reviewed-on: https://gerrit.openafs.org/12722 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit 0a9a6b57ce6e1c97fcc651c8cb74e66fc8422a1e) Change-Id: Ia60439aed7925b786a0213d96a7afb413579e01f Reviewed-on: https://gerrit.openafs.org/12723 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 7073408688da021864bba59c592e8924e05adb91 Author: Seth Forshee Date: Tue Aug 22 07:59:11 2017 -0500 Linux: Include linux/uaccess.h rather than asm/uaccess.h if present Starting with Linux 4.12 there is a module build error on s390 due to asm/uaccess.h using a macro defined in the common header. The common header has been around since 2.6.18 and has always included asm/uaccess.h, so switch to using the common header whenever it is present. Signed-off-by: Seth Forshee Reviewed-on: https://gerrit.openafs.org/12714 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot (cherry picked from commit 962f4838dc461567d896304f617a0923745d13d5) Change-Id: I5a7834b982458159804bc4d940e39ef283253299 Reviewed-on: https://gerrit.openafs.org/12718 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit a3812407f28439bb69f052f0115171cdf04927da Author: Benjamin Kaduk Date: Tue Aug 1 20:43:41 2017 -0500 Make OpenAFS 1.8.0pre2 Update the version strings for the second 1.8.0 prerelease. Change-Id: I3e3f950d0565b877a4da4f8843a015ac392484d5 Reviewed-on: https://gerrit.openafs.org/12683 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit bfc5d1ada2f5ce12bfafe65d352982adbefe9911 Author: Benjamin Kaduk Date: Tue Aug 1 20:57:52 2017 -0500 Remove src/mcas This lock-free library toolkit is intriguing and may be the subject of future work, but such development will occur on the master branch, and these files are just clutter on openafs-stable-1_8_x. Remove them to give the tree a more clean start. Remove src/mcas and stop mentioning it in SOURCE-MAP; don't reference it in the rpctests, either. Change-Id: I21b1b6b64a709fe40aa53aaf3470d128c0dc2f86 Reviewed-on: https://gerrit.openafs.org/12682 Tested-by: Benjamin Kaduk Reviewed-by: Mark Vitale Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit 7c2ce4040e94e954e51945daac03cc39e885d3ce Author: Benjamin Kaduk Date: Tue Aug 1 20:55:52 2017 -0500 Remove src/rxgk These files were commited slightly prematurely to the tree; rxgk support is intended for the 2.0 release, and will not appear in the 1.8.x release series. Remove src/rxgk and drop mentions of rxgk from configure/Makefile.in/etc. Change-Id: Ib7d40eaac85b05d920781b61f73dbdf8fedfcc2b Reviewed-on: https://gerrit.openafs.org/12681 Tested-by: Benjamin Kaduk Reviewed-by: Mark Vitale Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit e739eaa650ee30dcce54d05908b062839eafbf73 Author: Michael Meffie Date: Fri Apr 14 20:38:27 2017 -0400 redhat: move bosserver and fssync-debug man pages Move the bosserver and fssync-debug/dafssync-debug man pages to the openafs-server package, which distributes those programs. Change-Id: I9c84ad485834177fd43b28acd444d3d54c648cc8 Reviewed-on: https://gerrit.openafs.org/12601 Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 5b79f95f7457f203213a9170389b17ffcc0208f7 Author: Michael Meffie Date: Thu Apr 13 21:48:06 2017 -0400 redhat: kauth client and server sub-packages Move the kaserver and kauth client programs to conditionally built packages called openafs-kauth-server and openafs-kauth-client. Packagers can build these by specifying '--with kauth'. They are not built by default to discourage use. This commit subsumes the openafs-kpasswd package into the openafs-kauth-client package. Change-Id: I1322f05d7fe11d466c9ed71a5059c21b759d95ab Reviewed-on: https://gerrit.openafs.org/12600 Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 54e478328fa24aa2629398c5ddfad7b50d353dd7 Author: Michael Meffie Date: Mon Apr 10 15:06:02 2017 -0400 redhat: do not package kauth by default Do not package kaserver and related programs by default to discourage use. Add the '--with kauth' rpmbuild option to allow packagers to continue include the kauth programs for compatibility. Change-Id: I8bf9f6dc221afc22ed6c9a33cf101d705e6c4920 Reviewed-on: https://gerrit.openafs.org/12597 Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 6d59b7c4b4b712160a6d60491c95c111bb831fbb Author: Benjamin Kaduk Date: Sun Jul 30 20:57:05 2017 -0500 Default to crypt mode for unix clients Though the protection offered by rxkad, even with rxkad-k5 and rxkad-kdf, is insufficient to protect traffic from a determined attacker, it remains the case that the internet is not a safe place for user data to travel in the clear, and has not been for a long time. The Windows client encrypts by default, and all or nearly all the Unix client packaging scripts set crypt mode by default. Catch up to reality and default to crypt mode in the Unix cache manager. Change-Id: If0061ddca3bedf0df1ade8cb61ccb710ec1181d4 Reviewed-on: https://gerrit.openafs.org/12668 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit f7ccf0aa00459cda4579a3838b5bd59ba69c03ea Author: Marcio Barbosa Date: Mon Jul 31 15:27:10 2017 -0400 ubik: remove useless signal call The current version does not have a corresponding LWP_WaitProcess call for the beacon_globals.ubik_amSyncSite global. As a result, the LWP_NoYieldSignal(&beacon_globals.ubik_amSyncSite) signal call can be safely removed. Change-Id: I72c4ccfe8e68551673dc728dd699ba8c561d76d1 Reviewed-on: https://gerrit.openafs.org/12673 Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit b4c3baa2e24890face6433fcb160e85b7409df4c Author: Michael Meffie Date: Wed Aug 2 15:25:45 2017 -0400 doc: add a document to describe rx debug packets This document gives a basic description of Rx debug packets, the protocol to exchange debug packets, and the version history. Change-Id: Ic040d336c1e463f7da145f1a292c20c5d5f215df Reviewed-on: https://gerrit.openafs.org/12677 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit b8e8145fa97e3edb6e4157f0d60d3d5e8db597fe Author: Michael Meffie Date: Tue Aug 1 20:36:18 2017 -0400 doc: add kolya's rx-spec to doc/txt Add rx protocol spec and rx debug spec written by Nickolia Zeldovich. Rx protocol specification draft (2002) Nickolai Zeldovich, kolya@MIT.EDU Change-Id: I65a9a83a8889503f3a82c8fde7a87f84d2736c8d Reviewed-on: https://gerrit.openafs.org/12676 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit c6f5ebc4cf95b0f1d3acc7a0a8678ba0d4378243 Author: Michael Meffie Date: Tue Aug 1 20:10:32 2017 -0400 doc: relocate notes from arch to txt The doc/txt directory has become the de facto home for text-based technical notes. Relocate the contents of the doc/arch directory to doc/txt. Relocate doc/examples to doc/txt/examples. Update the doc/README file to be more current and remove old work in progress comments. Change-Id: Iaa53e77eb1f7019d22af8380fa147305ac79d055 Reviewed-on: https://gerrit.openafs.org/12675 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 57d32c29146167ff54d3221ed761a5973776ae93 Author: Benjamin Kaduk Date: Tue Aug 1 20:50:37 2017 -0500 Add NEWS entry for recent ubik changes Of the ubik-fix-write-after-recovery topic, this seems like the most noteworthy portion, with the other bits wrapped up in the preface. Change-Id: Icc1afb9f851ef2d7ade49c2382cc023997f1bf26 Reviewed-on: https://gerrit.openafs.org/12679 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit da704137f4bf766250ca87dbdc5a85c2024cb0a6 Author: Marcio Barbosa Date: Thu Jul 20 23:02:15 2017 -0400 ubik: update epoch as soon as sync-site is elected The ubik_epochTime represents the time at which the coordinator first received its coordinator mandate. However, this global is currently not updated at the moment when a new sync-site is elected. Instead, ubik_epochTime is only updated at the very end of the first write transaction, when a new database label is written (in udisk_commit). This causes at least 2 different issues: For one, this means that we change ubik_epochTime while a remote transaction is in progress. If VOTE_Beacon is called after ubik_epochTime is updated, but before the remote transaction ends, the remote sites will detect that the transaction id in ubik_currentTrans is wrong (via urecovery_CheckTid(), since the epoch doesn't match), and they will abort the transaction. This means the transaction will fail, and it may cause a loss of quorum until another election is completed. Another issue is that ubik_epochTime can be 0 at the beginning of a write transaction, if this is the first election that this site has won. Since ubik_epochTime is used to construct transaction ids, this means that we can have different transactions that originate from different sites at different times, but they have the same epoch in their tid. For example, say a write transaction starts with epoch 0, but the originating site is killed/interrupted before finishing. That write transaction will linger on remote sites in ubik_currentTrans with an epoch of 0 (since the originating site will never call DISK_ReleaseLocks, or DISK_Abort, etc). Normally the sync site will kill such a lingering transaction via urecovery_CheckTid, but since the epoch is 0, and the election winner's epoch is also 0, the transaction looks valid and may never be killed. If that transaction is holding a lock on the database, this means that the database will forever remain locked, effectively preventing any access to the db on that site. To fix both of these issues, update ubik_epochTime with the current time as soon as we win the election. This ensures that the epoch is not updated in the middle of a transaction, and it ensures that all transactions are created with a unique epoch: the epoch of the election that we won. Note that with this commit, we do not ever set ubik_epochTime to the magic value of '2' during database init. The special '2' epoch only needs to be set in the database itself, and it is never an actual epoch that represents a real quorum that went through the election process. The database will be labelled with a 'real' epoch after the first write, like normal. [kaduk@mit.edu: comment the locking strategy in ubeacon_Interact()] Change-Id: I6cdcf5a73c1ea564622bfc8ab7024d9901af4bc8 Reviewed-on: https://gerrit.openafs.org/12609 Tested-by: BuildBot Reviewed-by: Marcio Brito Barbosa Reviewed-by: Benjamin Kaduk commit 32ddf88547f921b33dd93473883928051faab950 Author: Joe Gorse Date: Thu Jul 6 15:47:24 2017 -0400 LINUX: afs_create infinite fetchStatus loop For a file in a directory with the CStatd bit cleared, we can get an infinite fetchStatus loop. In afs_create(), afs_getDCache() may return NULL due to an error. If unchecked it will loop which may produce multiple fetchStatus() calls to the fileserver. Credit: Yadav Yadavendra for identifying and analysing this issue. Change-Id: Iecd77d49a5f3e8bb629396c57246736b39aa935f Reviewed-on: https://gerrit.openafs.org/12651 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 18fabf9aecf358e0f45e25f6249685f7f2e32485 Author: Benjamin Kaduk Date: Wed Aug 2 19:31:17 2017 -0500 Update NEWS for volume stats default change Change-Id: I1a184bf638609866f6f7f1d11c224dfee1113eef Reviewed-on: https://gerrit.openafs.org/12678 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 8e1ca72b1cbed930d3661dee5cb742cab52737e9 Author: Michael Meffie Date: Tue Aug 1 17:21:13 2017 -0400 volser: preserve volume stats by default Commit dfceff1d3a66e76246537738720f411330808d64 added the -preserve-vol-stats flag to the volume server. This enabled a change in the volume server to preserve volume usage statistics during reclone and restore operations. Otherwise, volume usage counters of read-only volumes are cleared when volumes are released, making it difficult to track usage with the volume stats. Make this feature the default behavior of the volume server and provide the option -clear-vol-stats to use the old behavior if so desired. This change makes the -preserve-vol-stats the default, and keeps it as a hidden flag for sites which may already have that flag set in the BosConfig. Since this changes a default behavior of the volume server, this change is only appropriate on a major or minor release boundary, not in the middle of a stable series. Change-Id: I3706ede64b7b18a80b39ebd55f2e1824bb7dbc57 Reviewed-on: https://gerrit.openafs.org/12674 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 7c7085061580ccce7b2d9c17df5604e5e97fcd81 Author: Marcio Barbosa Date: Mon May 22 12:55:32 2017 -0400 ubik: avoid early DISK_Begin calls we know will fail Currently, we can start a write transaction on a site immediately after it is elected as the sync site. However, after commit d47beca1, SDISK_Begin on remote sites will fail right after an election occurs (since lastYesState is not set, and so urecovery_AllBetter will fail). And after commit fac0b742, this error is always noticed and propagated back to the application. As a result, when we try to write immediately after a sync site is elected, the transaction will fail with UNOQUORUM, the remote sites will be marked as down, and we may lose quorum and require another election to be performed. This can easily happen repeatedly for a site that frequently tries to make changes to a ubik database. To avoid marking other sites down and going through another election process, do not allow write transactions until we know that lastYesState is set on the remote sites. We do this by waiting until the next wave of beacons are sent, which tell the remote sites that we are the sync site. In other words, only allow write transactions after the sync site knows that the remote sites also know that the sync site has been elected. With this commit, a write transaction immediately after an election will still fail with UNOQUORUM, but we avoid triggering an error on the remote sites, and avoid losing quorum in this situation. Change-Id: I9e1a76b4022e6d734af1165d94c12e90af04974d Reviewed-on: https://gerrit.openafs.org/12592 Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 8f46ca082653116c9c42a69e2535be1bb2f0a2a9 Author: Marcio Barbosa Date: Wed Jun 21 17:42:37 2017 -0300 ubik: allow remote dbase relabel if up to date When a site is elected the sync-site, its database is not immediately relabeled. The database in question will be relabeled at the end of the first write transaction (in udisk_commit). To do so, the dbase->version is updated on the sync-site first (1) and then the versions of the remote sites are updated through SDISK_SetVersion() (2). In order to make sure that the remote site holds the same database as the sync-site, the SDISK_SetVersion() function checks if the current version held by the remote site (ubik_dbVersion) is equal to the original version stored by the sync-site (oldversionp). If ubik_dbVersion is not equal to oldversionp, SDISK_SetVersion() will fail with USYNC. However, ubik_dbVersion can be updated by the vote thread at any time. That is, if the sync site calls VOTE_Beacon() on the remote site between events (1) and (2), the remote site will set ubik_dbVersion to the new version, while ubik_dbase->version is still set to the old version. As a result, ubik_dbVersion will not be equal to oldversionp and SDISK_SetVersion() will fail with USYNC. This failure may cause a loss of quorum until another election is completed. To fix this problem, let SDISK_SetVersion() relabel the database when ubik_dbase->version is equal to oldversionp. In order to try to only affect the scenario described above, also check if ubik_dbVersion is equal to newversionp. Change-Id: I97e6f8cacd1c9bca0b4c72374c058c5fe5b638b3 Reviewed-on: https://gerrit.openafs.org/12613 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 3c12ff9fbb2724b6e430f3eeeb2c2a1d2ae3f884 Author: Joe Gorse Date: Wed May 10 11:38:25 2017 -0400 afs: fix repeated BulkStatus calls for directories. There is a filetype comparison check in afs_DoBulkStat just after BulkFetch RPC. This check will fail for directories even though bulkStatus was done for directories. This code is apparently necessary for Darwin, but it causes this problem otherwise. Thus it is removed from the rest of the builds using the AFS_DARWIN_ENV preprocessor variable. Credit: Yadav Yadavendra for identifying and analysing this issue. Change-Id: I9645f0e7a3327cb5f20cdf3ba2bf1cc5b1509bb5 Reviewed-on: https://gerrit.openafs.org/12610 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 90acda692a589eb177dc5dee99490947106f8141 Author: Michael Meffie Date: Thu Jul 20 00:12:05 2017 -0400 relocate old afs docs to doc/txt Move the afs/DOC files to the top-leve doc/txt directory, since this has become the home for developer oriented documentation. Change-Id: I128d338c69534b4ee6043105a7cfd390b280afe3 Reviewed-on: https://gerrit.openafs.org/12662 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5a88209a0ff0cefb7ec1a810e25011ee9795d2fe Author: Michael Meffie Date: Wed Jul 19 23:48:42 2017 -0400 Incorporate old release notes into NEWS Cleanup the doc/txt directory by incorporating the old release notes into the NEWS file. Change-Id: I63911fc5cb0b476e201148c6d3fa3441f4746ab7 Reviewed-on: https://gerrit.openafs.org/12661 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 3629ae4a682d648d6830bf551ed78faaa4cfc477 Author: Michael Meffie Date: Wed Jul 19 22:39:51 2017 -0400 Update NEWS for 1.8.0pre2 Change-Id: I5f83e81f25177bde1ea691e756359563e80ee3f2 Reviewed-on: https://gerrit.openafs.org/12660 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 1d5b255ff68af03da891a0babefdadd85f48def0 Author: Michael Meffie Date: Wed Jul 19 23:09:01 2017 -0400 Import NEWS from openafs-stable-1_6_x Import change descriptions for 1.6.20.1, 1.6.20.2, 1.6.21. Change-Id: Ib4f06c7046eb6e1bb0a1ccfb9f6c45191154fe0e Reviewed-on: https://gerrit.openafs.org/12659 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 77c5e4f3fba57c85fd664f64dba2c44a44a4fb5c Author: Stephan Wiesand Date: Wed Jul 26 15:18:08 2017 +0200 Linux: fix whitespace in osi_sysctl.c Remove dozens of trailing spaces and make consistent use of tabs for indentation throughout the file. Change-Id: Ibbd17d2b9828590ffd84b76aac70646e9fe9cb2c Reviewed-on: https://gerrit.openafs.org/12665 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit b0461f2def17fe3d3f49e51e3c4a1df81a921eee Author: Andrew Deason Date: Thu Jun 15 15:32:41 2017 -0500 LINUX: Workaround d_splice_alias/d_lookup race Before Linux kernel commit 4919c5e45a91b5db5a41695fe0357fbdff0d5767, d_splice_alias in some cases can d_rehash the given dentry without attaching it to the given inode, right before the dentry is unhashed again. This means that for a few moments, that negative dentry is visible to __d_lookup, and thus is visible to path lookup and can be given to afs_linux_dentry_revalidate. Currently, afs_linux_dentry_revalidate will say that the dentry is valid, because d_time and other fields are set; it's just not attached to an inode. This causes an ENOENT error on lookup, even though the file is there (and no OpenAFS code said otherwise). Normally this race is rare, but it can be frequently exercised if we access the same directory via different names at the same time. This can happen with multiple mountpoints to the same volume, or by accessing an @sys directory via its abbreviated and expanded forms. To get around this, make afs_linux_dentry_revalidate check negative 'dentry's to see if they are unhashed. We also lock the parent inode, in order to guarantee that a problematic d_splice_alias call isn't running at the same time (and thus, we know the dentry will not be unhashed immediately afterwards). This slows down afs_linux_dentry_revalidate for valid negative 'dentry's a little, but it allows us to use negative dentry's at all. Linux kernel commit 4919c5e45a91b5db5a41695fe0357fbdff0d5767 fixes this issue, which was included in 2.6.34, so don't do this workaround for 2.6.34 and on. Change-Id: I8e58ebed4441151832054b1ef3f1aa5af1c4a9b5 Reviewed-on: https://gerrit.openafs.org/12638 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit d55b41072ce873210481baa4cae5c7143011869b Author: Stephan Wiesand Date: Mon Jul 24 11:37:54 2017 +0200 Linux 4.13: use designated initializers where required struct path is declared with the "designated_init" attribute, and module builds now use -Werror=designated-init. Cope. And as pointed out by Michael Meffie, struct ctl_table has the same requirement now, so use a designated initializer for the final element of the sysctl table too. Change-Id: I0ec45aac961dcefa0856a15ee218085626a357c7 Reviewed-on: https://gerrit.openafs.org/12663 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 030a9849e22f443492342794f436e2c86c98a903 Author: Michael Meffie Date: Fri Jul 7 11:11:12 2017 -0400 afs: fix afs_xserver deadlock in afsdb refresh When setting up a new volume, the cache manager calls afs_GetServer() to setup the server object for each fileserver associated with the volume. The afs_GetServer() function locks afs_xserver and then, among other things, calls afs_GetCell() to lookup the cell info by cell number. When the cache manager is running in afsdb mode, afs_GetCell() will attempt to refresh the cell info if the time-to-live has been exceeded since the last call to afs_GetCell(). During this refresh the AFSDB calls afs_GetServer() to update the vlserver information. The afsdb handler thread and the thread processing the volume setup become deadlocked since the afs_xserver lock is already held at this point. This bug will manifest when the DNS SRV record TTL is smaller than the time the fileservers respond to the GetCapabilities RPC within afs_GetServer() and there are multiple read-only servers for a volume. Avoid the deadlock by using the afs_GetCellStale() variant within afs_GetServer(). This variant returns the memory resident cell info without the afsdb upcall and the subsequent afs_GetServer() call. Change-Id: Iad57870f84c5e542a5ee20f00ea03b3fc87683a1 Reviewed-on: https://gerrit.openafs.org/12652 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a6ad67485bf23084c06e1de1a424b2e375ee70f3 Author: Michael Meffie Date: Tue Jul 11 08:51:08 2017 -0400 afs: restore force_if_down check when getting connections Commit cb9e029255420608308127b0609179a46d9983ad removed the force_if_down check in afs_ConnBySA, which effictively turned on force_if_down flag for every call to afs_ConnBySA. This caused afs_ConnBySA to always return connections, even for server addresses marked down and force_if_down set to 0. One serious consequence of this bug is the cache manager will retry the preferred vlserver indefinitely when it is unreachable. This is because the loop in afs_ConnMHosts always tries hosts in preferred order and expects afs_ConnBySA to return a NULL if the server address has no connections because it is marked down. Restore the check for server addresses marked down to honor the force_if_down flag again so we do not get connections for down servers unless requested. Change-Id: Ia117354929a62b0cedc218040649e9e0b8d8ed23 Reviewed-on: https://gerrit.openafs.org/12653 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a1c072ac562ccf74e5afb8449db1bcef86aef362 Author: Michael Meffie Date: Mon Apr 10 14:23:12 2017 -0400 redhat: fix rpmbuild command line option defaults Fix the handling of default values for the various rpmbuild options which can be given. These have been broken as code was shuffled around over the years. Remove obsolete comments about detecting what to build based on the architecture. Provide the '--without authlibs' option to disable the openafs-authlibs package. Change-Id: I6c8db1f3163ee241f9a4d1282345a0ddeabd284c Reviewed-on: https://gerrit.openafs.org/12596 Reviewed-by: Stephan Wiesand Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit a5bedda935c8147517bcbb56858dd88288fdf9da Author: Christof Hanke Date: Tue Jul 18 12:04:11 2017 +0200 mkvers: fix potential buffer overflow The space allocated for outputFileBuf is only 2 bytes larger than sizeof(VERS_FILE). But we add potentially 4 extra bytes like ".txt" or ".xml". Just allocate enough space for all file suffices. Change-Id: Ic0f97590be208deaf9c4a5c25e21056ea9d2cd6f Reviewed-on: https://gerrit.openafs.org/12657 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit d7211350eec18b30e9ccf30f5e95fb58162c637d Author: Andrew Deason Date: Thu Jun 15 15:29:17 2017 -0500 afs_linux_lookup: Avoid d_add on afs_lookup error Currently, afs_linux_lookup looks roughly like this pseudocode: { code = afs_lookup(&vcp); if (!code) { ip = AFSTOV(vcp); error = process_ip(ip); if (error) { goto done; } } process_dp(dp); newdp = d_splice_alias(ip, dp); done: cleanup(); } Note that if there is an error while processing the looked-up inode (ip), we jump over d_splice_alias. But if we encounter an error from afs_lookup itself, we do not jump over d_splice_alias. This means that if afs_lookup encounters any error, we initialize the given dentry (dp) as a negative entry, effectively telling the Linux kernel that the requested name does not exist. This is correct for ENOENT errors, of course, but is incorrect for any other error. For non-ENOENT errors we later return an error from the function, but this does not invalidate the generated dentry. The result is that when afs_lookup encounters an error, that error will be propagated to userspace, but subsequent lookups for the same name will yield an ENOENT error (until the dentry is invalidated). This can easily cause a file to seem to mysteriously disappear, if a transient error like network problems caused the afs_lookup call to fail. To fix this, treat ENOENT as a non-error, like the comments already suggest. In our case, ENOENT is not really an error; it just means we populate the given dentry differently. So if we get ENOENT from afs_lookup, set our vcache to NULL and clear the error, and continue. This also has the side effect of not treating ENOENT errors from afs_CreateAttr identically to ENOENT errors from afs_lookup. That shouldn't happen, but there have been abuses of the ENOENT error code in the past, so it is probably better to be cautious. Many thanks to Gaja Sophie Peters for assistance in tracking down and testing fixes for this issue, including providing access to test systems experiencing the buggy behavior. FIXES 133654 Change-Id: Ia9aab289d5c041557ab6b00f1d41de2edfc97a89 Reviewed-on: https://gerrit.openafs.org/12637 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Joe Gorse Reviewed-by: Michael Meffie Tested-by: Michael Meffie commit 5dd2ce2043f53e80e1ded25abcfd565b4071a3ad Author: Andrew Deason Date: Thu Jun 15 15:29:48 2017 -0500 LINUX: Rearrange afs_linux_lookup cleanup Currently, the cleanup and error handling in afs_linux_lookup is structured similar to this pseudocode: if (!code) { if (!IS_ERR(newdp)) { return no_error; } else { return newdp_error; } } else { return code_error; } The multiple different nested error cases make this a little complex. To make this easier to follow for subsequent changes, alter this structure to be more like this: if (IS_ERR(newdp)) { return newdp_error; } if (code) { return code_error; } return no_error; There should be no functional change in this commit; it is just code reorganization. Technically the ordering of these checks is changed, but there is no combination of conditions that actually results in different code being hit. That is, if 'code' is nonzero and IS_ERR(newdp) is true, then we would go through a different path. But that cannot happen, since if 'code' is nonzero, we have no inode and so IS_ERR(newdp) cannot be true (d_splice_alias cannot return an error for a NULL inode). So there is no functional change. Change-Id: I94a3aef5239358c3d13fe5314044dcc85914d0a4 Reviewed-on: https://gerrit.openafs.org/12636 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Joe Gorse Reviewed-by: Michael Meffie Tested-by: Michael Meffie commit d0b64a4a1b61b5e22f0e3fe509f8facd30bc2b74 Author: Stephan Wiesand Date: Thu Jun 29 16:57:42 2017 +0200 doc: Add introduction and credits to ubik.txt Credit where it's due. And the remainder of the introduction may provide some useful context too. Change-Id: I99c7e599363126c581ae1ac00da67c33acc3687f Reviewed-on: https://gerrit.openafs.org/12644 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit d1c4dbf28ae28bbfac3d8bc96d0fa5ae3d422bfd Author: Benjamin Kaduk Date: Sun Jun 25 13:56:04 2017 -0500 Put jhutz's ubik analysis in doc/txt A file in the source tree is much easier to locate than an old mailing list post; it's quite handy to have this at hand as a reference. Change-Id: I5267a2f86b36e92b05249364085bdd33aeb28d1b Reviewed-on: https://gerrit.openafs.org/12642 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit 0327ead297e3cf395cced1e6690b901e445f074c Author: Andrew Deason Date: Fri Jun 23 17:20:11 2017 -0500 afs: Improve "Corrupt directory" warning This warning is a bit confusing to see, since it doesn't say anything about AFS (making it unclear where it's coming from), and it lacks a trailing newline (making it ugly). Fix both of these. Change-Id: I92a3d07fd193bf99b545aef9b21f52d23c356a2d Reviewed-on: https://gerrit.openafs.org/12641 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit cdb92f94598e5b25fbcdfc6fb1650218ec05d63f Author: Jeffrey Altman Date: Thu Jun 1 22:25:49 2017 -0400 vol: modify volume updateDate upon salvage change If the salvager changed the volume, set the VolumeDiskData.updateDate field so that 1. the change is visible via "vos examine" 2. backup services will backup the corrected volume Teradactyl pointed out the problem which forces cell administrators to manually trigger a backup for each volume that has been salvaged. Change-Id: I9a35b92e8abbe3b54b08e64ac13de44442736c72 Reviewed-on: https://gerrit.openafs.org/12629 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit f5491119ff7d422b1c0c311a50e30bec1c15296c Author: Michael Meffie Date: Fri Jun 2 15:19:26 2017 -0400 bozo: do not fail silently on unknown bosserver options Instead of failing silently when the bosserver is started with an unknown option, print an error message and exit with a non-zero value. Continue to exit with 0 when the -help option is given to request the usage message. This change should help make bosserver startup failures more obvious when an unsupported option is specified. Example systemd status message: systemd[1]: Starting OpenAFS Server Service... bosserver[32308]: Unrecognized option: -bogus bosserver[32308]: Usage: bosserver [-noauth] .... systemd[1]: openafs-server.service: main process exited, code=exited, status=1/FAILURE Change-Id: I8717fb4a788fbcc3d1e2d271dd03511c5b504f10 Reviewed-on: https://gerrit.openafs.org/12630 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit aaa47dc1077f0dd5b0040006c831f64cc8a303b5 Author: Jeffrey Altman Date: Sat May 27 14:59:04 2017 -0400 rx: wake up send after 'twind' has been updated Beginning in AFS 3.4 and 3.5 the ack trailer includes the size of the peer's receive window. This value is used to update the sender's transmit window (twind). When the twind is increased the application thread is signaled to indicate that more packets can be sent. This change wakes the application thread after twind is updated by the peer's receive window instead of beforehand. Failure to do so can result in 100ms transmit delays when the receive window transitions from closed to open. Change-Id: Id129ea93e94612a4b8cce9f8cbddde9c779ff26b Reviewed-on: https://gerrit.openafs.org/12625 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 63e530e7df0b8013bcc4421b0bba558d4f1d2d57 Author: Joe Gorse Date: Tue May 16 07:29:30 2017 +0000 LINUX: Switch to new bdi api for 4.12. super_setup_bdi() dynamically allocates backing_dev_info structures for filesystems and cleans them up on superblock destruction. Appears with Linux commit fca39346a55bb7196888ffc77d9e3557340d1d0b Author: Jan Kara Date: Wed Apr 12 12:24:28 2017 +0200 Change-Id: I67eed0fcb8c96733390579847db57fb8a4f0df3e Reviewed-on: https://gerrit.openafs.org/12614 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit b47dc5482da614742b01dcc62d5e11d766a9432f Author: Joe Gorse Date: Wed May 10 19:46:38 2017 +0000 LINUX: CURRENT_TIME macro goes away. Check if the macro exists, define it if it does not. Change-Id: I9990579f94bfba0804e60fa6ddcc077984cc46c3 Reviewed-on: https://gerrit.openafs.org/12611 Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 7af9554bed2d906615e0f5a94537d3d553ca2d1e Author: Michael Meffie Date: Thu Apr 6 22:50:41 2017 -0400 redhat: update rpm spec file Update the spec file to keep up with accumulated changes. * Correct installation location of db check programs. * Install afsd to the legacy location to avoid breaking init scrips and systemd configs. * Exclude yet another duplicated copy of kpwvalid. * libubik_pthread.a is gone. * Install the kpwvalid man page. * Continue to remove the obsolete kdb program. * Update the names of the pam_afs symlinks. * Add libkopenafs to authlibs. * Package dafssync-debug man pages. * Package opr/queue.h in devel. * Package akeyconvert and man page. * Do not package fuse version of afsd. A separate sub-package for afsd.fuse is warrented, since it adds new libfuse dependencies. * Package new server man pages, including dafsssync-* pages. * Package libafsrfc3961.a as a devel lib. * Continue to package kauth programs. Change-Id: I875c3b8dee53abbc67b0f05f8b291bb58abf41a5 Reviewed-on: https://gerrit.openafs.org/12595 Reviewed-by: Michael Meffie Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit dd80f081663c50f93618da7a309b390f2fbdbc59 Author: Tim Creech Date: Sun Mar 5 18:13:45 2017 -0500 FBSD: build fix for FreeBSD 11 r285819 eliminated b_saveaddr from struct buf, while r292373 changed the arguments to VOP_GETPAGES. The approach used by this patch to address these changes was inspired by FreeBSD's nfs and samba clients. Change-Id: Ibcf6b6fde6c86f96aa814af2bca08f1a8b286740 Reviewed-on: https://gerrit.openafs.org/12575 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit dcfebc7ca2923c1f93df9105e493bd4228ea8a0e Author: Michael Meffie Date: Wed Apr 5 16:48:36 2017 -0400 redhat: convert rpm spec file to make install Convert the build and install from the deprecated 'make dest' to the modern 'make install' method. * Clarify the install section by unrolling the shell scripts, reorganizing, and improving the comments. * Remove the gzip glob of the man pages; rpmbuild automatically compresses the man pages and will handle symlinks correctly. * Remove the generated temporary list file and specify files directly. * Remove the extra tar commands to install the man pages out of the doc directory; 'make install..' installs the man pagess. * Remove code in the install section which determines the sysname. This is no longer needed during the install. * Update the kernel module install commands to accommodate the conversion from 'make dest'. Change-Id: I97ec80185a2b11704b27ea74941b50ff4a5aca8c Reviewed-on: https://gerrit.openafs.org/12594 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit bd8bec5b474315cd28df5a4741c1e07d48c7250a Author: Michael Meffie Date: Tue Apr 25 18:34:47 2017 -0400 redhat: fix whitespace errors in the rpm spec file Remove trailing whitespace characters that have crept into the rpm spec file over the years. Change-Id: I08c7ad926ddb524d6938b26513963c28c70b4195 Reviewed-on: https://gerrit.openafs.org/12606 Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 6b7b4239ab22fbb301e3b50e2ca4072445ba4e9e Author: Stephan Wiesand Date: Tue Apr 11 11:58:55 2017 +0200 Linux: only include cred.h if it exists Commit c89fd17df1032ec2eacc0d0c9b73e19c5e8db7d2 introduced an explicit include of linux/cred.h since the latest kernel no longer includes it implicitly in sched.h. Alas, older kernels (like 2.6.18) don't have this file. Add a configure test for the existence of cred.h and only include it if actually present. Change-Id: Ia7e38160492b1e03cdb257e4b2bef4d18c4a28fb Reviewed-on: https://gerrit.openafs.org/12593 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit c89fd17df1032ec2eacc0d0c9b73e19c5e8db7d2 Author: Mark Vitale Date: Thu Mar 23 18:36:44 2017 -0700 Linux v4.11: cred.h is no longer included in sched.h With Linux commit e26512fea5bcd6602dbf02a551ed073cd4529449, cred.h is no longer included in sched.h. Several components of libafs which require cred.h were picking it by including sched.h. Instead, explicitly add an include for cred.h. cred.h begins with a customary one-shot to prevent multiple loads: #ifndef _LINUX_CRED_H #define _LINUX_CRED_H Therefore we don't need a new autoconf test or preprocessor conditional to prevent redundant includes on older Linux releases. Change-Id: Ifc496c83141d2cfbd417133feb6d87c1146e5014 Reviewed-on: https://gerrit.openafs.org/12574 Tested-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Joe Gorse Tested-by: Joe Gorse Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie commit ad001550949b612ff6b4899fa8da50ee58f87533 Author: Mark Vitale Date: Thu Mar 23 15:10:03 2017 -0700 Linux v4.11: signal stuff moved to sched/signal.h In Linux commit c3edc4010e9d102eb7b8f17d15c2ebc425fed63c, signal_struct and other signal handling declarations were moved from sched.h to sched/signal.h. This breaks existing OpenAFS autoconf tests for recalc_sigpending() and task_struct.signal->rlim, so that the OpenAFS kernel module can no longer build. Modify OpenAFS autoconfig tests to cope. Change-Id: Ic9f174b92704eabcbd374feffe5fbeb92c8987ce Reviewed-on: https://gerrit.openafs.org/12573 Tested-by: BuildBot Reviewed-by: Joe Gorse Tested-by: Joe Gorse Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie commit de5ee1a67d1c3284d65dc69bbbf89664af70b357 Author: Joe Gorse Date: Mon Mar 20 14:30:46 2017 +0000 Linux v4.11: getattr takes struct path With Linux commit a528d35e8bfcc521d7cb70aaf03e1bd296c8493f statx: Add a system call to make enhanced file info available The Linux getattr inode operation is altered to take two additional arguments: a u32 request_mask and an unsigned int flags that indicate the synchronisation mode. This change is propagated to the vfs_getattr*() function. - int (*getattr) (struct vfsmount *, struct dentry *, struct kstat *); + int (*getattr) (const struct path *, struct kstat *, + u32 request_mask, unsigned int sync_mode); The first argument, request_mask, indicates which fields of the statx structure are of interest to the userland call. The second argument, flags, currently may take the values defined in include/uapi/linux/fcntl.h and are optionally used for cache coherence: (1) AT_STATX_SYNC_AS_STAT tells statx() to behave as stat() does. (2) AT_STATX_FORCE_SYNC will require a network filesystem to synchronise its attributes with the server - which might require data writeback to occur to get the timestamps correct. (3) AT_STATX_DONT_SYNC will suppress synchronisation with the server in a network filesystem. The resulting values should be considered approximate. This patch provides a new autoconf test and conditional compilation to cope with the changes in our getattr implementation. Change-Id: Ie4206140ae249c00a8906331c57da359c4a372c4 Reviewed-on: https://gerrit.openafs.org/12572 Reviewed-by: Joe Gorse Tested-by: Joe Gorse Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit c666bfee8848183ccbc566c9e0fa019088e56505 Author: Jonathon Weiss Date: Thu Nov 10 17:06:18 2016 -0500 Prevent double-starting client on RHEL7 On RHEL7 if the AFS client is stopped with 'service openafs-client stop', but that fails for some reason (most commonly because some process has a file or directory in AFS open) systemd will decide that the openafs-client is in a failed state when it is actually running. If one then runs 'service openafs-client start' systemd will start a new AFS client. At this point AFS access will continue to work until the functional AFS client is (successfully) stopped, at which point a reboot is required to recover. Have systemd check the status of 'fs sysname' before starting the AFS client, so we avoid getting into a state that requires a reboot. Change-Id: I28a5cca746823d69183ea5ce65c10e1725009c5c Reviewed-on: https://gerrit.openafs.org/12443 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit d2721be299c124d76b611ab2980c51be148fa1a7 Author: Benjamin Kaduk Date: Mon Feb 20 22:18:09 2017 -0600 XBSD: do not claim AFS_VM_RDWR_ENV The AFS_VM_RDWR_ENV configuration parameter (defined or not defined in each platform's param.h) is undocumented, but appears to be an indication of a property of the platform OS's VFS layer, or perhaps just of the complexity of the read/write vnops that we implement for it. That is, AFS_VM_RDWR_ENV is defined when the read/write vnops implement partial write logic (and presumably when they interact with the OS VM layer in ways not expressed by the afs_write() abstraction); systems that do not define AFS_VM_RDWR_ENV can use the afs_write() function fairly directly as the vnode operation. Use of AFS_VM_RDWR_ENV evolved over time, with the original (AFS 3.2/3.3-era) code using a simple scheme that handled partial writes directly in afs_write() and avoided complexity in callers. In AFS 3.4, sunos and solaris gained a more complicated read/write vnop that incorporated the afs_DoPartialWrite() call itself, and eventually in 3.6 we see the behavior established at the original IBM import, with all the (Unix) OSes supported at that time defining AFS_VM_RDWR_ENV. When DARWIN support was brought in in commit a41175cfbbf4d06ccfe14ae54bef8b7464ecd80b, its param.h properly did not define AFS_VM_RDWR_ENV, as OS X uses a VFS interface that shares some level of abstraction with the traditional BSD VFS and its read/write/getpages/putpages operations, so the afs_write() behavior was natural and no extra complications needed for integration with the VM layer or other optimizations. However, when the initial FreeBSD support came in a few months later, it seems to have taken inspiration from the OSes that were supported in the initial IBM import, and kept the AFS_VM_RDWR_ENV definition. This was then propagated to all the later BSDs as they were added. Perhaps the most noticeable consequence of this definition is that the calls to afs_DoPartialWrite() from afs_write() are bypassed, with a comment that "[i]f write is implemented via VM, afs_DoPartialWrite() is called from the high-level write op" (and calls to afs_FakeOpen() and afs_FakeClose() are similarly skipped). This means that attempting to write a file larger than the local cache will hang waiting for more space to be freed, which will never happen as the vcache remains locked and will not be written out in the background. In the absence of a documented meaning for AFS_VM_RDWR_ENV, this also gives us a proxy that can be used to indicate whether a given OS's support intended to claim the AFS_VM_RDWR_ENV -- such platforms will actually contain the call to afs_DoPartialWrite() in the appropriate vnode operation. This can be used to sanity-check the places where AFS_VM_RDWR_ENV is removed by this commit. Interestingly, HP-UX does not call afs_DoPartialWrite() but also is clearly in a VFS that uses a rdwr()-based approach, as the corresponding vnode operation is implemented by mp_afs_rdwr(), so leave it unchanged for now. Tim Creech is responsible for noting the lack of calls to afs_DoPartialWrite() on FreeBSD, and Chaskiel Grundman for the historical research into pre-OpenAFS AFS behavior. Designing and implementing more complicated BSD read/write vnops that incorporate afs_DoPartialWrite() and other improvements is left for future work. Change-Id: I8e89855ac31303934f97d0753b64899fb7e3867c Reviewed-on: https://gerrit.openafs.org/12520 Tested-by: BuildBot Reviewed-by: Antoine Verheijen Reviewed-by: Tim Creech Reviewed-by: Benjamin Kaduk commit 2421da2bf327525216ec7e79b9aa81fa2c4f77d5 Author: Marcio Barbosa Date: Tue Jan 31 11:43:18 2017 -0300 vol: detach offline volumes on dafs Taking a volume offline always clears the inService bit. Taking a volume out of service also takes it offline. Therefore, if the inService flag is false, the volume in question should be offline. On dafs, an offline volume should be unattached. The attach2() function does not change the state of the volume received as an argument to unattached when the inService flag is false. Instead, this function changes the state of the volume in question to pre-attached and returns VNOVOL to the client. As result, subsequent accesses to this volume will make the server try and fail to attach this offline volume over and over again, writing to the FileLog each time. To fix this problem, detach the volume received as an argument if the inService flag is false. Since the new state of this volume will be unattached, subsequent accesses will not hit attach2(). This situation where a volume is not offline but is also not in service can occur if a volume is taken offline with vos offline and some time later the DAFS fileserver is shutdown and restarted; the volume is placed into the preattach state by default when the server restarts. Each access to the volume by clients then causes the fileserver to attempt to attach the volume, which fails, since the in-service flag in the volume header is false from the previous vos offline. The fileserver will log a warning to the FileLog on each attempt to attach the volume, and this will fill the FileLog with duplicate messages corresponding to the number of attempted accesses. Change-Id: Ifce07c83c1e8dbf250b88b847d331234bdaa9df5 Reviewed-on: https://gerrit.openafs.org/12515 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 22d841a45fff7026318b529a41dd957ce8bb0ddf Author: Mark Vitale Date: Tue Feb 28 18:02:39 2017 -0500 SOLARIS: prevent BAD TRAP panic with Studio 12.5 Starting with Solaris Studio 12.3, it is documented that Solaris kernel modules (such as libafs) must not use any floating point, vector, or SIMD/SSE instructions on x86 hardware. However, each new Studio compiler release (12.4 and especially 12.5) is more likely to use these types of instructions by default. If the libafs kernel module includes any forbidden kernel instructions, Solaris will panic the system with: BAD TRAP: type=7 (#nm Device not available) Provide a new autoconfig test to specify the required compiler options (-xvector=%none -xregs=no%float) when building the OpenAFS kernel module for Solaris, so that no invalid x86 instructions are used. In addition, reinstate default kernel module optimization for Solaris. It had been disabled in commit 80592c53cbb0bce782eb39a5e64860786654be9f to address this same issue in Studio 12.3 and 12.4. However, Studio 12.5 started using some SSE instructions even with no optimization. This commit has been tested with OpenAFS master and Studio 12.5 at all optimization levels (none, -xO1 through -xO5) and verified to contain no XMM register instructions via the following command: $ gobjdump -dlr libafs64.o | grep xmm | wc -l Change-Id: Ic3c7860f7d524162fd9178a1dab5dd223722ee43 Reviewed-on: https://gerrit.openafs.org/12558 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 38a3f51fb8b3910ecdd7cacb06f35ec681990aea Author: Mark Vitale Date: Mon Feb 20 20:16:47 2017 -0500 DAFS: do not save or restore host state if CPS in progress If a fileserver is shutdown while one or more PR_GetHostCPS calls are in progress, this state is saved in the fsstate.dat file as hostFlags HCPS_WAITING, HCPS_INPROGRESS. Other hosts that are merely waiting will have HCPS_WAITING recorded. However, it makes no sense to restore host structs in this state, because the GetCPS calls will no longer be in progress. Once these hosts become active, they will block server threads and quickly cause all server threads to be exhausted as other CPS requests are blocked behind them. Instead, exclude these states from both save and restore. Change-Id: I3fad67b70c96dc967d6f8e3a7b393cfda076c91d Reviewed-on: https://gerrit.openafs.org/12561 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit bd15a5f56fde98983464acf5fd4cdd731d206d9f Author: Stephan Wiesand Date: Thu Mar 2 12:52:10 2017 +0100 doc: clarify the fs wscell manpage What's displayed by fs wscell is not necessarily the current content of ThisCell, but that at the time of starting the client. Say so. FIXES 133339 Change-Id: Id3351f1236e5061340eb07041d4ce3e4de69a1a1 Reviewed-on: https://gerrit.openafs.org/12537 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit d39e7c7af77b4e1b043611e1a6e78267f5f956ef Author: Marcio Barbosa Date: Thu Mar 2 18:01:48 2017 -0300 osx: build afscell only for active architecture The InstallerPlugins framework provided by the MacOSX10.12.sdk does not define symbols for architecture i386. As a result, the OpenAFS code cannot be built on OS X 10.12. To fix this problem, build the afscell xcode project only for active architecture. Change-Id: I2a2bd5694826b668fceb7402567fba1d0f128479 Reviewed-on: https://gerrit.openafs.org/12531 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 2a13973985bc7e190364d208c590ec42dbccf81b Author: Michael Meffie Date: Thu Jun 11 13:14:27 2015 -0400 libafs: vldb cache timeout option (-volume-ttl) The unix cache manager caches VLDB information for read-only volumes as long as a volume callback is held for a read-only volume. The volume callback may be held as long as files in the read-only volume are being accessed. The cache manager caches VLDB information for read/write volumes as long as volume level errors (such as VMOVED) are not returned by a fileserver while accessing files within the volume. Add a new option to set the maximum amount of time VLDB information will be cached, even if a callback is still held for a read-only volume, or no volume errors have been encounted while accessing files in read/write volumes. This avoids situations where the vldb information is cached indefinitely for read-only and read/write volumes. Instead, the VL servers will be periodically probed for volume information. Change-Id: I5f2a57cdaf5cbe7b1bc0440ed6408226cc988fed Reviewed-on: https://gerrit.openafs.org/11898 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 3893ed397283b0c3605def102004a645a325d476 Author: Michael Meffie Date: Mon Feb 27 01:40:51 2017 -0500 SOLARIS: update convert from ancient _depends_on Commit 37db7985fde9e6a5e71ae628d0b7124a27bf31c3 modernized how we declare module dependencies on Solaris 10 and newer. Instead of explicitly specifying recent Solaris version numbers, specify old versions for the old method. This should be more future proof. Thanks to Ben Kaduk for the suggestion. Change-Id: I7b3c90803825e2c0736548b56deb354183e81b15 Reviewed-on: https://gerrit.openafs.org/12529 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 69aadea298825f1f224406064b83d1a947abf96b Author: Michael Meffie Date: Sat Feb 25 20:33:00 2017 -0500 build: update search paths for solaris cc Move the macros to search for the solaris cc to a separate macro and update the search paths to keep up with released versions. Change-Id: Iaba816f1acf5f45d4e147ae517e73949eb8fe949 Reviewed-on: https://gerrit.openafs.org/12528 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 6ea6c182c7fb6c22dafbbf203abcc23726e06cba Author: Sergio Gelato Date: Wed Feb 22 13:55:33 2017 -0800 LINUX: Debian/Ubuntu build regression on kernel 3.16.39 Now that kernel 4.9 has hit jessie-backports, it becomes desirable to also backport the associated openafs patches. Unfortunately, Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch causes a build failure against jessie's current default kernel, 3.16.39-1, due to the fact that setattr_prepare() is available (it was cherrypicked to address CVE-2015-1350) but file_dentry() is not (it was introduced in kernel 4.6). This makes it difficult to have a version of openafs for jessie that supports both kernels. To deal with this, follow the implementation of file_dentry() in 4.6, and simplify it to account for the lack of d_real() support in older kernels. Note that inode_change_ok() has been added back to 3.16.39-1 to avoid ABI changes. That means the current openafs packages in jessie continue to work with kernel 3.16.39-1 since they do not include Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch. Originally reported at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855366 FIXES RT134158 Change-Id: I157aa2ff25945c1c6e3b8e4a600557125711a681 Reviewed-on: https://gerrit.openafs.org/12523 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 789319bf0f2b26ad67995f8cbe88cee87a1bbdc0 Author: Mark Vitale Date: Wed Dec 7 11:11:45 2016 -0500 Linux 4.10: have_submounts is gone Linux commit f74e7b33c37e vfs: remove unused have_submounts() function (v4.10-rc2) removes have_submounts from the tree after providing a replacement (path_has_submounts) for its last in-tree caller, autofs. However, it turns out that OpenAFS is better off not using the new path_has_submounts. Instead, OpenAFS could/should have stopped using have_submounts() much earlier, back in Linux v3.18 when d_invalidate became void. At that time, most in-tree callers of have_submounts had already been converted to use check_submounts_and_drop back in v3.12. At v3.18, a series of commits modified check_submounts_and_drop to automatically remove child submounts (instead of returning -EBUSY if a submount was detected), then subsumed it into d_invalidate. The end result was that VFS now implicitly handles much of the housekeeping previously called explicitly by the various filesystem d_revalidate routines: - shrink_dcache_parent - check_submounts_and_drop - d_drop - d_invalidate All in-tree filesystem d_revalidate routines were updated to take advantage of this new VFS support. Modify afs_linux_dentry_revalidate to no longer perform any special handling for invalid dentries when D_INVALIDATE_IS_VOID. Instead, allow our VFS caller to properly clean up any invalid dentry when we return 0. Change-Id: I0c4d777e6d445857c395a7b5f9a43c9024b098e9 Reviewed-on: https://gerrit.openafs.org/12506 Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 961cee00b8f5c302de5f66beb81caa33242c7971 Author: Joe Gorse Date: Thu Feb 16 18:01:50 2017 -0500 LINUX: Bring debug symbols back to the Linux kernel module. Starting with 4.8 Linux kernels our existing build script generator, make_kbuild_makefile.pl, does not pass the debugging symbols CFLAGS that were present when building for previous kernels. This fix appends the $(KERN_DBG) variable which will only be defined when the configuration includes the --enable-debug-kernel option. Change-Id: I9a85dc0311a3a706239bc9e471b2d7197ebe1946 Reviewed-on: https://gerrit.openafs.org/12519 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 9bc6fd9312a2be591cc831d9b0afd91e53eec6fc Author: Michael Meffie Date: Fri Feb 10 10:39:09 2017 -0500 build: add --without-swig to override swig check Add the --without-swig option to disable the automatic swig detection and disable the optional features which depend on swig. This allows builders to avoid swig even if present on the build system. Also, add the --with-swig option to force the check and fail if not detected. This allows builders to declare the swig features are mandatory. The default continues to be to check for swig, and if present, build the optional features which require swig. To disable the automatic check for swig and disable the features which depend on swig: ./configure --without-swig # or --with-swig=no To force the check and fail if swig is not present on the system: ./configure --with-swig # or --with-swig=yes If --with-swig is given and swig is not detected, then configure will fail with the message: configure: error: swig requested but not found The Perl 5 bindings for libuafs is the only feature which requires swig at this time. Change-Id: I0726658a9cc7b1b2a9d5e5d306adb6e36ad3c0f6 Reviewed-on: https://gerrit.openafs.org/12518 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit dd97cb7a7447313dbc1da65104786fe03ede7c8d Author: Andrew Deason Date: Fri Feb 10 01:29:28 2017 -0600 PERLUAFS: Modernize lang-specific swig typemaps Currently, our swig bindings for PERLUAFS define a couple of typemaps like so: %typemap(in, numinputs=1, perl5) (char *READBUF, int LENGTH) { [...] } Embedding the target language name in the typemap arguments is a very old way of specifying what language the typemap is for; they were removed after swig 1.1. With swig 3.0.x releases (and possibly others), the specific combination of this deprecated syntax and some other features we're using causes a segfault. That's clearly a bug in swig, but we shouldn't be using the deprecated syntax anyway. Update this to instead use preprocessor symbols to specify language-specific typemaps (#ifdef SWIGPERL). We only actually define these for perl right now, so make sure to throw an error if we're not running for perl. FIXES 134103 Change-Id: I14264a2dfada53d99413808ed5d60b79b1ee44f3 Reviewed-on: https://gerrit.openafs.org/12517 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 5dc53812df9e5a42fa822c9b890c1b8a442bed64 Author: Anders Kaseorg Date: Tue Dec 6 10:48:31 2016 -0500 AFS_component_version_number.c: Respect SOURCE_DATE_EPOCH if set To improve build reproducibility, if the SOURCE_DATE_EPOCH environment variable is set, use it to deterministically replace the embedded build date, and do not include the username or hostname in this case. https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal Change-Id: I9ba951f1836385ffd14aad95f071bf8c672a01bb Reviewed-on: https://gerrit.openafs.org/12471 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 872a63bbfb04addbdc17dc5c09ec018bb9ddf515 Author: Michael Meffie Date: Mon Jan 9 23:55:32 2017 -0500 redhat: move the klog.krb5 man page to openafs-krb5 Move the klog.krb5 man page to the openafs-krb5 package, which distributes the klog.krb5 binary, instead of the general openafs package. Change-Id: I6dc3896f330bb0c639cc75155f611ddaf11b9b75 Reviewed-on: https://gerrit.openafs.org/12509 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit b146c2d54ff3bd99f2c4674eb88d5af417a194d7 Author: Michael Meffie Date: Thu Jan 12 12:27:36 2017 -0500 SOLARIS: fix for AFS_PAG_ONEGROUP_ENV for Solaris 11 Fix a bug introduced in commit aab1e71628e6a4ce68c5e59e2f815867438280d1 in which a pointer was incorrectly checked for a NULL value. Fixes a crash when a PAG is set on Solaris. # mdb unix.1 vmcore.1 > ::status ... panic message: BAD TRAP: type=e (#pf Page fault) rp=fffffffc802ba8f0 addr=0 occurred in module "afs" due to a NULL pointer dereference > ::stack pag_to_gidset+0x145() setpag+0xcc() AddPag+0x3a() afs_setpag+0x58() Afs_syscall+0x115() The crash occurs since gidslot is NULL during the assignment: *gidslot = pagvalue; Change-Id: Ic4d50c6b046d10faa49cd4363692e0302707583d Reviewed-on: https://gerrit.openafs.org/12508 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit a92a3a0675d941536103b60d708a6b3305b9b8fa Author: Marcio Barbosa Date: Wed Jan 11 06:05:04 2017 -0800 osx: let prefpane knows where binaries can be found Starting from OS X 10.11, the OpenAFS binaries were moved to the following directories: /opt/openafs/bin and /opt/openafs/sbin. However, the OpenAFS prefpane is not aware of the change mentioned above. As a result, some functionalities provided by the OpenAFS prefpane are not working properly. To fix this problem, add the new paths to the proper environment variable. Change-Id: Idaa2f0329af2092cf9ad1d63f1a01300b150227a Reviewed-on: https://gerrit.openafs.org/12507 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 19599b5ef5f7dff2741e13974692fe4a84721b59 Author: Mark Vitale Date: Sat Jan 7 06:22:47 2017 -0500 LINUX: eliminate unused variable warning Commit c3bbf0b4444db88192eea4580ac9e9ca3de0d286 added routine osi_TryEvictDentries and included new logic for D_INVALIDATE_IS_VOID. Unfortunately, this new code path no longer uses dentry; it also should have been made conditional at that time. Wrap the declaration of dentry in #ifndef D_INVALIDATE_IS_VOID to eliminate the unused variable warning. Change-Id: I89c1430ba984539ca775da2540ea966030de0701 Reviewed-on: https://gerrit.openafs.org/12505 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 2207dcdaad40beed29b0326153dbb76bdf91564d Author: Michael Meffie Date: Tue Jan 3 14:41:36 2017 -0500 cleanup afs_args.h Collect the syscall op code (AFSOP_) defines in one section and cleanup the use of whitespace and tabs. This should be a non-functional change. Change-Id: I1ba763a445b938fcb3677a388a703e1405ee166e Reviewed-on: https://gerrit.openafs.org/12501 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit aab1e71628e6a4ce68c5e59e2f815867438280d1 Author: Andrew Deason Date: Sat Aug 8 16:49:50 2015 -0500 SOLARIS: Use AFS_PAG_ONEGROUP_ENV for Solaris 11 On Solaris 11 (specifically, Solaris 11.1+), the supplemental group list for a process is supposed to be sorted. Starting with Solaris 11.2, more authorization checks are done that assume the list is sorted (e.g., to do a binary search), so having them out of order can cause incorrect behavior. For example: $ echo foo > /tmp/testfile $ chmod 660 /tmp/testfile $ sudo chown root:daemon /tmp/testfile $ cat /tmp/testfile foo $ id -a uid=100(adeason) gid=10(staff) groups=10(staff),12(daemon),20(games),21(ftp),50(gdm),60(xvm),90(postgres) $ pagsh $ cat /tmp/testfile cat: cannot open /tmp/testfile: Permission denied $ id -a uid=100(adeason) gid=10(staff) groups=33536,32514,10(staff),12(daemon),20(games),21(ftp),50(gdm),60(xvm),90(postgres) Solaris sorts the groups given to crsetgroups() on versions which required the group ids to be sorted, but we currently manually put our PAG groups in our own order in afs_setgroups(). This is currently required, since various places in the code assume that PAG groups are the first two groups in a process's group list. To get around this, do not require the PAG gids to be the first two gids anymore. To more easily identify PAG gids in group processes, use a single gid instead of two gids to identify a PAG, like modern Linux currently uses (under the AFS_PAG_ONEGROUP_ENV). High-numbered groups have been possible for quite a long time on Solaris, allegedly further back than Solaris 8. Only do this for Solaris 11, though, to reduce the platforms we affect. [mmeffie@sinenomine.net: Define AFS_PAG_ONEGROUP_ENV in param.h.] Change-Id: I44023ee8aa42f3f69bb0c8a8e9178abd513951a1 Reviewed-on: https://gerrit.openafs.org/11979 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 97fec642e591762391e6d453874ff9b5c9ba0c1e Author: Benjamin Kaduk Date: Mon Dec 26 12:15:35 2016 -0600 afsd_kernel: remove gratuitous OS dependence Commit 94c15f62 in 2010 gave NetBSD and only NetBSD the debug printing of errno and the strerror() output, with no justification in the commit message. In the interest of unifying behavior and avoiding unnecessary OS dependence, give all platforms the errno and strerror() behavior. [mmeffie@sinenomine.net: print errno iff syscall returns -1.] Change-Id: If3c4e0ded54bbd4d5c2573f7d7ee1c82ee3e7223 Reviewed-on: https://gerrit.openafs.org/12500 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 481047d2a2660609091dc04253d136f527469ceb Author: Michael Meffie Date: Mon Sep 12 22:21:59 2016 -0400 afsd: print syscalls on separate lines with afsd -debug afsd prints information to standard out for testing and debugging when the -debug option is given. However, syscall tracing is emitted without trailing newlines on all platforms except netbsd, creating an unreadable wall of text. # afsd -debug ... afsd: Forking 4 background daemons. SScall(183, 28, 0)=0 183, 28, 6583200)=0 SScall(183, 28, 6583 200)=0 SScall(183, 28, 6583200)=0 SScall(183, 28, 6583200)=0 S Scall(183, 28, 6583200)=0 SScall(183, 28, 6583200)=0 SScall(18 ... Make the syscall call tracing usable by printing each one on a separate line. # afsd -deubg ... afsd: Forking 4 background daemons. SScall(183, 28, 0)=0 183, 28, 6583200)=0 SScall(183, 28, 6583200)=0 SScall(183, 28, 6583200)=0 ... Change-Id: Ic9208243c1e05352744fb6f575384e00d0e3e59c Reviewed-on: https://gerrit.openafs.org/12385 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 9c0db059b6585959e151f7acce845de280952c55 Author: Michael Meffie Date: Mon Sep 26 11:19:13 2016 -0400 vol: convert vnode macros to inline functions Convert the vnode macros to inline functions to fix integer overflows for very large vnode numbers (and generally improve the code robustness and readability). The macro version of vnodeIndexOffset() will evaluate to an incorrect offset for very large vnode numbers due to 32-bit integer overflow. The vnode index file will then be corrupted when writing to the incorrect offset. In code paths where the vnode number incorrectly defined as a signed 32-bit integer, this change prevents vnodeIndexOffset() from evaluating to a negative result when a vnode number is larger than 2^31. Thanks to Mark Vitale for reporting and providing analysis. Change-Id: Ia6e0f2d2f97fa1091e0b5a4029d40098692ee681 Reviewed-on: https://gerrit.openafs.org/12397 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 0ae62bfa99df8ef5d85b4848783f59a041f82828 Author: Michael Meffie Date: Fri Jun 3 15:33:19 2016 -0400 doc: add the PtLog man page Clone the VLLog man page to create a man page for ptserver log as well. Fix the spelling of the PtLog file and add a link to the new PtLog man page in the ptserver man page. Add the missing PtLog log file name to the bos getlog man page. Change-Id: I95ad4a2cf380077780160ec78fd1f9bdec132ba7 Reviewed-on: https://gerrit.openafs.org/12294 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 9ec765d8b4a327ae36c26e38a84dae215d3a2664 Author: Anders Kaseorg Date: Fri Dec 16 02:43:48 2016 -0500 opr: Make opr_uuid_hash endian-independent And also make sure it doesn’t use unaligned accesses. Fixes a ‘make check’ failure on big-endian architectures. Change-Id: I490174f8d1eecb5f20969b4ef12ff16d0dd3806a Reviewed-on: https://gerrit.openafs.org/12495 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie Tested-by: Michael Meffie commit 5151c03351e8a4d2bd1e212720d7ec9144bf23f0 Author: Anders Kaseorg Date: Fri Dec 16 03:04:18 2016 -0500 opr: Make opr_jhash_opaque consistent with opr_jhash Change-Id: I42e1030f8c841dcb974476012a774b91c87d3fb0 Reviewed-on: https://gerrit.openafs.org/12494 Tested-by: BuildBot Reviewed-by: Michael Meffie Tested-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 958120b89d62c8567ab00bc697c4fabdfecd46b4 Author: Anders Kaseorg Date: Fri Dec 16 02:16:20 2016 -0500 opr: Make opr_jhash_opaque endian-independent gcc -O2 produces exactly the same code for this on little-endian systems, but now big-endian systems have a chance of passing ‘make check’. Change-Id: Ifc6350648355a0a9f79184439e3f9522cd6f2ffa Reviewed-on: https://gerrit.openafs.org/12493 Reviewed-by: Michael Meffie Tested-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit eb7d3ac4bbd30fc31741cea74fe2b23577deb61e Author: Anders Kaseorg Date: Wed Dec 14 17:52:35 2016 -0500 opr: ExitHandler: re-raise the signal instead of exiting with that code This fixes a ‘make check’ failure introduced by commit 803d15b6aa1e65b259ba11ca30aa1afd2e12accb “vlserver: convert the vlserver to opr softsig”: $ make check … volser/vos..............FAILED 6 … $ cd tests $ ./libwrap ../lib ./runtests -o volser/vos 1..6 ok 1 - Successfully got security class ok 2 - Successfully built ubik client structure ok 3 - First address registration succeeds ok 4 - Second address registration succeeds ok 5 - vos output matches Server exited with code 15 # wanted: 0 # seen: -1 not ok 6 - Server exited cleanly # Looks like you failed 1 test of 6 afstest_StopServer has a check for the process terminating with signal 15 (SIGTERM), but not for the process exiting with code 15. Change-Id: I022965ea2b5440486ea1cf562551d3bbd0516104 Reviewed-on: https://gerrit.openafs.org/12489 Tested-by: Anders Kaseorg Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit eee532ac13a680bfb4cc857485cbaf5e454ab492 Author: Anders Kaseorg Date: Fri Dec 16 00:29:21 2016 -0500 doc/man-pages/Makefile.in: mkdir man[158] in case we did regen.sh -q Fixes this error: $ git clean -xdf $ ./regen.sh -q $ ./configure $ make […] make[3]: Entering directory '/…/openafs/doc/man-pages' rm -f man*/*.noinstall if [ "no" = "no" ] ; then \ for M in man1/klog.1 man1/knfs.1 […] man8/kpwvalid.8 man1/klog.krb.1; do \ touch $M.noinstall; \ done; \ fi touch: cannot touch 'man1/klog.1.noinstall': No such file or directory touch: cannot touch 'man1/knfs.1.noinstall': No such file or directory […] touch: cannot touch 'man8/kpwvalid.8.noinstall': No such file or directory touch: cannot touch 'man1/klog.krb.1.noinstall': No such file or directory Makefile:34: recipe for target 'prep-noinstall' failed make[3]: *** [prep-noinstall] Error 1 make[3]: Leaving directory '/…/openafs/doc/man-pages' Change-Id: I95098fb2b27f1d87fc9769497b225e9f91f72266 Reviewed-on: https://gerrit.openafs.org/12492 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 93a7e754a44c333140e75e93cac09f61320f7cc9 Author: Anders Kaseorg Date: Wed Dec 14 15:47:21 2016 -0500 tests/opr/softsig-t: Avoid hanging due to intermediate sh -c If the build directory happened to contain shell metacharacters, like the ~ in /build/openafs-vb8tid/openafs-1.8.0~pre1 used by the Debian builders, Perl was running softsig-helper via an intermediate sh -c, which would then intercept the signals we tried to send to softsig-helper. Use the list syntax to avoid this sh -c. Change-Id: I054b9c8f606e197accb414bfe3f89719255c62c4 Reviewed-on: https://gerrit.openafs.org/12488 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 9fd396adabaa1868517fdb3d7cfcbe9412c35b0b Author: Benjamin Kaduk Date: Thu Dec 15 22:12:01 2016 -0600 tests: use exec to call libwrap'd executables No need to leave the shell process hanging around. In particular, if we are manually running softsig-helper under libwrap to debug test failures, the child process of the shell is another shell, which interprets some signals that we wanted to be passed through, like SIGTERM. On the other hand, once the softsig-helper is exec()'d, you basically need another shell to terminate it, which is a different problem.... Change-Id: Iff7c519886a018cb68e692746d40c427b6299457 Reviewed-on: https://gerrit.openafs.org/12490 Tested-by: BuildBot Reviewed-by: Anders Kaseorg Tested-by: Anders Kaseorg Reviewed-by: Benjamin Kaduk commit 8b2c4665aabece187759157bda0e26c4b566dd2f Author: Michael Meffie Date: Tue Aug 16 12:56:47 2016 -0400 tests: fix signo to signame lookup in opr/softsig tests Fix the loop condition when scanning the signal number to name table to convert a signal number to a name. Instead of looping sizeof(size_t) times, loop for the number of elements in the table. This bug was masked on 64 bit-platforms, since the signal number to name table table currently has 8 elements, which is coincidently the same as sizeof(size_t) on 64-bit platforms. The bug becomes apparent on 32-bit systems; only the first 4 elements of the table are checked. Example error output before this fix: $ cd tests $ ./libwrap ../lib ./runtests -o opr/softsig 1..11 ok 1 ok 2 ok 3 ok 4 ok 5 not ok 6 # Failed test in ./opr/softsig-t at line 57. # got: 'Received UNK # ' # expected: 'Received TERM # ' not ok 7 # Failed test in ./opr/softsig-t at line 60. # got: 'Received UNK # ' # expected: 'Received USR1 # ' not ok 8 # Failed test in ./opr/softsig-t at line 63. # got: 'Received UNK # ' # expected: 'Received USR2 # ' ok 9 - Helper exited on KILL signal. ok 10 - Helper exited on SEGV signal. ok 11 # skip Skipping buserror test; SIGBUS constant is not defined. # Looks like you failed 3 tests of 11. Change-Id: I863cc9f3650c4a5e9ac9159d90e063b986a8460a Reviewed-on: https://gerrit.openafs.org/12367 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 1d8cb56999a4ab25ae4cbc8e8a688b8100aedd3b Author: Neale Ferguson Date: Thu Dec 8 11:47:09 2016 -0500 s390: desupport 32-bit Linux kernels on s390/s390x Remove the obsolete and custom lwp assembler for the s390 and s390x architectures. That assembler is no longer needed since 32-bit mainframe Linux distributions are no longer supported and are very unlikely to be in use. The generic process.default.s is sufficient for modern 64-bit Linux distributions on s390/s390x. [mmeffie@sinenomine.net: commit message wording] Change-Id: I654b10dfc257e7de90c9a50048982427276f4d61 Reviewed-on: https://gerrit.openafs.org/12475 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit b5e4e8c14130f601bbf43dee5927222ebf7613fa Author: Mark Vitale Date: Tue Jan 12 18:06:51 2016 -0500 afs: fs getcacheparms miscounts dcaches for large files fs getcacheparms issued with the -excessive option tabulates in-memory dcaches ("DCentries") by size. However, any dcache with validPos > 2^31 is miscounted in the 4k-16k bucket. This is caused by a type mismatch between 'validPos' (afs_size_t) and 'size' (int) which leads to a negative value for size by sign-extension. The size comparison "sieve" fails for negative numbers; it skips the first bucket (0-4K) and dumps them in the second one (4k-16k). Move the declaration of 'size' closer to its use, and declare it with the same type as 'validPos' (afs_size_t) so the comparison sieve correctly places these dcaches in the last (>=1M) bucket. Change-Id: Ib0d973da92865043a4f1c068de5e9b81bcde2b9a Reviewed-on: https://gerrit.openafs.org/12347 Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit c966c0b8414ef0a041b1a8d5261c9eccd4d39d99 Author: Mark Vitale Date: Tue Jan 12 17:50:36 2016 -0500 afs: fs getcacheparms miscounts zero-length dcaches When fs getcacheparms is issued with the -excessive option, it tabulates all in-memory dcaches ("DCentries") by size. dcaches with validPos == 0 were being tabulated in the 4k-16k bucket. Fix the first comparison in the 'sieve' so these dcaches will be counted in the correct 0-4k bucket instead. Introduced by commit 176c2fddb95ced6c13e04e7492fc09b5551f273c Change-Id: I60acb0f115dad9f7951f0b17e5b3e37dc94321b9 Reviewed-on: https://gerrit.openafs.org/12346 Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 7442752ba6ad618bcdf2185f699d90c56838e89e Author: Benjamin Kaduk Date: Mon Dec 5 18:11:22 2016 -0600 Make OpenAFS 1.8.0pre1 Update version strings for the first 1.8.0 prerelease. Change-Id: I4f534c9934f6eb1baac9a784fb7c357b19924fb0 Reviewed-on: https://gerrit.openafs.org/12470 Reviewed-by: Michael Meffie Reviewed-by: Mark Vitale Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit edcafa93b6c4744e0747842a2e115df27e20fd93 Author: Michael Meffie Date: Fri Sep 23 00:22:22 2016 -0500 Update NEWS for 1.8 [kaduk@mit.edu: adjust sorting, rewrap, reword a few entries and remove some entries that will not be applicable] Change-Id: Ifbadc31e3f201e05617a26c12e5e725a5f3c9195 Reviewed-on: https://gerrit.openafs.org/12393 Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 37c47e5da1cfcceb3b14e5a0c4064a6ca5806bd0 Author: Benjamin Kaduk Date: Fri Sep 23 00:14:09 2016 -0500 Import NEWS from openafs-stable-1_6_x The 1.6.x changelog entries have been going directly on the openafs-stable-1_6_x branch for ease of maintenance. However, we don't want to skip those changes when mentioning changes in OpenAFS 1.8, so pull back a copy onto master before adding things for 1.8. Change-Id: I545c19db9854300a84295d3ca8b1f301756c38b0 Reviewed-on: https://gerrit.openafs.org/12392 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit 35f2b8cd49477b10cf358d853f5864b8ad24ba03 Author: Benjamin Kaduk Date: Tue Dec 6 17:07:40 2016 -0500 Update libafsdep files for in-kernel fortuna Commit 0d67b00ff9db added heimdal's rand-fortuna PRNG to the kernel module on all architectures, even though it is only needed on the small subset that do not provide a cryptographically strong random number generator to kernel module consumers. This was done to ensure that the build infrastructure for it gets regularly exercised by developers. However, not all build infrastructure was exercised at the time of that submission; in particular, the make_libafs_tree.pl script was not tested. This led to a situation where the libafs tree generated by that script omitted several files that were now referenced by the kernel build due to the fortuna import. To remedy the situation, list the additional files that are needed, so that they will be copied into the build area for this class of kernel module builds. Since the libafs-tree functionality is used to build the Debian kernel-module source packages, this fix is needed in order to have a tree that can be built into debian packages without patching. Change-Id: I81502fb61d7fc718d337c5f73a51b88f6a433d6a Reviewed-on: https://gerrit.openafs.org/12473 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 85c7d31cf2dacdbcd8a053fdc3f66952e7126528 Author: Anders Kaseorg Date: Tue Dec 6 10:53:40 2016 -0500 src/cf/roken.m4: Escape buildtool_roken correctly Fixes these errors from configure: ./configure: line 32154: LDFLAGS_roken: command not found ./configure: line 32154: LIB_roken: command not found Change-Id: I63b9ade5c8f55948ea2a3f7ae023de4ed9f62341 Reviewed-on: https://gerrit.openafs.org/12472 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 4c03e42f91b36a0bf59398b0f649aa0b31b02975 Author: Andrew Deason Date: Wed Oct 26 16:04:51 2016 -0500 rx: Add rxi_FlushWriteLocked Currently, a couple of places in Rx do this: MUTEX_EXIT(&call->lock); rxi_FlushWrite(call); MUTEX_ENTER(&call->lock); This is a little silly, because if rxi_FlushWrite has anything to do, it just acquires/drops call->lock again. This seems like a very minor performance penalty, but in the right situation it can become more noticeable. Specifically, when an Rx call on the server ends successfully, rx_EndCall will rxi_FlushWrite (to send out the last Rx packet to the client) before marking the call as finished. If the client receives the last Rx packet and starts a new Rx call on the same channel before the server locks the call again, the client can receive a BUSY packet (because it looks like the previous call on the server hasn't finished yet). Nothing breaks, but this means the client waits 3 seconds to retry. This situation can probably happen with various rates of success in almost any situation, but I can see it consistently happen with 'vos move' when running 'vos' on the same machine as the source fileserver. It is most noticeable when moving a large number of small volumes (since you must wait an extra 3+ seconds per volume, where nothing is happening). To avoid this, create a new variant of rxi_FlushWrite, called rxi_FlushWriteLocked. This just assumes the call lock is already held by the caller, and avoids one extra lock/unlock pair. This is not the only place where we unlock/lock the call during the rx_EndCall situation described above, but it seems to be easiest to solve, and it's enough (for me) to avoid the 3-second delay in the 'vos move' scenario. Ideally, Rx should be able to atomically 'end' a call while sending out this last packet, but for now, this commit is easy to do. Note that rxi_FlushWrite previously didn't do much of note before locking the call. It did call rxi_FreePackets without the call lock, but calling that with the call lock is also fine; other callers do that. Change-Id: I8f71e86f6c1f6019abea21c205d2b26b7da0d808 Reviewed-on: https://gerrit.openafs.org/12421 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit f413fd927af14a9a87034e47125a78eec63e599e Author: Benjamin Kaduk Date: Tue Jan 13 21:39:57 2015 -0500 pts: add some sanity checks in ptuser.c Double-check that when we're expecting two entries back, we actually got two entries, in addition to the RPC return value. Change-Id: I34631ac542667c337ed3268153eb61c70e3fa87e Reviewed-on: https://gerrit.openafs.org/11668 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 32901c58b29ba4ac666f1dba9915cae2c1f03b52 Author: Andrew Deason Date: Mon Mar 9 18:01:29 2015 -0500 LINUX: Don't compile syscall code with keyrings osi_syscall_init() is not currently called if we have kernel keyrings support, since we don't need to set up or alter any syscalls if we have kernel keyrings (we track PAGs by keyrings, and we use ioctls instead of the AFS syscall now). Since we don't call it, this commit makes us also not compile the relevant syscall-related code. This allows new platforms to be added without needing to deal with any platform-specific code for handling 32-bit compat processes and such, since usually we don't need to deal with intercepting syscalls. To do this, we just define osi_syscall_init and osi_syscall_cleanup as noops if we have keyrings support. This allows us to reduce the #ifdef clutter in the actual callers. Note that the 'afspag' module does currently call osi_syscall_init unconditionally, but this seems like an oversight. With this change, the afspag module will no longer alter syscalls when we have linux keyrings support. Change-Id: I219b92d89303975765743712587ff897b55a2631 Reviewed-on: https://gerrit.openafs.org/11936 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Perry Ruiter Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a6e96a8f10df738eb9b69227d344a72eb830e02e Author: Michael Meffie Date: Wed Nov 30 08:48:06 2016 -0500 vos: fix vos release -verbose output Fix incorrect vos release -verbose messages introduced by commit 9f4684cd5fac5eacf571b882e965150943383170. The commit 9f4684cd5fac5eacf571b882e965150943383170 did not take into account the change from commit 3fc800be9c702c1a40869908831a9895602909cb in which a partial commit is performed when just new sites are added and the read-write volume was not changed since the previous release. Change-Id: If4b3ab81cd810df2e866d6eca0152f475c5448d6 Reviewed-on: https://gerrit.openafs.org/12455 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5b28061fb593f5f48df549b07f0ccd848348b93c Author: Marcio Barbosa Date: Mon Nov 28 09:42:44 2016 -0500 afs: release the packets used by rx on shutdown When the OpenAFS client is unmounted on DARWIN, the blocks of packets allocated by RX are released. Historically, the memory used by those packets was never properly released. Before 230dcebcd61064cc9aab6d20d34ff866a5c575ea, only the last block of packets used to be released: ... struct rx_packet *rx_mallocedP = 0; ... void rxi_MorePackets(int apackets) { ... getme = apackets * sizeof(struct rx_packet); p = rx_mallocedP = (struct rx_packet *)osi_Alloc(getme); ... } ... void rxi_FreeAllPackets(void) { ... osi_Free(rx_mallocedP, ...); ... } ... As we can see, ‘rx_mallocedP’ is a global pointer that stores the first address of the last allocated block of packets. As a result, when ‘rxi_FreeAllPackets’ is called, only the last block is released. However, 230dcebcd61064cc9aab6d20d34ff866a5c575ea moved the global pointer in question to the end of the last block. As a result, when the OpenAFS client is unmounted on DARWIN, the ‘rxi_FreeAllPackets’ function releases the wrong block of memory. This problem was exposed on OS X 10.12 Sierra where the system crashes when the OpenAFS client is unmounted. To fix this problem, store the address of every single block of packets in a queue and release one by one when the OpenAFS client is unmounted. Change-Id: Ibd6bd1a8bc45bb4802f9381a8e600c20ee85a59e Reviewed-on: https://gerrit.openafs.org/12427 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit f591f6fae3d8b8d44140ca64e53bad840aeeeba0 Author: Mark Vitale Date: Mon Nov 7 14:16:50 2016 -0500 dir: do not leak contents of deleted directory entries Deleting an AFS directory entry (afs_dir_Delete) merely removes the entry logically by updating the allocation map and hash table. However, the entry itself remains on disk - that is, both the cache manager's cache partition and the fileserver's vice partitions. This constitutes a leak of directory entry information, including the object's name and MKfid (vnode and uniqueid). This leaked information is also visible on the wire during FetchData requests and volume operations. Modify afs_dir_Delete to clear the contents of deleted directory entries. Patchset notes: This commit only prevents leaks for newly deleted entries. Another commit in this patchset prevents leaks of partial object names upon reuse of pre-existing deleted entries. A third commit in this patchset prevents yet another kind of directory entry leak, when internal buffers are reused to create or enlarge existing directories. All three patches are required to prevent new leaks. Two additional salvager patches are also included to assist administrators in the cleanup of pre-existing leaks. [kaduk@mit.edu: style nit for sizeof() argument] Change-Id: Iabaafeed09a2eb648107b7068eb3dbf767aa2fe9 Reviewed-on: https://gerrit.openafs.org/12460 Reviewed-by: Mark Vitale Tested-by: Mark Vitale Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit a26c5054ee501ec65db3104f6a6a0fef634d9ea7 Author: Benjamin Kaduk Date: Sun Nov 6 23:29:22 2016 -0600 afs: do not leak stale data in buffers Similar to the previous commit, zero out the buffer when fetching a new slot, to avoid the possibility of leaving stale data in a reused buffer. We are not supposed to write such stale data back to a fileserver, but this is an extra precaution in case of bugs elsewhere -- memset is not as expensive as it was in the 1980s. Change-Id: I344e772e9ec3d909e8b578933dd9c6c66f0a8cf6 Reviewed-on: https://gerrit.openafs.org/12459 Reviewed-by: Mark Vitale Tested-by: Mark Vitale Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 70065cb1831dbcfd698c8fee216e33511a314904 Author: Mark Vitale Date: Fri May 13 00:01:31 2016 -0400 dir: fileserver leaks names of file and directories Summary: Due to incomplete initialization or clearing of reused memory, fileserver directory objects are likely to contain "dead" directory entry information. These extraneous entries are not active - that is, they are logically invisible to the fileserver and client. However, they are physically visible on the fileserver vice partition, on the wire in FetchData replies, and on the client cache partition. This constitutes a leak of directory information. Characterization: There are three different kinds of "dead" residual directory entry leaks, each with a different cause: 1. There may be partial name data after the null terminator in a live directory entry. This happens when a previously used directory entry becomes free, then is reused for a directory entry with a shorter name. This may be addressed in a future commit. 2. "Dead" directory entries are left uncleared after an object is deleted or renamed. This may be addressed in a future commit. 3. Residual directory entries may be inadvertently picked up when a new directory is created or an existing directory is extended by a 2kiBi page. This is the most severe problem and is addressed by this commit. This third kind of leak is the most severe because the leaked directory information may be from _any_ other directory residing on the fileserver, even if the current user is not authorized to see that directory. Root cause: The fileserver's directory/buffer package shares a pool of directory page buffers among all fileserver threads for both directory reads and directory writes. When the fileserver creates a new directory or extends an existing one, it uses any available unlocked buffer in the pool. This buffer is likely to contain another directory page recently read or written by the fileserver. Unfortunately the fileserver only initializes the page header fields (and the first two "dot" and "dotdot" entries in the case of a new directory). Any residual entries in the rest of the directory page are now logically "dead", but still physically present in the directory. They can easily be seen on the vice partition, on the wire in a FetchData reply, and on the cache partition. Note: The directory/buffer package used by the fileserver is also used by the salvager and the volserver. Therefore, salvager activity may also leak directory information to a certain extent. The volserver vos split command may also contribute to leaks. Any volserver operation that creates volumes (create, move, copy, restore, release) may also have insignificant leaks. These less significant leaks are addressed by this commit as well. Exploits: Any AFS user authorized to read directories may passively exploit this leak by capturing wire traffic or examining his local cache as he/she performs authorized reads on existing directories. Any leaked data will be for other directories the fileserver had in the buffer pool at the time the authorized directories were created or extended. Any AFS user authorized to write a new directory may actively exploit this leak by creating a new directory, flushing cache, then re-reading the newly created directory. Any leaked data will be for other directories the fileserver had in the buffer pool within the last few seconds. In this way an authorized user may sample current fileserver directory buffer contents for as long as he/she desires, without being detected. Directories already containing leaked data may themselves be leaked, leading to multiple layers of leaked data propagating with every new or extended directory. The names of files and directories are the most obvious source of information in this leak, but the FID vnode and uniqueid are leaked as well. Careful examination of the sequences of leaked vnode numbers and uniqueids may allow an attacker to: - Discern each layer of old directories by observing breaks in consecutive runs of vnode and/or uniqueid numbers. - Infer which objects may reside on the same volume. - Discover the order in which objects were created (vnode) or modified (uniqueid). - Know whether an object is a file (even vnode) or a directory (odd vnode). Prevent new leaks by always clearing a pool buffer before using it to create or extend a directory. Existing leaks on the fileserver vice partitions may be addressed in a future commit. Change-Id: Ia980ada6a2b1b2fd473ffc71e9fd38255393b352 Reviewed-on: https://gerrit.openafs.org/12458 Reviewed-by: Mark Vitale Tested-by: Mark Vitale Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 1637c4d7c1ce407390f65509a3a1c764a0c06aa6 Author: Benjamin Kaduk Date: Sun Nov 6 15:06:02 2016 -0600 bos: re-add -salvagedirs for use with -all The MR-AFS support code had a -salvagedirs option that was passed through to the salvager (when running, and when -all was used), that was removed in commit a9301cd2dc1a875337f04751e38bba6f1da7ed32 along with the rest of the MR-AFS commands and options. However, it is useful in its own right, so add it back and allow the use of -salvagedirs -all to rebuild every directory on the server. Change-Id: Ifc9c0e4046bf049fe04106aec5cad57d335475e3 Reviewed-on: https://gerrit.openafs.org/12457 Reviewed-by: Mark Vitale Tested-by: Mark Vitale Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 9e66234951cca3ca77e94ab431f739e85017a23a Author: Michael Meffie Date: Sun Nov 6 14:31:22 2016 -0600 dafs: honor salvageserver -salvagedirs Do not ignore the -salvagedirs option when given to the salvageserver. When the salvageserver is running with this option, all directories will be rebuilt by salvages spawned by the dafs salvageserver, including all demand attach salvages and salvages of individual volumes initiated by bos salvage. This does not affect the whole partition salvages initiated by bos salvage -all. Change-Id: I4dd515ffa8f962c61e922217bee20bbd88bcd534 Reviewed-on: https://gerrit.openafs.org/12456 Reviewed-by: Mark Vitale Tested-by: Mark Vitale Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 3704fc6f2e6716d95446cd10aa2ec798be13472c Author: Anders Kaseorg Date: Fri Nov 4 20:17:32 2016 -0400 Remove NULL checks for AFS_NONNULL parameters Recent GCC warns about opr_Assert(p != NULL), where p is an __attribute__((__nonnull__)) parameter, just like clang did before those clang warnings were silenced by 11852, 11853. Now, we could go and add more autoconf tests and pragmas to silence the GCC versions of these warnings. However, I maintain that silencing the warnings is the wrong approach. The asserts in question have no purpose. They do not add any safety, because GCC and clang are optimizing them away at compile time (without proof!—they take the declaration at its word that NULL will never be passed). Just remove them. Fixes these warnings (errors with --enable-checking) from GCC 6.2: In file included from casestrcpy.c:17:0: casestrcpy.c: In function ‘opr_lcstring’: casestrcpy.c:26:31: error: nonnull argument ‘d’ compared to NULL [-Werror=nonnull-compare] opr_Assert(s != NULL && d != NULL); ^ /…/openafs/include/afs/opr.h:28:15: note: in definition of macro ‘__opr_Assert’ do {if (!(ex)) opr_AssertionFailed(__FILE__, __LINE__);} while(0) ^~ casestrcpy.c:26:5: note: in expansion of macro ‘opr_Assert’ opr_Assert(s != NULL && d != NULL); ^~~~~~~~~~ casestrcpy.c:26:18: error: nonnull argument ‘s’ compared to NULL [-Werror=nonnull-compare] opr_Assert(s != NULL && d != NULL); ^ /…/openafs/include/afs/opr.h:28:15: note: in definition of macro ‘__opr_Assert’ do {if (!(ex)) opr_AssertionFailed(__FILE__, __LINE__);} while(0) ^~ casestrcpy.c:26:5: note: in expansion of macro ‘opr_Assert’ opr_Assert(s != NULL && d != NULL); ^~~~~~~~~~ casestrcpy.c: In function ‘opr_ucstring’: casestrcpy.c:46:31: error: nonnull argument ‘d’ compared to NULL [-Werror=nonnull-compare] opr_Assert(s != NULL && d != NULL); ^ /…/openafs/include/afs/opr.h:28:15: note: in definition of macro ‘__opr_Assert’ do {if (!(ex)) opr_AssertionFailed(__FILE__, __LINE__);} while(0) ^~ casestrcpy.c:46:5: note: in expansion of macro ‘opr_Assert’ opr_Assert(s != NULL && d != NULL); ^~~~~~~~~~ casestrcpy.c:46:18: error: nonnull argument ‘s’ compared to NULL [-Werror=nonnull-compare] opr_Assert(s != NULL && d != NULL); ^ /…/openafs/include/afs/opr.h:28:15: note: in definition of macro ‘__opr_Assert’ do {if (!(ex)) opr_AssertionFailed(__FILE__, __LINE__);} while(0) ^~ casestrcpy.c:46:5: note: in expansion of macro ‘opr_Assert’ opr_Assert(s != NULL && d != NULL); ^~~~~~~~~~ casestrcpy.c: In function ‘opr_strcompose’: /…/openafs/include/afs/opr.h:28:12: error: nonnull argument ‘buf’ compared to NULL [-Werror=nonnull-compare] do {if (!(ex)) opr_AssertionFailed(__FILE__, __LINE__);} while(0) ^ /…/openafs/include/afs/opr.h:37:25: note: in expansion of macro ‘__opr_Assert’ # define opr_Assert(ex) __opr_Assert(ex) ^~~~~~~~~~~~ casestrcpy.c:98:5: note: in expansion of macro ‘opr_Assert’ opr_Assert(buf != NULL); ^~~~~~~~~~ kalocalcell.c: In function ‘ka_CellToRealm’: /…/openafs/include/afs/opr.h:28:12: error: nonnull argument ‘realm’ compared to NULL [-Werror=nonnull-compare] do {if (!(ex)) opr_AssertionFailed(__FILE__, __LINE__);} while(0) ^ /…/openafs/include/afs/opr.h:37:25: note: in expansion of macro ‘__opr_Assert’ # define opr_Assert(ex) __opr_Assert(ex) ^~~~~~~~~~~~ kalocalcell.c:117:5: note: in expansion of macro ‘opr_Assert’ opr_Assert(realm != NULL); ^~~~~~~~~~ Change-Id: I6fd618ed49255d7b3de2f8f3424d9659890829c0 Reviewed-on: https://gerrit.openafs.org/12442 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 822ca15a0e760ad9f2c04cd177ca5634f85ee8d6 Author: Dave Botsch Date: Thu Nov 17 13:22:17 2016 -0500 Mac OS Sierra deprecates syscall() The syscall() function has been deprecated in MacOS 10.12 - Sierra. After discussions with developers, it would appear that syscall() isn't really needed, anymore, so we can just do away with it. Change-Id: I60e4220168b097bbae7a5ebaceb2d32276aad3e5 Reviewed-on: https://gerrit.openafs.org/12452 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 74f837fd943ddfa20d349a83d6286a0183cb4663 Author: Dave Botsch Date: Thu Nov 3 12:22:21 2016 -0400 Define OSATOMIC_USE_INLINED to get usable atomics on DARWIN In Mac OS 10.12, legacy interfaces for atomic operations have been deprecated. Defining OSATOMIC_USE_INLINED gets us inline implementations of the OSAtomic interfaces in terms of the primitives. This is a transition convenience. Also indent preprocessor directives within the main DARWIN block to improve readability. Change-Id: Id10ae007d5427486f1b0a307a04a90f263201150 Reviewed-on: https://gerrit.openafs.org/12433 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit f5f057ce8198480fb9c67f2a8c8eee906f8a7c4a Author: Michael Meffie Date: Thu Jul 7 15:51:18 2016 -0400 doc: update information about vlserver logging Mention the vlserver -d option can be used to set the initial logging level. Thanks to Mark Vitale for the suggestion. Change-Id: Ia17a2063432343c2cf78e1b01c5897751625aae8 Reviewed-on: https://gerrit.openafs.org/12324 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 37db7985fde9e6a5e71ae628d0b7124a27bf31c3 Author: Michael Meffie Date: Sat Nov 5 12:42:19 2016 -0400 SOLARIS: convert from ancient _depends_on to ELF dependencies The ancient way of declaring module dependencies with _depends_on has been deprecated since SunOS 2.6 (circa 1996). The presence of the old _depends_on symbol triggers a warning message on the console starting with Solaris 12, and the kernel runtime loader (krtld) feature of using the _depends_on symbol to load dependencies may be removed in a future version of Solaris. Convert the kernel module from the ancient _depends_on method to modern ELF dependencies. Remove the old _depends_on symbol and specify the -dy and -N linker options to set the ELF dependencies at link time, as recommended in the Solaris device driver developer guidelines [1]. This commit does not change the declared dependencies, which may be vestiges of ancient afs versions. [1]: http://docs.oracle.com/cd/E19455-01/805-7378/6j6un037u/index.html#loading-16 Change-Id: Ic5abd82108cd59c0796a8d7659ddaffa791dbeee Reviewed-on: https://gerrit.openafs.org/12453 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 3af0460a4a6d7bf22e1789fd9e375659e20c3a55 Author: Mark Vitale Date: Mon Nov 21 13:25:40 2016 -0500 doc: correct help for 'bos getlog' -restricted mode Commit f085951d39c0d6c1e6a626177c30235704317600 introduced an error in the bos getlog helpfile. Modify the helpfile to describe the actual restrictions imposed by -restricted mode. Change-Id: I8d8fedb558a1bdbd55d80046b2011f3aacc71b3f Reviewed-on: https://gerrit.openafs.org/12454 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit c3bbf0b4444db88192eea4580ac9e9ca3de0d286 Author: Mark Vitale Date: Thu Aug 4 18:42:27 2016 -0400 LINUX: do not use d_invalidate to evict dentries When working within the AFS filespace, commands which access large numbers of OpenAFS files (e.g., git operations and builds) may result in active files (e.g., the current working directory) being evicted from the dentry cache. One symptom of this is the following message upon return to the shell prompt: "fatal: unable to get current working directory: No such file or directory" Starting with Linux 3.18, d_invalidate returns void because it always succeeds. Commit a42f01d5ebb13da575b3123800ee6990743155ab adapted OpenAFS to cope with the new return type, but not with the changed semantics of d_invalidate. Because d_invalidate can no longer fail with -EBUSY when invoked on an in-use dentry. OpenAFS must no longer trust it to preserve in-use dentries. Modify the dentry eviction code to use a method (d_prune_aliases) that does not evict in-use dentries. Change-Id: I1826ae2a89ef4cf6b631da532521bb17bb8da513 Reviewed-on: https://gerrit.openafs.org/12363 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 9d4be0bd01696768602a313f627a802b358b5885 Author: Marcio Barbosa Date: Fri Nov 11 13:21:58 2016 -0800 macos: do not quit prefpane unexpectedly If the user opens the OpenAFS preference pane and choose the Mounts tab, the preference pane crashes. To fix the problem, do not assume that we can cast a NSdictionary object to NSMutableDictionary. Change-Id: I3b5f6cb324a6b53c6b53606f71185f61450ee793 Reviewed-on: https://gerrit.openafs.org/12446 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 3e8529b6efec4625a4c67e6779fc8367291461a0 Author: Mark Vitale Date: Wed May 18 00:36:12 2016 -0400 salvager: fix error message for invalid volumeid If the specified volumeid is invalid (e.g. volume name was specified instead of volume number), the error is reported via Log(). However, commit 24fed351fd13b38bfaf9f278c914a47782dbf670 moved the log opening logic from before this check to after it, effectively making this Log() call a no-op. Instead, use fprintf to issue the error message. Change-Id: I488bc93b178c7973e48d7c9ef4e7ecde9ba62696 Reviewed-on: https://gerrit.openafs.org/12288 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit e8f066dede63648d7d54c632e0e257c80db6effa Author: Anders Kaseorg Date: Fri Nov 4 20:48:02 2016 -0400 src/tools/rxperf/rxperf.c: Fix misleading indentation Fixes these warnings (errors with --enable-checking) from GCC 6.2: rxperf.c: In function ‘rxperf_server’: rxperf.c:930:4: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (ptr && *ptr != '\0') ^~ rxperf.c:932:6: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ break; ^~~~~ rxperf.c: In function ‘rxperf_client’: rxperf.c:1102:4: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (ptr && *ptr != '\0') ^~ rxperf.c:1104:6: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ break; ^~~~~ Change-Id: I4e8e1f75ec14fa9f95441275cfc136adbb448e9e Reviewed-on: https://gerrit.openafs.org/12440 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 85cf397ec18ecfde36433fb65e5d91ecd325b76e Author: Anders Kaseorg Date: Fri Nov 4 20:46:22 2016 -0400 src/gtx/curseswindows.c: Fix misleading indentation Fixes these warnings (errors with --enable-checking) from GCC 6.2: curseswindows.c: In function ‘gator_cursesgwin_drawchar’: curseswindows.c:574:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (params->highlight) ^~ curseswindows.c:576:9: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ if (code) ^~ curseswindows.c:579:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (params->highlight) ^~ curseswindows.c:581:9: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ if (code) ^~ curseswindows.c: In function ‘gator_cursesgwin_drawstring’: curseswindows.c:628:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (params->highlight) ^~ curseswindows.c:630:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ if (code) ^~ curseswindows.c:633:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (params->highlight) ^~ curseswindows.c:635:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ if (code) ^~ Change-Id: Ib53eb5755eebb5e22a5414ced8a2540825b41e15 Reviewed-on: https://gerrit.openafs.org/12439 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 86153c65cad10b0459d0f87bbe227a1ebe40f4ea Author: Anders Kaseorg Date: Fri Nov 4 20:44:00 2016 -0400 src/afsd/afsd.c: Fix misleading indentation Fixes these warnings (errors with --enable-checking) from GCC 6.2: afsd.c: In function ‘afsd_run’: afsd.c:2176:6: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (enable_rxbind) ^~ afsd.c:2178:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ afsd_syscall(AFSOP_ADVISEADDR, code, addrbuf, maskbuf, mtubuf); ^~~~~~~~~~~~ afsd.c:2487:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (afsd_debug) ^~ afsd.c:2490:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ afsd_syscall(AFSOP_GO, 0); ^~~~~~~~~~~~ Change-Id: Ic4769046dc06bb58d61428ac08ea12a2f70743e9 Reviewed-on: https://gerrit.openafs.org/12438 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 38040db3bb7b5ae4d5b2c710da17ba60abe39935 Author: Anders Kaseorg Date: Fri Nov 4 20:39:34 2016 -0400 src/ubik/uinit.c: Fix misleading indentation Fixes this warning (error with --enable-checking) from GCC 6.2: uinit.c: In function ‘internal_client_init’: uinit.c:96:2: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (code) ^~ uinit.c:98:6: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ return code; ^~~~~~ Change-Id: Ib03c4128e206194fa5c34fa3c49bb06beb70e6d0 Reviewed-on: https://gerrit.openafs.org/12437 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 0aeb8c17a2701169ddb7397d951c73cf361087c8 Author: Anders Kaseorg Date: Fri Nov 4 20:38:08 2016 -0400 src/rx/rx_packet.c: Fix misleading indentation Fixes these warnings (errors with --enable-checking) from GCC 6.2: rx_packet.c: In function ‘rxi_ReceiveDebugPacket’: rx_packet.c:2009:9: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (rx_stats_active) ^~ rx_packet.c:2011:6: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ s = (afs_int32 *) & rx_stats; ^ rx_packet.c:2017:9: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (rx_stats_active) ^~ rx_packet.c:2019:6: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ rxi_SendDebugPacket(ap, asocket, ahost, aport, istack); ^~~~~~~~~~~~~~~~~~~ Change-Id: Iaecedf63e9ed393607b8700b892aea7678c774b3 Reviewed-on: https://gerrit.openafs.org/12436 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit bd70a176c19c09c49c6c3c01ea088ca947c45966 Author: Anders Kaseorg Date: Fri Nov 4 20:36:51 2016 -0400 src/rxgen/rpc_parse.c: Fix misleading indentation Fixes this warning (error with --enable-checking) from GCC 6.2: rpc_parse.c: In function ‘analyze_ProcParams’: rpc_parse.c:861:5: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] if (tokp->kind != TOK_RPAREN) ^~ rpc_parse.c:863:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ *tailp = decls; ^ Change-Id: Ia63311c20eb8cd96123ba97b0bf7621b82956e79 Reviewed-on: https://gerrit.openafs.org/12435 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a7cc505d3be81e6aaf755bcc83d0dbcab85dbdad Author: Anders Kaseorg Date: Fri Nov 4 20:18:52 2016 -0400 regen.sh: Use libtoolize -i, and .gitignore generated build-tools Recent libtoolize actually deletes build-tools/missing, which Git was treating as a change to the working copy. Besides, we should let libtoolize copy in its more recent version of config.guess, config.sub, and install-sh. Change-Id: If21f22649e1e1015ad3bcfbf6d34f297b56993a1 Reviewed-on: https://gerrit.openafs.org/12434 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 22933e02e2510f25b79230964f135571c7bfe710 Author: Benjamin Kaduk Date: Thu Oct 27 17:27:26 2016 -0500 Reformat src/afs/LINUX/osi_vcache.c Apply the GNU indent options from CODING, with manual adjustments to leave jump labels in column zero. Also rename and mark static a function-local helper function. Change-Id: I50b8300b675b2a3f76ae743136b204473ac0c8b0 Reviewed-on: https://gerrit.openafs.org/12422 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 742643e306929ac979ab69515a33ee2a3f2fa3fa Author: Mark Vitale Date: Thu Aug 4 18:18:15 2016 -0400 LINUX: split dentry eviction from osi_TryEvictVCache To make osi_TryEvictVCache clearer, and to prepare for a future change in dentry eviction, split the dentry eviction logic into its own routine osi_TryEvictDentries. No functional difference should be incurred by this commit. Change-Id: I5b255fd541d09159d70f8d7521ca8f2ae7fe5c2b Reviewed-on: https://gerrit.openafs.org/12362 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Joe Gorse commit 0bed87a15db11bccb693b3a54f704ee5751ae553 Author: Marcio Barbosa Date: Sun Oct 23 12:52:49 2016 -0700 macos: packaging support for MacOS X 10.12 This commit introduces the new set of changes / files required to successfully create the dmg installer on OS X 10.12 "Sierra". Change-Id: I8e715240c4b230c39c26c418324c0184268e1f73 Reviewed-on: https://gerrit.openafs.org/12420 Reviewed-by: Joe Gorse Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 0bdf750a962a81b9b2e61387d7a3340dabb13395 Author: Marcio Barbosa Date: Tue Oct 25 19:33:38 2016 -0700 macos: add support for MacOS 10.12 This commit introduces the new set of changes / files required to successfully build the OpenAFS source code on OS X 10.12 "Sierra". Change-Id: I42326cd271d84735188f9e3003e292afe5ee34be Reviewed-on: https://gerrit.openafs.org/12419 Reviewed-by: Joe Gorse Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 8aeb711eeaa5ddac5a74c354091e2d4f7ac0cd63 Author: Mark Vitale Date: Thu Oct 20 00:49:37 2016 -0400 Linux 4.9: inode_change_ok() becomes setattr_prepare() Linux commit 31051c85b5e2 "fs: Give dentry to inode_change_ok() instead of inode" renames and modifies inode_change_ok(inode, attrs) to setattr_prepare(dentry, attrs). Modify OpenAFS to cope. Change-Id: I72f8dfbdbd25d7c775e9c35116e323ea4359e95c Reviewed-on: https://gerrit.openafs.org/12418 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit f21e3ef8ce5093b4e0578d29666f76bd99aef1a2 Author: Mark Vitale Date: Fri Sep 16 19:01:19 2016 -0400 Linux 4.9: inode_operation rename now takes flags In Linux 3.15 commit 520c8b16505236fc82daa352e6c5e73cd9870cff, inode_operation rename2() was added. It takes the same arguments as rename(), with an added flags argument supporting the following values: RENAME_NOREPLACE: if "new" name exists, fail with -EEXIST. Without this flag, the default behavior is to replace the "new" existing file. RENAME_EXCHANGE: exchange source and target; both must exist. OpenAFS never implemented a .rename2() routine because it was optional when introduced at Linux v3.15. In Linux 4.9-rc1 the following commits remove the last in-tree uses of .rename() and converts .rename2() to .rename(). aadfa8019e81 vfs: add note about i_op->rename changes to porting 2773bf00aeb9 fs: rename "rename2" i_op to "rename" 18fc84dafaac vfs: remove unused i_op->rename 1cd66c93ba8c fs: make remaining filesystems use .rename2 e0e0be8a8355 libfs: support RENAME_NOREPLACE in simple_rename() f03b8ad8d386 fs: support RENAME_NOREPLACE for local filesystems With these changes, it is now mandatory for OpenAFS afs_linux_rename() to accept a 5th flag argument. Add an autoconfig test to determine the signature of .rename(). Use this information to implement afs_linux_rename() with the appropriate number of arguments. Implement "toleration support" for the flags option by treating a zero flag as a normal rename; if any flags are specified, return -EINVAL to indicate the OpenAFS filesystem does not yet support any flags. Change-Id: I165d2b7956942446d97beda8504ac1ed5185a036 Reviewed-on: https://gerrit.openafs.org/12391 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 8e81b182e36cde28ec5708e5fcbe56e4900b1ea3 Author: Mark Vitale Date: Wed Sep 14 18:01:22 2016 -0400 Linux 4.9: deal with demise of GROUP_AT Linux commit 81243eacfa40 "cred: simpler, 1D supplementary groups" refactors the group_info struct, removing some members (which OpenAFS references only through the GROUP_AT macro) and adding a gid member. The GROUP_AT macro is also removed from the tree. Add an autoconfigure test for the new group_info member gid and define a replacement GROUP_AT macro to do the right thing under the new regime. Change-Id: I85a52c0ae0d91fc141a523f443a4ffc05eb72a2b Reviewed-on: https://gerrit.openafs.org/12390 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit e17cd5df703b8a924591f92c76636dd9e0d9eaf9 Author: Anders Kaseorg Date: Sun Oct 9 06:39:12 2016 -0400 tests/util/ktime-t.c: Specify EST offset in TZ This fixes test failures observed on new Debian build servers that no longer install tzdata by default. As the tests expect, EST is defined as UTC−05:00 with no daylight saving time. Change-Id: Ida8cb33687b5d87761cb0422e446afd99246d47a Reviewed-on: https://gerrit.openafs.org/12414 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 1cd86de2912af9ad709d2d7cf8aa35d5d28fb6b3 Author: Yadav Yadavendra Date: Mon Oct 3 15:25:08 2016 -0400 afs: afs_linux_write_end only commit copied In afs_linux_write_end() only commit the number of bytes actually copied to the page. Change-Id: I3576a28302d35917019d369adc9d1013ad5870c5 Reviewed-on: https://gerrit.openafs.org/12409 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 0fdbc0754be58a50f60e3187fc4b34f057faf198 Author: Daria Phoebe Brashear Date: Sun Sep 25 19:45:48 2016 -0400 git: add a mailmap file I'd like the source tree to stop deadnaming me, so, sharing this change to do it Change-Id: Iee65d1c8e7e695ea939485db5b148615e052f953 Reviewed-on: https://gerrit.openafs.org/12394 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 2fe3a28c6ec0ff9d19ddec5500b3a5e69b483210 Author: Michael Meffie Date: Mon Aug 22 19:53:34 2016 -0400 tests: avoid passing NULL strings to vprintf Some libc implementations will crash when NULL string arguments are given to *printf. Avoid passing NULL string arguments in the make check tests that did so, and pass the string "(null)" instead. Change-Id: I65f11a3eef88d1c7b210c867ae0c40018160f55a Reviewed-on: https://gerrit.openafs.org/12377 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 4e0bc086d6d09db66b3dd26d221ff712ff351386 Author: Michael Meffie Date: Sat Aug 6 10:41:24 2016 -0400 afsd: fix afsd -help crash afsd crashes after the usage is displayed with the -help option. $ afsd -help Usage: ./afsd [-blocks <1024 byte blocks in cache>] [-files ] ... Segmentation fault (core dumped) The backtrace shows the crash occurs when calling afsconf_Open() with an invalid pointer argument, even though afsconf_Open() is not even needed when -help is given. (gdb) bt #0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:32 #1 0x00007ffff726fc36 in *__GI___strdup (s=0x0) at strdup.c:42 #2 0x0000000000408383 in afsconf_Open (adir=0x0) at cellconfig.c:444 #3 0x00000000004054d5 in afsd_run () at afsd.c:1926 #4 0x0000000000407dc5 in main (argc=2, argv=0x7fffffffe348) at afsd_kernel.c:577 afsconf_Open() is called with an uninitialized pointer because commit d72df5a18e0bb8bbcbf23df3e8591072f0cdb770 changed the libcmd cmd_Dispatch() to return 0 after displaying the command usage when the -help option is specified. (That fix was needed for scripts which use the -help option to inspect command options with the -help option.) The afsd_kernel main function then incorrectly calls the afsd_run() function, even though mainproc() was not called, which sets up the afsd option variables. The afsconf_Open() is the first function we call in afsd_run(). Commit f77c078a291025d593f3170c57b6be5f257fc3e5 split afsd into afsd.c and afsd_kernel.c to support libuafs (and fuse). This split the parsing of the command line arguments and the running of the afsd command into two functions. The mainproc(), which originally did both, was split into two functions; one (still called mainproc) to check the option values given and setup/auto-tune values, and another (called afsd_run) to do the actual running of the afsd command. The afsd_parse() function was introduced as a wrapper around cmd_Dispatch() which "dispatches" mainproc. With this fix, take the opportunity to rename mainproc() to the now more accurately named CheckOptions() and change afsd_parse() to parse the command line options with cmd_Parse(), instead of abusing cmd_Dispatch(). Change the main fuction to avoid running afsd_run() when afsd_parse() returns the CMD_HELP code which indicates the -help option was given. afsd.fuse splits the command line arguments into afsd recognized options and fuse options (everything else), so only afsd recognized arguments are passed to afsd_parse(), via uafs_ParseArgs(). The -help argument is processed as part of that splitting of arguments, so afsd.fuse never passes -help as an argument to afsd_parse(). This means we to not need to check for CMD_HELP as a return value from uafs_ParseArgs(). But since this is all a bit confusing, at least check the return value in uafs_ParseArgs(). Change-Id: If510f8dc337e441c19b5e28685e2e818ff57ef5a Reviewed-on: https://gerrit.openafs.org/12360 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 644d3b6ec4afb5e9c0f35f48058d20f791806a9d Author: Michael Meffie Date: Tue Aug 2 16:52:42 2016 -0400 revert: "LINUX: Fix oops during negative dentry caching" Commit fd23587a5dbc9a15e2b2e83160b947f045c92af1 was done to fix an oops when parent_vcache_dv() was called without the GLOCK held. Since the lockless code paths have been removed, and parent_vcache_dv() is always called with the GLOCK held, revert the extra locked flag argument and the calls obtain and release the GLOCK within parent_vcache_dv(). Change-Id: I21c3272ec4ed5d4fa1a746a0f783cccfc14e0c22 Reviewed-on: https://gerrit.openafs.org/12354 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 74d4fea1683ccd5b4db53709fc2b5053062ea052 Author: Andrew Deason Date: Wed Mar 4 14:10:23 2015 -0600 Revert "Lockless path through afs_linux_dentry_revalidate" This reverts commit 3ecd65d3375f0a4fa4c28f9b59cdf6a1f6fd51b8. This commit made it possible to execute afs_linux_dentry_revalidate without taking the GLOCK under some circumstances. However, it achieved this by examining structure members outside of the GLOCK that were previously only examined under the GLOCK (such as vcp->f.states and vcp->f.m.DataVersion). While that does of course improve performance, it is not known to be completely safe. Revert this commit so we may implement a fastpath through afs_linux_dentry_revalidate using more trusted lockless techniques (atomics, RCU, etc). Change-Id: Ia3ca2cf53f97244e4e548db7c1caf218c16aca5c Reviewed-on: https://gerrit.openafs.org/11793 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a13ea7038ebe262ba1e5387f4a3b12897bd8822b Author: Andrew Deason Date: Fri Feb 13 13:11:09 2015 -0600 opr: Add opr_StaticAssert Add a static assert macro, for asserting that certain build-time expressions are true. Change-Id: I33b0e7168f041e8e8406710d05689e044af45fad Reviewed-on: https://gerrit.openafs.org/11792 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 7b99f2e4a8b7071930a5851c5f6c6ab6ddc0dd57 Author: Andrew Deason Date: Thu Jun 26 15:47:46 2014 -0700 afs: Create afs_SetDataVersion Several different places in the codebase change avc->f.m.DataVersion for a particular vcache, when we've noticed that the DV for the vcache has changed. Consolidate all of these occurrences into a single afs_SetDataVersion function, to make it easier to change what happens when we notice a change in DV number. This should incur no behavior change; it is just simple code reorganization. Change-Id: I5dbf2678d3c4b5a2fbef6ef045a0b5bfa8a49242 Reviewed-on: https://gerrit.openafs.org/11791 Reviewed-by: Marc Dionne Reviewed-by: Daria Phoebe Brashear Reviewed-by: Benjamin Kaduk Reviewed-by: Thomas Keiser Tested-by: BuildBot commit fac0b742960899123dca6016f6ffc6ccc944f217 Author: Andrew Deason Date: Sun May 22 21:54:30 2016 -0500 ubik: Return an error from ContactQuorum when inquorate Currently, when we need to contact all other servers in the ubik quorum (to create a write transaction, and send db changes, etc), we call the ContactQuorum_* family of functions. To contact each server, those functions follow an algorithm like the following pseudocode: { int rcode = 0; int code; int okcalls = 0; for (ts = ubik_servers; ts; ts = ts->next) { if (ts->up) { code = contact_server(ts); if (code) { rcode = code; } else { okcalls++; } } } if (okcalls + 1 >= ubik_quorum) { return 0; } else { return rcode; } } This means that if we successfully contact a majority of ubik sites, we return success, even if some sites returned an error. If most sites fail, then we return an error (we arbitrarily pick the last error we got). This means that in most situations, a successful write transaction is guaranteed to have been transmitted to a majority of ubik sites, so the written data cannot be lost (at least one of the sites that got the new data will be in a future elected quorum). However, if a site is already known to be down (ts->up is 0), then we skip trying to contact that site, but we also don't set any errors. This means that if a majority of sites are already known to be down (ts->up is 0), then we can indicate success for a write transaction, even though the relevant data has not been written to a majority of sites. In that situation, it is possible to lose data. Most of the time this is not possible, since a majority of sites must be 'up' for the sync site to be elected and to allow write transactions at all. There are a few ways, though, in which we can get into a situation where most other sites are 'down', but we still let a write transaction go through. An example scenario: Say we have sites A, B, and C. All 3 sites come up at the same time, and A is the lowest IP so it starts an election (after around BIGTIME seconds). Right after A is elected the sync site, sites B and C will have 'lastYesState' set to 0, since site A hasn't yet sent out a beacon as the sync site. A client can then start a write to the ubik database on site A, which site A will allow since it's the sync site (and presumably all the relevant recovery flags are set). Site A will try to contact sites B and C for a DISK_Begin call, but lastYesState is set to 0 on those sites. This will cause DISK_Begin to return UNOQUORUM (urecovery_AllBetter will return 0, because uvote_HaveSyncAndVersion will return 0, because lastYesState is not set). So site A will get a UNOQUORUM error from sites B and C, and so site A will set 'ts->up' to 0 for sites B and C, and will return UNOQUORUM to the client. The client may then try to retry the call (because UNOQUORUM is not treated as a 'global' error in ubikclient.c's ubik_Call_New), or another client write request could come in. Now that 'ts->up' is unset for both sites B and C, we skip trying to contact any remote sites, and the ContactQuorum functions will return success. So the ubik write will go through successfully, but the new data will only be on site A. At this point, if site A crashes, then sites B and C will elect a quorum, and will not have the modifications that were written to site A (so the data written to site A is lost). If site A stays up, then it will go through database recovery, sending the entire database file to sites B and C. In addition, it's very possible in this scenario for a client to write to the database, and then try to read back data and confusingly get a different result. For example, if someone issues the following two commands while triggering the above scenario: $ pts createuser testuser $ pts examine testuser If the second command contacts site B or C, then it will always fail, saying that the user doesn't exist (even though the first command succeeded). This is because sites B and C don't have the new data written to site A, at least temporarily. While this confusing behavior is not completely avoidable in ubik (this can always happen 'sometimes' due to network errors and such), with the scenario described here, it happens 100% of the time. The general scenario described above can also happen if sites B and C are suddenly legitimately unreachable from site A, instead of throwing the UNOQUORUM error. All of the steps are pretty much the same, but there is a bit of a delay while we wait for the DISK_Begin call to fail. To fix this, do not let 0 be returned if a quorum has not been reached. In some sense, UNOQUORUM could *always* be returned in that case, but it is more in keeping with historical behavior to return a "real" error if there is one available. It is somewhat questionable whether we should even be propagating errors received from calls like DISK_Begin/DISK_Commit to the ubik client (e.g. if we get a -1 from trying to contact a remote site, we return -1 to the client, so the client may think it couldn't reach the site at all). But this commit does not change any of that logic, and should only change behavior when a majority of sites have 'ts->up' unset. A later commit might effect the change to always return UNOQUORUM and ignore the actual error values from the DISK_ calls, but that is not needed to fix the immediate issue. An important note: Before this commit, there was a window of about 15 seconds after a sync site is elected where a write to the ubik db would appear to be successful, but would only modify the ubik db on the sync site. (Details described above.) With this commit, writes during that 15-second window will instead fail, because we cannot guarantee that we won't lose that data. If someone relies on 'udebug' data from the sync site to let them know when writes will go through successfully, this commit could appear to cause new errors. [kaduk@mit.edu: transfer long commit message describing the issue from an alternative fix, and tidy up accordingly] Change-Id: If6842d7122ed4d137f298f0f8b7f20350b1e9de6 Reviewed-on: https://gerrit.openafs.org/12289 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 64cc7f0ca7a44bb214396c829268a541ab286c69 Author: Andrew Deason Date: Wed May 14 19:56:58 2014 -0500 afs: Create afs_StaleVCache In numerous different places in the code, we do something like this to mark a vcache as stale: ObtainWriteLock(&afs_xcbhash, somenumber); avc->f.states &= ~CStatd; afs_DequeueCallback(avc); ReleaseWriteLock(&afs_xcbhash); if (avc->f.fid.Fid.Vnode & 1 || (vType(avc) == VDIR)) osi_dnlc_purgedp(avc); There are some variations here and there, but all locations usually involve at least some code like that. But they all do the same general thing: invalidate a vcache so we hit the net the next time we need that vcache. In order to make it easier to modify what happens when we invalidate a vcache, and just to improve the code, take all of these instances and put the functionality in a single function, called afs_StaleVCache, which marks the vcache as 'stale'. To handle a few different situations that must be handled, we have some flags that can also be passed to the new function. These are primarily necessary to handle variations in the circumstances under which we hit this code path; for instance, we may already have afs_xcbhash locked, or we may be invalidating the entire osidnlc (if we're invalidating vcaches in bulk, for example). This should result in the same general behavior in all cases. The only slight differences in a few cases is that we hold locks for a few more operations than we used to; for example, we may clear an osidnlc entry while holding the vcache lock. But these are minor and shouldn't result in any actual differences in behavior. So, this commit should just be code reorganization and should incur no behavior change. However, this reorganization is complex, and should not be considered a simple risk-free refactoring. [kaduk@mit.edu: implement Tom Keiser's suggestion of a third argument to afs_StaleVCacheFlags, add AFS_STALEVC_CLEARCB and AFS_STALEVC_SKIP_DNLC_FOR_INIT_FLUSHED] Change-Id: I2b2f606c56d5b22826eeb98471187165260c7b91 Reviewed-on: https://gerrit.openafs.org/11790 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 733dcec01784617e3354c2b8b29f50b09464a4bb Author: Matt K. Light Date: Tue Sep 13 14:18:38 2016 -0500 Fix compile error for PPC64 gcc 6.1.1 Cast function pointer stubs to remove compile errors on Fedora 24 PPC64 with ggcc 6.1.1 FIXES 133407 Change-Id: I59a191f7f8123ce17bfa6175b989ae14b5eab5a4 Reviewed-on: https://gerrit.openafs.org/12386 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit f2f5a7bca5e77971ef71bf2ddabf93868fe79f1d Author: Michael Meffie Date: Wed Aug 17 10:57:48 2016 -0400 CODING: one-line if statements should not have braces Update the style guide with a declaration of the prevailing and preferred brace style for one-line if statements and loops. Provide an example and counter-example. Change-Id: Iafeea977203b76c0e67385779fb4ed57f3c6699a Reviewed-on: https://gerrit.openafs.org/12370 Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit f0fa5a5327c7440070d34127a124d6b7eb4bd32d Author: Michael Meffie Date: Thu Jun 11 11:25:51 2015 -0400 libafs: update the volume setup time when the vldb is rechecked The vldb is rechecked when the fileserver returns certain error codes, such as VMOVED. When the vldb is rechecked, update the volume setupTime to reflect the most recent time the volume vldb information is known to be correct. Be sure the VRecheck flag is cleared after checking the vldb, since the volume write lock was dropped after finding the volume. Change-Id: I0ba389ee408de602e0059fbe8013012501c337d3 Reviewed-on: https://gerrit.openafs.org/11897 Reviewed-by: Mark Vitale Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit ee08dbe37d9db4fe314bd88b9280bf73c92c37bd Author: Andrew Deason Date: Sat Aug 8 16:13:54 2015 -0500 afs: Make ONEGROUP_ENV not Linux-specific The functionality in AFS_LINUX26_ONEGROUP_ENV does not really need to be Linux-specific (it's just only implemented for Linux right now). Rename it to AFS_PAG_ONEGROUP_ENV, and remove some Linux-specific checks when checking for "onegroup" PAG GIDs. [mmeffie@sinenomine.net: Move AFS_PAG_ONEGROUP_ENV to param.h] Change-Id: I01d29fff309337ae95b9b6c65db3d2212cf4bf89 Reviewed-on: https://gerrit.openafs.org/11978 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit b39095c3a7e1c631bb17816b7e707bc21a6b8c71 Author: Michael Meffie Date: Fri Sep 9 16:23:46 2016 -0400 afs: define NUMPAGGROUPS once Define the number of groups per PAG in one place. Prefix the define with AFS_ to avoid name conflicts in the future (unlikely as it may be). Fix the misnamed AFSPAGGGROUPS symbol in linux implementation of two groups per PAG. Change-Id: I78bb42913f2a5d84c9f323f17dc36d800d8acb84 Reviewed-on: https://gerrit.openafs.org/12382 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 0028ea92ad3e7aac6a4c51f63703a4d9d7b9dcd6 Author: Michael Meffie Date: Wed Apr 29 12:00:24 2015 -0400 afs: add afsd -inumcalc option This commit adds the afsd -inumcalc command line switch to specify the inode number calculation method in a platform neutral way. Inode numbers reported for files within the AFS filesystem are generated by the cache manager using a calculation which derives a number from a FID. Long ago, a new type of calculation was added which generates inode numbers using a MD5 message digest of the FID. The MD5 inode number calculation variant is computationally more expensive but greatly reduces the chances for inode number collisions. The MD5 calculation can be enabled on the Linux cache manager using the Linux sysctl interface. Other than the sysctl method of selecting the inode calculation type, the MD5 inode number calculation method is not specific to Linux. This change introduces a command-line option which accepts a value to indicate the calculation method, instead of a simple flag to enable MD5 inode numbers. This should allow for new inode calculation methods in the future without the need for additional afsd command-line flags. Two values are currently accepted for -inumcalc. The value of 'compat' specifies the legacy inode number calculation. The value 'md5' indicates that the new MD5 calculation is to be used. Change-Id: I0257c68ca1a32a7a4c55ca8174a4926ff78ddea4 Reviewed-on: https://gerrit.openafs.org/11855 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit c17d14223044936a5de5007052eff3488350e9d4 Author: Michael Meffie Date: Sat Aug 6 12:57:59 2016 -0400 CODING: update style guide for multiline comments Document the preferred style for multiple line comment blocks and give an example. Change-Id: I73d6183da9014a943316e5aea1d43be2acc81ad7 Reviewed-on: https://gerrit.openafs.org/12361 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit aca8ac83bd456862815a7f247e9a7b89583517a8 Author: Benjamin Kaduk Date: Wed Jul 13 18:23:50 2016 -0500 Document minimum supported compiler versions Pick some fairly old versions of clang and gcc and document them as the minimum supported version. This will let us make assumptions about compiler features that are available when using those compilers. Change-Id: Ibb8df72c9b12cc7adff39ece9708a428975ba703 Reviewed-on: https://gerrit.openafs.org/12331 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 83a0f2a9ef88e63fbd300fbb436c17ca80c245b4 Author: Anders Kaseorg Date: Mon Jul 25 21:04:59 2016 -0400 Linux 4.7: Follow key_alloc API change Linux v4.7-rc1~124^2~2^2^2~9 adds an eighth optional argument restrict_link. The same commit adds a KEY_ALLOC_BYPASS_RESTRICTION macro, which we test so we can avoid adding another configure test. Change-Id: I83e27b54ba5711124dccaa41de7155be77054f47 Reviewed-on: https://gerrit.openafs.org/12345 Tested-by: BuildBot Reviewed-by: Anders Kaseorg Reviewed-by: Benjamin Kaduk commit fa5af899319b69fa9542add78beca388521e3450 Author: Mark Vitale Date: Fri May 27 16:44:17 2016 -0400 SOLARIS: corrupted content of mmap'd files over 4GiB Many Solaris programs and utilities (notably mdb and cp) use mmap() in their implementation. When AFS files exceeding 4GiB are mmap'd, the contents of the file will be incorrectly mapped into memory. Starting at 4GiB + 1, the first 4GiB will be repeated for the remainder of the file. If the mmap'd file is written back to storage (AFS or otherwise), the newly created file will also be corrupted. This is due to a bug in the afs_map() routine that supports mmap() of AFS files on Solaris. The segvn_crarg.offset passed to the Solaris virtual memory APIs is incorrectly cast to u_int, causing it to wrap at 4GiB. Although Solaris passes the offset from fop_map() to afs_map() as type offset_t, the destination segvn_crargs.offset is actually type u_offset_t. Existing examples of other Solaris filesystems (e.g. zfs_map() ) cast the offset from offset_t to u_offset_t when assigning to segvn_crargs.offset. If it's good enough for ZFS, it's good enough for AFS. Correctly cast the offset to u_offset_t. Thanks to Robert Milkowski for the report and diagnosis. Change-Id: Id25363255ec011f2ad7e003ca3e4a1385bebff7e Reviewed-on: https://gerrit.openafs.org/12292 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 75325fc9ab1cec4a338e1aaf1b32de1922492b12 Author: Mark Vitale Date: Thu May 26 16:53:47 2016 -0400 SOLARIS: support mmap() over 4GiB When mmap() is issued for exactly 4GiB of a large AFS-resident file, mmap() fails with ENOMEM. This is because the AFS code is handling the requested length as u_int instead of size_t, resulting in a 0 being passed back to the caller. When mmap() is issued for non-multiples of 4GiB, the subsequent mapping will not contain all the requested pages, and for the same reason - the mapped size has been truncated to 32 bits. This results in SIGSEGV when accessing the non-mapped page(s). Fix the signature of afs_map() to specify the correct type for the length. Thanks to Robert Milkowski for the report and diagnosis. Change-Id: I8a9f0cb04ff9b80de5516e14d0679b06ef0b3f9a Reviewed-on: https://gerrit.openafs.org/12291 Tested-by: BuildBot Tested-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 19ffa2b7f09bffea816dda4713ad53f4d8cb93cb Author: Marcio Barbosa Date: Wed Jul 20 15:09:43 2016 -0400 macos: pkgbuild.sh should not be tracked by git The automatically generated pkgbuild.sh file should not be tracked by git. To fix this problem, add the name of this file to the proper .gitignore file. Change-Id: I9bdbad8e7cc02926de61e337ccb94d8a2c27ae43 Reviewed-on: https://gerrit.openafs.org/12343 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 7f8af1b384cfdc2964a122953e4102b4d82e6cb1 Author: Mark Vitale Date: Thu Jun 18 15:32:36 2015 -0400 afs: incorrect comments for afs_ClearStatus The brief description was identical to the one for afs_Analyze. Update it to accurately describe afs_ClearStatus. Change-Id: I70ceca41342c1b47950c35f567f8ae5a2566f925 Reviewed-on: https://gerrit.openafs.org/12005 Reviewed-by: Perry Ruiter Reviewed-by: Mark Vitale Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit d3dbdade7e8eaf6da37dd6f1f53d9f1384626071 Author: Andrew Deason Date: Sun May 1 11:24:30 2016 -0500 ubik: Don't RECFOUNDDB if can't contact most sites Currently, the ubik recovery code will always set UBIK_RECFOUNDDB during recovery, after asking all other sites for their dbversions. This happens regardless of how many sites we were actually able to successfully contact, even if we couldn't contact any of them. This can cause problems when we are unable to contact a majority of sites with DISK_GetVersion. Since, if we haven't contacted a majority of sites, we cannot say with confidence that we know what the best db version available is (which is what UBIK_RECFOUNDDB represents; that we've found which database is the one we should be using). This can also result in UBIK_RECHAVEDB in a similar situation, indicating that we have the best db version locally, even though we never actually asked anyone else what their db version was. For example, say site A is the sync site going through recovery, and DISK_GetVersion fails for the only other sites B and C. Site A will then set UBIK_RECFOUNDDB, and will claim that site A has the best db version available (UBIK_RECHAVEDB). This allows site A to process ubik write transactions (causing the db to be labelled with a new epoch), or possibly to send the db to the other sites via DISK_SendFile, if they quickly become available during recovery. Ubik write transactions can succeed in this situation, because our ContactQuorum_* calls will succeed if we never try to contact a remote site ('rcode' defaults to 0). This situation should be rather rare, because normally a majority of sites must be reachable by site A for site A to be voted the sync site in the first place. However, it is possible for site A to lose connectivity to all other sites immediately after sync site election. It is also possible for site A to proceed far enough in the recovery process to set UBIK_RECHAVEDB before it loses its sync site status. As a result of all of this, if a site with an old database comes online and there are network connectivity problems between the other sites and a ubik write request comes in, it's possible for the "old" database to overwrite the "new" database. This makes it look as if the database has "rolled back" to an earlier version. This should be possible with any ubik database, though how to actually trigger this bug can change due to different ubik servers setting different network timeouts. It is probably the most likely with the VLDB, because the VLDB is typically the most frequently written database. If a VLDB reverts to an earlier version, it can result in existing volumes to appear to not exist in the VLDB, and can result in new volumes re-using volume IDs from existing volumes. This can result in rather confusing errors. To fix this, ensure that we have contacted a majority of sites with DISK_GetVersion before indicating that we have located the best db version. If we've contacted a majority of sites, then we are guaranteed (under ubik assumptions) that we've found the best version, since previous writes to the database should be guaranteed to hit a majority of sites (otherwise they wouldn't be successful). If we cannot reach a majority of sites, we just don't set UBIK_RECFOUNDDB, and the recovery process restarts. Presumably on the next iteration we'll be able to contact them, or we'll lose sync site status if we can't reach the other sites for long enough. Change-Id: I84f745b5e017bb62d93b538dbc9c7de845bee1bd Reviewed-on: https://gerrit.openafs.org/12281 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 3e531db9ce50dd41f0c64a11ab3bfcf0239ba0cd Author: Andrew Deason Date: Thu May 12 21:34:31 2016 -0500 vlserver: rx_SetRxDeadTime before ubik init Currently, vlserver calls rx_SetRxDeadTime to set the default rx deadtime to 50 seconds, but it does so after calling ubik_ServerInitByInfo. ubik_ServerInitByInfo creates several rx connections before it returns, and so these connections get the default rx deadtime (12 seconds), instead of the 50 seconds vlserver tries to set. When ubik detects that a remote site is down, ubik recreates the rx connections for that site, and this new connection gets the new deadtime of 50 seconds. This means that ubik behavior can have different timings in the vlserver, depending on if any remote sites have ever been detected as being 'down' or not. This can result in seemingly-inconsistent or confusing behavior, since some sequences of operations that appear identical can produce different results, depending on if the 12-second timeout or the 50-second timeout is being used. This behavior is not directly to blame for any problems, but it can be very confusing, especially when trying to diagnose or reproduce bugs. So to make things more consistent, just call rx_SetRxDeadTime earlier, so all conns always get the 50-second timeout. In order to do this, though, we must also ensure that rx_Init is called before rx_SetRxDeadTime (otherwise, rx_Init will overwrite our configured deadtime). So also call rx_Init earlier; rx_Init is idempotent, so it's okay that it may be called again after or before this. Note that vlserver is currently the only ubik server that sets a deadtime of 50 seconds, and it's not clear why. Another way to solve this is to just remove the call to rx_SetRxDeadTime, to make vlserver behave more similar to ptserver. But this commit takes a conservative approach to result in a deadtime that is probably the most common in current use. Since, most long-running vlservers will probably eventually lose contact with remote sites at one time or another, and so will eventually use a deadtime of 50 seconds. Change-Id: I49430144d9a62eb8cad1509c1aeafc9fcc927f8e Reviewed-on: https://gerrit.openafs.org/12285 Tested-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 48ce41a447c354b8a20b769e4aa5b502ba5bcc09 Author: Marcio Barbosa Date: Fri Jul 15 12:22:11 2016 -0300 macos: use pkgbuild to build the package on 10.10/10.11 PackageMaker is no longer part of OS X. As a result, it is not possible to build the package on OS X 10.10 and OS X 10.11 using the existing code. To solve this problem, a new script, along with a couple of new files, are provided. - pkgbuild.sh This script uses the command line tools pkgbuild and productbuild to build the package on OS X 10.10 and OS X 10.11. By default, the package built by this script will not be signed. Optionally, the package might be signed. - Distribution.xml This file is nothing more than an XML file used by productbuild. It is mainly used to configure how the installer will look and behave. - conclusion.txt Contains the text that is displayed by Installer at the end of the installation process. Only used by El Capitan and further. - Uninstall.14.15 This script can be used by OS X 10.10/10.11 users to uninstall OpenAFS. Notes: - This work is based on a patch made by Brandon Allbery with fixes and updates from Andrew Deason . - El Capitan and further prevent us from touching /usr/bin directly. As a result, /opt is used. - If the package is not signed, the user will have to disable the OS X security protections. Otherwise, the client will not work. - Now we have two different scripts to build the package on OS X. For OS X 10.10 and newer versions, pkgbuild.sh will be used. For older versions, the existing buildpkg.sh will be used. Change-Id: If8320666c553b82af450c0263f5e80a00c33e3b8 Reviewed-on: https://gerrit.openafs.org/12239 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 1bfc24dda0f391b88d7617c6947d03216abb0d80 Author: Marcio Barbosa Date: Wed Jul 6 09:56:26 2016 -0300 pam: avoid warning messages In order to avoid some warning messages, do not ignore the code returned by some functions. Change-Id: Ie01fa98b54010d566fb5b980b001d58989ef9a67 Reviewed-on: https://gerrit.openafs.org/12298 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit a0417565a3ab7e6a49d7c48efd72d62bdeb4436c Author: Garrett Wollman Date: Sat Jul 28 18:35:13 2012 -0400 ptuser: guarantee that all names are valid C strings The prname type is represented in XDR as a vector[PR_MAXNAMELEN] of char, not as a string, which means that the XDR (de)serializer will not guarantee null-termination. Guarantee that all buffers used in the public protection server API are in fact valid strings by disallowing any names that are exactly PR_MAXNAMELEN (64) characters long. DO NOT silently truncate names that are even longer than this. Consistently use the prname typedef in declarations to reinforce the length limitation to those reading the header file. Introduces a new protection error code, PRNAMETOOLONG, which will be returned if either IN or OUT parameters would exceed the limit. [kaduk@mit.edu convert macro to static_inline function and expand at call sites; add string_ wrapper to add checking to viced and libadmin; export the string_ wrapper from libafsauthent for the windows build] Change-Id: I65f850afcfea2fd2bc0110ca7b7f6ecca247dd58 Reviewed-on: https://gerrit.openafs.org/7896 Reviewed-by: Chas Williams <3chas3@gmail.com> Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit f14d263a73f0be75e4de92f62e836fb2e55680dd Author: Joe Gorse Date: Thu Jun 9 14:11:23 2016 -0400 Linux 4.6: rm PAGE_CACHE_* and page_cache_{get,release} macros This is an automatic patch generated by Coccinelle (spatch) from the commit message of the linked commit: https://github.com/torvalds/linux/commit/09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a We will not add an autoconfig test because the PAGE_{...} macros should exist where the PAGE_CACHE_{...} were previously. The spatch used: @@ expression E; @@ - E << (PAGE_CACHE_SHIFT - PAGE_SHIFT) + E @@ expression E; @@ - E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) + E @@ @@ - PAGE_CACHE_SHIFT + PAGE_SHIFT @@ @@ - PAGE_CACHE_SIZE + PAGE_SIZE @@ @@ - PAGE_CACHE_MASK + PAGE_MASK @@ expression E; @@ - PAGE_CACHE_ALIGN(E) + PAGE_ALIGN(E) @@ expression E; @@ - page_cache_get(E) + get_page(E) @@ expression E; @@ - page_cache_release(E) + put_page(E) Change-Id: Iabe29b1349ab44282c66c86eced9e5b2056c9efb Reviewed-on: https://gerrit.openafs.org/12297 Reviewed-by: Michael Laß Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Stephan Wiesand Tested-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit 16463b602a210768f80bec9ef7c6896ea8a9909d Author: Stephan Wiesand Date: Wed Jul 13 16:55:11 2016 +0200 redhat: Use a secure URL to retrieve CellServDB By default, makesrpm.pl will use wget to retrieve the CellServDB as specified in the spec file. Even though the script need not and thus should not be run by a privileged UID, make this a bit more secure by specifying an https URL. Change-Id: I0f14bbac35e7dc30a6e194f8706f7f3674d15a3f Reviewed-on: https://gerrit.openafs.org/12329 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 8b57f9fc423c6a69a0fb8147d0621cb703e1374e Author: Marcio Barbosa Date: Thu Jun 9 15:04:18 2016 -0300 build-sys: do not capitalize value of HAVE_PAM The value assigned to HAVE_PAM should not be capitalized. If so, the PAM source files will not be compiled. To fix this problem, convert to lowercase one of the values assigned to HAVE_PAM. Change-Id: I4973394f8d398bbea0f578fadb04aedee6fd1fc0 Reviewed-on: https://gerrit.openafs.org/12296 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a443accfdf8771b90e2b06da04e7e3d1e88028fd Author: Michael Meffie Date: Thu Jun 11 11:02:20 2015 -0400 libafs: rename volume accessTime to setupTime Since OpenAFS 1.0, the struct volume accessTime member has been the time time the volume structure is setup, not the last time the volume was used (as indicated by the comments). This time stamp is only used to find the oldest available volume slot in the disked backed volume cache. (Perhaps in pre-OpenAFS this was updated each time the volume was referenced.) Rename this structure member and update the comments for it. Change-Id: I33a6371e8800b2d0f7b2700db0785fc365a8649e Reviewed-on: https://gerrit.openafs.org/11896 Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit c5b52c815972b4f623defaec9e0d8c235228b7b8 Author: Michael Meffie Date: Mon Apr 4 12:35:11 2016 -0400 vlserver: --enable-ubik-read-while-write configure option Commit a0f416e3504929b304fefb5ca65e2d6a254ade2e unconditionally turned on the new ubik_BeginTransReadAnyWrite functionality for the vlserver, which allows us to read data from ubik during a conflicting ubik write lock. This feature is not ready for production use. Make it a build time option, marked as experimental, until more testing can be done. Change-Id: If64702e7a7ed2340066df5faf82ce8b0875fc610 Reviewed-on: https://gerrit.openafs.org/12240 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit cd52915b3e8c8249c5af1cfebd57276cd34a00b9 Author: Benjamin Kaduk Date: Tue Oct 7 17:17:08 2014 -0400 LWP fileserver is no more Don't mention it in the man pages. Change-Id: I8a6d706f055545642116af5a98fa8c04f533b990 Reviewed-on: https://gerrit.openafs.org/11529 Reviewed-by: Marcio Brito Barbosa Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 43a66de66c40171fedcf0450e9fa93b47c0d9f2e Author: Michael Meffie Date: Fri Jun 5 10:09:54 2015 -0400 libafs: avoid resetting the dynroot volume every 10 minutes The dynroot volumes are synthetic, so do not need to be reset every time the background daemon checks the volumes. The results of osi_Time() is a signed 32-bit integer, and the volume expireTime is an signed 32-bit integer, so use signed 32-bit integers for the expiry check. Change-Id: Ib92157686c1d8b84a63d409cb148155705953b6d Reviewed-on: https://gerrit.openafs.org/11895 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit b3e85976936239e30d44da00bf28fbe8487f6998 Author: Mark Vitale Date: Thu Jun 18 15:54:28 2015 -0400 afs: document missing afs_Analyze parm rxconn was missing from the comments; add it. Change-Id: I8c0cf212ca2952d3a23c3bb5db1857dfd9a8f41e Reviewed-on: https://gerrit.openafs.org/12004 Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit dda47aab6179b6940aa994a0cd7b88a4b0942fe6 Author: Benjamin Kaduk Date: Mon Jul 4 20:13:31 2016 -0500 Add sysname IDs for FreeBSD 10.2 and 10.3 While here, de-conflict the numbers for 10.0/10.1 and 7.2/7.3 Change-Id: I87697587359a26258298f4710c7232bea417f807 Reviewed-on: https://gerrit.openafs.org/12321 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 683acaed17da90455aab0cbb3d1539c51415b137 Author: Benjamin Kaduk Date: Sun May 15 13:51:56 2016 -0500 viced: make -vhashsize usable for non-DAFS The ability to set the size of the volume hash table was added at the same time that DAFS was introduced, and got caught up in the same preprocessor conditional. However, -vhashsize can be useful for the traditional fileserver as well (even though we recommend DAFS over the traditional fileserver), so let it be used in that case. Update the man pages accordingly and fix some grammar while here. Noted by Mark Vitale. Change-Id: Ic3282c9d661d60cf36f9ffb197e723a3f71da167 Reviewed-on: https://gerrit.openafs.org/12287 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit d3b8a05d229a80100f40fca4dfdcd820313fcea8 Author: Marcio Barbosa Date: Tue Jun 28 12:48:06 2016 -0300 venus: fix memory leak The fs getserverprefs command displays preference ranks for file / volume location server machine interfaces. In order to get the complete set of preference ranks, the VIOC_GETSPREFS system call might have to be called several times. If so, the memory previously allocated should be released. Change-Id: I8491117ead626e70aac40343923d52284f274efd Reviewed-on: https://gerrit.openafs.org/12315 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 360f4ef53c454494cd5212a5ea46c658bdb2879c Author: Benjamin Kaduk Date: Sun May 1 19:48:40 2016 -0400 Linux 4.5: don't access i_mutex directly Linux commit 5955102c, in preparation for future work, introduced wrapper functions to lock/unlock inode mutexes. This is to prepare for converting it to a read-write semaphore, so that lookup can be done with only the shared lock held. Adopt the afs_linux_*lock_inode() functions accordingly, and convert afs_linux_fsync() to using those wrappers, since the FOP_FSYNC_TAKES_RANGE case appears to be the current case. Amusingly, afs_linux_*lock_inode() already have a branch to handle the case when inode serialization is protected by a semaphore; it seems that this is going to come full-circle. Change-Id: Ia5a194acc559de21808655ef066151a0a3826364 Reviewed-on: https://gerrit.openafs.org/12268 Tested-by: BuildBot Reviewed-by: Joe Gorse Tested-by: Joe Gorse Reviewed-by: Benjamin Kaduk commit 2ef27ea1bb032cee8d26980e60e02b52a0805763 Author: Chaskiel Grundman Date: Thu May 5 12:35:08 2016 -0400 Linux 4.5: get_link instead of follow_link+put_link In linux commit 6b255391, the follow_link inode operation was replaced by the get_link operation, which is basically the same but takes the inode and dentry separately, allowing for the possibility of staying in RCU mode. For now, only support this if page_get_link is available and we are using the USABLE_KERNEL_PAGE_SYMLINK_CACHE The previous test for USABLE_KERNEL_PAGE_SYMLINK_CACHE used a bogus, undefined configure variable (ac_cv_linux_kernel_page_follow_link). Remove it, as it was not needed Change-Id: I2d7851d31dd4b1b944b16fad611addb804930eca Reviewed-on: https://gerrit.openafs.org/12265 Tested-by: BuildBot Reviewed-by: Joe Gorse Tested-by: Joe Gorse Reviewed-by: Benjamin Kaduk commit d9cfc1f3f5a75f1dbb14a56cd3da9db6b7a48065 Author: Benjamin Kaduk Date: Sun May 1 19:04:45 2016 -0400 Linux 4.5: no highmem in symlink ops Symlink bodies in the pagecache should not be in highmem, as upstream converted in commit 21fc61c73. Change-Id: I1e4c3c51308df096cdfa4d5e7b16279e275e7f41 Reviewed-on: https://gerrit.openafs.org/12264 Tested-by: BuildBot Reviewed-by: Joe Gorse Tested-by: Joe Gorse Reviewed-by: Benjamin Kaduk commit 49106a54993a0c9c64b407f05deaabe8f64e742d Author: Nathaniel Wesley Filardo Date: Fri Aug 1 02:48:21 2014 -0400 Use rxkad_crypt for inter-volser traffic, if asked Add a -s2scrypt option to the volume server, with possible options: * never -- the existing behavior * always -- switch to using afsconf_ClientAuthSecure, which uses rxkad_crypt, for ForwardVolume calls. * inherit -- encrypt inter-server traffic if the causal client connection is encrypted. This has the effect of "inheriting" the "-encrypt" flag given to "vos release", for example. Thanks to Jeffrey Altman for pointers and to Andrew Deason for noting the existence of rxkad_GetServerInfo. [mmeffie@sinenomine.net fix assertion and style update.] Change-Id: Ia295ba3f29a8494c8250a480fb26594468d2116a Reviewed-on: https://gerrit.openafs.org/11349 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Thomas Keiser Reviewed-by: Benjamin Kaduk commit 4bd716223492aec23599a5ac01bce3cc47160bfd Author: Benjamin Kaduk Date: Sat May 14 13:37:54 2016 -0500 Fix typo in kaserver appendix Though it's very unlikely that someone would actually want to set up a new kaserver installation, if we have documentation for it, it ought to at least do what it claims to do. Thus, change kinit to klog where it was intended. Reported by Karl-Philipp Richter. FIXES 133043 Change-Id: I478a42931fa863c11b4acca7624bcabc14e561b1 Reviewed-on: https://gerrit.openafs.org/12286 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 74413d886d047073b2dd396fbf8f606fd1b263a0 Author: Mark Vitale Date: Thu May 12 22:23:36 2016 -0400 salvageserver: unable to write child log: out of memory Changes to salvageserver logging in commit 24fed351fd13b38bfaf9f278c914a47782dbf670 introduced a new bug in SalvageLogCleanup; the test for calloc() failure was inadvertently inverted. Fix the sense of the test. Change-Id: Id0ee4ac3e60d7285163a9ab0b32bd7d48e570ac0 Reviewed-on: https://gerrit.openafs.org/12284 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit bf17a719e3443502e2b4bdb7f6b9d2f0c1e39510 Author: Mark Vitale Date: Tue May 10 22:51:38 2016 -0400 salvageserver: segfault in DoSalvageVolume A typo in the recent logging changes for salvageserver ad455347bc99d1bd499535995958b5f77c2388ff caused a bad address to be passed to memset. Correctly memset the log options as intended. Change-Id: Ifef46defcc6da56df4e58f8ed9029717a77c0b39 Reviewed-on: https://gerrit.openafs.org/12282 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 562efa7e4c303acadf5c1df35c72674a3743c577 Author: Andrew Deason Date: Thu May 5 00:01:22 2016 -0500 ubik: Don't clear ubik_lastYesTime on startup In uvote_Init, we set ubik_lastYesTime to the current time just a few lines before. It is important to set ubik_lastYesTime to the current time, since that prevents us from voting for anyone in an ubik election for at least BIGTIME seconds. If we clear ubik_lastYesTime to 0, that means restarting a ubik server could cause it to immediately start voting for a different site than it was voting for before it started. This violates one of the ubik invariants; as mentioned in the comments in SVOTE_Beacon, we cannot promise sync site support to more than one site within BIGTIME seconds. So initializing ubik_lastYesTime to 0 could cause two different sites to be voted sync site simultaneously, if our restart caused a premature change in vote. Change-Id: I410fbefa8d699aac1c900d1fdd4e355b87917ad7 Reviewed-on: https://gerrit.openafs.org/12279 Reviewed-by: Mark Vitale Reviewed-by: Michael Meffie Reviewed-by: Jeffrey Altman Reviewed-by: Jeffrey Hutzelman Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 3c7a315b635fc4ee2118ee541f1169cf147622d5 Author: Chas Williams (CONTRACTOR) Date: Mon Jul 7 09:55:44 2014 -0400 auth: Allow subnet ranges in NetInfo and NetRestrict Add the ability to specify a range of addresses in both NetInfo and NetRestrict. Change-Id: Iecdcca8587aa2e6e7cd56cbbebb63eb41b5d6f40 Reviewed-on: https://gerrit.openafs.org/11313 Reviewed-by: Daria Phoebe Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 88f10280f8d9f39c76e63fbaa9023c09d7c3f0d7 Author: Benjamin Kaduk Date: Mon May 12 12:35:44 2014 -0400 export some kauth symbols for libadmin sample apps These functions are used, so they should be in the library's export list. Even though no one should be using kauth anymore. Change-Id: I3ad936c5b898f38194a461c7147792e2fe6f36b2 Reviewed-on: https://gerrit.openafs.org/11139 Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie Tested-by: Michael Meffie commit b0e6dd60b79e17a391dfdf1bcbb91f972f5c46b9 Author: Michael Meffie Date: Tue May 3 20:31:41 2016 -0400 afs: retire HAVE_LINUX_COMPLETION_H conditionals Now that support for linux 2.4 has been sunset, as of commit ccf353ede6ef5cce7c562993d1bea0d20844bdb7, it is no longer necessary to put conditional compilation checks around the linux wait-for-completion functions, which were introduced sometime during the linux 2.4 series and have been available since. Also, remove the remnant LINUX_COMPLETION_H_EXISTS autoconf macro, which was removed from use in commit ef8bd5a29b937a1211540aa60398ee966470a712. Change-Id: Iea974236f73eef8c567a897d6a473254edf95379 Reviewed-on: https://gerrit.openafs.org/12278 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 591da537e22be88da23216b2640331a7338ce0ae Author: Michael Meffie Date: Thu Apr 28 17:23:23 2016 -0400 afs: remove commented out sleep in afs_call.c The cell info setup was moved to the beginning of the startup sequence and an unnecessary sleep commented out in the syscall in which the cell info was set in commit 3fa5f389b2b7778cf0df5a506c91b427b147c4c2. Clean up afs_call.c a bit by removing this commented out code. Change-Id: I8ef0ddce4e1d327032b54ecebb48e9fdfe7767b4 Reviewed-on: https://gerrit.openafs.org/12277 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 5277460eaa300fc973b59d007cd3eaea93d30873 Author: Michael Meffie Date: Thu Apr 28 17:15:06 2016 -0400 afs: remove commented out AIX specific tweak This AIX specific code block has been commented out since openafs-ibm-1_0. The comments seem to indicate this was a networking tweak specific to AIX, but the kernel variables involved were not exported. Clean up afs_call.c by removing this dead code. Change-Id: Ieb66573c410199d590bfcccf942dca28547ed1e0 Reviewed-on: https://gerrit.openafs.org/12276 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 91f5cecc937923e16c5feda675fccd36d2b95164 Author: Michael Meffie Date: Thu Apr 28 16:52:42 2016 -0400 afs: cleanup remnant afs_vfs_mount prototype in afs_call.c The call to afs_vfs_mount() in afs_call.c was removed in commit a5ab24af71efe6b80eb0f78d1979c5ab1d1e594d. Remove the remnant prototype and the useless conditionals around it. Change-Id: I032ab5971a6e18df203f799c3a6e4f683a66d726 Reviewed-on: https://gerrit.openafs.org/12275 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 8fb11c599270e6cc335258f3473ea4d10f22b85e Author: Chas Williams (CONTRACTOR) Date: Tue Jan 6 17:47:19 2015 -0500 rw: Properly cleanup LWP environment Change-Id: I344d2081bdcfc2bd383e30bcf9a53f003356e9cb Reviewed-on: https://gerrit.openafs.org/11663 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit fd26f09d770c5d16cc2c8b45ac697876d41c91e3 Author: Chas Williams (CONTRACTOR) Date: Wed Dec 31 07:39:15 2014 -0500 lwp: fix bug in rw with assigning reader id Change-Id: I101202a49f14142cf503a64b45f9168a907bbace Reviewed-on: https://gerrit.openafs.org/11651 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5731d3459c16ab7c6a706b4f738028875aed2287 Author: Chas Williams (CONTRACTOR) Date: Tue Dec 23 09:59:05 2014 -0500 lwp: fix some warnings for rw.c Change-Id: I5459353649e3896b3ade3300403d4b88c85d6084 Reviewed-on: https://gerrit.openafs.org/11650 Reviewed-by: Jeffrey Altman Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 8c6bfb61922241b06f5c1467f3df0cf70d08e376 Author: Chas Williams (CONTRACTOR) Date: Tue Dec 23 10:39:10 2014 -0500 lwp: remove preemption support This feature of lwp is basically unused and inconsistently implemented. Change-Id: Icf5c04b3bbd71af2c3d1b22dc4bfbe051952d80b Reviewed-on: https://gerrit.openafs.org/11649 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit a9945c22185cfa22270a7b66d6ba356c2d9d8841 Author: Chas Williams <3chas3@gmail.com> Date: Fri Dec 25 06:37:06 2015 -0500 LINUX: dcache updates for mkdir and sillyrename Commit d075b0549d62e4a81b7543b9c2f5dac242074909 introduced parent_vcache_dv() to get the data version from fakestat mount points. .mkdir (essentially .create for directories) should use this when updating ->d_time. In sillyrename, __dp is a negative dentry that should be forced to revalidate since the new name in dentry now exists. Change-Id: I5b112ce0437bfb061479024fee745b46821e599c Reviewed-on: https://gerrit.openafs.org/12141 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 687b4d8af07dbcf187dea685e75b420884727efd Author: Benjamin Kaduk Date: Thu Aug 20 13:55:02 2015 -0400 Make setting of CFLAGS_NOSTRICT make sense Previously, we would set -fno-strict-aliasing only when --enable-checking was given to configure but not --enable-checking=all. The intent seems to have been to only warn about strict aliasing violations when --enable-checking=all is in use, but that there was no need to disable the strict-aliasing diagnostics when -Werror was not enabled. Unfortunately, -fno-strict-aliasing affects not only the diagnostics emitted by the compiler, but also the code generation! So we were leaving the normal (no --enable-checking) case with the compiler assuming C's strict aliasing rules. The OpenAFS codebase has historically not been strict-aliasing safe (for example, commit 15e8678661ec49f5eac3954defad84c06b3e0164 refers to a runtime crash using a certain compiler version, which is diagnosed as the compiler using the C strict aliasing rules to make optimizations that exposed the invalid program code. To avoid futher surprises due to new compiler optimizations that utilize the C strict aliasing rules, always disable strict aliasing except when --enable-checking=all is used. Change-Id: Ib5d3bbd7c88686bd9a878b6b2c5e7c2b4eeccc04 Reviewed-on: https://gerrit.openafs.org/11988 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit bc123573539084ffc5a16ef1efaaaced5b2be202 Author: Marcio Barbosa Date: Thu Mar 3 18:23:28 2016 -0300 afs: fix memory leak An error code is returned by afs_ProcessOpCreate if this function can not allocate memory for ttargetName. This function should release the memory previously allocated for tname and decrement the reference count of tdp as well. Change-Id: Ic771b1d57080df6ee562a7327762030afdd5b08c Reviewed-on: https://gerrit.openafs.org/12208 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 2a68f7a1c374789961fdfc6de1c228f4f33a8132 Author: Benjamin Kaduk Date: Sun Dec 20 13:33:36 2015 -0600 Partially unifdef afs_pag_call.c This file is only built on linux, for afspag.ko. There is no need to retain the artifiacts of its historical origin that include conditionals for SUN5 or HPUX or the like. Change-Id: Icbb2390d261f2f51766b392968fe332c4fb8aa6c Reviewed-on: https://gerrit.openafs.org/12134 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 8d244c4a52b2111030e74fd32f79136aca5b8904 Author: Andrew Deason Date: Tue Apr 1 13:28:20 2014 -0500 vos: Remove redundant " done" messages In 1.4, a 'vos backup' command looked like this: $ vos backup root.cell -verbose Re-cloning backup volume 537351386 ... done Created backup volume for root.cell As of 1.6.1, this output now looks like this: $ vos backup root.cell -verbose Re-cloning backup volume 537351386 ... done done Created backup volume for root.cell Note the extra " done". This change can break scripts that parse "vos" output, but mainly it just looks confusing and doesn't make any sense. This extra " done" appeared in verbose output for 'vos backup', 'vos backupsys', and 'vos clone'. It was introduced by commit 13a4f2b1, which added a VDONE to DoVolClone. This new VDONE call does make sense, as this does make DoVolClone more self-contained, but the old VDONE messages were not removed, so an extra " done" got printed. In addition, commit 13a4f2b1 introduced a new call to DoVolDelete followed by a VDONE, even though DoVolDelete calls VDONE itself, causing another redundant " done". To get rid of all of these redundant " done" messages, remove some extra VDONE calls in UV_BackupVolume and UV_CloneVolume. Almost all other calls to VDONE in vsprocs.c are matched by a preceding message that says what we are doing. The sole exception is UV_ChangeLocation, which outputs a " done" without any preceding message. However, this is the behavior that UV_ChangeLocation (and thus 'vos changeloc') has always has since it was introduced in 0c03f860. Thanks to Jakub Moscicki of CERN, who originally reported this issue at EAKC 2014. Change-Id: I6a13c85e73deb59b511086207a296f4017f799dc Reviewed-on: https://gerrit.openafs.org/10980 Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a62cbc209673632ec5124572304b5ee718ad1708 Author: Stephan Wiesand Date: Mon May 11 13:54:25 2015 +0200 redhat: remove leftover legacy kmod code from spec Commit ec706b21530240d7fb66bad2f08513eff8f7c335 removed support for Linux 2.4 and legacy kernel modules, but missed a few more occurances of the latter. Remove those too. Change-Id: I449f0303ec916d597f65790c6f6a564d2f58ce48 Reviewed-on: https://gerrit.openafs.org/11866 Reviewed-by: Jeffrey Altman Reviewed-by: Benjamin Kaduk Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Marcio Brito Barbosa commit c5e8d594e6809aedac1e6615f65e7e63652528ba Author: Benjamin Kaduk Date: Sat Feb 13 13:02:55 2016 -0600 doc: set use.id.as.filename for chunk.xsl The deployed documentation on docs.openafs.org uses html file names that match the id element for the XML elements in question. On recent Debian systems, rebuilding these documents uses different names for the files, based on their position within the document hierarchy. For consistency with past usage, and to avoid breaking direct links when possible, set the xsl parameter use.id.as.filename to go back to the old naming scheme. Change-Id: I6d3fa2b74e319d1375891170817760d027e82f03 Reviewed-on: https://gerrit.openafs.org/12189 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 170b584b3f0fb0e5121df7ded55364bb4df5abb1 Author: Steve Simmons Date: Tue Sep 13 13:41:19 2011 -0400 Reconciliation of src/{afs,vol}/voldefs.h Bring these two files back into synchronization. Fix possible bug on very old SysV hosts where volume header file extension could be handled inconsistently. Overall differences reduced by about 50%. HPUX/AIX differences now correctly managed in both versions. Comment formats and whitespace in both modified to remove differences and follow openafs standards. Change-Id: I8fdf9941a0ee6ad7a091be38740bc2796f2b1d18 Reviewed-on: https://gerrit.openafs.org/5405 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit d3e043189abee8a6bd43a92a6e8c8ed7f578055e Author: Benjamin Kaduk Date: Thu Dec 24 18:17:34 2015 -0600 Add extra parentheses to macro bodies In order to avoid surprises due to operator precedence, the bodies of macros that are intended to be used as values should always be enclosed in an outer set of parentheses, if they contain more than one term. Change-Id: If175b1977b9452a7507c5906e4e611eccafb4d67 Reviewed-on: https://gerrit.openafs.org/12143 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk commit 9c08ab654846b701557d89107e60cc8a96dc6d3a Author: Michael Meffie Date: Sat Apr 30 11:32:14 2016 -0400 git ignore akeyconvert Tell git to ignore the new akeyconvert binary added in commit 6f4bdc8cb3cd020cf4b499c352ec4c4811b5a267. Change-Id: I4b9473e455319ac8ec378169a911c0619ab1fced Reviewed-on: https://gerrit.openafs.org/12263 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 066ef66648f0d955aa310d0991d888afea9b68d7 Author: Benjamin Kaduk Date: Wed Mar 4 13:34:53 2015 -0500 configure: check for some more krb5 functions We will want to create a krb5_principal object that is used as a sigil for comparison against, and need to do so in a portable fashion. krb5_parse_name and krb5_unparse_name have been around for a long time, but the counterpart krb5_free_unparsed_name is not always available, so provide compatibility for it. krb5_free_keytab_entry_contents is only a symbol in MIT krb5; we will need a compat macro on Heimdal systems where it is not present. Change-Id: I1cfe12910adac39216b8c7dd337b7e22d73555ed Reviewed-on: https://gerrit.openafs.org/11785 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Michael Meffie commit 6f4bdc8cb3cd020cf4b499c352ec4c4811b5a267 Author: Benjamin Kaduk Date: Mon Mar 2 17:29:56 2015 -0500 Add akeyconvert, for rxkad.keytab to KeyFileExt conversion A simple utility to help with the 1.6-->1.8 upgrade by bulk-converting keys, with some sanity checking. Change-Id: Ibae9a1ea3b7c3bbad5ffbc02410fa7a4ff6c4d7f Reviewed-on: https://gerrit.openafs.org/11786 Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 8bf89fdbc251822b6a3149088f5634bb40e5c225 Author: Michael Meffie Date: Thu Nov 5 16:29:05 2015 -0500 roken: do not include the rk_rename() implementation on unix libroken provides roken/rename.c for platforms where the native rename() implementation does not replace the target if it already exists. As designed, rk_rename() should be used instead of rename() everywhere and rk_rename() is #defined to be rename() on platforms where this fix is not necessary. Do not include the rk_rename() implementation on platforms which do not need the rk_rename since it is not used on those platforms. Note: This fix also avoids a recursive rename(). As currently implemented, the rk_rename() function is redefined to rename() within the roken/rename.c module when RENAME_DOES_NOT_UNLINK is not defined. This can mask the standard library rename() and leads to a recursive call to rename(). Change-Id: I47a1fcd21939b161aaa7df7ffab26dc84e7b75ed Reviewed-on: https://gerrit.openafs.org/12091 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 40dfd90a9f29ea56a871449172f809c4ae3cd4f6 Author: Michael Meffie Date: Fri Feb 6 11:33:48 2015 -0500 externalize log rotation Do not create new server log files when servers are restarted by default. External log rotation tools may be used to rotate the logs by renaming log files and then signaling server processes to reopen log files. Add the -transarc-logs option to each server to provide backward compatibility with the traditional Transarc-style logging. When -transarc-logs is given, log files are renamed to an ".old" file (overwriting the existing ".old" file) and the previous the log file is truncated. Change-Id: I2eeb67e3db32b2f75fe685b68dab1159e62061e9 Reviewed-on: https://gerrit.openafs.org/11731 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 79c8b36e11073c40fde2918ae9ee80cc5c3b8efe Author: Michael Meffie Date: Fri Feb 6 10:56:43 2015 -0500 util: reopen server logs on SIGUSR1 for external log rotation Claim the SIGUSR1 signal for reopening server log files. A server process will reopen the log file when the SIGUSR1 signal is received. If the log file does not exist, the server process will create a new, empty log file. This allows external log rotation programs to rotate log files by renaming an existing log file then sending a SIGUSR1 signal to the corresponding server process. Any messages written to the log after the log file was renamed but before the SIGUSR1 signal is received will continue to be written to the renamed log file. The server process will write messages to the new log file after handling the SIGUSR1 signal. The SIGUSR1 signal is used to reopen the log file instead of the more commonly used SIGHUP signal, since SIGHUP is already used for resetting the logging level. The retirement of Linux 2.4 support, in particular the desupport of LinuxThreads, in commit ccf353ede6ef5cce7c562993d1bea0d20844bdb7 allows for the use of SIGUSR1 in OpenAFS. Change-Id: Ie3ff52ae4986eae30c7420b5f05ff1eacdfe7596 Reviewed-on: https://gerrit.openafs.org/11727 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5892473c2381b40a2be375a1b04ddae080711e12 Author: Michael Meffie Date: Sat Mar 12 18:54:43 2016 -0500 util: doxygenate server logging functions Provide doxygen style comment blocks for the server logging functions and module variables. Change-Id: Iacb49ce5d221f9219290e2479df8fa9a54a88fa7 Reviewed-on: https://gerrit.openafs.org/12221 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit ad455347bc99d1bd499535995958b5f77c2388ff Author: Michael Meffie Date: Wed Jan 6 17:06:54 2016 -0500 Remove server logging globals Remove the global variables used to setup server logging and replace with an argument to OpenLog. Keep the LogLevel variable as a global for use by the logging macros, but provide an inline function for applications which check the log level to dump more information when the log level is increased. Provide consistency by adding syslog tags to processes that did not previously set one (salvageserver, salvager, and volserver). [kaduk@mit.edu: update commit message, use old-style log rotation for kalog, minor commenting fixes] Change-Id: I11cffbdd1418304d33f0be02dd7e600955c4a8bb Reviewed-on: https://gerrit.openafs.org/12168 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 4bfb874d19135e1e5dfe96edbba8e8968cae32b0 Author: Benjamin Kaduk Date: Wed Dec 2 22:56:57 2015 -0600 Add comment about serverlog locking The lock protects global state such as the logging FD and the syslog-related variables. Change-Id: I5ea1b6945c10047da14d35b948a6a0ea53b55add Reviewed-on: https://gerrit.openafs.org/12123 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit a8c9997e93ba0fd36b0b71601157e4a0e9f3b9f5 Author: Michael Meffie Date: Thu Feb 5 16:59:52 2015 -0500 Reopen the correct filename when -logfile is given The name of the log file passed to ReOpenLog() may not match the name given in the initial OpenLog() call. This can happen when the -logfile option is given to the fileserver or volume server. Since the name given to ReOpenLog() must match the original name, change ReOpenLog() to use the name previously given to OpenLog() and update all callers. Change-Id: Ie6fa4cb6e3c03f853efe0207bbec5d8412c6fe59 Reviewed-on: https://gerrit.openafs.org/11723 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit d92ef173bc6ab7dd85bd2cbadbb2a089a9d4bacf Author: Michael Meffie Date: Wed Feb 4 12:19:32 2015 -0500 util: always reopen the log file Reopen the log file even if the filename exists. This fixes the situation where an external program moves or deletes the log file, then creates a new file with the same log file name. Change-Id: I3b98d6fc0d05c7ab231f84e9a271f925506ab51f Reviewed-on: https://gerrit.openafs.org/11725 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 02b228bc4c778645efbbc3d3bb12586a0424c1cd Author: Michael Meffie Date: Thu Feb 5 10:47:32 2015 -0500 util: refactor OpenLog and ReOpenLog Non-functional changes and cleanups in preparation for fixes and enhancements. Move the duplicated code to redirect the stdio/stderr streams to a common static function. Add a helper function to check for named pipes. Move the code to rename files when opening logs to a separate static function. Change-Id: I5b56b80a7e799b6605cfad7b58ac8249ac93acc8 Reviewed-on: https://gerrit.openafs.org/11721 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ac5346b3612e4f7dc3f97a57990959794b18c3a7 Author: Benjamin Kaduk Date: Sun Dec 20 22:11:23 2015 -0600 util: Remove undocumented magic of mrafs-style logs The MR-AFS-style logs would always include the thread number in log entries with the timestamp; now that we are trying to rebrand this feature as "timestampped logs", having this bonus feature is unexpected. Thread ids are still used at higher log levels, as enabled by SIGTSTP. Change-Id: Ie8c276e47a34d729ccce685ddf27bfa9e7a8f9f1 Reviewed-on: https://gerrit.openafs.org/12136 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 4b698db3198d30aa1cf1028d3cb7856211792f18 Author: Michael Meffie Date: Thu Feb 5 15:42:16 2015 -0500 util: fix file descriptor leak in mrafs-style logging When MR-AFS style logging is in effect, the SIGHUP signal handler will rename then create a new, empty server log file to support log rotation. Unfortunately, the old log file descriptor is not closed, so each SIGHUP signal will leak one file descriptor. Be sure to close the current log file descriptor before opening the log again. The OpenLog() routine will move the current log file to a new file, with a timestamp string appended to the log file, then open the server log file with truncate flag to start a new log file. Change-Id: Ic3f29607fa50ed868b9245865e375dedde438471 Reviewed-on: https://gerrit.openafs.org/11722 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit db74758924b4d889e1c713a46be898d47f4ae6a9 Author: Michael Meffie Date: Sun Mar 13 17:27:59 2016 -0400 util: fix log file renaming of mrafs-style logs Do not make timestamped log files with an invalid number of seconds when renaming old mrsafs-style log files, i.e., more than 59 seconds in the seconds field. Replace the goto used in the mrafs-style make file name retries with a regular, bounded loop. Change-Id: I16d032197e4b1e227b1f005fbc395a013e099561 Reviewed-on: https://gerrit.openafs.org/12220 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 721c3737c7f308c777a7f05cf014e4502c607eb2 Author: Michael Meffie Date: Wed Feb 4 20:53:52 2015 -0500 util: remove unused printLocks variable from mrafs-style logs Remove the unused printLocks variable, which was added in commit, 86f1dc2117e6b6c8abb55ccbc8621743969b8996 "mrafs-server-log-handling-20010212" but never used. Change-Id: I64459cf93e86352ef16d9526e46847cbb4997f10 Reviewed-on: https://gerrit.openafs.org/11719 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 340ec2f79208ee21c3130c4b1c13995947ce426c Author: Michael Meffie Date: Mon Mar 14 16:09:56 2016 -0400 util: allocate log filename buffers Allocate the ourName buffer to save the log filename during OpenLog(), instead of trying to copy the log filename to a fixed size buffer. Deallocate this buffer when the log is closed with CloseLog(). Save the log file name even when MR-AFS style logging is not effect to allow ReOpenLog() to use the saved filename in a later commit. Dynamically allocate a buffer when formatting a file name for log rotation instead of using a fixed size buffer on the stack. Allocate the buffer for both traditional Transarc-style log file renaming (appending ".old" to the log filename) and the MR-AFS style logging (appending a timestamp to the log filename). Change-Id: Ie217a93b271b48ccfc7b5244ad3a8c949d55ef54 Reviewed-on: https://gerrit.openafs.org/12219 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 1a72f4a917f14c97ab067eb303252e3244cb59d1 Author: Michael Meffie Date: Sun Mar 13 16:55:48 2016 -0400 util: open mrafs-style logs with O_APPEND too Commit b71a041364d28d6a56905a770cd20d1497ee26ec added the O_APPEND flag when opening the log file to allow sites to use logrotate's "copy and truncate" feature. Add the O_APPEND to MR-AFS style logs as well so MR-AFS style logs can also be handled correctly with logrotate, we have consistent open flags, and can remove a duplicate call to open the log file descriptor. Change-Id: I8370838e1e2c7ddaa042508d6b9cbe1299339f68 Reviewed-on: https://gerrit.openafs.org/12218 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 22da8ad7afa12313efdfba4eb6118c3496906275 Author: Michael Meffie Date: Sun Feb 1 16:53:26 2015 -0500 util: remove obsolete SETVBUF_REVERSED Commit 8af5762909714367c1cc764b3f491c06c2bcd5d0 "Clean up some obsolete Autoconf code" removed the obsolete autoconf check AC_FUNC_SETVBUF_REVERSED and one use of the results, but overlooked another instance; remove it. Change-Id: Id62a2a96b911c0d16d51d8cce0966ae3736bde87 Reviewed-on: https://gerrit.openafs.org/11718 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk Reviewed-by: Perry Ruiter Tested-by: BuildBot commit 5e49cb98ac09b85d830f443a4c006d91764d2e35 Author: Michael Meffie Date: Tue Feb 3 21:07:34 2015 -0500 util: always initialize the server log mutex Be sure to always initialize the server log mutex. Use pthread_once to ensure the mutex is initialized only once. Before this change the server log mutex was not properly initialized with pthread_mutex_init when logging to the syslog. Change-Id: Ief2ee6b373f7309bc05061f7413b6ff623b86e31 Reviewed-on: https://gerrit.openafs.org/11717 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 661f73beeb8cc61c24e1d53003d310e835c48a45 Author: Michael Meffie Date: Thu Mar 12 18:12:06 2015 -0400 util: fix server log fd validity checks Do not assume the server log file descriptor cannot be zero. Thanks to Chas Williams for spotting this bug. Change-Id: I0d264828926bf8cd765b45db4e529233b8686404 Reviewed-on: https://gerrit.openafs.org/11797 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit ee1e344cef437dd43610cd421e80df2f21001b80 Author: Michael Meffie Date: Wed Sep 2 17:22:16 2015 -0400 util: remove util/softsig Remove the old util/softsig implementation, which has been replaced by opr/softsig. Change-Id: Ie32f04129dd0b09a8baf9f6739abf53fbf1b98eb Reviewed-on: https://gerrit.openafs.org/11998 Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 83fcf5d69800f6ba3c5733cb8cc0007f8b2c9dbc Author: Michael Meffie Date: Wed Sep 2 16:33:46 2015 -0400 ptserver: convert the ptserver to opr softsig Convert the ptserver from regular signal handling to the opr soft signal handling when built with pthreads. This makes it safe to call pthread functions within signal handlers. Change-Id: I43d345517c75e275d6896154a979a908181a1f39 Reviewed-on: https://gerrit.openafs.org/11997 Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 803d15b6aa1e65b259ba11ca30aa1afd2e12accb Author: Michael Meffie Date: Wed Sep 2 16:32:54 2015 -0400 vlserver: convert the vlserver to opr softsig Convert the vlserver from regular signal handling to the opr soft signal handling when built with pthreads. This makes it safe to call pthread functions within signal handlers. Change-Id: Ic9bd841c4796bd64b603505541da7e767afda83e Reviewed-on: https://gerrit.openafs.org/11996 Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit e0d7f9b591db66fd33b7e98f669b2e4ff9decf1c Author: Michael Meffie Date: Wed Sep 2 16:28:43 2015 -0400 volser: convert the volume server to opr softsig Convert the volume server from regular signal handling to the opr soft signal handling when built with pthreads. This makes it safe to call pthread functions within signal handlers. Change-Id: I25b9a9184c526f4ce9b6e2abb25ae9135cc97ec6 Reviewed-on: https://gerrit.openafs.org/11995 Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 093fdd6c4cdaeb31a2d9078bd0db5b2e1030b335 Author: Michael Meffie Date: Thu Mar 31 16:40:40 2016 -0400 viced: convert the fileserver to opr softsig Convert the fileserver from the obsolete softsig routines to the modern opr softsig routines for pthreaded programs. Change-Id: I9e98e402f73ebca05fcaf0f852055b9a5ad93632 Reviewed-on: https://gerrit.openafs.org/11994 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 97d02926d3d82bf49ad0f53b85c186e0c6a96530 Author: Michael Meffie Date: Mon Jun 29 11:03:16 2015 -0400 viced: remove old signal handler wrappers Remove remnants of old lwp thread signal handler wrapper functions from the fileserver. The lwp softsig handlers required a function which was passed a void pointer argument and returned a void pointer. Tidy the code by removing the unneeded wrappers and use the signal handler functions directly. Change-Id: I3d52efe659b03ee9a9484ec7a9d74404f1970278 Reviewed-on: https://gerrit.openafs.org/11921 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit b5c2d7d3d574514fd8d4c602f8b01cb7bfa41091 Author: Michael Meffie Date: Thu Mar 31 16:39:48 2016 -0400 util: softsig version of function to setup logging signal handlers Provide a new routine to setup the server log signals which registers soft signal handlers for the common log management signals (SIGTSTP and SIGHUP). Keep the old SetupLogSignals() routine around while lwp still exists. Change-Id: Ic9151c7ad25528e8e4008a4567836e4196cbe8c3 Reviewed-on: https://gerrit.openafs.org/12238 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 524d92b497e525bb7bc0929385e722a0c4157890 Author: Michael Meffie Date: Thu Mar 31 16:38:29 2016 -0400 Windows: opr_softsig.h Make the opr softsig header file available in the windows builds so it can be included unconditionally in the code base. Change-Id: I19a75ce060e20b525d83ec5bed42d3168362d852 Reviewed-on: https://gerrit.openafs.org/12237 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 22030429fc680959d4d222f20b0756b82eb56d4c Author: Michael Meffie Date: Thu Mar 31 16:37:42 2016 -0400 procmgmt: wrappers for softsig handlers Provide procmgmt wrappers for Windows environments which match the opr_softsig functions. This allows builds of the windows servers continue to use the existing process management signal handling functions, without introducing additional conditional compilation in the server code. Change-Id: I0ac287bde294996fb7f32c19370f2992a0af2a58 Reviewed-on: https://gerrit.openafs.org/12236 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 24fed351fd13b38bfaf9f278c914a47782dbf670 Author: Michael Meffie Date: Wed Sep 9 21:26:23 2015 -0400 salvager: convert salvager and salvagerserver to libutil logging Use the libutil logging facility in the salvager and DAFS salvageserver in order to have consistent logging features and time stamp formats with the other OpenAFS servers. Change-Id: I8352d7e16b4a9f96b814a3b5c0b3b79a7c48e4bc Reviewed-on: https://gerrit.openafs.org/12003 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 9c6e6d4c34d867639ac90ba9a46084f3700b57d1 Author: Jonathon Weiss Date: Fri Apr 15 19:29:58 2016 -0400 Find Tivoli TSM headers in 64 bit location When building with --enable-tivoli-tsm locate the Tivoli TSM headers if they are installed in the path used by the 64 bit Tivoli TSM installation. Change-Id: I4f114a4ada1babcbe1e52f451f10e78d861b7fd0 Reviewed-on: https://gerrit.openafs.org/12258 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 5c136c7d93ed97166f39bf716cc7f5d579b70677 Author: Michael Meffie Date: Thu Aug 27 13:06:05 2015 -0400 afs: shake harder in shake-loose-vcaches Linux based cache managers will allocate vcaches on demand and deallocate batches of vcaches in the background. This feature is called dynamic vcaches. Vcaches to be deallocated are found by traversing the vcache LRU list (VLRU) from the oldest vcache to the newest. Up to a target number of vcaches are attempted to be evicted. The afs_xvcache lock protecting the VLRU may be dropped and re-acquired while attempting to evict a vcache. When this happens, it is possible the VLRU may have changed, so the traversal of the VLRU is restarted. This restarting of the VLRU transversal is limited to 100 iterations to avoid looping indefinitely. Vcaches which are busy cannot be evicted and remain in the VLRU. When a busy cache was not evicted and the afs_xvache lock was dropped, the VLRU traversal is restarted from the end of the VLRU. When the busy vcache is encountered on the retry, it will trigger additional retries until the loop limit is reached, at which point the target number of vcaches will not be deallocated. This can leave a very large number of unbusy vcaches which are never deallocated. On a busy machine, tens of millions of unused vcaches can remain in memory. When the busy vcache at the end of the VLRU is finally evicted, the log jam is broken, and the background deamon will hold the afs_xvcache lock for an excessively long time, hanging the system. Fix this by moving busy vcaches to the head of the VLRU before restarting the VLRU traversal. These busy vcaches will be skipped when retrying the VLRU traversal, allowing the cache manager to make progress deallocating vcaches down to the target level. This was already done on the mac osx platform while attempting to evict vcaches. Move the code to move busy vcaches to the head of the VLRU up the the platform agnostic caller. Thanks to Andrew Deason for the initial version of this patch. Change-Id: I7768d00604e56d8d5369ac5215f7c2ab7996c4eb Reviewed-on: https://gerrit.openafs.org/11654 Tested-by: BuildBot Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk commit 961875cbedc2c91cdba6dc34a43c6136ea9797fb Author: Michael Meffie Date: Thu Feb 25 18:49:20 2016 -0500 LINUX: hold vcache while dropping dcache refs Hold a reference on a vcache while attempting to evict the inode from the dcache. Since the afs_xvcache lock is dropped, it could be possible for the vcache to be flushed during this time, making it unsafe to use the vcache after the eviction attempt. Change-Id: I9d91db98387b7aaa986ed915420c6cafb4f12438 Reviewed-on: https://gerrit.openafs.org/12206 Tested-by: BuildBot Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk commit 3609ebcfa3f70ca7612364c0cc2345b1d7f1096b Author: Stephan Wiesand Date: Thu Apr 7 10:58:30 2016 +0200 Linux: Fix misleading indentation and other whitespace Commit 7edc6694e7632c9736bd1516935604a638165313 introduced a misleading indentation of a line in afs_linux_prefetch. Correct it, and once here remove trailing whitespace throughout the file. Change-Id: Idab888bb72c782bfd25c7fc81316eb1b65c0d128 Reviewed-on: https://gerrit.openafs.org/12253 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 808b156bd890cd78dc59b443b4ebe32e98d440d4 Author: Benjamin Kaduk Date: Tue Apr 5 12:53:48 2016 -0500 Fix typo in cm_dcache.c Commit b85c5f9339e20d3de9b1316217dadbea41ad537e introduced a new memset() but left out a prenthesis. In the absence of a windows build machine, this error went unnoticed. Reported by Mark Vitale. Change-Id: Ie250163029132896cd70dc822c6170913e83dafe Reviewed-on: https://gerrit.openafs.org/12241 Reviewed-by: Michael Meffie Tested-by: BuildBot Tested-by: Michael Meffie Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit a3fa6dabf481cf0e79bdddaab315e801f213a46b Author: Marcio Barbosa Date: Mon Mar 28 15:50:16 2016 -0300 doc: add missing angle bracket The options -logfile and -config should be enclosed by angle brackets. Change-Id: I9e5767b7e43753b37dbc8d86c5346c778f8bab8d Reviewed-on: https://gerrit.openafs.org/12233 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ae5f411c3b374367ab8ae69488f78f8e0484ce48 Author: Stephan Wiesand Date: Tue Mar 8 14:15:17 2016 +0100 Linux 4.4: Do not use splice() splice() may return -ERESTARTSYS if there are pending signals, and it's not even clear how this should be dealt with. This potential problem has been present for a long time, but as of Linux 4.4 (commit c725bfce7968009756ed2836a8cd7ba4dc163011) seems much more likely to happen. Until resources are available to fix the code to handle such errors, avoid the riskier uses of splice(). If there is a default implementation of file_splice_{write,read}, use that; on somewhat older kernels where it is not available, use the generic version instead. [kaduk@mit.edu: add test for default_file_splice_write] Change-Id: Ib4477cdfb2cd0f49f516da75edc3cb9d1a8817dc Reviewed-on: https://gerrit.openafs.org/12217 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 58d82226a555d3781a5cb45e5cc177727628ebd8 Author: Michael Laß Date: Mon Jan 18 19:58:00 2016 +0100 Linux 4.4: Use locks_lock_file_wait The locks API was changed in Linux 4.4, introducing locks_lock_file_wait (e55c34a66f87e78fb1fc6b623b78c5ad74b475af) and removing flock_lock_file_wait (616fb38fa7a9599293e05ae1fa9acfaf73922434). locks_lock_file_wait can be used as a drop-in replacement so define flock_lock_file_wait as an alias for it. Change-Id: Iba89a43c651737c86cbf519a933289d97c25a467 Reviewed-on: https://gerrit.openafs.org/12170 Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 5067ee3ae11932a3f1c972c8f88b20afbd9e1d88 Author: Michael Laß Date: Mon Jan 18 18:29:00 2016 +0100 Linux 4.4: key_payload has no member 'value' In Linux 4.4 (146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc) type-specific and payload data have been merged. The payload is now accessed directly and has no 'value' member anymore. FIXES 132677 Change-Id: Id26c40c80314a0087ecc0735029412787058ef07 Reviewed-on: https://gerrit.openafs.org/12169 Tested-by: BuildBot Reviewed-by: Mark Vitale Tested-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 279f9c54b4ccd8a55812ac8423a153d5c2deb0ab Author: Chas Williams <3chas3@gmail.com> Date: Mon Nov 23 14:19:38 2015 -0500 Remove automated casting in rxgen We should let the compiler warn us when we attempt to convert types that should not be converted. Change-Id: Ie9f5f6ab5d5978bbe5e741b1a20bfb4d36fb314c Reviewed-on: https://gerrit.openafs.org/12116 Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 9823c576229f74fe4c308b5164149873e0fddbaf Author: Chas Williams <3chas3@gmail.com> Date: Mon Nov 23 14:15:08 2015 -0500 rxgen: Don't use size_t in struct rx_opaque with XDR OpenAFS's XDR doesn't support size_t at this time. For now, use a temporary stack variable to avoid 32/64-bit issues and copy back the returned value upon success. Change-Id: Ia3dd8abd665a19e04aa611f940728d088a8f87b7 Reviewed-on: https://gerrit.openafs.org/12115 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 5aa6d4a26a5b84389ecb22bc8c6cd69dee8e4ca4 Author: Chas Williams <3chas3@gmail.com> Date: Mon Nov 23 12:29:31 2015 -0500 Refactor printing arguments to the xdr routines This makes some future changes a bit easier to read and implement. Change-Id: I48eafa67659739865f43a0bcfe1f8a897a7a8940 Reviewed-on: https://gerrit.openafs.org/12114 Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit f99c1ec32bb6e8d31ac517173ff7502dbd85aa05 Author: Michael Meffie Date: Fri Mar 18 10:22:33 2016 -0400 doc: fs examine no longer requires read rights on the volume root vnode Update the man page to reflect the current access rights required for fs examine. Historically, fs examine required read access on the root vnode of the volume housing the directory or file being examined. This access check was relaxed in commit d2d591caf2c9b4cf2ebae708cc9b4c8b78ca5a5a, since the information returned by the file server is already available anonymously by other means. Change-Id: If62b625bce8a260b98fb56a6feec49c674f2de53 Reviewed-on: https://gerrit.openafs.org/12223 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 02a393de6b30a500b77f276011c70d41eff363b5 Author: Benjamin Kaduk Date: Wed Mar 16 16:16:49 2016 -0500 Add param files for FreeBSD 10.2, 10.3 FreeBSD 10.3 is in the beta stage now; better get ready for it. Change-Id: I2a6b6144916f13768bfad27af5eb5340e039939b Reviewed-on: https://gerrit.openafs.org/12222 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit e63c2570f9d95bee7c7a00dd578a6971c6e733b9 Author: Benjamin Kaduk Date: Mon Mar 14 23:15:20 2016 -0500 OPENAFS-SA-2016-002 ListAddrByAttributes information leak The ListAddrByAttributes structure is used as an input to the GetAddrsU RPC; it contains a Mask field that controls which of the other fields will actually be read by the server during the RPC processing. Unfortunately, the client only wrote to the fields indicated by the mask, leaving the other fields uninitialized for transmission on the wire, leaking some contents of client memory. Plug the information leak by zeroing the entire structure before use. FIXES 132847 Change-Id: I9ccf814ceff206ddb3a74da97dc50b7e1e3c2014 commit c12b3fee2fabd92c57d92fc945d70acba9f53ab3 Author: Benjamin Kaduk Date: Mon Mar 14 23:15:20 2016 -0500 OPENAFS-SA-2016-002 VldbListByAttributes information leak The VldbListByAttributes structure is used as an input to several RPCs; it contains a Mask field that controls which of the other fields will actually be read by the server during the RPC processing. Unfortunately, the client only wrote to the fields indicated by the mask, leaving the other fields uninitialized for transmission on the wire, leaking some contents of client memory. Plug the information leak by zeroing the entire structure before use. FIXES 132847 Change-Id: I14964e98a57ba6ef060c6e392497f1ebd3afe042 commit 67646c7c901a1f346d78666f432b673c5b341380 Author: Benjamin Kaduk Date: Mon Mar 14 23:15:20 2016 -0500 OPENAFS-SA-2016-002 AFSStoreVolumeStatus information leak The AFSStoreVolumeStatus structure is used as an input to the RXAFS_SetVolumeStatus RPC; it contains a Mask field that controls which of the other fields will actually be read by the server during the RPC processing. Unfortunately, the client only wrote to the fields indicated by the mask, leaving the other fields uninitialized for transmission on the wire, leaking some contents of kernel memory. Plug the information leak by zeroing the entire structure before use. FIXES 132847 Change-Id: Ib309e6b00b95bc4178740352899d7f940f2eb1ea commit b85c5f9339e20d3de9b1316217dadbea41ad537e Author: Benjamin Kaduk Date: Sun Mar 13 12:56:24 2016 -0500 OPENAFS-SA-2016-002 AFSStoreStatus information leak Marc Dionne reported that portions of the AFSStoreStatus structure were not written to before being sent over the network for operations such as create, symlink, etc., leaking the contents of the kernel stack to observers. Which fields in the request are used are controlled by a flags field, and so if a field was not going to be used by the server, it was sometimes left uninitialized. Fix the information leak by zeroing out the structure before use. FIXES 132847 Change-Id: I84a5a10442732ebbcb5d5067ca22030fb795168b commit d853866c56a114616ecb68f06a914aaea0e5c7c7 Author: Jeffrey Altman Date: Wed Mar 9 20:38:10 2016 -0600 OPENAFS-SA-2016-001 group creation by foreign users CVE-2016-2860: In AFS 3.3 as part of the addition of the cross-cell support for foreign user auto-registration a bug was introduced that permits foreign users to create arbitrary groups as if they were system administrators. This permits the groups to be created without any group quota checks, and using group names that non-administrators would not normally be able to create, such as groups with the "system:" prefix or groups with no colon (that is, in the namespace for users). Additionally, all entries created using the auto-registration service were marked as being created by system:administrators. This behavior should not be changed on the stable release branch, but for the next release the behavior will change to show these entries as being self-created, to better reflect reality. FIXES 132822 [kaduk@mit.edu: reword commit message, minor style adjustments] Change-Id: I54ddca3e4e1339f76ed320f0d6c53d8820aed89c commit e3bb92c2a0883ae2922ac6019eed543201dbc2ec Author: Jeffrey Altman Date: Wed Mar 9 22:34:55 2016 -0600 ptserver: fix pt_util creation of groups In commit 53ac98931adf9f04c150d9bc084cae31f3913476 the adjustment of owner id was moved from CreateEntry() into CreateGroupName(). This was done for two reasons: 1. to reuse the computation of "is administrator" within CreateGroupName() in order to permit the owner id to be set to the invalid values 0 and ANONYMOUSID. 2. to allow the owner id to be altered in ChangeEntry(). Unfortunately, CreateEntry() needs to be able to alter the owner id when creating users not only groups. This change moves the computation of "is administrator" and the owner id assignment to CreateEntry() and ChangeEntry(). Change-Id: I0d37f5a43ea5919d1bbc3ba6d82b2924ab38befc commit b702ab5da216976ed01ad3b1c474ecd4cc522ff2 Author: Michael Meffie Date: Wed Feb 24 16:57:11 2016 -0500 LINUX: ifconfig is deprecated ifconfig is deprecated and is no longer installed by default on RHEL 7 and Centos 7. Use the replacement ip command in the init script for linux. Fallback to ifconfig in the event the ip command is not available. Thanks to Ben Kaduk for pointing out the hash built-in command. Change-Id: I7ffe272eb712cd83a70a7d880d239f72b40cb5df Reviewed-on: http://gerrit.openafs.org/12192 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk commit d833ba768064a32a19c6b0b94ffb0d8a3a40a089 Author: Mark Vitale Date: Thu Mar 27 06:36:59 2014 -0400 DAFS: large volume support - fileserver crash after "addled bitmap" Any DAFS fileserver operation that allocates a new vnode but fails to update the vnode index will crash: "Fatal Rx error: assertion failed: --vp->nWaiters >= 0, file: ../vol/volume.c, line: nnnn" Note: This crash was exposed by other bugs (to be addressed in future commits) in OpenAFS large volume support. However, there may be other failure paths (unrelated to large volumes) that expose this error as well. When VAllocVnode() must allocate a new vnode but fails while updating the vnode index file (e.g. an "addled bitmap" due to other bugs in working with a vnode index larger than 2^31 bytes), it branches to common recovery logic at label error_encountered:. Part of this recovery is to call VFreeBitmapEntry_r(). Commit 08ffe3e81d875b58ae5fe4c5733845d5132913a0 added a VOL_FREE_BITMAP_WAIT flag to VFreeBitmapEntry() in order to prevent races with VAllocBitmapEntry(). If the caller specifies VOL_FREE_BITMAP_WAIT, VFreeBitmapEntry_r will call VCreateReservation_r() and VWaitExclusiveState_r(). However, the exit from VFreeBitmapEntry_r() calls VCancelReservation_r() unconditionally. This works correctly with the majority of callers to VFreeBitmapEntry_r, which do specify the VOL_FREE_BITMAP_WAIT flag. However, the VAllocVnode() error_encountered logic must specify 0 for this flag because the thread is already in an exclusive state (VOL_STATE_VNODE_ALLOC). This correctly causes VFreeBitmapEntry_r() to forgo both the reservation and wait-for-exclusive-state. However, before exit it erroneously calls VCancelReservation_r(). We now have unbalanced reservations (nWaiters); this causes an assert when the VAllocVnode() error_encountered recovery code later calls VCancelReservation_r() for what it believes is its own prior reservation. Modify VFreeBitmapEntry_r() to make its final VCancelReservation_r() conditional on flag VOL_FREE_BITMAP_WAIT. Change-Id: Id6cf6b1279b11e6dfc4704bba5739912f663beca Reviewed-on: http://gerrit.openafs.org/11983 Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit cc79ca882d180fddadb785f65279c4340210d5d0 Author: Mark Vitale Date: Sat Jul 18 01:12:51 2015 -0400 bozo: allow start of fs and dafs bnodes with options fs_create() and dafs_create() issue stat() to verify the existence of each executable specified in the bnode. However, commit fda2bc874751ca479365dc6389c0eebb41a0bda1 inadvertently removed the code that stripped any command arguments before the stat(). Therefore, any bnode that specifies arguments (e.g. /usr/afs/bin/dafileserver -d 5), causes the stat() to fail and the bnode will not start. Rename function AppendExecutableExtension() to a less "window-ish" name: PathToExecutable(). Modify the Windows version of PathToExecutable() to properly strip arguments. Reimplement the Unix macro as function PathToExecutable() that properly strips arguments. Change-Id: I04f7ce2afb8211bd12b9063db1335738bff1cc1e Reviewed-on: http://gerrit.openafs.org/11934 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Michael Meffie Tested-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 44349d0694c7a185fae4c55c75cb01196d109a26 Author: Mark Vitale Date: Tue Feb 16 14:55:03 2016 -0500 viced: incorrect FID audit of BulkStatus and InlineBulkStatus The audit code for object AUD_FIDS is off by one - we list the first FID twice and skip the last FID. Repair so all FIDs are properly audited. Change-Id: I99f4687e25031eb26ccd7e07b732217b098005de Reviewed-on: http://gerrit.openafs.org/12191 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk commit c0876aa6b5edb2796330d786660ed4f2075a1fcf Author: Michael Meffie Date: Mon Feb 8 10:10:32 2016 -0500 test: skip buserror test when SIGBUS is not defined in perl POSIX module Older versions of the perl POSIX module do not define the SIGBUS symbol, which causes the opr/softsig-t perl test to fail to compile. Instead of trying to defined SIGBUS, which may be platform dependent, skip the buserror unit test on these older platforms. Change-Id: Ib8cfd77215ea43566e9d47b501d4989556b83734 Reviewed-on: http://gerrit.openafs.org/12186 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 378eae1d534d61d357a0ad681b57b5e203f814ad Author: Michael Meffie Date: Mon Feb 8 12:12:22 2016 -0500 CellServDB update 01 Jan 2016 Update all remaining copies of CellServDB in the tree, and make the Red Hat packaging use it by default too. Change-Id: Idf9d97151b8e9075fefa7aece58fd023bfd857ff Reviewed-on: http://gerrit.openafs.org/12187 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ed52d65fe98549e13023e0a8997da479b626085a Author: Michael Meffie Date: Fri Jan 30 12:20:10 2015 -0500 volser: detect eof in dump stream while reading acl Detect an EOF condition while reading the ACL in a dump stream and return a restore error, instead of filling the ACL with 0xFF and then failing the restore due to an invalid tag. Change-Id: If7a71946c81f47ac68ed2f7afdfca1023bad3baf Reviewed-on: http://gerrit.openafs.org/11703 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 97150150e6d12cbbc0c4a5af3424c9bf1e56918c Author: Benjamin Kaduk Date: Sun Nov 22 14:23:49 2015 -0600 cellconfig: check for invalid dotted quads IP addresses entered into the CellServDB with components larger than 255 would silently be trucated down to 8-bit unsigned integer representations. This could cause confusing behavior with occasional hangs. FIXES 131794 Change-Id: I44834cb4662e178fdb4be2eeb03ad58d2fa7c556 Reviewed-on: http://gerrit.openafs.org/12109 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 11845765c75a2f15404ac55a882358c3f88595b9 Author: Andrew Deason Date: Sat Apr 11 20:51:09 2015 -0500 afs: Log abnormally large chunk files Any chunk in our cache for a regular file should be smaller than or equal to our configured chunksize. If someone sets a chunk to be larger than that, it is very strange and may cause other confusing issues. Specifically, afs_DoPartialWrite determines if our cache is "too full" by counting the number of dirty chunks. If we have a dirty chunk that is much larger than the chunksize, it can throw off the afs_DoPartialWrite calculation. This is only true for dcaches backing regular files, though. For directories, we fetch the entire directory into a single chunk file, and the size of a directory blob can easily exceed the chunksize without issues. The aforementioned issue with afs_DoPartialWrite does not apply, since directory chunks cannot be dirty (we only locally modify the chunk if we modify the dir on the server, and the DVs match). Anyway, it should not be possible to get a chunk for a regular file larger than the chunksize. Log a message if it does occur, to help assist anyone in tracking down issues when this does occur. [mmeffie@sinenomine.net remove unnecessary casts in afs_warn args.] Change-Id: I5cf58e3659dc04255c62fa56b044d5bc1c7ce877 Reviewed-on: http://gerrit.openafs.org/11831 Reviewed-by: Michael Meffie Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 775b8873f45ef563b5caaae9911acd91232f9966 Author: Chas Williams <3chas3@gmail.com> Date: Sat Apr 25 16:53:43 2015 -0400 opr: Use opr_Assert() instead of silently failing These routines should never be passed a NULL. If this happens it is a serious issue that needs to be addressed. Change-Id: I9728dcd67bc9f8e9927bed1674fc0ee83567df1a Reviewed-on: http://gerrit.openafs.org/11853 Tested-by: BuildBot Tested-by: Benjamin Kaduk Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 04661c4139b3f0bc7d44a43160c9a0ac1405ca5e Author: Chas Williams <3chas3@gmail.com> Date: Sat Apr 25 16:38:12 2015 -0400 opr: Disable some warnings during opr assertions Detect _Pragma(), a C99 extension for inline #pragma's, and use it to disable to certain warnings during the use of opr_Verify() and opr_Assert(). Because some versions of clang support _Pragma, do not have support for -Wtautological-pointer-compare, and do set -Werror and -Wunknown-pragmas, we must explicitly check for pragma support for -Wtautological-pointer-compare as well. Change-Id: Id3d5ee347f320a366a0571572b58414aa7044bf7 Reviewed-on: http://gerrit.openafs.org/11852 Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 5fbf45b56298aa5a93cf9015f2d6346c7a0f615c Author: Andrew Deason Date: Thu Apr 9 21:26:25 2015 -0500 afs: Log weird 'size' fetchdata errors There are a couple of situations that should never happen when issuing a fetchdata, but cause errors when they do: - The fileserver responds with more than 2^32 bytes of data - The fileserver responds with more data than requested (but still smaller than 2^32) While these should normally never be encountered, it can be very confusing when they do, since they cause file fetches to fail. To give the user or investigating developer some hope of figuring out what is going on, at least log a warning in these situations, to at least indicate this is the area in which something is breaking. Only log these once, in case something causes these conditions to be hit, e.g., every fetch. Once is at least enough to say this is happening. [mmeffie@sinenomine.net remove unneeded casts in afs_warn args and explicit static initializers.] Change-Id: I7561a9ecc225386f9b140e633912b900c591a9bb Reviewed-on: http://gerrit.openafs.org/11830 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit c0f52c3a3d76059c9d8b2df3374df844d8d6861b Author: Andrew Deason Date: Tue Apr 7 22:10:53 2015 -0500 afs: Fix fetchInit for negative/large lengths Currently, the 'length64' variable in rxfs_fetchInit is almost completely unused (it just goes into an icl logging function). For the length that we actually use ('*alength'), we just take the lower 32 bits of the length that the fileserver told us. This method is incorrect in at least the following cases: - If the fileserver returns a length that is larger than 2^32-1, we'll just take the lower 32 bits of the 64-bit length the fileserver told us about. The client currently never requests a fetch larger than 2^32-1, so this would be an error, but if this occurred, we would not detect it until much later in the fetch. - If the fileserver returns a length that is larger than 2^31-1, but smaller than 2^32, we'll interpret the length as negative (which we assume is just 0, due to bugs in older fileservers). This is also incorrect. - If the fileserver returns a negative length smaller than -2^31+1, we may interpret the give length as a positive value instead of a negative one. Older fileservers can do this if we fetch data beyond the file's EOF (this was fixed in the fileserver in commit 529d487d65d8561f5d0a43a4dc71f72b86efd975). This positive length will cause an error (usually), instead of proceeding without error (which is what would happen if we correctly interpreted the length as negative). On Solaris, this can manifest as a failed write, when writing to a location far beyond the file's EOF from the fileserver's point of view, because Solaris writes can trigger a fetch for the same area. Seeking to a location far beyond the file's EOF and writing can trigger this, as can a normal copy into AFS, if the file is large enough and the cache is large enough. To explain in more detail: When copying a file into AFS, the cache manager will buffer the dirty data in the disk cache until the file is synced/closed, or we run out of cache space. While this data is buffering, the application will write into an offset, say, 3GiB into the file. On Solaris, this can trigger a read for the same region, which will trigger a fetch from the fileserver at the offset 3GiB into the file. If the fileserver does not contain the fix in commit 529d487d65d8561f5d0a43a4dc71f72b86efd975, it will respond with a large negative number, which we interpret as a large positive number; much larger than the requested length. This will cause the fetch to fail, which then causes the whole write() call to fail. Specifically this will fail with EINVAL on Solaris, since that is the error code we return from afs_GetOnePage when we fail to acquire a dcache. If the cache is small enough, this will not happen, since we will flush data to the fileserver before we have a large amount of dirty data, e.g., 3GiB. (The actual error occurs closer to 2GiB, but this is just for illustrative purposes.) To fix this, detect the various ranges of values mentioned above, and handle them specially. Lengths that are too large will yield an error, since we cannot handle values over 2^31-1 in the rxfs_* framework currently. For lengths that are negative, just act as if we received a length of 0. Do this for both the 64-bit codepath and the non-64-bit codepath, just so they remain identical. [mmeffie@sinenomine.net: directly use 64 bit comparisons, don't mask end call error code, commit nits.] Change-Id: I7e8f2132d52747b7f0ce4a6a5ba81f6641a298a8 Reviewed-on: http://gerrit.openafs.org/11829 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 3caee7575491c33920b9c84f5dc4098d99373cf6 Author: Andrew Deason Date: Thu Apr 9 19:58:51 2015 -0500 afs: Avoid incorrect size when fetching beyond EOF Currently, afs_GetDCache contains a couple of calculations that look similar to this: if (position + size > file_length) { size = file_length - position; } if (size < 0) { size = 0; } Most of the time, this is fine. However, if 'position' is more than 2GiB greater than file_length, 'size' will calculated to be smaller than -2GiB. Since 'size' in this code is a signed 32-bit integer, this can cause 'size' to underflow, and result in a value closer to (positive) 2GiB. This has two potential effects: The afs_AdjustSize call in afs_GetDCache will cause the underlying cache file for this dcache to be very large (if our offset is around 2GiB larger than the file size). This can confuse other parts of the client, since our cache usage reporting will be incorrect (and can be even way larger than the max configured cache size). This will also cause a read request to the fileserver that is larger than necessary. Although 'size' will be capped at our chunksize, it should be 0 in this situation, since we know there is no data to fetch. At worst, this currently can just result in worse performance in rare situations, but it can also just be very confusing. Note that an afs_GetDCache request beyond EOF can currently happen in non-race conditions on at least Solaris when performing a file write. For example, with a chunksize of 256KiB, something like this will trigger the overflow in 'size' in most cases: $ printf '' > smallfile && printf b | dd of=smallfile bs=1 oseek=2147745793 But there are probably other similar scenarios. To fix this, just check if our offset is beyond the relevant file size, and do not depend on 'size' having sane values in edge cases such as this. Change-Id: Ie36f66ce11fbee905062b3a787871ec077c15354 Reviewed-on: http://gerrit.openafs.org/11828 Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> commit 4a69d3894c68a52f592b43d3d8d8cb73691f7eee Author: Michael Meffie Date: Thu Jan 21 17:55:37 2016 -0500 doc: afsd -settime and -nosettime are obsolete Update the afsd man page -settime and -nosettime options, which are obsolete and no longer have any effect. Use the same wording as the other obsolete options in the afsd man page. Keep the recommendations to use the time keeping daemons provided by the operating system to maintain the system time. Change-Id: I08a1bd5ae0b2d6618b3e212ebcbb98f470e33820 Reviewed-on: http://gerrit.openafs.org/12175 Reviewed-by: Michael Laß Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit f3145b0de0e7718e0ad741ee826764e284fc8b3a Author: Dave Botsch Date: Wed Oct 28 11:53:26 2015 -0400 rxinit_status needs to be global for the kext since RXK_UPCALL_ENV is defined in src/rx/DARWIN/rx_knet.c Change-Id: I23b535f0cd6b45c3e186319c4bacf5b6c5a93681 Reviewed-on: http://gerrit.openafs.org/12073 Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie Tested-by: BuildBot commit bf3707ccbf98f44103171f4a5c6fb5bcd0744bfc Author: Dave Botsch Date: Wed Oct 28 11:28:01 2015 -0400 Initial set of changes for El Capitan OS X 10.11 . Mainly new El Capitan specific config files and defitions of Darwin 15 variables and config tests/etc. Change-Id: I87b926109561f41ee95a2f3f94fbdbcf2903691a Reviewed-on: http://gerrit.openafs.org/12072 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 767694d9ec86fc9451f5a4ba2ec7405c29986a21 Author: Benjamin Kaduk Date: Sun Nov 22 18:22:58 2015 -0600 Fix optimized IRIX kernel module builds Commit 9f94892f8d996a522e7801ef6088a13769bee7c2 (from 2006) introduced per-file CFLAGS, using $(CFLAGS-$@); this construct is not parsed well by IRIX make, which ends up attempting to expand '$@)' and finding mismatched parentheses. Commit 5987e2923a2670a27a801461dc9668ec88ed7d2a (from 2007) followed, fixing the IRIX build but only for the NOOPT case. This left the problematic expression in CFLAGS_OPT until 2013, when another RT ticket was filed reporting the continued breakage. That ticket was then ignored until 2015 (now) with no particular cries of outrage on the mailing lists. Perhaps this gives some indication of the size and/or mindset of the IRIX userbase. (There have been successful IRIX installations during this time period, so presumably it was discovered that disabling optimizations helped the build along.) FIXES 131621 Change-Id: Id5298103221b016239723aa08ebe0dc54bdadc5e Reviewed-on: http://gerrit.openafs.org/12111 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit baa037a14f167b87a83762904eb52efc96baf3f9 Author: Chas Williams <3chas3@gmail.com> Date: Thu Dec 24 17:58:32 2015 -0500 LINUX: don't cache negative entries for dynroot The dynroot volume lacks any callbacks that would invalidate the directory or change the data version. Further, the data version for the dynroot is only updated for when a new cell is found or added (a positive lookup). Change-Id: If0b022933de7335d3d94aafc77c50b85b99f4116 Reviewed-on: http://gerrit.openafs.org/12140 Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 6db49a841784459cf583e914b3f2433ce1e70f4c Author: Benjamin Kaduk Date: Sat Dec 19 01:08:06 2015 -0600 Typo fix in comment afsd -shutdown takes only a single dash, as with all cmd-style options. Improve the grammar a bit while we're here. Change-Id: Ie96c80dba1770e735617e5c93fe3d4c1e3afd3a9 Reviewed-on: http://gerrit.openafs.org/12133 Reviewed-by: Michael Meffie Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 70fd9bc6dcc79cb25e98cdcfd0f085c4bf4f310a Author: Marcio Barbosa Date: Tue Dec 29 10:31:43 2015 -0300 afs: do not allow two shutdown sequences in parallel Often, ‘afsd -shutdown’ is called right after ‘umount’. Both commands hold the glock before calling ‘afs_shutdown’. However, one of the functions called by 'afs_shutdown', namely, ‘afs_FlushVCBs’, might drop the glock when the global 'afs_shuttingdown' is still equal to 0. As a result, a scenario with two shutdown sequences proceeding in parallel is possible. To fix the problem, the global ‘afs_shuttingdown’ is used as an enumerated type to make sure that the second thread will not run ‘afs_shutdown’ while the first one is stuck inside ‘afs_FlushVCBs’. Change-Id: Iffa89d82278b0df5fb90fc35608af66d8e8db29e Reviewed-on: http://gerrit.openafs.org/12016 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit a4c4b786059ac7d5f9ecc5ec07727f000b62c13f Author: Brian Torbich Date: Thu Jan 21 10:08:27 2016 -0500 redhat: Correct permissions on systemd unit files Change the systemd unit file permissions created via openafs.spec to be 0644 instead of 0755. Having the systemd unit files be executable will trigger a systemd warning. FIXES 132662 Change-Id: I9f5111c855941528193aaabeb42bf1b732246a7e Reviewed-on: http://gerrit.openafs.org/12174 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit 9ee5fa152b7b7de6a6ddc6ed87bbf9f76da6e3e4 Author: Stephan Wiesand Date: Mon Jun 22 10:44:11 2015 +0200 redhat: Avoid bogus dependencies when building the srpm By default the spec defines that both userland and kernel module packages should be built. This results in a dependency of the form "kernel-devel-`uname -m` = `uname -r`" being added to the source package created by makesrpm.pl, which is bogus because the uname values are from the system on which the srpm is built and needn't apply to the system where it is used. While rpm and rpmbuild ignore such dependencies of source packages, other tools don't and may fail. Some versions of rpmbuild will also enforce those requirements when building the srpm itself, which is pointless too. Avoid both problems by pretending not to attempt building modules and ignoring any dependencies when makesrpm.pl invokes rpmbuild -bs. Change-Id: I0134e1936638c7d9c3fd9ff0ccf1cba36710d0d3 Reviewed-on: http://gerrit.openafs.org/11903 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Tested-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit db4343b870232417079ab6628381e356964497fa Author: Benjamin Kaduk Date: Mon Dec 28 18:30:30 2015 -0600 Tweak grammar in README So as to get a trivial change as confirmation that an updated gerrit is functioning correctly. Change-Id: I04eb12cab982a3f1b5ecc92d60c455e7a0d2242c Reviewed-on: http://gerrit.openafs.org/12156 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 318692134d16caeab7176219f56aee98dfaa439b Author: Benjamin Kaduk Date: Mon Dec 28 16:11:17 2015 -0600 Remove blank line from README There's no reason for this file to start with a blank line. Change-Id: I175390d3c9796fc10ef8086a5b179f4fc27362b5 Reviewed-on: http://gerrit.openafs.org/12153 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit f7c6915358f30d25287cf28092625c75e5d5c7b7 Author: Benjamin Kaduk Date: Wed Feb 4 10:11:29 2015 -0500 Update extra-iput configure argument description Commit 15260c7fdc5ac8fe9fb1797c8e383c665e9e0ccd did not function as advertised, since the conditional which attempted to make the configure option --(en|dis)able-linux-d_splice_alias-extra-iput mandatory on linux checked a variable for the system type which was not set at the time the check ran. Subsequent discussion of this behavior produced a consensus that there is not a need to make the configure option mandatory, due to the narrow range of kernels affected by the bug in question, so this follow-up commit just fixes the documentation and removes the ineffective code. Change-Id: I36d1f8801d355f33c3132fcab166ea76faab8e87 Reviewed-on: http://gerrit.openafs.org/11710 Reviewed-by: Anders Kaseorg Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 5fd9aed2ba6f43eeb157560724f56cd742fd3c62 Author: Simon Wilkinson Date: Mon Mar 4 16:15:37 2013 +0000 compile_et: Don't overflow input file buffer Don't overlow the buffer that's used for the input filename by copying in to much with sprintf. Use asprintf to dynamically allocate a buffer instead. Link roken for rk_asprintf where needed. Build compile_et with libtool, to ensure that it is linked statically, as is needed for build tools such as compile_et. (This requires a preceding change to set a buildtool_roken make variable.) Caught by coverity (#985907) Change-Id: I207dd2c49bcae3f04fa41c826b08a0a615d5f422 Reviewed-on: http://gerrit.openafs.org/9545 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 87ce2a6f05e313dad43311fba93224f33b86f54f Author: Benjamin Kaduk Date: Wed Feb 25 18:46:28 2015 -0500 Provide a buildtool_roken make variable When using roken in build tools, i.e., binaries which must be executed during the build stage, the roken library must be usable prior to the 'install' stage. In particular, if the internal rokenafs is used, the shared library will not be installed and the runtime linker will not be able to find it, causing execution of the build tool to fail. To avoid this failure, librokenafs must be linked statically into these build tools. Unfortunately, the way we currently use libtool is not very well aligned to libtools model of how it should be used. As a result, it does not seem feasible to cause libtool to link librokenafs statically without breaking other parts of the build. Libtool peeks at the compiler command-line arguments to affect its behavior when invoked as a linker. The flags -static, -all-static, and -static-libtool-libs can affect whether dynamic or static linkage is used for various libraries being linked into the executable. Passing -all-static tells libtool to not do any dynamic linking at all, but is silently a no-op if static linking is not possible (the default situation on most modern Linuxen, OS X, and Solaris). Passing -static causes libtool to not do any dynamic linking of libtool libraries which have not been installed, and passing -static-libtool-libs causes libtool to not do any dynamic linking of libtool libraries at all. In order to get libtool to actually link statically in all cases, we should pass -all-static, not just -static. However, because too many platforms disallow static linking by default, this is not a viable option. If we retain the libtool archive librokenafs.la in the linker search path, libtool then records the library dependency of libafshcrypto on librokenafs in its metadata and refuses to install libafshcrypto.la to any path other than the configured prefix. This restriction of libtool is incompatible with our use in 'make dest', and it is not feasible to desupport 'make dest' before the 1.8 release. The most appropriate workaround seems to be to just pass the path to librokenafs.a on the linker command line when linking build tools. As such, provide a new make variable buildtool_roken which is appropriate for linking roken into build tools -- this variable will be set to the path to librokenafs.a when the internal roken is used, and the normal -lrokenafs when an external roken is used. Change-Id: I079fc6de5d0aa6403eb1071f3d58a248b1777853 Reviewed-on: http://gerrit.openafs.org/11763 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk commit 93f7041a08526b1c3ac37197cd7bee40c7430010 Author: Anders Kaseorg Date: Fri Jul 31 01:42:55 2015 -0400 rxkad: Resolve warnings in ticket5.c Resolves these warnings: ticket5.c: In function ‘tkt_MakeTicket5’: ticket5.c:574:33: warning: pointer targets in passing argument 1 of ‘_rxkad_v5_encode_EncTicketPart’ differ in signedness [-Wpointer-sign] code = encode_EncTicketPart(encodebuf, allocsiz, &data, &encodelen); ^ In file included from ticket5.c:80:0: v5gen-rewrite.h:43:30: note: expected ‘unsigned char *’ but argument is of type ‘char *’ #define encode_EncTicketPart _rxkad_v5_encode_EncTicketPart ^ v5gen.c:1889:1: note: in expansion of macro ‘encode_EncTicketPart’ encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, size_t * size) ^ ticket5.c:602:33: warning: pointer targets in passing argument 1 of ‘_rxkad_v5_encode_EncryptedData’ differ in signedness [-Wpointer-sign] code = encode_EncryptedData(ticket + *ticketLen - 1, *ticketLen, &encdata, &tl); ^ In file included from ticket5.c:80:0: v5gen-rewrite.h:16:30: note: expected ‘unsigned char *’ but argument is of type ‘char *’ #define encode_EncryptedData _rxkad_v5_encode_EncryptedData ^ v5gen.c:690:1: note: in expansion of macro ‘encode_EncryptedData’ encode_EncryptedData(unsigned char *p, size_t len, const EncryptedData * data, size_t * size) ^ ticket5.c: In function ‘tkt_DecodeTicket5’: ticket5.c:320:10: warning: ‘plainsiz’ may be used uninitialized in this function [-Wmaybe-uninitialized] code = decode_EncTicketPart((unsigned char *)plain, plainsiz, &decr_part, &siz); ^ Change-Id: Ic1b878f01cf82222dc258847747ce192ee5948fc Reviewed-on: http://gerrit.openafs.org/11955 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit c0d771672f8bad23fa6816d383f5ad81137f6e57 Author: Benjamin Kaduk Date: Mon Mar 2 20:19:07 2015 -0500 Add filepath entries for rxkad.keytab Even though master is not using it, we still want to be able to find it. Change-Id: I31fa39fe4d4bed5144c5169236b1106bd9f18501 Reviewed-on: http://gerrit.openafs.org/11784 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a14dec2bff2423c4fbb9db672ef91659bcdfb4ba Author: Benjamin Kaduk Date: Mon Mar 2 16:05:51 2015 -0500 Make typedKey helpers more friendly to use Make freeing a NULL key pointer a no-op. Allow passing NULL to afsconf_typedKey_values() when not all values are needed. Change-Id: I3a4088747913e9e88be094da891cd2cca0cbb114 Reviewed-on: http://gerrit.openafs.org/11783 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 6e4f8e55282963a5b2e28c4d90f7a32f5ceb37b0 Author: Marcio Barbosa Date: Thu Dec 24 17:23:23 2015 -0300 viced: do not overwrite possible failure The function ‘hpr_Initialize’ overwrites the code returned by ‘ubik_ClientInit’. As a result, ‘hpr_Initialize’ will not report any failure triggered by ‘ubik_ClientInit’. To fix this problem, store the code returned by ‘rxs_Release’ in a new variable. Only return this code if the function ‘ubik_ClientInit’ worked properly. Otherwise, return the code provided by ‘ubik_ClientInit’. Change-Id: I1820e3cbc2131daace01cec0464e56fd2982a783 Reviewed-on: http://gerrit.openafs.org/12137 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit b8757341fb9592519032ef64030d0e98195d8d3d Author: Mark Vitale Date: Mon Nov 23 21:03:57 2015 -0500 afs: incorrect types for AFSDB IPv4 addresses DNS lookup results were being handled with int types. Fortunately, this seems to be harmless, due to use of memcpy when the types don't match, and assignment only when both sides were int. However, to avoid any future unpleasantness, change them to afs_uint32. No functional change should be incurred. Change-Id: I31aeabb4ae3194a00b29a1fa767d05af167b4e4f Reviewed-on: http://gerrit.openafs.org/12117 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk commit 17ca935bbd18dd96b8252e22229c9470850fb20f Author: Mark Vitale Date: Fri Aug 7 11:56:16 2015 -0400 afs: pioctl kernel memory overrun CVE-2015-8312: Any pioctl with an input buffer size (ViceIoctl->in_size) exactly equal to AFS_LRALLOCSIZE (4096 bytes) will cause a one-byte overwrite of its kernel memory working buffer. This may crash the operating system or cause other undefined behavior. The attacking pioctl must be a valid AFS pioctl code. However, it need not specify valid arguments (in the ViceIoctl), since only rudimentary checking is done in afs_HandlePioctl. Most argument validation occurs later in the individual pioctl handlers. Nor does the issuer need to be authenticated or authorized in any way, since authorization checks also occur much later, in the individual pioctl handlers. An unauthorized user may therefore trigger the overrun by either crafting his own malicious pioctl, or by issuing a privileged command, e.g. 'fs newalias', with appropriately sized but otherwise arbitrary arguments. In the latter case, the attacker will see the expected error message: "fs: You do not have the required rights to do this operation" but in either case the damage has been done. Pioctls are not logged or audited in any way (except those that cause loggable or auditable events as side effects). root cause: afs_HandlePioctli() calls afs_pd_alloc() to allocate two two afs_pdata structs, one for input and one for output. The memory for these buffers is based on the requested size, plus at least one extra byte for the null terminator to be set later: requested size allocated ================= ================================= > AFS_LRALLOCSIZ osi_Alloc(size+1) <= AFS_LRALLOCSIZ afs_AllocLargeSize(AFS_LRALLOCSIZ) afs_HandlePioctl then adds a null terminator to each buffer, one byte past the requested size. This is safe in all cases except one: if the requested in_size was _exactly_ AFS_LRALLOCSIZ (4096 bytes), this null is one byte beyond the allocated storage, zeroing a byte of kernel memory. Commit 6260cbecd0795c4795341bdcf98671de6b9a43fb introduced the null terminators and they were correct at that time. But the commit message warns: "note that this works because PIGGYSIZE is always less than AFS_LRALLOCSIZ" Commit f8ed1111d76bbf36a466036ff74b44e1425be8bd introduced the bug by increasing the maximum size of the buffers but failing to account correctly for the null terminator in the case of input buffer size == AFS_LRALLOCSIZ. Commit 592a99d6e693bc640e2bdfc2e7e5243fcedc8f93 (master version of one of the fixes in the recent 1.6.13 security release) is the fix that drew my attention to this new bug. Ironically, 592a99 (combined with this commit), will make it possible to eliminate the "offending" null termination line altogether since it will now be performed automatically by afs_pd_alloc(). [kaduk@mit.edu: adjust commit message for CVE number assignment, reduce unneeded churn in the diff.] Change-Id: I1a536b3a53ec4b6721fbd39a915207da4358720c commit 634ca4fdc206884afe0826bc682aa7d5208cdc8b Author: Michael Meffie Date: Thu Apr 16 20:03:21 2015 -0400 viced: add missing new lines to log messages The server logger requires an explicit new line. Change-Id: Iffbfcfee7499bfa745a63d1b5ccb8038ee06acd0 Reviewed-on: http://gerrit.openafs.org/11841 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 0bf9fba458b39035a09f45c1b63f1e65672d4c00 Author: Michael Meffie Date: Fri Jan 30 12:12:03 2015 -0500 volser: range check acl header fields during dumps and restores Perform range checks on the acl header fields when reading an acl from a dump stream and when writing an acl to a dump stream. Before this change, a bogus value in the total, positive, or negative acl fields from a dump stream could cause an out of bounds access of the acl entries table, crashing the volume server. Change-Id: Ic7d7f615a37491835af8d92f3c5f1b6a667d9d01 Reviewed-on: http://gerrit.openafs.org/11702 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 888fc16db5f0063464bf219a6cf6fee0faea4705 Author: Benjamin Kaduk Date: Sun Nov 22 13:24:43 2015 -0600 volser: set error, not code, before rfail The rfail cleanup handler overwrites 'code' ~unconditionally, but does use an existing 'error' value if present. Since the intent is to return failure to the caller, preserve the code in the error variable and do so. FIXES 131897 Change-Id: I25db2f9ad75a5b856626d39d35f97a09f26bd7a9 Reviewed-on: http://gerrit.openafs.org/12108 Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit 2f3b27ac47e26e57796b66b670f378222ef45009 Author: Michael Meffie Date: Wed Sep 9 21:24:04 2015 -0400 util: add CloseLog routine to close the server log Add the missing complement to OpenLog(). Change-Id: I45e7e5d2da3241c163d2d4baa6b386167e90e582 Reviewed-on: http://gerrit.openafs.org/12002 Reviewed-by: Marcio Brito Barbosa Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit d646387c8e52eb13fc36e95f5cfe21360d3e056e Author: Michael Meffie Date: Wed Sep 9 13:22:26 2015 -0400 salvager: redd up showlog global flag Clean up the show log flag so it is only set by the salvager and is reset when spawning a child process. Change-Id: I1702cf98faca583409594d1199a8215ffe08a75e Reviewed-on: http://gerrit.openafs.org/12001 Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 4ed8f850b4bcef4db9c0bba0ebffdf3d410190b7 Author: Michael Meffie Date: Mon Feb 9 10:14:41 2015 -0500 dafs: log to stderr when running salvageserver in client mode When the -client option is given to the salvageserver, print Log() messages to stderr instead of losing them. Change-Id: I065e8136db9a8cc241639fbe34607db884751b95 Reviewed-on: http://gerrit.openafs.org/11729 Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit dc134f3eff66c7cc5f3dcc1f2d92536ffdbc771e Author: Michael Meffie Date: Mon Mar 30 13:20:42 2015 -0400 dafs: remove the salvageserver -showlog option Remove the salvagerserver option to print log messages to stdout. This was a carry over from the stand-alone salvager and is not appropriate for a daemon. Change-Id: I55b99112278cdabb3e9911948dbda6a628030951 Reviewed-on: http://gerrit.openafs.org/11815 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit b800f7d9bd5ea390ab330c1c0c38ac8277eb9998 Author: Brandon S Allbery Date: Tue Nov 24 16:39:02 2015 -0500 gtx: use getmaxyx() with sensible fallbacks configure now checks for the standard getmaxyx() macro; failing that, it looks for the older but pre-standardization getmaxx() and getmaxy(), then falls back to the 4.2BSD curses _maxx and _maxy fields; if all else fails, gtx building is disabled. gtx now defines getmaxyx() itself if necessary, based on the above. This also fixes a bug in gtx with all ncurses versions > 1.8.0 on platforms other than NetBSD and OS X: gtx was using the _maxx and _maxy fields, which starting with ncurses 1.8.1 were off by 1 from the expected values. As such, behavior of scout and/or afsmonitor may change on most ncurses-using platforms. Change-Id: I49778e87adacef2598f0965e09538dfc3d840dcc Reviewed-on: http://gerrit.openafs.org/12107 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk commit 359e1f2a25d242984229edfb378c0b95c3ee8570 Author: Chas Williams <3chas3@gmail.com> Date: Wed Dec 2 10:38:42 2015 -0500 Open syscall emulation file O_RDONLY As reported on the -info mailing list, docker is now exporting the /proc filesystem as read only. ioctl() doesn't need write permissions to do its work, so change O_RDWR to O_RDONLY. Change-Id: I2068888b13b6b5e31b1a2205bbcbe43f5f9fc55a Reviewed-on: http://gerrit.openafs.org/12122 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Benjamin Kaduk commit a86b0b4902e8308de4ec3346006af0cbe03a1ef1 Author: Michael Meffie Date: Mon Mar 30 13:17:25 2015 -0400 dafs: remove the salvageserver -datelogs option Remove the undocumented -datelogs option from the salavageserver, which was a carry over from the standalone salvager program, but is not appropriate for a daemon. Change-Id: Ia382d6550e0641edcba55a414e00323755487e18 Reviewed-on: http://gerrit.openafs.org/11814 Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit fb91be7759605bb4ea5b4dd3ce089df1141c431a Author: Michael Meffie Date: Tue Mar 31 11:08:34 2015 -0400 doc: remove unimplemented -showsuid and -showmounts from the salvageserver man page These options were copied from the salvager man page and are not implemented by the salvageserver. Change-Id: Ib6c5b3fd494f1662b958442863e5fbfc0755a0c2 Reviewed-on: http://gerrit.openafs.org/11817 Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit fee3e66161a06fd96a912a618482040b32d78f69 Author: Benjamin Kaduk Date: Sun Nov 22 16:34:16 2015 -0600 Fix ptserver -default_access parsing Commit 0b9986c8758c13a1de66b8bdae51b11abaea6cf3 converted ptserver to use libcmd for parsing, but erroneously listed the -default_access argument as CMD_SINGLE instead of CMD_LIST, since two arguments are needed. This made it impossible to use -default_access at all, since libcmd would reject an extra argument and the later argument processing would notice that the second argument was missing. FIXES 131731 Change-Id: Ib8241308d4f40f980d635513e2255aafa06c3d8a Reviewed-on: http://gerrit.openafs.org/12110 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit e4bae29efc3d370d1eaf6d954c63c324094c48e5 Author: Michael Meffie Date: Tue Mar 31 11:04:26 2015 -0400 doc: add syslog options to salvageserver man page Add the missing -syslog and -syslogfacility options to the salvageserver man page. Change-Id: I1cb057a8085c4aeda32bb003cc4cec5035d00407 Reviewed-on: http://gerrit.openafs.org/11816 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5a0e69726d4a8cedb29e074d398f0ff29984524e Author: Christof Hanke Date: Wed Nov 18 14:02:50 2015 +0100 tabular_output: allocate footer-line when set for the first time If the footer line is not allocated, programs segfault at runtime. The printFooter functions should check if the footer is allocated before printing them. Change-Id: Ib4066a67ee104be918811e178c0b7d7d33d790b8 Reviewed-on: http://gerrit.openafs.org/11753 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 670381aa5d3a7bc91ad74c7499605cca2c33d612 Author: Mark Vitale Date: Wed Nov 18 15:09:37 2015 -0500 vlserver: VL_GetEntryByName* requests undercounted Commit a14e791541bf19c6c377e68bc2f978fba34f94b1 refactored and corrected the counting of requests and aborts. However, it inadvertently introduced a new undercount for VL_GetEntryByName* requests, counting them only if NameIsId(volname), e.g. volname="536870911". Ensure that the normal case of a non-"numeric" volname is also counted. Discovered during review of pullup to 1.6.x. Change-Id: Ic5dbc1a5871d0e0ff184dc4f3b11e92166c92f65 Reviewed-on: http://gerrit.openafs.org/12106 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit f6247f90c9644d7a396531c219c585f705e0c251 Author: Stephan Wiesand Date: Tue Nov 17 15:03:03 2015 +0100 writeconfig: emit error messages again in VerifyEntries Before commit e4a8a7a38dbf29e89bc1a7b6b017447a6aa0c764 an error message was printed if looking up a server hostname failed. Restore this, and also print a message in the now detected case that the lookup returns loopback addresses only. Change-Id: Idf7c3133ab5c83e081335ba1dc8fcbddb7da7329 Reviewed-on: http://gerrit.openafs.org/12097 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit 33020f573bb52c00e1a2f2f0da8062e17b6d1278 Author: Benjamin Kaduk Date: Thu Aug 27 20:20:58 2015 -0500 CODING: permit --enable-checking with clang Starting at 3.2, a mostly arbitrarily selected version. Change-Id: I9f6a946e2571b939911cbf4b1b64e1d62e39e1a3 Reviewed-on: http://gerrit.openafs.org/11991 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ef435746d04845753477af8b7d920d66e9dce54f Author: Michael Meffie Date: Mon Feb 9 09:37:54 2015 -0500 doc: fix the salvageserver log file name Fix capitialization of the salvageserver log file name. Change-Id: If08dd191e35e7fb15db533a623b832154a6f9f17 Reviewed-on: http://gerrit.openafs.org/11728 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit 11468ae0e12a627a8802711e8562948828834f06 Author: Michael Meffie Date: Wed Jan 21 14:42:47 2015 -0500 bozo: create a syslog connection only if the -syslog option is given Fix a minor bug in which an unnecessary syslog connection is opened when the BosLog is not present (typically, the first time the bosserver is started) or when the BosLog is a named pipe, even if the -syslog option was not given. This bug was introduced in commit bdc7e43117706d0aa46d3b6435489e9d4c2b0888, which added checks to avoid renaming logs when they are named pipes. lstat() and S_ISFIFO are provided by libroken, so do not need to be hidden behind conditional compilation. Change-Id: I828534be69949fe017cc7dbed1b6798aa4c0ba17 Reviewed-on: http://gerrit.openafs.org/11686 Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 15e8678661ec49f5eac3954defad84c06b3e0164 Author: Michael Meffie Date: Tue Feb 17 21:54:46 2015 -0500 prdb_check: fix out of bounds array access in continuation entries A continuation entry (struct contentry) contains 39 id elements, however a regular entry (struct prentry) contains only 10 id elements. Attempting to access more than 10 elements of a regular entry is undefined behavior. Use a stuct contentry when when processing continuation entries in prdb_check. This is done to safely traverse the id arrays of the continuation entries. Use the new pr_PrintContEntry to print continuation entries. The undefined behavior manfests as a segmentation violation in WalkNextChain() when built with GCC 4.8 with optimization enabled. Change-Id: I7613345ee6b7b232c5a0645f4f302c3eac0cdc15 Reviewed-on: http://gerrit.openafs.org/11742 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 3e9e244d1004972f202490faa0375768959f7690 Author: Michael Meffie Date: Tue Feb 17 20:58:27 2015 -0500 prdb_check: check for continuation entries in owner chains Continuation entries may not be in owner chains. Fix the comments in WalkOwnerChain (which were probably copied from WalkNextChain) and add a check and error message for continuation entries found on owner chains. Change-Id: I8c49378478cf6a3d31317ff90a52fe1e74517dd3 Reviewed-on: http://gerrit.openafs.org/11751 Reviewed-by: Daria Phoebe Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 121ac2d939e19741986ddfbd387b5310c40edd0d Author: Michael Meffie Date: Tue Feb 17 21:11:50 2015 -0500 libprot: add pr_PrintContEntry function A continuation entry (struct contentry) contains 39 id elements, however a regular entry (struct prentry) contains only 10 id elements. Attempting to access more than 10 elements of a regular entry is undefined behavior. Add a new function to safely print continuation entries and change pr_PrintEntry to avoid accessing the entries array out of bounds. The pr_PrintEntry function is at this time only used by the prdb_check and ptclient debugging utilities. Change-Id: Ie836983c8a5970a9495b87d0627ba6c05d117a9b Reviewed-on: http://gerrit.openafs.org/11750 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ed52ea68c661a7428baeddeca2d95972fe3fe618 Author: Michael Meffie Date: Wed May 21 17:27:47 2014 -0400 doc: document the version subcommand Document the built-in version sub-command which displays the OpenAFS version string. This sub-command is provided by the cmd library. Document the switch style -version option provided by the cmd library for the initcmd based commands: afsmonitor, scout, xstat_fs_test, and xstat_cm_test. Change-Id: Id421d2c68a5c49a2b1a5abb2f3e9ca64ea36cd3e Reviewed-on: http://gerrit.openafs.org/11161 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit eca86749d8f158d27d131ecaafe6be282703535e Author: Michael Meffie Date: Mon Oct 12 22:16:54 2015 -0400 afs: fix for return an error from afs_readdir when out of buffers Commit 9b0d5f274fe79ccc5dd0e4bba86b3f52b27d3586 added a return code to BlobScan to allow afs_readdir to return an error when afs_newslot failed to allocate a buffer. Unfortunately, that change introduced a false EIO error. Originally, BlobScan would return a blob number of 0 to indicate the end of the file has been reached while traversing the directory blobs. Restore that behavior by changing the cache manager's DRead function to return ENOENT instead of the generic EIO error to indicate the page to be read is out of bounds, and change BlobScan to return a blob of zero to indicate to callers the last blob has been reached. All callers already check for a blob number of zero, which is out of range. Change-Id: I5baae8e5377dd49dcca6765b7a4ddc89cca70738 Reviewed-on: http://gerrit.openafs.org/12058 Tested-by: BuildBot Reviewed-by: Mark Vitale Tested-by: Mark Vitale Reviewed-by: Benjamin Kaduk commit 69d11fd5ee556bb375967d7c41dab39b9c1befbe Author: Michael Meffie Date: Fri Nov 6 11:56:31 2015 -0500 vos: reinstate the -localauth option for vos setaddrs Commit d1d411576cf39c4bc55918df0eb64327718d566c added the vos remaddrs subcommand, but unfortunately stole the common parameters from setaddrs. Fix this bug and remove the extra blank line between the subcommand syntax and the common params macro. Change-Id: I1171bfadec08ac34679204f0a9245d76c468cafa Reviewed-on: http://gerrit.openafs.org/12093 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 1c6db90677a8c0d185a408a3b7fa18cf0f47df0a Author: Tim Creech Date: Mon Nov 2 08:12:32 2015 -0500 Make libuafs safe for parallel make In src/libuafs, "make" with a large number of jobs (e.g., "make -j16") can fail because some of the LT_objs depend on make_h_tree having been called already. Make "h" (the libuafs header subdirectory) a dependency of all of LT_objs. Change-Id: Ie005dbb1f1b0a794c703147062615808a45956dc Reviewed-on: http://gerrit.openafs.org/12079 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5f70b79817f98b5f482414a4ec849bd4bd15a5d6 Author: Jeffrey Altman Date: Thu Oct 8 22:22:12 2015 -0400 rx: OPENAFS-SA-2015-007 "Tattletale" CVE-2015-7762: The CMU/Transarc/IBM definition of rx_AckDataSize(nAcks) was mistakenly computed from sizeof(struct rx_ackPacket) and inadvertently added three octets to the computed ack data size due to C language alignment rules. When constructing ack packets these three octets are not assigned a value before writing them to the network. Beginning with AFS 3.3, IBM extended the ACK packet with the "maxMTU" ack trailer value which was appended to the packet according to the rx_AckDataSize() computation. As a result the three unassigned octets were unintentionally cemented into the ACK packet format. In OpenAFS commit 4916d4b4221213bb6950e76dbe464a09d7a51cc3 Nickolai Zeldovich noticed that the size produced by the rx_AckDataSize(nAcks) macro was dependent upon the compiler and processor architecture. The rx_AckDataSize() macro was altered to explicitly expose the three octets that are included in the computation. Unfortunately, the failure to initialize the three octets went unnoticed. The Rx implementation maintains a pool of packet buffers that are reused during the lifetime of the process. When an ACK packet is constructed three octets from a previously received or transmitted packets will be leaked onto the network. These octets can include data from a received packet that was encrypted on the wire and then decrypted. If the received encrypted packet is a duplicate or if it is outside the valid window, the decrypted packet will be used immediately to construct an ACK packet. CVE-2015-7763: In OpenAFS commit c7f9307c35c0c89f7ec8ada315c81ebc47517f86 the ACK packet was further extended in an attempt to detect the path MTU between two peers. When the ACK reason is RX_ACK_PING a variable number of octets is appended to the ACK following the ACK trailers. The implementation failed to initialize all of the padding region. A variable amount of data from previous packets can be leaked onto the network. The padding region can include data from a received packet that was encrypted on the wire and then decrypted. OpenAFS 1.5.75 through 1.5.78 and all 1.6.x releases (including release candidates) are vulnerable. Credits: Thanks to John Stumpo for identifying both vulnerabilities. Thanks to Simon Wilkinson for patch development. Thanks to Ben Kaduk for managing the security release cycle. Change-Id: I29e47610e497c0ea94033450f434da11c367027c commit c372bc92a3f78ac00aa69b2fb7a2050993b4fed8 Author: Jeffrey Altman Date: Mon Oct 12 09:56:07 2015 -0400 Windows: CM_ERROR_INEXACT_MATCH is not a fatal error cm_BPlusDirLookup() and cm_Lookup() can return CM_ERROR_INEXACT_MATCH which is not a fatal error. Instead it is an indication that the returned cm_scache object was not a case sensitive match. Do not fail the request and do not leak the cm_scache reference. Change-Id: Ieef3ce1ac96a8794859b5b9c530545d4fdd26bd5 Reviewed-on: http://gerrit.openafs.org/12057 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 7e3289891d9032288f32b550ba6376f59f7e9a08 Author: Jeffrey Altman Date: Wed Jul 8 19:47:26 2015 -0400 Windows: cm_Lookup return ambiguous filename to caller cm_Lookup() must not mask a CM_ERROR_AMBIGUOUS_FILENAME error by converting it to CM_ERROR_BPLUS_NOMATCH. Doing so results in the redirector believing that the object does not exist instead of there being a STATUS_OBJECT_NAME_COLLISION. Change-Id: Iaa84d50271c234a84e11dd58d78ef90f5d224032 Reviewed-on: http://gerrit.openafs.org/11930 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit dffaab441d09a3b955d358292c550116b76a6410 Author: Jeffrey Altman Date: Wed Jul 8 16:49:38 2015 -0400 Windows: fix RDR detection of ambiguous directory entries The redirector is supposed to reject access to file objects if there is no case exact match and multiple entries match in a case insensitive comparison. The check was only present in the AFSLocateNameEntry() function and not elsewhere. Fix the AFSLocateNameEntry() call and addd the missing checks. Change-Id: I15aba954179fa85e28b348989779bc05122c0037 Reviewed-on: http://gerrit.openafs.org/11929 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit be603388ef3ec8918dba47ede9dc3e4196492100 Author: Jeffrey Altman Date: Sun Oct 18 20:32:06 2015 -0400 Windows: rdr pioctl operations are opaque Although pioctl operations are delivered through the redirector the contents of the operations are opaque to the redirector. Therefore, the cm_req must not be initialized as a redirector operation. If they are the necessary invalidation notifications for symlink and mount point operations will not be delivered. Change-Id: I48c2d89d2b2e0fc3f0ef56e7731108a8c51e1674 Reviewed-on: http://gerrit.openafs.org/12062 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 8b530d52a5f482145c71682b407e9c8f258dac70 Author: Jeffrey Altman Date: Thu Oct 15 13:22:05 2015 -0400 Windows: clientServiceProviderKeyExists use subkey clientServiceProviderKeyExists() must use AFSREG_CLT_SVC_PROVIDER_SUBKEY since it is a relative path from HKEY_LOCAL_MACHINE. Change-Id: I975d594bfe69c563f692978057c08b834d54b8b1 Reviewed-on: http://gerrit.openafs.org/12059 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 4f20b7305efcea9d930f64c348fc58555a736c6b Author: Jeffrey Altman Date: Fri Oct 9 10:20:41 2015 -0400 Windows: if no known IP addrs, query the addr list If cm_noIPAddrs == 0, then no servers will be probed. If syscfg_GetIFInfo() fails then cm_noIPAddrs is set to 0. Therefore, also set cm_LanAdapterChangeDetected to non-zero if syscfg_GetIFInfo() fails so that the interface info can be queried again prior to a server probe attempt. Change-Id: I6639441fa6266671cfb875256eb23c3b018e67c9 Reviewed-on: http://gerrit.openafs.org/12055 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit c615a712bf9eae3c88252c4a37bd91a0e9db89da Author: Jeffrey Altman Date: Wed Oct 7 18:09:50 2015 -0400 Windows: Only install Service NP if one exists Do not blindly install a network provider for the service since at least one end user organization does not install the service's network provider. Change-Id: I15a528ff34ffd3e060fdbd93545af3857592c835 Reviewed-on: http://gerrit.openafs.org/12051 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit cda7556b854a07220326a617a56edcf55769567a Author: Jeffrey Altman Date: Wed Oct 7 18:09:17 2015 -0400 Windows: InstNetProvider do not leak key handle If we open a handle, close it. Change-Id: I1a5b2308a91f3c66791e65f76ca17ae52d34789f Reviewed-on: http://gerrit.openafs.org/12050 Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 3957abea2abcd791e97e66be3f3ef211672ce713 Author: Jeffrey Altman Date: Wed Sep 30 13:23:36 2015 -0400 Windows: multi ping do not leak ping count In cm_CheckServersMulti() if cm_ConnByServer() fails or if cm_noIPAddr is zero then a cm_server.pingCount will be leaked. This can result in servers being marked down and never restored to an up state. This change adds the necessary pingCount decrement and moves the assignment of the cm_server_t pointer to serversp[] to make it clear that the cm_server_t will not be in the array if a failure occurs. Only objects in the array will have the pingCount decremented after the RPCs are issued. Change-Id: I18895c848039e4131a674d814019f236a1b0e5b5 Reviewed-on: http://gerrit.openafs.org/12048 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit f8bf8221db919521ecabea20c4c8e496fb423ef4 Author: Perry Ruiter Date: Sun Sep 13 08:53:22 2015 -0700 SOLARIS: Minor whitespace corrections Fix some incorrectly indented code in osi_file.c Change-Id: I75a8ec18bfef13bb05a99f84b2cfbfae34fcd440 Reviewed-on: http://gerrit.openafs.org/12017 Tested-by: BuildBot Reviewed-by: Marcio Brito Barbosa Reviewed-by: Andrew Deason Reviewed-by: Jeffrey Altman commit c565450501e4bb43697fa957f55f8486f21071fa Author: Michael Meffie Date: Fri Jan 30 11:53:58 2015 -0500 volser: update log formatting in dump and restore Update the log messages to use modern formatting specifiers for volume ids and inodes in the volume dump and restore code. Change-Id: Ic2844e389e5951d2f2bbbc31a86c2342f2e8d848 Reviewed-on: http://gerrit.openafs.org/11701 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 518807cae868b6547685a3b5aaf41c6f012665ac Author: Jeffrey Altman Date: Fri Sep 25 18:12:24 2015 -0400 Windows: remove extraneous "pingCount" format param In 0a0927497c8165aec11e718df01632da75fa4cdc an extra "pingCount" format parameter was added in cm_DumpServers(). Remove it. Change-Id: I79c2212c11319d7f94f963214d90b0530a978ab5 Reviewed-on: http://gerrit.openafs.org/12046 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 0a0927497c8165aec11e718df01632da75fa4cdc Author: Jeffrey Altman Date: Tue Jul 16 09:10:04 2013 -0400 Windows: Replace CM_SERVERFLAG_PINGING with pingCount Instead of replying upon a server flag use a pingCount interlocked variable to track whether active ping operations are being performed and whether or not to wait sleeping threads. Change-Id: Ie967beee0debdb9c0963ca40b12737bd3fa88548 Reviewed-on: http://gerrit.openafs.org/12022 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit e314167f11f289248704426fe65fea13a734a937 Author: Jeffrey Altman Date: Thu May 14 18:29:45 2015 -0400 Windows: cm_GetCell_Gen rework cell prefix matching The cm_GetCell_Gen() function permits cells to be searched for by prefix. The idea is to permit "cs.cmu.edu" to be abbreviated "cs" when at CMU. There are two problems with the current behavior: 1. the existing match rules will accept "cs.c" and "cs.cmu.ed" as valid prefix matches. By not restricting the prefix matching to full components the Freelance symlink list can become cluttered. 2. the existing match rules will accept the first cell that matches even if there are more than one cells that would match. this can result in unpredictable behavior since the ordering of the cells is not guaranteed. Instead, fail requests for cell prefixes that are not full component matches or that would be ambiguous. Change-Id: I59fb5ea9bba4cebdd71808fc9fae9662456943e0 Reviewed-on: http://gerrit.openafs.org/11886 Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit 946d2c1699be7ec8d31251d54d603d321b1f7936 Author: Jeffrey Altman Date: Mon May 4 13:25:04 2015 -0400 Windows: Network Provider registration at service start Windows 8, 8.1 and pre-releases of 10 have a horrible bug as part of the upgrade process. All non-Microsoft network provider services are removed from the NetworkProvider "Order" registry value. For OpenAFS this has the side effect of breaking integrated logon and all drive letter mappings to \\AFS. During service start add code to: 1. Add "AFSRedirector" before "LanmanWorkstation" if not present 2. Add "TransarcAFSDaemon" to the end of the list if not present If the service is running in SMB mode 3. Remove "AFSRedirector" if present Change-Id: I14a703e44c6e0ee1bd36afd306f92a17dcc0d2a5 Reviewed-on: http://gerrit.openafs.org/12024 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 6baaa39333fba8afda84ccdb68ba106ce7ae3705 Author: Jeffrey Altman Date: Sun Jun 28 15:06:34 2015 -0400 Windows: cm_Analyze mark server down for misc rx errors In cm_Analyze() replace the token error retry logic for miscellaneous rx errors and simply mark the server down. The most common error that will be seen in this category is RX_INVALID_OPERATION which would be received if the Rx service id or security class is not recognized by the peer. This could happen if an AuriStor server is replaced by an AFS3 server or if a packet is reflected. A side effect of this change is that V* and CM_ERROR_* errors will once again be retried. This will permit proper failover to occur. Change-Id: I77e6325eb05643ea6df1fc0bc877bd4ef496c974 Reviewed-on: http://gerrit.openafs.org/11920 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 653647e8617d4fc3e7721832ebdd1f1e9057e9ac Author: Jeffrey Altman Date: Sun Jun 28 14:56:47 2015 -0400 Windows: avoid vldb lookup race with network stack If a VLDB query attempt occurs when there is no current cell db server list then the VLDB query won't actually occur but the last query time would be set. This prevents a query from taking place again on the volume for 60 seconds. If the volume in question is the root.cell volume then the redirector will be forced to return device not ready for the share (aka \\afs\cell). Check for a failure of cm_UpdateCell() and only set the last update time for the volume if there was success or if the VLDB responded with volume unknown. Change-Id: Ic87d871feac3f2ea3d3db377854efa9dc9db3c00 Reviewed-on: http://gerrit.openafs.org/11919 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit af957c35e940aa80fda4dd42ebf92f7e7ed18f3b Author: Jeffrey Altman Date: Sun Jun 28 14:00:24 2015 -0400 Windows: cm_ApplyDir calls cm_SyncOpDone too soon cm_ApplyDir() failed to maintain the synchronization state while the GetBuffer() operation proceeded. Change-Id: I616622e9aebbdb20a325826032991e5d5c5d9e24 Reviewed-on: http://gerrit.openafs.org/11918 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 1409bf8e007ac1060dfaf8ec09bdc27e95db3ba9 Author: Jeffrey Altman Date: Sun Jun 28 13:59:28 2015 -0400 Windows: cm_CheckNTDelete missing SyncDone call cm_CheckNTDelete() forgot to call cm_SyncDone() in one of the error paths. Fixup the call pattern and do not forget to call cm_SyncDone(). Change-Id: I9274b65c5a5f22ca71e0b10f860d57d7e567a56c Reviewed-on: http://gerrit.openafs.org/11917 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit dfc8db6e3d21208c43f07bc90835cdd37f6f6812 Author: Jeffrey Altman Date: Sun Jun 28 13:51:40 2015 -0400 Windows: NPSupport Remote Name verification When adding a connection verify that the server name and the share name are valid. If not return ERROR_BAD_NETWORK_NAME. When getting connection information, if a pre-existing connection does not exist and either the server name or the share name do not verify return ERROR_BAD_NETWORK_NAME and not ERROR_INVALID_PARAMETER. Change-Id: Ib40a6b56318793d1c1b351ba895736beb616585d Reviewed-on: http://gerrit.openafs.org/11916 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 2f072b2fe6e7d5927bd4e597614af7f62240ccb1 Author: Jeffrey Altman Date: Sun Jun 28 13:43:03 2015 -0400 Windows: NPGetResourceInformation return redir error When the redirector ioctl fails in NPGetResourceInformation() return the actual error to the caller. Do not hide all errors as WN_BAD_NETNAME. Change-Id: Ie02ca5331aa34aef4476c99045048871c6c25de0 Reviewed-on: http://gerrit.openafs.org/11915 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d977906371ef9cef4e62d9b86daf673b0d9b599b Author: Jeffrey Altman Date: Sun Jun 28 13:39:32 2015 -0400 Windows: NP RemoteName Length checks Ensure that RemoteName paths have at least two characters before attempting to access character [1]. Change-Id: I75487056686dccf2bf57b22e7c99e9d8210eaaf3 Reviewed-on: http://gerrit.openafs.org/11914 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 69bc77c538a181315f532ce4ee9e49698e589083 Author: Jeffrey Altman Date: Sun Jun 28 13:27:03 2015 -0400 Windows: AFSParseName() uniFullName.MaximumLength The uniFullName.MaximumLength in AFSParseName() is not properly modified and can end up being extended beyond the actual memory allocation due to a missing decrement. Change-Id: I070ee33acd32849d05bbc83c6e7cfaf55e6a0997 Reviewed-on: http://gerrit.openafs.org/11913 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit b170a840b5f702356c15bb59737e7ed106cdc88c Author: Jeffrey Altman Date: Sun Jun 28 13:24:13 2015 -0400 Windows: remove dead network provider code Remove all #if 0 code blocks. Change-Id: I981d7a178c0ae1be7b3ca9f546a7a1aab8f5a48c Reviewed-on: http://gerrit.openafs.org/11912 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 6405e0584a16711d09cf0e0c80b5916a050be7d2 Author: Jeffrey Altman Date: Sun Jun 28 13:21:35 2015 -0400 Windows: npdll do not retrieve auth id The authentication id for the process will always be obtained in kernel so no longer try to fetch it in userland. Change-Id: I8d35af1349e137b8a3d7d8299b16e443710c6482 Reviewed-on: http://gerrit.openafs.org/11911 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 967c5dbef3340ee0c870b1fb1f91c24fb6443358 Author: Jeffrey Altman Date: Sun Jun 28 13:18:01 2015 -0400 Windows: Always fetch auth id in kernel When processing network provider requests in afsredirlib.sys always obtain the auth id using the SYSTEM worker thread. Do not trust the values provided by userland. Change-Id: I9786b0c836cf967074035a7595c38c8700cb7589 Reviewed-on: http://gerrit.openafs.org/11910 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d35164370a8e799ed35f7f23670ddee02dc87f50 Author: Jeffrey Altman Date: Sun Jun 28 13:12:13 2015 -0400 Windows: Move GetAuthenticationId to Worker Thread When PsReferenceImpersonationToken(), PsReferencePrimaryToken(), and SeQueryInformationToken() are called in the kernel from a user process thread the restrictions on the userland process still apply. Since we do not want to be restricted we must obtain the token and query the token information from a SYSTEM thread. This change restructures the AFSGetAuthenticationId() process to queue a synchronous task to the worker thread. This should address the problem that has been seen during system boot when the Group Policy Service attempts to query, remove or create a drive letter mapping. Change-Id: Ib8772e185aa1e4e52979ec847bbc18a9878bcaca Reviewed-on: http://gerrit.openafs.org/11909 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 4233e4d661e3beb8e4ecb59e4a4c0ed3d9df69b7 Author: Jeffrey Altman Date: Tue Jun 9 08:55:44 2015 -0400 Windows: AFSRetrieveFileAttributes no parent path Modify AFSRetrieveFileAttributes() to handle the case of a ParentPathName with a Length == 0. In such a case the introduction of a path separator would result in the construction of an absolute path when a relative path is required. Change-Id: I2e633b22992b0aee914927a451bb146fc57110e8 Reviewed-on: http://gerrit.openafs.org/11889 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 456b68ccb6d8ad31b735d2c08d0313963ff66c22 Author: Jeffrey Altman Date: Tue Jun 9 08:44:43 2015 -0400 Windows: AFSRetrieveParentPath handle no parent AFSRetrieveParentPath() when presented with a relative path that has no parent will walk off the front of the FullFileName buffer. Add checks to ensure that Length never becomes less than zero. Change-Id: I7d619dc569d6c002b1d236a9340921414c51647f Reviewed-on: http://gerrit.openafs.org/11888 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit af7f7da0aad29ff9bf5adad288b512d31954b36e Author: Jeffrey Altman Date: Tue May 12 23:15:50 2015 -0400 Windows: AFSGetConnectionInfo partial match validation AFSGetConnectionInfo() is called to respond to NPGetResourceInformation and NPGetConnectionPerformance WNet API requests. The former permits the requestor to provide a path containing components that are not processed by the file system represented by the called network provider. As such partial matches are permitted BUT they must consist of full components. In other words, \\afs\sh is not a valid partial match for \\afs\share but \\afs\share is a valid partial match for \\afs\share\dir. This change adds validation checks to enforce full component comparisons. It also cleans up some of the associated comparisons and trace output. Change-Id: Ia736030f554f9770b201227c4dce26d7d45fe0d2 Reviewed-on: http://gerrit.openafs.org/11887 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 99894f0a7070caca7c8e96af3d82cf2bfdfe2bb9 Author: Jeffrey Altman Date: Mon Jul 6 01:39:41 2015 -0400 Windows: NetrShareGetInfo do not return registry errors In NetrShareGetInfo() when registry api calls fail do not leak the error codes to the caller. Instead, set the error to CM_ERROR_NOSUCHPATH so that NERR_NetNameNotFound can be returned. Change-Id: I2c8f12573ca604385176ebb18d92ff2f7023a27e Reviewed-on: http://gerrit.openafs.org/11924 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a640e76d0f84c647abfe4968c842c0cb33f670e5 Author: Jeffrey Altman Date: Mon Jul 6 01:38:01 2015 -0400 Windows: NetrShareGetInfo no return buffer on error When processing the NetrShareGetInfo() pipe service rpc do not allocate memory for the return buffer is the path cannot be found. Change-Id: I782df44de4d6b7a4664234ae0f8295294b889469 Reviewed-on: http://gerrit.openafs.org/11923 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit ac05e8ceebd05c2d8496759e70cf7b1b92541134 Author: Michael Meffie Date: Wed Apr 29 11:54:45 2015 -0400 libafs: remove linux conditionals for md5 inode number calculation Remove the conditionals which hide the md5 digest calculation for inode numbers on non-linux platforms. This feature was originally added to support sites running on linux, but is generally useful and the implementation is not specific to linux. Change-Id: I7f406f9492780c1893dc1a2892db253b05036120 Reviewed-on: http://gerrit.openafs.org/11854 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk commit c6a8739a67edca8a7e987bd1f3d5dcc226ad47a0 Author: Daria Phoebe Brashear Date: Thu Aug 20 13:20:38 2015 -0400 openafs: add a contributor code of conduct In the interest of fostering a friendly, welcoming environment for contributors, institute a code of conduct for the project. Adapted from the Contributor Covenant. LICENSE MIT Change-Id: I4eb3b8a84981ef04f02e7d60ec46873305888147 Reviewed-on: http://gerrit.openafs.org/11987 Tested-by: BuildBot Reviewed-by: Jonathan A. Kollasch Reviewed-by: Thomas L. Kula Reviewed-by: Nathaniel Filardo Reviewed-by: Michael Meffie Reviewed-by: Marcio Brito Barbosa Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk commit fd23587a5dbc9a15e2b2e83160b947f045c92af1 Author: Michael Meffie Date: Tue Sep 15 13:33:12 2015 -0400 LINUX: Fix oops during negative dentry caching Commit 2e9dcc069904aaa434787eec53c6f9821911cbab reinstated negative dentry caching, but introduced an oops when fakestat is in use. Be sure the GLOCK is held when looking up the parent vcache dv when the parent is a mount point and fakestat is in use, since the calls to do the lookup require the GLOCK to be held. Change-Id: I6c47fbf53280400bf40271b1ff2837bd7c6dc69e Reviewed-on: http://gerrit.openafs.org/12019 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 152ad2848661c0827a29d4f15543be341c1251c3 Author: Chas Williams (CONTRACTOR) Date: Thu Jan 15 20:27:04 2015 -0500 doc: remove supergroup caution from pt_util Supergroup information is explicitly present in -members Change-Id: I25527c093858bc0b029417cbf2bb07717c50bb32 Reviewed-on: http://gerrit.openafs.org/11681 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ab4b5557b8c10fb27ac2e63ffdece2fc78c027d8 Author: Michael Meffie Date: Wed Jan 21 22:44:32 2015 -0500 bozo: move more initialization code to functions Move the code to create the initial "localcell" configuration and the code to get the rx bind address out of main and into separate functions. Replace the global array of host addresses used to get the rx bind address with a local variable. Replace the call to rx_getAllAddr() with rx_getAllAddrMaskMtu(). The former is not safe to call before rx_InitHost(). Initialize the cell info structure to zeros when creating the initial "localcell" configuration. Change-Id: I756aef86018d0cdd499afa58fdea99a7ac0d99df Reviewed-on: http://gerrit.openafs.org/11690 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk commit 0aee126cf20a4357d9ab1df08a8428ae9313e3b9 Author: Michael Meffie Date: Thu Sep 3 16:07:32 2015 -0400 opr: export softsig functions Add the softsig functions to the exported symbols list. Change-Id: I9378297ae035111459e597ae211fe832e93b63e3 Reviewed-on: http://gerrit.openafs.org/11999 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 8e97a6c93604014b126fb2e9e33642b11f4c2fc0 Author: Benjamin Kaduk Date: Thu Jan 15 11:54:30 2015 -0500 afs: Increase vcache and dcache hash table sizes Now that we are using a real hash function, larger hash tables will be more useful. The vcache hash tables are statically sized, and this increase will add about a megabyte to the kernel module's memory footprint. Update the algorithm used to dynamically size the dcache hash tables, keeping the old behavior for small numbers of dcaches, but growing the hash table's size to keep the average chain length near two for a range of dcache numbers. Cap the dcache hash tables at 32k entries to avoid excessive resource usage. This involves code from opr, namely opr/ffs.h, which is acceptable in the kernel module because that header is a standalone header like jhash.h, with no dependencies on the system. Change-Id: I7cdb3e993b1c2ad177a46ecc06bfa2be52e619e5 Reviewed-on: http://gerrit.openafs.org/11679 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 9b0d5f274fe79ccc5dd0e4bba86b3f52b27d3586 Author: Michael Meffie Date: Fri Dec 18 08:20:24 2009 -0500 return an error from afs_readdir when out of buffers Instead of silently failing, return EIO from readdir when the cache manager is unable to allocate a buffer in afs_newslot, (afs: all buffers locked). Change-Id: I3d5a5d73ce78db216400cab45a651fd8a49ea0c3 Reviewed-on: http://gerrit.openafs.org/1001 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 2e9dcc069904aaa434787eec53c6f9821911cbab Author: Andrew Deason Date: Sun Aug 24 23:01:16 2014 -0500 LINUX: Restore negative dentry caching One of the changes in commit 652f3bd9cb7a5d7833a760ba50ef7c2c67214bba effectively disabled negative caching for dentries, by always invalidating a negative dentry in afs_linux_dentry_revalidate. This was because various temporary errors could result in ENOENT errors being returned to afs_lookup, which created incorrect negative dentry cache entries. These incorrect ENOENT errors were rectified in change Ib01e4309e44b532f843d53c8de2eae613e397bf6 . So, negative dentry cache entries should work now, so remove the code to unconditionally invalidate these negative entries. Change-Id: Ic027147fd1f733beaa0fafbbabfa8c09f5656d34 Reviewed-on: http://gerrit.openafs.org/11789 Reviewed-by: Benjamin Kaduk Reviewed-by: Daria Brashear Tested-by: BuildBot commit 07e474e35e070b9ddcc5158796c95442aea0597f Author: Benjamin Kaduk Date: Tue Jan 27 16:33:25 2015 -0500 Make compile_et output usable out-of-tree Prior to this commit, the output C files from compile_et would emit #includes of and . These files are not installed, and are only available in an OpenAFS build tree. The output C files also emit #includes of , which is an installed file, and is therefore expected to be available on a system with OpenAFS installed. Removing the first two headers will allow OpenAFS's compile_et binary to be used to compile error tables which are not part of OpenAFS, on systems where OpenAFS is installed. The inclusion of afsconfig.h was added in commit 972a4072827fb2ec680354d5adebc2c5cca06939 to ensure that it was included prior to afs/param.h; however, the inclusion of afs/param.h in compile_et.c stems from the original IBM import and seems of minimal value. The only changes needed to build without param.h are to use int instead of afs_int32 in a couple places (int is 32 bits on all platforms currently supported) and to include for size_t. Change-Id: I1ee969eec92b139d265a7494e13ddfc69c05f238 Reviewed-on: http://gerrit.openafs.org/11708 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit e99bfcfaa3bca3e65f03928718c2c9eb5eff7c8c Author: Benjamin Kaduk Date: Tue Jan 13 20:22:59 2015 -0500 afs: use jenkins hash for dcache, vcache tables Switch the four dcache and vcache hash tables to use the jenkins hash from opr. This requires making DCHash into a full-weight function in order to properly hash all three inputs; convert all four symbols to full functions for consistency. Just pull in via afs.h so all consumers (e.g., of VCSIZE) can use it without modification. This is the first use of src/opr/ in src/afs/ (outside UKERNEL), but it is permissible because opr/jhash.h is a standalone header and there are no C files needed for its implementation which would require anything from the system. Change-Id: Ic7f31e7dc548ff2cf13ac087a9e4bbb2b874e03a Reviewed-on: http://gerrit.openafs.org/11673 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 244b82d24c37355bc855361815a7e682d6445af3 Author: Benjamin Kaduk Date: Sun Dec 14 16:13:39 2014 -0500 rx: Tidy up rxi_CheckCall()'s mtuout handling We don't actually do anything that matters if lastPacketSizeSeq is set and lastPacketSize is zero, so zero both when we're cleaning up. lastPacketSize and lastPacketSizeSeq are set together in rxi_SendPacket (and rxi_SendPacketList), when we are sending a packet larger than the current estimate of the peer's maxPacketSize. The two fields are checked together during ack processing, but rxi_CheckCall() only checks lastPacketSize, ignoring lastPacketSizeSeq. Change-Id: I4e52bed0900b5551859200699f114f5d5a61581c Reviewed-on: http://gerrit.openafs.org/11633 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Daria Brashear commit 20d5760fe9653fb748fc25661257ab9720b2b5a6 Author: Benjamin Kaduk Date: Fri Feb 27 18:20:19 2015 -0500 Document KeyFileExt(5) Add a manual page for the KeyFileExt file. Add cross-references from all places which currently reference KeyFile(5), and update their body text accordingly. Change-Id: Iab56847fcb59dda0c8a344a626ddb0ff35b98b26 Reviewed-on: http://gerrit.openafs.org/11770 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 05e7c2f2fb60805e21f6235d7666b9c6f943a685 Author: Michael Meffie Date: Wed Jan 21 14:31:51 2015 -0500 bozo: use the full path when renaming BosLog to BosLog.old Use the full path when renaming the BosLog file to BosLog.old and when checking whether the BosLog file can be opened, otherwise the rename will fail (and go unnoticed), and the initial BosLog check opens a handle to a file in the wrong directory. Create the server directories, including the logs directory, before forking and log file initialization. Change-Id: I3733d64335f348190572f6278086b634641f2754 Reviewed-on: http://gerrit.openafs.org/11685 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk commit df05a15ce3cb1c730bf87613711c38fa25be349f Author: Michael Meffie Date: Mon Feb 9 15:04:19 2015 -0500 bozo: fix -pidfiles default Fix the default value for the -pidfiles argument. The pidfiles should be stored in the local state directory, not the server configuration directory when using modern paths. Fixes commit bdf86d245fd55c5c7ac7ea81e3d6b6bafdbe1783. Change-Id: Ie338b0071c6ea6ee44b376d231d12b85571de6ae Reviewed-on: http://gerrit.openafs.org/11732 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 64eb76eebb7e4f0363aca2c92fd6b1cc0ce8e7b0 Author: Anders Kaseorg Date: Fri Jul 31 01:49:03 2015 -0400 kauth: Resolve date signedness warning in SetFields Resolves this warning: admin_tools.c: In function ‘SetFields’: admin_tools.c:611:30: warning: pointer targets in passing argument 2 of ‘ktime_DateToInt32’ differ in signedness [-Wpointer-sign] code = ktime_DateToInt32(s, &expiration); ^ In file included from /home/anders/wd/openafs/include/afs/afsutil.h:84:0, from admin_tools.c:39: /home/anders/wd/openafs/include/afs/afsutil_prototypes.h:101:18: note: expected ‘afs_int32 *’ but argument is of type ‘afs_uint32 *’ extern afs_int32 ktime_DateToInt32(char *adate, afs_int32 * aint32); ^ Change-Id: Id24e7a6cd1ab2291c0c05d3835f4ad7fddfec8d7 Reviewed-on: http://gerrit.openafs.org/11956 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk commit fa8e0beb96c8693a98d5ce0f310255bcd0731f6f Author: Benjamin Kaduk Date: Fri Feb 27 17:47:45 2015 -0500 Update asetkey.8 for KeyFileExt Prefer KeyFileExt to KeyFile ~everywhere. Make the main documentation assume a modern cell with KeyFileExt and rxkad-k5, moving the old rxkad and KeyFile documentation to a new section, HISTORICAL COMPATIBILITY. Note that kaserver is deprecated. Do not mention the Update Server, which is also disrecommended for new installations. Add a copyright statement for the new content. Change-Id: Idcb4940615a00189b655538a9a190cc35153cc89 Reviewed-on: http://gerrit.openafs.org/11769 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 05f64de7d723a8d5430d9b5928c2025838a6fa52 Author: Marc Dionne Date: Wed Jul 29 09:03:14 2015 -0300 Linux: Only use automount for volume roots As long as we avoid using directory aliases when crossing a mount point (at the volume root), we should always get to a given non root directory with the same dentry. The mechanism added by commit de381aa0 ("Linux: Make dir dentry aliases act like symlinks") is therefore only really necessary for a volume root. With kernel 4.2 it is not possible to tweak the "total link count", resulting in ELOOP errors when looking up a path with 40 or more directories that are being looked up for the first time. With this change, only mountpoints will count against the limit. Change-Id: Id0e5a51d579eee51ecb8d7fb575a7a30740ea70e Reviewed-on: http://gerrit.openafs.org/11945 Reviewed-by: Benjamin Kaduk Reviewed-by: Daria Brashear Tested-by: BuildBot commit c38382c12763128d3f66e750e5e7b1c767ac74f7 Author: Marcio Barbosa Date: Thu Aug 6 11:53:23 2015 -0300 tests: give the full path to the softsig test helper program In order to start the softsig test helper properly, the full path of this program is necessary. FIXES 132246 Change-Id: I4e9ff1e62a0b82078338eeaf0d4368ac1b35dccc Reviewed-on: http://gerrit.openafs.org/11977 Tested-by: BuildBot Reviewed-by: Michael Meffie Tested-by: Michael Meffie Reviewed-by: Benjamin Kaduk commit fcfa8d039a56d051838142cc5b361be195d225e3 Author: Anders Kaseorg Date: Fri Jul 31 23:26:43 2015 -0400 tests/auth/keys-t.c: Don’t ignore return value of write Resolves this warning: keys-t.c: In function ‘copy’: keys-t.c:63:6: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result] write(out, block, len); ^ Change-Id: If2427f2658b428091ffba3d11643ad95f193a67d Reviewed-on: http://gerrit.openafs.org/11957 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 86053beac56629f7bdbc2695fda560e0410e430f Author: Simon Wilkinson Date: Sat Mar 2 09:19:13 2013 +0000 Unix CM: Make rootVolume array big enough In afs_CheckRootVolume, the local rootVolumeName array needs to be large enough to hold the contents of the global afs_rootVolumeName string, which is 64 characters long. Fix our local array to be the same length by using a new defined constant MAXROOTVOLNAMELEN. Caught by coverity (#985758) Change-Id: I4c926b94efb40d7107e2d7160ade0ba8b381004e Reviewed-on: http://gerrit.openafs.org/9348 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 06caaaa6d089e0c0393e45c43b525d202c9c7a24 Author: Hans-Werner Paulsen Date: Wed Jan 14 12:39:38 2015 +0100 vos dump -clone: use volumename of cloned volume with the command "vos dump -clone" use the volumename of the cloned volume instead of the fixed string "dump-clone-temp". This volumename is recorded in the DumpHeader and VolumeHeader of the dump file. Change-Id: I38ef846f043680c8f13dce263581a61bbd7ef7dd Reviewed-on: http://gerrit.openafs.org/11670 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 8ea75188476edde820ec369039691497057b88ab Author: Marc Dionne Date: Mon Dec 16 16:52:17 2013 -0500 afsmonitor: Skip additional bits for large timeval When the timeval structure uses 64-bit values for sec and usec, 64 extra bits need to be skipped in the input for every time value that is parsed. There's a remaining assumption in this part of the code that the time values received from the server are 32-bits, but after decoding they will always have the local size which may well be 64-bits. Change-Id: Iaf52df8f9da1146807dddc1c44a9e52e83654d9c Reviewed-on: http://gerrit.openafs.org/10592 Reviewed-by: Daria Brashear Tested-by: BuildBot commit 763eb16380986959aeb8c2cc6111f1d9cdb7b17d Author: Benjamin Kaduk Date: Mon Jan 12 16:34:21 2015 -0500 vol: Switch to Jenkins hash for volume hash table While here, bump the default size from 256 to 1024. Change-Id: Ife95f14009764785a18556289d5dfe5e7a96b477 Reviewed-on: http://gerrit.openafs.org/11667 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit ebf04c3a3eeb6dd49756a93f31e0f90fd706a44f Author: Benjamin Kaduk Date: Mon Jan 12 16:13:28 2015 -0500 Switch to jhash for VNODE_HASH Remove the vnodeHashOffset field, as the Jenkins hash will get a uniform-enough distribution without this extra help. Per-volume unique hashing is retained by using the volume ID as the initial value input to the Jenkins hash. While here, increase the vnode hash table size from 256 to 2048. Change-Id: I353dfc8178f13f4e9adcd03a331adf2a7c64a1a9 Reviewed-on: http://gerrit.openafs.org/11666 Reviewed-by: Daria Brashear Tested-by: BuildBot commit 22faedd3ccac9b74f759709a6116befb3c4bc17a Author: Benjamin Kaduk Date: Mon Jan 12 16:15:53 2015 -0500 vol: relocate some comments Put them closer to the code they are describing. Change-Id: Iaf7137eae2bf4464f26d98b0c3e0e9040f19c321 Reviewed-on: http://gerrit.openafs.org/11665 Reviewed-by: Daria Brashear Tested-by: BuildBot commit bfa668c14730b2335c29abd7b8aa20b8e6df338b Author: Benjamin Kaduk Date: Mon Jan 12 15:14:48 2015 -0500 Normalize on vp->hashid for hash table usage At present the hashid is set to the same value as the volume ID (i.e., V_id(vp) a.k.a. vp->header->diskstuff.id), but we should not leak across the abstraction barrier without cause. Change-Id: I6a727e60c34bdc938f4ae2e815c7513802a4dbc9 Reviewed-on: http://gerrit.openafs.org/11664 Reviewed-by: Daria Brashear Tested-by: BuildBot commit 899f8eaf3f63b1f91fe6b6eb8f582f82bd10cb66 Author: Andrew Deason Date: Thu Aug 14 15:13:48 2014 -0500 objdir build: Normalize COMPILE_ET_* commands A few different places in the tree currently invoke compile_et in a few different ways. These three general styles all appear: ${COMPILE_ET_H} -p ${srcdir} foo ${COMPILE_ET_H} -p ${srcdir} foo.et ${COMPILE_ET_H} ${srcdir}/foo.et Of these, the first is the correct way to invoke compile_et in a Makefile. The other two can fail during at least some objdir builds. Take this example of the second style of invocation: afs_trace.h: afs_trace.et ${COMPILE_ET_H} -v 2 -p ${srcdir} afs_trace.et During an objdir build, the compile_et command will get expanded like so, due to VPATH expansion: $top_objdir/src/comerr/compile_et -emit h -v 2 \ -p $top_srcdir/src/afs \ $top_srcdir/src/afs/afs_trace.et The compile_et command concatenates the -p prefix with the actual filename provided, so the file it tries to open is: $top_srcdir/src/afs/$top_srcdir/src/afs/afs_trace.et For non-objdir builds this doesn't happen, since $srcdir is just '.', and afs_trace.et gets expanded to just afs_trace.et (or possibly ./afs_trace.et). This is also not a problem for objdir builds that are specified as a relative path and are 'adjacent' to the srcdir. For example, if we ran '../openafs-1.6.10pre1/configure --options', our $top_srcdir is just '../openafs-1.6.10pre1', with some magic to expand '..' to the correct number of levels. So in the above example, the compile_et invocation gets expanded to: /path/to/objdir/src/comerr/compile_et -emit h -v 2 \ -p ../../../openafs-1.6.10pre1/src/afs \ ../../../openafs-1.6.10pre1/src/afs/afs_trace.et And compile_et then tries to open the path ../../../openafs-1.6.10pre1/src/afs/../../../openafs-1.6.10pre1/src/afs/afs_trace.et which collapses to just ../../../openafs-1.6.10pre1/src/afs/afs_trace.et, which is the correct file. However, if the $srcdir is specified as an absolute path, or if the number of '..'s is wrong, this doesn't work. It is perhaps easiest to explain why by just using another example. For an absolute path, the invoked command is: /path/to/objdir/src/comerr/compile_et -emit h -v 2 \ -p /path/to/openafs-1.6.10pre1/src/afs \ /path/to/openafs-1.6.10pre1/src/afs/afs_trace.et And compile_et tries to open /path/to/openafs-1.6.10pre1/src/afs/path/to/openafs-1.6.10pre1/src/afs/afs_trace.et, which obviously does not exist. This results in a build failure like: /path/to/openafs-1.6.10pre1/src/afs/path/to/openafs-1.6.10pre1/src/afs/afs_trace.et: No such file or directory *** Error code 1 make: Fatal error: Command failed for target `afs_trace.msf' For a non-working relative objdir, we may invoke a command like this: /path/to/objdir/src/comerr/compile_et -emit h -v 2 \ -p ../../../../openafs-1.6.10pre1/src/afs \ ../../../../openafs-1.6.10pre1/src/afs/afs_trace.et And compile_et tries to open ../../../../openafs-1.6.10pre1/src/afs/../../../../openafs-1.6.10pre1/src/afs/afs_trace.et, which is ../../../../../openafs-1.6.10pre1/src/afs/afs_trace.et, which (probably) doesn't exist, since it goes one too many levels up. To avoid this, we can just prevent the filename argument to compile_et from undergoing VPATH expansion. compile_et never opens the given path directly if -p is given, so it's not really a file path and so should not be altered by VPATH. compile_et will add a trailing .et to the filename if it doesn't have one, so we can avoid the VPATH expansion by just leaving out the trailing .et. We could also avoid the VPATH expansion by specifying something like './afs_trace.et', but it is perhaps more clear to not say the explicit filename, since we're not really specifying a path to a file. Just leaving out the -p option, as in this style of compile_et invocation: dumpscan_errs.h: ${srcdir}/dumpscan_errs.et $(COMPILE_ET_H) ${srcdir}/dumpscan_errs.et also fails for objdir builds. This is because, without the -p option, compile_et defaults to '.' as the prefix. If the srcdir is /path/to/openafs-1.6.10pre1, then this will expand to: /path/to/objdir/src/comerr/compile_et -emit h \ .//path/to/openafs-1.6.10pre1/src/tools/dumpscan/dumpscan_errs.et which will fail, since that path to dumpscan_errs.et does not exist. So to fix this, make all compile_et invocations follow this style: ${COMPILE_ET_H} -p ${srcdir} foo Many other invocations of compile_et in the tree are already like this, so this commit just changes the others to match. Change-Id: Ied12e07a1cc6e115d4a10cd7a6c97aae9ce7f5f9 Reviewed-on: http://gerrit.openafs.org/11391 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 4e05184264bf1c0d54e20741563ba9dadc2ef522 Author: Andrew Deason Date: Sun Jan 12 23:24:55 2014 -0600 LINUX: Fix "unused but set var" autoconf warnings A few of the linux autoconf tests generate -Wunused-but-set-variable warnings, unless the test is run with -Wno-unused-but-set-variable. Since we run these tests with -Werror, this can cause the tests to incorrectly fail if they are not run with -Wno-unused-but-set-variable. The Linux kernel build process normally does run with that option, but due to some other (possibly buggy) behavior, sometimes these configure tests do not run with that option. So, make our tests work without generating that warning, so we will work in more cases. Reorganize a few of these tests so we are setting a field in a global structure, instead of a function-local one. Make the test function names and style little more consistent while we are here, but do not make the global structure 'static', in case the compiler recognizes we are setting fields for a structure that cannot be used by anything. In particular, the "revalidate takes nameidata" test had been wrongly succeeding, but that didn't usually matter because of how the feature tests are ordered in the code. It does matter in the case when the "revalidate takes unsigned" check also gets a wrong result, which can cause kernel BUGs, which should be fixed by these changes. See: Change-Id: Ic29c4fc61da17633d8d1af81949b3917beb58cf6 Reviewed-on: http://gerrit.openafs.org/10706 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 9738c82bd6e5a1c294911d06e3c3e38b70a8caa8 Author: Sami Kerola Date: Sun Jun 23 22:08:34 2013 +0100 opr: fix often reported warning $ make CC=cgcc CHECK="smatch -Wsparse-all" 2>&1 | tee debug $ sed -n 's/.*warning: //p' debug | sort | uniq -c | sort -n | tail -1 7218 passing argument 1 of 'opr_AssertionFailed' discards 'const' qualifier from pointer target type [enabled by default] Change-Id: I81c5c1db39b1a08c7dda3caa3d4cdf685186ff5b Address: http://smatch.sourceforge.net/ Reviewed-on: http://gerrit.openafs.org/10019 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 204cb4deec73121ff8ef13654beb9936f828a804 Author: Andrew Deason Date: Mon Feb 10 14:13:39 2014 -0600 vol: Log more info on wrong SYNC response length We log that the length of the response was wrong, so we're dropping the connection. Log what the actual and expected lengths were, at least, so we can maybe get a little bit of useful information from this message. Change-Id: I499d43c7625712b507698d908feb21477b789563 Reviewed-on: http://gerrit.openafs.org/10829 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 2aa4cb047596b654a175f5a22197c2923002a271 Author: Andrew Deason Date: Fri Feb 13 18:08:25 2015 -0600 afs: Stop abusing ENOENT When looking up a file, the ENOENT error code is supposed to be used if we know that the target filename does not exist. That is, the situation is a user or application error; they specified a filename that was not previously created. Currently, though, we use ENOENT for a variety of different situations, such as: - After successfully looking up a directory entry, we fail to afs_GetDCache or afs_GetVCache on the FID for that entry. - We encounter an invalid mount point, in certain code paths. In each of these situations, an ENOENT error code is incorrect, since the target filename does indeed exist and these situations may be caused by network or administrative errors. An ENOENT error implies that the user may be able to then create the target filename, which is not true most of the time in the above situations. In addition, on LINUX we return a negative dcache entry when we encounter an ENOENT error on lookup. This means that if any of the above scenarios occur, Linux would cache the fact that that directory entry did not exist, and return ENOENT for future lookups. This was worked around in one of the changes in commit 652f3bd9cb7a5d7833a760ba50ef7c2c67214bba to always invalidate such negative dentries, but at the cost of performance (since this caused negative lookups to never be cached). To avoid all of these issues, just don't use ENOENT in these situations. For simple non-disconnected afs_GetDCache or afs_GetVCache errors, return EIO, since we have encountered an error that is internal to AFS (either the underlying data is inconsistent, or we have a network error, or something else). In disconnected operation, return ENETDOWN like in other disconnected code paths, since often the root cause is due to us not having network access. When a bad mountpoint is encountered, return ENODEV, since that is what we use elsewhere in the code when encountering a bad mountpoint. It is also noteworthy that this changes removes the translation of VNOVNODE into ENOENT, since a nonexistent vnode is not the same as a nonexistent filename, as described above. Some code paths have special behavior for this situation (ignoring the error in some cases where it does not matter). These code paths should be okay with this change, since all of them examine error codes that have not been translated through afs_CheckCode. Some useless references to ENOENT were also removed in src/afs/LINUX*/osi_misc.c. These did not result in incorrect behavior, but removing them makes searching for bad ENOENT references easier. Change-Id: Ib01e4309e44b532f843d53c8de2eae613e397bf6 Reviewed-on: http://gerrit.openafs.org/11788 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a19728ba55f30a41799855b49c5cf6c07c840f87 Author: Andrew Deason Date: Fri Feb 13 18:02:44 2015 -0600 afs: Clarify vcache->mvid accesses Currently, numerous places in the code treat the 'mvid' field in struct vcache as a few different things: - If the vcache is a mountpoint, mvid points to the fid of the root dir of the target volume. - If the vcache is a volume root dir, mvid points to the fid of the parent dir for the mountpoint. - If the vcache is a sillyrenamed file, mvid points to a string, which is the name the vcache was renamed to. Despite these three things being very different (and one of them is a completely different type than the others), everywhere in the code just accesses mvid as 'avc->mvid'. This can make it very confusing as to what the field actually means at any particular part of the code, and makes it very difficult to search the code for places that use mvid in any one of these specific ways. So, to aid in code clarity, make mvid into a union, with the following members: - target_root: For the "mountpoint" case. - parent: For the "root dir" case. - silly_name: For the "sillyrename" case. This should have no effect on code behavior, but just makes the code a bit clearer. Change-Id: I45391bb7a99d6f8e35c44873b677d157ea681900 Reviewed-on: http://gerrit.openafs.org/11748 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 65cffcadb96389ff3e794eb822d2231220c71160 Author: Andrew Deason Date: Fri Feb 13 17:31:37 2015 -0600 afs: Use named constants for mvstat Currently the vcache 'mvstat' field is assigned three magic values: 0 for normal files and directories, 1 for mountpoint objects, and 2 for volume root dirs. These values are clearly defined in comments, but everywhere we actually assign or compare these values, we use the bare numbers. Stop this nonsense and use named constants, to make the code less inscrutable. Change-Id: Ic1b133109d619b70317141431f163e552bafd109 Reviewed-on: http://gerrit.openafs.org/11747 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Perry Ruiter commit 721451286285d4cc15b2fc22bfcde83b21e954a3 Author: Andrew Deason Date: Mon Aug 11 13:51:39 2014 -0500 vol: Avoid FDH_SEEK/FDH_READ All code in the tree except for this uses positional i/o (FDH_PREAD/FDH_PWRITE). For consistency and to ensure that we do not mix positional and non-positional i/o, just use the positional i/o functions here. It's simpler, too. Change-Id: Ib65f81dde7532631cd7d642c9ef814d47c71581a Reviewed-on: http://gerrit.openafs.org/11377 Tested-by: BuildBot Reviewed-by: Hans-Werner Paulsen Tested-by: Hans-Werner Paulsen Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk commit ce51d192861ca8a21208fadf38e30a62ac06a019 Author: Michael Meffie Date: Mon Mar 31 14:25:54 2014 -0400 readme: remove README.PTHREADED_UBIK We enabled pthreaded ubik by default in commit 27cb0d38885428474b0d4287, and it is no longer considered beta or experimental. There is no longer a need for separate documentation of it, and adjust the options listing in INSTALL accordingly. [kaduk@mit.edu: adjust for the changed default behavior.] Change-Id: Ib1315e55c1e00bdae0f55f0f8446f5a2c3d9671f Reviewed-on: http://gerrit.openafs.org/10978 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 9a77af6d2265c478b561bf1c5525e913b371525d Author: Michael Meffie Date: Mon Mar 31 14:03:58 2014 -0400 readme: Rename README to INSTALL Create a new top level README to introduce OpenAFS. Move the old README to a file called INSTALL for information about building and installing OpenAFS on various platforms. Change-Id: Id8853de73f669a6d5497cafd65a1e98b309c6efc Reviewed-on: http://gerrit.openafs.org/10976 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit f61beda6d628f72a0357e2066d4e03cf52f0ba03 Author: Michael Meffie Date: Mon Mar 31 13:02:00 2014 -0400 readme: move the LICENSE file to the top level directory Move the LICENSE file to the top directory to make it more visible and to clean up the src directory. Update the top level make file and redhat packaging to accomodate the new path to the LICENSE file. Change-Id: I64b655584cf61b8a45c6d6788a84aff31df8e83e Reviewed-on: http://gerrit.openafs.org/10972 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit c9f430fd8f479bbfe28829f7032ecd325a4f833d Author: Jeffrey Altman Date: Sat Aug 1 09:32:35 2015 -0400 vlserver: ListAttributesN2 volume name safety The vlserver ListAttributesN2 RPC permits filtering the result set by volume name in addition by site or volume id. Two issues identified by Andrew Deason (Sine Nomine Associates) are addressed by this patch. First, the size of the volumename[] buffer is insufficient to store the valid input read over the network. The buffer needs to be able to store VL_MAXNAMELEN characters of the volume name, two characters for the regular expression '^' and '$', and the trailing NUL. Second, sprintf() is used to write to the buffer and even with valid input from the caller SVL_ListAttributesN2 can overflow the buffer when ".backup" and ".readonly" are appended to the volume name. If there is an overflow the search name is invalid and there can not be a valid match. This patch increases the size of volumename[] to VL_MAXNAMELEN+3. It also uses snprintf() instead of sprintf() and performs error checking. The error VL_BADNAME is returned when the network input is invalid. Change-Id: Id65b83e0dd14c6f41af73c6868975ae53c4975a7 Reviewed-on: http://gerrit.openafs.org/11969 Reviewed-by: Mark Vitale Reviewed-by: Nathaniel Filardo Reviewed-by: Daria Brashear Tested-by: BuildBot commit 049323e7e03c64f534a73ff452d218f19d5b8132 Author: D Brashear Date: Fri Jul 18 16:00:12 2014 -0400 vlserver: limit use of regex to admins always allow regexes only if the querying user is a superuser. if the superuser uses up all the resources, well, they could just do whatever damage directly anyway. means even in unrestricted mode we are not vulnerable Change-Id: Ib35d649f31e752ba5ae8373a06b67ea76f97425c Reviewed-on: http://gerrit.openafs.org/11968 Reviewed-by: Daria Brashear Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit fc43236872c798fe426590714d19773c74d4bbbe Author: Jeffrey Altman Date: Mon Aug 3 15:03:00 2015 -0400 Revert "vlserver: Disable regex volume name processing in ListAttributesN2" This change reverts commit 22481ab3705522ac1988b7de038c4dbc1e5009a9 which by disabling regex queries of volume names breaks some backup software including TSM. Change-Id: Ic8b398e289845b45b6b073729e9a091c8b5d71b5 Reviewed-on: http://gerrit.openafs.org/11967 Tested-by: BuildBot Reviewed-by: Daria Brashear Reviewed-by: Mark Vitale commit 682d5e74347495045fc2a550adddea243118126b Author: Anders Kaseorg Date: Sun Aug 2 21:26:13 2015 -0400 kas: remove @CFLAGS_NOERROR@ in favor of specific pragma Change-Id: Icf07c63a0e5a59da19a9db4edf7ac3c346349088 Reviewed-on: http://gerrit.openafs.org/11966 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 7254d831b766c72f8e1b77158082e0e5b3d20224 Author: Anders Kaseorg Date: Fri Jul 31 23:28:49 2015 -0400 tests/volser/vos-t.c: Don’t ignore return value of pipe Resolves this warning: vos-t.c: In function ‘TestListAddrs’: vos-t.c:60:5: warning: ignoring return value of ‘pipe’, declared with attribute warn_unused_result [-Wunused-result] pipe(outpipe); ^ Change-Id: I7eb58a91b5a7d9df18a4952400f74c79299e857d Reviewed-on: http://gerrit.openafs.org/11958 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5a0603ced26bebb867b52f3f3a0cb1604880d0df Author: Anders Kaseorg Date: Sat Aug 1 05:05:11 2015 -0400 tests/opr/jhash-t.c: Fix unsigned constant warning Resolves this warning on 32-bit GCC: jhash-t.c: In function ‘main’: jhash-t.c:60:4: warning: this decimal constant is unsigned only in ISO C90 is_int(3704403432, opr_jhash(test, 2, 0), ^ jhash-t.c:62:4: warning: this decimal constant is unsigned only in ISO C90 is_int(3704403432, opr_jhash_int2(test[0], test[1], 0), ^ Change-Id: Ie3ab0f5aacdc719fa63f32e545b5863ec351f5eb Reviewed-on: http://gerrit.openafs.org/11961 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 540050bbc893416fbd075ed5e349abaa5baaeba1 Author: Anders Kaseorg Date: Sat Aug 1 03:15:39 2015 -0400 Squash a frightening number of warnings from XBSA-related code Mostly missing prototypes and mismatched format strings, but also some more disturbing bugs. Change-Id: I9a10728c7da645bb562374a3598414484de33f4d Reviewed-on: http://gerrit.openafs.org/11960 Tested-by: BuildBot Reviewed-by: Daria Brashear commit 8f78afa65be0c8a1c130661a590e5b15be527537 Author: Anders Kaseorg Date: Sat Aug 1 03:58:19 2015 -0400 Add XBSA_XLIBS to XLIBS after it’s computed Commit 353aa7ef2c172f574998480d6d051b3f4e95ae7b (after 1.6 was branched) reordered things such that XBSA_XLIBS was being added to XLIBS before it was computed, which caused link failures with --enable-tivoli-tsm. Change-Id: I791add1b916c845d975d1ee21652c13244c50736 Reviewed-on: http://gerrit.openafs.org/11959 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ac39d879f8cb6adc11efecef4cb3966582e09c82 Author: Anders Kaseorg Date: Sat Aug 1 05:54:42 2015 -0400 tests/opr/time-t.c: Use labs instead of abs for long argument Resolves this warning with clang: time-t.c:46:8: warning: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Wabsolute-value] ok(abs(osTime - osNow) < 2, "opr_time_Now returns a reasonable value"); ^ time-t.c:46:8: note: use function 'labs' instead ok(abs(osTime - osNow) < 2, "opr_time_Now returns a reasonable value"); ^~~ labs Change-Id: Ib98069e1349161d936c8ada0e69f9b33d2f71ce3 Reviewed-on: http://gerrit.openafs.org/11965 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 09bf3ebb26a3d8a4bd10571b394a59207a7f6980 Author: Anders Kaseorg Date: Sat Aug 1 05:52:59 2015 -0400 src/kauth/krb_udp.c: Remove redundant NULL check for array address Resolves this warning with clang: krb_udp.c:302:13: warning: address of array 'tentry.misc_auth_bytes' will always evaluate to 'true' [-Wpointer-bool-conversion] if (tentry.misc_auth_bytes) { ~~ ~~~~~~~^~~~~~~~~~~~~~~ Change-Id: I0656b055090654eada2cd63476330fb288490acc Reviewed-on: http://gerrit.openafs.org/11964 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 38bd5def2a90303b6bb07926f99d0ab095ba96c0 Author: Anders Kaseorg Date: Fri Jul 31 01:35:05 2015 -0400 rfc3961: prototype _krb5_internal_hmac Resolves this warning: src/external/heimdal/krb5/crypto-arcfour.c: In function ‘_oafs_h__krb5_HMAC_MD5_checksum’: src/external/heimdal/krb5/crypto-arcfour.c:82:5: warning: implicit declaration of function ‘_oafs_h__krb5_internal_hmac’ [-Wimplicit-function-declaration] ret = _krb5_internal_hmac(context, c, signature, sizeof(signature), ^ Change-Id: I10f028b8a0e1756cb1f1638a061616db0e76779e Reviewed-on: http://gerrit.openafs.org/11953 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit f5a35b240b183f2daeef83caa985e8f4a712fec9 Author: Anders Kaseorg Date: Fri Jul 31 21:27:42 2015 -0400 make distclean: clean doc/xml/*/Makefile These files are conditionally generated by configure.ac. (Conditionally is okay because this is an ‘rm -f’ line.) Change-Id: I7ade07e09b5e378b2abf6481dc8ffac26b574eed Signed-off-by: Anders Kaseorg Reviewed-on: http://gerrit.openafs.org/11952 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 8d75f24aae3d2ed62dc070fd257464713d615a23 Author: Anders Kaseorg Date: Fri Jul 31 20:47:35 2015 -0400 libadmin: #define UBIK_LEGACY_CALLITER 1 in afs_kasAdmin.c Replaces this warning: afs_kasAdmin.c: In function ‘GetPrincipalLockStatus’: afs_kasAdmin.c:710:6: warning: implicit declaration of function ‘ubik_CallIter’ [-Wimplicit-function-declaration] ubik_CallIter(KAM_LockStatus, kaserver->servers, UPUBIKONLY, ^ with these marginally less alarming warnings: In file included from ../adminutil/afs_AdminInternal.h:17:0, from afs_kasAdmin.c:21: /home/anders/wd/openafs/include/ubik.h:627:1: warning: function declaration isn’t a prototype [-Wstrict-prototypes] extern afs_int32 ubik_CallIter(int (*aproc) (), struct ubik_client *aclient, ^ /home/anders/wd/openafs/include/ubik.h:632:1: warning: function declaration isn’t a prototype [-Wstrict-prototypes] extern afs_int32 ubik_Call_New(int (*aproc) (), struct ubik_client ^ Change-Id: I49dbc5f6bb9199764c73c6ee8449d62518f377e6 Signed-off-by: Anders Kaseorg Reviewed-on: http://gerrit.openafs.org/11954 Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 22481ab3705522ac1988b7de038c4dbc1e5009a9 Author: Andrew Deason Date: Wed Jul 8 14:37:16 2015 -0400 vlserver: Disable regex volume name processing in ListAttributesN2 For the interim and until it is needed, this is most prudently simply disabled. FIXES 131890 Change-Id: Ib52da4ba38b579e51a0d8571e2da1307ae50a06f commit 8ce4a3905268385d3f5a0e11f20594875467cae6 Author: Mark Vitale Date: Wed Jul 8 14:28:50 2015 -0400 Solaris: setpag should verify that ngroups will not overflow Our ngroups management (since PAGs are still encoded as 2 groups) needs to ensure that we do not overflow what we are prepared to handle, and do not panic due to misheld mutexes if we have to return an error when handling it. FIXES 131878 (CVE-2015-3286) Change-Id: I044d5e7d3161de815b3c2dace9c211fbb4b51ffa commit ef671f497e9161ec2759446d594789495d3346f1 Author: Andrew Deason Date: Wed Jul 8 14:20:13 2015 -0400 afs: Use correct output buffer for FSCmd pioctl MRAFS added the FsCmd pioctl for passing messages to the fileserver; a bug causes it to write into the wrong memory and potentially panic clients. FIXES 131896 (CVE-2015-3285) Change-Id: Ic3a81fe06edc886f24bbc0537ea53e994b086c9e commit 592a99d6e693bc640e2bdfc2e7e5243fcedc8f93 Author: Daria Brashear Date: Wed Jul 8 14:16:41 2015 -0400 afs: Clear pioctl data interchange buffer before use Avoid leaking data in pioctl interchange buffers; clear the memory when one is allocated. FIXES 131892 (CVE-2015-3284) Change-Id: I880bbaa75b07b491a08c62fb17527b9fff47ec8c commit 62926630a82b8635d1cb1514b852f9f7a2609311 Author: Daria Brashear Date: Wed Jul 8 14:11:33 2015 -0400 bos: Use crypt for commands where spoofing could be a risk bos defaults to not requiring crypt in a lot of cases, instead using clear. As the simplest way to secure the channel is to enable crypt, do so. FIXES 131782 (CVE-2015-3283) Change-Id: I354fcbb5db37db225391a47b59d99518d1d0b2f9 commit 415a2aad4c1e9ab5d034b62989e4c16a37b5dcc7 Author: Daria Brashear Date: Wed Jul 8 13:51:47 2015 -0400 vos: Clear nvldbentry before sending on the wire Don't leak stack data onto the wire. Clear nvldbentry before use. FIXES 131907 (CVE-2015-3282) Change-Id: I18ea2c6ce21b6462277d067de329f4fb44dfb3ae commit 656aaacd01a90f658a5126111af9988fa1854dec Author: Michael Meffie Date: Tue Dec 16 19:25:06 2014 -0500 vos: changeaddr refuse to change mh entries without -force Add a client side check to vos changeaddr -oldaddr -newaddr to refuse to change multihomed server entries, unless -force is given. Change-Id: I1428e94f0c2fc19bb6ba3b2c53468f4587283bbc Reviewed-on: http://gerrit.openafs.org/11638 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 6c3ac6dc1ea865153a65b5c5c4f288617a3e6d0f Author: Marc Dionne Date: Mon Jul 6 13:01:38 2015 -0300 Linux 4.2: Changes in link operation APIs The follow_link and put_link operations are revised. Test for the new signature and adapt the code. Change-Id: I2834589cbe36c41924ab0505e6ca4ecd797a57fd Reviewed-on: http://gerrit.openafs.org/11928 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit c2c0b6bc86c6d67814d0f7fe14fa8eefc445b4a4 Author: Marc Dionne Date: Mon Jul 6 12:00:10 2015 -0300 Linux: Add AC_CHECK_LINUX_OPERATION configure macro Add a new macro to check the signature of a particular operation against a provided typed argument list. One of the arguments is an arbitrary label that is used to construct the pre-processor define name. This will allow for testing of different forms for the same operation. This can be used to replace many of the remaining odd checks in src/cf/linux_test4.m4. Change-Id: Ic619ace54f81aa8e1eb744e2d11f541a303b9587 Reviewed-on: http://gerrit.openafs.org/11927 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 89aeb71a3e23c944f58cfa9572e9eae4d2130d37 Author: Marc Dionne Date: Mon Jul 6 11:00:13 2015 -0300 Linux 4.2: total_link_count is no longer accessible The value is now stored in the nameidata structure which is private to fs/namei.c, so we can't modify it here. The effect is that using a path that contains 40+ directories may fail with ELOOP, depending on which directories in the path were previously used. After a directory is accessed once its D_AUTOMOUNT flag is reset and it will no longer count against the symlink limit in later path lookups. Change-Id: I90e4cb0e9004b075bff2330d165c67b7a923193f Reviewed-on: http://gerrit.openafs.org/11926 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit e597b879677d023165298adadfb88db031883ff4 Author: Marc Dionne Date: Wed Jul 8 14:32:31 2015 -0300 Linux 4.2: Pass namespace to sock_create_kern sock_create_kern gains an additional network namespace argument. Pass in the default system namesapce. Change-Id: I640e9497510242788e5060759779785ffb563a81 Reviewed-on: http://gerrit.openafs.org/11925 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 4ef47f787a64dc5c8ebb73a454b0851c86d7c06b Author: Michael Meffie Date: Fri Jun 26 09:09:18 2015 -0400 doc: bosserver runs in the background Since OpenAFS 1.0 bosserver automatically puts itself into the background and removes it's controlling terminal. Update the examples in the Admin and Quick Start Guides to remove the unneeded '&' on the command line to start the bosserver. Change-Id: I1fd8f31c604004b099d50ffe166262b4d0d58804 Reviewed-on: http://gerrit.openafs.org/11906 Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 73e080cbb043424d9094a4bdd8f3e82c47a89502 Author: Michael Meffie Date: Fri Jun 12 12:38:49 2015 -0400 tests: fix typo in softsig test helper Change-Id: I74183a04b54b70bf3593a53fdb5f164cbd6c3b98 Reviewed-on: http://gerrit.openafs.org/11893 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk commit 683ea4a983ada3845ecc8589f0362802ed967dc2 Author: Daria Brashear Date: Wed Mar 4 17:25:14 2015 -0500 vos: desupport -stayonline roll back -stayonline support for volume releases for now. Change-Id: I5b4de15892f975514ea699994cb7c1da17ac83c2 Reviewed-on: http://gerrit.openafs.org/11787 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 82e02157fec248293e7336f0e0b3d1c9da545228 Author: Michael Meffie Date: Thu Jun 11 20:28:43 2015 -0400 libafs: reset all the volumes with fs flushall Fix a logic bug in fs flushall in which only the first volume in each hash chain is reset (invalidated). Instead, reset all the volumes in the volume hash. This bug was introduced in commit 4197bbecd9d0b2ff0b8eaec75a0df9a64f713cf0 (libafs: fs flushall for unix cm) Also, when flushing a single volume with fs flushvolume, don't bother searching all the hash chains, instead start on the hash chain containing the volume being flushed. Change-Id: I7be67fdb310b4845d02dc916f4400f83cc649cb8 Reviewed-on: http://gerrit.openafs.org/11892 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Jeffrey Altman commit 0b8e85c1f9c6d741e1b8556cc3be6b62c97e7937 Author: Benjamin Kaduk Date: Mon Feb 9 12:09:32 2015 -0500 pagsh: do not call set[ug]id() Supposedly calling setuid(getuid()) and setgid(getgid()) would help pick up a new group list on some systems, in the depths of history. In the absence of reason to believe this is still the case, drop the calls to avoid scary warnings about unchecked return values. Change-Id: I39e87a27fb52f5a6868b867c9325d4a5fa93ef58 Reviewed-on: http://gerrit.openafs.org/11759 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Jeffrey Altman commit c6ec6410afdb21cc6f2ecdf0d36559dc8f0fc6cd Author: Benjamin Kaduk Date: Mon Feb 9 10:38:04 2015 -0500 Avoid unsafe scanf("%s") Reading user input into a fixed-length buffer just to check the first character is silly and an easy buffer overrun. gcc on Ubuntu 13.03 warns about the unchecked return value for scanf(), but scanf("%s") is guaranteed to either succeed or get EOF/EINTR/etc.. In any case, we don't need to use scanf() at all, here -- reuse an idiom from BSD cp(1) and loop around getchar to read the user's response, eliminating the fixed-length buffer entirely. A separate initial loop is needed to skip leading whitespace, which is done implicitly by scanf(). Change-Id: Ic5ed65e80146aa3d08a4b03c213f748ef088156b Reviewed-on: http://gerrit.openafs.org/11758 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk Reviewed-by: Perry Ruiter Reviewed-by: Michael Meffie Reviewed-by: Jeffrey Altman commit 74ffe9bc78a898361bdcb3b97cb512bac338c62a Author: Benjamin Kaduk Date: Wed May 27 16:13:13 2015 -0400 afs: Do not supply bogus poll vnodeops for FBSD We currently provide one which just always returns 1, but the kernel provides a vop_nopoll which conceptually is the same thing. That one, however, provides some feature checks and fails when consumers ask for fancy features that are not portable. Change-Id: Iba03904aac2883e18a1abdd4f09289b6c6f907c0 Reviewed-on: http://gerrit.openafs.org/11882 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Jeffrey Altman commit c19cadbf6a7b625f034f26245dcba225afc03aba Author: Benjamin Kaduk Date: Fri Feb 6 14:15:11 2015 -0500 Ignore return values more harder Building on Ubuntu 14.04 with gcc 4.8.2-19ubuntu1, we encounter fatal warnings about unchecked return values in uss, which is now always built, as of 00a33b26d74aa067086ddc340efb82184715857f. Change-Id: I997dcb683e33902c2765121c70bdcf21e9d5e892 Reviewed-on: http://gerrit.openafs.org/11757 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Jeffrey Altman commit 95b857399d71cb1f6619e625bff256f8c4c72c6a Author: Marc Dionne Date: Wed Apr 22 15:06:12 2015 -0300 Linux: mmap: Apply recursion check only to recursion cases The CPageWrite flag was originally added to prevent a scenario where a thread doing "writepage" would realize that the cache was too full and that some of its contents need to be written back to the server. Before writing back it would ask the OS to flush any dirty VM associated with the vcache entries that are to be written, to make sure the data is not stale. This flush could itself trigger writeback, leading to deadly recursion. One such scenario is a process doing mmap writes to a file larger than the cache. With some kernel versions and some callers of writepage, this can cause the mapping to be marked as being in an error state, leading to EIO errors passed back to user space. Make the recursion check more specific to only bail when the calling thread is one that was originally seen writing. A list of current writers is maintained instead of a single state flag. This lets other threads (like the flusher thread) go on with writeback to the same file, and limits the WRITEPAGE_ACTIVATE return case to call sites that can deal with it. In testing this helps avoid EIO errors when writing large chunks of data through mmap. Thanks to Yadav Yadavendra for extensive analysis and testing. Change-Id: Ic3136d7050c62e3ffac5e52441171f322b60fe86 Reviewed-on: http://gerrit.openafs.org/11124 Reviewed-by: Daria Brashear Tested-by: BuildBot commit cb0081604ef5369f34279c6eb77eb4d28406f2ac Author: Simon Wilkinson Date: Fri Mar 23 21:26:14 2012 +0000 opr: Add new softsig implementation Signals and pthreaded applications are a poor match. OpenAFS has had the softsig system (currently in src/util/softsig.c) in an attempt to alleviate some of these problems. However, that implementation itself has a number of problems. It uses signal functions that are unsafe in pthreaded applications, and uses pthread_kill within its signal handlers. Over the years it has been responsible for a number of portability bugs. The old implementation continues to receive signals in the main thread of the application. However, the handler code is run within a seperate signal handler thread. When the main thread receives a signal a stub handler is invoked, which simply pthread_kill()s the signal handler thread. The new implementation simplifies things by only receiving signals in the handler thread. It uses only pthread-compatible signal functions, and invokes no code from within async signal handlers. A complete test suite is supplied. Change-Id: I4bac68c2f853f1e7578b54ddced3833a97dd3f82 Reviewed-on: http://gerrit.openafs.org/6947 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Daria Brashear commit b8648dbefb3968329d20cad8976ce15947428678 Author: Benjamin Kaduk Date: Wed May 20 10:57:53 2015 -0400 afsio: switch BreakUpPath to strdup The current version of BreakUpPath is slightly broken, since commit 4e68282e26b0c4569d25d076d54274f0da47a691 -- it has two output parameters but takes only one length parameter for the size of the output buffers passed in. The callers ended up using the shorter of the buffer lengths in question, so there is not a risk of a buffer overrun, but long paths would not be properly handled. There is not really any need to pass in a length at all, since what is going on is conceptually strdup, and there is no real need to use strlcpy at all. Make the change from strlcpy to str(n)dup, and adjust callers to free the outputs as appropriate. While here, convert writeFile() to use goto and a cleanup handler to avoid leaks. Change-Id: Ib742cb73a6d70aa863c8d30423416887b977677b Reviewed-on: http://gerrit.openafs.org/11874 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Daria Brashear commit 9076cbd58dd48801ad212f803f586fdc53d7b886 Author: Daria Brashear Date: Thu May 21 16:34:09 2015 -0400 Add defines for recent darwin sysctl constants These were accidentally omitted from commit ab9bb6363ca95f658764fbb9fb68ec88f89a5b3f. Change-Id: Ic3374484eb79fe44a4032def1484c9ed733f9422 Reviewed-on: http://gerrit.openafs.org/11875 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk commit 5c1237432edf4600111845d175c92252430d5f76 Author: Marc Dionne Date: Mon Apr 20 10:41:53 2015 -0300 Linux 4.1: Don't define or use ->write directly We no longer have to define a ->write operation, and we can't expect the underlying disk cache filesystem to have one. Use the new __vfs_read/write helpers that will select the operation to use based on what's available for that particular filesystem. Change-Id: Iab923235308ff57348ffc2dc6d718dd64040656b Reviewed-on: http://gerrit.openafs.org/11849 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit fcfa5ae2468d878db962a93d6013fcd3042e6c13 Author: Marc Dionne Date: Mon Apr 20 10:37:40 2015 -0300 Linux 4.1: No need for do_sync_read Make the test here a bit more specific. do_sync_read no longer exists, but we don't use it for new kernels. Trying to define it here in terms of generic_file_read is not helpful as that doesn't exist anymore. Change-Id: Iffb059716165436c3439e66db15002cdec5dfc16 Reviewed-on: http://gerrit.openafs.org/11848 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 810f0ccd0354dac30af024ca7b5acf3ebabf5f4b Author: Benjamin Kaduk Date: Wed Apr 22 13:43:43 2015 -0400 kauth: fix clock skew detection Commit 5b3c1042969daec38ccb260e61d665eda0c713ea changed/removed some uses of abs() on unsigned time values. While the previous use of abs() was indeed incorrect, the result wasn't necessarily much better, even though it built with recent compilers, since it only checked for skew in one direction. Define and use a macro to correctly evaluate the conditionals in 64-bit precision, avoiding C's integer promotion rules which prefer unsigned types (Date) to signed types of the same width (time_t on 32-bit systems). Change-Id: Ifcbe59e73942a52a8635cb0f43cce94fdeea85a3 Reviewed-on: http://gerrit.openafs.org/11850 Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit abca1fefc018e7f7ccc91ff31ada1d5e6d8076e0 Author: Perry Ruiter Date: Wed Apr 22 09:58:48 2015 -0700 afsd: Update list of supported flags afsd.c starts with a block comment listing the flags supported by the afsd command. As the code has evolved this list has not been kept up to date. Bring the list up to date. Some obsolete options no longer have any backing code. These are marked OBSOLETE. Some obsolete options have code that says they are now deprecated. These are marked IGNORED. Additionally fix a typo in backuptree's help text. Change-Id: I90ddf4db826c891bf1daf6959f94feee17d35f78 Reviewed-on: http://gerrit.openafs.org/11857 Tested-by: BuildBot Reviewed-by: Daria Brashear commit df5f4925aa0f9f9e6e3b38f5804ad00e71a63d76 Author: Michael Meffie Date: Thu Apr 30 09:47:11 2015 -0400 libafs: remove extraneous solaris headers from afs_util.c Remove several solaris specific headers from afs_util.c which are no longer needed. Change-Id: Id3874c90448215dc506b7ab9b5e695c2aeef50f3 Reviewed-on: http://gerrit.openafs.org/11856 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ab9bb6363ca95f658764fbb9fb68ec88f89a5b3f Author: Daria Brashear Date: Thu Apr 16 13:12:05 2015 -0400 osx: update afssettings for yosemite handle deprecated functions Change-Id: I437ec88b7909c38af247f44d58599da8810a72f2 Reviewed-on: http://gerrit.openafs.org/11836 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit fda2bc874751ca479365dc6389c0eebb41a0bda1 Author: Jeffrey Hutzelman Date: Mon Jun 17 21:08:14 2013 -0400 Allocate pathname buffers dynamically This change reworks numerous places which formerly used potentially large on-stack buffers (of size AFSDIR_PATH_MAX) for constructing or storing pathnames. Instead, these buffers are now allocated from the heap, either by using asprintf() to build a pathname in a correctly sized buffer or, where necessary, using malloc() to allocate a buffer of size AFSDIR_PATH_MAX. A few occurrances of AFSDIR_PATH_MAX-sized buffers are not changed; these are generally either globals or are contained within another data structure that is already allocated on the heap. [kaduk@mit.edu convert to cleanup-handler memory management where appropriate] Change-Id: Ib1986187a1c467e867d50280aaf1d8a86d9108c8 Reviewed-on: http://gerrit.openafs.org/9985 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Jeffrey Altman commit 6f1979c83a4357c82be2e011b79d993b21e545f9 Author: Benjamin Kaduk Date: Wed Jan 14 15:32:47 2015 -0500 vol: use ffs from opr instead of inline volume.c defined its own ffs() macro if AFS_HAVE_FFS was not defined. Now that ffs() is in opr, just use it from there always. Change-Id: Ia80a439924541be236b3221b9480143b511c885a Reviewed-on: http://gerrit.openafs.org/11674 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit ec706b21530240d7fb66bad2f08513eff8f7c335 Author: Benjamin Kaduk Date: Mon Apr 13 12:05:12 2015 -0400 Remove Linux 2.4 compat from RedHat packaging You can't package what you can't build. Change-Id: Ife3a46dfa1fee72b36d0f1fb21d82928aa8d83b6 Reviewed-on: http://gerrit.openafs.org/11833 Tested-by: BuildBot Reviewed-by: Daria Brashear Tested-by: Daria Brashear commit d457769173753a73c3f767294743ab486ed1d3e5 Author: Benjamin Kaduk Date: Wed Mar 18 13:36:26 2015 -0400 Remove linux24 conditionals from mcas/Makefile.osi Linux 2.4 has been desupported by OpenAFS. Change-Id: I7803d718ca9d2760a799f1ac2c438f8e6df8b9b9 Reviewed-on: http://gerrit.openafs.org/11806 Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Daria Brashear Tested-by: Daria Brashear commit b3ad01ec0c091d43976061cb575224fc64aba6ee Author: Benjamin Kaduk Date: Wed Mar 18 13:34:49 2015 -0400 Remove stale MakefileProto.LINUX.in conditionals Linux 2.4 and older are no longer supported; there's no need to keep the noise in this file. Change-Id: Ia1a968e0cdc1180e66bdedd0aa0638eadfd897fb Reviewed-on: http://gerrit.openafs.org/11805 Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Daria Brashear Tested-by: Daria Brashear commit 763a18f488a5d5677bb2f742c7b0b9a2b9d90409 Author: Benjamin Kaduk Date: Wed Mar 18 13:23:43 2015 -0400 Remove LINUX24 from src/rx These files are no longer used. Change-Id: Iebf85590e18c2542663ebdd279b126a3ab058213 Reviewed-on: http://gerrit.openafs.org/11803 Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Daria Brashear Tested-by: Daria Brashear commit 91713206b0c414c82992fc3bb18da36995ae83c0 Author: Benjamin Kaduk Date: Wed Mar 18 13:23:16 2015 -0400 Remove LINUX24 from src/afs These files are no longer used. Change-Id: I4a7e0cc8c308399004c999b3769c77388794cfdd Reviewed-on: http://gerrit.openafs.org/11802 Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Daria Brashear Tested-by: Daria Brashear commit 83a27da150dd164f9f7afbb29163431c89a504bc Author: Benjamin Kaduk Date: Wed Mar 18 13:20:07 2015 -0400 Remove linux22 and linux24 param files They are no longer used. Change-Id: I1337bf0e1239336e7ae39f88f484cb8237002302 Reviewed-on: http://gerrit.openafs.org/11801 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Daria Brashear Tested-by: Daria Brashear commit 7a998206127e03e48837380063566a464321604b Author: Benjamin Kaduk Date: Wed Mar 18 13:17:59 2015 -0400 Remove osconf conditionals for linux24 They are no longer triggerable now that linux 2.4 is desupported, so make the code easier to read. Change-Id: I77b48d30db66b635cfdc06e977f9884dd2825713 Reviewed-on: http://gerrit.openafs.org/11800 Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Daria Brashear Tested-by: Daria Brashear commit ccf353ede6ef5cce7c562993d1bea0d20844bdb7 Author: Benjamin Kaduk Date: Wed Mar 18 13:11:44 2015 -0400 Mark Linux 2.4 as unsupported The Linux 2.4 series (and older) will not be supported platforms for OpenAFS 1.8 and later. Detect these systems at configure time and direct users of those systems to the OpenAFS 1.6 series of releases. These systems are believed to not be in common use with OpenAFS, and retaining support for the LinuxThreads threading implementation they require presents a maintenance burden that the project is not equipped to deliver. The project will be able to move forward more quickly by desupporting these systems. Code conditional on these old systems can be removed in subsequent commits. Change-Id: I679fc2390b35851f3b0457a846047c812bc03dba Reviewed-on: http://gerrit.openafs.org/11799 Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Daria Brashear Tested-by: Daria Brashear commit 6c62237ecd80077b0a72b24fec5db20b623eb897 Author: Ben Kaduk Date: Thu Feb 12 16:01:28 2015 -0500 aklog: swap order of roken and hcrypto hcrypto depends on roken, so roken must come after it. Change-Id: Ic63de1f9095555a6c3e83f2f6d2f9d024ad00006 Reviewed-on: http://gerrit.openafs.org/11743 Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d1d411576cf39c4bc55918df0eb64327718d566c Author: Michael Meffie Date: Mon Nov 17 11:23:38 2014 -0500 vos: remaddrs sub-command Introduce the vos remaddrs sub-command for removing multi-homed server entries from the vldb. The remaddrs sub-command completes the listaddrs and setaddrs command suite and allows vos changeaddr to be deprecated completely. Change-Id: I98e92e776a153591a617a5b04037c3b6139d4732 Reviewed-on: http://gerrit.openafs.org/11606 Tested-by: BuildBot Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Daria Brashear Reviewed-by: Jeffrey Altman commit 25373555f838ec7f9a7a1625e66c7d83108a62f2 Author: Benjamin Kaduk Date: Wed Mar 18 10:35:33 2015 -0400 Do not redeclare mutexes for darwin Partially revert commit e2e93aa8920c0b1bfc672a555a59eb4e15dbeaae, which added local declarations for des_init_mutex, des_random_mutex, and rxkad_random_mutex to a number of files in libadmin, apparently to fix the build on macos 10.3. That OS is long EoL-ed, and more recent versions of OS X include toolchains that do not need these extra declarations. In particular, the extra declarations can be harmful when these files start to pull in more symbols from our libraries (e.g., libafscp), since the details of the linking process can cause that to generate duplicate symbol errors. There is no longer any need to have local declarations of these symbols for OS X, so just remove them. Change-Id: Ie152387b4bd16b470054821fc8ddf852e1a4285c Reviewed-on: http://gerrit.openafs.org/11798 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 777870da86e9ed66756e01e858a54e959959482d Author: Nathan Dobson Date: Fri Mar 20 18:32:22 2015 -0400 aklog: Correct size used for strlcpy() When copying into the 'cell' array, use the size of cell, not the size of some other array that is copied into a few lines previously. Change-Id: Ib8b523901dd8008038c5a95a7c315b899cff8cee Reviewed-on: http://gerrit.openafs.org/11807 Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit 7ae8e64d1ee79c23da96c326111fdc40015ed5a6 Author: Mark Vitale Date: Mon Feb 9 18:16:16 2015 -0500 pioctl.c: restore required result variable Commit b9fb9c62a6779aa997259ddf2a83a90b08e04d5f refactored lpioctl() so that LINUX would have its own implementation. This also simplified the other lpioctl() implementations by removing superfluous variable 'rval'. Unfortunately, 'rval' was actually required for both DARWIN and SUN511. On both of these platforms, the address of 'errcode' is passed to the respective ioctl_*() routine so its value may be passed back to lpioctl(). Therefore, 'errcode' must not also be used for the return value from these functions; doing so results in the return value from the function overwriting the intended value of 'errcode' upon return to lpioctl(). In the case of Solaris 11, ioctl_sun_afs_syscall() always returns zero (as long as the ioctl device 'dev/afs' opened successfully). So 'errcode' was always being set to zero, even if the pioctl had actually failed. For example, without this fix, 'fs listcells' loops forever on Solaris 11, listing an infinite number of "cells", because it will never "see" the EDOM that informs it of the last defined cell. Partially revert b9fb9c62a6779aa997259ddf2a83a90b08e04d5f by restoring the 'rval' variable and logic for DARWIN and SUN511. Change-Id: I4407af29d54813689cf8ccf2517bb2df4dd8eb25 Reviewed-on: http://gerrit.openafs.org/11734 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit 026fcc6f975dbc13ac39d3276d28a48a9b56ee7d Author: Christof Hanke Date: Thu Feb 5 12:07:50 2015 +0100 bos, pts: emit error messages on stderr as one expects. Change-Id: Icb67a05b61ddcef8def826768491b9a1952862e9 Reviewed-on: http://gerrit.openafs.org/11605 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit c73d151853a80806247126730a0ffbd984508559 Author: Ben Kaduk Date: Wed Feb 11 19:02:00 2015 -0500 Namespace-clean some more heimdal symbols We get linker conflicts if we try to statically link against the system libkrb5 when it is heimdal, from both hcrypto and rfc3961. While here, add an include guard to hcrypto's config.h. Change-Id: Ib5fcd9291b295415325a4ed230bd35d496961367 Reviewed-on: http://gerrit.openafs.org/11740 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 5b3c1042969daec38ccb260e61d665eda0c713ea Author: Ben Kaduk Date: Fri Feb 13 09:47:20 2015 -0500 Fix incorrect uses of abs() abs(3) is a function of one variable of type int returning int. labs(3) is a function of one variable of type long returning long. labs(3) should be used when the input is of type long, as in kaprocs.c. Calling anything from the abs(3) family on a variable of unsigned type is a bogus type pun, and a logical operation which is a no-op. (Unsigned values are never negative and thus the absolute value function is the identity over the entire range of values representable in an unsigned type.) Just remove the use of abs() for unsigned values, as in kaprocs.c, krb_udp.c, and vldb_check.c While in kaprocs.c, wrap a long line that was touched for the conversion to labs(3), spell the argument to time(3) as NULL instead of 0, remove unneeded parentheses, and correct the spelling of "reserved". Change-Id: I0897b250fd885a1230d1622015eec9afe3450b46 Reviewed-on: http://gerrit.openafs.org/11745 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk commit fb499c2406450fa5dc423a0b038266d3b8e79e33 Author: Ben Kaduk Date: Wed Feb 11 17:47:10 2015 -0500 Remove spurious NULL checks clang 3.5 is more aggressive about these checks than the previous FreeBSD system compiler, so new warnings (which became errors) appeared on FreeBSD 11-CURRENT. In afs_dcache.c, checking &tdc->f for NULL-ness has no effect. The struct fcache f member of struct dcache is an ordinary structure element; its address will be the value of tdc plus the offset of f within struct dcache, which will not be NULL even if tdc is NULL. In ubik_db_if.c, udbHandle is a file-scope global and thus has allocated storage; the address of a member variable will never be NULL. The 0 it was compared against was spelled RX_SECIDX_NULL, which shows the intended check, which is for the value of the uh_scIndex member variable, not its address. In afscp_server.c, srv->conns can never be NULL since conns is a member variable of struct afscp_server (of array type, containing pointers to struct rx_connection). Comparing the array member variable against NULL is comparing the address of the array, which is never NULL since it is not allocated separately from struct afscp_server. In fssync-debug.c, state.vop->partName is never NULL because common_volop_prolog always allocates for state.vop, and the partName member variable of struct fssync_state is of array type, and thus is not separately allocated from the containing structure. Change-Id: I03e1332d8a3320f1a4d303b444985648a207116e Reviewed-on: http://gerrit.openafs.org/11739 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 8cb4a42496f71c3d47ebe30a96ec33478e203c82 Author: Stephan Wiesand Date: Thu Feb 26 10:13:50 2015 +0100 Update CellServDB to 20150119 snapshot Update all remaining copies of CellServDB in the tree, and make the Red Hat packaging use it by default too. Change-Id: Id915a82b1364ef6e301921e4d3873c7203aef91c Reviewed-on: http://gerrit.openafs.org/11764 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 1cc77cd43732cca1c617db329a71693903d2b699 Author: Michael Meffie Date: Tue Dec 16 16:13:01 2014 -0500 vlserver: do not perform ChangeAddr on mh entries, except for removal Fix a long standing bug in the ChangeAddr RPC which damages the vldb, When vos changeaddr is run with -oldaddr and -newaddr, and the -oldaddr is present in an multi-homed entry, instead of changing the address in the mh entry, the server slot is "downgraded" to a single homed entry and the mh entry is orphaned in the vldb. Instead, if the -oldaddr is in a multi-home entry, refuse to change the address with a VL entry not found error and log the event. Multi-homed addresses can be changed manually using the vos setaddrs command which calls the RegisterAddrs() RPC. Change-Id: I20ba3e7fa5ffdb1b1abd2e2a716d8e4bb6594542 Reviewed-on: http://gerrit.openafs.org/11639 Reviewed-by: Benjamin Kaduk Reviewed-by: Daria Brashear Tested-by: BuildBot commit 30667a5d7b86b29f9aafe2b490d89b8e01bfc541 Author: Jeffrey Altman Date: Wed Feb 11 01:25:04 2015 -0500 ubik: DISK_UpdateInterfaceAddr == server restart If a DISK_UpdateInterfaceAddr RPC is received the server that sent it restarted. Force the urecovery code to verify the server state. Change-Id: I465863dc3a52d844b56d576bd55229435556cfd6 Reviewed-on: http://gerrit.openafs.org/11738 Tested-by: BuildBot Reviewed-by: Daria Brashear Reviewed-by: Jeffrey Hutzelman Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit d47beca13236c64ed935fabeff9d1001e8a8871f Author: Jeffrey Altman Date: Thu Jan 22 01:14:28 2015 -0500 ubik: SDISK_Begin no quorum, wrong db, no transaction When processing an DISK_Begin RPC verify that there is an active quorum and that the local database is current. Otherwise, fail the RPC with a UNOQUORUM error. The returned error must be UNOQUORUM instead of USYNC becase the returned error code will be returned by the coordinator's ContactQuorum_iterate() to the client that triggered the write transaction. Most ubik clients will only retry if the error is UNOQUORUM. FIXES 131997 Change-Id: Icaa30e6aca82e7e7d33e9171a4f023970aba61df Reviewed-on: http://gerrit.openafs.org/11689 Tested-by: BuildBot Reviewed-by: Daria Brashear Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Hutzelman Reviewed-by: Jeffrey Altman commit 5cca05d1a1c9883e33c953b31c4cb32252474f77 Author: Anders Kaseorg Date: Mon Feb 23 00:13:05 2015 -0500 Linux 4: struct address_space no longer has backing_dev_info The backing_dev_info is only stored in the super_block now. Change-Id: I57e147100bd47a8d1f5e97224ceb3322ea102a48 Reviewed-on: http://gerrit.openafs.org/11756 Reviewed-by: Marc Dionne Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a5b091e1ec69d4a43d6f1b1efc93134ef7ed2167 Author: Anders Kaseorg Date: Sun Feb 22 23:43:49 2015 -0500 Treat Linux 4 (and greater) as Linux 2.6/3 In an age where Linux version numbers are determined by Google+ polls, it’s clear that they aren’t going to be very useful for marking major API compatibility boundaries like they were in the days of 2.2/2.4. Change-Id: I56e0e88eb178573c3eb280d5a5a01d8b8a20a363 Reviewed-on: http://gerrit.openafs.org/11755 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Marc Dionne Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit e02b852f05c0927d48b6467872378bae99df2760 Author: Stephan Wiesand Date: Tue Feb 17 15:34:33 2015 +0100 Document --enable-linux-d_splice_alias-extra-iput Even though we hope no one will actually ever need to use it, explain this configure switch in the same place as the others. Change-Id: Ib59f963b9000c3e66dc84c7b18eb220f0e108bd5 Reviewed-on: http://gerrit.openafs.org/11749 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Perry Ruiter Reviewed-by: Daria Brashear commit 7266685a03b12ca03c247623e7ffdc054a017382 Author: Michael Meffie Date: Mon Sep 29 12:14:24 2014 -0400 vos: preserve cloneId and backupId when restoring Preserve the volume clone and backup ids in the volume header when restoring over an existing volume, instead of always setting the clone and backup ids to zero. For example, before this change, restoring over a volume resets the ROnly and Backup ids reported in the volume header section of vos examine. $ vos examine xyzzy xyzzy 536871023 RW 3 K On-line myhost /vicepa RWrite 536871023 ROnly 536871024 Backup 536871025 ... RWrite: 536871023 ROnly: 536871024 Backup: 536871025 number of sites -> 2 server myhost partition /vicepa RW Site server myhost partition /vicepa RO Site $ cat /tmp/xyzzy.dump | vos restore myhost a xyzzy -overwrite incremental Restoring volume xyzzy Id 536871023 on server myhost partition /vicepa .. done Restored volume xyzzy on myhost /vicepa $ vos examine xyzzy xyzzy 536871023 RW 3 K On-line myhost /vicepa RWrite 536871023 ROnly 0 Backup 0 ... RWrite: 536871023 ROnly: 536871024 Backup: 536871025 number of sites -> 2 server myhost partition /vicepa RW Site server myhost partition /vicepa RO Site Change-Id: If7ffcf84a983046c10d9d215d672a6a1ba1f9400 Reviewed-on: http://gerrit.openafs.org/11516 Tested-by: BuildBot Reviewed-by: Daria Brashear commit 34e495d69a8831c57cac2ccf18898e63f02c7745 Author: Benjamin Kaduk Date: Wed Dec 10 14:07:14 2014 -0500 Handle backupDate of zero In older versions of OpenAFS (prior to 2001), the backupDate was never set. Try to provide somewhat more reasonable behavior in this case, by using a different date in that case. Change-Id: Id74ce003c6a2317b06e78ba64d6891229c16421a Reviewed-on: http://gerrit.openafs.org/11627 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d14ad1374d39693d8a44c75f4d95607a45b260d2 Author: Andrew Deason Date: Thu Jan 30 13:38:01 2014 -0600 libafscp: Remove comment with dead code You're not supposed to write the length of the submitted data on the split rx stream for a StoreData operation; the fileserver knows how much data to read from the "Length" parameter of the StoreData RPC. For a FetchData, putting the data length over the split rx stream is required, since we can't get the "OUT" arguments before reading the file data. But for a StoreData, this is unnecessary, since the length is right there in the arguments. So just get rid of this commented-out code; it's clearly wrong and this commit explains why. Change-Id: Idde0f9079e90da75d71a142f4a9f36a84ce79776 Reviewed-on: http://gerrit.openafs.org/10786 Reviewed-by: Daria Brashear Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d309b193671a85c118e75c82171144c52ad1c48c Author: Andrew Deason Date: Thu Jan 30 00:02:24 2014 -0600 rx: Set lastBusy on RX_CALL_TIMEOUT Currently, if a server RPC hangs forever, the client call will error out with RX_CALL_TIMEOUT (if idle/dead timeouts are configured). If we later try to make a new call on that conn, the server will respond with BUSY packets, and we'll have to wait until we RX_CALL_TIMEOUT again. After that we'll set lastBusy and avoid the call channel, but that extra delay with the BUSY packets is avoidable. So, avoid this extra delay by setting lastBusy when we kill a call with RX_CALL_TIMEOUT, so a future rx_NewCall will avoid the call channel. It makes sense to set lastBusy here, since the call channel is more likely to be busy than the other call channels. Change-Id: Iadf77f52ae418491e3108a4b0b5388361f2424aa Reviewed-on: http://gerrit.openafs.org/10785 Reviewed-by: Daria Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 28f9712b4b1c615e5d0b565fbcaa828b559bff4a Author: Andrew Deason Date: Thu Jan 30 00:40:57 2014 -0600 rx: Remove RX_CALL_BUSY Commit 23d6287f7f494383891a497038e8c0e870e824bf introduced the behavior where a client can immediately retry a call if it receives a "busy" packet from the server (meaning, the call channel is already in use). This happened via Rx returning the error code RX_CALL_BUSY, and the caller was supposed to immediately retry the call, so Rx could reissue the RPC on a different call channel. However, this behavior makes it more likely for the server to process an RPC that the client thinks has not been processed. Say the client issues an RPC, the server replies with a "busy" packet, and the client resends the original packet before it sees the "busy" packet. In this case, the server will get the resent packet for the RPC request and process it, but the client will think the call has failed (and presumably will retry the call on a new channel). For calls that are non-idempotent (e.g. MakeDir), this can result in incorrect errors (e.g. EEXIST) as well as incorrect cache state in the client. There may be some ways to mitigate at least some of the problems here, but this kind of "instant" retry behavior is often not really that helpful. Calls that take a very long time to run on the server are very rare (and usually indicate some other problem), while the occasional short-lived "busy" packet is relatively common (sometimes the server just hasn't cleaned up the call by the time we issue a new call). So just get rid of the retrying behavior to ensure we don't continue to encounter any problems like this. To get rid of this behavior, we remove the RX_CALL_BUSY code, and all code dealing with processing it. This means removing the RX_CALL_BUSY handling from the client, as well as removing rx_SetBusyChannelError(). This effectively reverts most of 23d6287f7f494383891a497038e8c0e870e824bf, and a few other commits related to RX_CALL_BUSY. With this change, if all we get from the server are BUSY packets when we try to issue an RPC, the call will eventually error out with RX_CALL_TIMEOUT (or hang forever, if no timeouts are configured). This can be thought of intuitively as similar to "idle dead" behavior, since we are just waiting for the server to proceed with processing the call. So, if "idle dead" is configured, we still timeout after the "idle dead" timeout. And if no idle or hard dead timeout is configured, we will hang forever; just like if the server started processing the call but then hangs forever. Note that not all of 23d6287f7f494383891a497038e8c0e870e824bf is reverted. Namely, the logic to have rx_NewCall try to pick the "least busy" channel is retained. Thanks to Simon Wilkinson for bringing up and discussing this issue in this thread: Change-Id: I272e51f252356aa14bc4b8a3b7c594700deb432c Reviewed-on: http://gerrit.openafs.org/10784 Reviewed-by: Daria Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 0f339711ebf7b7a76e299f9ab9ee74264bedb0d2 Author: Andrew Deason Date: Thu Jan 30 00:39:39 2014 -0600 rx: Remove RX_CALL_IDLE After change Ie0497d24f1bf4ad7d30ab59061f96c3298f47d17, RX_CALL_IDLE is not generated by Rx anymore; "idle dead" timeouts just cause RX_CALL_TIMEOUT errors. Any code dealing with it is thus now dead code (this value was deliberately never sent over the wire), so remove the dead code. Change-Id: I2b38327f77ffc8168712b83506afa1da3eea1224 Reviewed-on: http://gerrit.openafs.org/10783 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 846f2c8eae4968d1c400d18ec66ca1daf5fdef02 Author: Andrew Deason Date: Thu Jan 30 00:36:22 2014 -0600 rx: Remove idleDeadDetection After change Ie0497d24f1bf4ad7d30ab59061f96c3298f47d17, testing for idleDeadDetection is equivalent to testing if idleDeadTime is non-zero. The idleDeadDetection field is thus redundant, so remove it. Change-Id: Id11f2829167f4de1505cee286dcc7c56b431a5a6 Reviewed-on: http://gerrit.openafs.org/10782 Reviewed-by: Benjamin Kaduk Reviewed-by: Daria Brashear Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot commit 7acac948fcda0e772326a26ad24481ccf1ae31ef Author: Andrew Deason Date: Mon Jan 27 00:36:14 2014 -0600 rx: Rely on remote startWait idleness for idleDead This commit removes the functionality introduced in c26dc0e6aaefedc55ed5c35a5744b5c01ba39ea1 (which is also modified by a few later commits), as well as 05f3a0d1e0359f604cc6162708f3f381eabcd1d7. Instead we modify the startWait check in rxi_CheckCall to apply to both "reading" and "writing" to enforce "idle dead" timeouts. Why do this? First, let's start out with the following: If an Rx call gets permanently "stuck", what happens? What should happen? Here, "stuck" means that either the server or client hangs while processing the call. The server or client is waiting for something to complete before it issues the next rx_Read() or rx_Write() call. In various situations over the years, this has happened because the server or client is waiting for a lock, waiting for local disk I/O to complete, or waiting for some other arbitrary event to occur. Currently, what happens with such a "hanging" call is a little complex, and has several different results in different situations. The behavior of a call in this "stuck" situation is handled by the "idle dead" timeout of an Rx call/connection. This timeout is enforced in rxi_CheckCall, in two different conditionals (if an "idle dead" timeout is configured): if (call->startWait && ((call->startWait + idleDeadTime) < now) && (call->flags & RX_CALL_READER_WAIT)) { if (call->state == RX_STATE_ACTIVE) { cerror = RX_CALL_TIMEOUT; goto mtuout; } } and if (call->lastSendData && ((call->lastSendData + idleDeadTime) < now)) { if (call->state == RX_STATE_ACTIVE) { cerror = conn->service ? conn->service->idleDeadErr : RX_CALL_IDLE; idle_timeout = 1; goto mtuout; } } The first of these handles the case where we are waiting to rx_Read() from a call for too long (the other side of the call needs to give us more data). The second handles the case where we are waiting to rx_Write() for too long (the other side of the call needs to read some of the data we sent previously). This second case was added by commit c26dc0e6aaefedc55ed5c35a5744b5c01ba39ea1, but it has the general problem that this check does not check if anyone is actually trying to write to the call, and just tries to keep track of the last time we wrote to the call. So, we may have written some data to the call successfully, and then we went off to do something else. We can then kill the call later for taking too long to write to, even though nobody is trying to write to it. This results in a few problems: (1) When the fileserver is writing to the client, it may need to wait for various locks and it may need to wait for local disk I/O to complete. If this takes too long for any reason, the fileserver will kill the call (currently with VNOSERVICE), but the thread for servicing the call will still keep running until whatever the fileserver was waiting for finishes. (2) lastSendData is set whenever we send any ACK besides an RX_ACK_PING_RESPONSE (as of commit 658d2f47281306dfd46c5eddcecaeadc3e3e7fa9). If we are the server, and we send any such ACK (in particular, RX_ACK_REQUESTED is common), the "idle dead" timer starts. This means the server can easily kill a call for idleness even if the server has never sent the client anything, and even if the server is still actively reading from the client. (3) When a client tries to issue an RPC for the server, the "idle dead" timeout effectively becomes a hard dead timeout, since we will write the RPC arguments to the Rx stream, and then wait for the server to respond with the output arguments. During this time, our 'lastSendData' is the last time we sent our arguments to the server, and so the call must finish before 'call->lastSendData + idleDeadTime' is in the past. In addition to this "idle dead" processing, commit 05f3a0d1e0359f604cc6162708f3f381eabcd1d7 appears to attempt to provide "idle dead"-like behavior by disabling Rx keepalives at certain points (when we're waiting for disk I/O), controlled by the application process (currently only the fileserver). The idea is that if keepalives are disabled, the server will just appear unreachable to the client, and so if disk I/O takes too long, the client will just kill the call because it looks like the server is gone. However, this also has some problems: (A) Clients send their own keepalives, and the server will still respond to them. So, the server will not appear to be inaccessible anyway. But even if it did work: (B) This approach only accounts for delays in disk I/O, and not anywhere else (we could hang for a wide variety of reasons). It also requires the fileserver to decide when it's okay for a call to be killed due to "idle dead" and when it's not, which currently seems to be decided somewhat arbitrarily. (C) This doesn't really let the client dictate its own "idle dead" timeout for idleness specifically; it just looks like the server went away. (D) The fileserver would appear to be unreachable in this situation, but it's not actually unreachable. This can be confusing to clients, since distinguishing between a server that is completely down vs just taking too long is an important distinction. (E) As noted in (1) above, the fileserver thread will still keep waiting for whatever it has been waiting for, even though the call has been killed and is thus useless. So instead of all of this stuff, just modify the rxi_CheckCall "idle dead" check to depend on the call->startWait parameter instead. This parameter will be set whenever anyone is waiting for something to proceed in the call, whether that is waiting to read data or write data. This should make "idle dead" processing much simpler, as it is reduced to effectively: if we've been waiting for longer than N seconds, kill the call. This involves ripping out much of the code related to lastSendData and rx_KeepAlive*. This means removing the call->lastSendData field and the rx_SetServerIdleDeadErr function, since those were only used for the behavior in c26dc0e6aaefedc55ed5c35a5744b5c01ba39ea1. This also means removing rx_KeepAliveOn and rx_KeepAliveOff, since those were only used for the behavior in 05f3a0d1e0359f604cc6162708f3f381eabcd1d7. This commit also removes the only known use of the VNOSERVICE error code, so add some comments saying what this code was used for (especially since it is quite different from other V* error codes). Note that the behavior in (1) could actually be desirable in some situations. In environments that have clients without "idle dead" functionality, and those clients cannot be upgraded or reconfigured, this commit means those clients may hang forever if the server hangs forever. Some sites may want the fileserver to be able to kill such hanging calls, so the client will not hang (even if it doesn't free up the fileserver thread). However, such behavior should really be a special case for such sites, and not be the default behavior (or only behavior) for all sites. The fileserver should just be concerned with maintaining its own threads and availability, and clients should manage their own timeouts and handle hanging servers. Thanks to Markus Koeberl, who originally brought attention to some of the problematic behavior here, and helped investigate what was going on in the fileserver. Change-Id: Ie0497d24f1bf4ad7d30ab59061f96c3298f47d17 Reviewed-on: http://gerrit.openafs.org/10773 Reviewed-by: Daria Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 1f2818192fef9bd2707068414e8800dfc56b681e Author: Jeffrey Altman Date: Tue Feb 10 02:36:03 2015 -0500 Windows: Fake status info on EACCES When enumerating a directory if status info for an entry cannot be obtained, fake it. Do not return STATUS_ACCESS_DENIED to the redirector as that will be interpreted as the directory not being listable. Change-Id: I488f5d8d244c363135e00e156a685cd56fd060c8 Reviewed-on: http://gerrit.openafs.org/11736 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit 0008ca80a873975e042993b30cbdc47d8f8f116b Author: Jeffrey Altman Date: Thu Jan 22 19:48:32 2015 -0500 Windows: foo.backup -> foo.backup too many symlinks In the case where an explicit mount point to a .backup volume is resolved from a .backup volume the cache manager refuses to evaluate the mount point target. This is meant to address unwanted recursion in the directory tree searches. Change the error code to ERROR_TOO_MANY_SYMLINKS and propagate that error to the AFS redirector. That will result in the application receiving STATUS_ACCESS_DENIED instead of STATUS_REPARSE_POINT_NOT_RESOLVED. The STATUS_REPARSE_POINT_NOT_RESOLVED error causes cmd.exe and powershell.exe to terminate recursive directory searches. Change-Id: I5dfdd835e8696b823af45a8e5c33a5ca6320cf31 Reviewed-on: http://gerrit.openafs.org/11693 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 73cad3be0a3489237ab7e66d3b12c52ffb0b67d0 Author: Jeffrey Hutzelman Date: Sun Jun 16 16:28:22 2013 -0400 Ignore return values harder In various places where we intentionally ignore the return values of system calls and standard library routines, this changes the way in which we do so, to avoid compiler warnings when building on Ubuntu 12.10, with gcc 4.7.2 and eglibc 2.15-0ubuntu20.1. Change-Id: I41f806a686d68b02aec2847886bd5d787cbff3d3 Reviewed-on: http://gerrit.openafs.org/9980 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a762e6871ad6837ee126cec9e63d99388b4bf119 Author: Andrew Deason Date: Wed Feb 4 10:25:38 2015 -0600 rx: Zero unitialized uio structs We use some uio structures that were allocated on the stack, but we only initialize them by initializing individual fields. On some platforms (Solaris is one known example, but probably not the only one), there are additional fields we do not initialize. Since we cannot be certain of what any additional fields there may be, just zero the whole thing. This is basically the same change as I0eae0b49a70aee19f3a9ec118b03cfb3a6bd03a3, but in the rx subtree. Change-Id: I400144143bb1f47409eccb931daacc8a5058e074 Reviewed-on: http://gerrit.openafs.org/11711 Tested-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman Reviewed-by: Daria Brashear commit c16ec571273b03e9d4f4905efdeaa2182bbe0c6a Author: Benjamin Kaduk Date: Wed Nov 5 14:26:36 2014 -0500 Deorbit AIX-specific QuickStartGuide bits Although there are still servers deployed on AIX systems, there may not be any clients in use, and it is unlikely that there will be new deployments which require this documentation. Change-Id: Id6554e120cb01c5d4de5c7de67e74e802b7ea217 Reviewed-on: http://gerrit.openafs.org/11592 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ca66b1aff35b31a944679656ca71546768c91c47 Author: Benjamin Kaduk Date: Wed Nov 5 14:26:36 2014 -0500 Deorbit HP-UX-specific QuickStartGuide bits Get the rest of them all at once. Change-Id: Idb33746d43a4a1a9f41e21d7f6d81360ecdd952e Reviewed-on: http://gerrit.openafs.org/11591 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 69e84bd8a2ccc6065c3a06b7239c855207b92e4d Author: Daria Brashear Date: Wed Jan 14 10:22:25 2015 -0500 LINUX: ensure mvid is set on root vnodes it shoudn't happen that we aren't setting mvid on root vnodes, so assert so we notice if the invariant is violated Change-Id: I32c8aa4dced8751d11817d74508b87ff44261837 Reviewed-on: http://gerrit.openafs.org/11669 Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot commit 31e4a030f58f7ecb0cbc4236cab3d7cc25f29ccb Author: Jeffrey Altman Date: Thu Jan 22 19:36:59 2015 -0500 afs: refactor afs_linux_dentry_revalidate No functional change. Separate the if (locked && vcp->mvstat == 1) { ... } conditional into if (locked) { if (vcp->mvstat == 1) { ... } } in preparation for another change. Change-Id: I1fe42ed7771882ce365d9359a4e6187c283592a8 Reviewed-on: http://gerrit.openafs.org/11692 Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 381c7afbe60a0e6d53e8cc1bca2de920574b3383 Author: Michael Meffie Date: Wed Jan 21 14:58:35 2015 -0500 bozo: do not exit when the client config already exists The bosserver creates symlinks for the client CSDB and ThisCell config files during initialization. Avoid exiting if the client CSDB or ThisCell configuration already exists, otherwise the bosserver cannot be restarted with bos restart. This fixes an error introduced with commit 720363fa9bf7cfbebdc485104b74ca6bac1895f6, Fix unchecked return values. Change-Id: Ie6ecf126d1ed663f161c26da2a8c4d568369d99d Reviewed-on: http://gerrit.openafs.org/11684 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk commit d908845831ec6d6f641b06926b6724bd4818043c Author: Perry Ruiter Date: Mon Jan 19 19:35:41 2015 -0800 doc: backup manpage fix While reviewing gerrit 11678 I noticed the -n flag was duplicated. Remove the duplicate flag. Change-Id: I4a63a50199e1564a0b0394445e9dc1569bb08a0c Reviewed-on: http://gerrit.openafs.org/11688 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk commit 5ef1de5eddccce0e7b135bb9ed4decaa62fc19ce Author: Andrew Deason Date: Fri Jan 30 13:29:57 2015 -0600 afs: Zero uninitialized uio structs In several places in the code, we allocate a 'struct uio' on the stack, or allocate one from non-zeroed memory. In most of these places, we initialize the structure by assigning individual fields to certain values. However, this leaves any remaining fields assigned to random garbage, if there are any additional fields in the struct uio that we don't know about. One such platform is Solaris, which has a field called uio_extflg, which exists in Solaris 11, Solaris 10, and possibly further back. One of the flags defined for this field in Solaris 11 is UIO_XUIO, which indicates that the structure is actually an xuio_t, which is larger than a normal uio_t and contains additional fields. So when we allocate a uio on the stack without initializing it, it can randomly appear to be an xuio_t, depending on what garbage was on the stack at the time. An xuio_t is a kind of extensible structure, which is used for things like async I/O or DMA, that kind of thing. One of the places we make use of such a uio_t is in afs_ustrategy, which we go through for cache reads and writes on most Unix platforms (but not Linux). When handling a read (reading from the disk cache into a mapped page), a copy of our stack-allocated uio eventually gets passed to VOP_READ. So VOP_READ for the cache filesystem will randomly interpret our uio_t as an xuio_t. In many scenarios, this (amazingly) does not cause any problems, since generally, Solaris code will not notice if something is flagged as an xuio_t, unless it is specifically written to handle specific xuio_t types. ZFS is one of the apparent few filesystem implementations that can handle xuio_t's, and will detect and specially handle a UIOTYPE_ZEROCOPY xuio_t differently than a regular uio_t. If ZFS gets a UIOTYPE_ZEROCOPY xuio_t, it appears to ignore the uio buffers passed in, and supplies its own buffers from its cache. This means that our VOP_READ request will return success, and act like it serviced the read just fine. However, the actual buffer that we passed in will remain untouched, and so we will return the page to the VFS filled with garbage data. The way this typically manifests is that seemingly random pages will contain random data. This seems to happen very rarely, though it may not always be obvious what is going on when this occurs. It is also worth noting that the above description on Solaris only happens with Solaris 11 and newer, and only with a ZFS disk cache. Anything older than Solaris 11 does not have the xuio_t framework (though other uio_extflg values can cause performance degradations), and all known non-ZFS local disk filesystems do not interpret special xuio_t structures (networked filesystems might have xuio_t handling, but they shouldn't be used for a cache). Bugs similar to this may also exist on other Unix clients, but at least this specific scenario should not occur on Linux (since we don't use afs_ustrategy), and newer Darwin (since we get a uio allocated for us). To fix this, zero out the entire uio structure before we use it, for all instances where we allocate a uio from the stack or from non-zeroed memory. Also zero out the accompanying iovec in many places, just to be safe. Some of these may not actually need to be zeroed (since we do actually initialize the whole thing, or a platform doesn't have any additional unknown uio fields), but it seems worthwhile to err on the side of caution. Thanks to Oracle for their assistance on this issue, and thanks to the organization experiencing this issue for their patience and persistence. Change-Id: I0eae0b49a70aee19f3a9ec118b03cfb3a6bd03a3 Reviewed-on: http://gerrit.openafs.org/11705 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Daria Brashear commit b9647ac1062509d6a3997ca575ab1542d04677a2 Author: Andrew Deason Date: Fri Jan 30 13:08:19 2015 -0600 SOLARIS: Avoid uninitialized caller_context_t Currently we pass a caller_context_t* to some of Solaris' VFS functions (VOP_SETATTR, VOP_READ, VOP_WRITE, VOP_RWLOCK, VOP_RWUNLOCK), but the pointer we pass is to uninitialized memory. This code was added in commit 51d76681, and this particular argument is mentioned in , where the author doesn't really know what the argument is for. Over 10 years later, it's still not obvious what this argument does, since I cannot find any documentation for it. However, browsing publicly-available Illumos/OpenSolaris source suggests this is used for things like non-blocking operations for network filesystems, and is only interpreted by certain filesystems in certain codepaths. In any case, it's clear that we're not supposed to be passing in an uninitialized structure, since the struct has actual members that are sometimes interpreted by lower levels. Other callers in Illumos/OpenSolaris source seem to just pass NULL here if they don't need any special behavior. So, just pass NULL. I am not aware of any issues caused by passing in this uninitialized struct, and browsing Illumos source and discussing the issue with Oracle engineers suggest there would currently not be any issues with the cache filesystems we would be using. However, it's always possible that issues could arise from this in the future, or there are issues we don't know about. Any such issues would almost certainly appear to be non-deterministic and be a nightmare to track down. So just pass NULL, to avoid the potential issues. Change-Id: I41babe520530ba886d1877de99eb1644c1b9f699 Reviewed-on: http://gerrit.openafs.org/11704 Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: Daria Brashear commit cb6de07fb8a12199ad0f1c4990f19074a9a54fcc Author: Hans-Werner Paulsen Date: Wed Sep 17 09:41:16 2014 +0200 use V_creationDate in DumpHeader for R/O volumes This patch modifies a patch committed as 1e6fb1b7b7, the dumpTimes.to is now set to creationDate for R/O volumes. The old value copyDate is wrong, if the R/O volumes is re-cloned. This does not happen with "vos dump -clone", but may happen with dumping a R/O volume directly: "vos dump ". Change-Id: Ia3ae7e1ae4a22aa47f0f28fac45077ff6789e720 Reviewed-on: http://gerrit.openafs.org/11468 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Daria Brashear Reviewed-by: Benjamin Kaduk commit 40d97fa9f0356fce7aec76d69dbacb81eac3db37 Author: Antoine Verheijen Date: Tue Jan 27 19:49:04 2015 -0700 OpenBSD: Clean up use of LK_CANRECURSE in call to lockmgr() The LK_CANRECURSE and LK_RECURSEFAIL flags in the call to lockmgr() are mutually exclusive. Previous version of OpenBSD didn't really check well for this but more recent versions look for the conflict and take a kernel panic when they're both set. The OpenBSD kernel module currently just blindly sets the LK_CANRECURSE flag in its call to lockmgr(). This patch changes that behaviour so that it checks to make sure that the LK_RECURSEFAIL flags is not set before it actually applies the LK_CANRECURSE flag. That removes the kernel panics that have started to arise. This behaviour is more consistent with other OpenBSD code that makes use of the LK_CANRECURSE flag. Change-Id: Ie435559f4b88195136e09c6184543861f06257da Reviewed-on: http://gerrit.openafs.org/11699 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk commit d354386b8c6047206800dc52ab82886e23db77ad Author: Antoine Verheijen Date: Tue Jan 27 19:44:56 2015 -0700 OpenBSD: Remove obsolete parameter in call to osi_VM_FlushVCache() The second parameter in the call to osi_VM_FlushVCache() in the kernel module is obsolete and has been removed. However, one call in the OpenBSD module still contains that parameter in its call. This patch removes it, eliminating the compile error. Change-Id: Ia3f79c74e86b8038301459e1adbf17a58056e8b1 Reviewed-on: http://gerrit.openafs.org/11698 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk commit 15260c7fdc5ac8fe9fb1797c8e383c665e9e0ccd Author: Marc Dionne Date: Thu Dec 18 08:43:22 2014 -0500 Linux: d_splice_alias may drop inode reference on error d_splice_alias now drops the inode reference on error, so we need to grab an extra one to make sure that the inode doesn't go away, and release it when done if there was no error. For kernels that may not drop the reference, provide an additional iput() within an ifdef. This could be hooked up to a configure option to allow building a module for a kernel that is known not to drop the reference on error. That hook is not provided here. Affected kernels should be the early 3.17 ones (3.17 - 3.17.2); 3.16 and older kernels should not return errors here. [kaduk@mit.edu add configure option to control behavior, which is mandatory on non-buildbot linux systems] Change-Id: Id1786ac2227b4d8e0ae801fe59c15a0ecd975bed Reviewed-on: http://gerrit.openafs.org/11643 Tested-by: BuildBot Reviewed-by: Michael Laß Reviewed-by: Jeffrey Altman commit b9d86a12d1fccf93f0663b06a317a01811d981d8 Author: Chas Williams (CONTRACTOR) Date: Mon Dec 15 11:04:06 2014 -0500 IRIX: remove mention of unsupported sgiefs from Makefile.in Change-Id: Ib3594fa5c75df2c10d2692801ed64d657ece5d19 Reviewed-on: http://gerrit.openafs.org/11635 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 84422047f4948d88ab91fc4132767c272138d3f4 Author: Chas Williams (CONTRACTOR) Date: Mon Dec 15 10:58:02 2014 -0500 IRIX: Move src/sgistuff to platform/IRIX Change-Id: Ie7e17859c346e472af1d07adf2c359250f71d653 Reviewed-on: http://gerrit.openafs.org/11634 Reviewed-by: Daria Brashear Tested-by: BuildBot commit 6e545ebf974c81f29b3249d3201821b52586ba6f Author: Benjamin Kaduk Date: Wed Nov 5 14:26:36 2014 -0500 Deorbit IRIX-specific QuickStartGuide bits Get the rest of them all at once. Change-Id: Ife9920f00ec8eea953929a76a30f86d958d55f9c Reviewed-on: http://gerrit.openafs.org/11590 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ccda3b6cbbb61fb8d9bc3eea451beb299ad01c1b Author: Benjamin Kaduk Date: Thu Dec 4 16:52:37 2014 -0500 Add auditing to GetXStats This will record the caller as well as the fact that we received a GetXStats call. Change-Id: I101b9fcea37e26e031efa4a8cf74df8351866dcf Reviewed-on: http://gerrit.openafs.org/11620 Reviewed-by: Daria Brashear Tested-by: BuildBot commit 012fc253c21e6ab35ddc571aed6706fd3c75e74e Author: Hans-Werner Paulsen Date: Tue Aug 26 16:44:51 2014 +0200 AFSVolClone: remove calls to AssignVolumeName The calls in AFSVolClone to AssignVolumeName are unnecessary, because the volume name is overwritten few lines later with strcpy. Change-Id: If5031271b9ade08ae248703c8a72f3a083fd4fce Reviewed-on: http://gerrit.openafs.org/11432 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Daria Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 2b1481dae535c399cce837f3d63b1c76831b8190 Author: Simon Wilkinson Date: Wed Jan 9 09:52:53 2013 +0000 Build system: MT_LIBS includes XLIBS The MT_LIBS library list already includes XLIBS, so there's no need to specify both on a link line. Change-Id: I8594b1b6e1a16af741b40822cbce49e846b26f49 Reviewed-on: http://gerrit.openafs.org/8904 Reviewed-by: Daria Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit d7052df849278ca685bae113a580bfaadce3d2aa Author: Andrew Deason Date: Fri Apr 23 17:51:28 2010 -0500 Add asserts to VLock* functions Make sure we don't continue on if we have unbalanced locks and unlocks. Having a negative refcount is a serious internal error, and they are difficult to fix unless we assert right away. Change-Id: Ib9b5b3f209635e0365df96c79ea8bf49c765008b Reviewed-on: http://gerrit.openafs.org/2594 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Daria Brashear commit 82a30ed17c9cf56e319d5e13ca2e18d82f8b239c Author: Andrew Deason Date: Thu Oct 4 14:15:34 2012 -0500 DAFS: Free header on partially-attached vol salv When we VRequestSalvage_r a volume, normally the header is freed when the volume goes offline. This happens when we VOfflineForSalvage_r, either via VCheckSalvage when nUsers drops to 0, or in VRequestSalvage_r itself if nUsers is already 0. We cannot free the header under normal circumstances, since someone else may have a ref on vp, which implies that the vol header object is okay to use. However, for VOL_SALVAGE_NO_OFFLINE, we skip all of that. For VOL_SALVAGE_NO_OFFLINE, the volume has only been partially attached, so it does not go through the full offlining process, so we don't ever hit the normal VPutVolume_r handlers etc. So, in the current code, we don't free the header. But our nUsers drops to 0 anyway, and when nUsers is 0, our header is supposed to be on the LRU (if we have one). "oops" Rectify this by freeing the volume header when VOL_SALVAGE_NO_OFFLINE is set. Add some comments to try to be very clear about what's going on. Note that similar behavior was removed in commit 4552dc552687267fce3c7a6a9c7f4a1e9395c8e5 via a similar flag called VOL_SALVAGE_INVALIDATE_HEADER. I believe now that this is the same scenario that VOL_SALVAGE_INVALIDATE_HEADER was trying to solve. However, VOL_SALVAGE_INVALIDATE_HEADER was not always used correctly, and its purpose was not really adequately explained, which contributed to the idea that its very existence was buggy. Previously, when VOL_SALVAGE_INVALIDATE_HEADER existed, it was used incorrectly in the VRequestSalvage_r calls in GetVolume, VForceOffline_r, and VAllocBitmapEntry_r. All of these call sites could have a vp with other references held on it, and so invalidating the header there can cause segfaults when the header is freed. So ideally, commit 4552dc552687267fce3c7a6a9c7f4a1e9395c8e5 would have just removed the flag from those call sites. This change effectively restores the behavior that VOL_SALVAGE_INVALIDATE_HEADER provided. But no new flags are gained, since this behavior is what we want for the VOL_SALVAGE_NO_OFFLINE flag. This is not a coincidence; for the 'normal' case, we will free the header whenever we offline the volume. But for the 'do not offline' case, obviously that will never happen, so we need to do it separately. So, these two flags are really the same thing. Change-Id: Ia369850a33c0e781a3ab2f22017b8559410ff8bf Reviewed-on: http://gerrit.openafs.org/8204 Reviewed-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Daria Brashear commit 71072c2bb373a6ae5edec91884985c3cfc478147 Author: Andrew Deason Date: Thu Apr 4 14:39:41 2013 -0500 ihandle: Add a comment on IH_OPEN/IH_REALLYCLOSE Currently, it's not really 'safe' in ihandle to issue an IH_OPEN against an IHandle_t when an IH_REALLYCLOSE is running at the same time. The reasons for this are explained a bit in ticket 131530 and related commits, but briefly: Say IH_OPEN runs, and drops IH_LOCK to open a new fd on disk. Then IH_REALLYCLOSE runs and closes all fds, or marks them as needing close. The running IH_OPEN then acquires IH_LOCK again and puts the newly-opened fd onto the per-IH list of fds. We now have an fd that effectively "survives" across the IH_REALLYCLOSE; effectively IH_REALLYCLOSE did not close all fds for the ih. This is possibly fixable by maintaining some extra information in IHandle_t's, but this is only a problem if we allow IH_OPEN calls to happen simultaneously with IH_REALLYCLOSE calls. Ever since ih_sync_thread was removed (or changed to not call IH_OPEN), there should be no cases where this is possible. All instances of IH_REALLYCLOSE happen during error recovery for a newly-created file, or happen under a per-vnode write lock, or for volume metadata files only happens when the ref count for a volume drops to zero when we're offlining the volume. So, do not bother trying to fix this, since doing so is currently a waste of time and the resulting complexity could introduce bugs. But in case someone ever tries to do something resulting in IH_OPEN calls executing outside the normal threads of execution, add a comment around the IH_REALLYCLOSE explanations to try and briefly explain that this cannot currently be done. Change-Id: I989806635f3b048b0c084480a4b02dc1902ba031 Reviewed-on: http://gerrit.openafs.org/9709 Tested-by: BuildBot Reviewed-by: Daria Brashear commit d43699173e0e5ee5650974fcff105b38105c0422 Author: Benjamin Kaduk Date: Wed Jan 14 15:05:35 2015 -0500 opr: implement the BSD ffs() functions Provide opr implementations of ffs(), fls(), ffsll(), and flsll(). There is no need to provide the 'long' form, since int is 32 bits and long long is 64 bits. These functions return the index of the first (or last) bit set in a given (long long) word, or zero if no bits are set. Change-Id: I126000f8b650f41d67567a9af659e0805478af2d Reviewed-on: http://gerrit.openafs.org/11671 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Daria Brashear commit 6419d241866af95942d285b2e07dd510a43086f6 Author: Benjamin Kaduk Date: Mon Jan 12 17:48:25 2015 -0500 afs: Remove unused constant DCSIZE The size of the dcache hash table is automatically determined from the size of the vcache hash table size, since even before the initial OpenAFS 1.0 release. AFS 3.3 had constants DCHASHSIZE and DVHASHSIZE which were used to size the respective hash tables, but DCSIZE was unused even there. Change-Id: I1f4e278eacb881b60a457fa9871225de7ce0f9f8 Reviewed-on: http://gerrit.openafs.org/11672 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit afa6bda887c39101dbfc7c3268a315e48d47fa09 Author: Andrew Deason Date: Tue Dec 16 17:03:34 2014 -0600 cacheout: Use authenticated secClass for VLDB Currently 'cacheout' will always utilize an unauthenticated connection when talking to the VDLB, even if it uses an authenticated connection when talking to fileservers. This is regardless of any tokens retrieved or command-line parameters, etc. Using an authenticated connection to the VLDB can be useful, since a user may want to encrypt the VLDB communication, or require stronger guarantees of data consistency. So, just use the same security class information for our VLDB communication as for our fileserver communication. 'scnull' is now not used anywhere after this commit, so get rid of it. Change-Id: I1e8a440ea7427399a3b219246e4c3623a603c35e Reviewed-on: http://gerrit.openafs.org/11637 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: Daria Brashear commit 52b8073a6c1ef11f1a47fb26d77efd87425be556 Author: Michael Meffie Date: Fri Nov 14 16:57:53 2014 -0500 fix byte ordering in check_sysid Several uuid fields as well as the ip addreses in the sysid file are in network byte order. Fix the check_sysid utility to decode these fields properly. In addition, print the server uuid in the common string format used to display uuids, instead of by individual uuid fields. Change-Id: I9688e9117490d0ef0eb6dd5af417222482322e0c Reviewed-on: http://gerrit.openafs.org/11603 Tested-by: BuildBot Reviewed-by: Daria Brashear commit 7644d02f258cd2dfd880d7d52c2f41b2eb2ce870 Author: Benjamin Kaduk Date: Sun Dec 14 15:12:04 2014 -0500 rx: rxi_SendPacketList remove duplicate conditional Presumably these checks were different at some point in the past. Change-Id: I0fb8737404a3c4fa786ab7965b60d35328d0bf32 Reviewed-on: http://gerrit.openafs.org/11632 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: Daria Brashear commit a1a6331e2e1ccfd846927752a5aacb7a39c14488 Author: Benjamin Kaduk Date: Sat Dec 13 23:18:36 2014 -0500 rx: Remove dead AFS_ADAPT_PMTU SUN5 code AFS_ADAPT_PMTU is only defined on linux26, so anything which is conditional on both AFS_ADAPT_PMTU and AFS_SUN5_ENV being set is dead code. This seems to have been dead code since its introduction in commit 1206e7538be86f073b21cd289266286b60a95d0a. Change-Id: I9bb6ff40de87a7f2d8d953ef7583c6c2b090ab48 Reviewed-on: http://gerrit.openafs.org/11631 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Daria Brashear commit d03e3c392eee2bd9158c417f42bcbf2009dabfc3 Author: Andrew Deason Date: Thu Sep 13 17:58:50 2012 -0500 rx: Normalize use of some MTU-discovery fields When we store MTUs (peer->ifMTU, peer->natMTU, etc.), we store the maximum transport unit usable by RX, i.e., excluding the IP and UDP headers, but including the RX header. Contrariwise, when we track the size of packets we've sent (conn->lastPacketSize, peer->maxPacketSize), we track logical packet lengths which exclude the RX header (and the IP and UDP headers). However, the consumers of lastPacketSize and maxPacketSize were not always interpreting their values correctly as excluding the RX (and other) headers. Add comments to these fields in their respective structure definitions to help make clear what they contain (and the difference between them). Correct several checks which were using the wrong constant for correcting between these two worldviews (and the wrong sign). Modernize the style of lines that are touched. The lastPacketSize and maxPacketSize variables are only accessed from five places: while sending packets, while processing acks, while sending acks, while handling growMTU events, and in rxi_CheckCall(). They are used to track the size of packets that have been successfully sent (and thus, indirectly, to control the size of packets we send). The maxPacketSize is only set once we have received an ack from the peer for a packet of that size, and lastPacketSize tracks the size of a speculative packet larger than that size, until it is acked. When sending packets, we check if the size of the packet we are sending exceeds the recorded maxPacketSize, and if so, record that speculative size in the lastPacketSize variable, along with the sequence number of that packet in lastPacketSizeSeq. Correspondingly, when processing acks, if the packet tracked in lastPacketSizeSeq is being acked, we know that our speculative large packet was successfully received, and can attempt to update the recorded maxPacketSize for the peer. This is done through an intermediate variable, 'pktsize', which holds either the value of lastPacketSize or lastPingSize, without adjustment for the size of any headers. The ack processing has a bit of code to handle the case where maxPacketSize has been reset to zero, initializing it to a small value which should be expected to always work. The intention seems to have been to initialize maxPacketSize to the smallest permitted value (since RX_MIN_PACKET_SIZE is amount of data available to RX in the smallest permitted IP packet), but the old code was actually initializing maxPacketSize from zero to something a bit larger than the minimum, by RX_IPUDP_SIZE + RX_HEADER_SIZE. This over-large initialization was mostly harmless, see below. After this potential initialization, 'pktsize' was incorrectly used to set a new ifMTU and natMTU for the peer. It correctly determined that a packet larger than the previous maxPacketSize had been acked, but then set the peer's ifMTU and natMTU to smaller values than the acked packet actually indicates. (It is careful to only increase the ifMTU, though.) The actual peer->MTU is *not* updated here, but will presumably trickle through eventually via rxi_Resend() or similar. It is possible that this code should be using rxi_SetPeerMtu() or similar logic, but that might involve locking issues which are outside the scope of this analysis. The over-large initialization of maxPacketSize (from zero) was fortuitously mostly harmless on systems using minimum-sized IP packets, since a correspondingly wrong check was used to detect if a new MTU invalidates this maxPacketSize, with the constants offsetting. Likewise, the checks in rxi_SendAck() had the wrong constants, but they offset to produce the correct boundary between small and large packets while trying to grow the MTU. Unfortunately, the old behavior in the "small" case is not correct, and the grow MTU event would try to send a packet with more padding than was intended. In networks allowing packets slightly larger than the minimum (but not much larger than the minimum), the old code may have been unable to discover the true MTU. In the main (MTU-related) logic of rxi_SendAck, a variable 'padbytes' is set to a small increment of maxPacketSize in the "small" case, and a larger increment of maxMTU in the "large" case. There is a floor for padbytes based on RX_MIN_PACKET_SIZE, which ended up being larger than intended in the old code by approximately the size of the rx header. (Some of the adjustments performed are rather opaque, so the motivations are unclear.) The more interesting places where accesses to lastPacketSize and maxPacketSize happen are during the MTU grow events and in rxi_CheckCall(). In rxi_CheckCall(), the packet size variables are only accessed if the connection has the msgsizeRetryErr flag set, the call is not timed out (whether for idleness or during active waiting), and the call has actually received data. In this case, we conclude that sending packets failed and decrease the MTU. The old code was quite broken in this regard, with a reversed sense of conditional for whether a speculative large packet was outstanding, and a rather large decrease in MTU size of effectively 128 + RX_HEADER_SIZE + RX_IPUDP_SIZE = 212, when only a decrease of 128 was intended. The new code corrects the sense of the conditional and sets the decrease in MTU to the intended value of 128. With respect to MTU grow events, this change only touches rxi_SetPeerMtu(), to correct the conditional on whether the MTU update invalidates/overrides the cached maxPacketSize. There is a window of values which could cause the old code to incorrectly fail to invalidate the cached maxPacketSize. Values in this window could result in the old code being stuck on a bad MTU guess, but should not cause an actual failure to communicate. That conditional zeroing of maxPacketSize is the only access to the PacketSize variables in rxi_SetPeerMtu(). maxPacketSize is also checked in rxi_GrowMTUEvent(), but only against zero to avoid sending RX_ACK_MTU packets needlessly, so it is unaffected by the issue at hand. In summary, in certain network conditions, the old code could fail to find an optimum MTU size, but would always continue to operate. The new code is more likely to find a better MTU size, and the old and the new code should interoperate fine with both each other and themselves. [kaduk@mit.edu add a few missed cases; expound on analysis in commit message] Change-Id: I7494892738d38ffe35bdf1dfd483dbf671cc799a Reviewed-on: http://gerrit.openafs.org/8111 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: Daria Brashear commit fa5434adf19d040bd194b63993b81263c395fa78 Author: Andrew Deason Date: Sun Sep 14 14:24:17 2014 -0500 afs: Warn about afs_conn overcounts Currently we panic if we detect an undercount on an afs_conn structure, as this is a serious bug and can cause corruption and other issues. But an overcount is never noticed, until the refCount overflows and looks negative. Log a warning if the refCount gets really high, so an administrator has a chance at noticing and notifying a developer before the machine actually panics. [kaduk@mit.edu use the %p format specifier, mandated by C89] Change-Id: Ifc291fc10959e4e1c60115813d82a09e5a65ef75 Reviewed-on: http://gerrit.openafs.org/11465 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Daria Brashear commit 0c89335b5aa7ae3582862596878936dfcbe99bf1 Author: Andrew Deason Date: Tue Apr 30 17:32:26 2013 -0500 afs: Refactor GetDSlot parameters The 'indexvalid' and 'datavalid' parameters were really representing 3 different scenarios, not 2 different values with 2 possibilities each. Change these to a single parameter, 'type', with 3 different values: DSLOT_NEW, DSLOT_UNUSED, and DSLOT_VALID. Hopefully this will make the relevant code paths easier to understand. This should incur no functional change; it is just code reorganization. Change-Id: Iac921e74532de89121b461fa0f53ddb778735e0c Reviewed-on: http://gerrit.openafs.org/9834 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Daria Brashear commit d61cb9ad764115811fcca3dd0a735ecad1d6eac4 Author: Andrew Deason Date: Mon Dec 1 10:11:38 2014 -0600 LINUX: Remove fix_bad_parent For Linux, fix_bad_parent (and in 1.6 and earlier, check_bad_parent) served the purpose of fixing mvid if it was "wrong", for volume-root vcaches (mvstat == 2). However, in modern Linux, we never really use mvid for root vcaches. This would normally be used for looking up ".." entries in the root dir, but Linux handles that for us. Specifically, the only times an "mvstat == 2" mvid is used are: - afs_lookup(), where we specifically check for a ".." lookup. Linux cannot give us a lookup for "..", since Linux itself services ".." lookups through the dcache. - afs_readdir_move(), where we look for ".." entries. Linux does not use this function, since Linux reimplements afs_readdir() in afs_linux_readdir(), and so this function is never called. Of course, mvid is used in many other locations, mostly for "mvstat == 1" vcaches (mountpoints) and a few other special cases. But these are the instances where mvid is relevant for root dirs. So, since mvid is never really used for "mvstat == 2" vcaches on Linux, don't bother trying to keep it up-to-date. Doing so is just needless waste, and causes problems when there are bugs in fix_bad_parent. The mvid field is still updated in cross-platform code from time to time; removing that would be more complex and possibly not worth the effort. Change-Id: I5011ba069e5c8ed947ab6ff8d8dd393241d9c4bf Reviewed-on: http://gerrit.openafs.org/11615 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Daria Brashear commit 8b6ea7213a69f19ce2e591f1ae56a1db946c136c Author: Benjamin Kaduk Date: Wed Dec 10 14:36:36 2014 -0500 Add AFSCONF_NOCELLNAME error code Contrast with AFSCONF_NOCELL, which is for when no cell configuration information is available at all (i.e., a struct afsconf_dir* was NULL) -- this code is used when there is some cell configuration available, but that configuration does not include the cell name. Replace the only existing use of AFSCONF_UNKNOWN with this more-informative error code, leaving AFSCONF_UNKNOWN free for use in other situations. Change-Id: I989756a960e5377545af43f8e9414d1f2d6476b4 Reviewed-on: http://gerrit.openafs.org/11628 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 72e22eb00f641f137f7dbe4195d6d82f4a8addc9 Author: Marc Dionne Date: Mon Jan 5 07:17:14 2015 -0500 Linux 3.19: struct nameidata becomes opaque With kernel 3.19 struct nameidata becomes opaque. As a result we cannot rely on STRUCT_NAMEIDATA_HAS_PATH being true for new kernels. Rework the conditions here so that STRUCT_NAMEIDATA_HAS_PATH is only tested when we're using a nameidata structure and the result matters. Also modify a configure test to use a nameidata pointer instead of an actual structure. Change-Id: I0d71fca44a67570ac3b86151c70f2969dc463f4f Reviewed-on: http://gerrit.openafs.org/11648 Reviewed-by: Daria Brashear Tested-by: BuildBot commit ec9a7c2db833efacfd0692c658c2d38ed9f852ba Author: Marc Dionne Date: Mon Jan 5 07:13:37 2015 -0500 Linux 3.19: Use mgs_iter in struct msghdr struct msghdr gets msg_iov replaced by msg_iter. Add a configure test and adjust the affected code. Change-Id: I9b9e3987e55a10e48087b318d98a5a7bb17a4612 Reviewed-on: http://gerrit.openafs.org/11647 Reviewed-by: Daria Brashear Tested-by: BuildBot commit f9ca302b7a10ffc36f2439e068333ab147791c5a Author: Marc Dionne Date: Mon Jan 5 07:03:16 2015 -0500 Linux 3.19: No more f_dentry Back in kernel 2.6 .20 struct file lost its f_dentry field which was replaced by f_path.To ease transition f_dentry was defined as f_dpath.dentry in the same header.This define finally gets removed with kernel 3.19. Keep using f_dentry in the code, but add a configure test for the presence of f_path and the absence of the f_dentry macro so we can add it if its missing. Change - Id:I8e8a7e4d3ddd861018de50af1eb7315e730ad529 Change-Id: I4b05aa3d37f01e0e675c420cbf941d682c49c69c Reviewed-on: http://gerrit.openafs.org/11646 Reviewed-by: Daria Brashear Tested-by: BuildBot commit d6f29679098aff171e69511823b340ccf28e5c31 Author: Marc Dionne Date: Thu Dec 18 07:13:46 2014 -0500 Linux: d_alias becomes d_u.d_alias The fields in struct dentry are re-arranged so that d_alias shares space wth d_rcu inside the d_u union. Some references need to change from d_alias to d_u.d_alias. The kernel change was introduced for 3.19 but was also backported to the 3.18 stable series in 3.18.1, so this commit is required for 3.19 and current 3.18 kernels. Change-Id: I711a5a3a89af6e0055381dfd4474ddca2868bb9c Reviewed-on: http://gerrit.openafs.org/11642 Reviewed-by: Anders Kaseorg Reviewed-by: Michael Laß Reviewed-by: Daria Brashear Tested-by: BuildBot commit a0ffea098d8c5c5b46c6bf86a12d28d6e7096685 Author: Andrew Deason Date: Tue Mar 12 09:51:39 2013 -0500 ptserver: Limit length on namelist, idlist namelist and idlist are used as IN parameters to ptserver RPCs that can be issued by unauthenticated clients. Not having a length limit on them means anyone can use up a ton of ptserver memory by just issuing those RPCs with a very large length. So, put a limit on them. PR_MAXLIST is a constant that already exists, but is small enough to potentially limit real use, so define a new OpenAFS-internal value for this purpose. prlist and prentries are returned from the ptserver to clients, so also limit them in the same way. Change-Id: Iaf45639bbae401093354adbfb4daa172fe97ede1 Reviewed-on: http://gerrit.openafs.org/9588 Tested-by: BuildBot Reviewed-by: Daria Brashear commit 00a33b26d74aa067086ddc340efb82184715857f Author: Chas Williams (CONTRACTOR) Date: Mon Jan 5 10:41:53 2015 -0500 uss: always build uss Revert change Ibab1dd189e7fbc41ca01e7ef7479421c056999f5 since uss should always be safe to build now that its parser symbols are private. Change-Id: I65fd2008b037dd36a2c7d3ef8817d4d7dda689d7 Reviewed-on: http://gerrit.openafs.org/11653 Tested-by: BuildBot Reviewed-by: Daria Brashear commit 1bb8ad417188650e9049da9b33177de7f14226cb Author: Chas Williams (CONTRACTOR) Date: Tue Jan 6 17:58:05 2015 -0500 uss: Avoid -i (inplace) with sed Not all sed versions support inplace editing, so do things ourselves. Also use the sed version found by configure for consistency. Change-Id: I6194b8dd6b7abf88d0b0fa36ba871e0ba092ce1e Reviewed-on: http://gerrit.openafs.org/11655 Tested-by: BuildBot Reviewed-by: Daria Brashear commit 6ca324e565c34d9d04f3c553b7d0febe675ae538 Author: Marc Dionne Date: Thu Dec 18 06:57:22 2014 -0500 Linux: Move code to reset the root to afs/LINUX Move the Linux specific bit of code to reset the root to afs/LINUX platform specific files. Things that play with the Linux vfs internals should not be exposed here. No functional change, but this helps cleanup some ifdef mess. Change-Id: Ia27fca3d8052ead45783cb2332c04fe6e99e5d9f Reviewed-on: http://gerrit.openafs.org/11641 Tested-by: BuildBot Reviewed-by: Michael Laß Reviewed-by: Daria Brashear commit 720363fa9bf7cfbebdc485104b74ca6bac1895f6 Author: Jeffrey Hutzelman Date: Sun Jun 16 15:28:03 2013 -0400 Fix unchecked return values This change fixes numerous places where the return values of various system calls and standard library routines are not checked. In particular, this fixes occurrances called out when building on Ubuntu 12.10, with gcc 4.7.2 and eglibc 2.15-0ubuntu20.1, when the possible failure is one we actually do (or should) care about. This change does not consider calls where the failure is one we deliberately choose to ignore. Change-Id: Id526f5dd7ee48be2604b77a3f00ea1e51b08c21d Reviewed-on: http://gerrit.openafs.org/9979 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 218561a5d920bb9bfaa668d3bdd11e1dfac1df9f Author: Michael Meffie Date: Mon Jul 21 17:41:32 2014 -0400 vol: rename volUpdateCounter macro Change the volUpdateCounter volume macro name to be consistent with the volume header name. Change-Id: I55f55f2c084135e9598c194ed9081fce800ddfe9 Reviewed-on: http://gerrit.openafs.org/11318 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit ada9dba0756450993a8e57c05ddbcae7d1891582 Author: Michael Laß Date: Mon Dec 8 08:34:26 2014 +0100 Remove traces of Debian packaging In e34e0d1 the Debian packaging was removed. Some traces are still left, so remove those as well. Change-Id: I1d5c22181f59b2bee42dd34c9f3a043297d294a2 Reviewed-on: http://gerrit.openafs.org/11630 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 88a4efbfa3dbf497a96ad4d8b8ab2cd68351ffbf Author: Michael Meffie Date: Thu Dec 19 09:49:33 2013 -0500 dafs: avoid asserting on dafs VSALVAGING error code DAFS introduced the VSALVAGING error code which is returned when a vnode cannot be put and a volume has been scheduled to be salvaged. Update the afsfileprocs to not assert on VSALVAGING, as well as the VSALVAGE error code. For example, VPutVnode() and VVnodeWriteToRead() may call VRequestSalvage_r() which will set the error code to VSALVAGING when a salvage is requested. This was noticed during a code inspection. Change-Id: I6cacfe92347bc5af57defef17b8a2f98c5302f93 Reviewed-on: http://gerrit.openafs.org/10611 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ed1b1df3c8acf9a2c5d4dface88ac15dcb8d7a2e Author: Andrew Deason Date: Mon Feb 10 16:23:07 2014 -0600 bozo: Constify bozo_Log 'format' argument We clearly do not need to modify the format string; declare it const. This makes the signature of bozo_Log identical to FSLog, which can make it easier to use these functions interchangeably. Change-Id: I89ae9babec2c4e8714019f58fe29dacc7283ae15 Reviewed-on: http://gerrit.openafs.org/10830 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 4b648925603a50d2a248304a954308e8fa902df4 Author: Mark Vitale Date: Wed Nov 20 15:05:21 2013 -0500 fssync-debug: close test connection A valid fssync-debug query command issued against a DAFS fileserver will produce the following error messages in FileLog: SYNC_getCom: error receiving command FSYNC_com: read failed; dropping connection (cnt=1) Routine dafs_prolog() issues a tentative FSYNC_VOL_LISTVOLUMES operation to test for the presence of a DAFS fileserver. If DAFS is detected, we then call dafssync-debug for the original requested operation. However, the FSYNC connection for the tentative LISTVOLUMES operation is never closed. This results in the errors when the command completes. Close the test connection. Change-Id: I3c987289408407ba38cd184b7518e72ee1ae9cfc Reviewed-on: http://gerrit.openafs.org/10476 Reviewed-by: Daria Brashear Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit ffe0757a5610d1fe6cf7e513d62ccc570d559206 Author: Benjamin Kaduk Date: Tue Aug 12 15:13:46 2014 -0400 Attempt to clean up tvolser dependencies The volserver only needs vl_errors.c to be locally generated, not vlserver.h; in fact, the only consumers of vlserver.h in src/volser/ consume it via afs/vlserver.h. Instead of reaching over to ../volser for the generated volerr.c, generate our own local copy, as well as the volser.h generated from the same error table -- volser.h is included with double-quotes from the volser sources. Add the appropriate dependencies on volser.h, and remove the unneeded dependencies on vlserver.h Change-Id: Ic6e728fa455419cc8e95dc25c41ed6d6b7d20934 Reviewed-on: http://gerrit.openafs.org/11380 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 05217c29179100b69a32562202b302ae60b4b36c Author: Andrew Deason Date: Tue Oct 1 14:54:15 2013 -0500 rx: Ignore responses to nonexistent challenges Consider the following situation: - A client sends a data packet to a server, using a security class that requires a challenge - The server responds with a challenge - The server is restarted - The client responds to the challenge with a response In that situation, the server will process the response, but since the server was restarted, it has no knowledge of the challenge that was sent. This generally means that we error the connection, since the given response is not valid. For rxkad with modern endpoints, this results in an RXKADPACKETSHORT error, since we interpret the response as an 'old' response, but it's actually a 'v2' response, so we interpret the fields in the response as garbage. This means that the client gets a connection error when the client did nothing wrong, and there's no way for the client to distinguish this from a real connection error. One way to solve this would be to send a Challenge packet to the client immediately when we detect that this situation has occurred. However, if we do that, then we never see a data packet with a checksum, so we fall back to using "old" challenges and responses. And in general, that would cause the server side to never see a data packet during the connection negotiation, which is unusual and I am concerned there may be other niggles of odd behavior that may occur in that scenario. So instead, to fix this, make the server ignore responses in this situation (that is, if we haven't sent out any challenges yet). Clients will eventually resend the data packet, and we will go through negotiating the connection security like normal. This should never cause any new problems, since dropping a challenge packet must be handled anyway (sometimes packets just get dropped). And a client will never hang on sending the same response over and over again; clients only ever send a Response in response to a Challenge packet. Change-Id: Id3fae425addb2ac8ab60965213b3ebca2e64ba5d Reviewed-on: http://gerrit.openafs.org/10315 Reviewed-by: Daria Brashear Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 3b9d52b2e8020cce65d55516db36580d58a51f0b Author: Michael Meffie Date: Sat Nov 8 13:14:27 2014 -0500 vldb_check: rebuild free list with -fix Rebuild the vldb free chain in addition to the hash chains when vldb_check is run with the -fix option. Print a FIX: message for entries added to the free chain. Example vldb with a broken free chain. $ vldb_check vldb.broken address 199364 (offset 0x30b04): Free vlentry not on free chain address 223192 (offset 0x36818): Free vlentry not on free chain address 235180 (offset 0x396ec): Free vlentry not on free chain Scanning 1707 entries for possible repairs $ vldb_check -fix vldb.broken Rebuilding 1707 entries FIX: Putting free entry on the free chain: addr=199364 (offset 0x30b04) FIX: Putting free entry on the free chain: addr=223192 (offset 0x36818) FIX: Putting free entry on the free chain: addr=235180 (offset 0x396ec) Thanks to Kostas Liakakis for reporting this bug. Change-Id: I57d6b17263ffe5f8818f70f8260a0dce8d85ab1f Reviewed-on: http://gerrit.openafs.org/11598 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 9de36a0398a53fffd7bde8ed9e57573bed3b669d Author: Andrew Deason Date: Mon Dec 23 17:27:05 2013 -0500 RedHat: Update configure options, again Commit 83f85c9ad6c439eb9676436a3e09c40c2813f1c1 updated the arguments we give to configure, since --enable-disconnected and --with-krb5-conf no longer exist. But, it only updated the configure options for the userspace configure, and did not update the configure invocation for building kmod kernel modules. Update the other configure invocation, so they match and both of them avoid using outdated configure options. Change-Id: Ia7fe16a373b5feabd4060bd85fbf9220407082f5 Reviewed-on: http://gerrit.openafs.org/10623 Reviewed-by: Benjamin Kaduk Reviewed-by: Daria Brashear Tested-by: BuildBot commit 24f0fdcce4cdc493edcf35c8578a151b8bbb32fd Author: Chas Williams (CONTRACTOR) Date: Fri Oct 10 09:12:31 2014 -0400 uss: Make the uss parser private Attempt to make the parser in uss private so that it doesn't conflict with other libraries that might leak their parser symbols. Change-Id: I15b52f55b419b3bbc788ced9660bc41163e2be36 Reviewed-on: http://gerrit.openafs.org/11533 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit c11c58646f56f0adc2016e31a7d3a3d34d6cdd3a Author: Nathaniel Wesley Filardo Date: Sun Oct 19 02:42:08 2014 -0400 Linux: get sysname even if kernel module disabled Fall back to `uname -r` if we aren't probing for kernel sources, as we still need to know for the rest of the build. While this could be worked around by explicitly passing the sysname as an argument, this seems friendlier. Change-Id: I0db75ba5fc7d1f5ec08d27dfce6858b968b6ce28 Reviewed-on: http://gerrit.openafs.org/11552 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit b22c586bcdf785c489009ab96cbb572181cb9b09 Author: Marc Dionne Date: Fri Dec 19 10:11:53 2014 -0500 Unix CM: Avoid using stale DV in afs_StoreAllSegments It was reported in RT 131976 that on Linux some file corruption was observed when doing mmap writes to a file substantially larger than the cache size. osi_VM_StoreAllSegments drops locks and asks the OS to flush any dirty pages in the file 's mapping. This will trigger calls into our writepage op, and if the number of dirty cache chunks is too high (as will happen for a file larger than the cache size), afs_DoPartialWrite will recursively call afs_StoreAllSegments and some chunks will be written back to the server. After potentially doing this several times, control will return to the original afs_StoreAllSegments. At that point the data version that was stored before osi_VM_StoreAllSegments is no longer correct, leading to possible data corruption. Triggering this bug requires writing a file larger than the cache so that partial stores are done, and writing enough data to exceed the system's maximum dirty ratio and cause it to initiate writeback. To fix, just wait until after osi_VM_StoreAllSegments to look at and store the data version. FIXES 131976 Change-Id: I959f06b5a7a51171e7ed70189620e9d11d52efa2 Reviewed-on: http://gerrit.openafs.org/11644 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 4f03d6e07ba8ea5bddfd952cf47f9d2172051ca4 Author: Michael Meffie Date: Sat Nov 8 11:10:52 2014 -0500 doc: document the vldb free list Document vldb free list in the vldb format (vldb.txt). The nextIdHash[0] is on the free chain when the vl entry is free. Also fix two typos in vldb.txt. Change-Id: I5d79f55214295e029e7174ef46838afd7dc44bf1 Reviewed-on: http://gerrit.openafs.org/11597 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 54c0ee608f4afd2b178c9b60eabfc3564293d996 Author: Andrew Deason Date: Sun Sep 14 14:10:11 2014 -0500 afs: Fix some afs_conn overcounts The usual pattern of using afs_Conn looks like this: do { tc = afs_Conn(...); if (tc) { code = /* ... */ } else { code = -1; } } while (afs_Analyze(...)); The afs_Analyze call, amongst other things, puts back the reference to the connection obtained from afs_Conn. If anything inside the do/while block exits that block without calling afs_Analyze or afs_PutConn, we will leak a reference to the conn. A few places currently do this, by jumping out of the loop with 'goto's. Specifically, in afs_dcache.c and afs_bypasscache.c. These locations currently leak references to our connection object (and to the underlying Rx connection object), which can cause problems over time. Specifically, this can cause a panic when the refcount overflows and becomes negative, causing a panic message that looks like: afs_PutConn: refcount imbalance 0xd34db33f -32768 To avoid this, make sure we afs_PutConn in these cases where we 'goto' out of the afs_Conn/afs_Analyze loop. Perhaps ideally we should cause afs_Analyze itself to be called in these situations, but for now just fix the problem with the least amount of impact possible. FIXES 131885 Change-Id: I3a52f8ccef24f01d04c02db0a4b711405360e323 Reviewed-on: http://gerrit.openafs.org/11464 Reviewed-by: Benjamin Kaduk Reviewed-by: Daria Brashear Tested-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 604f1eece60a8586642bb7006e2265913d2a4a25 Author: Chas Williams (CONTRACTOR) Date: Sat Dec 6 07:40:04 2014 -0500 doc: fix unbalanced in AdminGuide/auagd018.xml This was introduced by c04c57c6c57d2e0b09ba60b68de738b636c9450b Change-Id: I2dbc558bf97673074c774b457b53b4a4436b43c1 Reviewed-on: http://gerrit.openafs.org/11624 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5cc3920ce40d5943fb400f5aca04151da70cea63 Author: Chas Williams (CONTRACTOR) Date: Sat Dec 6 07:31:46 2014 -0500 doc: fix duplicate tag usage in QuickStartUnix The duplicate LIWQ54 tag appears to break newer versions of fop. Since it isn't referenced by anything, just remove in both instances. Change-Id: Ie996f0110a9114399a1873ebda1eba4c7696f716 Reviewed-on: http://gerrit.openafs.org/11623 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 5e3df1d99df207a65d883f6747d8a616fa4b8f9c Author: Chaskiel Grundman Date: Fri Sep 20 15:04:13 2013 -0400 rxgen: Only cast array/pointer/vector types Assuming the correct values are passed to the xdr functions, no casts are required. Don't cast simple/struct/union/typedef values. Do cast array/pointer/vectors, since the relevant xdr wrapper functions expect char *. Change-Id: I375c03899576735668c1a0df0af47377223ae97a Reviewed-on: http://gerrit.openafs.org/10260 Reviewed-by: Daria Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit b7bfd3aa2715e49b2b1ec056b60d8dda72317ebc Author: Chaskiel Grundman Date: Fri Sep 20 14:28:07 2013 -0400 rxgen: Always pass aliases (typedefs) as pointers Since prototypes were introduced, xdr functions for typedef foo expect a foo *, never a foo, even if the underlying type is an array. print_param (for stubs) got this right, but print_stat (for inter-xdr calls) did not. Change-Id: I2b12aaf919fd39e6195d85072fdfd915a1c509f0 Reviewed-on: http://gerrit.openafs.org/10259 Reviewed-by: Daria Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 1c445cc7e5d66881ef28860c9d43695feedf37d7 Author: Chaskiel Grundman Date: Fri Sep 20 10:42:20 2013 -0400 Remove sunrpc compatibility Remove sunrpc compatibility from rxgen. It's not tested, and rpcgen is available from other sources. This will allow changes to be made to rxgen without worrying about their impact on rpcgen compatibility. Removals consist of the -l, -m, and -s switches, the source files rpc_clntout.c and rpc_svcout.c, and the scan tokens 'program' and 'version'. The -R switch ('R compatibility') is also removed, as it's a noop. Change-Id: I960fac14faf072d221b8cb166e9388ab4accfa26 Reviewed-on: http://gerrit.openafs.org/10258 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 4d72af9fbd8f676e722fe8fa07b8e1342255fd01 Author: Chas Williams (CONTRACTOR) Date: Sun Mar 23 17:47:25 2014 -0400 vlserver: Refactor auditing Refactor auduting to be more like other uses in the code base. Auditing is now done in a wrapper. Change-Id: I491aeda31c223e594e3870573871ae10a541d010 Reviewed-on: http://gerrit.openafs.org/11315 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Benjamin Kaduk commit 75d67780b42c1a7bfa506fcd230b28a6f293fcbd Author: Michael Meffie Date: Thu Nov 13 12:12:12 2014 -0500 redhat: do not overwite the server CellServDB The bosserver creates a pair of symlinks in the client's configuration directory (/usr/vice/etc) during startup, if the configuration files are not present: /usr/vice/etc/CellServDB -> /usr/afs/etc/CellServDB /usr/vice/etc/ThisCell -> /usr/afs/etc/ThisCell Due to a bug in the bosserver (which is not fixed on 1.6.x), the symlinks are only created when the /usr/vice/etc directory already exists when the bosserver is started. If the bosserver is started before the client is installed (and the /usr/vice/etc directory is present), then the packaging script will write to the symlink CellServDB, overwriting the server's CellServDB with the contents of the client's CellServDB.local and CellServDB.dist files. Also, if the client is started after the bosserver creates the symlinks, the client init script will overwrite the server's CellServDB with the contents of the client's CellServDB.local and CellServDB.dist files. Update the packaging and the client init script to delete this symlink if present, since it is only intended to provide stub configuration for the client utilities while setting up an initial server. Then, the updating of the CellServDB will create a local file, instead of following the symlink and overwriting the server CellServDB. While here, adjust the indentation whitespace to match the tabs below. Change-Id: I802fd8d85f73946ca8d8d57e115abb8ae6958196 Reviewed-on: http://gerrit.openafs.org/11601 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit de1ac7daff3183bf5b2c2a3482e74a099f7fb641 Author: Andrew Deason Date: Sun May 20 17:32:13 2012 -0500 afs: Add xvcache-related afs_FlushVCache comments Add a couple of comments to help make it explicit when it is okay to drop afs_xvcache here. Change-Id: I451ffe80755ea471322e32017f71c0619e6a8e63 Reviewed-on: http://gerrit.openafs.org/7436 Reviewed-by: Daria Brashear Reviewed-by: Alistair Ferguson Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 73bfe94802ef62a7e6f8d2c36cb801be6ab2863a Author: Andrew Deason Date: Fri May 18 17:49:31 2012 -0400 afs: Remove 'slept' from osi_VM_FlushVCache No implementation of osi_VM_FlushVCache drops and reacquires afs_xvcache. Doing so would cause problems when afs_FlushVCache calls osi_VM_FlushVCache, since someone could grab a reference to the vcache while xvcache is dropped. So, prohibit dropping and reacquiring afs_xvcache in osi_VM_FlushVCache, and remove the 'slept' argument to it. Change-Id: I50b4ee35f54a5277749f44e93b1094e4fb5c93e9 Reviewed-on: http://gerrit.openafs.org/7435 Reviewed-by: Alistair Ferguson Reviewed-by: Daria Brashear Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk commit 2b10d96762366ce25a4816641ecfaf9705592d44 Author: Perry Ruiter Date: Mon Dec 8 12:33:05 2014 -0800 afs: Correct routine name on error message While studying some code I noticed one of the error messages in afs_UFSGetVolSlot was prefixed with a different routine name. More shocking was that git blame fingered me as the last person to update that line! Indeed I had but I hadn't noticed, nor had my reviewers, the mis-matched routine name. Update afs/afs_volume.c to correct routine name. Change-Id: Id7ee275c9f8991bb71082b9dfcd52c14ead83955 Reviewed-on: http://gerrit.openafs.org/11625 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit dc4d9d64342b76be7be3e8f0264e66c6d943b64c Author: Chas Williams (CONTRACTOR) Date: Sat Apr 26 14:49:36 2014 -0400 afs: Remove AFS_BOZONLOCK_ENV The only user of AFS_BOZONLOCK_ENV is ppc_darwin_80. This was added to the param file by commit: commit 379e3be3196aeb3fefaa1e9296e52a9f8018550a Author: Derrick Brashear Date: Sun Jun 19 00:20:01 2005 +0000 ppc-darwin80-20050618 this is actually a throwaway It isn't clear to me what the intent was. Darwin clearly isn't using the Bozon lock around every osi_FlushPages() despite comments in DARWIN/osi_vnodeops.c about said lock. The possibility of the Bozon lock being required only ppc_darwin_80 and not ppc_darwin_70 and ppc_darwin_90 is unlikely. The comments about the Bozon lock in FBSD/osi_vnodeops.c appears to be a copy/paste from DARWIN's. Curiously, FBSD doesn't drop the GLOCK() when osi_FlushPages() calls osi_VM_FlushPages() despite a comment to the contrary in osi_VM_FlushPages(). Also, instead of editing the alpha_dux param files, just remove them. Nothing is using them. Change-Id: Ic1f6aabd82b9bd3686c95fd501a9d72163595421 Reviewed-on: http://gerrit.openafs.org/11108 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 2725a4ca14fb29f897d905d9de0e3c9c1925e597 Author: Chas Williams (CONTRACTOR) Date: Mon Sep 24 16:26:43 2012 -0400 budb: Avoid use of anonymous structures to determine size Change-Id: Ife337e4e020a0450020f9ae641b1711435b936c4 Reviewed-on: http://gerrit.openafs.org/8153 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit 49088ad21aea794aecd5df928f21e7872ee36280 Author: Marc Dionne Date: Thu Nov 27 16:23:12 2014 -0500 volser: Break callbacks to the target of VolClone With the "-stayup" release mechanism, clients may have callbacks to the target of VolClone rather than the target of VolRestore, so also break callbacks there. This could cause clients to not be notified of a volume release done with -stayup and have stale contents. Change-Id: I94009f4b9382471a3615d2a729e4ee3955a14d44 Reviewed-on: http://gerrit.openafs.org/11619 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit c47d619f6c93ba3362f3e65f102a875d509e5c44 Author: Benjamin Kaduk Date: Thu Dec 4 17:00:04 2014 -0500 Remove FreeBSD packaging The packaging used by official FreeBSD package builds is taken from the FreeBSD Ports Collection's version control, which is currently available at https://svnweb.freebsd.org/ports/head/net/openafs/ . The version of the FreeBSD packaging in the openafs repository will almost always be out-of-date and is not needed by FreeBSD (although a small portion of it is currently used by the upstream FreeBSD packaging), and the actual packaging used by FreeBSD is easily available, so there is no purpose in maintaining FreeBSD packaging in the OpenAFS source code repository. Change-Id: I969cd6933ecd56d6940b8d48da67f50260101571 Reviewed-on: http://gerrit.openafs.org/11622 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit e34e0d149f3b3a8b48ab563b7b52174065925975 Author: Benjamin Kaduk Date: Thu Dec 4 17:00:04 2014 -0500 Remove Debian packaging The packaging used for uploads to Debian is maintained on Debian infrastructure, presently at http://anonscm.debian.org/cgit/pkg-k5-afs/openafs.git . The packaging repository for any given Debian openafs source package will be listed in the Vcs-* fields in the package's control file. The version of the Debian packaging in the openafs repository will almost always be out-of-date and is not used by Debian, and the actual packaging used by Debian is easily available, so there is no purpose in maintaining Debian packaging in the OpenAFS source code repository. Change-Id: I23011315ece011e32cdddd992c4f8a176e348c67 Reviewed-on: http://gerrit.openafs.org/11621 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a4dc1d8fc0ae5b9b0130d2524aff0c22fa34faa3 Author: Sami Kerola Date: Sat Jun 22 20:20:52 2013 +0100 build-sys: make docbook path find easier to read Additional gain, when horizontal lists are converted to vertical, is that each item will be individually version controlled. Change-Id: I4f12efac9c3d828fafdc7ab8a15740cfb0276538 Reviewed-on: http://gerrit.openafs.org/10014 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 72ca1e876f61ec7a2984e4379dcc59cfd160f2a5 Author: Nathaniel Wesley Filardo Date: Sat Jul 26 15:05:19 2014 -0400 Make all VLDB interactions use VLF/VLSF names src/volser/volser.p.h defined the values used in VLDB entries. These values appear (by exhaustive walk of source and by inspection of the volser's rxrpc api) to be unused by any aspect of the volser and were solely used in communication with the VLDB. This patch deletes the misplaced definitions and moves the entire tree to use the VLF_{RW,RO,BACK}EXISTS and VLSF_* macros from vlserver/vldbint.xg . No include wrangling was needed; these definitions have always been in scope but relatively unused. It also serves to head off a potential problem, which actually motivated the whole thing: ITSRWREPL was 0x10, which was claimed as VLSF_UUID; VLSF_RWREPLICA is 0x40, which did not have an ITS equivalent. As ITSRWREPL was not used, this had never shown itself in operation. There was no ITS semantic equivalent of VLSF_UUID. Change-Id: I60426c2635976b9ac34bf820a8aec7a0c8575e20 Reviewed-on: http://gerrit.openafs.org/11331 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit e331ee87a32ad3a26c7c933203e1d3690148448f Author: Nathaniel Wesley Filardo Date: Wed Dec 3 02:06:35 2014 -0500 DeleteVolume should check ITSROVOL as a bit Other bits may be asserted even if this is a RO vol. Change-Id: Iff5256db25502b61b161ec068bd9d2a389f796c7 Reviewed-on: http://gerrit.openafs.org/11617 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit a36aab0dd6e846dbce925cbf3484b74f7f8590a9 Author: Nathaniel Wesley Filardo Date: Thu Jul 31 01:52:30 2014 -0400 Revert "vos-sync-flag-voltype-properly-20080521" The convention appears to be that ITSRWVOL is the correct flag for the backup volume. This reverts commit dcafea769a1cb70c7b1f8763ae4f7b7744b2a436. Change-Id: I0f88107d56817515f41a68062053b263683afc94 Reviewed-on: http://gerrit.openafs.org/11341 Reviewed-by: Daria Brashear Tested-by: BuildBot commit 654f9e4ad46dd31e789b71a23f7e1465f8300132 Author: Sami Kerola Date: Sat Jun 22 20:06:34 2013 +0100 build-sys: reindent AC_ARG_WITH section in acinclude.m4 Change-Id: I80b68eeecf9f72ac7f2ce133d9a5642a67dde22c Reviewed-on: http://gerrit.openafs.org/10013 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 2f2e6effa791e3f36f002702cd72e615ccf1a1a7 Author: Andrew Deason Date: Fri Aug 30 12:23:43 2013 -0500 namei: Remove icreate tfd hack Currently, the namei icreate routine creates a fake FdHandle_t for a SetLinkCount call if we're creating a linktable. In the past this was probably done because we did not want to open a "real" fdP ,since that would mean opening another file descriptor, when we already had a file descriptor (from the creating afs_open call). This is a problem in the salvager, since it means that we can reach ihandle code before the ihandle package has been initialized. Specifically, we can reach icreate -> namei_SetLinkCount -> ih_fdsync. If we reach ih_fdsync without the ihandle package being initialized, we assert and dump core. The ihandle package assumes that we've already initialized it if we reach any ihandle code, since creating any IHandle_t causes the package to initialize. But since namei_icreate fakes its own IHandle_t and FdHandle_t structures, that doesn't happen. So, to avoid this, stop faking our FdHandle_t and create a real one. Since we have ih_attachfd, we can create a real FdHandle_t with our existing file descriptor. Change-Id: I7a8c1e0ed1ee8e5c8ce2e165b9493811d5d2435d Reviewed-on: http://gerrit.openafs.org/10213 Reviewed-by: D Brashear Tested-by: BuildBot commit 47a1a786786bc7f1e3939aff9100c2196cfcb5a7 Author: Mark Vitale Date: Tue May 13 19:18:57 2014 -0400 kauth: fix klog principal name parsing If a principal name is specified to the klog command, it is not correctly passed in the pw structure. This in turn causes uninitialized storage to be passed to ka_UserAuthenticateGeneral. This may either lead to a segmentation fault in klog, or cause garbage to be passed to the kaserver, leading to garbage in some log and audit messages. In all cases it is impossible to authenticate to kaserver with a specified principal name. However, klog still works correctly when no principal name is specified. This was introduced by commit 68ce3aa814a7e3085242e705f013f05ed5da2d5c which removed lclpw to eliminate a clang warning. However, the clang warning was misleading in this case, as lclpw was actually used (confusingly) to indirectly update the pw structure. Instead of reverting this commit, just update pw->pwname directly. Change-Id: I565360c6e2f970637422e8b01998d3fc29874ec4 Reviewed-on: http://gerrit.openafs.org/11145 Reviewed-by: Mark Vitale Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 01917b4497c5ad4f91bf8bd260a3cc6b7c25f150 Author: Chas Williams (CONTRACTOR) Date: Thu Jul 3 10:53:51 2014 -0400 auth: Clean up and document functions in netrestrict.c Clean up and document parseNetRestrictFile_int and ParseNetInfoFile_int in preparation for some future changes. Change-Id: I3c8f1823ba1e042fb6ae68c6f0aba58128ef5b81 Reviewed-on: http://gerrit.openafs.org/11312 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 185966b471325ce15d05d28325e98faaa34ad146 Author: Nathaniel Wesley Filardo Date: Mon Jul 28 13:26:22 2014 -0400 Export xdr_nbulkentries in liboafs_vldb Change-Id: Id6ba0e4fdb802cc10aa98b32d7e7c9b605c90606 Reviewed-on: http://gerrit.openafs.org/11334 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk commit 35247b0adb7f31775409fd86aa7a4c4db6267b53 Author: Christof Hanke Date: Wed Oct 9 07:38:10 2013 +0200 liboafs_util: export symbols for tabular_output Otherwise compilation fails on AIX. Change-Id: Id22b7726d9aa56f9a2e0665257b3099baf774896 Reviewed-on: http://gerrit.openafs.org/10326 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit cd8f24d9a1ba8563c6bef2b8d30885a753e8d30c Author: Andrew Deason Date: Tue Jun 10 14:47:31 2014 -0500 doc: Document fs listquota 2TB partition limit We have previously documented that volumes over 2TB can result in inaccuracies, but this documentation does not say how the 'partition' field in "fs listquota" can be inaccurate. It is confusing to see a usage of 0% for a partition that you know is being used, so try to briefly explain in what way this field is inaccurate. The reason we _under_-report the partition usage is that the fileserver actually gives back PartBlocksAvail and PartMaxBlocks (not "blocks used" and "blocks total"). So 1TB used and 4TB total is truncated to 2TB and given back as 2TB free and 2TB total. One we hit 3TB used we'll report it as 1TB free 2TB total (50%) when the actual usage is 75%. Change-Id: I0b3de04ef2bd6cd32fdcb1a82cbac58d5d621e5b Reviewed-on: http://gerrit.openafs.org/11245 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit f889469e271cee5ccf362d829c7827307a6add4c Author: Andrew Deason Date: Tue Feb 18 13:00:38 2014 -0600 vol: Make FindLinkHandle static and namei-only FindLinkHandle is only referenced inside vol-salvage.c. Also, the concept of a link table only exists on namei, so the function is only used for the namei server (and it's only called by other namei-only code). So, make the function static, and put it inside the AFS_NAMEI_ENV ifdef, to be a little more clear about where it can be used. Moving it inside the AFS_NAMEI_ENV ifdef also avoids a warning if FindLinkHandle is made static, since otherwise the function would be defined but unused on non-namei. This change should incur no difference in behavior; it is just code reorganization. Change-Id: Ia8cdadafaf15c724462f600514aa59910619a090 Reviewed-on: http://gerrit.openafs.org/10848 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 4103aee514615c46e919202fb7842b9b2e254ff9 Author: Andrew Deason Date: Tue Oct 14 13:17:27 2014 -0500 ubik: Unlock version lock before udisk_end Currently, BeginTrans calls udisk_end with UBIK_VERSION_LOCK held when it gets an error from DISK_Begin. However, udisk_end itself acquires UBIK_VERSION_LOCK to update the database flags, so this causes a deadlock. So, unlock UBIK_VERSION_LOCK before calling udisk_end. Also unlock it before calling DISK_Abort, udisk_abort, and DISK_Begin, as well, since none of those modify fields protected by UBIK_VERSION_LOCK. (Any read access is allowed because we DBHOLD the database.) This commit unlocks the lock immediately after we are done modifying versioning information, which is right after we change writeTidCounter for write transactions. Change-Id: I31343d67c82734ff88b76bec740ef16767bb9667 Reviewed-on: http://gerrit.openafs.org/11541 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit b19bb7db413de426984f6ddb79b7b97ea478ffaf Author: Andrew Deason Date: Mon Oct 13 15:06:36 2014 -0500 ubik: Convert DoProbe 'i' to 'nconns' DoProbe was using the variable 'i' to keep track of how many connections we have in the conns array. Keep track of this separately using a variable called 'nconns' instead, to make this function a bit less confusing. Change-Id: Ica2b4901c083b315e901366820042fad64030b3c Reviewed-on: http://gerrit.openafs.org/11540 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 8ce37d0d4aa4e6107f79efaf5027f31ea5a17604 Author: Michael Meffie Date: Thu Nov 13 22:28:08 2014 -0500 libafs: remove "Please install afsd with check server daemon" warning Apparently, ancient versions of afsd did not start the check server daemon (AFSOP_START_CS). The afs_Daemon tries to detect when the check server daemon is not running and issues a warning to upgrade afsd. The afs_Daemon waits for the cache initialization to complete (AFSOP_GO) before detecting if the cache server daemon is started. Unfortunately, when running with memcache, the cache initialization is fast enough to race with the start of the check server daemon, and the "Please install afsd with check server daemon" message is sometimes printed to the syslog. Since all modern versions of afsd do start the check server daemon, this error message is no longer needed, so just remove the message and the flag used to print it on only once. Change-Id: If6a57ca0e6fb7e20a1e104c46416139cf5fe785a Reviewed-on: http://gerrit.openafs.org/11602 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 1e1f6e4e8f70b0994ba7fdfaeb9df926709b806b Author: Chaskiel Grundman Date: Fri Mar 8 19:19:05 2013 -0500 Free security objects used in VolForward VolForward and VolForwardMulti create rx security objects, but never free them. The RXS_Close's are positioned where they are to limit the need for conditionals Change-Id: Iec6879270ad54c30c1fea571cea583afaca9364b Reviewed-on: http://gerrit.openafs.org/9527 Reviewed-by: D Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit aea3c2a327860297168ea42bb72145b44e6e5acf Author: Sami Kerola Date: Sat Jun 22 19:52:51 2013 +0100 build-sys: fix indentation in test code Change-Id: If2c0c2a0b0b01bb425f8c1658cef9df232844b1c Reviewed-on: http://gerrit.openafs.org/10012 Reviewed-by: D Brashear Reviewed-by: Simon Wilkinson Tested-by: BuildBot commit 7d689390a89823df8a102c844d313c1c7a2c096a Author: Sami Kerola Date: Wed Jun 19 21:15:19 2013 +0100 build-sys: fix m4 quotation to make upstream autotools to work Macro arguments for AC_ARG_WITH, such as AC_CHECK_PROGS, need to be quoted. Unless they are the latest version of autoconf will expand macros slightly wrong way making the configure to fail at line where there are only two ticks. $ ./regen.sh [...] $ automake -a -f [...] automake: error: no 'Makefile.am' found for any configure output $ ./configure [...] checking pkg-config is at least version 0.9.0... yes ./configure: line 13348: syntax error near unexpected token `newline' ./configure: line 13348: ` ''' Notice that the 'automake' run is needed in order to avoid later configure error, which would look something like. configure: error: cannot find install-sh, install.sh, or shtool in build-tools "."/build-tools Change-Id: I39476270f351d2f5b332c5c945d6ac67fe16dd82 Reviewed-on: http://gerrit.openafs.org/9995 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 23d81757394824702c3e8bce31fd0f6d568dd680 Author: Chaskiel Grundman Date: Wed May 29 13:24:37 2013 -0400 Remove UKERNEL code from files that don't need it Remove #ifdef UKERNEL sections from auth, kauth, ptserver, and ubik sources that are no longer part of libuafs Change-Id: I515f65c7e634d9562680c60666a15758261aaae0 Reviewed-on: http://gerrit.openafs.org/9955 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 8b0a296bef8529cf66664b0713a3b451e3b5a5ec Author: Chaskiel Grundman Date: Wed May 29 13:26:29 2013 -0400 Remove kauth headers from afs_usrops.c Since ka_* functions are no longer called from here, we don't need the headers Change-Id: I538c27cf4fe2f16811d1d3056b25054c80ba5b2a Reviewed-on: http://gerrit.openafs.org/9956 Reviewed-by: D Brashear Tested-by: BuildBot commit 1df1a68535bcf243b7f6c43f79bc597322719ff8 Author: Chaskiel Grundman Date: Wed May 29 13:05:15 2013 -0400 rxgen: skip ubik for KERNEL Declare ubik rxgen stubs only for !KERNEL, UKERNEL doesn't need them anymore. Don't declare ubik_client or #include ubik.h on KERNEL or UKERNEL. Change-Id: I0b1587eb46e9efbf627f04c74e0d76f9858bffd0 Reviewed-on: http://gerrit.openafs.org/9954 Reviewed-by: D Brashear Tested-by: BuildBot commit c09785aa036125074db03a799f7dfebb411f4852 Author: Andrew Deason Date: Sun May 20 17:20:54 2012 -0500 FBSD: Drop afs_xvcache for vgone() For FreeBSD, osi_TryEvictVCache was calling vgone() without dropping afs_xvcache. Prior to aad83a30a82407bfa6ac15b49fd31d69b563e898, this is what osi_TryEvictVCache did, and since the 'slept' pointer represents whether we dropped xvcache (not whether we dropped glock), it seems like this is the intention of the code. Change-Id: Icb8cc86d972d7ca717bd91e250771d90931e1ba7 Reviewed-on: http://gerrit.openafs.org/7434 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit b656710d30e6227c5bab75805ef422d237359f46 Author: Andrew Deason Date: Sun May 20 17:16:37 2012 -0500 FBSD: Do not vgone() in osi_VM_FlushVCache osi_VM_FlushVCache just needs to remove VM references to the given vcache; calling vgone() entirely should be unnecessary. Remove the call to vgone() and other osi_TryEvictVCache-ish stuff, and just try to cache_purge the vnode, like the other BSD implementations do. Change-Id: I71d71f137c04d9ef3625f6a8ae22f0ffb90b9637 Reviewed-on: http://gerrit.openafs.org/7433 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 0315bb393fa9429361e27478832e8a4ed68182d4 Author: Benjamin Kaduk Date: Wed May 28 10:47:32 2014 -0400 Rewrap some long lines in the toplevel Makefile Only rewrap long lines in make scope; long lines in shell scope are untouched. We are inconsistent about whether continuation lines for listing the dependencies of a target are indented by one or two tabs, which this commit does not fix. Change-Id: I2e438a0f42faa2ef7922d2c3b143e14bc82de826 Reviewed-on: http://gerrit.openafs.org/11178 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear Tested-by: BuildBot commit 138017efd8166f248d6a1706e5851f2074ad1b34 Author: Ben Kaduk Date: Wed May 15 18:16:00 2013 -0400 Remove FOREIGN It has been unused since the original import of IBM's code. Change-Id: Ieec597c76e53453d012f1cd86f6860ae60dade5c Reviewed-on: http://gerrit.openafs.org/9918 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit bd6859861d7331569081d03450db80a0b476875d Author: Andrew Deason Date: Thu Aug 29 16:14:23 2013 -0500 salvager: Don't lie about locked-ness to namei_SLC We have not locked the linktable with a prior call to namei_GetLinkCount. So don't claim that we did. Change-Id: I43adf92b60a0e46b90ae624e4713747585d12c67 Reviewed-on: http://gerrit.openafs.org/10198 Tested-by: BuildBot Reviewed-by: D Brashear commit bdd8c60e798cd1cc6d9e6ec4ee55d60eab1574ca Author: Andrew Deason Date: Thu Aug 29 16:00:37 2013 -0500 namei: Remove namei_SetNonZLC This function is unused. Remove it. Change-Id: Ie48d5370187c851afdd7cd359115d9e74d001aae Reviewed-on: http://gerrit.openafs.org/10197 Reviewed-by: D Brashear Tested-by: BuildBot commit 752d77b5561bfb6b70e203d3bfcddd93c9dffa12 Author: Andrew Deason Date: Thu Aug 29 15:33:49 2013 -0500 namei: IH_REALLYCLOSE special inode on delete When we delete a special inode, we should IH_REALLYCLOSE it, to ensure no other cached file handles are open for that special inode. However, currently PurgeHeader_r does this, and then IH_DECs the special inodes. On namei, calling IH_DEC on a special inode causes the inode to be opened, so we create a cached file handle right after we closed all cached file handles for that inode with IH_REALLYCLOSE. Making namei IH_DEC not open an FdHandle_t for the given file is non-trivial, at least when dec'ing the linktable. So instead, just make namei IH_DEC itself issue the IH_REALLYCLOSE right before the actual unlink() call. With this, we can keep the cached file handle open for special inodes until right before they are actually deleted, so we don't issue extra unnecessary open()s and close()s. Change-Id: I35b234ab429bc7cd0f29654cc8f854c82c961071 Reviewed-on: http://gerrit.openafs.org/10196 Reviewed-by: D Brashear Tested-by: BuildBot commit 5b62fac45d9eab00626f8aba9d9994d9138980c0 Author: Andrew Deason Date: Thu Aug 29 15:16:00 2013 -0500 namei: Remove redundant linktable SetLinkCount If we're setting the linktable linkcount to 0, we're about to delete the whole linktable. So, don't bother setting the link count. Still make sure we unlock the linktable, as we still have it locked at this point, from the previous GetLinkCount call. Change-Id: Ia00c1e14de6b8fcd69d594f0dbdbafa32b066dc5 Reviewed-on: http://gerrit.openafs.org/10195 Tested-by: BuildBot Reviewed-by: D Brashear commit d527a8082507bf091f89c7964ce152dfce5d4052 Author: Jeffrey Hutzelman Date: Sat Jun 15 18:58:13 2013 -0400 Fix unchecked calls to asprintf The return value of asprintf() is the number of bytes printed, or -1 if there was an error allocating a large enough buffer. In the latter case, the value of the result string is undefined, and so it cannot be counted on to be NULL. This change fixes numerous places where the result of asprintf is checked incorrectly (by examining the output pointer and not the return value) or not at all. Change-Id: I9fef14d60c096795d59c42798f3906041fb18c86 Reviewed-on: http://gerrit.openafs.org/9978 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: BuildBot commit 13c1684b59d5780e205f451da1a7d7f61f5ce78d Author: Derrick Brashear Date: Mon Jan 7 13:33:12 2013 -0500 volser: make splitvol use VolumeId convert split volume rpc to also use volumeid type Change-Id: I6b1ed670a0abdc1487daa65b7e136a1370afd5fd Reviewed-on: http://gerrit.openafs.org/8888 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 81a1a53a367f550f6804c7fc562498534ce10d51 Author: Benjamin Kaduk Date: Wed Oct 8 16:51:33 2014 -0400 Clean up our cleaning 'make clean' and 'make maintainer-clean' still leave around a fair number of droppings, prior to this commit. We were not descending into the 'tests' top-level directory while cleaning. Furthermore, tests/opr/Makefile needed $(LT_CLEAN), and tests/rx/Makefile needed to spell it correctly. The libtoolization places a lot of files to be removed in the 'pristine' target. The processing used to implement the =include directive in the pod sources for the man pages leaves around the non-.in versions of files; we should clean that up in the 'pristine' target as well. The 'pristine' target should likewise remove the man pages which are generated from the pod files. Additionally, the documentation build uses a Doxyfile which is output by configure; that should be removed (if present) by the 'distclean' target. When hcrypto was converted to libtool, the use of ${OBJECTS} in the clean target was missed, so we were leaving around most of the actual object files -- $(LT_CLEAN) does not handle this for us. Change the rule to remove *.o as is done elsewhere. The conversion of libafsrpc to libtool added a convenience library libafsrpc_sys.la, and changed how syscall.o was generated on most architectures, to be the result of compiling an empty .c file (instead of just an empty .o file). This introduced a new intermediate file, syscall.c, which must be cleaned up. tvolser was only listing volserver and not vos in its list of executables to remove while cleaning. The conversion of venus/test to libtool was not done quite right. Makefile.libtool and the .lo suffix are only needed when libtool is being used to link *libraries*; just Makefile.pthread suffices when libtool is being used to link executables. As such, remove the inclusion of Makefile.libtool, and change the .lo targets back to regular .o ones, and add back *.o to the list of files to remove in the 'clean' target (it was needed there even without the other changes to that Makefile). Change-Id: Ifbc3eee4ad2dce54df991301bc5edd11eb29a24a Reviewed-on: http://gerrit.openafs.org/11532 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit 8f2fa9d6393a958080387e8d84f6b8cd032b5ff8 Author: Andrew Deason Date: Wed Sep 24 17:50:02 2014 -0500 afs: Consolidate fheader initialization We were initializing an afs_fheader structure in two different places, with the same values. Consolidate these into a single function, so updating the structure is easier. Also zero the whole structure, just to make sure everything is initialized, even if the structure changes. This commit should have no behavior impact; it is just code reorganization. Change-Id: If90757166d8490eaa053aa086c7b95349a62332e Reviewed-on: http://gerrit.openafs.org/11510 Reviewed-by: Benjamin Kaduk Reviewed-by: Perry Ruiter Tested-by: BuildBot commit 0125d8c911faf0706667a1733fc086adae6decce Author: Michael Meffie Date: Thu Nov 20 16:54:25 2014 -0500 vos: fix crash when getting a non-loopback host address Fix a crash in vos when trying to find a non loopback server address. The struct hostent h_addr_list field is a null terminated array of pointers to addresses, in network byte order. The struct hostent length field is not the length of the h_addr_list array (as one would expect), but rather the length of an address in bytes, which is always 4 for IP version 4 addresses. Verify the returned addresses are IPv4 and take care to not iterate beyond the end of the address pointer array. The non-loopback address check was introduced commit dc2a4fe4e949c250ca25708aa5a6dd575878fd7e. Change-Id: I75dff5ed2a7dd3c4bd6605b375a7a2ffa91eff01 Reviewed-on: http://gerrit.openafs.org/11609 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 21c9f5341ecb7ef17f37f19406804971090f276f Author: Ben Kaduk Date: Wed Dec 4 18:43:51 2013 -0500 libafs: fix some nits around the symlink VOP Commit 3f4c1099b7b (gerrit 10474) introduced a few issues, addressed here. vpp is idiomatically of type 'struct vnode *', not 'struct vcache *'; use pvc as the name of the parent vcache pointer instead. Fix whitespace. Change-Id: Ic5d98a43446861bb571fe5a260e7ae1eea1051fd Reviewed-on: http://gerrit.openafs.org/10531 Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit ba0b0986ecd6407fc07d5733ca741c1e5fa7bf52 Author: Jeffrey Altman Date: Mon Oct 6 19:20:27 2014 -0400 Windows: Fix cm_AppendServerList Should use || and not | as the operator when testing for NULL pointers. Change-Id: I00afe64aec4f965d6a831028b546ed01d8e9672a Reviewed-on: http://gerrit.openafs.org/11523 Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit 3b8c4abf81ea90e7f24fb7d729062ebb0753043d Author: Michael Meffie Date: Fri Apr 4 10:14:15 2014 -0400 cmd: avoid piggy-backing flags in the help string Remove the hack to piggy-back the hidden command option in the help string argument. Change-Id: Iedcb6b96e98b766e3ef2c87cd6e5d41874f2c0b7 Reviewed-on: http://gerrit.openafs.org/10982 Reviewed-by: D Brashear Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot commit 0adad43d8e400e273ae243cc98ab1503673eb8be Author: Michael Meffie Date: Thu Aug 21 00:25:45 2014 -0400 cmd: add flags argument to create syntax function Add the flags argument to cmd_CreateSyntax() and update all callers. The flags argument will be used to set command options, such as CMD_HIDDEN. Change-Id: Ia51be9635f262516cb084d236a9e0756f608bf16 Reviewed-on: http://gerrit.openafs.org/11430 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 744a0e6df11ceefde0885a2ab737a8e689762d53 Author: Garrett Wollman Date: Tue Aug 12 21:56:22 2014 -0400 FBSD: osi_vcache: remove support for unsupported FreeBSD releases Support for FreeBSD 7.x terminated in early 2013, and it's highly unlikely that anyone was successfully using OpenAFS in that environment. OpenAFS has not been tested on 7.x since at least that time, probably longer. This removes the #ifdefs that support pre-8.0 releases. Change-Id: I01cbce2d98f02755b170df34d948a94525df3853 Reviewed-on: http://gerrit.openafs.org/11382 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 94d5807d82cc863eefee2814bcc71a7c91f88d51 Author: Nathaniel Wesley Filardo Date: Sun Sep 7 20:41:06 2014 -0400 Export xdr_nbulkentries from liboafs_vldb Change-Id: I117b875189f4f9de971a99ff68eca470515a11ad Reviewed-on: http://gerrit.openafs.org/11449 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit e053b6bf435519cbbdedaef23f537992f3b50a15 Author: Nathaniel Wesley Filardo Date: Sun Jul 27 20:16:35 2014 -0400 Move vos COMMONPARMS to a larger offset Currently, vos.c leaves a gap of 12 in the argument handling array before its common operations (-verbose, -noauth, etc.); 'vos each' will take more, so move that to 25. While here, switch to named constants for these arguments, which should make it easier to do this again, if ever necessary. Change-Id: Idc4424e5fe4efd78389ea8421db000a361b461ec Reviewed-on: http://gerrit.openafs.org/11332 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Benjamin Kaduk commit 562b8f39d14fbcbabb9b39547c3ac81516f6b6d2 Author: Ben Kaduk Date: Wed Nov 27 17:31:16 2013 -0500 rx: Named values for securityObjectStats types Stop using hardcoded constants and use defined symbols for these values. Change-Id: I3edcf809572cb8c8360af19dcab7a12c4d1be4a9 Reviewed-on: http://gerrit.openafs.org/10528 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit da12da791e53c8f1ff7f67eda1b58d53a3a2e1cc Author: Benjamin Kaduk Date: Wed Mar 26 07:35:29 2014 -0400 Disallow creating users with ANONYMOUSID It can result only in sadness. Document this restriction alongside UID 0 as a reserved number. Change-Id: Ibea2d98bc15a730bc85e84477791ca45a40f2d92 Reviewed-on: http://gerrit.openafs.org/10950 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk commit cb8195d2d6ce1c01e132c05c1bf5593eab45b2c6 Author: Andrew Deason Date: Tue Sep 2 17:51:46 2014 -0500 systemd: RemainAfterExit in openafs-client.service Currently, if the client is started without any options that require an extra thread (like -afsdb), all processes spawned by afsd will exit. There may be some kernel threads still active, but those are spawned by the kernel module, and are not child processes of the parent afsd process, or anything like that. Since we are a Type=forking service in systemd, systemd interprets this situation to mean that the service has stopped successfully, and then runs the ExecStop commands. So, for example, if our AFSD_ARGS in our sysconfig is "-fakestat -afsdb", the service starts as normal. But if it is changed to "-fakestat", then when openafs-client.service is started, it immediately stops again. To avoid this, turn on the systemd option RemainAfterExit, which tells systemd that the service has not stopped if all of our processes have exited. The client service will thus remain running until it is stopped. Issue reported by Rich Sudlow. Change-Id: If760d3617d4afbcfac923df726eb58b03ce25771 Reviewed-on: http://gerrit.openafs.org/11440 Tested-by: BuildBot Reviewed-by: Anders Kaseorg Reviewed-by: Benjamin Kaduk commit cbf67da1e5b8134be58bb1632be6ea69f2052cf5 Author: Jonathan A. Kollasch Date: Thu Apr 17 11:03:11 2014 -0500 NetBSD osi_crypto: use cprng(9) for random source on NetBSD 6.99/7.x Change-Id: Id8ee7f149cdc921989a5de7dda35739147de0014 Reviewed-on: http://gerrit.openafs.org/11086 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit ce0cad182cddd21ccdebbf05a3e2379c7fcbe8fe Author: Benjamin Kaduk Date: Wed Nov 19 14:14:07 2014 -0500 Update CellServDB to 20141117 snapshot This should be all the locations we keep it in-tree. Change-Id: I6819bf0658766aaad21ad38417295616418d41c5 Reviewed-on: http://gerrit.openafs.org/11607 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit f8ec0c9d559cc61561d0245f133cb162c4b6f6d5 Author: Jonathan A. Kollasch Date: Thu Apr 17 12:32:17 2014 -0500 NetBSD: catch up to removal in NetBSD 6.99.x Change-Id: I2c663fc426914e978e98c6003419503b57a020d3 Reviewed-on: http://gerrit.openafs.org/11087 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Tested-by: BuildBot commit 7ae5b73a90940fe693fd5a726aa31408bd7aec39 Author: Michael Meffie Date: Fri Oct 31 23:45:13 2014 -0400 fix whitespace errors in acinclude.m4 Use tabs instead of spaces in the sysname lookup case statement for the macos cases. Change-Id: Iee03d1b593aee4f6c4bc2488b069b21e116c9f1d Reviewed-on: http://gerrit.openafs.org/11566 Reviewed-by: D Brashear Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a9a3cb2efff7e6c020be4687b004d157bc070ac6 Author: Andrew Deason Date: Wed Nov 5 10:22:00 2014 -0600 LINUX: Avoid check for key_type.match existence Commit b5de4a9f removed our key_type 'match' function for kernels that do not have such a 'match' function pointer. However, this added a configure test where we are supposed to fail for the "new" behavior, which is discouraged. This causes an actual problem, because this test will fail on at least RHEL5, due to arguably unrelated reasons (the header file for the relevant struct is in key.h instead of key-type.h). And so, in that situation we avoid defining a 'match' function callback, meaning our 'match' function callback is NULL, which causes a panic when we try to actually look up keys for a PAG. To fix this, transform the 'match' config test into one where we succeed for the "new" behavior. We do this by testing for the existence of the new functionality that replaced the old 'match' function, which is the match_preparse function (specifically, the 'cmp' field in the structure accepted by match_preparse). This should cause unrelated compilation errors to cause us to revert to the "old" behavior instead of the "new" behavior. At worst, this should cause build issues if we get the config test wrong (since we will try to use the 'match' function definition that does not exist), instead of panicing at runtime. Note that while we test for key_type.match_preparse, we don't actually use that function, since our 'match' functionality is the same as the default behavior (according to b5de4a9f). So, we can avoid defining any such function for newer kernels. Thanks to Stephan Wiesand for bisecting this issue. Change-Id: If6f93d6b5340fa738a55adeb7778d26ff5dbacc1 Reviewed-on: http://gerrit.openafs.org/11589 Reviewed-by: Marc Dionne Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 255c0a564fce8616a2ebc9e6d1c2d7370b1d6908 Author: Arne Wiebalck Date: Fri Feb 7 11:23:32 2014 +0100 rx: initialize memory before use initialize sockaddr_in.sin_zero before using. cosmetic, might fix some compiler warnings. Change-Id: Ib9c4707373ca98742f6a5e28e60006499527fa38 Reviewed-on: http://gerrit.openafs.org/10816 Reviewed-by: D Brashear Tested-by: BuildBot commit 7583f97d5f19aa2d207f8a35a1a3a8b76f672e30 Author: Benjamin Kaduk Date: Wed Oct 15 15:03:36 2014 -0400 Allow compiling with KERNEL and AFS_PTHREAD_ENV Add the necessary preprocessor conditionals to allow building libuafs with AFS_PTHREAD_ENV defined. A follow-up commit will switch to building libuafs using libtool, which will set the pthread compiler/linker flags. UKERNEL is already using the pthread primitives for its internal kernel synchronization, so there should not be any harm from additionally specifying the pthread build arguments. This change was produced mostly in a mechanical fashion, attempting to perform such a build, and eliminating compiler and linker errors in an iterative process. No concerted effort has been made to audit the whole kernel codebase for correctness of conditionals, but the linktest executable does link (that is, the overall build succeeds). Change-Id: I14a3ab5fce72812d92ba5657c734783dbd086ee3 Reviewed-on: http://gerrit.openafs.org/11546 Reviewed-by: D Brashear Tested-by: BuildBot commit a55d61b1f5206d4e8dffca0088e31c54836110f9 Author: Jeffrey Altman Date: Wed Oct 15 12:19:44 2014 -0400 klog: make krb5_524 non-fatal for native K5 tokens The krb5_524_conv_principal() function should fail whenever the Kerberos v5 principal cannot safely be mapped onto a Kerberos v4 principal, and does fail on some Kerberos v5 principals used in real-world AFS deployments. Prior to this patchset a failure was treated as a fatal error that in turn prevents an AFS token from being generated or set into the cache manager. Prior to b1f9b4cb5dd295162ae51704310e9d6058008f0a the krb5_524_conv_principal() function wasn't used and a local client mapping was created. b1f9b4cb5dd295162ae51704310e9d6058008f0a replaced the local mapping with the krb5 function because the local mapping could be wrong and confusing. The krb5_524_conv_principal() function as applied to AFS tokens is just a local guess. How the username in the token is interpreted by the AFS server is up to the server. krb5_524_conv_principal() is only used for Krb5 native tokens. For Krb4 tokens the krb5_524_convert_creds() function is used to obtain both the Kerberos v4 ticket and the converted names from the KDC. Many organizations used the krb524d service to perform name translation. When the krb524d service is used, the name translation is performed by the KDC, so there is no local call to krb5_524_conf_principal() which might fail. As a result, disallowing the use of a native Krb5 token due to a failed local name translation is a needless loss of functionality; the local name translation is not an essential part of obtaining a token. This patchset modifies the behavior such that krb5_524_conv_principal() errors are non-fatal. 1. If -noprdb is not specified the error message is generated and a NULL username is used. 2. If the username is NULL the prdb lookup is disabled. 3. If the username is NULL the informational messages do not include a username. 4. If the username is NULL the username info provided to the cache manager in the token description is the nul string. Credit to Ben Kaduk for assistance with the wording of this commit message. Change-Id: Ib07131fc0ff4bf5319815213198c3f0adac17b10 Reviewed-on: http://gerrit.openafs.org/11542 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit d9a39f3580484a0818f2169f6db38fc685afda80 Author: Nathaniel Wesley Filardo Date: Mon Oct 13 01:02:41 2014 -0400 Stylistic tweak lwp/process.o machinery Rename process.s to process.default.s so that the name "process.s" is free for use, and switch to using that as the ephemeral file name. This enables the use of gcc for ${AS}, despite gcc's ignoring files with extensions that it does not recognize. Change-Id: Idc0716547770fe4fc94bc3fa2c223966f3f76c3b Reviewed-on: http://gerrit.openafs.org/11535 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 96e001088c7e22e992366d5a6dd03e300c858f43 Author: Andrew Deason Date: Mon Oct 6 13:47:13 2014 -0400 tests: Fix fmt-t.c warning 'main' in fmt-t.c was declared as a prototype-less function, which triggers a warning, which is an error with --enable-checking. Fix it by declaring 'main' properly. Change-Id: I45cfec591acd0ef8d7836c79e997e8ffe29b9e38 Reviewed-on: http://gerrit.openafs.org/11539 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Nathaniel Filardo commit 6b93ad695e53a86dbe9eea13bd0ff651e1d8c9b7 Author: Michael Meffie Date: Fri Oct 24 17:17:07 2014 -0400 vldb_check: fix false mh block error message Fix a false error message about invalid mh blocks when the vldb has more than one mh block. To add insult to injury, vldb_check complains about the wrong address and block number. The flags field in the mh block header is in network byte order, in all of the blocks, not just the first one. Be sure to convert all of them to host byte order so the VLCONTBLOCK flag check works. Fix the error message on the secondary blocks to show the correct address and block number. Example bogus error messages: vldb_check ./vldb.DB0 address 132120 (offset 0x20458): Multihomed Block 0: Not a multihomed block address 132120 (offset 0x20458): Multihomed Block 0: Not a multihomed block address 132120 (offset 0x20458): Multihomed Block 0: Not a multihomed block Change-Id: I31d96ad43f01fbf2774815184942be45e2d7820b Reviewed-on: http://gerrit.openafs.org/11555 Tested-by: BuildBot Reviewed-by: D Brashear commit 46bc619c38591b831b61b3efa7fb7706fbd44527 Author: Benjamin Kaduk Date: Mon Oct 6 17:19:44 2014 -0400 Finish deorbiting libjuafs.a Change I2074d5bc26e326db36b16e055431818ef1c69210 removed the separate compilation/link of a libjuafs.a (since it was functionally identical to the libuafs.a already being built), but retained a libjuafs.a in TOP_LIBDIR for use by src/JAVA/libjafs/. This commit adjusts src/JAVA/libjafs to refer to libuafs.a directly, and removes references to libjuafs.a which are no longer relevant. Change-Id: I0d02ea9e4be773ac50a04925c45e5f243650e21a Reviewed-on: http://gerrit.openafs.org/11526 Tested-by: BuildBot Reviewed-by: D Brashear commit 003519485db7a185f0e1b843e5b569977ff1224b Author: Benjamin Kaduk Date: Thu Oct 16 00:04:14 2014 -0400 Make afs_usrops.h more closely resemble reality Remove prototypes for many routines which are not implemented. (I thought some toolchains would complain about this sort of thing? Maybe we disable it.) Change-Id: Id09f494f1c64c2feb05ae82ead9898c08888a5de Reviewed-on: http://gerrit.openafs.org/11547 Tested-by: BuildBot Reviewed-by: D Brashear commit 33f20e841d1ba39761b292d8a69aec2e6fdf883d Author: Benjamin Kaduk Date: Fri Sep 19 23:04:10 2014 -0400 Build libuafs with libtool Use the standard program for building PIC and non-PIC object files, instead of rolling our own. This allows us to pull the build rules into the Makefile.common, leaving just compiler flags and similar in the MakefileProtos. This does change the build flags being used to compile these files somewhat -- the old CRULE1 and CRULEPIC used CC instead of CCOBJ or MT_CC, and did not pass MT_CFLAGS, but it should be safe to move to the standard compiler invocations. We can also eliminate the libuafs-specific 'OPTF' variable which expands to OPTMZ almost everywhere. Rename our COMMON_INCLUDE to MODULE_INCLUDE so it's picked up properly by the standard build rules; this will let us remove ${TOP_OBJDIR}/src/config and ${TOP_INCDIR} once the rest of the build rules in this Makefile are converted to use libtool, as those include directories are already added by COMMON_INCL in Makefile.config. As a side effect, we get rid of the LIBUAFS make variable -- all sites were defining it to libuafs.a anyway, so we can just hardcode it. We can also build a shared libuafs.la "for free". Don't install it anywhere just yet, though. Change-Id: I2bda2f40bbd0aa808c24e074d2d7bcd329f6b77e Reviewed-on: http://gerrit.openafs.org/11472 Tested-by: BuildBot Reviewed-by: D Brashear commit ba229cbf45bce094d1a93f800483c4b98d32f6db Author: Benjamin Kaduk Date: Thu Oct 16 12:46:11 2014 -0400 Attempt to make hcrypto parallel-safe make -j4 on a Fedora buildbot machine failed to compile engine.lo because hcrypto/rand.h was missing. Change-Id: I2750db9ed932144fbc66ede41d24c4930172a446 Reviewed-on: http://gerrit.openafs.org/11548 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit c7f1db24d5d0e1fdc956896c7b9804657e4d5b28 Author: Benjamin Kaduk Date: Wed Oct 15 19:49:12 2014 -0400 (Partially) unify XDR for libuafs and libafs The libuafs build was getting xdr_vector() from both afsaux.c and xdr_update.c, but because of the rules for creating static libraries, this did not cause build errors. The libafs build is sensitive to duplicate symbols, and was only getting xdr_vector() from afsaux.c; libafs was not building xdr_update.c or xdr_refernce.c (that is not a typo). Remove duplicate xdr_vector() from afsaux.c, and build xdr_update.c and xdr_refernce.c into libafs. Remove the unused #define of AUTH_DES. Change-Id: I58ea595d424801697acb07406664ede33aeaf026 Reviewed-on: http://gerrit.openafs.org/11545 Tested-by: BuildBot Reviewed-by: D Brashear commit 67d168511e716d12cc68476a7fda7e984e2ff96a Author: Benjamin Kaduk Date: Wed Oct 15 17:52:22 2014 -0400 Avoid AFS_version conflicts in uafs libuafs links in both afsd.o and AFS_component_version_number.o; afsd.c #includes AFS_component_Version_number.c, which causes symbol conflicts when linking shared. Don't include the version file when compiling for UKERNEL, to avoid the conflict. Change-Id: I9474faf10e029d0022b12431aad51e27412b19fc Reviewed-on: http://gerrit.openafs.org/11544 Tested-by: BuildBot Reviewed-by: D Brashear commit 7223d7b00c20032a957bd6f82ddaf2e0c7d522a9 Author: Benjamin Kaduk Date: Mon Apr 7 21:54:46 2014 -0400 Do not install kauth manpages when kauth is disabled Commit 5afe7a882b0bb90a515e505d9ffce4f644633f06 added a configure option to disable the installation of the kauth suite, but did not add any logic to disable the installation of the corresponding man pages, so those man pages were always installed regardless of the options to configure. Add logic to doc/man-pages/Makefile.in to create .noinstall files for man pages which should not be installed in the current configuration. Depend on the Makefile (which will be regenerated by configure) in this target so as to attempt to behave properly if configure is re-run with different arguments in the same working tree. Change-Id: I19b77a9f20fe27c49db14f3e800d8c77cda1bb3a Reviewed-on: http://gerrit.openafs.org/10993 Tested-by: BuildBot Reviewed-by: D Brashear commit c36a1525f13d3900817caea7dbd0c934cc93931e Author: Andrew Deason Date: Tue Oct 14 17:02:55 2014 -0500 auth: Fix GetNthIdentityOrUser EOF return code Before commit 0af17e7e, afsconf_GetNthUser always returned 1 on failure, to indicate to the caller that they should stop traversing over the list. After commit 0af17e7e, when reaching the end of the list, we return EIO or -1. This causes 'bos listusers' invocations to always fail, since 'bos' clients expect to get the code 1 when reaching the end of the SUsers list. To fix this, make GetNthIdentityOrUser always return -1 when searching beyond the end of the list. For the newer interface afsconf_GetNthIdentity, we return this as-is, to have a separate return code specifically for EOF, but still allowing us to return any positive error code in case of an error. For the older interface afsconf_GetNthUser, return 1 in this situation, to retain compatibility with the old interface (both at the libauth level and on the wire). Change-Id: I2db4760440d7846dc290a05fa24e24ec97a02f12 Reviewed-on: http://gerrit.openafs.org/7377 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit 01bbe3772734c496b64af2cd7c213cc5f6533ba6 Author: Benjamin Kaduk Date: Wed Oct 15 15:04:16 2014 -0400 Remove dead code RX_ENABLE_TSFPQ is never defined for KERNEL builds. In any case, there's a syntax error in the removed code, with a missing '&' before rx_stats.receivePktAllocFailures. Change-Id: I3aaf3d80f7dfee6836016b65b057e1312d716368 Reviewed-on: http://gerrit.openafs.org/11543 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit f39dd54e11dff5e2b4da3eec419ae7c0825c210f Author: Benjamin Kaduk Date: Thu Oct 30 19:51:29 2014 -0400 Build fix for recent FreeBSD -current r273707 added a flags argument to syscall_register(), so add the appropriate version check in param.generic_fbsd.h and ues that in the main code. Change-Id: I7ddf6e1295d7ed94625f19fdeee4e38ef5fd511e Reviewed-on: http://gerrit.openafs.org/11565 Tested-by: Benjamin Kaduk Reviewed-by: D Brashear commit ae8df21d26dd3462c75beb89e6ebbe6dedebd106 Author: Michael Meffie Date: Thu Aug 21 00:06:26 2014 -0400 remove cmd-suite-option-for-hiding-admin-commands Remove the incomplete and non-functional cmd option for hiding admin commands, introduced in commit 36d02757fd6863a845163daf0d730bdcc0a28343. This patch removes the CMD_ADMIN flag, the non-functional help -admin parameter, and the non-functional cmd_IsAdministratorCommand() function. Thanks to Jeffrey Altman for pointing out this old commit and for suggestions on cleanup. Change-Id: I72c7d2ed7109b1238713fe0d6d177c5af6fc6b7d Reviewed-on: http://gerrit.openafs.org/11429 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Garrett Wollman Reviewed-by: Jeffrey Altman Reviewed-by: D Brashear commit c22e1797e8c200140f3885647d0ddcb901e8fc37 Author: Nathaniel Wesley Filardo Date: Sun Nov 2 01:22:52 2014 -0500 Add sparc_linux26 sysname and params A copy of sparc_linux24 without #undef USE_UCONTEXT. Userland tested on a Debian unstable-release machine. Change-Id: I69a4226622748b18f5835d6517297b2d3750586a Reviewed-on: http://gerrit.openafs.org/11567 Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit 27b66f24aad04d1e74a7aa43d6ebcca0b98af18f Author: Benjamin Kaduk Date: Thu Oct 30 19:38:50 2014 -0400 Attempt to make the server install bits current Avoid using -noauth, and mention both the rxkad.keytab (1.6) and the KeyFileExt (as 1.8, though it's only master at present). To support these, move forward the use of kadmin to extract the afs/cell principal's keytab. Move the buserver's creation to the end of the list and mark it as optional (many sites do not run the AFS backup suite). Deindent some programlisting blocks so they don't flow off the page as much in the PDF version. Drop vos syncserv and vos syncvldb from the tasks for setting up a new server; they should not be needed, as the new db server should pick up the existing database when it joins the quorum. General edits for clarity, whitespace and such. Change-Id: I951ec3ee237e4c83a17c82802328f0a454b61097 Reviewed-on: http://gerrit.openafs.org/11581 Tested-by: BuildBot Reviewed-by: D Brashear commit f0ba037073bc215132c02c40e66732f2514983d6 Author: Benjamin Kaduk Date: Mon Nov 3 13:33:56 2014 -0500 Switch other-linux to built-from-source Don't talk about tarball distributions; we shouldn't be doing those anymore. Also switch away from 'make dest'. Change-Id: If0badacab4b3c2492e90867328153f83da82bfc1 Reviewed-on: http://gerrit.openafs.org/11580 Tested-by: BuildBot Reviewed-by: D Brashear commit 112064b98ff14da8418d1b4fe0844ef1adb9f258 Author: Benjamin Kaduk Date: Mon Nov 3 13:13:44 2014 -0500 Add a Debian/Ubuntu subsection As an alternative to rpm-based systems or "systems packaged as tar files". Luckily, the instructions are pretty simple. Change-Id: I8045763b518465c3ffd7fe3f177fff98146033fb Reviewed-on: http://gerrit.openafs.org/11579 Tested-by: BuildBot Reviewed-by: D Brashear commit face986d9440faa28c00dfbc5ff33a3a852ed14c Author: Benjamin Kaduk Date: Mon Nov 3 16:47:16 2014 -0500 Deorbit upserver from the quickstart guide It's not the recommended way to push updates anymore, and clutters up the guide. Change-Id: I248380f12609a2ca03f47602773dc08f230b6fbe Reviewed-on: http://gerrit.openafs.org/11578 Tested-by: BuildBot Reviewed-by: D Brashear commit b83ba7e3fd950c88db3afedd989349e6fa7bb4d8 Author: Benjamin Kaduk Date: Mon Nov 3 16:46:20 2014 -0500 Drop the non-DA fileserver The instructions are clearer when we just tell people what to do, and we think that dafs should be right for almost everyone. Mention that the traditional fileserver is an option and where to read about it, but nothing more. Change-Id: I1fccceb8ee2bf2ec1e5afb0f5b034f029ee96c61 Reviewed-on: http://gerrit.openafs.org/11577 Tested-by: BuildBot Reviewed-by: D Brashear commit 2c6886bf8c62f72eb399d96508012ff7724e1180 Author: Benjamin Kaduk Date: Mon Nov 3 12:59:14 2014 -0500 Reorder "Getting Started" sections Put the ones most likely to be relevant at the top, instead of sorting alphabetically. Change-Id: I6ad80ee2a30b7192d8c8e4668234fa1789e1a213 Reviewed-on: http://gerrit.openafs.org/11576 Tested-by: BuildBot Reviewed-by: D Brashear commit f71063b0324031178432468aff6dca12c3019f4b Author: Benjamin Kaduk Date: Mon Nov 3 12:57:08 2014 -0500 Deorbit "Getting started on IRIX systems" IRIX is mostly gone as an upstream. The case for removing this is less clear than the case for removing the HP-UX docs, but it still feels like clutter in this document. Change-Id: Ib7e9bfc8f7ae8e08e9f12b70d5df615496f57bb6 Reviewed-on: http://gerrit.openafs.org/11575 Tested-by: BuildBot Reviewed-by: D Brashear commit ce57b96ecb4274901d96a01c602dc747509d604e Author: Benjamin Kaduk Date: Mon Nov 3 12:55:55 2014 -0500 Deorbit "Getting started on HP-UX systems" We don't really support HP-UX anymore; no need to clutter up the documentation with it. Change-Id: Ib75f4f137c3cfcb5ab2aece3746964f1cfbab051 Reviewed-on: http://gerrit.openafs.org/11574 Tested-by: BuildBot Reviewed-by: D Brashear commit 2e9c06056b6047f1b9f6fb8ad18caba3a849c2f4 Author: Benjamin Kaduk Date: Wed Oct 29 09:10:21 2014 -0400 Update QuickStartGuide front matter Bump copyright and, uh, major version for the "in progress" note... Change-Id: I5edd235864138b82c84dc1c1218f849217efad1e Reviewed-on: http://gerrit.openafs.org/11573 Tested-by: BuildBot Reviewed-by: D Brashear commit 86cdf6daa74e6f6f963eaf8c014b4ad5dc68d7e4 Author: Michael Meffie Date: Fri Aug 1 09:13:43 2014 -0400 roken: configure checks for inet_ntop and inet_pton Change-Id: Idf2eee040235bbf1f34ed993c74dd5936ae063c6 Reviewed-on: http://gerrit.openafs.org/11584 Tested-by: BuildBot Reviewed-by: D Brashear commit dedc1734e511329e06100b7c39cc33502e0581ab Author: Heimdal Developers Date: Fri Aug 1 08:56:02 2014 -0400 Import of code from heimdal This commit updates the code imported from heimdal to 5dfaa0d10b8320293e85387778adcdd043dfc1fe (git2svn-syncpoint-master-311-g5dfaa0d) New files are: roken/inet_ntop.c roken/inet_pton.c Change-Id: Ice2f687c67550409b366fbea3e52ae42284f4cbd Reviewed-on: http://gerrit.openafs.org/11583 Tested-by: BuildBot Reviewed-by: D Brashear commit f4c2befbdf1d8b251a2b029297c31c3ab1ba917c Author: Michael Meffie Date: Fri Aug 1 08:38:45 2014 -0400 roken: add inet_ntop and inet_pton to the imported file list Change-Id: If785d18e3fd5f333c62bff9ddee2c5835ee871db Reviewed-on: http://gerrit.openafs.org/11582 Tested-by: BuildBot Reviewed-by: D Brashear commit e4a8a7a38dbf29e89bc1a7b6b017447a6aa0c764 Author: Michael Meffie Date: Mon Nov 3 19:06:15 2014 -0500 avoid writing loopback addresses into CellServDB Do not use loopback addresses for the server side CellServDB file. Use getaddrinfo() instead of gethostbyname() to look up a list of IPv4 addresses for a given hostname, and take the first non-loopback address. This avoids writing a loopback address into the CellServDB on systems such as Debian, which map the address 127.0.1.1 to the hostname in the /etc/hosts file. Change-Id: I11521df50262ca80c7db21b7b44671d94bef3587 Reviewed-on: http://gerrit.openafs.org/11585 Tested-by: BuildBot Reviewed-by: D Brashear commit 9be7e23cc562a2dfec2dc4cd7614c5ca5f397789 Author: Michael Meffie Date: Wed Oct 29 17:25:29 2014 -0400 Document the vldb (ubik) file format Briefly document the vldb version 4 file format. Describe the vl header, the vl entry, and mh extensions. Thanks to Marcio Barbosa for an initial draft, comments, and review. Thanks to Ben Kaduk the prdb.txt, and for an initial review and comments. Change-Id: If3ca85419027a218b7bb1585f5d5cd4763ad5b26 Reviewed-on: http://gerrit.openafs.org/11564 Reviewed-by: Nathaniel Filardo Reviewed-by: D Brashear Tested-by: D Brashear commit ba1cc838ab4a80b7a7787c441a79aca31d84808c Author: Andrew Deason Date: Tue Oct 28 00:10:56 2014 -0500 LINUX: Avoid d_revalidate failure on mtpt mismatch Currently, if afs_linux_dentry_revalidate is given an inode that corresponds to a mtpt vcache ('vcp'), it resolves the mtpt to its root dir if it's easy to do so (mvid and CMValid are set). Later on, we run afs_lookup to see if looking up our dentry's name returns the same vcache that we got; afs_lookup presumably will also resolve the mtpt if it's easy to do so. However, it is possible that afs_linux_dentry_revalidate and afs_lookup will make different decisions as to whether or not they resolve a mtpt to a dir. Specifically, if CMValid is cleared after afs_linux_dentry_revalidate checks for it, but before afs_lookup does, then afs_lookup will return a different vcache than afs_linux_dentry_revalidate is expecting, even though the relevant directory entry has not changed. That is, tvc is not equal to vcp, but tvc could be a mtpt that resolves to vcp, or vice versa. CMValid can be cleared by another thread at virtually any time, since this is cleared in some situations when we're not sure if the mtpt resolution is still valid (callbacks are broken, vldb cache entries expire, etc). afs_linux_dentry_revalidate interprets this situation to mean that the directory entry has changed, and so it eventually d_drop's the associated dentry. The way that this manifests to users is that a "fakestatted" mtpt can appear to be deleted effectively randomly, even when nothing has changed. This can be a problem because this causes the getcwd() syscall to return ENOENT when the working directory involves such an affected directory. To fix this situation, we just detect if afs_lookup returned either 'vcp' (our possibly-resolved vcache), or the original inode associated with the dentry we are revalidating. If the returned vcache matches either of these, then the entry is okay and we don't need to invalidate or drop anything. FIXES 131780 Change-Id: Ide1dd224d1ea1e29a82eb7130a010877cf4e9fc7 Reviewed-on: http://gerrit.openafs.org/11559 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Tested-by: Anders Kaseorg Reviewed-by: Anders Kaseorg Reviewed-by: D Brashear commit b5de4a9f42bb83ae03f2f647b11a1200a502d013 Author: Marc Dionne Date: Thu Oct 23 11:27:55 2014 -0400 Linux 3.18: key_type no longer has a match op Structure key_type no longer has a match op, and overriding the default matching has to be done differently. Our current match op doesn't do anything special so there's no need to try to override the defaults; just remove the assignment of .match and the associated function. Change-Id: I0ee195e47f40688d9a71ea62a0b87a4265363f05 Reviewed-on: http://gerrit.openafs.org/11563 Tested-by: BuildBot Reviewed-by: D Brashear commit a42f01d5ebb13da575b3123800ee6990743155ab Author: Marc Dionne Date: Thu Oct 23 11:12:57 2014 -0400 Linux 3.18: d_invalidate can no longer return an error d_invalidate is now defined as void and does not have a return value to check. Change-Id: Ief1b562db63877dde9f4a8ac4918b727a05b23bb Reviewed-on: http://gerrit.openafs.org/11562 Tested-by: BuildBot Reviewed-by: D Brashear commit 882146b0e671e008e1d599cd34213bf940410d33 Author: Jeffrey Altman Date: Wed Jun 11 20:53:09 2014 -0400 viced: kill CLIENT_TO_ZERO macro Move all struct client fields that are to be zeroed upon structure reuse to a new struct client_to_zero. Include the new structure within struct client and call memset() on that structure. Change-Id: I0f83f5f18b41bc0d4f8e1f7f8e04cd5508cbe4e1 Reviewed-on: http://gerrit.openafs.org/11288 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 1b5d5afca69b4a5a6c4027d4b5968d4ebdadc89a Author: Jeffrey Altman Date: Wed Jun 11 20:40:47 2014 -0400 viced: kill HOST_TO_ZERO macro Move all struct host fields that are zeroed into a new structure host_to_zero which is then included in struct host as 'z'. Remove the HOST_TO_ZERO macro entirely as its presence can lead to the introduction of dangerous errors. Change-Id: I44afd37413afae4e4357e68cdadf5c28784611c5 Reviewed-on: http://gerrit.openafs.org/11287 Reviewed-by: D Brashear Reviewed-by: Benjamin Kaduk Tested-by: D Brashear commit fb67a8d4ef62387f8ed7d1ffc373a07475e70588 Author: Jeffrey Altman Date: Wed Jun 11 19:37:34 2014 -0400 viced: move host tmay fields before index The index field and those after it in struct host do not get zeroed when a host is reused. The placement of the tmay fields after index in commit 9a0a8ca4d186cf953b87d9fae1a35f66090b060c results in the use of uninitialized memory. This change moves the tmay fields before index which permits the HOST_TO_ZERO() macro to compute the correct size to be memset() to zero. Change-Id: I1f93bebb23c99eaa7826dafa8cd7497d1b49bb53 Reviewed-on: http://gerrit.openafs.org/11286 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit 235e88a36c1c26b5e5160510ce3b63e61d597e19 Author: Mark Vitale Date: Thu Jun 12 14:20:24 2014 -0400 viced: remove obsolete comment about alignment Alignment may have been historically relevant, but is no longer. Remove the comment. Also remove the unneeded 'dummy' field which does not provide padding for a useful alignment. Change-Id: I447fb73c379e6f86facd955a29ffd80e8929ceff Reviewed-on: http://gerrit.openafs.org/11289 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: D Brashear commit 3b27be6692796bb5319dfa1ea0e01698bbf64aab Author: D Brashear Date: Tue Oct 14 14:03:40 2014 -0400 libafs: avoid contaminating the return of lookup vnop when we resort to checking the inlinebulk errors to see if a retry is needed, do not overwrite the lookup return code; only decide if a retry is needed. problem case was where the first vnode returned EACCES and so all vnodes were assumed to have failed, when just one did. Change-Id: Ifd7361ce5af50a72817afa81d31d9cfbda906efd Reviewed-on: http://gerrit.openafs.org/11537 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 8f630226f6f1f73a4d816b72caab3bb1e4620312 Author: Christer Grafström Date: Wed Oct 29 08:05:06 2014 +0100 Packaging support for MacOS X 10.10 "Yosemite" This is just the packaging part of the patch submitted in the RT ticket. The configuration part is in the preceding change. FIXES 131946 Change-Id: Ic5b200b1f54d7f9f9552b0f9e2b881c3f0af9bc2 Reviewed-on: http://gerrit.openafs.org/11561 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit 4109785a891d802194ad11edb600a61de316d262 Author: Christer Grafström Date: Wed Oct 29 07:56:35 2014 +0100 Add support for configuration of MacOS 10.10 "Yosemite" This is just the configuration part of the patch submitted in the RT ticket. The packaging part will will follow in the next change. FIXES 131946 Change-Id: Ic8835b1ddf317600483505a2d94d9f3568720804 Reviewed-on: http://gerrit.openafs.org/11560 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit 8c78a44cf5197ceee6907e947074973138c442f0 Author: Andrew Deason Date: Mon Oct 27 16:39:34 2014 -0500 rx: Reset lastSendData when resetting call Currently we use call->lastSendData to attempt to detect a stalled call, if it's been too long since the last time the call sent any data. However, we never initialize lastSendData to anything when creating a new call. This means that when rx_NewCall (or rxi_NewCall) returns, lastSendData can be nonzero. This can happen if we reuse a DALLY call, or if we pull a call off of rx_freeCallQueue. This can be a time very far in the past, since the lastSendData time has not changed since the last time the call was used; it will remain unchanged until a user of the new call writes something to the call stream. This can be a problem between the time when a caller creates a new call with rx_NewCall and when the caller actually writes something to the stream. Between those two times, if lastSendData happens to be set to a time in the past, we may call rxi_CheckCall on that call, and abort the call for being idle. The call will thus be aborted before it even sent any data on the wire. This is of particular concern for multi_Rx calls, since those can create a large number of call structures, possibly introducing a delay between calling rx_NewCall and writing anything to the stream (if one of the later rx_NewCall invocations blocks waiting for an open call channel, for instance, all of the previous allocated calls will stick around unused for potentially a long time). One such multi_Rx call is done by the cache manager, where it periodically uses multi_Rx to call RXAFS_GetCapabilities to probe fileservers for reachability. If this issue occurs during that operation you can see a large number of servers get marked down for code -9 (RX_CALL_IDLE), and then get marked as coming back up. To fix this, set lastSendData to 0 when resetting a call, along with most of the other fields in a call, to indicate that the call has never sent any data. As long as lastSendData is 0, the call will never get aborted with RX_CALL_IDLE, and this situation will be avoided. This ensures that this issue cannot happen, since rxi_ResetCall is guaranteed to be called at some point whenever we reuse a call structure for any reason. Change-Id: Ie96d1c640616fd5a234c635f60dfef4ad7c19d28 Reviewed-on: http://gerrit.openafs.org/11557 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 616d19a2ebedf62e47a30c3357b3596aa234e011 Author: Nathaniel Wesley Filardo Date: Sat Oct 25 19:48:36 2014 -0400 Remove duplicate CREATE_SGUID_ADMIN_ONLY define A trivial omission from 30433f36a953187f27b5db9fb432f3b7dce91e6b Change-Id: If85ebd73a68c6226077b690243a94c2e40f88149 Reviewed-on: http://gerrit.openafs.org/11556 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit c04c57c6c57d2e0b09ba60b68de738b636c9450b Author: Benjamin Kaduk Date: Wed Oct 22 12:07:37 2014 -0400 Remove documentation of 'program' This tool was removed in 2006 in commit b405868ca02880207bda1ec6eb4e21c7b0ac250c. Also remove mention of wsadmin, removed at the same time. Change-Id: I8475b951f576f10ddd2f4b72565354b9fba41d94 Reviewed-on: http://gerrit.openafs.org/11554 Tested-by: BuildBot Reviewed-by: D Brashear commit 6e167d4646992e95d294927b238e21f39b1169e3 Author: Benjamin Kaduk Date: Mon Oct 6 22:54:09 2014 -0400 Remove unused -k argument to fileserver It has been unused since the LWP fileserver was removed. It was used to set the LWP stack size. Change-Id: I2ffd3a2f02049a307b668a46b62b31dc9bc128a8 Reviewed-on: http://gerrit.openafs.org/11527 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 89febdba40119c3f1e2d33901bdce4f649a12400 Author: Benjamin Kaduk Date: Mon Oct 6 17:06:53 2014 -0400 Warn at configure time about bitmap-later It's superseded by DAFS and is slated for removal post-1.8. Change-Id: Id2c870fb76eeb470bbf393e99654df434b1a1a86 Reviewed-on: http://gerrit.openafs.org/11525 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit f7ddab6606617cb587a0f667bba6837c8103d5e9 Author: Benjamin Kaduk Date: Mon Oct 6 13:31:23 2014 -0400 Merge pam into the kauth configure option Realistically, you shouldn't be using either kauth or pam. The pam functionality provided by the module in our tree is only useful in a kaserver-style environment, so it makes sense to merge the two knobs. Retain a separate enable_pam variable so that it can be overridden on a per-architecture basis where it is known to not work. Consolidate the two places where we did such checks, as well. Change-Id: I6bf39ee5002f943548c51d089fe612f7e2f0501b Reviewed-on: http://gerrit.openafs.org/11524 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 2c3a517e876013f24430462fc5a2eea25e5cd61d Author: Benjamin Kaduk Date: Wed Sep 24 00:31:16 2014 -0400 Retire Makefile.shared It has served its purpose, and been replaced by libtool. Change-Id: Ifb4e2f585fb4239e9138daef82dcc7f41d7f2a99 Reviewed-on: http://gerrit.openafs.org/11485 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: D Brashear commit 6d2395ed2205d438cb8814689960b8f524454fea Author: Benjamin Kaduk Date: Wed Sep 24 00:11:07 2014 -0400 Build kopenafs with libtool Prior to this commit, we were installing libkopenafs.so.1.1. As for the other libtoolizations, bump SONAME to 2.0 as a general precaution. Change-Id: I6edef89737cf057eb8aab8dfe2eacfb4f417dd6e Reviewed-on: http://gerrit.openafs.org/11484 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: D Brashear commit 5815ee92a41cdcf105741d834042a5617dc4c219 Author: Marc Dionne Date: Thu Sep 25 07:52:12 2014 -0300 Linux 3.17: Deal with d_splice_alias errors In 3.17 the logic in d_splice_alias has changed. Of interest to us is the fact that it will now return an EIO error if it finds an existing connected directory for the dentry, where it would previously have added a new alias for it. As a result the end user can get EIO errors when accessing any file in a volume if the volume was first accessed through a different path (ex: RO path vs RW path). This commit just restores the old behaviour, adding the directory alias manually in the error case, which is what older versions of d_splice_alias used to do. Change-Id: I5558c64760e4cad2bd3dc648067d81020afc69b6 Reviewed-on: http://gerrit.openafs.org/11492 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Andrew Deason Reviewed-by: D Brashear commit 6a23ca5b6e8bcaf881be7a4c50bfba72d001e6cd Author: Marc Dionne Date: Tue Sep 9 10:39:55 2014 -0300 Linux 3.17: No more typedef for ctl_table The typedef has been removed so we need to use the structure directly. Note that the API for register_sysctl_table has also changed with 3.17, but it reverted back to a form that existed before and the configure tests handle it correctly. Change-Id: If1fd9d27f795dee4b5aa2152dd09e0540d643a69 Reviewed-on: http://gerrit.openafs.org/11455 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Andrew Deason Reviewed-by: D Brashear commit cadaea4f86427c4dc74f56fc66707e8cfb0166cb Author: Anders Kaseorg Date: Wed Sep 3 18:26:36 2014 -0400 Linux: Refine openafs-client.service dependencies Make sure that openafs-client is started after the network is online, and before services that need remote-fs at startup. Change-Id: Ib69e0c07f9079f47bbe5057626652c44039c433a Signed-off-by: Anders Kaseorg Reviewed-on: http://gerrit.openafs.org/11441 Reviewed-by: Chaskiel Grundman Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit 57ca77786eb6c04519f9358f1456fdf5b8006757 Author: Benjamin Kaduk Date: Wed Sep 17 12:07:02 2014 -0400 Fix disk name initialization in scout Scout needs to initialize names in scout_disk structures to prevent the use of uninitialized data. However, '\0' is a NUL character constant, i.e., the integer value 0, which is interpreted as NULL (the pointer constant) in a pointer context, such as when assigned to a variable of type char*. Since the name field in these structs is passed to printing routines, the safe initialization value is the empty string constant "", not a zero value. Change-Id: Ie0530fc4fc090b226c0e54201b4a74158efddebd Reviewed-on: http://gerrit.openafs.org/11469 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit 66a431bf82da5e09e89307c250991bfc12caf532 Author: Benjamin Kaduk Date: Tue Sep 16 22:57:53 2014 -0400 Build fixes for recent FreeBSD -current Let's try a new paradigm of using flag checks in the main code, which are based off of precise version checks in the FreeBSD-specific param.h file. It's not quite configure checks, but is much more granular. Change-Id: I8274a8ad3747d3847cdec3ce8d521837fd5b2a92 Reviewed-on: http://gerrit.openafs.org/11467 Tested-by: BuildBot Tested-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit ec2382e060753dfdcaf84b9ac03e1534c65fcdbc Author: Benjamin Kaduk Date: Mon Sep 8 13:47:33 2014 -0400 Tweak AFSDIR_PATH_MAX definition On recent Debian, we run into runtime errors in the test suite because _POSIX_PATH_MAX is only 256, and that buffer is too small for a call to realpath(). Use PATH_MAX if it's available and larger than _POSIX_PATH_MAX, in a way that should be safe even when PATH_MAX is not defined. Change-Id: I39127e88d92b358245ece21131219380ca4be98a Reviewed-on: http://gerrit.openafs.org/11453 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Perry Ruiter Reviewed-by: D Brashear Tested-by: D Brashear commit 4514dbb1c4527a91a41e2a29c8a721091f6351a9 Author: Benjamin Kaduk Date: Mon Sep 8 13:42:27 2014 -0400 Let mancheck_utils ignore version subcommands We don't have a man page for the 'version' subcommand, which has "always" been present but only recently was exposed to the usage. It's okay to not have a man page for it, so tell the test infrastructure to not complain about its absence. Change-Id: Ife834d41797d1d1efe403b204736ac85d62724e9 Reviewed-on: http://gerrit.openafs.org/11452 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: D Brashear Tested-by: D Brashear commit 27cb0d38885428474b0d42878fa2c539ce45b025 Author: Benjamin Kaduk Date: Tue Sep 23 23:42:50 2014 -0400 Adjust configure defaults for 1.8 Disable pam; enable pthreaded ubik. (Pam is actually not installed by default anyway, since it is functionally part of kauth.) pthreaded ubik is believed to be stable, and we want to move away from LWP moving forward. Change-Id: I14d20e3157df625a9e04059534bbb59268384213 Reviewed-on: http://gerrit.openafs.org/11483 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit f2d4ba8b61bfe51d2c2167190f0049c4ec94f220 Author: Benjamin Kaduk Date: Fri Sep 19 14:39:04 2014 -0400 Build hcrypto with libtool Or rather, with lwptool, since we need a LWP version as well as the various pthreaded versions. The previous version was the initial version, 1.1, but since we're switching to libtool, bump the version to 2.0 just to be safe. Libtool abstracts away the extra logic that had previously been needed to build different copies of rand-fortuna for the pthreaded and LWP libraries. As for roken, we must install both shared and static libraries to $(TOP_LIBDIR) for unity of consumption, but remove the libtool archive after instllation. Change-Id: Ibc530a1fa4baa7a38b44eb3e0719e1905a6fe269 Reviewed-on: http://gerrit.openafs.org/11482 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit a6d7014187e238c9659141919d3c0934aac61f3b Author: Benjamin Kaduk Date: Tue Sep 23 18:19:09 2014 -0400 Allow external hcrypto Put the configure checks into a separate file in src/cf, following the same general structure as the roken checks. Allow explicitly requesting the internal version, or checking what's in the default paths, or providing a specific hcrypto root or lib/include dirs for Debian compatibility. We must still always compile libafshcrypto_lwp.a for use by LWP binaries, from the bundled sources, but other binaries will use the system version. The hcrypto headers have an unfortunately large number of dependencies, including depending on being able to find each other by including paths. As such we must pass both the user-supplied directory and $dir/hcrypto to the preprocessor in order for things to work, and we also may need to revisit the includes used in the configure check for use on non-linux systems due to the dependencies on system headers. Change-Id: Idcba1418a19a7b562335524c911d69dc84268177 Reviewed-on: http://gerrit.openafs.org/11481 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 493765cc88a15fd7db14d13dc03f0771cf6bb210 Author: Benjamin Kaduk Date: Tue Sep 23 16:58:08 2014 -0400 Link aklog against LIB_hcrypto This was the last place where libafshcrypto.a was explicitly referenced, preventing the use of an out-of-tree hcrypto library. We will continue to need to build the in-tree code to produce a libafshcrypto_lwp.a library for use in LWP applications, until we do not have any more LWP applications, but some systems (such as Debian) have a desire to avoid bundled libraries, so we should facilitate the use of an external libhcrypto where possible. Many consumers of libafshcrypto_lwp.a will be removed when the LWP versions of various modules are removed after 1.8 is branched. Change-Id: I23049866caae9c16ffb2ec32c5e7b058465a26ba Reviewed-on: http://gerrit.openafs.org/11480 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit d31d7c3cb0d78f77e2e12215a35efaa7754813e4 Author: Benjamin Kaduk Date: Fri Sep 19 15:01:29 2014 -0400 Build venus tests with libtool This was the only place doing -lafshcrypto_lwp on the command line. (There are other consumers, which list libafshcrypto_lwp.a explicitly; we can use the presence of libafshcrypto_lwp.a to track progress towards not needing a LWP hcrypto build, which must come from the in-tree version.) Convert the tests to build with libtool (as pthreaded), where we can just throw in $(LIB_hcrypto) and deal with what we get. Change-Id: Ibc99615d2ff03b8aebf956502a2a6b1cb26f0a65 Reviewed-on: http://gerrit.openafs.org/11479 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 3160b1ad38a87c0c7e132246de2e5f3c3fac92bd Author: Benjamin Kaduk Date: Thu Sep 18 13:55:15 2014 -0400 Build roken using libtool Previously it was version 1.1; just in case I did something terrible, bump it to 2.0, as was done for the other libtool conversions. Install both the libtool archive and the static archive to $(TOP_LIBDIR), so that all our internal consumers can just use -L$(TOP_LIBDIR) -lrokenafs (well, via the LDFLAGS_roken and LIB_roken aliases) whether linking statically or shared. Installing the libtool archive gets us the shared library there, but we have to then remove the libtool archive, since this is not the location we told libtool we would install to (the prefix we configured with), and libtool would get confused trying to use this installed, but installed-at-the-wrong-place libtool archive. Add rk_vsyslog to the export list, for AIX. It is tempting to eschew this installation and instead point LIB_roken at the libtool archive file librokenafs.la directly (with empty LDFLAGS_roken), but this is not possible until all consumers of roken are converted to build using libtool. In practice, this will probably not happen until LWP is evicted from the tree. Change-Id: If6ab6c2d57c0a1b1511f9631b9aeb522d7e7392b Reviewed-on: http://gerrit.openafs.org/11477 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 933d980341556f776a500b41f12a86854bdd41a2 Author: Benjamin Kaduk Date: Tue Sep 23 15:33:08 2014 -0400 Build auth tests with libtool (And pthreaded.) This was the only place consuming librokenafs directly, which is forbidden if we are to properly support using an external roken. Convert to libtool and throw $(LIB_roken) on at the end. Change-Id: I0cdea690800be1022888244b613929ce3154db1d Reviewed-on: http://gerrit.openafs.org/11476 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit efe449adbb8994e6333bfb018be225b46d9f4ba6 Author: Benjamin Kaduk Date: Thu Sep 18 21:35:30 2014 -0400 Fix LT_LDLIB_shlib_missing Libtool's -symbols-file argument is taken as an exact match of symbols that this library claims to export. It does not filter based on what symbols are actually present in the objects comprising the library. Instead, if there are symbols in the file which are not implemented by the library, there is an implicit assumption that some other library will provide those symbols, which must be linked into a consumer of this library alongside this library. These are not the semantics we want (at present, only for roken), wherein a library will implement some (but probably not all) of a given list of symbols, and we want the export list to reflect only those symbols which are implemented. Instead, use the symbols file to build a regex that will only match symbols listed in the file (and no other symbols), and only export the subset which is present. Change-Id: Id81f7a35089ae7f760fe643680f9bfb9c81521aa Reviewed-on: http://gerrit.openafs.org/11475 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 119d2edf8a4b42ca4c3fd36d17e3621ddc0de60d Author: Benjamin Kaduk Date: Mon Sep 22 17:02:27 2014 -0400 Allow building with MIT krb5 and external roken That is, an external roken which is part of a heimdal distribution, with full headers and libraries, most notably krb5.h and libkrb5. This adjusts the ordering of file- and module-specific compiler and linker arguments so that the more specific arguments are able to take precedence. For general flags arguments, such as enabling or disabling warnings or features, the more-specific settings should come last, so as to override the flags set by default. However, for arguments that affect a global search list (e.g., for headers or libraries), the more-specific arguments must come first, so as to be at the beginning of the search list. We presently use per-file CFLAGS for both warning-type flags and preprocessor (i.e., include path) type flags, so add an additional file-specific setting for CPPFLAGS, which comes at the beginning of the compiler invocation. At present, MODULE_CFLAGS are essentially only used for preprocessor functionality, so treat them as CPPFLAGS and put them right after the per-file CPPFLAGS. (It might be cleaner to rename them to MODULE_CPPFLAGS, but that would be more churn than is needed. If such a distinction turns out to be necessary, it can be done at a later date.) Likewise the MODULE_LDFLAGS are generally being used to affect the library search path, so put them early as well. Make the necessary Makefile changes to use these new features to allow building with MIT krb5 and external roken: put KRB5_CPPFLAGS in per-file CPPFLAGS, and put LDFLAGS_KRB5 in MODULE_LDFLAGS for aklog. Change-Id: I1091223b3b75c782b39b9e189bdd47e52ebefae2 Reviewed-on: http://gerrit.openafs.org/11474 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 9e3596c3fae6912783ec6d714a37f3dc05f8925c Author: Benjamin Kaduk Date: Mon Sep 22 15:27:44 2014 -0400 Adjust roken.m4 to allow separate lib and include In some installations (e.g., Debian), the roken libraries and headers will not be installed in a common root directory to which /lib and /include may be appended to find the appropriate library and header directories, respectively. Take inspiration from rra-c-util's GSSAPI macros and allow the specification of separate include and lib directories. Since there are now three values to pass to the guts of the checking routine, pass them in global variables instead of as parameters. The expected usage would be to set either --with-roken, or both of --with-roken-libdir and --with-roken-includedir, as in configure --with-roken-include=/usr/include/heimdal --with-roken-lib=/usr/lib/x86_64-linux-gnu/heimdal This also fixes a typo that prevented --with-roken=internal from functioning as intended. Change-Id: I6f651ef3f3abf37c92ea81ea1801294ca3dc00b2 Reviewed-on: http://gerrit.openafs.org/11473 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit bd5c12995e6de74d36bd2205f7268a0f32029b7f Author: Benjamin Kaduk Date: Fri Sep 19 21:18:38 2014 -0400 Deorbit separate JUAFS build Since 80943970b8cfcdf3fc630b25804aebaea228bd73, when the web enhancements were enabled universally, there has no longer been a functional difference between the UAFS and JUAFS builds. Their object files are compiled using the same compilation rule, and the list of object files differed only by rx_kmutex.o (which is devoid of content) and xdr_int32.o (which is preumably an oversight). Save the extra build time by just reinstalling libuafs.a as libjuafs.a to preserve the existing interfaces. Additionally, drop the LIBJUAFS make variable -- all definitions set it to libjuafs.a. Similarly, the LIBJUAFS_FLAGS variable was unused and can be removed. Change-Id: I2074d5bc26e326db36b16e055431818ef1c69210 Reviewed-on: http://gerrit.openafs.org/11471 Reviewed-by: D Brashear Tested-by: D Brashear commit 9799484891ae90e408cdd7d86ef2e928cdd07c61 Author: Benjamin Kaduk Date: Fri Sep 19 21:45:31 2014 -0400 Deorbit the netscape plugin Netscape hasn't been a thing since 2008. We would only try to build it if someone manually ran 'webinstall' in src/libuafs, and there is no documentation telling anyone to do so. It's dead, Jim. Change-Id: I7486ca33da7ff19f23f0d9f54f5fb4e7e3232540 Reviewed-on: http://gerrit.openafs.org/11470 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 5d2bd0416bbaf5b85f28e870a06dbc2955a1adf7 Author: Benjamin Kaduk Date: Sun Sep 14 21:16:56 2014 -0400 Make pam conditional on INSTALL_KAUTH The pam module we provide is only useful in kaserver-like environments, and as such should not be installed when the user has requested to not have kauth. Change-Id: I9b336593e34cedfd6e8c2210f3798575d115d2d6 Reviewed-on: http://gerrit.openafs.org/11466 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 6825d6aeaa7c3951aafc216fa3707ae6c62e8691 Author: Benjamin Kaduk Date: Fri Sep 12 18:07:51 2014 -0400 Build a usable pam_afs.so Our use of libtool for building the pam modules resulted in shared objects which had dependencies on liboafs_auth.so and liboafs_kauth.so, neither of which are installed. We still need some way to resolve those dependencies at link time, and a dependency on libafsauthent.so seems ill-advised to insert into the pam stack, so we are left with only the option of directly linking in the requisite functionality. Fortunately, almost all of the requisite convenience libraries of PIC objects already exist to meet the requirements of libafsrpc and libafsauthent; the only exception is from the auth module. Here, we require a new convenience library, because the pam_afs.krb.so module includes its own version of ktc.o, compiled with AFS_KERBEROS_ENV defined, yet the pam_afs.so module requiers a ktc.o compiled without AFS_KERBEROS_ENV defined. The convenience library from the auth module can only include one version, and would therefore be wrong for the other. As such, create the new libpam_auth.la archive from the BASE_objs in src/auth, and manually compile ktc.lo and ktc_krb.lo as needed for the pam modules. As for libafsrpc and libafsauthent, the convenience libraries included from other parts of the tree belong in LT_objs, not LT_deps, because they are contributing actual content to be included in the resulting library; they are not library dependencies of the output of this module. Change-Id: I5292718a5494710d166043fd08ad07269ff9fdf2 Reviewed-on: http://gerrit.openafs.org/11463 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 96b0307b3c79ccfc2305f98a3045b49f3c2a4723 Author: Benjamin Kaduk Date: Mon Sep 8 18:06:25 2014 -0400 Build and install libafsauthent.so.2 During the libtool interim, we had been building a .0 but not installing it. Prior to the libtoolization of shlibafsauthent, we had installed a libafsauthent.so.1.1, which is the same version currently installed by the 1.6 branch. Since there have been backwards-incompatible ABI changes (e.g., afsconf_BuildServerSecurityObjects) since the .1.1 version, we must bump the SONAME to .2.0. At time of this writing, the libtool rules for updating the version information is found at: http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html and http://www.gnu.org/software/libtool/manual/html_node/Libtool-versioning.html This lets us consolidate the building of the shared and static libafsrpc and their installation), as libtool will happily do both for us at once. We explicitly do not install the .la files, as our libtool use is to be kept entirely internal. Change-Id: I283f9bb74eb9853c268e8642ac1f01741deeae2b Reviewed-on: http://gerrit.openafs.org/11462 Reviewed-by: D Brashear Tested-by: D Brashear commit 248b3216e77d333126c84987319a928a9ca6e3af Author: Benjamin Kaduk Date: Mon Sep 8 18:06:25 2014 -0400 Build and install libafsrpc.so.2 During the libtool interim, we had been building a .0 but not installing it. Prior to the libtoolization of shlibafsrpc, we had installed a libafsrpc.so.1.4 (though the 1.6 branch was installing libafsrpc.so.1.5, "so we don't collide with the shlibafsrpc versions on the master branch", which seems misguided). Since there have been backwards-incompatible ABI changes (e.g., rx_SetMaxMTU) since the .1.4 version, we must bump the SONAME to .2.0. At time of this writing, the libtool rules for updating the version information is found at: http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html and http://www.gnu.org/software/libtool/manual/html_node/Libtool-versioning.html This lets us consolidate the building of the shared and static libafsrpc and their installation), as libtool will happily do both for us at once. We explicitly do not install the .la files, as our libtool use is to be kept entirely internal. Change-Id: I11bc3cbc80048d0192aadeb80b89d2772bcd01cd Reviewed-on: http://gerrit.openafs.org/11461 Reviewed-by: D Brashear Tested-by: D Brashear commit cd030f3c36c6a6ed6fa721cdcaa98fe4a4fce8a4 Author: Benjamin Kaduk Date: Fri Sep 12 17:21:42 2014 -0400 Normalize LT_deps/LT_objs split As described in the commit message of 69f26ece3c4545ecc9099641f7a507796fe9dc77, LT_objs should contain the .lo files for the given module, and LT_deps should contain the libtool dependencies, i.e., the .la files from other parts of the tree. However, this simple split by file suffix is not correct when we are using convenience libraries. Really, LT_objs represents the "new" objects being provided by the module, and LT_deps is libraries from other modules that provide functionality on which we depend. Since convenience libraries are just thin aggregates of object files, they behave more like object files than libraries upon which we depend. In particular, libafsrpc and libafsauthent are wrapper libraries that gather together the functionality of several modules and export them as a single library interface; they do not have any objects of their own. However, libafsauthent has a dependency on libafsrpc, which does belong in LT_deps (or possibly in LT_libs). Simon's description of LT_libs leaves a little ambiguity, as it does not describe what should be done with non-libtool libraries from within OpenAFS. (At present, these include libafshcrypto and librokenafs, both of which are regularly put in LT_libs.) I prefer to recast LT_libs as containing externally visible libraries, not just external libraries, which rationalizes the inclusion of roken and hcrypto there, since we currently install those libraries, and build libraries that have shared library dependencies on them. In the future, as we begin committing to stable shared library interfaces for libraries produced by libtool, I would like to have those .la files be moved to LT_libs, since they would then be external library dependencies of the given module. Change-Id: Ie50010da84df99cec048c3e39ffeb9d5897fc08c Reviewed-on: http://gerrit.openafs.org/11460 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit a470b30ecabb7db578a9345771b0d371a5581f8d Author: Benjamin Kaduk Date: Fri Sep 12 15:41:23 2014 -0400 Normalize names of libtool convenience libraries Part of why libtool was introduced into the tree was to reduce the number of times each source file is compiled. PIC code is needed for shared objects, and non-PIC code for static libraries, so in most cases a C file must be compiled twice, but not more than that. Libtool automatically manages which version of an object is passed to the linker when libtool is used to link .la files. At several places in the tree (libafsrpc, libafsauthent, libuafs_pic.so, and pam_afs.so) we use libtool to link a .la library and pass other .la libraries in as linker inputs. In normal situations, libtool would produce an output shared library that registered a shared library dependency on the (shared version of the) input library. However, in our usage, these input .la libraries are used only for our convenience, and are not intended to be installed, so libtool would produce an output library that was not usable. Libtool refers to our usage of libraries not intended to be installed as "convenience libraries"; for us, they are essentially just static archives that contain PIC objects (as opposed to normal static archives which contain non-PIC objects). Prior to this commit, we had named our convenience libraries things like libafsauthent_auth.la or libafsrpc_comerr.la, since they were mostly only used for either libafsrpc or libafsauthent. However, future commits will need to use some of these convenience libraries in other shared objects (such as pam_afs.so), so we normalize the library name to indicate merely that it is a PIC version of that module. There are three exceptions to this rule: libafsrpc_sys.la, which contains only a single file and not the whole of the sys module, libafsrpc_util.la, which contains a subset of the util objects, and libauthent_ubik.la, which contains a subset of the ubik objects. Since these convenience libraries are in fact tailored to the particular application, a target-specific name is appropriate. The convenience library provided by the ptserver module is named libprot_pic to match the existing public interface libprot.a. We cannot link the dependencies of the convenience libraries directly into them, because any given object may only be linked once into a given library, and our dependency graph between modules is decidedly not a tree, so attempting to link in the dependencies would result in duplicate symbol errors. Change-Id: I5f10af74b8582edd51e5f1b3f0026dbc7ef9f7ad Reviewed-on: http://gerrit.openafs.org/11459 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 81189b7bc9ef66519a5bf96e20ec2fbe0267dfc8 Author: Benjamin Kaduk Date: Mon Sep 8 18:28:11 2014 -0400 Use correct syntax for libtool version info It does not take an '='. Whomever thought that making libtool silently accept all (i.e., malformed) command-line arguments was a good idea ... seems to have been mistaken. Change-Id: I357cd44ac6f495474f9763a2f768ac9c8d1e4cb4 Reviewed-on: http://gerrit.openafs.org/11458 Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear Tested-by: D Brashear commit 25be08520935bc4b0604bff0a476ee53e1a511d5 Author: Michael Meffie Date: Wed Sep 10 09:00:11 2014 -0400 build: remove trailing whitespace from makefiles Remove trailing whitespace from the makefiles, except for trailing whitespace in the boilerplate comment headers. Change-Id: Ib8ee87a51f00633ba15e1974ac0b311969bef1bf Reviewed-on: http://gerrit.openafs.org/11456 Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear Tested-by: D Brashear commit fbea3265b3bc042b97be17229839ccf7d11a0bf9 Author: Anders Kaseorg Date: Tue Sep 30 13:52:31 2014 -0400 aklog: Fix segfault on aklog -path Commit 2fac53522e7ef5b3a376e191bffdc1f6784e6995 “aklog: Fix improper use of readlink” inadvertently changed the meaning of int link from a boolean flag (length > 0) to just a length. This caused ‘aklog -path (anything)’ to segfault. Update the type of link and the condition of the while loop to account for this change. FIXES 131930 Change-Id: Ia05836795425a53e858ab29866900f6d45970644 Reviewed-on: http://gerrit.openafs.org/11517 Reviewed-by: Anders Kaseorg Tested-by: Anders Kaseorg Reviewed-by: Benjamin Kaduk Reviewed-by: Stephan Wiesand Tested-by: Stephan Wiesand Reviewed-by: D Brashear commit c6b61a4510c0c34688b979182ea6f3823a840296 Author: Perry Ruiter Date: Thu May 29 15:51:57 2014 -0700 afs: Verify osi_UFSOpen worked In some builds (UKERNEL) osi_UFSOpen returns a NULL if it runs into a problem. On the other builds osi_UFSOpen simply panics. afs/afs_cell.c was checking for a NULL return but other callers were not. Add checking logic to all callers. This is a prepartory patch. A subsequent patch will have osi_UFSOpen return NULL rather than panic for other builds too. Change-Id: I3610a57dff59b84fe5ea8b1c862f3192157f255f Reviewed-on: http://gerrit.openafs.org/11243 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Garrett Wollman Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit c90c5e97c6361e06ff06aab02d0768a0bd43354d Author: Jeffrey Altman Date: Thu Sep 25 13:23:16 2014 -0400 Windows: SetDispositionInfo vs Link Count When SetDispositionInfo is called to mark a file for pending delete the link count should not be decrememented. The count is decremented only when the file is actually deleted. Change-Id: I611e2b9695179abcba01d6fa83022b08044ee8bf Reviewed-on: http://gerrit.openafs.org/11508 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 8da84729c8f1e849882aea7b1268c6ac49936f21 Author: Jeffrey Altman Date: Thu Sep 25 13:21:48 2014 -0400 Windows: FileStandardInfo Link count Instead of returning 1 in all cases the ObjectInformation.Links value should be returned to the caller. Change-Id: I719bebca9299953c6afc3352117c1e1bf99d63f6 Reviewed-on: http://gerrit.openafs.org/11507 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 243537f7071a108950d5442a4f9f7ab0747ca080 Author: pete scott Date: Thu Sep 25 09:01:27 2014 -0600 Windows: Check for RO and Open Target in rename During a file rename operation, check to see if the target file has the DOS readonly attribute set or has a non-zero reference count. If yes, the request must be failed. The error status depends upon the state of the pending delete flag. Either STATUS_PENDING_DELETE or STATUS_ACCESS_DENIED. Change-Id: I90fa1ea54176f96ca3052ee2b774b1179642e2ef Reviewed-on: http://gerrit.openafs.org/11506 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a27bed59cae1a4244429c752edfde0a8363c8a3b Author: Andrew Deason Date: Thu Sep 25 12:34:18 2014 -0500 afs: Move init_hckernel_init to osi_Init Currently we call init_hckernel_init inside afs_InitSetup, to initialize the hcrypto mutex. However, we use the hcrypto mutex in the AFSOP_SEED_ENTROPY syscall, which afsd calls before any syscall that cals afs_InitSetup. This means we crash on trying to AFSOP_SEED_ENTROPY. To avoid this, just call init_hckernel_init inside osi_Init instead, which is called when our kernel module itself is initialized. This ensures that the mutex is initialized early on, regardless of what happens with afsd and the startup syscalls. Change-Id: Ib6cbed7abcfd8f9a61685f613a848e9f36d6050d Reviewed-on: http://gerrit.openafs.org/11509 Tested-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit cdfa21ad5e86184f822496c1a9aa769fa98a8bb1 Author: pete scott Date: Wed Sep 24 11:49:38 2014 -0600 Windows: Use the allocation size from the service The prior patchset modified the service AllocationSize return value to count the number of 1KB units. Use the value from the service without modification. This corrects an inconsistency in the FileStandardInformation response. Change-Id: I9a5f0a4f43aa12de903875b6ed4c5493e37b0163 Reviewed-on: http://gerrit.openafs.org/11491 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d9ca3050c697a9d6b623be874ea46aaf2312ad87 Author: Jeffrey Altman Date: Wed Sep 24 18:12:31 2014 -0400 Windows: report AllocationSize in 1KB increments Windows expects storage to be allocated in increments of some block size. The AFS servers allocate in 1K units so lets report that to Windows. Change-Id: I64ad1844339357733933cd9e360551fdcd450146 Reviewed-on: http://gerrit.openafs.org/11490 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 3f1465f8da47dc589cf27b1c4168ec0bce0fa5d6 Author: pete scott Date: Wed Sep 24 11:00:36 2014 -0600 Windows: Remove trailing slash on non-root directories For the FileNameInformation and FilePhysicalNameInformation queries a trailing slash is required for the \\server\share\ path but is not required for directories below the root. Change-Id: Iabbe7daed4f60ad995c04c70dfb2992af095281e Reviewed-on: http://gerrit.openafs.org/11489 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 70f67371e7fb6262d43874950107864f31f903c9 Author: pete scott Date: Wed Sep 24 10:49:06 2014 -0600 Windows: FilePhysicalNameInfo query AFS prefix In response to the FilePhysicalNameInformation query the AFS redirector failed to include the server name in the response. Since the constructed name is the same as the FileNameInformation query create a helper function AFSGetFullFileName() to populate the file name into the provided buffer and use it to satisfy both queries. Change-Id: I78eef49a9902341c751d942a395921bb687c503b Reviewed-on: http://gerrit.openafs.org/11488 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit af72e83832e0849f04e28a355b5a55166cfc0982 Author: pete scott Date: Wed Sep 24 10:06:38 2014 -0600 Windows: FileInfo too small INFO_LENGTH_MISMATCH The FileAllInformation query is initially processed by the IO Manager and when the IO Manager is passed a buffer that is too small to hold the File Information structure it returns STATUS_INFO_LENGTH_MISMATCH. Previously the afs redirector returned STATUS_BUFFER_TOO_SMALL in this case. Instead follow IO Manager's lead. Change-Id: I74d1b68d37fb9e79cae79408eac1f5dc4dd05e1e Reviewed-on: http://gerrit.openafs.org/11487 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 06995ceb4d664c3f14f6626da447cf9891470719 Author: pete scott Date: Tue Sep 23 13:20:45 2014 -0600 Windows: !overwrite IOMgr populated FileInfo data I/O Manager will populate the FILE_ACCESS_INFORMATION, FILE_MODE_INFORMATION, and FILE_ALIGNMENT_INFORMATION portions of a FILE_ALL_INFORMATION structure prior to forwarding a FileAllInformation FileInfo query to the file system. There is no need for the file system to duplicate the effort. Change-Id: Iaa7f1de95c6b7e42bdc326cc3f4bfe8596add949 Reviewed-on: http://gerrit.openafs.org/11478 Reviewed-by: Peter Scott Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 5ebe2437efa7a64f0b0cc61e2123f9ae766b84cf Author: Jeffrey Altman Date: Wed Sep 10 10:23:17 2014 -0400 Windows: preserve prior vlserver list on dns failure Do not destroy the existing vlserver list if the DNS resolver query fails. Continue using the prior vlserver values until a DNS response is obtained. This will result in repeated DNS queries and a delay if there is continued failure, but it will permit VL RPCs to continue to be issued in the face of a DNS failure or misconfiguration. Change-Id: Icac97c2bebdef744cc316225c1a6b1888ceb2f6e Reviewed-on: http://gerrit.openafs.org/11457 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit f999113d33adadf9b276e2a30c36d2b3a5e74f7d Author: Jeffrey Altman Date: Thu Sep 4 09:16:47 2014 -0400 Windows: power management suspend/resume changes 1. Call cm_UpdateIFInfo() for all power management events to force an update of the valid network interface count. 2. Ensure that regardless of which Suspend and Resume events are generated that the service only suspends once and resumes once. Change-Id: If0c2fe5b6a18dd6b7ee01b511378cb78837efa3d Reviewed-on: http://gerrit.openafs.org/11447 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit ac601314706043f623ace379e3da597a7d5c5e9a Author: Jeffrey Altman Date: Thu Sep 4 09:14:07 2014 -0400 Windows: No network, no probe Modify cm_PingServer and cm_CheckServersMulti to avoid probing servers when there are no network interfaces with which to do so. Just mark the servers down. Change-Id: I5ba6c9813a28ec44b09dccd8f8c5ffc7e0c0ce10 Reviewed-on: http://gerrit.openafs.org/11446 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 15c62a9dd014dc56192c8e880fa6855f5377154e Author: Jeffrey Altman Date: Thu Sep 4 09:11:25 2014 -0400 Windows: introduce cm_MarkServerDown Consolidate the operations necessary to mark a server down into a new routine cm_MarkServerDown() Change-Id: I9f70752498600046d677686c212c3adf3e810bde Reviewed-on: http://gerrit.openafs.org/11445 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit ec1dcfbe29961fad23dec087c2d214be785a7816 Author: Jeffrey Altman Date: Thu Sep 4 09:08:32 2014 -0400 Windows: replace lana_OnlyLoopback() calls lana_OnlyLoopback() relies upon Netbios over TCP being enabled but Netbios over TCP is not officially supported on Vista and above. Replace all lana_OnlyLoopback() calls with a test on the number of network interfaces as computed by syscfg_GetIFInfo(). That list excludes loopback interfaces. Change-Id: I22d952f1487734ead02335108377bc404baa6024 Reviewed-on: http://gerrit.openafs.org/11444 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 95c3db9c7ccb86c7ad384c06094c066107de262c Author: Jeffrey Altman Date: Thu Sep 4 09:04:42 2014 -0400 Windows: cm_UpdateIFInfo consolidate syscfg_GetIFInfo calls Add a new function cm_UpdateIFInfo() that consolidates all of the syscfg_GetIFInfo() call functionality into a single rountine. Replace all of the existing call sites. It is safe to call cm_UpdateIFInfo() without holding cm_syscfgLock during afsd initialization because no other threads have been created. Change-Id: Ifd4ca4f4f698014852a26d2c95a523c3b2cc851f Reviewed-on: http://gerrit.openafs.org/11443 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 092684e2bd31424c958ca3a9e88b7987b4c5555c Author: Jeffrey Altman Date: Thu Sep 4 01:11:01 2014 -0400 Windows: Prevent MDL leak on Cc*Mdl* failure If CcMdlRead or CcPrepareMdlWrite fail, check the IoStatus.Information field to see if any MDL pages have been locked. If the Information value is greater than zero, complete the Mdl operation to unlock the pages. Change-Id: Icb44e74e25b46c7976f3f418410364a90a723d91 Reviewed-on: http://gerrit.openafs.org/11442 Tested-by: BuildBot Reviewed-by: Peter Scott Reviewed-by: Jeffrey Altman commit bf11f54790bcd99f7789b0004d36cc3747f12e11 Author: Benjamin Kaduk Date: Thu Jul 24 20:56:41 2014 -0400 Sort libtool symbol files Some entropy had crept in. Change-Id: I72ae9d16a3aa4b9b66bc8efcda46bdc35edf95c9 Reviewed-on: http://gerrit.openafs.org/11323 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit 544b5096e5f3a12426f149c91dfeba1c5c207002 Author: Ben Kaduk Date: Wed Mar 27 13:37:42 2013 -0400 Remove rx_SetEpoch, rx_SetConnectionEpoch, rx_SetConnectionId The core RX code now manages the Epoch and CID; external callers should not be modifying them. Change-Id: Ia517205aa280b2a0bbd2568274be7fb010fba0bc Reviewed-on: http://gerrit.openafs.org/10843 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a63a07c3357cc6f54ef129e0542ec531f2ce9433 Author: Ben Kaduk Date: Tue Mar 26 19:43:07 2013 -0400 Garbage-collect afs_GCUserData's argument We no longer need the ability to force all rxnull connections to be reaped, as the epoch is set globally. Change the prototype and callers accordingly. Change-Id: I0815fdd035c3dd9d56f72e43603f9c53f5cec79d Reviewed-on: http://gerrit.openafs.org/10842 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 39b165cdda941181845022c183fea1c7af7e4356 Author: Ben Kaduk Date: Tue Mar 26 13:41:40 2013 -0400 Move epoch and cid generation into the rx core Now that we have hcrypto available everywhere, we can get real randomness in the rx core (both uerspace and kernel), and thus can initialize the RX epoch to a real random value when first initializing a host; there is no need to rely on rxkad to produce randomness for this purpose. Initialize a connection ID counter at the same time, and use that in rx_NewConnection, also supplanting rxkad-specific logic. The rxkad-specific logic is removed, and in particular there is no longer a need to export rxkad_EpochWasSet to the rest of the world. The code in afs_Daemon() to check whether the rxepoch was set can be removed, as if the epoch is not set, rx initialization fails. Add libafshcrypto to LIBS in the handful of places it hadn't crept already, and likewise afshcrypto.lib in the NTMakefiles. Change-Id: I1dd1015b29a600aaf72b6b4b36f8a17032453c97 Reviewed-on: http://gerrit.openafs.org/10841 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 0d67b00ff9db48c5555e8ae11daff9a469c770b0 Author: Ben Kaduk Date: Wed Mar 27 17:02:55 2013 -0400 Export heimdal's rand-fortuna PRNG to the kernel Some systems (e.g., AIX, SGI, DFBSD, HPUX) do not supply a useful implementation of osi_readRandom(), in some cases because the kernel does not expose a random-number interface to kernel modules. We want real random numbers on all systems, because we want to use the for setting the RX epoch and connection ID in the kernel. Build hcrypto's rand-fortuna PRNG into the rand-kernel interface we expose, and implement RAND_bytes using rand-fortuna when osi_ReadRandom() is not useful. Add stub routines to config.h as needed, and add a heim_threads.h with the necessary locking for rand-fortuna. The rand-fortuna algorithm requires some measure of time's passage, so provide a stub gettimeofday() with single-second resolution. We use a single (global) mutex for the hcrypto kernel code, so that we can statically declare an initializer to be the address of that mutex. Otherwise the locking is taken essentially wholesale from rx_kmutex. rand-fortuna requires the sha256 code for its hashing, and also requires a stub rand-fortuna to satisfy linker symbol visibility. Since the rand-fortuna code does not have any actual sources of entropy available to it during its initialization routines, we must explicitly seed the in-kernel rand-fortuna using entropy passed in from userland. (Userland will always have at least /dev/random available, so the userland hcrypto should always have usable entropy.) Be sure to do so early in the afsd startup sequence, before any daemons are started, so that entropy is available to the core rx code for generating the epoch and cid -- the rand-fortuna code will (erroneously) always claim that it has startup entropy even though in this case it may not actually have any entropy. The rand-fortuna code does not consider itself fully seeded until it has 128 bytes of entropy, so be sure to pass more than that in from userspace. It is preferrable to always build this code into the kernel, even on systems when it is not going to be used, to help prevent bitrot. This also avoids the possibility of a new system being supported that would attempt to use the rand-fortuna code but fail to supply any seed entropy, which would not necessarily be readily apparent. Change-Id: I614d2bd9ac52803ec3b9572cc694cd836c8427dd Reviewed-on: http://gerrit.openafs.org/10840 Reviewed-by: D Brashear Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit bcf3d33f2879e00c894afc7fc53c6116ad3bad5a Author: Benjamin Kaduk Date: Mon Sep 8 14:46:34 2014 -0400 Add missing tests to tests/opr/.gitignore dict-t and fmt-t were missing. While here, sort the existing entries. Change-Id: If62e0f9f93f4d51900cdd7747beede561861f51e Reviewed-on: http://gerrit.openafs.org/11454 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 75d9e4b954d86ff2efbd230cba95b559b88de6d8 Author: Benjamin Kaduk Date: Mon Sep 8 13:40:48 2014 -0400 Fix memset invocation in rx/event-t.c The order of the parameters was swapped, which recent gcc complains loudly about. Change-Id: I2329ca3dd0eee81639731e78172621b580199024 Reviewed-on: http://gerrit.openafs.org/11451 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 11efae8362c5c73cdac19ef9f1c5e7f9c33883d8 Author: Simon Wilkinson Date: Mon Aug 25 16:25:43 2014 +0100 ubik: Don't leak UBIK_VERSION_LOCK if udisk_LogEnd fails If the call to udisk_LogEnd() fails (probably due to an I/O error) don't leak the UBIK_VERSION_LOCK. This is the possible cause of a vlserver deadlock, which had approximately 4800 threads blocked. Analysis of backtrace of all of these threads showed that all blocked threads were waiting in ubik.c:555 (blocked on DBHOLD) with the exception of: One in beacon.c:388 (blocked on UBIK_VERSION_LOCK) One in recovery.c:503 (blocked on DBHOLD) One in ubik.c:125 (blocked on DBHOLD) One in ubik.c:585 (blocked on UBIK_VERSION_LOCK) The last of these is the critical one, because it already holds the lock that DBHOLD waits on - so despite the vast majority of threads being blocked in DBHOLD, it's actually UBIK_VERSION_LOCK that we're waiting on. There is no sign of a thread which is still active which currently holds UBIK_VERSION_LOCK. Change-Id: I1627b448d359152237912d4d78c9fa52c7149aa0 Reviewed-on: http://gerrit.openafs.org/11427 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit b9bbd21e88e2050957c1a7d49f3ad603cae763b2 Author: Simon Wilkinson Date: Mon Aug 25 16:15:26 2014 +0100 ubik: Don't leak UBIK_VERSION_LOCK if setlabel fails If a call to the setlabel() physical IO function fails, don't leak the UBIK_VERSION_LOCK. This is the possible cause of a vlserver deadlock, which had approximately 4800 threads blocked. Analysis of backtrace of all of these threads showed that all blocked threads were waiting in ubik.c:555 (blocked on DBHOLD) with the exception of: One in beacon.c:388 (blocked on UBIK_VERSION_LOCK) One in recovery.c:503 (blocked on DBHOLD) One in ubik.c:125 (blocked on DBHOLD) One in ubik.c:585 (blocked on UBIK_VERSION_LOCK) The last of these is the critical one, because it already holds the lock that DBHOLD waits on - so despite the vast majority of threads being blocked in DBHOLD, it's actually UBIK_VERSION_LOCK that we're waiting on. There is no sign of a thread which is still active which currently holds UBIK_VERSION_LOCK. Change-Id: Ie6093409e9375d50fa69733908b5ce99586e1b1d Reviewed-on: http://gerrit.openafs.org/11426 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit 123f0fb134370ffe417d466fb9d103b13565960a Author: Garrett Wollman Date: Thu Aug 28 03:09:49 2014 -0400 config: remove support for old FreeBSD releases The FreeBSD project no longer supports 5.x, 6.x, or 7.x releases, and has not done so for a long time. It's unlikely the OpenAFS works properly on any of them, if it even still builds, since it is not regularly build-tested on anything older than 8.3. Unclutter src/config by removing the param.*.h files for these obsolete releases. Change-Id: Iedd11e9a9045b39d2193c61b9833abd592d1bfa2 Reviewed-on: http://gerrit.openafs.org/11438 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit ad655372fcb3f41a648f055668afaaad6af8a675 Author: Garrett Wollman Date: Thu Aug 28 03:04:19 2014 -0400 README: update for current state of FreeBSD support The FreeBSD project hasn't supported releases prior to 8.x for a long time now, and OpenAFS is neither built nor tested regularly on anything that old. Dedocument support for these releases in preparation for later removing configuration support. Change-Id: I42e78291cfed91e20b3414576cf885a11b7f341b Reviewed-on: http://gerrit.openafs.org/11437 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 65ec004ce5fdca7446f65cb70f720a77a861762c Author: Hans-Werner Paulsen Date: Tue Aug 26 11:55:06 2014 +0200 vos clone use the value of the -toname argument The -toname argument was not followed with the vos clone command. The name of the clone volume was always ".clone". Change-Id: I76b78d239ecb38e793098078ac34a703f2ffeeeb Reviewed-on: http://gerrit.openafs.org/11431 Tested-by: BuildBot Reviewed-by: D Brashear commit 58e4e4802d4208604a6aa05362454e6174fe3277 Author: Jeffrey Altman Date: Tue Apr 8 03:27:26 2014 -0400 Windows: Avoid deadlock during pending delete cleanup Release the Fcb resource and clear the AFS_DIR_ENTRY_PENDING_DELETE flag prior to the AFSProcessRequest(AFS_REQUEST_TYPE_CLEANUP_PROCESSING) if a delete is pending during cleanup of the last FCB open handle. Failure to do so results in an out of order lock acquisition when the parent object info tree lock is acquired after the AFSProcessRequest() call to the service completes. Change-Id: Id1c770b3dfe669d6804276bbe832af2d215c72dc Reviewed-on: http://gerrit.openafs.org/11425 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 1e6fb1b7b7ed32e2035452db9fc221f38a8b4956 Author: Hans-Werner Paulsen Date: Thu Aug 14 11:56:22 2014 +0200 use V_copyDate in DumpHeader for cloned volumes Volume dumps can be created from backup volumes, cloned volumes, or directly from RW volumes. The beginning and end of the time range covered by the dump is recorded in the DumpHeader. The end time is based on the type of the volume. Use backupDate for backup volumes, use copyDate for cloned volumes, and updateDate for RW volumes. Change-Id: I18206d25f056e553eed2f3c3e0695fed003f3714 Reviewed-on: http://gerrit.openafs.org/11389 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: D Brashear commit d93b89ddb61d44b47f039ae96af6304f2d87b5e2 Author: Jeffrey Altman Date: Tue Jan 21 04:19:28 2014 -0500 Windows: AFSEvaluateTargetByName NULL ptr assignment If DirEnumEntry is NULL, then on failure of AFSEvaluateTargetByName() a NULL pointer will be dereferenced prior to function return. Change-Id: I6d0d646e667c4b805abcddce1af49b81037ae51d Reviewed-on: http://gerrit.openafs.org/11422 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 1ce48e9e93c686aef24bb066ce76c2fcf08f96b6 Author: Jeffrey Altman Date: Thu May 8 16:34:25 2014 -0400 sys: pioctl_nt translate WinErr to Unix When reading the result of a pioctl fails with ERROR_NOT_SUPPORTED this must be translated to an EINVAL errno. Change-Id: I3db03f80b8a0da5d7e4931dc5673c7010d580d8d Reviewed-on: http://gerrit.openafs.org/11417 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit fc70e0ddebb8521a69aaeb6e1d249b9ca577db52 Author: Jeffrey Altman Date: Sat Jun 14 22:58:52 2014 -0400 Windows: registry enum do not request write perm Only Read and Query privileges are required to enumerate the registry keys, do not request write privileges for an enumeration. Change-Id: Ifc9acb4203db71b6e94bf5a21ca5aa104d94d35b Reviewed-on: http://gerrit.openafs.org/11416 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 47ef2e4e514234bb947cdf325634ad0b8ae5d7da Author: Jeffrey Altman Date: Sat Jun 28 23:03:45 2014 -0400 Windows: Do not sync callbacks when only need locks Syncing lock operations with callback fetching is unnecessary because local lock state is not tracked via callbacks. More importantly it risks blocking the cm_LockDaemon thread which needs to be able to renew locks without obstruction. Change-Id: Iabe9bb33fef599c4eb0e876e222587ee3e2fdb49 Reviewed-on: http://gerrit.openafs.org/11415 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit bcaaf4640d06c761b798c1eb2c82f81f21ec78d8 Author: Jeffrey Altman Date: Tue Aug 5 01:40:22 2014 -0400 Windows: do not forget cm_SyncOpDone If cm_SyncOp was called, then cm_SyncOpDone must be called. By goto out of the loop, the cm_SyncOpDone call was skipped. Change-Id: I20105ec8708c19eecbf215258ada0779cd705f73 Reviewed-on: http://gerrit.openafs.org/11414 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit bf687348e0269deb0d76475ba9b7219a6e1b40e8 Author: Jeffrey Altman Date: Mon Aug 18 15:28:14 2014 -0400 Windows: set hard dead timeout not conn timeout for probes For the Rx connections used for probing VL and FILE servers set a hard dead timeout and not a connection timeout. A connection timeout will not terminate the call as long as the lastReceiveTime continues to be updated by ping packets. The hard dead timeout will cause the connection to fail when the 10 second limit expires. Change-Id: I371dcd95fc0ff822a205cf903fa6218e80a2b042 Reviewed-on: http://gerrit.openafs.org/11401 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 8e23809542556937a0845246960a0f5484b6cf1e Author: Jeffrey Altman Date: Mon Aug 18 15:25:50 2014 -0400 Windows: Freelance whole volume rdr invalidate When updating the Freelance directory do not notify the redirector of individual objects to invalidate since that can leaad to race conditions. Send whole volume invalidations since that is what is required in any case. Change-Id: I22a963907ebbb3da3178750670a2897603463cfe Reviewed-on: http://gerrit.openafs.org/11400 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d5b6a545ed1e9f01c295280495b806981d9877d3 Author: pete scott Date: Wed Aug 13 15:28:49 2014 -0400 Windows: Obtain File Attribs for DFS Link target The AFSRetrieveFileAttributes() function is used to acquire the attributes for an AFS symlink. The result is either returned directly to the application or used internally to determine the attributes to be exposed by reparse points. If the evaluated symlink crosses a DFS Link the redirector cannot return the request to IO Manager to evaluate the target. Instead the redirector must handle the request internally and attempt to read the attributes of the target object. Change-Id: If14df8dc41e13fd59b524fdb575c46abab1dfc2f Reviewed-on: http://gerrit.openafs.org/11399 Reviewed-by: Peter Scott Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit dceb8d6336e574a735b9887cf670c229bc6ee446 Author: pete scott Date: Mon Aug 11 13:18:16 2014 -0400 Windows: LocateName skip DFS Link only last component As with Mount Points and Symlinks, when AFSLocateName() is called to process a CreateFile with Open_Reparse_Point enabled, DFS Link processing must be disabled only for the last component in the path. Failure to do so results in the AFS Redirector succeeding IRP_MJ_CREATE calls that should be given back to the IO Manager so the path can be evaluated by another file system. Change-Id: I1627e7c6582d3a80d99dd2acc5171135a6a7bc4b Reviewed-on: http://gerrit.openafs.org/11398 Reviewed-by: Peter Scott Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d36b8ff8db63ee893941d57422e54ca05e4a1564 Author: Jeffrey Altman Date: Mon Aug 11 01:07:27 2014 -0400 Windows: Reparse Policy vs DFSLinks When a reparse policy is specified and AFSLocateNameEntry() returns with STATUS_REPARSE, do not re-evaluate the path with the reparse policy disabled. STATUS_REPARSE was returned because the FileObject's FileName was modified and the IO Manager needs to reparse the request. Change-Id: I290837357793d3961833923ea1d5300d08bf7dfc Reviewed-on: http://gerrit.openafs.org/11397 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 68d5e229e9bca83b90cd3e4c8c17719ea9864b00 Author: Jeffrey Altman Date: Mon Aug 11 01:41:52 2014 -0400 Windows: AFSParseRelatedName always use related name When parsing a RelatedFileObject always refer to the RelatedFileObject FileName and not the IrpSp->FileObject. Set the output FileName to pRelatedCcb->FullFileName Test pRelatedCcb->FullFileName for wild cards Change-Id: I86f5bb7fc05eddc0d3d1ca9fbb069248af23be98 Reviewed-on: http://gerrit.openafs.org/11396 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 2f4f1e3f8619b1531838a62031e969cbf64be7dd Author: Jeffrey Altman Date: Mon Aug 11 01:38:54 2014 -0400 Windows: AFSParseName always set FileName output The FileName output parameter is used by the caller even when an error occurs. In case of error it indicates that path that failed to parse. Not all of the error paths set FileName. Start AFSParseName() with FileName referring to IrpSp->FileObject->FileName. It can be updated as required later. Change-Id: I37c615aa815affec0c8f4dfef7d8c5777650c275 Reviewed-on: http://gerrit.openafs.org/11395 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d57d87a87a6041b1596532c7fe08795ae9d91b95 Author: Jeffrey Altman Date: Mon Aug 11 01:28:12 2014 -0400 Windows: Refactor AFSParseName related name parsing AFSParseName() is a very long complex function. Extract the parsing of RelatedFileObject name parsing to a new function AFSParseRelatedName(). This removed ~160 lines of source code out of AFSParseName(). This changeset is not intended to introduce any functional changes. Change-Id: If04a1bee0c104461f2d8bc33bca426e9ff71be74 Reviewed-on: http://gerrit.openafs.org/11394 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit da1597d74a0f56e35a156ec27df231f965934910 Author: Michael Meffie Date: Tue Feb 18 15:23:54 2014 -0500 vos: cross-device link error message Print a better diagnostic message for cross-device link errors, which happens when a clone volume is not in the same partition as the parent read-write volume. Change-Id: If58284a1dc53f8264fb17757f37c627fc2a378db Reviewed-on: http://gerrit.openafs.org/10850 Reviewed-by: D Brashear Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit f433bc779b18e0111a122e9baf5cbddc4864f101 Author: Perry Ruiter Date: Wed Jun 4 15:27:32 2014 -0700 redhat: Fix minor whitespace errors in openafs-kmodtool During review of commit c20c01185ed748b2bc823369a8f28cf004b7d1c9 gerrit flagged one of the changed lines as having a trailing whitespace error. This patch corrects that error and several others that were in the file. Change-Id: I3668e67e456322cccdfa76df935951053f9b6a48 Reviewed-on: http://gerrit.openafs.org/11200 Reviewed-by: Ken Dreyer Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 418ca56f911a05d9487f4c3c3dc2ca2d37c5da15 Author: Perry Ruiter Date: Tue May 27 00:07:52 2014 -0700 Correct comment typos in a couple files Correct typos in a couple files. These were noticed while researching code paths. Comment changes only. No code change. afs/afs_stats.h has source file names updated on several lines. Many source file name comments are wrong in this file. I didn't attempt to correct them all, just the ones I bumped into. If I bump into others in the future I'll fix them then. rx/rx_call.h has source of enumerated types corrected. Change-Id: Ie78b7f20b5c9c2261ec8a73701e77bdfbabd8465 Reviewed-on: http://gerrit.openafs.org/11172 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Michael Meffie Reviewed-by: Jeffrey Altman commit 1283226ccb638be47ead6cc4d9a47381aa6b08d1 Author: Michael Meffie Date: Wed Aug 6 15:08:33 2014 -0400 volscan: fix copyright and licence notice These are new files and new content; fix the copyright notice and license to reflect. Change-Id: I8d5f00fb7edaf2e3855e2dc2a1af07bba471c0d6 Reviewed-on: http://gerrit.openafs.org/11362 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 2ceb387191d4dced7815237c20a9b2cb577ad3df Author: Ben Kaduk Date: Mon Jul 21 17:30:36 2014 -0400 Remove some incomplete struct initializers C99 requires that objects with static linkage, which includes global variables, be initialized to zero/NULL. It is possible that old compilers required a hack of using one explicit initializer and relying on the requirement from C99 that the elements of the structure not listed in the initializer be initialized as if it had static linkage. These incomplete initializers seem to have been introduced to support old OS X compilers which are not believed to still be in use. Using a complete explicit initializer is undesired here, as the rxkad statistics structures have a great number of elements and the uuid structure is somewhat complicated. Change-Id: Iefe7842cbf874252267cb3a8aee5d90ec2cab169 Reviewed-on: http://gerrit.openafs.org/11374 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Garrett Wollman Reviewed-by: Jeffrey Altman commit f81f17938cf9ec2dfa3541983c125afc37817698 Author: Ben Kaduk Date: Mon Jul 21 17:50:50 2014 -0400 FBSD: avoid unused-variable warning This variable is passed as an argument to the ma_vn_lock() compat macro, which ignores the thread argument on some versions of FreeBSD. Make the variable only be declared in those cases when it will be used. Change-Id: I1ed10654fb402f4feec55d6d7c7ece6f0c78bc8e Reviewed-on: http://gerrit.openafs.org/11373 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit edafaf047b13a0defdfbca55b7517a52a33bdda5 Author: Ben Kaduk Date: Mon Jul 21 14:13:39 2014 -0400 FBSD: initialize 'retval' for afs3_syscall In the same way as linux_ret. An ugly hack, but retval is not really used for anything relevant at the moment, and the compiler will warn about it being used uninitialized otherwise. Change-Id: Ia31ea6668ac3bc2edbec143d0b839f3e797ff424 Reviewed-on: http://gerrit.openafs.org/11372 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit 59e9b3b409be73dfd004077b634958abcd79b91d Author: Ben Kaduk Date: Mon Jul 21 11:01:04 2014 -0400 Avoid a name conflict in a local variable Modern compilers will warn when a variable in a nested scope hiding a variable of the same name in an outer scope. One of the arguments to afs_lhash_remove() is already named 'data'; don't reuse that name for a local variable. Change-Id: Icbb5010d298110cd4dab395fc5eec45e01ec9ba3 Reviewed-on: http://gerrit.openafs.org/11371 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit 64da7c133a66a15233c2cdc5d9a8f71d17d80d77 Author: Benjamin Kaduk Date: Thu Jul 24 09:40:21 2014 -0400 Make kernel hcrypto calloc return zeroed memory As far as I can tell, the afs_osi_Alloc contract does not guarantee zeroed memory. On FreeBSD, with a debug kernel, it definitely does not currently provide zeroed memory, returning instead memory initialized with 0xdeadc0de. Properly speaking, the role of calloc() is to both check for overflow from the multiplication and to produce zeroed memory. However, since we do not have a reasonable way to report failure, do not bother checking for overflow at this time. Change-Id: I187c2057d473fba869692c1dfa11735502b260c1 Reviewed-on: http://gerrit.openafs.org/11322 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit 9dd67783bb2bd9ef8a972a1aac47b1925069a655 Author: Garrett Wollman Date: Wed Aug 13 02:32:06 2014 -0400 viced: time_t might not be long Fix a couple of printf format errors that bite on FreeBSD 10 for i386. Since time_t might be an int, it can't be printed with a long format. Since time_t might be a long in general, cast to it to long when printing. Change-Id: Iecc4487adee7a64542dd2dc17f94485a6198e707 Reviewed-on: http://gerrit.openafs.org/11385 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit f02beb8d644ec2a52bf21737a040321905a39e20 Author: Garrett Wollman Date: Wed Aug 13 02:20:02 2014 -0400 afsd: correct printf format mismatch in debugging printf On platforms where size_t is unsigned int, the type of cacheFiles * sizeof(AFSD_INO_T) is not an unsigned long as the format string requires. Casting cacheFiles to unsigned long ensures that the result is at least unsigned long, although it will still be wrong if any architecture makes size_t be long long. Fixes build for FreeBSD 10 on i386. Change-Id: Ifd124d81b16f53133293dd591f7f8cf2f7d3175a Reviewed-on: http://gerrit.openafs.org/11384 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 80f4939a3b9e1d48c03d0797a21c9e77a844cf7f Author: Stephan Wiesand Date: Fri Aug 8 17:13:09 2014 +0200 redhat: package volscan Add volscan and the manual page to the files in the server package. Change-Id: I97c210da1e0d9d28682e555e92863c4c408b94da Reviewed-on: http://gerrit.openafs.org/11370 Tested-by: BuildBot Tested-by: Stephan Wiesand Reviewed-by: Stephan Wiesand Reviewed-by: Jeffrey Altman commit 2e2bef28f00f505190c21bd42398f6a01268879c Author: Mark Vitale Date: Fri Jun 6 19:27:04 2014 -0400 opr: opr_AssertionFailed undefined in kernel module The opr_Assert in opr_rbtree_remove is incompletely defined; the opr_Assert macro is defined in opr.h, but the definition for the opr_AssertionFailed routine it invokes is not included. This allows the kernel module to build successfully even though it retains a hidden undefined reference for opr_AssertionFailed. However, the logic in obr_rbtree_remove ensures that this particular opr_Assert can never fail - it is superfluous. Some compilers (e.g. gcc for Linux AFS kernel module builds) are able to recognize this and optimize it out. Others (e.g. Solaris 5.12) do not, and when this happens the OpenAFS build appears to succeed but the kernel module will fail to load due to the undefined symbol. Remove the superfluous opr_Assert. This partially reverts commit 9f8b765bbdbb8913fcadbde8d3362039e9dc8e61. Change-Id: I4ed2b1873c434e41dce0f2e474926bf8b449b819 Reviewed-on: http://gerrit.openafs.org/11296 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit 594e2980a0ab12f6967d626b842fc6569f4343e4 Author: Jeffrey Altman Date: Wed Aug 6 14:34:46 2014 -0400 Revert "libafs: remove stray "-v 2" argument to afs_compile_et" This reverts commit d7082793eedc46d3647d38ffdf5a2b52fadb3cc3 Change-Id: I8ad37f109fc244d198f85c4642dcf1e8eb33a184 Reviewed-on: http://gerrit.openafs.org/11360 Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit e0d0e6ffdbb11d5445b129ef0bd5030aec59d333 Author: Andrew Deason Date: Thu Jul 17 10:33:23 2014 -0500 LINUX: Avoid premature RO volume lock error Commit 0fc27471e7da0c5de4addcdec1bfbca5208072cc avoids processing lock requests for RO volumes, but it did this both in afs_lockctl() and in the Linux-specific afs_linux_lock(). The changes in afs_linux_lock() are incorrect, since they also avoid F_GETLK requests (whereas afs_lockctl() just avoids F_SETLK* requests). Additionally, the section in afs_linux_lock() incorrectly reports an error, since it returns a positive EBADF error code, when we are supposed to return -EBADF. The result of all of this is that an F_GETLK F_WRLCK request for an RO volume always fails with fcntl() returning 9 (EBADF), which is an invalid return code for fcntl() F_GETLK (instead we should return -1 with an errno of 9). But if there are no locks, we should return success anyway. Just remove this section, since afs_lockctl() handles this case itself anyway. Thanks to Todd Lewis for reporting this issue. Change-Id: Ia7f3f0b1bdbb922dca06be9de02a9c2b33f9ffee Reviewed-on: http://gerrit.openafs.org/11316 Reviewed-by: Marc Dionne Reviewed-by: D Brashear Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot commit 7ca2cce89ea525c73bc1571578c316016c6c4461 Author: Michael Meffie Date: Fri Nov 8 16:22:48 2013 -0500 tools: fix unpack in example sysvmq audit reader Fix the unpack in the example sysvmq audit reader script to correctly unpack the message type, which is an native long. From the msgrcv perl docoumentation: Note that when a message is received, the message type as a native long integer will be the first thing in VAR, followed by the actual message. This packing may be opened with "unpack("l! a*")". Change-Id: I5c5480c30d530b384d8057fb071b01e67f1b4ad2 Reviewed-on: http://gerrit.openafs.org/10445 Reviewed-by: D Brashear Tested-by: D Brashear commit 36ce11ce5506fba2de3d46120f68b15467996273 Author: Mark Vitale Date: Sun Jun 29 16:27:37 2014 -0400 afs: remove cruft from Solaris afs_freevfs Remove some unused variables left behind in a previous refactor of flushing vcaches during afs_shutdown (commit 80fe111f0044aa7a67215ad92210dc72cb7eb2c0). Change-Id: Ie0a23cb08fc2946f1c400b8ce8e15ef3dc22ec20 Reviewed-on: http://gerrit.openafs.org/11310 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit bf5685e537ea3991644ee5e79de0f88c34508c59 Author: Stephan Wiesand Date: Wed Jul 23 13:57:50 2014 +0200 volinfo: fix documenting comments As pointed by Andrew deason during review of the 1.6 pullup of commit ae27283550dab33704f30e18975722e0ed2c5424, psize is not a parameter of HandleHeaderFiles, and in function HandleSpecialFile it is of type inout since the value is first read by the += operation. Fix this, and try to improve the description of psize too. Change-Id: Ia728b20475f0c44b6104dc954aaa04d5f0f098b5 Reviewed-on: http://gerrit.openafs.org/11319 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 2edf5c0382385f898a017fd8e0e2429f8b2b3520 Author: Andrew Deason Date: Thu Jul 24 11:07:45 2014 -0500 LINUX: Check afs_lookup return code explicitly Checking if the returned vcache is NULL or not is a bit of an indirect way to check if an error occurred. Just check the return code itself, to make sure we notice if any kind of error is reported. Suggested by Chas Williams. Change-Id: I61cc7304e9885ddaaebe96db3b12457cb6224420 Reviewed-on: http://gerrit.openafs.org/11321 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: D Brashear commit 774d77e056515ae3e87c8f0be8e133c3cdb36bbb Author: Ben Kaduk Date: Fri Jul 18 15:19:24 2014 -0400 FBSD: adhere to gop_lookupname() semantics The current semantics are that gop_lookupname() returns an unlocked vnode; the previous code was written to a different semantic that a locked vnode should be returned. This makes a disk cache more likely to work on FreeBSD, but such configurations remain not very tested. Change-Id: I12ac77cd271be72af2fa4045c2ebf576847b625e Reviewed-on: http://gerrit.openafs.org/11317 Tested-by: BuildBot Reviewed-by: D Brashear commit b18b59e03689a20e988b6068499c6f2a561fcbdc Author: Stephan Wiesand Date: Thu Jul 31 20:50:04 2014 +0200 libafs: remove stray "-v 2" argument to afs_compile_et Commit 4e6b7ab904d38d38da1b80a7342bd815668a8c09 separated the compile_et rules for creating the source and header files using the new -emit functionality. During review for inclusion in 1.6, Chas Williams spotted a stray "-v 2" carried over to the rule for creating the header file, where it doesn't apply. Remove it. Change-Id: I554354eae0fa018e56fe7b78df69a43e5b5a0b07 Reviewed-on: http://gerrit.openafs.org/11347 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit 51c97beb3f3bb68704d33e126561b8c2866ddab3 Author: Michael Meffie Date: Mon Jul 28 20:57:01 2014 -0400 libafs: fix vrequest leak in afs_lookup Fix vrequest leak introduced in commit 9930567bcf9655d3f562b210b2dc4b4a99226691. Thanks to Andrew Deason for finding this error. Change-Id: I8fc1391ab43f33c5a8208ff58d1d0641292cf63e Reviewed-on: http://gerrit.openafs.org/11337 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Andrew Deason Reviewed-by: Jeffrey Altman commit b7f1763652fb932ca5bd3f3351a48df11e58f2dc Author: Michael Meffie Date: Mon Jul 28 17:27:40 2014 -0400 libafs: do not allow NULL creds for afs_CreateReq Do not allow callers to pass a NULL cred to afs_CreateReq. This avoids setting the uid of zero in the vrequest when no cred is passed. Update callers to pass afs_osi_credp for an anonymous cred when no cred is available. Thanks to Andrew Deason for pointing out afs_osi_credp should be used. Change-Id: I05f694026ec72ab701160d9920e47c16cda46cd7 Reviewed-on: http://gerrit.openafs.org/11336 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit eb5102e998d09466c5169eabe96d3e1ed1919d17 Author: Chas Williams (CONTRACTOR) Date: Thu Jul 31 11:45:14 2014 -0400 config: Refactor the FreeBSD configuration files Use a common file for most of the platform specific settings. Change-Id: If95ad44de99fc3320570d53d706fed4d760fe67d Reviewed-on: http://gerrit.openafs.org/11346 Tested-by: BuildBot Reviewed-by: Garrett Wollman Reviewed-by: D Brashear commit c5f8d5adb252e7ba0b6ac51b0eb191e2d0b7bf23 Author: Chas Williams (CONTRACTOR) Date: Thu Jul 31 11:40:23 2014 -0400 config: AFS_SHORTGID no longer in use Remove the AFS_SHORTGID macro from the param header files. There are no usages in the rest of the source tree. Change-Id: I417b6e90fa9a094bfef727134b640964596eceb3 Reviewed-on: http://gerrit.openafs.org/11345 Tested-by: BuildBot Reviewed-by: Garrett Wollman Reviewed-by: D Brashear commit 9d61dd420df47cff6926ea5daa510527b243b13b Author: Chas Williams (CONTRACTOR) Date: Thu Jul 31 11:14:57 2014 -0400 config: Updates to AFS_HAVE_STATVFS for FreeBSD Always define AFS_HAVE_STATVFS. According to the man page, statvfs() appeared in FreeBSD 5.0. Additionally, this macro is only used for userspace which eliminates all disables except for FreeBSD 5.0 which appears to have just been an oversight when the param file was created from the 4.x param files. Also fixes the comment so it reflects the actual choice. Change-Id: Ibdcd694e9c4a0d0cecccd91a51962af6fb11ff36 Reviewed-on: http://gerrit.openafs.org/11344 Tested-by: BuildBot Reviewed-by: Garrett Wollman Reviewed-by: D Brashear commit 9171cbda2f7e5016186dbe0438758047d53be452 Author: Chas Williams (CONTRACTOR) Date: Mon Jul 28 08:24:48 2014 -0400 config: Remove deprecated macro from FreeBSD configuration files The macro STDLIB_HAS_MALLOC_PROTOS was deprecated in commit daff4006627fc88be85dade3d72aa45e57a6804a. Change-Id: I9c2129f6f3d5be6a00ef6ddd358967e0fd4f7ec9 Reviewed-on: http://gerrit.openafs.org/11333 Tested-by: BuildBot Reviewed-by: Garrett Wollman Reviewed-by: D Brashear commit 05dbea9fc4da02c6349d9e0b69656acb3254cfe8 Author: Michael Meffie Date: Fri Aug 1 18:27:35 2014 -0400 libafs: fix error location code in LINUX/osi_export Fix the missing error location code introduced in commit 40fb2650b783fbafe51aefd3d0af7a6b0536c265 libafs: allocate vattrs in LINUX to reduce stack used Use location number 104, which is the next in the sequence. The code in this module is compiled when building the nfs translator, which is only built under linux when configure detects it is possible. Thanks to Andrew Deason for spotting this error. Change-Id: I00c834bc915fa3be7d5f27467895930e4f62aa76 Reviewed-on: http://gerrit.openafs.org/11351 Reviewed-by: Andrew Deason Tested-by: Andrew Deason Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit a5866b3a7c21551a8aa40fc6141cca3a65fea563 Author: Andrew Deason Date: Wed Jul 23 11:54:47 2014 -0500 LINUX: Drop dentry if lookup returns new file Background: when an entry is looked up after its parent changes, afs_linux_dentry_revalidate re-looks-up the entry name in its parent. If we get an ENOENT back, we d_drop the dentry, and in any other situation we just d_invalidate it. As discussed in prior commits 997f7fce437787a45ae0584beaae43affbd37cce and 389473032cf0b200c2c39fd5ace108bdc05c9d97, we cannot simply d_drop the dentry in all cases, because that would cause legitimate directories to be reported as "deleted" if we just failed to lookup the entry due to e.g. transient network errors (this causes, among other things, 'getcwd' to fail with ENOENT). However, this logic has problems if the dentry name still exists, but points to a different file; the case where 'tvc != vcp' in afs_linux_dentry_revalidate. If that case happens, and the dentry is still held open by some process, we will continue to try to reference the vcache pointed to by the 'old' dcache entry, which is incorrect. To maybe more clearly illustrate the issue, consider the following cases: $ sleep 9999 < /afs/localcell/testvol.ro/dir1/file1 & $ rm -rf /afs/localcell/testvol.rw/dir1 $ mkdir /afs/localcell/testvol.rw/dir1 $ vos release testvol $ ls -l /afs/localcell/testvol.ro ls: cannot access /afs/localcell/testvol.ro/dir1: No such file or directory total 0 d????????? ? ? ? ? ? dir1 Here, on the last 'ls', afs_linux_dentry_revalidate will afs_lookup 'dir1', and notice that it points to a different file (tvc != vcp), and will d_invalidate the dentry. But since the file is still held open, the dentry doesn't go away, and so we are still pointing to the vcache for the old, deleted 'dir1'. That file doesn't exist anymore on the fileserver, so we get an ENOENT when actually trying to stat() it (we get a VNOVNODE from the fileserver, whcih gets translated to an ENOENT). A possibly more serious case is when the file is just renamed: $ sleep 9999 < /afs/localcell/testvol.ro/dir1/file1 & $ mv /afs/localcell/testvol.rw/dir1 /afs/localcell/testvol.rw/dir1.moved $ mkdir /afs/localcell/testvol.rw/dir1 $ touch /afs/localcell/testvol.rw/dir1/file2 $ vos release testvol $ ls -l /afs/localcell/testvol.ro/dir1 total 0 -rw-rw-r--. 1 1235 adeason 0 Jul 23 11:09 file1 $ kill %1 $ ls -l /afs/localcell/testvol.ro/dir1 total 0 -rw-rw-r--. 1 1235 adeason 0 Jul 23 11:10 file2 In this situation, the same code path applies, but the old file still exists, so we will continue to use it without error. But since we are still pointing at the old file, of course the results are incorrect. Once we kill the process holding the file open, the bad dentry finally goes away and the results are valid again. To fix this behavior, d_drop the dentry in all cases, except when we encounter an error preventing the lookup from being done. This ensures that the dentry is unhashed from the parent directory in the scenarios above, and so cannot be used for a subsequent lookup. With this change, the only afs_lookup response that causes a simple d_invalidate is when we encounter actual errors during the lookup (such as transient network failures). This is correct, since in those cases we don't _know_ that the dentry is wrong. For all other cases, we do know that the dentry is wrong and so we must force it to be unhashed. Change-Id: I11a2db1e05d68a755a77815ec5e8d01ac7b36129 Reviewed-on: http://gerrit.openafs.org/11320 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Andrew Deason Reviewed-by: D Brashear commit 2d89d447c8b00a40d3fc559813fe31c177da164b Author: Andrew Deason Date: Wed Jul 30 11:12:39 2014 -0500 ptserver: Fix RemoveFromSGEntry hentry memcpy In this function, hentry is the "previous" continuation entry that we looked at, and centry is the "current" continuation entry. We keep track of the previous continuation entry in case we need to update its 'next' pointer, which we do if we free one of the continuation entries because it is empty after the removal. So, this memcpy is supposed to copy the current entry to the previous one, but the arguments are flipped, so we just copy zeroes to centry (since hentry is initialized to zeroes early on in the function), and hentry never gets set to anything besides zeroes. The effect of this is that whenever a ptdb entry has more than one continuation entry, and we free up any of them after the first one via RemoveFromSGEntry, the previous continuation entry becomes blanked (though the 'next' pointer should still be correct). This means the membership information for that group is not recorded correctly, as it loses a chunk of the IDs that it is a member of. The reverse mapping should still be intact (the parent groups have a pointer to the sub-group), but the group probably doesn't function correctly. The reason this happened is because of the confusing conversion from bcopy to memcpy. Most of the instances of bcopy/bcmp/bzero/etc were converted (correctly) back in commit c5c521af, but the supergroups implementation was added afterwards, in 8ab7a909, and contained a bcopy reference. This bcopy was converted to memcpy in 58d5f38b, but the argument order was not corrected, causing this bug. To fix this, just flip the first two arguments of the memcpy. Just get rid of the casts here, too, to match the code in the non-supergroups RemoveFromEntry and elsewhere. Change-Id: Ibcbbdcb13ef5c033ea3452555832a0fd3f916efd Reviewed-on: http://gerrit.openafs.org/11340 Tested-by: BuildBot Reviewed-by: D Brashear commit 11e68c181ab9cb09e89e27a33e86d49bbfd550b7 Author: Nathaniel Wesley Filardo Date: Fri Jul 25 11:50:16 2014 -0400 Move VLOP_RESTORE and VLOP_ADDSITE home Change-Id: I19c04ea1762eec349b0e9645fa9777e6a6c5263a Reviewed-on: http://gerrit.openafs.org/11325 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 2809bae58851ce9168ca8b18c94360392b8a609f Author: Garrett Wollman Date: Sat Jul 26 00:43:10 2014 -0400 FBSD: 10.1 is coming out soon The 10.1 release cycle is starting in a month, so let's get ahead of the curve by adding the config bits now. Change-Id: Ia17e1267dafee5c80d87a6bfc5e423982f83306d Reviewed-on: http://gerrit.openafs.org/11328 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 6667399aa426009a841cdd6459dbfa498e562646 Author: Garrett Wollman Date: Sat Jul 26 00:22:09 2014 -0400 FBSD: 9.3 has been released, so add config bits and sysname Change-Id: I453a457d5311dfea04fd7e8173f1296a0db74902 Reviewed-on: http://gerrit.openafs.org/11327 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit f63eed308a2def003b9d8d1a98e934c7082b314a Author: Michael Meffie Date: Wed Jul 9 11:37:21 2014 -0400 ptserver: fix errant debug message log level Fix the log level a debugging message introduced in commit 9ddf9eca56e02be978ff7d065ee16c85de2cfb06. Thanks to Ben Kaduk for reporting this issue. Change-Id: I8913472aba8fe5247a29e31e3f04090bc0fce64e Reviewed-on: http://gerrit.openafs.org/11314 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 668b1765478eb32b5d0895d25301773e412df7a0 Author: Chas Williams (CONTRACTOR) Date: Thu Jul 3 11:02:40 2014 -0400 auth: Fix library dependencies so that tests build again Change-Id: Ia95a94a77290baea419beb942ea60cd1b89c22fa Reviewed-on: http://gerrit.openafs.org/11311 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a303bb257ed9e790d8c14644779e9508167887b6 Author: Marc Dionne Date: Wed Jun 18 09:06:39 2014 -0400 Linux 3.16: Convert to new write_iter/read_iter ops Change read/write operations to the new write_iter/read_iter operations. Change-Id: Ia58e5f90182f3968d1a81cfc2f831e7a9cf35d93 Reviewed-on: http://gerrit.openafs.org/11303 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit e284db57f94c8f97ed1c95dcd0bd9518d86c050c Author: Marc Dionne Date: Wed Jun 18 08:53:48 2014 -0400 Linux 3.16: Switch to iter_file_splice_write Users of generic_file_splice_write need to switch to using iter_file_splice_write. Change-Id: If4801d27e030e1cb986f483cf437a2cfa7398eb3 Reviewed-on: http://gerrit.openafs.org/11302 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit d704f1d4dc3fca4d903c443130374da2284f3f15 Author: Benjamin Kaduk Date: Mon Jun 16 12:44:08 2014 -0400 Use an unsigned type for bitmask values As noted by clang -Wshift-sign-overflow, the expression "1<<31" overflows the signed int type, giving undefined behavior. Use an unsigned type to make the result of the shift defined behavior by the C99 standard. Also change an instance of "1<<31" that was checking for whether the most significant bit was set, as it's still undefined behavior. Change-Id: I8cf9443aa92470181044fc3b63d491da18ff5e34 Reviewed-on: http://gerrit.openafs.org/11301 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit e1105acb1c61670caec7d283b0dc6d73d84a0ff2 Author: Ben Kaduk Date: Wed Nov 27 17:06:33 2013 -0500 auditU: also report for rxkad-always-encrypt The logic that works for security index 2 also works for index 3. While here, update a comment in preparation for rxgk. Change-Id: Ifd868fa8d9d0ba2f422fa1fac43e4f583d27a1ff Reviewed-on: http://gerrit.openafs.org/10527 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 30a1c829af970ad725bb9d0f44a019fb01530bf7 Author: Ben Kaduk Date: Wed Nov 27 17:01:39 2013 -0500 Use the RX_SECIDX_* enums in more places Add symbols for security indices 1 (rxvab, unused) and 3 (rxkad with always-encrypt, maybe-used). kauth and bubasics defined macros for RX_SCINDEX_*; replace those with the common core rx enums as well. Use the global symbols instead of custom defines like BULK_NULL and SAMPLE_NULL, which can now be removed. Reformat a comment to match current style, since we're changing it anyway. Change-Id: I82bbb0016a5c3129dfd18ff7dc77ff7839501ad8 Reviewed-on: http://gerrit.openafs.org/10526 Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: D Brashear commit c8dfe8e4c2fd685ef7df181a3d6d45b122d6ff44 Author: Mark Vitale Date: Mon Apr 7 18:56:26 2014 -0400 afs: maintain afs_users buckets in sorted order Modify afs_GetUser() to insert a new unixuser into an afs_users hash bucket in sorted order, by uid/PAG. This is in support of other small optimizations in future commits. Change-Id: I68c51ab38733575290aa0c8aa2a306168c5483c0 Reviewed-on: http://gerrit.openafs.org/11071 Tested-by: BuildBot Reviewed-by: D Brashear commit 7d4f3a4710fb8c9fbde4294c2458ecf32658300b Author: Mark Vitale Date: Thu Apr 3 16:37:51 2014 -0400 afs: only reset access caches for the matching cell When an AFS user's tokens change (unlog, aklog) or expire, afs_ResetAccessCache() is called to reset all the access caches for that uid/PAG. However, a user/PAG may have tokens for multiple cells, and they may expire or be set/reset at different times. Therefore, it is incorrect to assume that all access caches for a uid/PAG should be discarded when only one cell's tokens have changed. Modify afs_ResetAccessCache() to acccept a new argument 'cell', and only reset the access caches for a uid/PAG if the vcache resides in the specified cell. If the caller really wants to reset all a user's access caches, specify cell=-1. For cache managers that are running with multiple PAGs and multiple cells, this should improve performance because 1) it avoids scanning access caches chains for vcaches that are not part of the current cell and 2) it avoids deleting access caches that may still good, thus preventing unnecessary FetchStatus calls. Change-Id: Id4c138dab45fd48265a4029880a5d57947e67a52 Reviewed-on: http://gerrit.openafs.org/11070 Tested-by: BuildBot Reviewed-by: D Brashear commit e2f666fe81f2152a9dd1f35680499cf029e8381b Author: Michael Meffie Date: Fri Jan 10 22:17:57 2014 -0500 roken: configure checks for getaddrinfo and friends Change-Id: Icb2ace89332024668c9dc4326b967a1015afc1e9 Reviewed-on: http://gerrit.openafs.org/11199 Tested-by: BuildBot Reviewed-by: D Brashear commit b0bb7bdb499367a5aebde7183e6e5d188280545a Author: Heimdal Developers Date: Wed Jun 4 16:04:19 2014 -0400 Import of code from heimdal This commit updates the code imported from heimdal to 5dfaa0d10b8320293e85387778adcdd043dfc1fe (git2svn-syncpoint-master-311-g5dfaa0d) New files are: roken/freeaddrinfo.c roken/gai_strerror.c roken/getaddinfo.c roken/getnameinfo.c Change-Id: I4a80dfd0d95cfd252af5ce3228fb824b4aacb961 Reviewed-on: http://gerrit.openafs.org/11198 Tested-by: BuildBot Reviewed-by: D Brashear commit 064b69ca267e58a7fdd8c4c7b728e79fd23a97cc Author: Michael Meffie Date: Fri Jan 10 22:12:08 2014 -0500 roken: add getaddrinfo and friends the imported file list Change-Id: I2203bf9ab45feb47df760b404727d23d1fa15381 Reviewed-on: http://gerrit.openafs.org/11197 Tested-by: BuildBot Reviewed-by: D Brashear commit 48789d47b613e40734e7b0caac58572a80f8b318 Author: Michael Meffie Date: Mon Jun 2 23:24:45 2014 -0400 linux: dont ignore kmod build errors Errors from the linux kmod build are not propagated, since make is run as the first command in a pipeline, and the shell returns the exit code of the last command in the pipeline. Run the make command in a subshell to detect errors, and exit afterwards. (This method is more portable than bash specific pipeline processing options.) Thanks to Mark Vitale for pointing out this build system defect to me. Change-Id: If3e204fe31dbdc9e7416d52fae897f792d27d678 Reviewed-on: http://gerrit.openafs.org/11186 Tested-by: BuildBot Reviewed-by: Mark Vitale Tested-by: Mark Vitale Reviewed-by: D Brashear commit 1673764ea091a3f02a64a3d853c3e14f758cdda7 Author: Andrew Deason Date: Wed Jun 4 09:42:46 2014 -0500 bozo: Ignore ListKeys ka_KeyCheckSum return value With commit c04de52da4e89e15b211b4a19a3d9bc4d612b209, an error in ka_KeyCheckSum here makes the entire BOZO_ListKeys RPC to fail. This caused two changes: - That commit makes the RPC fail in situations where it did not before. But even if we cannot calculate the checksum, we can still return other information about the key, so this is undesirable. - It masks the previous 'code' value, returned from stat(). The return code of stat() is now effectively ignored, except for the purposes of setting st_mtime, whereas previously a failure caused the RPC to fail. This is a behavior change. So, effectively revert c04de52da4e89e15b211b4a19a3d9bc4d612b209. Explicitly cast the return value of ka_KeyCheckSum to void, to make it clear that we are intentionally ignoring the return value, so hopefully this will not be flagged as a warning by code analysis tools such as coverity. Change-Id: Iac745d7c88ed7c2d97660e6949caa63580eef6e2 Reviewed-on: http://gerrit.openafs.org/11194 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: D Brashear commit 4bf942f5c38fd711136e1a2010cb0b2ea4612901 Author: Benjamin Kaduk Date: Wed Jun 4 20:41:57 2014 -0400 rx: Do not try to cancel nonexistent events Unconditionally cancelling the resend event and releasing the reference it was supposed to have on the call, can cause the call reference count to go negative. In particular, the call chain when a new rx_call structure is allocated would cause its reference count to become negative. Behave similarly to all the other rxevent_Cancel calls touched by 20034a815750beff262d49b37fba225c72dd0ab1, and only cancel the event and drop a reference when the event is present on the call. Change-Id: Icf2dd58c2545814ac17bb960077621c6d3209da0 Reviewed-on: http://gerrit.openafs.org/11201 Tested-by: BuildBot Reviewed-by: D Brashear commit 2d973c10f13b40c0ac9da25fe7f4c73b3560a686 Author: Chas Williams (CONTRACTOR) Date: Fri May 23 07:48:11 2014 -0400 afs/VNOPS: use osi_AllocSmallSpace() correctly Send the size down to the allocator so it can perform some consistency checks. Change-Id: I6c089ab912014c639888b744a92a28813fb4b3c4 Reviewed-on: http://gerrit.openafs.org/11168 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Michael Meffie Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit 3ab546395536a3c93613dfd53363d380e2c05081 Author: Stephan Wiesand Date: Mon Jun 2 16:15:15 2014 +0200 fstrace: Don't read uninitialised data on other platforms either Commit 908105fe8d51551e45692de4e145022138a0356c fixed an off-by-one error potentially causing a buffer overread in CheckTypes, but only in the IRIX/AIX version of the function. Apply the same fix to the code for the other platforms. Spotted by Andrew Deason. Change-Id: I5f70c072e609337b39064ba48353b4fdf23acf17 Reviewed-on: http://gerrit.openafs.org/11185 Reviewed-by: D Brashear Tested-by: BuildBot commit 69705782318226806b6a2b092ec4b63d594d184c Author: Perry Ruiter Date: Thu May 29 19:24:24 2014 -0700 afs: Delete unneeded duplicate code Delete a memory release and a goto since natural code flow will result in exactly the same thing. Change-Id: I8fe1400aa2db0e15cbbd577ba18cc1fcdec18447 Reviewed-on: http://gerrit.openafs.org/11179 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit 02565591855f5a5ddb7dd6e308d9f535c2fd64b8 Author: Perry Ruiter Date: Tue May 27 01:26:59 2014 -0700 config: Move AFS_LRALLOCSIZ to afs_args.h AFS_LRALLOCSIZ is currently defined in afs/afs.h. Other memory related definitions such as AFS_SMALLOCSIZ and AFS_MDALLOCSIZ are defined in config/afs_args.h. Move AFS_LRALLOCSIZ to config/afs_args.h for consistency. Change-Id: Ie1e286c24be6a2def404a54355a2fa4b2c42330d Reviewed-on: http://gerrit.openafs.org/11174 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit de74227d9c925206cd6d46496ec4682569d3105b Author: Marc Dionne Date: Tue Apr 29 12:48:03 2014 -0400 libafs: Speed up afs_CheckTokenCache On systems with a large number of PAGs and files in use, the periodic daemon job that checks for expired credentials and cleans up the axs cache can run for a very long time. This can lead to kernel soft lockups and eventually hang processes and file access because of unavailable locks. Rework the scanning logic in afs_CheckTokenCache to make the scanning more efficient in most real world cases. On a test system accessing ~4000 files from processes in 1000 PAGs, this has been observed to reduce the runtime of afs_CheckTokenCache from a problematic ~70s down to about 0.7s. Additionally, this changes the conditions in which an axscache is discarded. uid+cell (rather than just uid) must now match, and if no matching unixuser is found, it will also be discarded. Adapted from code from Jeffrey Altman who provided the original loop algorithm and code. Change-Id: I65b275b4244b3b6ab65453623bb8729530a9e1a6 Reviewed-on: http://gerrit.openafs.org/11123 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 231bd022ede3309238d840461dc63a46aaa357e5 Author: Ben Kaduk Date: Fri Jan 4 16:16:04 2013 -0500 Dummy Makefile for rxgk Include a libtool export symbol list for the shared library, which only has the client RPC calls and the NewFooSecurityObject primitives for now, since that's all that's stubbed out. Also connect the rxgk directory up to be buildable from the root, but nothing depends on it yet so it will not be built. Looking ahead, build a libafsrpc_rxgk.la object. Change-Id: I12ddefbdaa1ad4845649e3a32efdeaaa21b5e9b7 Reviewed-on: http://gerrit.openafs.org/10563 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: D Brashear commit ee56e925f0c6484ac58e23ccdd1b1bf1a3760505 Author: Ben Kaduk Date: Fri Dec 6 15:24:58 2013 -0500 Add rxgk boilerplate Just the skeleton of what needs to be there. The actual import is split over multiple commits, to make the reviewer's burden more manageable. Error table, protocol description, and stubs for the security object routines, with header to declare them. The public header rxgk.h currently only contains a few typedefs and the NewSecurityObject prototypes, and includes the RPC interface and com_err code headers. Change-Id: I7893f78119bb4aef12112cc1e51e1ec69de326c2 Reviewed-on: http://gerrit.openafs.org/10562 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: D Brashear commit e156fae7a1866d1b00a1d9252c0a775128e2f033 Author: Ben Kaduk Date: Fri Dec 6 14:56:25 2013 -0500 Add some configure bits for GSS-API rxgk will require gss_pseudo_random and might want a couple other krb5-specific bits. We'll also need substvars to tell whether or not we can try building these things. Change-Id: Id18eb3f554605875696095eb40c25ec54df1f74b Reviewed-on: http://gerrit.openafs.org/10561 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear Tested-by: BuildBot commit 0abf5fcbe8a0367a91224fa50480e78f0e6b02e4 Author: Marc Dionne Date: Mon May 5 13:33:10 2014 -0400 Linux: Drop PageReclaim AOP_WRITEPAGE_ACTIVATE case The exit case here seems to have been added to avoid recursion into the writeback code and eventual deadlock (see RT #15239). One issue is that the PageReclaim check can trigger in code paths that don't deal with the AOP_WRITEPAGE_ACTIVATE code correctly, leading to EIO errors when multiple threads are doing large mmap writes and memory pressure is sufficient to trigger reclaim. The check could be improved to check wbc.for_reclaim which seems to indicate more reliably when it is safe to return ACTIVATE, but given that the CPageWrite flag already provides more targeted recursion prevention, it seems safer to just drop this special case. Note that many kernel filesystems used to have a similar check mainly to prevent excessive stack usage, but as more recent kernels have moved away from doing any writeback during direct reclaim this is a case that should no longer occur. Partly as a result of this there are very few users of AOP_WRITEPAGE_ACTIVATE left in the kernel, which may be a motivation to find a better mechanism for OpenAFS eventually. This has been shown to help avoid EIO errors with multiple processes doing intensive mmap writing. Thanks to Yadav Yadavendra for identifying the issue and providing extensive analysis and testing. Change-Id: I88d9ef6e6e7a8f666f82c5ca481254839c2ba1e5 Reviewed-on: http://gerrit.openafs.org/11125 Reviewed-by: D Brashear Tested-by: BuildBot commit 21a85792c44e2145eea6d10dc31d58028ba933b8 Author: Michael Meffie Date: Tue Feb 18 13:59:59 2014 -0500 volser: log message for cross-device link errors Add a log entry to the volume server to help diagnose those pesky 'Invalid cross-link device' errors returned by vos, which occur when a clone volume is located in a different partition than the parent read-write volume, or when a read-only volume is on the incorrect partition on the server. With this change, a new log entry is added when the volume server fails to create a clone or a read-write volume because a volume with the target volume id already exists on a different partition. For a clone volume, this would be a different partition than the read-write volume. For a read-only volume, this would be a different partition than indicated in the vldb. Examples: Volume foobar is on /vicepb, but foobar.backup is incorrectly on partition /vicepa. $ vos backup foobar Failed to clone the volume 536870934 : Invalid cross-device link VolserLog: VCreateVolume: volume 536870936 for parent 536870934 found on /vicepa; unable to create volume on /vicepb. 1 Volser: Clone: Couldn't create new volume 536870936 for parent 536870934; clone aborted ... The vldb indicates a read-only volume should be on /vicepa on a remote site, but the actual volume is on /vicepb. $ vos release xyzzy Failed to create the ro volume: : Input/output error The volume 536870921 could not be released to the following 1 sites: mantis /vicepa VOLSER: release could not be completed ... VolserLog on mantis: VCreateVolume: volume 536870922 for parent 536870921 found on /vicepb; unable to create volume on /vicepa. ... Change-Id: Iaa471c46059d598a5095d59580e3b0b8ac6e1992 Reviewed-on: http://gerrit.openafs.org/10849 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: D Brashear commit c0683441a0121433d772bfb36e1e9a1c020a5dcb Author: Marc Dionne Date: Wed May 28 09:53:58 2014 -0400 vol: Fix gcc 4.9 warnings gcc 4.9 complains here because the trailing 0 in these macros has no effect, the value having already been set to NULL. Just remove the offending 0s, nothing uses the return value anyway, even if there were platforms where 0 != NULL. Change-Id: Ic9a79d51419726c0c823a9228c21c13dea918dc8 Reviewed-on: http://gerrit.openafs.org/11176 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit 40fb2650b783fbafe51aefd3d0af7a6b0536c265 Author: Michael Meffie Date: Sun May 18 19:28:16 2014 -0400 libafs: allocate vattrs in LINUX to reduce stack used Allocate temporary vattrs in LINUX to reduce the amount of stack space used. Change-Id: Iafa8d920b7149486f1ea8fb1999c1f4c9a935615 Reviewed-on: http://gerrit.openafs.org/11170 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 9630c075409a262424805411ed473178814b412c Author: Michael Meffie Date: Sun May 18 17:17:38 2014 -0400 libafs: api to create and free vattrs Add a pair of functions to allocate and free struct vattrs, to avoid having struct vattrs on the stack. Change-Id: Ia5a148ebcdf8a2f1e3a2aa9d8fd3c0e0cd0e25e9 Reviewed-on: http://gerrit.openafs.org/11169 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit f66c467bdd7182eb80ede3b9faa5f5ae5231632f Author: Benjamin Kaduk Date: Wed May 28 10:41:02 2014 -0400 Use a separate toplevel target for venus/tests There's no particular reason to lump them in with the venus target, and we have reports that it causes parallel build failures on some systems. Just use a separate 'venustests' target akin to rxtests and ubiktests and the like, instead. Some of these lines are now long and should be wrapped, but leave that for a follow-up commit. Change-Id: Idd50c02d3c0c88dc2788ecfd221bbc5cbf8cba19 Reviewed-on: http://gerrit.openafs.org/11177 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: D Brashear commit f05abc47938beddb436fd0b9677f7b59fc64a215 Author: Stephan Wiesand Date: Fri May 30 15:05:28 2014 +0200 libadmin: Remove redundant memset call Commit bf78bf2c115659b78c34d3bc9d1934bcff21c8cc added initialisation of the nbulkentries structure to 0, to avoid freeing garbage due to a goto fail_... before the structure is initialised. As pointed out by Andrew Deason, there already is an equivalent memset call later in the code which is now redundant. Remove it. Change-Id: I236e6de2a79f4f483be314654225bd52316f5a02 Reviewed-on: http://gerrit.openafs.org/11180 Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit e7a4359a0870f214091113f3efb0b32a4b68663c Author: Perry Ruiter Date: Fri May 30 14:28:53 2014 -0700 audit: Delete va_copy kludge When I developed fix c3d4c109305b2db8a63b754c1894ad37326dc340 I used va_copy. I was nervous because it required C99, but I had no problem with any of the buildbots, nor did any reviewer comment. audit/audit.c contains a local hack to simulate va_copy in the pre C99 days. There are no uses of va_copy in audit.c but presumably at some point there was. Delete the local va_copy. Change-Id: I5e30c7e3052aeffe56e366888c5a3db3a705fd00 Reviewed-on: http://gerrit.openafs.org/11184 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: D Brashear commit 85f3d0941b37c71047f59e1b1f4f92557d232fb8 Author: Perry Ruiter Date: Tue May 27 01:16:26 2014 -0700 Delete several unused memory management constants Change 412854593cf368006c18e6c0dc607a9ecd76a0e0, removed from the code base the last usage of: AFS_SALLOC_LOW_WATER (defined in afs/afs.h) AFS_MALLOC_LOW_WATER (defined in config/afs_args.h) AFS_MDALLOCSIZ (defined in config/afs_args.h) This patch deletes these constants. Change-Id: I1333aed508875e9b13dc3f36f3ff0d5eadfb2cfd Reviewed-on: http://gerrit.openafs.org/11173 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 7a37f49e9db2dad980f22b3df8766863711ddb4c Author: Ben Kaduk Date: Fri Dec 13 13:19:04 2013 -0500 bcrypt keys are on the rxkad list, not rxgk Make the code match the comment. Change-Id: If891b9a4b33eafc93816077c321790f5af10803f Reviewed-on: http://gerrit.openafs.org/10582 Tested-by: BuildBot Reviewed-by: Andrew Deason Reviewed-by: D Brashear commit 882b9dedef974f1cbc71093a64675819811b4b1f Author: Ben Kaduk Date: Wed May 8 12:51:31 2013 -0400 Suppress nonliteral format string warning/error Clang doesn't like a nonliteral format string, and some kernel builds (e.g., freebsd) are done with -Werror. Use the standard workaround for FreeBSD and UKERNEL builds by calling vsnprintf() into a fixed buffer. Remove the !defined(AFS_LINUX26_ENV) check, as it duplicates a conditional around the entirety of osi_Panic(). Change-Id: If6287dd19604b78150c81febba8a59b73f56783c Reviewed-on: http://gerrit.openafs.org/9880 Tested-by: BuildBot Reviewed-by: D Brashear commit 4b4d44b3dd62c2a36908f20eeff345b666e7858d Author: Georg Sluyterman Date: Wed Mar 26 21:48:56 2014 +0000 cmd: List version in help for commands List version in help for commands using cmd library Change-Id: I4da64be11244e64d961e8de47cecb24cbbadce32 Reviewed-on: http://gerrit.openafs.org/10956 Tested-by: BuildBot Reviewed-by: D Brashear commit c01236beb5a6ad55cd424f0ccc3a836d737f78f3 Author: Michael Meffie Date: Sat Oct 26 23:35:14 2013 -0400 build: separate source and header compile_et rules Generate source and header files separately to support parallel make without contortions. Add a complete list of dependencies for each generated header file to avoid build errors during parallel make. Change-Id: I804ff553e08d411a1cfe20a4ef4e57da9d321837 Reviewed-on: http://gerrit.openafs.org/10370 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 0408718b8108882d5fb70612e7e7e5d3184fb65f Author: Michael Meffie Date: Sun Mar 2 14:54:00 2014 -0500 rxkad: fix include quotes for generated headers Change-Id: I36f7df2205fb4e655c3f342b864df5b877469aec Reviewed-on: http://gerrit.openafs.org/10871 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit d3eed1e58a7605b320ec38d48ff1c185aa2d9806 Author: Michael Meffie Date: Sun Mar 2 12:26:24 2014 -0500 auth: fix include quotes for generated headers Change-Id: If4786c30b0b448ea4ff663d62d5e0f8623736084 Reviewed-on: http://gerrit.openafs.org/10870 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 4e6b7ab904d38d38da1b80a7342bd815668a8c09 Author: Michael Meffie Date: Sun Jan 19 17:04:08 2014 -0500 libafs: separate source and header compile_et rules Use the new compile_et -emit flag to generate source and header files separately to support parallel make. Export afs_trace.h since it is required to build libafs. Before the compile_et -emit flag was available, The afs_trace.h file was generated as a side-effect of creating afszcm.cat. Change-Id: I4e93691dda34ddc8600d6a818503e0c9e75e618a Reviewed-on: http://gerrit.openafs.org/10729 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit e97198372a8ddbdba4b5a58c0659f2aa5d2b2d56 Author: Michael Meffie Date: Tue Jan 21 13:45:32 2014 -0500 libadmin: separate source and header compile_et rules Use the new compile_et -emit option to generate source and header files separately for parallel make support. Remove unneed -h options, since there are no prolog files and the header names match the error table names. Change-Id: Ib94bf2cd34e9102d4047d8f1ae0b108af3299cc4 Reviewed-on: http://gerrit.openafs.org/10730 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 1141d120a5b8a0e0f33c6b8f8bfe57f1f3eb5180 Author: Michael Meffie Date: Sun Mar 30 11:53:16 2014 +0200 doxygen: make dox Add an optional make target (make dox) and doxygen configuration to generate doxygen output files. Auto-detect when the doxygen and graphviz dot tools are available. When dot is present, configure doxygen to create dependency graphs. Since the graph generation can take a very long time, a new configure option has been added to override the dot tool auto-detection. To disable the graph generation (even if dot is installed), run configure with the option: --without-dot When graph generation is desired, but graphviz dot is not present in the PATH, specify the path to dot with the configure option --with-dot=. The configure summary has been updated to show when doxygen document and graph generation is configured. Thank you Jason Edgecombe for providing the doxygen configuration for OpenAFS. Change-Id: Ie875fc2961877ee76e4c17631bbb95c29ef20b9e Reviewed-on: http://gerrit.openafs.org/10970 Tested-by: BuildBot Reviewed-by: D Brashear commit 8050a005a39faf39a6743293c72fa8ed7e928a47 Author: Michael Meffie Date: Sun Mar 30 14:02:17 2014 +0200 configure: fix comment about unix variants Remove vulgar comment, and remove commented out checks for aix and minix. Change-Id: I1ee6948bab3185a7855f1d9dc0e9557e27d4e1d2 Reviewed-on: http://gerrit.openafs.org/10969 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit 383602344921ab6dbe72e35bdc085567ccda2b69 Author: Benjamin Kaduk Date: Fri Apr 25 15:23:16 2014 -0400 rxgen: use unsigned type for max array length Plain '0' is of type int, i.e., signed, and therefore so is '~0'. The length of an XDR array is unsigned, so this constant should be of an unsigned type. Change-Id: I13f5f94b2f54bc0adcdf2ded1696b797b5205057 Reviewed-on: http://gerrit.openafs.org/11107 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: D Brashear commit 200658834fcb22ca608dba8856d2d47872d3b2b3 Author: Benjamin Kaduk Date: Fri Apr 25 15:24:22 2014 -0400 Some rx type cleanup for signedness The epoch, Cid, and security header/trailer sizes are all fundamentally unsigned quantities. Change the types exposed in some API signatures to match this reality, and also change the global variables for the epoch and Cid to match. (Per-connection variables were already of an unsigned type.) Change-Id: I4a56736ef7d78028d1d0b980cda0b4c37d694388 Reviewed-on: http://gerrit.openafs.org/11106 Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: D Brashear commit 7a701239d8327ae738124edb5e11f3bcbb08a76b Author: Benjamin Kaduk Date: Wed May 21 15:58:17 2014 -0400 Install afscp.h from srcdir, not the build dir That header is not a generated file, and is not found in the object directory. make install would fail from a separate objdir prior to this change. Change-Id: I31041c793bd930cfe2fc3c5f8a754ba1b91c26e5 Reviewed-on: http://gerrit.openafs.org/11160 Reviewed-by: D Brashear Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit 1ac4eb1b84db2732b9c2645492daff9e25417475 Author: Michael Meffie Date: Wed Apr 9 08:40:21 2014 -0400 libafs: reduce stack space in LINUX Allocate temporary vrequests to reduce the amount of stack space used. Change-Id: I71ed86b6345ce69a70f33cdbaf5eed2abb2cef19 Reviewed-on: http://gerrit.openafs.org/11005 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 76ad941902c650a4a716168d3cbe68f62aef109f Author: Michael Meffie Date: Mon Apr 14 16:07:53 2014 -0400 libafs: api to create and free vrequests Add a pair of functions to allocate and free struct vrequests, which are to be used to avoid having struct vrequests on the stack. Change-Id: I6cbfe2ed21beb1ba500975188bb76608fdee4bc7 Reviewed-on: http://gerrit.openafs.org/11074 Reviewed-by: D Brashear Tested-by: D Brashear commit b71a041364d28d6a56905a770cd20d1497ee26ec Author: Christof Hanke Date: Thu Apr 24 06:19:32 2014 +0200 Logfiles: open with O_APPEND This does not change the current (normal) behaviour, but allows logrotation via "copy and truncate" as offered by logrotate. Otherwise the processes will remember the offset of the last write and a truncated file is filled with '\0' until the current offset. The mrafsStyleLogs are untouched, since they can be rotated by a kill -HUP and are deprecated anyway. Change-Id: I09437aac63205fee3d97850507531e6833fed14f Reviewed-on: http://gerrit.openafs.org/11092 Reviewed-by: Nathaniel Filardo Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Michael Meffie Reviewed-by: D Brashear Tested-by: D Brashear commit f4ab11a8dd562bd7ee11c45e51814281d64c866c Author: Nathaniel Wesley Filardo Date: Sat Mar 29 22:56:21 2014 -0400 Add a small string formatting utility to opr This is to be used by the (coming next) vos-foreach utility, but it seemed sufficiently general and useful to break out into its own free-standing component. Change-Id: I92c3a615fecb80e1766f78492b229a826a23e18a Reviewed-on: http://gerrit.openafs.org/10965 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: D Brashear commit 18511623f2e2bb33e3ebe9f768afed52fd53f9ce Author: Michael Meffie Date: Mon Mar 31 14:01:37 2014 -0400 readme: move README.WARNINGS to CODING Move the information about compiler warnings to the CODING readme file. Change-Id: I0be752c76ddee809fe80bd1f97048953eeee89ee Reviewed-on: http://gerrit.openafs.org/10975 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: D Brashear commit eff41a2e53acd2622d89003647ba711a8b5bc75c Author: Michael Meffie Date: Mon Mar 31 13:57:33 2014 -0400 readme: move git info to CODING Move the REAME.GIT information to the CODING readme file. Change-Id: I3013e03ebfe003dce23f0e2d808ab6905dd2b452 Reviewed-on: http://gerrit.openafs.org/10974 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: D Brashear commit 04c7ed855ef78e1d1a15821ffff5fe0f26b9d0c4 Author: Michael Meffie Date: Mon Mar 31 13:06:03 2014 -0400 readme: rename README.DEVEL to CODING Rename the developer's readme file to CODING as a home for developer related information. Change-Id: I8c2cf70258671387b926ef3d666f6476056ef06e Reviewed-on: http://gerrit.openafs.org/10973 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: D Brashear commit 2db8242aebea7dfda7f9f1a2827f76a6fe5c8dc7 Author: Michael Meffie Date: Sun Mar 30 14:11:00 2014 +0200 makefile: remove comment about washtool Once upon a time, AFS used something called washtool as part of the build system. Remove the remnant comment about it. Change-Id: I566920b98c03d3cc65a6e2974a78a9247fd79842 Reviewed-on: http://gerrit.openafs.org/10968 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: D Brashear commit 9930567bcf9655d3f562b210b2dc4b4a99226691 Author: Michael Meffie Date: Tue Apr 8 16:10:36 2014 -0400 libafs: reduce stack space in VNOPS Allocate temporary vrequests to reduce the amount of stack space used. Change-Id: Ic14cc4f657f7c7e97ef396601bd6c8c7f91abe55 Reviewed-on: http://gerrit.openafs.org/11004 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 027e2bbb1191c31dbbe968a925c192b064d52c47 Author: Michael Meffie Date: Fri Mar 28 00:36:29 2014 +0100 libafs: reduce stack space Allocate temporary vrequests to reduce the amount of stack space used. Change-Id: I8c50a3af3028512003a02e46a2960b9b135213a5 Reviewed-on: http://gerrit.openafs.org/11003 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit cdbf49f06baf33abd803b5d1ec245e58a94eec52 Author: Michael Meffie Date: Thu Apr 24 15:27:38 2014 -0400 libafs: check afs_InitReq return code Do not ignore the return code from afs_InitReq everywhere it is called. If afs_InitReq fails, the vrequest could not be initialized for some reason. Change-Id: Ibae9f93c1e20a9fcae812f047da14106e6717454 Reviewed-on: http://gerrit.openafs.org/11097 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit c20c01185ed748b2bc823369a8f28cf004b7d1c9 Author: Stephan Wiesand Date: Wed May 7 15:20:51 2014 +0200 redhat: Use the right path to depmod As of Fedora 17 and RHEL 7, depmod has moved from /sbin to /usr/sbin. The full path to depmod is used in package scripts and as a dependency. This hasn't caused problems in most cases because on an installed system a link /sbin -> /usr/sbin is present and during ordinary package installations yum/rpm correctly then figure out that /sbin/depmod is actually provided. But in other situations, the dependency check is not that clever and (incorrectly) fails. Add a macro to the spec defining the full path to depmod, use the macro rather than plain /sbin/depmod throughout the spec, and also pass it to kmodtool when required to generate the kmod package scripts and requirements. FIXES 131860 Change-Id: I1f2e4f7100d244477c2cb9087d2f48bbcea27fdc Reviewed-on: http://gerrit.openafs.org/11128 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Perry Ruiter Reviewed-by: D Brashear commit e1d0342326d11a14e1fb0075fb62cc6be9389b97 Author: Antoine Verheijen Date: Wed May 7 14:57:26 2014 -0600 OpenBSD: Add support for OpenBSD 5.4 Add param header files and other config info to provide support for OpenBSD 5.4. Change-Id: I56d2e716bd7fa4dee699f8d190cb4b60bb0f67a8 Reviewed-on: http://gerrit.openafs.org/11130 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit 0287086fa78f0bc0012325c2eadb3dccb6b1f766 Author: Perry Ruiter Date: Mon Mar 31 04:42:22 2014 -0700 afs: Suppress duplicate message on Linux Update afs_util.c to call afs_warnall in places where afs_warn and afs_warnuser are called back to back with identical parameters. Change-Id: I529344dea12149d8f18ec38bb17418c703f7d26b Reviewed-on: http://gerrit.openafs.org/11006 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: D Brashear commit a70f8e1a7e3fcbc13c9a60f8a7409dd01d014afb Author: Perry Ruiter Date: Sat Mar 22 00:52:32 2014 -0700 afs: Define afs_warnall routine In a Linux environment afs_warn and afs_warnuser both go to the same spot, resulting in duplicated messages if both are invoked back to back. Define a new function afs_warnall for use when identical messages are directed to both warn and warnuser. In a Linux environment it will do the right thing and present only one copy of the message. Change-Id: I1abdc63adc74fe5b08d3872d48698ec9dcc7a40c Reviewed-on: http://gerrit.openafs.org/10943 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: D Brashear commit c3d4c109305b2db8a63b754c1894ad37326dc340 Author: Perry Ruiter Date: Fri Mar 21 23:31:21 2014 -0700 afs: restructure afs_warn and afs_warnuser Restructure afs_warn.c to provide an afs_vwarn and afs_vwarnuser that accepts a va_list rather than a variadic parameter specification. afs_warn and afs_warnuser continue to be variadic functions but now call afs_vwarn and afs_vwarnuser. This is a preparatory change. A subsequent update will further exploit afs_vwarn and afs_vwarnuser. Change-Id: I8e740c4db311582bda6422e6600f1503dfbd0f5a Reviewed-on: http://gerrit.openafs.org/10942 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: D Brashear commit bec2555feb70be92bbd5685d9a43ae3138de382b Author: Chas Williams (CONTRACTOR) Date: Fri May 9 13:25:55 2014 -0400 solaris: help fs_conv_sol26 build cleanly handleit(), being static, should be declared before usage. Change-Id: I5cf9767ed2fc552f7a22c7570d0a4d256a4111b1 Reviewed-on: http://gerrit.openafs.org/11134 Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: D Brashear commit 995cc38a24840cd1ba2b8dcdf3c9df233c1b2abe Author: Michael Meffie Date: Fri Feb 1 17:46:45 2013 -0500 vos: vos release -force-reclone option Add a new vos release option called -force-reclone to force the reclone of the release clone and a release to all of the remote sites, regardless of the state of the VLDB flags on the remote sites, but does not force full volume dumps when distributing the volume. Provide an alias -f for -force for compatibility with the original IBM vos, in case scripts were written to use the old '-f' option, and for users with muscle memory. Change-Id: I0ebebc5e8099299781e8da57579d91848bb2ad19 Reviewed-on: http://gerrit.openafs.org/9020 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman Reviewed-by: D Brashear commit 84cbafc3b1394eb5bce1fd617a5581536530d54e Author: Jonathan A. Kollasch Date: Thu Apr 17 12:55:34 2014 -0500 NetBSD: update kernel module glue for NetBSD 6.99.x Change-Id: I4fe5ccb33ec823a6df3a73e94247a0a42b970e57 Reviewed-on: http://gerrit.openafs.org/11089 Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit 2f64bc272434562dfb84c4f480c82354019dec19 Author: Gergely Risko Date: Wed Mar 19 10:56:26 2014 +0100 RestrictedQuery feature Make vlserver and volserver suppport a new command line parameter, "-restricted_query admin". When this is on, the query RPCs that are not needed for normal cache manager operations are restricted to administrators listed in UserList. This is off by default. Change-Id: I2a23a4e99cabd46b19ed491a6520773731a5994e Reviewed-on: http://gerrit.openafs.org/10927 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear Reviewed-by: Jeffrey Altman commit 7206d4088d823bf535aaddef49dab1653a43a0fe Author: Michael Meffie Date: Thu Apr 17 09:31:18 2014 -0400 uss: add missing include Fix a build error when configured with --enable-uss. The added include defines the VolumeId which is needed by the volser.h. Change-Id: Ifbdaadf4de726ff1da54e93ba47124c5b5eb9cfb Reviewed-on: http://gerrit.openafs.org/11084 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit b9979e1a23ce28b20fe95d5e6042b9b15506c993 Author: Michael Meffie Date: Fri May 9 11:43:35 2014 -0400 aklog: double get_credv5 in retry logic Fix a bug where get_credv5() is called twice, even if the first one succeeded, in the aklog retry logic. (This bug uncovers another bug where get_credv5_akimpersonate crashes in the krb5 libs when get_credv5 is called back to back.) Change-Id: Ie6cac3b4522946c87c30ad3cd6939738234800bf Reviewed-on: http://gerrit.openafs.org/11133 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 3946b50a7ecdfd34681ab471863929b2f82aff4b Author: Andrew Deason Date: Tue Apr 15 12:30:19 2014 -0500 doc: Clarify some BosConfig.new text It is not always clear to users whether BosConfig.new is noticed during an automatic restart, or if it requires stopping and starting the bosserver. Slightly reword the relevant text and add a small note that a "general restart" does cause BosConfig.new to be noticed, so this is explicitly clear. Change-Id: Iab3eaff176305b0b2991a6636e70204b5072b1b0 Reviewed-on: http://gerrit.openafs.org/11076 Reviewed-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 72bc3848536cc71b8950e5619f5769f60a73f3ab Author: Jeffrey Altman Date: Wed May 14 06:42:40 2014 -0400 Windows: Restrict redir trace buffer to 10240KB Define macro AFS_DBG_LOG_MAXLENGTH to 10240 and then use it to enforce the 10MB trace buffer limit. Change-Id: I98b759d9f51d24d402bfdc56570c0f0de93926a0 Reviewed-on: http://gerrit.openafs.org/11146 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit ccb092c37802d300b6ec12d45f10bed42d2a5a59 Author: Rod Widdowson Date: Mon May 12 21:50:48 2014 -0400 Windows: Fix uninitialized variables VS2013 spotted two cases where we do not set up the Iosb.Status when we catch an exception from Cc. Fix them. Change-Id: I93b8a48863f22fd1dc2d7dba4d9de18454f35fe0 Reviewed-on: http://gerrit.openafs.org/11140 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit d075b0549d62e4a81b7543b9c2f5dac242074909 Author: Marc Dionne Date: Fri May 2 14:10:06 2014 -0400 Linux: Prevent some fakestat data inconsistencies When fakestat is enabled for a mount point, the parent vcache entry is not the right place to find the DataVersion of the target volume root directory. This can lead to data inconsistency since the revalidation checks rely on the parent's DataVersion to determine if a file entry is still valid. If the file was replaced or deleted remotely, the only callback we get is for the parent directory, and in that case the client will think the file entry is still valid and give back stale data to the user. If fakestat is enabled and we have a mountpoint, always use the parent vcache pointer returned by FakeStat before using it to either store (in the lookup and create ops) or compare (in the revalidate op) the DataVersion. FIXES 131855 Change-Id: I03c05c1dab39e663b74635700e80ba70861b1c2e Reviewed-on: http://gerrit.openafs.org/11118 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit aad509a7e11432bbe8cf0a3a0adaa78d7f9c9da5 Author: Jeffrey Altman Date: Thu May 8 09:06:07 2014 -0400 Windows: cm_Analyze retries vs CM_REQ_NORETRY (2) Commit a1b5a1d42280753de13094006dcc130fede978a1 left out a critical part of the patch. The check for "retry < 2" when determining whether retries should be skipped due to CM_REQ_NORETRY. Change-Id: I9b750e2bab11d28813447b2ee92287b8dcfbbba3 Reviewed-on: http://gerrit.openafs.org/11131 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a111d0db7768e0ab924f51666d626ddb3e25ca38 Author: Michael Meffie Date: Thu Apr 24 13:40:06 2014 -0400 libafs: fix lock leak during shutdown afs_getattr returns EIO when afs is in the process of shutting down. Be sure to unlock the locks taken before returning. The bozon lock leak has been present since IBM AFS. Change-Id: Id3e330c458996abf1519de6364060cc0b8828e6a Reviewed-on: http://gerrit.openafs.org/11096 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman commit d9e14a08129cc70a3baca67c2c1adb8aba5945a2 Author: Rod Widdowson Date: Sun May 4 14:33:11 2014 -0400 Windows: Adjust Last Write time handling for -1 The "what date/time gets changed when and by whom" in Windows is badly defined, but all filesystems support the semantic that if a date is set using a specific file object (or the timestamp is set to the magic number -1) then other changes provoked by that file object will be ignored. AFS redirector timestamp handling does not support this behavior. For the LastWrite timestamp (other timestamps are pretty much advisory and maintained on a best effort basis) the timestamp would be updated by a write operation even after -1 is set via the file handle. This patchset implements the -1 behavior for LastWrite. It also follows the standard Windows practice of setting the LastWrite timestamp to be the time of close of the handle that performed the write, not the time of the write itself. Finally, it should be noted that since RX*FS_StoreXXX operations update the last write time on the server the client must restore the LastWrite timestamp at handle close if -1 was specified. Change-Id: Ica0c566fabb6b3046eb51f827402d622190daea8 Reviewed-on: http://gerrit.openafs.org/11110 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a1f5a9d72f795023813c116329cd40dec3bd43af Author: Jeffrey Altman Date: Tue Jan 21 05:44:41 2014 -0500 Windows: RDR AFSSubtituteName invalid UNICODE_STRING The 'ComponentName' parameter to AFSSubstituteName() is a UNICODE_STRING pointer. Its address should not be passed to AFSDbgTrace when used in conjunction with a %wZ format. Change-Id: I12ead951b1ae376e42da12b21e32f65e736375ab Reviewed-on: http://gerrit.openafs.org/11090 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 9c10c202f1f2e516dde8b70c3a3b69a73d163070 Author: Anders Kaseorg Date: Sun May 4 05:30:25 2014 -0400 Fix buffer length validation in ktc_GetToken and knfs The signed int tktLen is checked against a maximum size, then passed as the unsigned size_t argument to memcpy. So we need to make sure it isn’t negative. This doesn’t appear to be exploitable: tktLen comes from the kernel, which should have previously validated the length within the SETTOK pioctl. This bug was found with STACK . Change-Id: I781bd300cad3d725d3517e7f6ac9e6423c417087 Signed-off-by: Anders Kaseorg Reviewed-on: http://gerrit.openafs.org/11109 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 279345c231d0a2d9f6e8c2f76a5347bafd40e70b Author: Ken Dreyer Date: Wed Mar 6 13:53:29 2013 -0700 doc: recommend cleanup steps in "vos convertROtoRW" man page vos convertROtoRW leaves the older RW copy on the original fileserver, although it is no longer in the VLDB. Provide the user with some hints regarding clean up. Change-Id: I5f6fcf7d5a516b59438d84e60f163a567d3a64fd Reviewed-on: http://gerrit.openafs.org/9408 Reviewed-by: Ken Dreyer Tested-by: Ken Dreyer commit c91b2a119a72a2293d9e9ffe5bd97c70d0c22eee Author: Ben Kaduk Date: Mon Dec 9 14:54:18 2013 -0500 Fix typo in rfc3961 namespace-cleaning Change-Id: If93119ce4345ab8d1eccb9df7196b1681d2762cb Reviewed-on: http://gerrit.openafs.org/10550 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 074d745a02d80bfd2c16a4e2b7b4222022f8e641 Author: Benjamin Kaduk Date: Mon Apr 7 17:55:09 2014 -0400 vol: Fix build with separate objdir The volscan-main and volinfo-main source files are in the source tree, not the object tree; refer to the objects in the Makefile as dependencies, so that they will be picked up properly. The objects will be made just fine by the implicit .c.o rule. Change-Id: Ieec4b32cfbe5d260e1560a08d4ed8162720f9222 Reviewed-on: http://gerrit.openafs.org/10988 Reviewed-by: Michael Meffie Tested-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 279e01051600f0884ed3669786543578e53cf518 Author: D Brashear Date: Tue Apr 22 11:38:44 2014 -0400 linux: make reading unixusers from proc actually work our indentation did not match our braces so we would never read all the objects in each unixuser hash chain. add the missing braces Change-Id: I001b55f0d43639124b06758095664a31e8230db6 Reviewed-on: http://gerrit.openafs.org/11094 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: D Brashear commit bd2137018c87d864ef842aa941b67d4e53bd5300 Author: Jonathan A. Kollasch Date: Thu Apr 17 12:48:30 2014 -0500 NetBSD: fix rx_kmutex's CV_WAIT_SIG macro Change-Id: I6550f5c71bafe03290c1dbda545ff3feea01a805 Reviewed-on: http://gerrit.openafs.org/11088 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Perry Ruiter Reviewed-by: D Brashear Tested-by: D Brashear commit dd8d2aa871fc5841c281d1292c39ffb8edf1ebd1 Author: Jeffrey Altman Date: Fri Apr 4 16:42:36 2014 -0400 Windows: Deny writes/truncation to files w RO attr If the readonly file attribute is set on a file, refuse to process writes, truncations or overwrites. The afsd_service will do so and this can lead to data corruption. At the same time, writes from the redirector to afsd_service must not be denied because of the readonly attribute. That check was performed during the CreateFile. Otherwise, a new file can be created with the readonly attribute and then not be writable. Change-Id: I921a11eb8c1a3e642d60c23fc905b3febc0f0761 Reviewed-on: http://gerrit.openafs.org/10985 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit e24ed842eba54f62105b08d2b9fb281cc19519f1 Author: Jeffrey Altman Date: Wed Mar 12 12:49:40 2014 -0400 Windows: NP Fail requests if AFSGetAuthenticationId fails If during the processing of a network provider request the Logon Session AuthenticationId is zero and the AFSGetAuthenticationId() function is unable to obtain the current thread's AuthenticationId, then fail the request. Change-Id: If2aeba836d762f4f1b982d954fac720863a05c1f Reviewed-on: http://gerrit.openafs.org/10900 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 70299e6c3def0b84520232c02b9071c9cbf8a851 Author: Jeffrey Altman Date: Tue Apr 15 12:19:21 2014 -0400 Windows: Fix AFSSetBasicInfo attribute processing The prior behavior of AFSSetBasicInfo() was to let the caller set whatever it wanted as the new file attributes regardless of the attributes that are supported by AFS. In doing so, reparse point and directory attributes could be cleared, and other values could be set even though they would be lost as soon as the DirectoryCB object was garbage collected. New behavior: 1. return STATUS_INVALID_PARAMETER if reparse point attribute would be altered 2. return STATUS_INVALID_PARAMETER if directory attribute would be altered. 3. successfully modify readonly attribute 4. ignore all other attribute values Change-Id: Ic678960101ef99cdad0c0e84b21c9d65c6831ca8 Reviewed-on: http://gerrit.openafs.org/11073 Tested-by: BuildBot Reviewed-by: Rod Widdowson Reviewed-by: Jeffrey Altman commit a4bcc4b1dccf6ab2745be83288c380f5454a2db9 Author: Rod Widdowson Date: Mon Apr 14 16:50:36 2014 -0400 Windows: Pin write position prior to defer If we extend the file prior to defrring the write *and* the write is set up FILE_WRITE_TO_END_OF_FILE then we have to convert the FILE_WRITE_TO_END_OF_FILE to an absolute position since we have already moved the FCB->Header.FileSize. Change-Id: Ibe1a5d616490a3db152818cbd6bb24d5af251c5f Reviewed-on: http://gerrit.openafs.org/11069 Tested-by: BuildBot Reviewed-by: Rod Widdowson Reviewed-by: Jeffrey Altman commit 564f9fd06777882abd29a0da6274150f5b1e7d7f Author: Jeffrey Altman Date: Mon Apr 14 16:48:32 2014 -0400 Windows: AFSCommonWrite add bWriteToEndOfFile var To improve readability add a bWriteToEndOfFile variable which stores the value of liStartingByte.LowPart == FILE_WRITE_TO_END_OF_FILE && liStartingByte.HighPart == -1 Change-Id: I6594196a6c8c3ab41561ffdbd3eddf3d34b410de Reviewed-on: http://gerrit.openafs.org/11068 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 41b865212b7576c0840bfc0f7c34c900e46f41c8 Author: Rod Widdowson Date: Mon Apr 14 16:45:37 2014 -0400 Windows: Do not defer Synchronous operations There is nothing to be gained by posting a synchronous write. Let it hang out in CcCopyWrite until there is enough memory unless the write became synchronous after a deferral in which case it can be deferred again. Introduce bWait variable which is set to the result of IoIsSynchronousWrite( Irp). This change is being introduced after further analysis of the FastFat example. Change-Id: I0942975a142b0413e52076ee94977401c1d00dc9 Reviewed-on: http://gerrit.openafs.org/11067 Tested-by: BuildBot Reviewed-by: Rod Widdowson Reviewed-by: Jeffrey Altman commit fe706913190acf176292e8c68d0a0adfc015f487 Author: Jeffrey Altman Date: Fri Apr 11 10:22:45 2014 -0400 Windows: No RO volume test SetFilePosInfo Setting the file position information on a file is not a data changing operation. Do not perform a readonly volume check. Change-Id: I5dccff569b39187c2891d4339f18db8c54c029a7 Reviewed-on: http://gerrit.openafs.org/11066 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a10696d9408b0ac21f8a011fce0a6a72b1c0fe0e Author: Andrew Deason Date: Thu Jan 30 13:50:11 2014 -0600 Fix rx_EndCall error precedence Callers of rx_EndCall in various parts of the code handle errors a bit differently from each other. The correct way to use rx_EndCall is almost always some form of: code = rx_EndCall(call, code); This will cause the call to abort with 'code' if the call is not already aborted, and will return the abort code for the call (or 0 if the call ended successfully). It is thus impossible for 'code' to start out with a non-zero value in the code snippet above, and end up with a value of 0 after the code snippet. Most code follows this pattern, because this is how the rxgen-generated client RPC wrappers are written. So for any non-split Rx call, this is how the error precedence works. However, some code (mostly for Rx split calls), needs to handle calling rx_EndCall itself, and some code appears to think it is possible for rx_EndCall to return 0 when we already had a non-zero error. Such code tries to ensure that we don't ignore an error we already got by doing something like this: code2 = rx_EndCall(call, code); if (code2 && !code) { code = code2; } However, this is not correct. If a call gets killed with an abort code partway through executing an RPC, and the client tries to end the RPC with e.g. EndRXAFS_FetchData, the client will get an error code of -451 (RXGEN_CC_UNMARSHAL). The actual error code is in the abort code for the call, but with the above 'code2' snippet, we can easily return an error of -451 instead, which will usually get interpreted as some unknown network-related error. This can manifest as a problem in the unix client, where if a FetchData call fails due to, for example, an "idle dead" timeout, we should result with an error code of RX_CALL_TIMEOUT. But because of the above issue, we'll instead yield an error of -451, causing the server to be marked down with the following message: afs: Lost contact with file server ... (code -451) ... So, fix most rx_EndCall callers to follow the 'code = rx_EndCall(call, code);' pattern. Not all of the changes here are to "wrong" code, but try to make all of the rx_EndCall call sites look more consistent. There are a few exceptions to this pattern, which warrant some variations: - A few instances in src/WINNT/afsd/cm_dcache.c do seem to want to record the original error before we ran rx_EndCall, instead of seeing the rx abort code. We still return the rx_EndCall-returned value to the caller, though. - Any caller of RXAFS_FetchData* needs to read a 'length' raw from the rx split stream. If this fails, we need to abort the call, but we don't really have an error code to give to rx_EndCall. Failure to read a length indicates that the server is not following protocol properly, so give rx_EndCall RX_PROTOCOL_ERROR in these instances. The call should already be aborted by this point, so most of the time this code will be ignored; it will only make a difference if the server tries to end the call successfully without sending a length, which is indeed a protocol error. - Some Rx clients can encounter a local error they don't want to send to the server via an abort, so they just end the call successfully, and only use the rx abort code if they don't already have a local error. This is in a few places like src/butc/dump.c and src/volser/vsprocs.c. - Several places don't care what the error from rx_EndCall is, such as various call sites in server-side code. The behavior of the Windows client w.r.t rx_EndCall was changed a bit into its current behavior in commit a50fa631cad6919d15721ac2c234ebbdda2b4031 (ticket 125018), which just appears to be wrong. This was partially reverted by commit ae7ef5f5b963a5c8ce4110a7352e0010cb6cdbc1 (ticket 125351), but some of the other call sites were unchanged. The Unix client appears to have been doing this incorrectly for at least FetchData calls since OpenAFS 1.0. To make it hopefully more clear that rx_EndCall cannot return 0 if given a non-zero error code, add an assert to rx_EndCall that asserts that fact. FIXES 127001 Change-Id: I10bbfe82b55b509e1930abb6c568edb1efd9fd2f Reviewed-on: http://gerrit.openafs.org/10788 Reviewed-by: D Brashear Tested-by: BuildBot commit d820af6cd0eb1c6655ecf8e210294791825cfbad Merge: ad71d031e bd2cc32da Author: Simon Wilkinson Date: Wed Apr 9 14:10:09 2014 +0100 Merge branch 'security-master' into HEAD Merge fix for OpenAFS-SA-2014-001 into master, along with the fix for the RX denial of service issue. Change-Id: I499e7202c9278d21f2d8628d497755e6c593abb2 commit ad71d031ec219ca418303bea3f37e40f59dde05d Author: Michael Meffie Date: Mon Mar 31 12:59:59 2014 -0400 readme: remove ancient build notes Remove the ancient and unmantained src/BUILDNOTES readme file. Change-Id: I652fded2526dbe97f6f87ef7263a2b39038486d5 Reviewed-on: http://gerrit.openafs.org/10971 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit e385571ba37fa6d43fecca17e9e5d60a22a414cd Author: Andrew Deason Date: Wed Mar 27 18:12:41 2013 -0500 afs: Raise fake free space reporting We report 'fake' values for free space, free file nodes, etc for the 'AFS' filesystem, since these values are not meaningful for AFS itself. Currently we report about 9G of free space for most platforms, and a few different values for a few others. Raise all of these to 2^32-1, so that trying to copy over 9G of data into AFS does not fail for those applications that check the destination free space with statfs(2). Note that one such application is KDE 4.8.x. Consolidate all places that do this, and put the 'fake' value in one place, AFS_VFS_FAKEFREE, along with the relevant comments. Related issues reported by Lars Schimmer, Richard Brittain, and others. Change-Id: Ia15175da32744e11f62489c29bedfe1f5560d2b4 Reviewed-on: http://gerrit.openafs.org/9688 Reviewed-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Markus Koeberl Tested-by: Markus Koeberl Reviewed-by: D Brashear commit be236140f72fc51e111898abc896f93cc505fac7 Author: Chas Williams (CONTRACTOR) Date: Thu Apr 3 14:12:38 2014 -0400 rx: Remove rx_waitingForPacket Commit f43c2f4412d670ce1131dc429cb43302352df3e4 introduced rx_waitingForPacket. Given its current usage, I can't see any functionality. It looks like this might have been the result of merging a renamed rx_waitForPacket from another development branch? Change-Id: I47fc7a2b25cbfcd59ea4ad1606b734bb9d4ceecc Reviewed-on: http://gerrit.openafs.org/10981 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 1b2802b6fbe6f1b6d8d5af08c114bdc182f11779 Author: Chas Williams (CONTRACTOR) Date: Wed Mar 26 10:25:13 2014 -0400 pts: Don't assume that pr_IdToName() was successful If pr_IdToName fails for some reason, tnames won't be available. Change-Id: I5270ba0ecf3cfad9bfb909c97b27473d96ca1307 Reviewed-on: http://gerrit.openafs.org/10952 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie Reviewed-by: D Brashear commit cc4e292174f36868008d35df63df57543f033ee4 Author: Chas Williams (CONTRACTOR) Date: Wed Mar 26 10:15:10 2014 -0400 ptserver: Optionally restrict anonymous access to the ptserver Currently, one could simply query from 0 to 'pts listmax' to determine all the usernames in a cell. The -restrict_anonymous option will block access to almost all of the unauthenticated RPC's. PR_NameToID is still open since aklog still needs access to this RPC. An "attack" against this RPC would have to scan a much larger key space to determine valid usernames in a cell. Change-Id: I7e475bc004f08d28d195c199804befa89f0ceb0c Reviewed-on: http://gerrit.openafs.org/10951 Tested-by: BuildBot Reviewed-by: Gergely Risko Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit 972585c24b5c193a982570ff9264a1971760f48f Author: Chas Williams (CONTRACTOR) Date: Fri Mar 28 16:46:32 2014 -0400 afs/VNOPS: reduce stack usage AFSFetchStatus is rather large and is in the stack twice. Allocating with osi_AllocSmallSpace will save about 160 bytes of stack. Change-Id: I13ac31814d9d5975f245ba8c66a7befac471503e Reviewed-on: http://gerrit.openafs.org/10964 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk Reviewed-by: D Brashear commit bd2cc32da969abe57334d20563d5cddf065a905e Author: Michael Meffie Date: Sat Feb 15 12:03:43 2014 -0500 viced: fix get-statistics64 buffer overflow Range check the statsVersion argument of the GetStatisitics64 RPC to avoid a buffer overflow in the fileserver, or a huge memory allocation, by a rogue client. FIXES 131803 Change-Id: Ib084ca28cbe350d846fa5978d489e523aaae299b commit 0ec67b0a9a175af14e360da75d1f5429c6c97b24 Author: Andrew Deason Date: Fri Feb 21 15:30:49 2014 -0600 rx: Avoid rxi_Delay on RXS_CheckResponse failure Currently we rxi_Delay whenever RXS_CheckResponse fails for any reason. This can result in disastrous performance degradations if a client keeps sending "bad" responses, since rxi_Delay'ing here will delay the Rx listener thread. This means we cannot receive any packets for about a second, which can easily cause us to drop a lot of incoming packets. Instead, send the abort after 1 second by scheduling an event. This will retain existing behavior from the point of view of the client (it will get the abort after 1 second), but avoids hanging the Rx listener thread. FIXES 131802 Change-Id: Id8f9fc46902ae3cf019dd0ece0a96133b9b9d07c commit 61d80537cae95d125c4b9fed31e2454a281b8b02 Author: Andrew Deason Date: Fri Feb 21 15:26:35 2014 -0600 rx: Split out rxi_SendConnectionAbortLater Take the functionality in rxi_SendConnectionAbort that schedules a delayed abort, and split it out into a new function, rxi_SendConnectionAbortLater. This allows callers an easy interface to send such a delayed abort with their own delay. This commit should incur no change in behavior; it is just code reorganization. Change-Id: I6503cf6ebb3e664d95b8792f2311ea14ee63c11d commit db00a2c8b5186c003fc049b8ae6eda97f58ffcea Author: Benjamin Kaduk Date: Fri Mar 28 09:19:30 2014 -0400 Disable kauth by default We should actively be discouraging the use of the kaserver and related utilities. The src/kauth/ directory will still be compiled, just not installed. (If we stopped compiling it, it would likely bitrot very quickly so as to become unbuildable, and having it still build seems a reasonable goal given our obligations with respect to compatibility with IBM AFS for the use of the AFS name.) Change-Id: Ib710af3e177223d85cd9c6099ce75e700b6a2958 Reviewed-on: http://gerrit.openafs.org/10962 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Jeffrey Altman commit e6110959e802bd9ae60e3724ba41078e7b335bab Author: Michael Meffie Date: Fri Mar 28 17:08:46 2014 +0100 volser: fix spurious strcat of volume extension. Fix malformed merge error left over from commit 4f9ec8396d1c7f12f8fa264cea7c255ce62b7b8d where we converted strcat to strlcat. Change-Id: Ibae3e09c8a659f4b084256b18ee5774f11fe9f8f Reviewed-on: http://gerrit.openafs.org/10963 Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit 70f825bcd2de3eab9d0c62079318a215f8728cd6 Author: Michael Meffie Date: Thu Mar 27 09:24:16 2014 +0100 viced: disable hot threads Turn off the rx hot threads feature in the file server. This feature was an old optimization intended to reduce context switching, however generally makes performance worse on modern hardware. Performance improvements from disabling hot threads was identified by Simon Wilkinson (YFS) at the European AFS and Kerberos Conference (EAKC) 2014 at CERN. Change-Id: Id3053a61ebdb2d49d2bf36ebe07a35cc07b5d65c Reviewed-on: http://gerrit.openafs.org/10957 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: D Brashear commit da549eea21941681c075796512a27a830259c835 Author: Stephan Wiesand Date: Wed Mar 12 10:47:17 2014 +0100 doc: bos setrestricted -mode 0 does make sense Commit 070230ab76e1df338db3f2a7971111ca976a0c1a added documentation of the mode parameter to bos setrestricted, claiming that the value 0 is useless, and commit eee0bf5871944d919951cc8b7b4908ee909c3b62 added documentation of the restrictmode entry in BosConfig, claiming that it can only be set back to 0 with an editor. Both claims are wrong, since bos setrestricted -mode 0 will do exactly that (if it succeeds, which it only can if the server is running in unrestricted mode, which can be achieved by sending it the FPE signal). Fix the man pages accordingly. Change-Id: I07b75f7d0cea2e247fa4f346121de258e35119f5 Reviewed-on: http://gerrit.openafs.org/10885 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Marc Dionne Reviewed-by: Andrew Deason Reviewed-by: Michael Meffie Reviewed-by: D Brashear commit 0e9bb718ce231ffd73fe11810d8dc1d3902e4b2d Author: Andrew Deason Date: Wed Feb 26 11:42:16 2014 -0600 viced: Restore some previous log message language Before commit 6c41b1f740e16b5b9adfe9026630595be6f0699e, we logged these three messages in the fileserver in different situations: CallPreamble: Couldn't get client. CallPreamble: Couldn't get CPS. Fail CallPreamble: couldn't reconnect to ptserver After commits 6c41b1f740e16b5b9adfe9026630595be6f0699e and 0a5e878aa0a71c4dfaef1806744ed78bcc13b9f4, these messages were changed to contain more useful information, but the language was also changed. The messages now look like: Client host too busy while handling request from host %s:%d viceid %d fid %lu.%lu.%lu, failing request Cannot get CPS for client while handling request [...], failing request Cannot reconnect to ptserver while handling request [...], failing request While the new messages are more informative, and (in my opinion) better describe what is happening in those situations, they do look very different from the old messages. This can break scripts that try to parse these logs, but in general it is also not clear to administrators that these messages still refer to the same events. So instead, put these messages back the way they were. Still include the extra information, of course, but revert the language to look more like the old messages. Now we log: CallPreamble: Couldn't get client while handling request from host %s:%d viceid %d fid %lu.%lu.%lu, failing request CallPreamble: Couldn't get CPS while handling request [...], failing request CallPreamble: couldn't reconnect to ptserver while handling request [...], failing request Thanks to Ben Kaduk for bringing this up. Change-Id: Ie2389fb598640d79f0f0725c3161c7af7924ffb4 Reviewed-on: http://gerrit.openafs.org/10857 Reviewed-by: Benjamin Kaduk Reviewed-by: Andrew Deason Tested-by: D Brashear Reviewed-by: D Brashear commit a30b98c97d6fbf87018bcb6943e09c1c75a3918d Author: Michael Meffie Date: Thu Mar 13 12:40:17 2014 -0400 doc: volscan man page Provide a man page for the volscan utility Change-Id: Ibaecb2b9030ee71d81f13b897694c4cf3b4b9516 Reviewed-on: http://gerrit.openafs.org/10905 Reviewed-by: D Brashear Tested-by: D Brashear commit af2e3d81cff39ed06e3bfbfcbfff52163c503c54 Author: Michael Meffie Date: Wed Mar 12 15:15:32 2014 -0400 volinfo: separate volscan binary Refactor vol-info.c into several files and change the makefile to build a separate volscan binary, instead of using the program name to determine if the user is running volinfo or volscan. This commit adds new source files for the volinfo and volscan main() function and a common header file. Change-Id: I53a2a503812237a850170c39c81ee3fb56c8282e Reviewed-on: http://gerrit.openafs.org/10903 Reviewed-by: D Brashear Tested-by: D Brashear commit 77e4d2146e166c5c70d4255408bde5e6499a06bf Author: Michael Meffie Date: Wed Mar 12 09:37:59 2014 -0400 volinfo: refactor global options Move the global options to a structure and pass it to the vol-info functions. This is a precursor for creating separate volinfo and volscan programs. Change-Id: I86ea9e875f73831e6c7ea4b50591e31df3e0c39f Reviewed-on: http://gerrit.openafs.org/10902 Reviewed-by: D Brashear Tested-by: D Brashear commit 8119636976de651ff0b8ccdca6a1a703643f7447 Author: Michael Meffie Date: Sat Mar 15 11:04:31 2014 -0400 volscan: hide -mask option The -mask option is unneccessary and sets a bad precedent, so deprecate and hide this option. The vnodes of interest can be found can be found easily and much more flexibly with a simple command pipeline. Change-Id: Ibe75928c6b041d135c0cb5867228947cd7f4e889 Reviewed-on: http://gerrit.openafs.org/10901 Reviewed-by: D Brashear Tested-by: D Brashear commit db2ed13359ce8e3cd6a4981f8ce8e10ba61f6463 Author: Michael Meffie Date: Wed Sep 4 15:10:16 2013 -0400 volscan: avoid printing null mount-point cellname The 'mcell' field is null when there is no cell set in the mount point, so do not try to print it. Change-Id: I363310665313f7bbcca783a4d9be87aaa7b0a8fe Reviewed-on: http://gerrit.openafs.org/10226 Reviewed-by: D Brashear Tested-by: D Brashear commit dfd416440670d6a14496d44996097d4f501947ca Author: Benjamin Kaduk Date: Thu Feb 6 17:34:21 2014 -0500 aklog: those pesky assignments in conditionals This one should actually be an assignment, and the compiler warning for having two sets of parentheses is helpful. Found by clang on FreeBSD 10.0. Change-Id: Ic906cbdc50a20bcd0b91555581b60c518da2bc81 Reviewed-on: http://gerrit.openafs.org/10823 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman Reviewed-by: D Brashear commit b9fb9c62a6779aa997259ddf2a83a90b08e04d5f Author: Benjamin Kaduk Date: Thu Feb 6 16:11:49 2014 -0500 pioctl.c: removed unused variable The 'rval' variable is only actually used in the LINUX20 case; adding another conditional block is making the LINUX20 case different enough that it should get split out entirely. Doing so lets the 'else' clause be simpler. Found by clang on FreeBSD 10.0. Change-Id: I60c56af355fdb68752d9596ff2cd7a4259b43fe9 Reviewed-on: http://gerrit.openafs.org/10819 Tested-by: Benjamin Kaduk Reviewed-by: Perry Ruiter Reviewed-by: D Brashear commit 8beba712d95b637225f215534a759961ff4d80a9 Author: Michael Meffie Date: Fri Feb 7 06:55:31 2014 -0800 fs: display cell not available on ESRCH The cache manager pioctls abuse ESRCH to represent errors due to unavailable cell information. Give a more sensible error message to the user when a pioctl returns an ESRCH error, instead of "no such process", which is the conventional meaning of ESRCH. The new error message is consistent with the Windows implementation of fs. For example, on a host with a misconfigured ThisCell and/or CellServDB. $ fs wscell fs: No such process becomes: $ fs wscell fs: Cell name not recognized. Change-Id: Ibdcb0957118205b9540cae07b3cafa65c51ff497 Reviewed-on: http://gerrit.openafs.org/10824 Tested-by: BuildBot Reviewed-by: D Brashear commit 3db647e327bbb4621f4d66f85678424471453703 Author: Michael Meffie Date: Thu Mar 6 10:50:56 2014 -0500 libafs: allow bkg daemon requests without creds Make the creds argument optional for background daemon requests which do not need to pass a cred. Change-Id: Ic4ac69d746e8a84993069e37bdd0440622febd70 Reviewed-on: http://gerrit.openafs.org/10880 Tested-by: BuildBot Reviewed-by: D Brashear commit d07fb827a6d142142216b3effd32814cd721cc06 Author: Michael Meffie Date: Sat Mar 8 14:30:27 2014 -0500 libafs: afs_SetupVolSlot function Move the code block to get and setup volume slots out of afs_SetupVolume to a new local function called afs_SetupVolSlot. This new function acquires the afs_xvolume lock and releases it before returning. Change-Id: I1bd33f13e0525f9ff050d7e161cf29a511e5c4b8 Reviewed-on: http://gerrit.openafs.org/10879 Tested-by: BuildBot Reviewed-by: D Brashear commit bbda24f9d324493e3f59c216a465fb2383d8f557 Author: Michael Meffie Date: Sat Mar 8 12:35:23 2014 -0500 libafs: put volume disk cache i/o in afs_UFSGetVolSlot Move the reading of the volume items file to the afs_UFSGetVolSlot() to make it more clear the volume items file is not accessed when memcache is in effect. This changes the afs_GetVolSlot to return an intialized volume slot, if one can be gotten. Change-Id: I0c76ca8c8e1cc19677ce950bfb454755bbbee86a Reviewed-on: http://gerrit.openafs.org/10878 Tested-by: BuildBot Reviewed-by: D Brashear commit 75e3a5897405eeeba047cca1103ac32ccfaa03dc Author: Michael Meffie Date: Sat Mar 8 11:41:26 2014 -0500 libafs: afs_InitVolSlot function Add a new local function to initialize newly gotten volume slots and move that code out of afs_SetupVolume(). Initialize the slot before putting the volume in the volume hash table list. Make it more clear to avoid using record 0. The volume items record 0 is not used, so avoid setting the tf pointer to the static fvolume buffer when reading record 0. Change-Id: Iffba52fbf8d72459c9a36015964e61d485f22ad4 Reviewed-on: http://gerrit.openafs.org/10877 Tested-by: BuildBot Reviewed-by: D Brashear commit be36376b244d1d94b24cb8fce44810fb31b7b5ce Author: Michael Meffie Date: Sat Mar 1 14:52:48 2014 -0500 compile_et macros to generate source and headers separately Common makefile macros to generate headers and source files separately using the new compile_et -emit option. Change-Id: I5848922fbe1d94f9d3cec829a3ed657e7f63d191 Reviewed-on: http://gerrit.openafs.org/10869 Reviewed-by: D Brashear Tested-by: D Brashear commit 389473032cf0b200c2c39fd5ace108bdc05c9d97 Author: Marc Dionne Date: Wed Mar 19 11:15:13 2014 -0400 Linux: Do drop dentry if lookup returns ENOENT Commit 997f7fce437787a45ae0584beaae43affbd37cce switched to using d_invalidate instead of d_drop to prevent unhashing dentries which are only temporarily invalid and may still be referenced by someone having a current working directory pointing to it. This could result in getting ENOENT from getcwd() after some transient problems, even when the directory is there and accessible. The change had the side effect of potentially leaving something visible when it has actually been removed, for instance a mountpoint removed by "fs rm". If afs_lookup returns ENOENT, we want to forcibly drop (unhash) the dentry, even if it has current users. Change-Id: I0e7b6e09b2c4ae551fa6c84235ed31f7df476b45 Reviewed-on: http://gerrit.openafs.org/10928 Tested-by: BuildBot Reviewed-by: D Brashear commit 5cc3aec78a4329885b450c15ce228fa6fb413fdf Author: Benjamin Kaduk Date: Sat Mar 22 15:28:46 2014 -0400 bcrypt keys are in the rxkad list, not the rxgk list Fix the presumed typo in the loop intended to skip them. Change-Id: I863fb12792b82d528938ad0598aa626880f11a41 Reviewed-on: http://gerrit.openafs.org/10947 Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit 900427ecac4bde5ef78ae9fc86f9237552cc1dd4 Author: Chas Williams (CONTRACTOR) Date: Fri Mar 21 16:33:36 2014 -0400 vlserver: Add auditing to some more RPC's A future commit will conditionally restrict access to these RPC's. Auditing will allow debugging and monitoring of this feature. Change-Id: Id8a8a1831c82ef967eb6cced1609915d1d6b774f Reviewed-on: http://gerrit.openafs.org/10939 Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit cc39ac77c6e8d120a41ffe67a60896463323ab31 Author: Chas Williams (CONTRACTOR) Date: Fri Mar 21 14:35:46 2014 -0400 volser: remove commented code Apparently this predates AFS 3.0 so it should be safe to remove. Change-Id: Ifec145c71da4668066bf428fb594943dfce20e88 Reviewed-on: http://gerrit.openafs.org/10935 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit dc2a4fe4e949c250ca25708aa5a6dd575878fd7e Author: Jeffrey Altman Date: Sat Dec 14 19:38:50 2013 -0500 vos: GetServer search for non-loopback address GetServer() is used to obtain an IP address for the 'aname' parameter. 'aname' can be either a dotted address or a host name. If it is a dotted address, it is returned immediately. If it is a host name, then gethostbyname() is used to obtain an IP address. The prior version of this function had two failings: 1. It assumed that a struct hostent only contained a single address. It used the former h_addr field. For all platforms supported by OpenAFS h_addr is a macro referencing the first address in the h_addr_list array. If h_addr was a loopback address, it would ignore any additional addresses that might be in the list. 2. It assumed that if gethostbyname(aname) returned a loopback address as h_addr that 'aname' must be referring to the machine that the vos command is being executed on. It therefore used gethostname() to obtain an alternate name to use for a gethostbyname() query. The results of this query were not checked to be a loopback. As a result, a loopback address could be returned to the caller which in turn could be set into the VLDB. Change-Id: Ib8d513be9daf650045e9c40718b0187f6b9770a2 Reviewed-on: http://gerrit.openafs.org/10585 Reviewed-by: D Brashear Reviewed-by: Benjamin Kaduk Reviewed-by: Harald Barth Tested-by: BuildBot commit b8589f1b59e520aae8d412170b663ff3bc214667 Author: Michael Meffie Date: Sat Jan 18 23:03:44 2014 -0500 libadmin: add missing bubasics dependency bubasics is a dependency of libadmin. Add it to the top level makefile. This missing dependency was found by analyzing the libadmin header file includes. Change-Id: I300669387cea95a0fe800cffb4024356641591e6 Reviewed-on: http://gerrit.openafs.org/10727 Reviewed-by: D Brashear Tested-by: D Brashear commit 64dd6dd018eb7413636ed6416bd244bb81893d9e Author: Michael Meffie Date: Tue Mar 11 12:40:33 2014 -0400 libafs: reset global icl set pointers on shutdown Avoid panicking when an icl tracing function is called after shutdown_icl. There is a window during shutdown in which pioctls can be requested after the shutdown_icl is issued. Reset the global icl set pointers so tracing is disabled after the shutdown_icl, instead of using pointers to freed memory. Removed the unneeded afs_icl_FindSet calls and use the global pointers which were set during the initialization. Change-Id: I3310868a28850236a2870b8dab858ecb7a815c11 Reviewed-on: http://gerrit.openafs.org/10884 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Benjamin Kaduk Reviewed-by: D Brashear commit cb4ec4e4952b40999013d4f67c0add6bf51ff286 Author: Benjamin Kaduk Date: Wed Mar 19 12:16:48 2014 -0400 Make struct CallBack indentation uniform again Align the per-field comments. Change-Id: Ic9da32851c518b29e110fb80428a1f261bbd9cbf Reviewed-on: http://gerrit.openafs.org/10929 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Jeffrey Altman commit 705f3ee384814bc082817267a2658bd5c918550c Author: Hartmut Reuter Date: Mon Mar 10 17:21:21 2014 +0100 volser: use also vn_length_hi in dump size calculation Only the low order 32 bits of the file length were used. Now using macro VNDISK_GET_LEN instead of direct FillInt64. FIXES 131819 Change-Id: Iaecd68764f4b071d6b8c838362e7e657578d9b2f Reviewed-on: http://gerrit.openafs.org/10876 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 3a0c348d6ebc375f11d2bab70de9a00f5905fe94 Author: Michael Meffie Date: Sat Mar 15 11:31:27 2014 -0400 doc: fix typo in volinfo man page Change-Id: I46e13bb879206fb561fe0f0d99a6ed412ab64629 Reviewed-on: http://gerrit.openafs.org/10904 Reviewed-by: Ken Dreyer Tested-by: Ken Dreyer commit cb18fbde6536942e4bc87bd5943a13cc14fbe332 Author: Benjamin Kaduk Date: Fri Mar 14 11:13:15 2014 -0400 libafs: DARWIN: update for Xcode 5.1 (1) remove -mlong-branch from amd64 build Random internet postings suggest that it has triggered a warning since at least Xcode 3.2, and the gcc manual page suggests that it is only applicable on ppc, anyway. (2) remove -mpreferred-stack-boundary=4 from the amd64 build The evidence here shows up less readily in an internet search, but it seems that Apple's compilers will force the stack alignment to 16 bytes regardless of what is passed here. One poster had trouble with -mpreferred-stack-boundary being unused in Xcode 4.4.1 This change only fixes warnings reported as errors by buildbot; it does not attempt to fully synchronize with the flags that Xcode 5.1 uses for kernel module builds. Change-Id: Iac1fcf3cdb5ab847a04278d1c05761bd371828e2 Reviewed-on: http://gerrit.openafs.org/10896 Tested-by: BuildBot Reviewed-by: D Brashear commit 52a9d1929518feab17b81b0a9db7ba45f69d5071 Author: Benjamin Kaduk Date: Thu Mar 13 16:37:10 2014 -0400 Do not use garbage-collection for DARWIN ObjC apps Xcode 5.1 does not support this feature. Change-Id: I30457ae73f867637ab154b94d4a6c57089d9b48d Reviewed-on: http://gerrit.openafs.org/10890 Reviewed-by: D Brashear Tested-by: D Brashear commit 8832cd4e61f04fa5c650060e968bd7834afebd92 Author: Benjamin Kaduk Date: Thu Mar 13 15:33:44 2014 -0400 Use correct include guard for vol_prototypes.h Correct the case of the 'h'. Change-Id: Ib78cbff02ac881aa54c46832db94094f7a74ff5f Reviewed-on: http://gerrit.openafs.org/10889 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 3f189f8fe8cbb52aac4b7b5fe767d0de481cb569 Author: Benjamin Kaduk Date: Thu Mar 13 15:30:42 2014 -0400 Remove static const char copyright[] We do not have copyright strings in our other executables for the other copyright statements applicable to them, so these are rather exceptional. They also cause build failures with OS X Xcode 5.1 and --enable-checking . Change-Id: I0ead56387f77459a49093ff66fdea9c033f02f5a Reviewed-on: http://gerrit.openafs.org/10888 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 0aad06df1d25208659005192e8bbd872d5fb613b Author: Benjamin Kaduk Date: Thu Mar 13 15:27:16 2014 -0400 opr: removed the unused static_inline initnode This was included in the initial rbtree import, but is not used. clang from OS X's Xcode 5.1 now warns about this unused function, which is an error with --enable-checking . Change-Id: I896504e83be317394418a7cc1b3f518e675fbb5b Reviewed-on: http://gerrit.openafs.org/10887 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 62f922445d3501fff4320cc7c8d93b6cd1a6361e Author: Jeffrey Altman Date: Sun Mar 16 15:41:45 2014 -0400 Windows: Platform specific MIDL output Add $(CPU) to the MIDL generated _c.c and _s.c output files to prevent conflicts. Change-Id: Ie10c85fa0b9cab19b107b44c2cf452925b8ee521 Reviewed-on: http://gerrit.openafs.org/10907 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit faa5195fcfe1e202665462d273c00b900bf5ac17 Author: Jeffrey Altman Date: Sat Mar 15 12:44:09 2014 -0400 Windows: XP do not mark rdr devices as secure Commit 9174531dca75f1f2d235ed806f784422792c3ab2 introduced the use of device characteristics (secure and remote) to the IoCreateDevice() and IoCreateDeviceSecure() calls for the AFSRedirector device objects. After this change end users began to report problems on 32-bit Windows XP SP3 when the initial access to the AFS redirector was performed by a Limited Access Account. This patchset conditionalizes the specification of the secure device characteristic when registering the redirector with MUP on 32-bit Windows XP. Change-Id: I0fb9671b8a05a841f2356d100e7031c961a7c482 Reviewed-on: http://gerrit.openafs.org/10906 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 85b747fc549a46b2170c99ab4fb86326894210ef Author: Jeffrey Altman Date: Wed Mar 12 12:41:45 2014 -0400 Windows: NP AFSGetConnectionInfo AuthId == 0 During the processing of a network provider GetConnectionInfo request if the provided Authentication Logon Session Id is zero, the redirector should attempt to obtain the Logon Session Id in kernel. This was not performed within AFSGetConnectionInfo(). Change-Id: Ia060abfdebc17e52eefac24ac9dc19a7d6434314 Reviewed-on: http://gerrit.openafs.org/10899 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 8a6732f9f6d876fc20f5612a4b325533d157d091 Author: Jeffrey Altman Date: Wed Mar 12 12:39:59 2014 -0400 Windows: NP AFSGetConnection retrieve AuthId sooner When processing a network provider GetConnection requestion obtain the Authentication Logon Session Id earlier in the function so that it can be logged as part of subsequent trace messages. Change-Id: Ifef7d2da44e0266683b93bc76f25ee825294062c Reviewed-on: http://gerrit.openafs.org/10898 Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 939784c017f065a2f4fce19b48cdde56ac4be83c Author: Jeffrey Altman Date: Mon Feb 10 05:13:37 2014 -0500 Windows: AFSShareWrite do not assign pFcb too soon In AFSShareWrite the value of pFcb is used to determine whether or not the pfcb->NPFcb->Resource must be released upon exit. Therefore, it must not be assigned a value until just before the resource is acquired. Change-Id: I6951d91fcf672c8d236d19e075fff0be3552c9b8 Reviewed-on: http://gerrit.openafs.org/10828 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 01a7c64e472c241798306e7f8137de28efdef37e Author: Stephan Wiesand Date: Fri Feb 28 18:47:12 2014 +0100 bozo: remove obsolete bnode_Deactivate() prototype Commit 54eb2485b59550ba42569ed3a8d76211a3a35019 removed the implementation of bnode_Deactivate(), which had been #ifdef'd out for a long time, but left the prototype in place. Remove the obsolete declaration in bosprototypes.h as well. Change-Id: I323a3f945fcab97d7c4db191192d3ef11482d64e Reviewed-on: http://gerrit.openafs.org/10868 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit eee0bf5871944d919951cc8b7b4908ee909c3b62 Author: Stephan Wiesand Date: Fri Mar 7 11:03:36 2014 +0100 doc: improve man pages related to bos restricted mode Mention the restrictmode entry and the commands for setting and querying it in the BosConfig man page, and add/fix cross references between the BosConfig, bos, bos_getrestricted and bos_setrestricted ones. Change-Id: I938ef4c43c1a248335f09975c454b36f7570782c Reviewed-on: http://gerrit.openafs.org/10874 Reviewed-by: Ken Dreyer Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 89fdd9084fa31827dea487ddb68355d621170f58 Author: Perry Ruiter Date: Wed Mar 5 21:53:16 2014 -0800 cellconfig: move memcpy outside loop memcpy only needs to be done once prior to each entry into loop, so move it outside the loop. Change-Id: I68c09b240756f830b1a4dc9b8a338916f91cd7b2 Reviewed-on: http://gerrit.openafs.org/10872 Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk Reviewed-by: Michael Meffie Tested-by: Michael Meffie Reviewed-by: Jeffrey Altman commit 189a17146e789f2cf716ed3a477ed6f54776df12 Author: Michael Meffie Date: Thu Mar 6 11:42:52 2014 -0500 doc: fix typo on ka-forwarder man page Change-Id: I9cedc1ee2c3fac249ad5b2c66c5e0eef6d5d570c Reviewed-on: http://gerrit.openafs.org/10873 Reviewed-by: Stephan Wiesand Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit 8803c35994eb48605e26831296bd1c57f0adf50a Author: Jeffrey Altman Date: Mon Feb 17 01:12:37 2014 -0500 Windows: cm_ForceNewConnections serverp == NULL If serverp == NULL, return immediately. Do not dereference a NULL pointer. Change-Id: I47781a03f22a83289a23b30ff375249fec18ff51 Reviewed-on: http://gerrit.openafs.org/10845 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit 4e3ceaccd9dc2b6e6a20e938d82af1ebaa2c43c8 Author: Stephan Wiesand Date: Thu Nov 21 10:44:05 2013 +0100 redhat: don't package kpasswd While kpasswd was in the separate openafs-kpasswd package to avoid clashing with the krb5 executable, openafs-debuginfo still conflicted with krb5-debuginfo. Don't package kpasswd at all. Package the renamed executable, kapasswd, in openafs-kpasswd instead of openafs, together with the renamed man page. Once we're here, provide the man page for the other executable in there too. FIXES 131771 Change-Id: I0d7af82072847a19f0e1ce34dbeeb34623d2ef38 Reviewed-on: http://gerrit.openafs.org/10481 Tested-by: BuildBot Reviewed-by: Ken Dreyer Reviewed-by: D Brashear commit 7a7ee20bb609ec0b23d36d2376ffc6eda58fa47b Author: Garrett Wollman Date: Thu Feb 13 23:03:59 2014 -0500 doc: Document dependencies required for building everything Add a new section to README.DEVEL that describes the packages required to build everything (including all optional code like the FUSE-based user-mode client). Start with what I figured out for FreeBSD (tested on a clean 10.0 install) and what Russ Allbery described on the openafs-devel list in . Change-Id: Ib90cd653a822f8699df613aabdd3442edc10c98a Reviewed-on: http://gerrit.openafs.org/10844 Reviewed-by: Ken Dreyer Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman commit b7326e487f6387033282cc5d1128b00a0456673a Author: Benjamin Kaduk Date: Wed Feb 5 18:32:16 2014 -0500 afs_fetchstore: re-avoid uninitialized variable As noted in the gerrit comments for change 10742, commit baf6af8a8f2207ce39b746d59ca4bc661c002883 does not handle the case where the second rx_Read() call fails, and the 'length' variable can still be used uninitialized. Instead of using an err label and jumping to it on the case of errors, initialize length to zero and take care to neither set nor access *alength if an error has occurred. This is more consistent with the style of the surrounding code while still avoiding the use of an uninitialized variable. Change-Id: I6abfa4a5f051368ca12ada1494fc7687f378d319 Reviewed-on: http://gerrit.openafs.org/10806 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 63291be2216762dd89072f41c9a016608b736ceb Author: Benjamin Kaduk Date: Thu Feb 6 17:27:28 2014 -0500 fstrace: only declare 'rval' when it is used ... to avoid compiler warnings about unused variables. Found by clang on FreeBSD 10.0. Change-Id: I30c9fbc0e2fb0f9af273f0f17861009b6d0577df Reviewed-on: http://gerrit.openafs.org/10822 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit 53d7145416c0a6bafa7ecccd113178fc4af04f8f Author: Benjamin Kaduk Date: Thu Feb 6 17:01:19 2014 -0500 FBSD: Switch the dummy 'data' for mount(2) The mount(2) API takes a void*, but 'rn' is const char*, which is const-incorrect. Our vfs_cmount implementation ignores the 'data' parameter, but upstream's kernel mount(2) implementation did have a NULL check until r158611 (in the 6.1 or 7.0 timeframe), so leave that comment for now. Arguably we should be using nmount(2) instead of mount(2) anyway, but leave that for a separate patch. Change-Id: I22fd85c2f1a32aa849e182d263de119a953690d2 Reviewed-on: http://gerrit.openafs.org/10821 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 758ec15f9391c296f1caa042385148f1a5e0bc84 Author: Benjamin Kaduk Date: Thu Feb 6 16:22:49 2014 -0500 pointers are not castable to unsigned int When printing a pointer's value for debugging purposes, use the dedicated printf format specifier for pointers instead of assuming that unsigned int ('x') is good enough. Found by clang on FreeBSD 10.0. Change-Id: I18c42df0bf03c2d0e9e7c757445b8ff0f616c671 Reviewed-on: http://gerrit.openafs.org/10820 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit a52346ae503dc6aedb5115ef6b089ae26f46a58c Author: Benjamin Kaduk Date: Thu Feb 6 15:52:49 2014 -0500 Satisfy clang's aggressive strlcpy warnings Passing something related to the length of the source as the length argument to strlcpy triggers a warning, which is converted to an error with --enable-checking (on FreeBSD 10.0). The current code is safe, since it is using the same expression that was used to allocate the destination buffer, but switch to using a separate variable to hold the length and use that variable for both allocation and copying, to appease the compiler. Change-Id: I580083d142fd19a4e7828c915b4846868fa8f917 Reviewed-on: http://gerrit.openafs.org/10818 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit add4b8100e9b9624b6e03fa7d471367720ab062e Author: Benjamin Kaduk Date: Thu Feb 6 15:52:42 2014 -0500 Remove unneeded inclusion of This file is deprecated on FreeBSD, and is not used anywhere. Change-Id: If10816f26da91855d10826d53501e5b9974cd292 Reviewed-on: http://gerrit.openafs.org/10817 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 3e4af71581fa8d174a0127bb225e7fba2450aaae Author: Jeffrey Altman Date: Wed Jan 22 22:17:56 2014 -0500 Windows: cm_GetCell_gen Fixup cm_server cellp on race If a race occurs during the instantiation of a new cm_cell_t object, the created servers will point at the wrong cm_cell_t object after the race is detected. Before cm_GetCell_gen completes the cm_server_t objects must be fixed to point to the correct cm_cell_t. Change-Id: I8341c2cfd2a8ac7be31699d11f78b4b9ced257af Reviewed-on: http://gerrit.openafs.org/10777 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 7760acc4570a306390f0b7e5acf4b21e8a8cc90d Author: Jeffrey Altman Date: Fri Jan 31 00:56:49 2014 -0500 Windows: Support arbitrary callback ports Reconfigure the advanced firewall to support callback ports other than port 7001. This changes the semantics of the afsicf api. AFS_PORTSET_SERVER is now zero. Any other value is treated as a callback port. Change-Id: I4df421cc0ceb4dca94a6b5e81990115a4ce0334e Reviewed-on: http://gerrit.openafs.org/10776 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit dd9e59805b37a93f0f64c67cfa3ba4d80f1f358c Author: Jeffrey Altman Date: Fri Jan 31 00:49:44 2014 -0500 Windows: cm_AddCellProc always call cm_NewServer The current implementation of cm_NewServer handles races and collisions. There is no need to perform a cm_FindServer() check first. Just call cm_NewServer() for all server entries. Move the logging of server creation and cell assignment to cm_NewServer(). Change-Id: If0cdb2eda9bcb6234eeaef7c2a35edf751a9c0ca Reviewed-on: http://gerrit.openafs.org/10775 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 1d1e96219205d83c73d92a68b8390346ef011ef0 Author: Chas Williams (CONTRACTOR) Date: Thu Feb 6 12:47:16 2014 -0500 bos: Remove last of MRAFS references A few MRAFS tidbits were left behind during the cleanup in commit a9301cd2dc1a875337f04751e38bba6f1da7ed32. Change-Id: I7dcd30797ff87c61d57781c66cb9f7369638fa36 Reviewed-on: http://gerrit.openafs.org/10808 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit b490cfd240021d072a3fe8e2ec2a21f218baf5ae Author: Arne Wiebalck Date: Fri Feb 7 12:37:57 2014 +0100 libacl: use initialized memory Replace malloc with calloc to use zeroed memory when converting access lists. Change-Id: I17558d1737fee020772919e423c9fba37180beca Reviewed-on: http://gerrit.openafs.org/10815 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit 9f90b12e14e5511cb1c11cbc4d85cfa291be861f Author: Andrew Deason Date: Fri Jan 31 16:46:12 2014 -0600 afs: Throttle byte-range locks warnings per-file Currently, the warning messages about byte-range locks are throttled only according to what the last PID of the locking process was. So, if that same process performs a bunch of byte-range locks a bunch of times, we log this warning message at most once every 2 minutes. However, if we have even just one other process also performing byte-range locks, the throttling can become pretty useless as lastWarnPid ping-pongs back and forth between the two different PIDs. This can happen if multiple unrelated byte-range-lock-using pieces of software just happen to be running on the same machine, or if a piece of software uses byte-range locks after forking into separate processes. To avoid flooding the log in situations like this, keep track of the last warn time in the relevant vcache, so we don't get frequent warnings for byte-range lock requests on the same file. Change-Id: I446cf6a438a75aa741c5543b93f74f4184ee6508 Reviewed-on: http://gerrit.openafs.org/10796 Reviewed-by: D Brashear Tested-by: BuildBot commit 1096582bde6156bb469f2e397cbc40d13a8f2822 Author: Andrew Deason Date: Fri Aug 30 14:21:16 2013 -0500 namei: Ignore misplaced files The namei salvaging/ListViceInodes code currently ignores files where we cannot derive an inode number from a given filename. However, if a file is a valid inode filename, but is in the wrong directory, we still record it. This can cause the salvager to abort, since it assumes inode e.g. 12345 is present, but when it tries to open 12345, namei translates the inode to a nonexistant path, and we bail out. It is unknown how a namei directory structure can reach this state, but try to handle it. To be on the safe side, just ignore the files, and log a message about them. That way, if the files are required for reconstructing the volume or contain important data, they are still available if needed. And if they contain incorrect or old data, we don't screw up the volume by trying to use them. Thanks to Sabah S. Salih for reporting a related issue. Change-Id: I529e0c51f48b5b7a62d6aab0470fad71788a5b69 Reviewed-on: http://gerrit.openafs.org/10214 Reviewed-by: D Brashear Tested-by: BuildBot commit 602e8eb2000be02ef2a6627633b7ba80ea847762 Author: Andrew Deason Date: Thu Oct 3 12:51:41 2013 -0500 salvager: Handle multiple/inconsistent linktables The ListAFSSubDirs code in namei_ops.c currently detects incorrectly-named linktable files, and whines about them and says the salvager will handle them. However, the salvager doesn't really handle them, since we just use the first linktable we find (FindLinkHandle) without checking any of the information about it. So, check for these. Fix FindLinkHandle to only consider a linktable the "real" linktable to use if it actually matches the volume group id we're salvaging. Also delete any inconsistent linktables via the new function CheckDupLinktable later on. Note that inconsistently-named linktables have been known to have been created in the past due to a bug in the salvager (fixed by ae227049), and possibly due to other unknown issues. Change-Id: Iac461e1254e1f73406a2bc74eaa5a5f53d697304 Reviewed-on: http://gerrit.openafs.org/10322 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: D Brashear commit 9fca71287d2c9730139a0472c6ee891603e72672 Author: Mark Vitale Date: Fri Feb 15 16:58:16 2013 -0500 vos: move convertROtoRW core logic to vsprocs Create new vsprocs routine UV_ConvertRO in preparation for adding new function to vos convertROtoRW. Change-Id: Ic66ecbf7cacb277891bec9f8783040995ce6ce17 Reviewed-on: http://gerrit.openafs.org/9277 Tested-by: BuildBot Reviewed-by: D Brashear commit b78b7f0c3454be02048e4533ee26ef28dc8f78ff Author: Stephan Wiesand Date: Fri Jan 31 17:01:06 2014 +0100 RedHat: don't package manpages for binaries not included We don't package copyauth, aklog_dynamic_auth and rmtsysd. Omit their manpages too. Change-Id: I653e24be9ac258bcb1539bc773eebae728d6261b Reviewed-on: http://gerrit.openafs.org/10781 Reviewed-by: Ken Dreyer Tested-by: BuildBot Reviewed-by: D Brashear commit 4f253106dc5d1a5280b0a5be393df0e87e00a661 Author: Andrew Deason Date: Fri Jan 31 16:40:35 2014 -0600 afs: Include FID in DoLockWarning Provide the FID that is being locked when we warn about byte-range locks, so the user can find what file the process is trying to lock. Change-Id: I56a185c200ac73045ee29b79410e27222c2637f2 Reviewed-on: http://gerrit.openafs.org/10795 Reviewed-by: D Brashear Tested-by: D Brashear commit c73883e7846fa0421cfac29830c27c9b6aacf5ed Author: Andrew Deason Date: Fri Jan 31 16:36:44 2014 -0600 afs: Refactor DoLockWarning Change DoLockWarning around a little bit, so subsequent changes are easier to follow. Move lastWarnTime/lastWarnPid so they are only usable within this function. This commit should incur no functional change. Change-Id: I5d25f64e9c088aecee0f0c46b6c401b2caa71ccb Reviewed-on: http://gerrit.openafs.org/10794 Tested-by: BuildBot Reviewed-by: D Brashear commit 997f7fce437787a45ae0584beaae43affbd37cce Author: Marc Dionne Date: Thu Jan 30 13:50:37 2014 -0500 Linux: When revalidating, don't drop in-use dentries The Linux client can get into a state where the current working directory is seen as "deleted" by some tools, while it is still there and accessible to "ls" and other tools. This has been reported by several users and sites. One scenario that has been observed while debugging: - A process does a chdir() into a directory - This stores a pointer to the dir's dentry in the task structure - The server hosting the volume goes offline temporarily - The dentry for the directory is passed to afs_linux_dentry_revalidate - afs_linux_dentry_revalidate calls afs_lookup which returns an error (110 - ETIMEDOUT) - It then considers the dentry not valid, and calls d_drop() - d_drop unhashes the dentry unconditionally - Server comes back up, but dentry is still unhashed - getcwd() fetches the task structure pointer to the current dir dentry. If unhashed, it returns ENOENT, and the vfs layer is not involved at all. At that point, many things won't work and there is no obvious way for the user to get the directory rehashed. Instead of calling d_drop directly, call d_invalidate instead, as it will only drop (unhash) the dentry if we're the only one holding a reference. Since d_invalidate will also call shrink_dcache_parent, also remove that call from our code so it doesn't get called twice. Change-Id: I03e9872f6f9aebd28cdf6b833e14955edaa2527c Reviewed-on: http://gerrit.openafs.org/10774 Tested-by: BuildBot Tested-by: Anders Kaseorg Reviewed-by: Derrick Brashear commit 3ef0bca9ac4705f29d429af6ce2951ad1d39def1 Author: Arne Wiebalck Date: Fri Jan 10 17:29:11 2014 +0100 Log shutdown progress Shutting down fileservers with thousands of volumes can take a while and it is helpful for operations to actually see that there is progress when detaching volumes. This patch adds a log message to the fileserver log every time 100 volumes have been detached. Change-Id: I1685aa62335b223cf7cd3286188781318084c22f Reviewed-on: http://gerrit.openafs.org/10797 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Derrick Brashear commit b39833048124030bc15526d116b504fd43e100bb Author: Andrew Deason Date: Thu Jan 30 14:43:57 2014 -0600 afs: Pay attention to fetchOps->destroy error code The ->destroy function in our fetchops could change our error code, or even raise a new error. Don't ignore it. This currently doesn't do much, since fetchDestroy currently won't change the error code if it's given an error, but this can change in the future. Change-Id: I6fa98cc709cb0fbd4c1e868ba4b9be53313573ff Reviewed-on: http://gerrit.openafs.org/10787 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 3b5c636480cda73938a532ffd079ba040907f78f Author: Jeffrey Altman Date: Mon Jan 27 00:33:18 2014 -0500 Windows: Add caching to cm_GetAddrsU Cache the results of VL_GetAddrsU queries and reuse the results for subsequent calls when possible. Change-Id: I7e2b086ec311208a46439588bc820a1929d2b2b9 Reviewed-on: http://gerrit.openafs.org/10764 Tested-by: Jeffrey Altman Reviewed-by: Derrick Brashear Reviewed-by: Jeffrey Altman commit 74982e6ae1919f81184d221b56aba7f153d188ed Author: Jeffrey Altman Date: Mon Jan 27 00:30:20 2014 -0500 Windows: cm_GetAddrsU wrapper for VL_GetAddrsU cm_GetAddrsU() is a wrapper for the VL_GetAddrsU() RPC. The initial version is a bare bones replacement for the VL_GetAddrsU() call from cm_UpdateVolumeLocation(). Future changes will add caching. Change-Id: I7d51d98d8fd21b91f25424bdb795576ea44deab4 Reviewed-on: http://gerrit.openafs.org/10763 Tested-by: BuildBot Reviewed-by: Derrick Brashear Reviewed-by: Jeffrey Altman commit 311505170d59360b3c3dd67f789f395b7278bbbe Author: Jeffrey Altman Date: Mon Jan 27 00:14:36 2014 -0500 Windows: replace cm_allServersp list with osi_queue Replace the cm_allServersp list with an osi_queue. This simplifies the Add/Remove functionality which will be required in case of VLDB server uniquifier changes. Change-Id: I6b118f2a27ee4bd2eb24011aae868865615eb09f Reviewed-on: http://gerrit.openafs.org/10762 Tested-by: BuildBot Reviewed-by: Derrick Brashear Reviewed-by: Jeffrey Altman commit 335a70653adb59795f262663af3972de016c068d Author: Andrew Deason Date: Mon Jan 27 18:03:59 2014 -0600 afs: Translate VNOSERVICE to ETIMEDOUT Some fileservers will kill calls that are taking too long with the VNOSERVICE abort code. Our logic for retrying calls is already aware of this usage, but if we cannot retry the call, we still just return VNOSERVICE as an error code to our caller. Don't return this raw, since has the same value as ENOBUFS, which can cause a confusing error message from logs or applications ("No buffer space available"). Return ETIMEDOUT instead. Change-Id: Ic16422585a10cda7f21646a27c92f690b131ce9b Reviewed-on: http://gerrit.openafs.org/10766 Reviewed-by: Derrick Brashear Tested-by: Andrew Deason commit e459f44efef8d102c54205556f65318d63fec24f Author: Andrew Deason Date: Thu Dec 26 17:17:44 2013 -0500 afs: Fix afs_CheckCode identifier collision The last argument to afs_CheckCode should be unique so the call site can be identified if fstrace is turned on. BStore and BPartialStore were both using 43, so change BPartialStore to 430 to avoid the collision. Change-Id: I81a43ee41623fad10d0e70a7d9c8e6029aba30eb Reviewed-on: http://gerrit.openafs.org/10635 Reviewed-by: Perry Ruiter Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear Tested-by: BuildBot commit 34e4a4fed356fbda9fc8ace1d01a080bd09238b0 Author: Andrew Deason Date: Thu Dec 26 16:42:46 2013 -0500 afs: Treat vc_error as a CheckCode-translated code The vcache field vc_error is generally treated as an error code that has been translated through afs_CheckCode, but this is inconsistent in a few places. Fix this in a few ways: - Adjust afs_nfsrdwr so we do not call afs_CheckCode on vc_error, translating the error code twice. - Change afs_close to store vc_error in code_checkcode, and have the logging code check for specific values in code_checkcode as well. Log unknown values of code and code_checkcode, so we can distinguish between e.g. a 'code' value of VBUSY, and a 'code_checkcode' value of ETIMEDOUT. Change-Id: Iab4928efd183fb6c5b0b0f30375b9952ba13b45a Reviewed-on: http://gerrit.openafs.org/10634 Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit d2084563648cc1e8ec697c61f593935a0b5804a3 Author: Michael Meffie Date: Sat Jan 18 22:40:12 2014 -0500 libadmin: add header file deps Add the missing header file dependencies to the library targets. This is needed for parallel make. Change-Id: I60d60e68ef808a62b4063a6106672f5178c1b605 Reviewed-on: http://gerrit.openafs.org/10726 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 66093e4a2db297afea755d164cca7a6080909bda Author: Michael Meffie Date: Fri Nov 22 13:36:54 2013 -0500 libadmin: use INSTALL_DATA to export headers Use the INSTALL_DATA macro instead of cp to export header files. Change-Id: Ia460d8227f2fb2f594793a01c27f64ff7ce45273 Reviewed-on: http://gerrit.openafs.org/10515 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 9b1ffeeeb62cd9535dc2fc1522400abb428a0ac2 Author: Michael Meffie Date: Sat Jan 18 22:01:59 2014 -0500 libadmin: makefile rule for afs_AdminError.h Add a makefile rule to export the libadmin afs_AdminErrors.h header file, instead of exporting afs_AdminErrors.h as a side effect of generating the afs_AdminBosErrors error table. Add the missing afs_AdminErrors.h dependency to the afs_utilAdmin.o dependency list. Change-Id: Ib8c7d22d705061615fb20a6a521dc20f0f1d6da0 Reviewed-on: http://gerrit.openafs.org/10369 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 9b105c5586a2e9c5c55dce7785e681f73ea0a759 Author: Michael Meffie Date: Sat Jan 18 21:56:36 2014 -0500 libadmin: remove duplicate dependency afs_AdminPtsErrors.h was listed twice in the dependency afs_utilAdmin.o dependency list. Change-Id: I4bf37d0502e26e05f912a136045814e32de73c4a Reviewed-on: http://gerrit.openafs.org/10725 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit e39e226a13e38bfe0fb12b73633b6415c790c569 Author: Michael Meffie Date: Sun Jan 19 14:15:13 2014 -0500 tvolser: fix makefile clean target Remove generated source files with the clean makefile target. Change-Id: I1e7d06c217f63fb9ee749e23bca1531d22babdda Reviewed-on: http://gerrit.openafs.org/10724 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 31d6467aa058a2b49c22188dfb0ca70b766d127f Author: Michael Meffie Date: Sun Jan 19 14:02:28 2014 -0500 config: use the standard INSTALL_DATA makefile macro Replace the custom INST makefile macro with the standard INSTALL_DATA macro for installing and exporting files. Change-Id: I5d8c41d1c6d2c3ee021e0d6a5fbca8ef9178e74d Reviewed-on: http://gerrit.openafs.org/10723 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit c8e83f0e826bc0a56321408b1c7a2afa137bab05 Author: Michael Meffie Date: Fri Nov 22 12:23:17 2013 -0500 config: parallel-safe param.h makefile rule Generate the param.h.new temporary file in a parallel-safe way. The rule to generate the three copies of param.h can run at the the same time under a parallel make, clobbering the param.h.new temporary file. Instead of creating this file inline, create a common rule to generate the temporary file once. Change-Id: I823b6a55f3168e991b64660bfe51303d43f693a9 Reviewed-on: http://gerrit.openafs.org/10516 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 52fe3f52de95b698c93ca5da3c1ed59447817610 Author: Michael Meffie Date: Fri Nov 22 11:50:11 2013 -0500 libafscp: makefile install rule update Change the makefile install rules to install the header file from the libafscp directory, and not the top level include directory to make the install rules consistent with the rest of the tree. Change-Id: Ia06c29e72f7005569f2d11d3d0f6691413e0eeec Reviewed-on: http://gerrit.openafs.org/10514 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 9df43aacab0f311c15837b230761a11750f8b9cb Author: Michael Meffie Date: Wed Aug 1 17:26:33 2012 -0400 comerr: compile_et -emit option for parallel make Add the -emit option to the compile_et command to support parallel make. The -emit option allows make to generate the header and the source files independently, instead of building two files at the some time. This avoids the issue where one command creates two separate files, which is difficult to handle correctly for parallel makes. Change-Id: Ib44a8e358643cf19b4834b3bd4d5b88db6cd0ccf Reviewed-on: http://gerrit.openafs.org/7921 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 501d6d288fcaa195c3cda0be0e3423c7959c9958 Author: Michael Meffie Date: Mon Jan 20 14:37:52 2014 -0500 doc: afs_compile_et -h option Document the afs_compile_et -h option. Change-Id: I4972bcc1948e8dd7ae73dfcabfbaf822cfbfe64b Reviewed-on: http://gerrit.openafs.org/10722 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 534f802ac900df4704f4e8397eca0aeccf169023 Author: Stephan Wiesand Date: Thu Jan 23 14:43:32 2014 +0100 RedHat: Use systemd unit files on RHEL >= 7 Handle rhel >= 7 like fedora >= 15 when deciding whether to package systemd unit files or sysvinit scripts in the rpm spec file. Change-Id: I2f1e807786e484774e5a1a97c297532d86f99265 Reviewed-on: http://gerrit.openafs.org/10631 Tested-by: Stephan Wiesand Tested-by: BuildBot Reviewed-by: Derrick Brashear Reviewed-by: Ken Dreyer commit 37937a3e924eee7a09c7719ca6355703e65092e1 Author: Michael Meffie Date: Tue Jan 21 09:26:11 2014 -0500 comerr: long and short form of the -prefix option. The man page documented the prefix option as -prefix; compile_et supported only the short form -p. Document and support both the long and short forms for the prefix option; -p and -prefix. Change-Id: Ide5551b06ae888748600677ed09ba674506a584f Reviewed-on: http://gerrit.openafs.org/10721 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 15c80b1a92516a41d4aed8403db1485e97a7eff6 Author: Michael Meffie Date: Fri Nov 22 15:26:34 2013 -0500 comerr: avoid comma operator Avoid unnecessary use of the comma operator in compile_et's command-line argument processing. Change-Id: If9308d211676be471f3534e144c7d90214994699 Reviewed-on: http://gerrit.openafs.org/10491 Reviewed-by: Benjamin Kaduk Reviewed-by: Marc Dionne Tested-by: Derrick Brashear Reviewed-by: Derrick Brashear commit 355ca7b20b8bb9f06b030be966311d4afb40ed00 Author: Michael Meffie Date: Tue Jan 21 09:39:56 2014 -0500 doc: afs_compile_et -lang short form Document the -lang short form for -language. Change-Id: I4a57bdb23ca5fab4e1565d7e930cdc10097a7414 Reviewed-on: http://gerrit.openafs.org/10720 Reviewed-by: Ken Dreyer Tested-by: BuildBot Reviewed-by: Derrick Brashear commit de8ff76f8767246431115bf04a1475a0cf3ad28a Author: Michael Meffie Date: Tue Jan 21 09:36:37 2014 -0500 doc: afs_compile_et formatting fixes Fix two pod formatting errors and remove one trailing whitespace characters. Change-Id: I2ba4fd56afb8c26591d2770301c3edfdd1a898fb Reviewed-on: http://gerrit.openafs.org/10719 Reviewed-by: Ken Dreyer Tested-by: Ken Dreyer Reviewed-by: Derrick Brashear commit 8817308a87ca76bc47a0f5564b97c7942b3be04a Author: Benjamin Kaduk Date: Fri Jan 24 12:00:20 2014 -0500 FBSD: catch up to 1997 and include if_var.h with if.h The commit message for upstream's r257244 change includes: - Make the prophecy from 1997 happen and remove if_var.h inclusion from if.h. Despite the clear public posting, we were caught unawares. We made it down to the cellar despite the missing stairs, but "Beware of the Leopard" caused us to turn back, apparently. Since if.h is included in many places and if_var.h is not present on all OSes, pull the if.h inclusion into the common kernel headers for afs/ and rx/ , and add in if_var.h (as well as the sys/socket.h prerequisite). Change-Id: I228c1560a128388c187804e05c0dd2500fb2853e Reviewed-on: http://gerrit.openafs.org/10754 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 7f58e4ac454f9c06fb2d51ff0a17b8656c454efe Author: Andrew Deason Date: Fri Dec 20 12:16:37 2013 -0600 afs: Return raw code from background daemons Currently, a background daemon processing a 'store' request will return any error code in the 'code' field in the brequest structure, for processing by anyone that's waiting for the response. Since any waiter will not have access to the treq for the request, they won't be able to call afs_CheckCode on that return code, so the background daemon calls afs_CheckCode before returning its error code. Currently, afs_close uses the 'code' value from the background daemon as if it were not passed through afs_CheckCode. That is, if all background daemons are busy, we get our 'code' directly from afs_StoreOnLastReference, and if we use a background daemon, our 'code' is tb->code. But these values are two different things: the return value from afs_StoreOnLastReference is a raw error code, and the code from the background daemon (tb->code) has been translated through afs_CheckCode. This can be confusing, in particular for the scenario where a StoreData fails because of network errors or because of a VBUSY error. If we get a network error when the request went through a background daemon, afs_CheckCode will translate this to ETIMEDOUT, which is commonly value 110, the same as VBUSY. So, an ETIMEDOUT error from the background daemon is difficult to distinguish from a VBUSY error from a direct afs_StoreOnLastReference call. Either case can result in a message to the kernel like the following: afs: failed to store file (110) To resolve this, have the background daemon store both the 'raw' error code, and the error code that has been translated through afs_CheckCode. afs_close can then use the raw error code when reporting messages like normal, but can still use the translated error code to return to the caller, if it has a translated error. With this change, now afs_close will always log "network problems" for a network error, regardless of if the error came in via a background daemon or a direct afs_StoreOnLastReference call. In Irix's afs_delmap, we just remove the old usage of tb->code, since the result was not used for anything. Change-Id: I3e2bf7e36c1f098df16a1fdb0dc88b45ea87dfa9 Reviewed-on: http://gerrit.openafs.org/10633 Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear Tested-by: BuildBot commit eb3f8c99edcf005dfba836ae9ab1d3102f162c2a Author: Michael Meffie Date: Wed Jan 22 20:23:29 2014 -0500 doc: fix typo in fs setacl Fix typo in the dropbox section where 'l' was referred to as 'read', not 'lookup'. Change-Id: I6429c125f0561a1b5d4e7816930988ac1b347be7 Reviewed-on: http://gerrit.openafs.org/10750 Tested-by: BuildBot Reviewed-by: Ken Dreyer commit e03b026c4d74912152be71885f09ef50ff8c32db Author: Benjamin Kaduk Date: Thu Jan 9 23:34:30 2014 -0500 Remove some explicit sbrk() usage Mac OS X 10.9 now considers this function deprecated and warns on its use, causing the buildslave configuration to error out. Use the library routine to get a process's size instead of inlining the call to sbrk (which is unlikely to have worked as intended for quite some time -- most malloc implementations in use do not use sbrk to get their storage). Change-Id: If616e1ebbea7c0aa541fb96c486820e883363df1 Reviewed-on: http://gerrit.openafs.org/10696 Reviewed-by: Derrick Brashear Tested-by: BuildBot commit e605de61e454bc6d2c960c0c5eb514424159da7c Author: Andrew Deason Date: Wed Jan 15 09:48:48 2014 -0600 Revert "viced: Enable NAT ping on hosts" This reverts commit aafdc08cfc49da4c23ecd91f9e690fd70e95df55. The fileserver-side "NAT ping" behavior has yet to be proven to be helpful in situations with NATs. If the behavior is not helpful, this generates potentially a significant amount of extra useless traffic. So until it can be shown to what degree this is helpful, keep this behavior out of the fileserver. Change-Id: Ibf6718eb1d37b2a7e610617acc697f4ee398b89a Reviewed-on: http://gerrit.openafs.org/10712 Reviewed-by: Derrick Brashear Reviewed-by: Andrew Deason Tested-by: BuildBot commit 51d31209dc9a3082461cc9430da0975fdf28b085 Author: Benjamin Kaduk Date: Fri Jan 10 00:00:52 2014 -0500 Use an explicit symbol for uninitialized vnode types Avoid trying to get clever with stuffing -1 into an unsigned bitfield, which causes the value to change and generates a warning from clang. Just use vNull, which is intended to be used for uninitialized/empty vnodes. Change-Id: I5662887e5a68c7e687025d19226f821d8f2d6a09 Reviewed-on: http://gerrit.openafs.org/10701 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 8c937cf95f95581e63df298766f19f14db00a2b9 Author: Benjamin Kaduk Date: Thu Jan 9 23:57:37 2014 -0500 Add braces to avoid a 'dangling else' warning Change-Id: I301d7d2473d651002f0bf6baa18906bce6d46497 Reviewed-on: http://gerrit.openafs.org/10700 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 17c50911f79382e3ba8960e4b6c122b348e9baef Author: Benjamin Kaduk Date: Thu Jan 9 23:54:45 2014 -0500 Disable deprecated warnings for krb5 routines In OS X 10.9 Mavericks, Apple has marked all of the krb5 routines as deprecated (in favor of the GSS framework). We must disable these warnings in order to allow the buildslave to have a successful build. Luckily, Apple has left in rope for us to programmatically disable the deprecated attribute with a preprocessor macro. Defining this macro should be safe everywhere, so do so unconditionally. Change-Id: Iedc920001fdc5731254336424b0ab7b27274555c Reviewed-on: http://gerrit.openafs.org/10699 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit d72ed6ad4cb568c80d6d0d8e6445f1b2260df680 Author: Benjamin Kaduk Date: Thu Jan 9 23:40:09 2014 -0500 vol/salvaged.c: Remove unused variable It was incremented from an uninitialized value, which caused a build error on the OS X 10.9 buildslave. Since it's unused, just remove it entirely. Change-Id: I845e9139ffd27ba7bf4e010cf4e5625658125486 Reviewed-on: http://gerrit.openafs.org/10698 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Derrick Brashear commit 8105129987e2848f21247eea4103ae31772d68be Author: Benjamin Kaduk Date: Thu Jan 9 23:38:36 2014 -0500 viced/callback.c: Ignore dump write errors even harder Not only do we need to check the return value of write(2), but we also need to do so in a way that does not leave an empty body in the if statement, in order to appease the clang-500.2.79 found on OS X 10.9 with Xcode 5.0.2. Change-Id: I4564f05927fe14fea3365e9e250834ee948fe387 Reviewed-on: http://gerrit.openafs.org/10697 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 5c4e555f93b8db4f36667966a897fae0acd763e5 Author: Benjamin Kaduk Date: Fri Jan 10 12:33:18 2014 -0500 Add a routine to get the size of the current process Use rusage when available, and fall back to the very old sbrk(0) hack otherwise. Change-Id: Ic986fd6b93476b80008908a95f8b8e0c76d9ed9a Reviewed-on: http://gerrit.openafs.org/10695 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit baf6af8a8f2207ce39b746d59ca4bc661c002883 Author: Benjamin Kaduk Date: Thu Jan 9 22:42:26 2014 -0500 afs_fetchstore: avoid use of uninitialized variable rxfs_fetchInit() attempts to do a 64-bit RPC first, but falls back to the 32-bit StartRXAFS_FetchData() if the server appears to not support the 64-bit RPCs. We correctly did not read a length from the call if the FetchData RPC(s) failed, but proceeded to assign from the 'length' local variable into the 'alength' output variable unconditionally later on. Instead of blindly continuing on, jump to the error-handling part of the routine when we cannot read a length from the call. This has the side effect of skipping an afs_Trace3() point in the error case. Change-Id: I4840d5c692c61630c68e97b5e88f9460abade19e Reviewed-on: http://gerrit.openafs.org/10694 Reviewed-by: Derrick Brashear Tested-by: Benjamin Kaduk commit 5b8133deddc0bb32788362a44507d77ec587aef7 Author: Benjamin Kaduk Date: Thu Jan 9 17:29:04 2014 -0500 rfc3961: Use enctypes, not keytypes We previously defined the enctype symbols to be aliases for keytype symbols. The numerical values matched what we wanted (since these values are specified in an IANA registry), but the C type is not required to be the same for enctypes and keytypes. Some of our buildslave configurations notice the type mismatch and complain, so fix the types by using the enctype enum for enctype symbols instead of keytypes. Change-Id: I56ca634d52954ee44baa34e2d8c876271f171288 Reviewed-on: http://gerrit.openafs.org/10693 Reviewed-by: Derrick Brashear Tested-by: Benjamin Kaduk commit 9f8b765bbdbb8913fcadbde8d3362039e9dc8e61 Author: Andrew Deason Date: Thu Jan 9 12:44:44 2014 -0600 opr: Silence rbtree warning On OS X, gcc can complain that 'child' is uninitialized whenever this 'else if' condition is false. We already handled the case where both node->right and node->left are non-NULL earlier in this function, so this should never occur. So, to get rid of the warning, just always take the path in the 'else if', and assert that the right child is NULL. Change-Id: I3575de84ea172d3c7e0e022809fdcd0e3b4dcc27 Reviewed-on: http://gerrit.openafs.org/10687 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Derrick Brashear commit b921bf94f6433f831a8d241b5a7e96b63dc5f3f7 Author: Benjamin Kaduk Date: Mon Jan 13 16:08:14 2014 -0500 De-duplicate a couple afs_CheckCode uniquifiers These uniquifiers are supposed to be globally unique, to identify the call site within the tree. For whatever reason, a couple of them were duplicated at different call sites; provide new (unique) values to disambiguate between them. There remain a couple of uniquifiers which are used in multiple places, but those are in different architectures' implementations of afs/ARCH/foo.c, and thus will be globally unique for any particular build. Change-Id: Iff5defcade74143a45d7ef3aaacbdeb7523f2a40 Reviewed-on: http://gerrit.openafs.org/10709 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit ba0208f1d69c8c403150fb6312214f9b1c972c6d Author: Michael Meffie Date: Mon Jan 13 15:38:44 2014 -0500 xstat: fix a malformed debug message a munged format specifier obscured the missing rn arg. Change-Id: Ic0eb20413123b88e86484a9095beb3e37fdd7ed3 Reviewed-on: http://gerrit.openafs.org/10708 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear commit cda5e665ebee3da5615dba71b7a11ffff1229c6d Author: Michael Meffie Date: Mon Jan 13 15:28:17 2014 -0500 xstat: use ephemeral ports for xstat_fs_test and scout Instead of trying to bind to port 7101, and then retrying if the port is in already in use, let the os find an available port for scout and xstat_fs_test. This fixes a bug where scout and xstat_fs_test do not call rx_Finalize() before retrying rx_Init() with a different port number, causing the program to crash later when more than one copy of xstat_fs_test and/or scout are running at the same time. Change-Id: I64e4916b03b1cae20ef36bb1ae293885962677e7 Reviewed-on: http://gerrit.openafs.org/10707 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear commit ccc5d3f7adceda4d8cf41f04fe02d5cfe376befd Author: Marc Dionne Date: Tue Dec 3 14:10:00 2013 -0500 Linux 3.13: Check return value from bdi_init The use of the bdi_init function now gets a warning because the return value is unused and the function is now defined with the warn_unused_result attribute. Assign and check the return value. Change-Id: I78ae4ea356aef8c9dabe75179ad67db1fd64c28b Reviewed-on: http://gerrit.openafs.org/10530 Tested-by: BuildBot Reviewed-by: Andrew Deason Reviewed-by: Derrick Brashear commit 9a0a8ca4d186cf953b87d9fae1a35f66090b060c Author: Andrew Deason Date: Thu Apr 4 17:35:01 2013 -0500 viced: Avoid issuing redundant TMAY requests Currently, if a new Rx connection comes in from a host we already have a host struct for, we make a TellMeAboutYourself (TMAY) call to the given host, to verify the UUID (and caps, interface info, etc) is what we expect it to be. That is, if it's still the "same" host that we know about. This is necessary because we otherwise have no way of telling if the Rx connection is from the same host, or from a new host that just happens to have the same IP address (e.g. in the case that hosts are moving around and changing IPs). We do this while the host is locked, so we only issue these TMAY calls one at a time. If a large number of Rx connections come in from the same host at around the same time, this can result in a lot of TMAY requests being issued against the host, even for hosts that never change IPs and never do anything strange. In these situations, issuing so many TMAYs is useless. If we have several calls waiting to lock the host to issue a TMAY, some of the extra TMAY calls are provably useless. So instead of calling TMAY repeatedly, remember what the last successful TMAY result was, and reuse it for the "provably useless" calls. Note that this 'cache' stores the actual raw results of TellMeAboutYourself. We could save some memory by storing just how we interpret that data later on in h_GetHost_r, but this way results in way simpler h_GetHost_r logic. Since, we can use the same code paths as for a "real" TMAY call. Change-Id: I6df74e625e90499bd64c9eb34f20db440f6605a6 Reviewed-on: http://gerrit.openafs.org/9711 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 5c0a1d4acce78a582187b5ab3d0d4d60b97d7557 Author: Andrew Deason Date: Thu Dec 19 14:04:56 2013 -0600 DARWIN: Convert crfree back into a macro Commit 1d8937b860509fcaabb041bc14faf7aa3023f3c9 turned crfree on DARWIN into an inline function to work around an error flagged by clang. A side effect of this is that the address passed to kauth_cred_unref will not be the actual address of the value given to crfree; we are instead giving kauth_cred_unref the address of our function argument in order to adhere to the semantics of a function call. kauth_cred_unref seems to just take a pointer to the cred pointer in order to set the value to effectively NULL afterwards, so this is not a huge deal. However, this does mean that our current implementation undoes any of the safeguards intended by making kauth_cred_unref work this way in the first place. So, revert 1d8937b860509fcaabb041bc14faf7aa3023f3c9 and put the crfree definition back to the way it was. Fix the caller in afs_StoreOnLastReference to not cause an error by just assigning the cred pointer to a temporary value. While it's not ideal that some callers may need to do this, this is the only place where this is necessary and it's more of an artifact of the weirdness of storing a cred pointer in linkData, which probably should be changed anyway. Change-Id: I50557901203d22a7b19028be551eb40f0c4cd751 Reviewed-on: http://gerrit.openafs.org/10614 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit b0f433986ce344bf153cce1f6372de20750e052b Author: Andrew Deason Date: Tue Jan 7 18:24:54 2014 -0600 SOLARIS: Support VSW_STATS Specify the VSW_STATS flag to the vfsdef_t structure we give to Solaris. This turns on statistics that can be retrieved via fsstat(1M) and allows the fsinfo::: DTrace provider to work with AFS files. We don't need to actually maintain these statistics; Solaris does that for us. This flag just signifies that our vfs_t structure is capable of storing the information. Since we get our vfs_t from Solaris (via domount(), it gives us a vfs_t when it calls our afs_mount function) and do not allocate a vfs_t ourselves, we are safe and this is fine to do. Change-Id: I356df91ea409245f0c5b1e4ef693ac28ad8f11b2 Reviewed-on: http://gerrit.openafs.org/10679 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 64d7715c0247734731ef4cc8be5de32ee7c4a1f6 Author: Michael Meffie Date: Mon Dec 23 12:10:36 2013 -0500 vol: reset nextVnodeUnique when uniquifier rolls over The on disk uniquifier counter is set to 200 more than the current nextVnodeUnique counter when the volume information is updated to disk. When the nextVnodeUnique is near UINT32_MAX, then the uniquifier counter rolls over. This can happen during a volume header update due to VBumpVolumeUsage_r(). With this change, the nextVnodeUnique customer is reset to 2 and the uniquifier is reset to 202 when a roll over occurs. (uniquifier of 1 is reserved for the root vnode.) With this change, the number of possible uniquifier numbers is limited to 200 less than UINT32_MAX. The following shows a series of vnode creation/deletions to illustrate the uniquifier rollover before this commit: fid = 536870918.4.4294967114, nextVnodeUnique = 4294967115, uniquifier = 4294967295 fid = 536870918.4.4294967115, nextVnodeUnique = 4294967116, uniquifier = 4294967295 fid = 536870918.4.4294967116, nextVnodeUnique = 4294967117, uniquifier = 21 fid = 536870918.4.4294967117, nextVnodeUnique = 4294967118, uniquifier = 22 and after this commit: fid = 536870918.4.4294967115, nextVnodeUnique = 4294967116, uniquifier = 4294967295 fid = 536870918.4.4294967116, nextVnodeUnique = 2, uniquifier = 202 fid = 536870918.4.2, nextVnodeUnique = 3, uniquifier = 202 fid = 536870918.4.3, nextVnodeUnique = 4, uniquifier = 202 Change-Id: I93c8a7cf47e39b8701265d6507cfc4f8c1352ddc Reviewed-on: http://gerrit.openafs.org/10617 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman Reviewed-by: Derrick Brashear commit 1a287c631ead0221828ae70e10c3cfd5563fdfb7 Author: Michael Meffie Date: Mon Dec 23 11:42:19 2013 -0500 vol: fix nextVnodeUnique roll over Fixes for the per volume nextVnodeUnique counter roll over. Uniquifier number 1 is reserved for the root vnode, so reset the unique count to 2 when the nextVnodeUnique counter rolls over. Update the disk backed V_uniquifier count when the in-memory nextVnodeUnique counter rolls over during the creation of a new vnode. If the nextVnodeUnique rolls over when V_uniquifier is UINT32_MAX, then the V_uniquifier is not updated and remains at UINT32_MAX until the next VUpdateVolume_r() call for the volume. This bug is usually masked by the VBumpVolumeUsage(), which on every 128 volume accesses, bumps the V_uniquifier to be 200 more than the current nextVnodeUnique counter. This causes the V_uniquifier to roll over before reaching UINT32_MAX. (The number of access before updating the headers is set in the usage_threshold volume package option, which is currently set to 128 by default.) The following shows the unique counters for a series of vnode creation/deletions before this commit. The nextVnodeUnique rolls over to 1, and the uniquifier is not reset. The `usage_threshold' was set to a value greater than 200 to avoid the VBumpVolumeUsage() calls during this test run. fid = 536870918.4.4294967294, nextVnodeUnique = 4294967295, uniquifier = 4294967295 fid = 536870918.4.4294967295, nextVnodeUnique = 0, uniquifier = 4294967295 fid = 536870918.4.1, nextVnodeUnique = 2, uniquifier = 4294967295 fid = 536870918.4.2, nextVnodeUnique = 3, uniquifier = 4294967295 The following shows the unique counters after this commit: fid = 536870918.4.4294967294, nextVnodeUnique = 4294967295, uniquifier = 4294967295 fid = 536870918.4.4294967295, nextVnodeUnique = 0, uniquifier = 4294967295 fid = 536870918.4.2, nextVnodeUnique = 3, uniquifier = 203 fid = 536870918.4.3, nextVnodeUnique = 4, uniquifier = 203 Change-Id: I438670200bf97baeac1486eda7df4cf243aabfc4 Reviewed-on: http://gerrit.openafs.org/10616 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman Reviewed-by: Derrick Brashear commit 67232bd9d6db545cc3f0839c59ecc667a3f9965e Author: Benjamin Kaduk Date: Fri Jan 10 16:27:44 2014 -0500 Fix vcache/vnode mismatch in lookup for DARWIN We have a vcache and need a vnode, so AFSTOV() is the right macro, not VTOAFS(). It's kind of unfortunate that --enable-checking doesn't catch this. Change-Id: I924649918dd0149b5fd7e4380b5f2e49d21fc8c4 Reviewed-on: http://gerrit.openafs.org/10702 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 71ec4a3e3d887efd56be7bf712c0fd5da2f92083 Author: Andrew Deason Date: Thu Nov 14 12:53:40 2013 -0600 afs: Don't clear afs_CacheTooFull prematurely Currently, we can clear afs_CacheTooFull here, even if afs_CacheIsTooFull() doesn't agree that the cache is no longer 'too full'. This could theoretically result in afs_CacheTooFull being cleared, even though the cache is indeed 'too full', according to afs_CacheIsTooFull(). Just break here, and let afs_CacheIsTooFull() decide. This reverts a small part of 488c7c97854a4bd0ec67bcfe17df93b3fd025f88. This part doesn't seem important to the functionality in that commit, though; the rest of that commit is still here, and avoids the extra work if we have calculated no needed space to free. Change-Id: If0adce7fa2e88a970ddb202de02c8ff048d2ad15 Reviewed-on: http://gerrit.openafs.org/10460 Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit 81b785774128e9501c1d758340b6f008403b5181 Author: Andrew Deason Date: Thu Nov 14 12:06:56 2013 -0600 afs: Fix some dcache-related comments - The comments preceding the afs_CacheIsTooFull macro, describing the cache-related high and low water marks, are a little out of date. We start freeing on 90% space, not 95%, and we also can take into account how many free/used chunks we have. - afs_WakeCacheWaitersIfDrained looks at the number of non-used (free or discarded) blocks, not just free blocks. Change-Id: I5bf923b3c24993294e752f4312737815d0102779 Reviewed-on: http://gerrit.openafs.org/10459 Reviewed-by: Stephan Wiesand Reviewed-by: Derrick Brashear Tested-by: BuildBot commit cef726558d9ae24a5d3dd00d92550a527f3226df Author: Andrew Deason Date: Tue Dec 11 13:19:02 2012 -0600 rx: Clarify error checks for busy channel check Commit a84c6b0ece1fdee4f462c6ce27fa78c2e0d419f4 changed this so we don't just discard an incoming request if the call already had an error. But if the call already has an error, rxi_WaitforTQBusy is a no-op, so checking if the error has "changed" is unnecessary and can be confusing. Just bypass this whole block if the call already has an error. Discussed during the 5 Dec 2012 release-team meeting. Change-Id: Id57d65736f3228d4e7595f56800f42c52e83ef39 Reviewed-on: http://gerrit.openafs.org/8748 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 31b518fcf184ba122b6faab54e2e4fa0d37605a3 Author: Andrew Deason Date: Tue Aug 14 17:25:44 2012 -0500 viced: Move host quota calculation Calculate this during initialization, not every time we want to use it. Change-Id: I931d2f3f0b4b99add682c098dd51f03c9942f5b4 Reviewed-on: http://gerrit.openafs.org/9710 Reviewed-by: Derrick Brashear Tested-by: BuildBot commit 16d8ab09bd9a0bd75319e6c32afb8bc2c5c04e51 Author: Andrew Deason Date: Mon Dec 23 16:10:45 2013 -0500 RedHat: Fix specfile changelog Oct 29 2007 was a Monday, not a Tuesday. rpmbuild does actually yell at us about this, so fix this so it will shut up. Change-Id: I5e13f227ed62c4bbb7ac72f2c844136648c935c7 Reviewed-on: http://gerrit.openafs.org/10621 Reviewed-by: Perry Ruiter Tested-by: BuildBot Reviewed-by: Ken Dreyer commit 837ec9dd41c4b1e10ad9d32a52b0f34dd665026a Author: Andrew Deason Date: Thu Dec 26 12:56:37 2013 -0500 Fedora: Handle new kernel variant paths With Fedora 20, Fedora now separates the variant from the rest of the kernel version with a plus (+) instead of a period (.) . This results in directories called e.g. 3.12.5-302.fc20.i686+PAE, where right now we look for 3.12.5-302.fc20.i686.PAE. Use this new directory scheme for Fedora 20 builds, so we can build against non-default kernel variants on Fedora 20 and beyond. Change-Id: I309272f4f4f740058c48e92530e40a1c64d63668 Reviewed-on: http://gerrit.openafs.org/10620 Reviewed-by: Derrick Brashear Tested-by: BuildBot Reviewed-by: Ken Dreyer commit cddc732ec5fd40c94126e5f0b7103136592a2efe Author: Andrew Deason Date: Mon Dec 23 13:32:28 2013 -0500 RedHat: Munge future kernel versions We currently look for "fc1?" (that is, fc10 through fc19) when trying to munge the kernel version in some ways. This broke on Fedora 20, since 20 obviously does not match "fc1?". Similarly, we look specifically for "el6" for RHEL6 versioning quirks, but these will break on RHEL7 and beyond. Change the version checks so that this will work all the way through Fedora 99 and RHEL 9. That won't work forever, but it will keep us working for a few versions if the versioning quirks do not change. Change-Id: I64dfd483eb2cfa57d67c97ae6db09be5bb020195 Reviewed-on: http://gerrit.openafs.org/10618 Tested-by: BuildBot Reviewed-by: Derrick Brashear Reviewed-by: Ken Dreyer commit cb52cc6e44ed85515cc81685adacd7c40a48b8db Author: Benjamin Kaduk Date: Thu Jan 9 12:13:27 2014 -0500 ktc: fix up initializer for local_tokens The old initializer was incomplete (initializing only one of the four fields in the struct), which prompted warnings from clang (-Wmissing-field-initializers): ../../../openafs/src/auth/ktc.c:149:2: warning: missing field 'server' initializer [-Wmissing-field-initializers] Since the variable is at file scope, it will be initialized to all zeros anyway, and there is no need for an explicit initializer. Change-Id: Ib7690759ec3403d1913852e30bb553ef8ac8f019 Reviewed-on: http://gerrit.openafs.org/10686 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 2d5f0a971baa05fc1a79726265a8235a0ebca4c0 Author: Jeffrey Altman Date: Thu Jan 9 09:58:56 2014 -0500 Windows: AFSCommonWrite STATUS_PENDING is Success AFSCommonWrite() can return STATUS_PENDING if the write has been deferred. In that case, the function exit must not: * Update the Valid Data Length * Purge the cache * or do anything else related to the request Change-Id: Ib34bef3a1d56d452babcaf1f3cfbf77fe8f93388 Reviewed-on: http://gerrit.openafs.org/10685 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d5bcff7429dd9972b17055a9abd98f3a590dee68 Author: Jeffrey Altman Date: Thu Jan 9 09:57:33 2014 -0500 Windows: Mark Irp Pending before Deferring After CcDeferWrite() is called we no longer have access to the current Irp. If we mark it deferred after calling CcDeferWrite() we might mark the wrong thing. Change-Id: Id4b1bbd241b5e2acafc8d015e85966cb80518dde Reviewed-on: http://gerrit.openafs.org/10684 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 6995a56884f31974e9b5a7c0c50e9c1aa0351a45 Author: Jeffrey Altman Date: Tue Jan 7 10:57:01 2014 -0500 Windows: cm_ConnByServer fix search for replication Separate connection objects are maintained for use when accessing replicated and single source volumes. If the matching connection type cannot be found while holding the cm_connLock shared a second search is performed after the lock is upgraded to an exclusive lock. This second connection search was not enforcing the replication criteria. Change-Id: I408a5d87c3a82da5235fa2255db7d1d7a6bcb6d9 Reviewed-on: http://gerrit.openafs.org/10681 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit cccb5e614212c341d2f5e799066d1c30e54ba494 Author: Jeffrey Altman Date: Tue Jan 7 10:53:37 2014 -0500 Windows: cm_connLock not required for cm_GetUCell In cm_ConnByServer() there is no need to hold the cm_connLock across the cm_GetUCell() call. Obtain the cm_ucell_t object before the cm_connLock is obtained. Change-Id: I971b55e0aae7748b59895785c1c22b5461c4fd35 Reviewed-on: http://gerrit.openafs.org/10680 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit da7adce6dddd39eb151576abfb1681c559e1e4e5 Author: Jeffrey Altman Date: Wed Nov 27 14:41:18 2013 -0500 Windows: Rewrite LargeSearchTime conversions Use LARGE_INTEGER to avoid the need for shifting and DWORD casts. Take into account the size of time_t. Change-Id: I056d920894b661ebb2060a5010efd9a0cd5a4a5d Reviewed-on: http://gerrit.openafs.org/10673 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit fd9d5318023e977793a4bf62f196e70b45049f10 Author: Jeffrey Altman Date: Thu Dec 26 22:02:50 2013 -0500 Windows: RDR_EvaluateNodeByName out of order param The bHoldFid parameter is after the bNoFollow parameter. The two values were swapped resulting in unnecessary VLDB lookups. Change-Id: Ia94bd761576d54e9dde847385a4900f2d915c34d Reviewed-on: http://gerrit.openafs.org/10636 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit fb6bc16b335d0e50b49ed85570dbe9fc9adfaee0 Author: Jeffrey Altman Date: Wed Dec 18 08:48:44 2013 -0500 Windows: cm_SetupStoreBIOD compute correct scanEnd The algorithm used to ensure "chunk size" operations attempts to enforce aligned chunks. There are two problems: 1. an aligned chunk range may extend beyond the end of the file. 2. an aligned chunk might end before the requested length of the active write. Protect against scanning beyond the end of the file and do not truncate writes. Change-Id: Ibe6caebd78f73d2c93bfef0dcebef379ca843994 Reviewed-on: http://gerrit.openafs.org/10625 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 4f1d4b63a90e85fd0c2edc592d18bdbe6a0b07f8 Author: Jeffrey Altman Date: Wed Dec 18 00:07:55 2013 -0500 Windows: BUF_HASH use opr_jhash_int2 BUF_HASH takes to 4-byte integers not three and therefore cannot use the basic opr_jhash which assumes a minimum of three 4-byte integers. Change-Id: I7f30351025b3e9cd2156f772b0ed550b20964ad7 Reviewed-on: http://gerrit.openafs.org/10624 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d8f75d3206eaa56b3a819a5bc13a4bf3a9130512 Author: Andrew Deason Date: Tue Dec 10 17:02:34 2013 -0600 cellconfig: Do not use 'long' for dbserver IPs A few places in this file assume that our dbserver IP addresses are "long"s. A long int can be 8 bytes on some platforms, but we know these IP addresses are all 4-byte integers. In the rare instances where we have the maximum number of dbservers, this can overwrite a bit of extra memory. This can also result in a misaligned access on platforms such as SPARC v9, since the elements of he->h_addr_list are not guaranteed to be 8-byte aligned. So instead, treat these as 4-byte integers. For copying out of he->h_addr_list, also use a memcpy anyway to be safe, since we are not guaranteed alignment. Change-Id: I1afd6e49df32693f86392cb39ce8d7477422aa94 Reviewed-on: http://gerrit.openafs.org/10599 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 76076708a921aae0635975d418dea4b06d2c1af6 Author: Mark Vitale Date: Wed Dec 11 17:56:47 2013 -0500 viced: remove dead code CheckHost() Remove CheckHost(). Change-Id: I618066d28ef64fdfe94d5ab08ef89adb08a99fd6 Reviewed-on: http://gerrit.openafs.org/10580 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Andrew Deason Reviewed-by: Jeffrey Altman commit 0c5d403076946c7a4f53f5e44df8fe0d986cea06 Author: Arne Wiebalck Date: Fri Dec 13 11:46:04 2013 +0100 make openafs uninstallable even if /afs is missing The preuninstall scriptlet of the openafs RPM removes /afs. If, for whatever reason, that directory does not exist, the scriptlet will fail and hence break the deinstallation of the openafs package. The proposed patch makes the scriptlet evaluate to true even if the /afs has been removed by some other means and allows the package to be uninstalled. Change-Id: I3340c94521e15c56fe10840aff7b0b1080009c10 Reviewed-on: http://gerrit.openafs.org/10581 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 8b8e8c2ab1974ba4c14942cc7bd94aac8602192f Author: Stephan Wiesand Date: Wed Dec 18 10:11:48 2013 +0100 doc: fix a nit in fs_newalias.pod The CAUTIONS section is about fs newalias, not fs newcell. Change-Id: I16ede184265e03a104fb724bece7fc461ca10415 Reviewed-on: http://gerrit.openafs.org/10595 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit e988aa45d765c935fef4bcd35585d6a3594cc497 Author: Andrew Deason Date: Tue Dec 17 17:30:26 2013 -0600 LINUX: Use sock_create_kern where available Currently, we use sock_create to create our Rx socket. This means that accesses to that socket (sendmsg, recvmsg) are subject to SELinux restrictions. For all recvmsg accesses and some sendmsg accesses, this doesn't matter, since the access will be performed by one of our kernel threads (running as kernel_t or something similar, which is unrestricted). Such as: the rx listener, a background daemon, the rx event thread, etc. However, sometimes we do run in the context of a normal user process. For some RPCs like FetchStatus, we tend to run the RPC in the accessing user thread, which can result in us sendmsg()ing the data packets with the initial arguments in the user thread. We can also send delayed ACKs via rx_EndCall, and possibly a variety of other scenarios. In any of these situations when we are sendmsg()ing from a user thread, SELinux can prevent us from sending to the socket, if the calling user thread context is not able to write to an afs_t udp_socket. This will result in packets not being sent immediately, but the packets will be resent later, so access will work, but appear very slow. This can easily happen for processes that are specifically constrained by SELinux; for example, webservers are often constrained, even if most of the rest of the system is not. This can be noticed by seeing the 'resends' and 'sendFailed' counters rising in 'rxdebug -rxstat', as well as noticing SELinux access failures if 'dontaudit' rules are ignored. To avoid this, use sock_create_kern to create the Rx socket, to indicate that this is a socket for use by kernel code, and not accessible by a user. This should cause us to bypass any LSM restrictions (SELinux, AppArmor, etc). Add a configure check for this, since this function has not always existed, according to Change-Id: I77e7f87e93be4d750d398e01dc1634efd80657bc Reviewed-on: http://gerrit.openafs.org/10594 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Michael Meffie Reviewed-by: Derrick Brashear commit 2ed7023b26acb3277e42eac803a0702b95167e6e Author: Andrew Deason Date: Tue Dec 17 17:27:53 2013 -0600 rx: Remove obsolete comment This comment refers to the fact that we used to be just checking for SELinux to see if we should pass that extra argument. Ever since commit cb1b41b159b98881f66319d7f65d941ba9fab911, we do have a better test for this. Change-Id: Idf2ff879f05774f49a11d04f87579afccf385b57 Reviewed-on: http://gerrit.openafs.org/10593 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear commit 61cc913ffeb9468a6e07fa4e6263bb35b6b441d0 Author: Ben Kaduk Date: Fri Dec 13 19:07:13 2013 -0500 Sort the rfc3961 library's export symbol list It was originally committed in an unsorted state. Change-Id: Ife43b60cd625eae5062865942fc5c8956d6b6aab Reviewed-on: http://gerrit.openafs.org/10583 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman commit d40ed7391670010db0df2202d770341b2ca82f32 Author: Jeff Layton Date: Fri Dec 6 13:34:04 2013 -0500 Linux: stop trying to use getname/putname The current code has afs_putname defined as kmem_cache_free (names_cachep, (void *) name); This is wrong and will cause a double -free when syscall auditing is enabled. Fix it to call putname properly. Instead of that, just create a new afs_getname function that doesn't bother with struct filename at all, and use that unconditionally. Signed-off-by:Jeff Layton Change-Id: I1cd58a7e528abfeb7473cf47ae4cff5b8c8f419c Reviewed-on: http://gerrit.openafs.org/10547 Tested-by: BuildBot Reviewed-by: Jeff Layton Reviewed-by: Derrick Brashear commit ce96143d79ea006f7b1318dd1c962d4c4f79fc1e Author: Ken Hornstein Date: Thu Dec 5 13:57:36 2013 -0500 Remove extra whitespace from macro invocations On MacOS X 10.9, the compiler has switched to LLVM and as a consequence generates an error if there is a space between a macro invocation and the starting left parenthesis. Based on code originally done by Matt Haught . Change-Id: I28848f5294d0575d8abb1759c202cc3c2db85ac2 Reviewed-on: http://gerrit.openafs.org/10540 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit cb53d255a6285c884c6a5ea9a20427327b1ab9b3 Author: Ken Hornstein Date: Thu Dec 5 13:53:56 2013 -0500 Packaging support for MacOS X 10.9 "Mavericks". Based on work originally done by Matt Haught . Change-Id: Ibc7d79953667dfdfcc2e6c5c1c4c77249f11f4ad Reviewed-on: http://gerrit.openafs.org/10539 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit aac384b2eda823519780afed84e53a868561711d Author: Ken Hornstein Date: Thu Dec 5 13:46:18 2013 -0500 Add support for configuration of MacOS 10.9 "Mavericks". Based on work originally done by Matt Haught Change-Id: I331cfc0040fab526c32e24f6af970f352f0a0a8e Reviewed-on: http://gerrit.openafs.org/10538 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 2c8d55bee128071807143db6e880a4a6afaea9ba Author: Jeffrey Altman Date: Thu Dec 5 00:41:10 2013 -0500 Windows: RXAFS_GetVolumeStatus no PRSFS_READ check Since d2d591caf2c9b4cf2ebae708cc9b4c8b78ca5a5a the file server no longer performs a PRSFS_READ access check for the GetVolumeStatus RPC. The cache manager should no longer test for PRSFS_READ as a means of avoiding RPCs that are known to fail. Change-Id: I67bd849d337d87657db8e1f0ed2839367b7972a8 Reviewed-on: http://gerrit.openafs.org/10532 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 082597be62ce3f0dfd5fb881abd8770e2fa1ad43 Author: Chas Williams (CONTRACTOR) Date: Mon Nov 25 07:13:32 2013 -0500 lwp: rw now depends on libopr rw (a test program for lwp) needs libopr to build Change-Id: I489e675f5a1b845c7a8083466b44a73af305f8b8 Reviewed-on: http://gerrit.openafs.org/10517 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit faf14be3827fa72914a1c792c9a99a3353717ded Author: Christof Hanke Date: Thu Dec 5 10:00:42 2013 +0100 Linux: fix whitespace issue introduced in Change I1e84969b. It does not follow the overall style. Change-Id: I5f68fdf425b365d69ee94680cef014de679cf6ff Reviewed-on: http://gerrit.openafs.org/10529 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 9b6f79108725dc5b6d4cbea4697199e5e745dc99 Author: Jeffrey Altman Date: Wed Nov 27 12:26:44 2013 -0500 Windows: RDR capture Cc/Mm exceptions do not break All of the Cc and Mm functions are wrapped in try/except blocks. The purpose is to ensure that Cc and Mm do not return an error as an exception which could result in the afs redirector failing to release a resource. Instead of calling the AFS exception handler just handle the exception with EXCEPTION_EXECUTE_HANDLER. This permits the __except block to capture the exception code. The AFS exception handler will throw its own exception if the AFSDebugFlags AFS_DBG_BUGCHECK_EXCEPTION bit is set. This is helpful when debugging exceptions thrown by errors in the afs redirector code. It is not helpful when a Cc function throws an exception. For example, CcReadCopy() will throw STATUS_DELETE_FILE as an exception if an attempt to read from a deleted file is initiated. This should simply fail the read operation not BSOD the system. Change-Id: I2fd1d4db530600441272e59353fbf28b831e2691 Reviewed-on: http://gerrit.openafs.org/10524 Tested-by: Jeffrey Altman Reviewed-by: Jeffrey Altman commit 1e24762a2cf6590798aa9ce483a1374466c7847b Author: Jeffrey Altman Date: Mon Nov 25 20:27:10 2013 -0500 Windows: AFSRDFSProvider NPOpenEnum vs no redirector If there is no redirector device present, return WN_NO_NETWORK to indicate that this network provider is not ready for browsing. Change-Id: I3e33769bb2d52a59b0ff993aa07e89d959d60800 Reviewed-on: http://gerrit.openafs.org/10523 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 45f7528af726b040062b4c769bbf4fcbb93488d1 Author: Ben Kaduk Date: Wed Nov 27 10:26:33 2013 -0500 Remove klogin It has not been connected to the build since at least the 1.2 days and should be considered dead code. FIXES 131777 Change-Id: Id1551e7f9f543934dc8755a29f46aa7b905bfadd Reviewed-on: http://gerrit.openafs.org/10522 Reviewed-by: Derrick Brashear Tested-by: BuildBot commit 06fe2957348cfb2c571f2a0b099e09ef7e9fb3b0 Author: Jeffrey Altman Date: Tue Nov 26 10:52:45 2013 -0500 Windows: Rationalize Freelance vs "fs flush*" Background: cm_scache_t objects representing Freelance volume (cell=-1, volume=-1) are special because they are populated from the Freelance mountpoint and symlink tables. These tables are in turn generated from the registry. The tables are regenerated on-demand after the execution of cm_noteLocalMountPointChange() which increments cm_data.fakeDirVersion which becomes the new data version value for the (-1.-1.1.1) directory object. The next time that cm_GetSCache() is called for a Freelance object the fake root directory is rebuilt by cm_InitFakeRootDir(). Since the vnode values are not persistent with regards to directory entry names the FileId unique is used to distinguish the various versions. cm_data.fakeUnique is incremented with each call to cm_InitFakeRootDir(). Each time cm_noteLocalMountPointChange() is executed the afs redirector is notified of the data version change which will force the redirector to rebuild its view of the directory the next time a path evaluation requires evaluation of the root (\afs). In other words, on the next request. If cm_noteLocalMountPointChange() is executed multiple times there is the possibility of a race between the redirector and the service. When the race is lost the redirector receives an invalidation event for -1.-1.1.1 as it is in the process of rebuilding the directory contents. The redirector ends up believing it has the most recent data version when it doesn't but the service no longer has Freelance mountpoint and symlink tables representing the requested data version. Hence, the mountpoints and symlinks end up as CM_SCACHETYPE_INVALID. fs flushfile and fs flushvolume both had explicit checks to prevent flushing Freelance objects because each call to cm_FlushFile() on a Freelance object would execute cm_noteLocalMountPointChange() triggering the race. The Problem: fs flushall is not executed on a specific object (volume or file). Therefore there was no explicit check to prevent execution against Freelance objects. For each cm_scache_t in the cache cm_FlushFile() is processed. If there are N Freelance mountpoints and symlinks, there will be N+1 calls to cm_noteLocalMountPointChange() in quick succession. Not only does this risk losing the race described above but it is extremely wasteful as the Freelance tables may be repeatedly regenerated. This Patchset: This patchset re-organizes the Freelance processing in the flush code paths. cm_FlushFile() and cm_FlushVolume() can simply no longer be successfully executed against a Freelance object. Both will return CM_ERROR_NOACCESS. "fs flush " is not permitted against Freelance objects. "fs flushvolume " will execute cm_noteLocalMountPointChange() once if the path is a Freelance object. "fs flushall" continues to execute cm_FlushFile() on all cm_scache_t objects. The calls on Freelance object will fail. After all cm_scache_t objects are flushed then cm_noteLocalMountPointChange() will be executed once to force the Freelance directory to be rebuilt. This patchset does not address the race but significantly reduces the likelihood the race will be lost. Change-Id: I298dad453432001b7b2e6f4533ddee17e041b02e Reviewed-on: http://gerrit.openafs.org/10521 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 0e851b7fcb6f8c802106e5e76c601800867e65e1 Author: Jeffrey Altman Date: Tue Nov 26 10:31:32 2013 -0500 Windows: Reset mp/symlink target during fs flush* When processing a "fs flush*" command, reset the the cm_scache_t mountPointStringp which contains the known mountpoint or symlink target information. Change-Id: I72bba6101699e82649eed226cdfc73077b13de92 Reviewed-on: http://gerrit.openafs.org/10520 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 5b67620c7b3ad224ea53075e37ecf1f7e6a7c51a Author: Stephan Wiesand Date: Thu Nov 21 15:01:29 2013 +0100 Linux: Fix build for older kernels w/o bool Commit b7f4f2023b2b3e1aac46715176940fb50cc75265 broke builds against older kernels which don't have bool defined in linux/types.h . Fix this by using unsigned char instead of bool for the static inline functions. Change-Id: Icbb82446ef66edd2650f33135ed6ccd2b8a920b2 Reviewed-on: http://gerrit.openafs.org/10483 Tested-by: BuildBot Reviewed-by: Anders Kaseorg Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear commit 3f4c1099b7b2d1467b1f5b701ea2f953fec20dc0 Author: Ken Hornstein Date: Wed Nov 20 13:37:52 2013 -0500 Support for changes to OS X Mavericks VNOP_SYMLINK() function. Add support for an extra argument to afs_symlink() to return the newly-created symlink vnode if requested (this is needed on OS X Mavericks). On OS X Mavericks return the newly-created symlink vnode in the symlink vnops functions, on all other platforms ignore it. It turns out that technically OS X has required the symlink to be created for a while, but code inside of symlink() would call namei() on the symlink name if the returned vnode point was NULL. The difference is that on Mavericks the Manditory Access Control Framework has been enabled, and that turns on some extra code which unconditionally calls vnode_mount() on the returned vnode pointer, which ends up causing a panic Change-Id: I33b2f51cd10f76689eb9868eb05800ab493087c4 Reviewed-on: http://gerrit.openafs.org/10474 Reviewed-by: Derrick Brashear Tested-by: BuildBot commit a1b5a1d42280753de13094006dcc130fede978a1 Author: Jeffrey Altman Date: Sun Nov 17 23:03:43 2013 -0500 Windows: cm_Analyze retries vs CM_REQ_NORETRY CM_REQ_NORETRY is set by threads that want all errors returned immediately. However, there are some errors that should never be returned: RX_MSGSIZE RX_CALL_BUSY VNOSERVICE RX_CALL_IDLE RXKADEXPIRED VICECONNBAD VICETOKENDEAD For these errors even if the thread has requested no retries a RPC retry must be performed. Change-Id: I692f65a9fdbbf27fc880ac8912fc72c1d1357c6d Reviewed-on: http://gerrit.openafs.org/10470 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit a95b1f2f15d3f8efff74ad7df5085b8f30885dbc Author: Chas Williams (CONTRACTOR) Date: Wed Nov 20 13:57:13 2013 -0500 cmd: Correctly initialize cmd_OptionAsString arguments These are coming from the stack and as such they might not be NULL. Change-Id: Ia5c6efd08574b4de05a11dceae47021b0160395b Reviewed-on: http://gerrit.openafs.org/10475 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 779ab18bafdea3535b403ba62f3ec8a8b127748e Author: Christof Hanke Date: Tue Nov 19 09:57:22 2013 +0100 Linux: always include headerfile when it is required. In some linux-kernels (like in SLES11 SP3) it is not done automatically and the compilation fails. Change-Id: I1e84969b26e87e36893b071103325a7a532ebbf9 Reviewed-on: http://gerrit.openafs.org/10471 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear commit 250a4341bc85a74f1b3a89a2ebd7df324f0b8b71 Author: Michael Meffie Date: Wed Oct 2 15:37:18 2013 -0400 util: remove dup include Change-Id: I415dbcae5ae549b6347286ecdee5717fb66cc012 Reviewed-on: http://gerrit.openafs.org/10319 Tested-by: BuildBot Reviewed-by: Mark Vitale Reviewed-by: Christof Hanke Reviewed-by: Stephan Wiesand Reviewed-by: Derrick Brashear commit 38fc16ddbf1e5477050db21c94d55f75bdadf80b Author: Michael Meffie Date: Wed Oct 2 15:35:09 2013 -0400 cleanup potpourri.h references Clean up references to a header file which was removed some time ago. Change-Id: I2ddc26afc01edf84bb1bdb21a3488c88dd6c9775 Reviewed-on: http://gerrit.openafs.org/10318 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Derrick Brashear commit a178a9bd00cdce93a33f7663bfc4989c9eda3979 Author: Chas Williams (CONTRACTOR) Date: Wed Nov 6 08:45:52 2013 -0500 autoconf: Combine the x86/solaris configuration stanzas This reduces some clutter and makes it easier to see what is different. Change-Id: I2bad8b085daf04444d2740287c106008e2650bc9 Reviewed-on: http://gerrit.openafs.org/10463 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit d067089e444124e723d1405cc13c058883b66e6d Author: Chas Williams (CONTRACTOR) Date: Wed Nov 6 07:36:02 2013 -0500 autoconf: Combine the sparc/solaris configurations According to cc's man page: v9 Is equivalent to -m64 -xarch=sparc Legacy makefiles and scripts that use -xarch=v9 to obtain the 64-bit memory model need only use -m64. Change-Id: Idd1021f3fef9c427072079f3c7d7aa9ca6fa0060 Reviewed-on: http://gerrit.openafs.org/10462 Tested-by: BuildBot Reviewed-by: Jeffrey Hutzelman Reviewed-by: Derrick Brashear commit 0570d13a62c6f9416bed4fcbab5cf49a45b4dcc1 Author: Jeffrey Altman Date: Fri Nov 15 17:32:37 2013 -0600 Windows: cm_FindVolumeByFID cm_GetVolumeByFID() does not query the vldb if the volume group is not known to the cache manager. cm_FindVolumeByFID() is to be used in cases where the volume group data must be known for the operation to successfully complete. Change-Id: I9bb3bd13f14dea534952495b00a3348aafd2d591 Reviewed-on: http://gerrit.openafs.org/10465 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit dbedd62b7cb6c2203afea72d6f0ea32b0d623b10 Author: Jeffrey Altman Date: Tue Nov 12 09:58:44 2013 -0500 Windows: Fix out of range pointer validation The ACL, Stat, and Volume pointer validation checks did not take into account that NULL is a valid pointer value. As a result the cache validation failed. Change-Id: I538310d534fd4ada383d5bf0dc58d49206fe3dfb Reviewed-on: http://gerrit.openafs.org/10453 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 727e951d8c49a98d2c37378c863cd050b8d768eb Author: Jeffrey Altman Date: Mon Nov 4 00:12:07 2013 -0500 Windows; GetSystemTimeAsFileTime As per Raymond Chen's "The Old New Thing" blog http://blogs.msdn.com/b/oldnewthing/archive/2013/11/01/10462403.aspx Calling GetSystemTime() followed by SystemTimeToFileTime() performs two format translations which can be avoided by using GetSystemTimeAsFileTime() directly. Change-Id: I3d3de0e045777c9dfdb1c1f4503bfdfe19fb7b73 Reviewed-on: http://gerrit.openafs.org/10430 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 3f5f3013e91de3fddaee96598ef0311f8f2d5e22 Author: Jeffrey Altman Date: Wed Oct 30 00:44:25 2013 -0400 Windows: GiveUpAllCallBacks only if non-loopback If the only ip addresses are known to be loopback addresses, then do not waste time by attempting to GiveUpAllCallBacks during suspend or shutdown. Change-Id: I28b08e61435a7132ba08c9649010185097df0da0 Reviewed-on: http://gerrit.openafs.org/10429 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit d0a13fe678412464452afae9379d63fa48d41d83 Author: Anders Kaseorg Date: Thu Nov 7 15:37:25 2013 -0500 Linux: Get rid of !STRUCT_KEY_UID_IS_KUID_T case On the few kernel versions before struct key.uid was converted to kuid_t (v3.7-rc1~147^2~76), it was not possible to enable both CONFIG_KEYS and CONFIG_UIDGID_STRICT_TYPE_CHECKS, so this case was impossible. That’s good, because it also had a typo in its implementation (and was confusing to deal with correctly). Change-Id: I4ecd164ed3604558ed4419bf6f9d531bd5d1a9ff Signed-off-by: Anders Kaseorg Reviewed-on: http://gerrit.openafs.org/10443 Reviewed-by: Derrick Brashear Reviewed-by: Stephan Wiesand Reviewed-by: Marc Dionne Tested-by: BuildBot commit f5f53cb0a1f326ed4695621f6a5a63f798444549 Author: Anders Kaseorg Date: Tue Nov 12 00:23:47 2013 -0500 Linux: afs_fill_super: Call bdi_destroy on the failure path Without this, if AFS startup failed, then trying to start AFS again triggers these warnings: WARNING: CPU: 3 PID: 657 at /build/buildd/linux-3.12.0/fs/sysfs/dir.c:526 sysfs_add_one+0xa5/0xd0() sysfs: cannot create duplicate filename '/devices/virtual/bdi/afs' WARNING: CPU: 3 PID: 657 at /build/buildd/linux-3.12.0/lib/kobject.c:196 kobject_add_internal+0x1f4/0x300() kobject_add_internal failed for afs with -EEXIST, don't try to register things with the same name in the same directory. and leads to general system instability. This can be reproduced by starting AFS twice with an empty cache, dynroot disabled, and no network. Change-Id: I8ec1ed365c5b3cf60bd34af0aca94e0c496bcaa3 Signed-off-by: Anders Kaseorg Reviewed-on: http://gerrit.openafs.org/10448 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear commit 9f6f419b9a93b40280bd2a622ed1561f032361bf Author: Michael Meffie Date: Thu Oct 3 12:44:30 2013 -0400 build: more configure summary Improved configure summary, including a check for namei fileserver mode. Change-Id: Id5117ae8c27126c56e28eb3ab7f6e8ef7fd0558d Reviewed-on: http://gerrit.openafs.org/10372 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 53a50414c23dd8b045eca6b58d4be13707f2f36d Author: Andrew Deason Date: Thu Nov 7 00:05:39 2013 -0600 doc: backup manpage fixes - Consistently specify -dryrun and -n across various subcommands. Many did not list -n, some listed -n but no -dryrun, and some listed -noexecute instead. - backup_volrestore: Add missing option -usedump - backup_deletedump: Add missing options -groupid, -dbonly, -force, and -portoffset Change-Id: Iec1c36cba0ad0e61d7e6215c9cba81228b95a81f Reviewed-on: http://gerrit.openafs.org/10441 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit ad357e4ce49fe034221179e500ce53944b3a8bf4 Author: Andrew Deason Date: Thu Nov 7 00:03:17 2013 -0600 backup deletedump: Change -port to -portoffset Use -portoffset instead of -port, for consistency with all of the other backup suite commands. Leave -port in as an alias, for backwards compatibility. Currently -port will mean -portoffset anyway, since it's an unambiguous abbreviation, but put in the alias explicitly, just in case some other option comes along starting with -port. Change-Id: I2f8aaa34fdf9e7c80a8fec1dc1caf63d9b7192b1 Reviewed-on: http://gerrit.openafs.org/10440 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit dc4384653fed48104016a0e00fc2487851eb6806 Author: Andrew Deason Date: Tue Nov 5 11:00:21 2013 -0600 backup: Display general help on -help Currently, 'backup' tries to guess if we are running 'backup interactive' before libcmd actually parses our arguments. This is tricky, since we run 'backup interactive' if no explicit subcommand is actually given. One consequence of this is that currently, running 'backup -help' just displays the help for the 'backup interactive' command, not the help output for 'backup' itself. The current heuristics for guessing at whether we are running 'backup interactive' or not are a bit fishy, but at least for now, just make sure -help works. This should still ensure any other behavior is unchanged, but just 'backup -help' now works like other command suites. Change-Id: I31ecbcad7efffd301d23f109c66eee0417882a90 Reviewed-on: http://gerrit.openafs.org/10439 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit c870513c5ec576a966f97cd2ab92c900dcbe4410 Author: Andrew Deason Date: Wed Jun 12 17:48:46 2013 -0500 doc: Add 'checkman' tool Add the 'checkman' script, which compares a command's "-help" output to the options actually documented in its manpage. This command is certainly not perfect, and may contain false negatives and false positives. It is not (currently) intended to be run as an automated check, but is meant to assist a human manually checking the correctness of man pages. An error reported by 'checkman' does not necessarily indicate something that should actually be changed. Change-Id: Iae1965c441279dd3f93c1a7283ea0a0140d5ebe3 Reviewed-on: http://gerrit.openafs.org/10442 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit a9301cd2dc1a875337f04751e38bba6f1da7ed32 Author: Andrew Deason Date: Fri Jun 14 15:37:27 2013 -0500 bos: Remove MR-AFS commands and options The blockscanner and unblockscanner commands, as well as many options to "bos salvage", were only of use to MR-AFS. MR-AFS is not used anywhere anymore, and these commands and options were largely undocumented, so get rid of them. See . Thanks to Hartmut Reuter for providing information about this. Change-Id: I496eb4a23a0310aafd6c224a08c76a8b7464c758 Reviewed-on: http://gerrit.openafs.org/10425 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 27768ade8578ced4485b1601e26bff53d5450f50 Author: Andrew Deason Date: Wed Oct 30 23:33:40 2013 -0500 volserver: Remove -sleep functionality This option is completely useless since the LWP volserver was removed. Remove the code for it. Change-Id: I2257ba2ecd2ffeb9c47d21cbb516d6a0abb19b94 Reviewed-on: http://gerrit.openafs.org/10424 Reviewed-by: Derrick Brashear Tested-by: BuildBot commit 90753f9dc77ea5a4ec4e13947e78e3aa63d785f0 Author: Andrew Deason Date: Wed Oct 30 23:28:16 2013 -0500 volserver: Restore -allow-dotted-principals Commit cd3492d0 converted volserver command-line parsing to use libcmd. However, it accidentally also changed the -allow-dotted-principals option to -dotted. Change it back to -allow-dotted-principals for consistency with previous versions, as well as other server processes. Note that currently there are no public releases of OpenAFS containing cd3492d0, so no public release has contained the -dotted option. Change-Id: Ied07f0eb867a13591656daae00bc9e85a2c7f6c8 Reviewed-on: http://gerrit.openafs.org/10423 Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear Tested-by: BuildBot commit 90d4cbc285071bd5c9b6f9d5096879bc6bb43da1 Author: Andrew Deason Date: Tue Oct 29 21:22:02 2013 -0500 volserver: Exit on arg parsing failure If ParseArgs returns an error, argument parsing failed. Currently we keep going anyway, ignoring the error. Exit instead. Change-Id: I2f9e4e06d6c3fab8e29921bdb0ea30d714c794b1 Reviewed-on: http://gerrit.openafs.org/10422 Reviewed-by: Derrick Brashear Tested-by: BuildBot commit b7f4f2023b2b3e1aac46715176940fb50cc75265 Author: Anders Kaseorg Date: Thu Oct 31 09:11:59 2013 -0400 Linux: Fix build with CONFIG_UIDGID_STRICT_TYPE_CHECKS (user namespaces) With CONFIG_UIDGID_STRICT_TYPE_CHECKS (a dependency of user namespace support, CONFIG_USER_NS) turned on, uid_t and kuid_t are different types, as are gid_t and kgid_t, and we need to use namespace-dependent functions to convert between them. We can’t use init_user_ns as the namespace because it’s GPL-only, so instead we grab the current user_ns at module load time. This is required to support kernels with user namespace support. We don’t yet have full support for independent AFS use by different users in a multiuser container; that will need to wait for future work. Change-Id: Icc03f9098dd25b483d406db5167264ba960cdcb7 Signed-off-by: Anders Kaseorg Reviewed-on: http://gerrit.openafs.org/10386 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear commit 231e50ff9742927188d67099f0e1dbaf09858c3c Author: Anders Kaseorg Date: Tue Nov 5 01:11:15 2013 -0500 afs_linux_pag_from_groups: Stop checking for NOGROUP sentinel Linux hasn’t used NOGROUP as a sentinel like this since before kernel 2.1.12, and OpenAFS hasn’t used it on Linux since commit 109927bf6f54b58b76ac48ba41c2012c74937fed (Remove pre-Linux 2.6 support). Change-Id: I0b18de8e5d9b6cd9b20da43ed050163c2d8651ff Signed-off-by: Anders Kaseorg Reviewed-on: http://gerrit.openafs.org/10426 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear commit 076b9b746569ebdfbec2c8ae98a1d338c97a3d70 Author: Andrew Deason Date: Tue Oct 29 21:11:54 2013 -0500 Exit successfully on -help Running a command with -help is not an error. cmd_Dispatch handles this correctly, but several server processes call cmd_Parse directly, and exit with failure on -help. Make them exit successfully instead. Change-Id: Ieab32ba4a62a182308538469e69320d241dc3aad Reviewed-on: http://gerrit.openafs.org/10421 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit d28a21f0d806e867ccef9bd534ce25b52978df62 Author: Andrew Deason Date: Fri Jul 26 21:58:21 2013 -0500 klog.krb5: Don't hide the -x option We accept the -x option, even if it doesn't do anything. Don't hide it, to be honest about what options we accept. Change-Id: I779558c429b18c97c495c5e9ae81f8630383f572 Reviewed-on: http://gerrit.openafs.org/10420 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit e7b75a2e405032990932bf7734e851379c32adf6 Author: Andrew Deason Date: Sun Nov 3 18:59:08 2013 -0600 Do not hide -enable_{peer,process}_stats Both afsd and kaserver accepted the -enable_peer_stats and -enable_process_stats options, but they did not include the options in their usage message. We already document these flags in the manpages, so also include them in the usage message; they are not a secret. Change-Id: Ic1ff0e8c0dcd07e2721676b09a53c30a3db3ee9d Reviewed-on: http://gerrit.openafs.org/10419 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 701fe99a58f2be2a82b3dd83658c09bdbc715f55 Author: Andrew Deason Date: Sun Jun 30 17:44:21 2013 -0500 ptserver: Fix argument aliases It's "-db", not "db". Similarly, it's "-depth", not "depth". Change-Id: I24a3f08d02f9b14d06ad3f04c52957c46001b2d9 Reviewed-on: http://gerrit.openafs.org/10418 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 20faeaaa324c3dc13824727e352bcfba2e2387f9 Author: Andrew Deason Date: Sun Jun 30 13:41:47 2013 -0500 bozo: Fix help message formatting Need a space here to separate [-allow-dotted-principals] from the following option. Change-Id: Iabe353fd1c5366064a448c15a7c986d0fcf35415 Reviewed-on: http://gerrit.openafs.org/10417 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit f2ac99c5b4e905f77d64efea9a9d9ab357331957 Author: Andrew Deason Date: Fri Jun 14 16:17:44 2013 -0500 viced: Misc argument parsing fixes - It's -pctspare, not pctspare. - The -config and -logfile options are already specified in the "testing" options section. Don't specify them again here. Change-Id: Ieace97d92d35dc2e310a8122bdec7987246aa723 Reviewed-on: http://gerrit.openafs.org/10416 Tested-by: Andrew Deason Reviewed-by: Derrick Brashear commit 5e461e52dcd02e7b18424c89fa64f05f67c8654c Author: Andrew Deason Date: Sun Oct 27 23:19:24 2013 -0500 doc: Add 'fs discon' manpage Change-Id: I67c3bf50bfb7f4f7c0eb46cd011cc8ae68ec5302 Reviewed-on: http://gerrit.openafs.org/10415 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit e96803d22a7393e280dc206b7db6b008a78f0643 Author: Andrew Deason Date: Sat Oct 19 16:12:03 2013 -0400 doc: Add 'fs nukenfscreds' manpage Change-Id: I51c6cd56f463e10ab51adf20a0cf8505e3361326 Reviewed-on: http://gerrit.openafs.org/10414 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit fb311d271ddc335c38c3a0775720695cb29b08f2 Author: Andrew Deason Date: Sat Oct 12 23:55:09 2013 -0400 doc: Add 'fs precache' manpage Change-Id: Ib4101fdb37cf91a547974216425e4a005392d988 Reviewed-on: http://gerrit.openafs.org/10413 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit ff3fca515e558d1ed62955ab11f5b328471a94ba Author: Andrew Deason Date: Thu Sep 5 00:48:02 2013 -0500 doc: Symlink all dafssync-debug pages For every fssync-debug subcommand, provide a symlink for the associated dafssync-debug subcommand. This way, running e.g. "man dafssync-debug_attach" will actually give you a manpage, instead of needing to specifically run "man fssync-debug_attach". Change-Id: I83d71dc14f9f838d9a9900fcc62817677898dd27 Reviewed-on: http://gerrit.openafs.org/10412 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit 477f270656171da1cc69902b6b5917d79e19bd3d Author: Andrew Deason Date: Mon Nov 4 10:04:42 2013 -0600 doc: Fix livesys output formatting If we indent text here, the formatting codes are not interpreted, and the text is output "raw". So currently, we actually see "I" in this section, which is a bit confusing. Saying the actual output with string substitutions and stuff here doesn't seem very helpful when the output doesn't have any constant text in it. Just describe what the output is instead; an example immediately follows if this is unclear. Change-Id: Ib3e0f0c5143afa2dd41a655ff3908c791026a426 Reviewed-on: http://gerrit.openafs.org/10411 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit e3cd2bcc613743f1e49c4da011a7c6bb580ff1ef Author: Andrew Deason Date: Thu Sep 5 00:26:00 2013 -0500 doc: butc manpage fixes Add missing -rxbind option. Change-Id: I25fb205dc058ed345bda4d86bd1d344457432939 Reviewed-on: http://gerrit.openafs.org/10410 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit bd8282d7bcd84a96f1007e86782e35d7ed9004d9 Author: Andrew Deason Date: Fri Jul 26 22:14:07 2013 -0500 doc: pt_util manpage fixes Add missing -help option. Change-Id: I2edd7bcaf5b5799ba1216777200580df2cd9ca7f Reviewed-on: http://gerrit.openafs.org/10409 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 0ccd02ebae1308d7b73cb5aa257f7cb0a1d1b805 Author: Andrew Deason Date: Fri Jul 26 22:10:16 2013 -0500 doc: kdb manpage fixes Add the missing -numeric and -long options. Change-Id: I83776e64a161bc0a3ca9260944570799c506bbac Reviewed-on: http://gerrit.openafs.org/10408 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 37cdc7113279d0e04ad4d7e36776d2af963d0bf8 Author: Andrew Deason Date: Fri Jul 26 21:49:05 2013 -0500 doc: volinfo manpage fixes We now have a -checkout option, but no -online option. Document -checkout and remove -online. Change-Id: Ie8d6e35c6e09abf994b8417b3bb20ee379095a25 Reviewed-on: http://gerrit.openafs.org/10407 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit c9b2a191ea87eee909d2bf64b13e95ae90877ed4 Author: Andrew Deason Date: Fri Jul 26 21:00:14 2013 -0500 doc: rxdebug manpage fixes Add missing option -long. Change-Id: I23e3bc38e6962b7727a2aaa07bab7b0818ebcee0 Reviewed-on: http://gerrit.openafs.org/10406 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 374593ca5790203cd856ea1705dbda721d3c3f3a Author: Andrew Deason Date: Wed Jul 24 18:00:25 2013 -0500 doc: vldb_check manpage fixes - Add missing option -fix - Don't use brackets in the option list; we don't do this in most other manpages. Change-Id: Ifd87dd749aaab2987b2f9c3224b8e931b7bc221c Reviewed-on: http://gerrit.openafs.org/10403 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit a86ca4a49c7d3d693d9fd03e7dad6a1f8d1c57e9 Author: Andrew Deason Date: Fri Jul 26 20:54:20 2013 -0500 doc: upserver manpage fixes Add missing option -rxbind. Change-Id: I1e6057c3747cf6c502bf14e1d094b8b64691615d Reviewed-on: http://gerrit.openafs.org/10405 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit c9dad4dd6f5d43340b8c566ba89365e2e9fa69f5 Author: Andrew Deason Date: Fri Jul 26 20:40:50 2013 -0500 doc: afsmonitor manpage fixes Add missing option -debug. Change-Id: I48b37cce536987f5cbf3905e1de70238e83664b5 Reviewed-on: http://gerrit.openafs.org/10404 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit ade56fa2f9ba8217919dbae301639c3ff10027ef Author: Andrew Deason Date: Sat Jun 29 21:06:51 2013 -0500 doc: Make all vos pages =include common options Many manpages for "vos" subcommands were not using the "common" vos fragments, and instead were just repeating the information directly in their manpage. Make them all use the "common" vos fragment to avoid duplication. Change-Id: I62d84a1164b4ba46082e33a6d27fd24e3722014c Reviewed-on: http://gerrit.openafs.org/10398 Reviewed-by: Derrick Brashear Tested-by: BuildBot commit 7e49cd3110f4833bd3d8c4f7be85a5edcd3d7e7c Author: Andrew Deason Date: Thu Jun 20 17:45:05 2013 -0500 doc: vos manpage fixes - Add missing -config option to 'common' vos options, and to the synopsis for all commands - Remove brackets in the options descriptions for vos_shadow, vos_create, and vos_clone. We don't do this in other manpages. - vos_create: Add missing -id, -roid to synopsis - vos_clone: Add missing -readwrite option - vos_shadow: Add missing -toid option Change-Id: I41fd56509e78116698c82a2f3f4fd07f26cdc95f Reviewed-on: http://gerrit.openafs.org/10397 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 90398d078755e84b9c1b0864485744473f0316f9 Author: Andrew Deason Date: Sat Jun 29 15:59:51 2013 -0500 doc: fs manpage fixes - fs_whichcell: Fix formatting typo - fs_setcbaddr: Change -host to -addr - Add missing -help to fs_setcbaddr and fs_rxstatproc - fs_getfid: Add missing -literal to synopsis - fs_exportafs: List on/off options in single =item. Doing this in two separate consecutive =items confuses the manpage generator. - fs_exportafs: Add missing -clipags and -pagcb Change-Id: I4e986543292f1000fc00456fde486d7da573c9c3 Reviewed-on: http://gerrit.openafs.org/10396 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 202c1018b1b8646083368d55ed0dae64229b6a8b Author: Andrew Deason Date: Sun Jun 30 18:59:02 2013 -0400 doc: restorevol manpage fixes - Remove nonexistent -verbose option from synopsis - Add missing options -umask and -help Change-Id: Iedddf78c074ead9ab3454bf151adb90138a562b6 Reviewed-on: http://gerrit.openafs.org/10402 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit f430e98ce74eebe50417ac2d0cb151b8fe953edf Author: Andrew Deason Date: Sun Nov 3 19:04:30 2013 -0600 doc: bosserver manpage fixes Fix -noauth documentation. The current documentation is referring to the client-side -noauth option, but this is actually the server-side -noauth option, which is very different. Change-Id: I65154aef4734e69bb0f3ae485baacac11a718488 Reviewed-on: http://gerrit.openafs.org/10401 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 8387a00550c2ac6a195a2c016276de0202c1d26e Author: Andrew Deason Date: Sun Nov 3 19:03:42 2013 -0600 doc: vlserver manpage fixes - Indent synopsis formatting - Add missing options -trace, -noauth, -smallmem, -rxmaxmtu, and -syslog - Fix some formatting typos in the synopsis - Document the -db alias by putting it next to the -database option, separated by a pipe "|" Change-Id: I4c84baf53d346cb47416cb2843e8b7de2437d147 vlserver: -database option Change-Id: I7f5539aeebee71441a3901a183033fac05fa411f Reviewed-on: http://gerrit.openafs.org/10400 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 1974b55b1cd6dacbf7374e926c6dd94d61687505 Author: Andrew Deason Date: Sun Nov 3 19:02:50 2013 -0600 doc: ptserver manpage fixes - Indent synopsis formatting - Document the -db and -depth aliases by putting them next to -database and -groupdeth (respectively) separated by a pipe "|" Change-Id: Ic40fa0001feee293afe6c22ade7b85dc46fde938 Reviewed-on: http://gerrit.openafs.org/10399 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit f5340b748bedc3663469c3fb9598a9eb277ecb7c Author: Andrew Deason Date: Thu Jun 20 17:20:17 2013 -0500 doc: Add -help option to fssync-debug manpages Change-Id: Id90554b1c56437c62ff9982681ac8a64d4d34948 Reviewed-on: http://gerrit.openafs.org/10395 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 1aaeafb45f9746e98f61a93d14b94f42e2ed223a Author: Andrew Deason Date: Wed Oct 30 23:27:19 2013 -0500 doc: volserver manpage fixes - Fix synopsis formatting, so option arguments are on the same line as the option name - Add missing options -rxmaxmtu, -rxbind, -syslog, and -sleep Change-Id: I6e6f06d716e7f78be288bfebde97a3701f086924 Reviewed-on: http://gerrit.openafs.org/10394 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 3c776a0e5ed5a39e5b48c5885e83631a8c431d4f Author: Andrew Deason Date: Fri Jun 14 16:54:01 2013 -0500 doc: fileserver manpage fixes - Fix typo in -syslog option formatting - Add missing -nobusy - Add missing -vlrudisable - Add missing -sync in synopsis Change-Id: Id63c3228af619c2da5ef88a40e9c2e91888535bb Reviewed-on: http://gerrit.openafs.org/10393 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit fe4bdeaf6dee1d7d499d6e5d70ba9f500d864c28 Author: Andrew Deason Date: Fri Jun 14 16:15:03 2013 -0500 doc: kaserver manpage fixes - Add missing -rxbind - Add missing -crossrealm - Fix synopsis formatting, so option arguments are on the same line as the option name Change-Id: I8c73d0f14396aad83651c3037fde1137d83e6692 Reviewed-on: http://gerrit.openafs.org/10392 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit 10b356c1ebb060b8c5c154ca62886dd5a80c5940 Author: Andrew Deason Date: Fri Jun 14 16:03:40 2013 -0500 doc: voldump manpage fixes Add missing documentation for the -time and -help options. Change-Id: I04ca0fe6d4a5c298415e450a38a19b719dca4800 Reviewed-on: http://gerrit.openafs.org/10391 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear commit 070230ab76e1df338db3f2a7971111ca976a0c1a Author: Andrew Deason Date: Fri Jun 14 15:58:45 2013 -0500 doc: bos manpage fixes Add missing documentation for the -mode option. Change-Id: I360dc3d4cc6d7405feb655bbf2a05aee27a41d46 Reviewed-on: http://gerrit.openafs.org/10390 Reviewed-by: Ken Dreyer Tested-by: BuildBot Reviewed-by: Derrick Brashear commit cb8576d77fd48c2631b76006db56557c1a2d4fa9 Author: Andrew Deason Date: Fri Jun 14 15:33:19 2013 -0500 doc: buserver manpage fixes - Add missing -ubikbuffers - Remove -enable_peer_stats and -enable_process_stats; we don't actually accept these options - Fix synopsis formatting, so option arguments are on the same line as the option name - Fix the -noauth documentation. The current text is referring to the client-side -noauth option, but this is actually the server-side -noauth option, which is very different. Change-Id: I11e557e54a8539627ae7bb79cb7af3e8fbc77d25 Reviewed-on: http://gerrit.openafs.org/10389 Reviewed-by: Derrick Brashear Tested-by: BuildBot commit 54cecedb429a02b108e18ba92304c659728153f5 Author: Andrew Deason Date: Sun Nov 3 17:58:02 2013 -0600 doc: Fix udebug -port bullet list The formatting gets screwed up if we have multiple =item tags together like this. To just have each one be a bullet point, just have a bare =item before each one, without a "tag" or "key" for the =item. Change-Id: I5cb7a98bd16f5999d529a42a0f822835f6d2f66e Reviewed-on: http://gerrit.openafs.org/10388 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit f69bf0b19490ddde05917f7467383bbe248e81c4 Author: Andrew Deason Date: Wed Jun 12 18:22:27 2013 -0500 doc: pts manpage fixes - Mention the -help, -auth, -encrypt, and -config options for all pts commands in their synopsis - Add the -auth option to the pts.pod page - Reference the -auth, -encrypt, and -config options from all subcommand pts pages - pts_removeuser: Replace -name with -user - pts_sleep: Add missing -delay - pts_source: Add missing -file Change-Id: I4f0889d661c46f6bdd2a9604d8423d809a632d2d Reviewed-on: http://gerrit.openafs.org/10387 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 3dc1fb3feba83d2b537039b8384dbff611bf6495 Author: Ken Dreyer Date: Mon Oct 14 11:39:02 2013 -0600 doc: add linked cells description to man pages The man pages previously described linking DCE cells to AFS cells. OpenAFS and YFS also allow linking between two AFS cells. Update the description of linked cells in CellServDB(5), aklog(1), and fs_newcell(1) to refer to AFS instead of DCE. Add a linked cell example to the CellServDB man page with an explanation. Change-Id: Ic9b1c643861b7307c09fcc5a1775f4abf4cb4155 Reviewed-on: http://gerrit.openafs.org/10342 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 3fa2f656f3ecc52cf71d17e5f3dadec70b852e93 Author: Jeffrey Altman Date: Sat Sep 7 13:55:58 2013 -0400 afs: afs_CacheIsTooFull macro refs wrong constant When afs_CacheIsTooFull tests the number of free blocks it should use CM_DCACHESPACEFREEPCT (90%) instead of CM_DCACHECOUNTFREEPCT (95%). Change-Id: I1c9ac4f9a6d03077047837af6ef9a09e256ea07d Reviewed-on: http://gerrit.openafs.org/10235 Reviewed-by: Derrick Brashear Tested-by: BuildBot commit b73fa104ea9e1651114377c1e4f8e05705edc6c3 Author: Jeffrey Altman Date: Mon Sep 9 09:20:32 2013 -0400 afs: CacheTruncateDaemon work until Cache Drained The afs_CacheTruncateDeamon() thread will not sleep until both 'afs_CacheTooFull' and 'afs_WaitForCacheDrain' are true but the thread will stop freeing space in the cache when 'afs_CacheTooFull' is true which prevents 'afs_WaitForCacheDrain' from ever becoming true if it is not already. Make the conditional for doing work include 'afs_WaitForCacheDrain'. Change-Id: I9a60da6db65511c8bf2391a53a6f76043f825078 Reviewed-on: http://gerrit.openafs.org/10238 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 2fb13e7e795934398bdb49599e5df8abf619a2bf Author: Jeffrey Altman Date: Sat Sep 7 14:04:32 2013 -0400 afs: afs_CacheTruncateDaemon wake waiters !too full When processing afs_CacheTruncateDaemon() if the cache is no longer too full, then wake the waiters. Change-Id: I114341f8a71654b0a064d6dad2a704dd1fa8dbe2 Reviewed-on: http://gerrit.openafs.org/10236 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 13a746abfb4d8a34b17f31a278cfae3148eccd78 Author: Jeffrey Altman Date: Sat Sep 7 13:27:54 2013 -0400 afs: afs_FlushDCache avoid dup cache drained check afs_WakeCacheWaitersIfDrained is called as the last statement of both afs_DiscardDCache and afs_FreeDCache. There is no need to perform the same check again before exiting afs_FlushDCache. Change-Id: I11b4c42868ca67e4717fd431b1d33a85ce57bd0f Reviewed-on: http://gerrit.openafs.org/10234 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 765d964f13e49fe94a9a75839571fbffa04a0b65 Author: Jeffrey Altman Date: Mon Sep 9 12:17:36 2013 -0400 afs: Introduce afs_WakeCacheWaitersIfDrained Consolidate common code into afs_WakeCacheWaitersIfDrained(). Change-Id: I10e35afbc1f1469038e111a7bbd209c8897c8972 Reviewed-on: http://gerrit.openafs.org/10233 Tested-by: BuildBot Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear commit aa4f70578ec825742567a70213f7acd78a58ce19 Author: Jeffrey Altman Date: Sat Sep 7 12:26:52 2013 -0400 afs: FreeDCache test afs_blocksDiscarded For consistency with afs_FlushDCache and afs_DiscardDCache include afs_blocksDiscarded in the free space test. When afs_FreeDCache is called it should be zero. Change-Id: Ic9063280d88eb28d84851cbe6b7e4867a1110659 Reviewed-on: http://gerrit.openafs.org/10232 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 064558a69281398d1dc6873453449eee9b3a8d8d Author: Jeffrey Altman Date: Mon Oct 28 01:06:47 2013 -0400 Windows: RDRLib Worker Thread shutdown The thread waiting to unload the library is polling the state of the AFS_WORKER_INITIALIZED flag in the PoolContext->State field for each worker. Ensure that the thread performs no actions other than PsTerminateSystemThread() after clearing the AFS_WORKER_INITIALIZED flag. Change-Id: I0baa92f05a5d5f00219a2cc63ca71c7a6a1f52b5 Reviewed-on: http://gerrit.openafs.org/10383 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit c0a33ddd82736d71faf2585495102fe1e4b88eb0 Author: Jeffrey Altman Date: Tue Oct 29 08:24:06 2013 -0400 Windows: Uninitialized TargetNameLength/Offset In RDR_PopulateCurrentEntry it is possible for TargetNameLength and TargetNameOffset to be uninitialized resulting in stack garbage being returned to the redirector. This can result in a blue screen. Change-Id: Ifa306ba54bea3f26f1938cbd6bdc28521065299d Reviewed-on: http://gerrit.openafs.org/10373 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 6e26922f68d2b0f692212e6150d7955a0d393929 Author: Jeffrey Altman Date: Fri Oct 18 19:26:56 2013 -0400 Windows: cm_NewSCache skip in hash recycled entries If cm_RecycleSCache returns an in-hash entry it means that either it wasn't recycled properly or somehow we raced this entry with another thread. Just skip it and keep searching. Change-Id: Ia443a04b063a019003662639d31f96db486d673c Reviewed-on: http://gerrit.openafs.org/10353 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 05ecdb353a7c960a34133002a388889e9882d946 Author: Jeffrey Altman Date: Fri Oct 18 19:14:00 2013 -0400 Windows: cm_RemoveSCacheFromHashTable scp not found If the cm_scache_t has CM_SCACHEFLAG_INHASH flag set but cannot be found in the CH_SCACHE_HASH(&scp->fid) hash chain then search the entire hash table for the object. At the end of the function we will know that the CM_SCACHEFLAG_INHASH flag is safe to clear. Change-Id: I92bfad98b7d3cdc42b5aa6b8fae24d47557465e7 Reviewed-on: http://gerrit.openafs.org/10352 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit 7068836e6bab73e9edcb2c84727b92b25e1a6109 Author: Rod Widdowson Date: Sun Oct 20 14:29:35 2013 -0400 Windows: EOF for Synchronous Deferred Writes on XP/2003 The Windows IO Manager is not supposed to issue multiple outstanding cached writes to a file system for a synchronous file object. To do so would risk out of order application of writes that extend the end of file and in turn risk data corruption. It turns out that on Server 2003 SP2 and more than likely XP and 2000 as well, if a file system returns STATUS_PENDING because a write was deferred due to the Windows Cache Manager failing CcCanIWrite(), the IO Manager will happily continue issue subsequent write requests. On OSes older than Vista disable the use of deferred writes and sit in a spin loop waiting for the Windows cache manager to make room. This is much less efficient and increases the write latency but it is safe. Change-Id: Ic47d62749bdb4d0475661967fcbfd25834f21a72 Reviewed-on: http://gerrit.openafs.org/10351 Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit e1f75c1401c5391a123daa2f59af7544a3418195 Author: Jeffrey Altman Date: Mon Oct 21 11:26:16 2013 -0400 Windows: Store OS version as a global In DriverEntry() RtlGetVersion() is used to obtain the OS version information. Store the result in a global structure that can be used elsewhere to make run time decisions based upon the OS. Change-Id: I194e7da6858d1dea755d8de82a9bee70e63ade4d Reviewed-on: http://gerrit.openafs.org/10350 Reviewed-by: Rod Widdowson Tested-by: BuildBot Reviewed-by: Jeffrey Altman commit c56d99e9dd240b2485acc07f5b81a6195c6e0856 Author: Ben Kaduk Date: Fri Oct 25 17:45:38 2013 -0400 Remove bucoord/expire.c It was not compiled into anything. Correct references in bucoord_internal to command.c. Remove the forward declaration of struct cmd_parmdesc and make cmd.h a prerequisite for this header, since all but two consumers had cmd.h already. Change-Id: Id60a550871643610ccd96c226ecf0a3c4acb3955 Reviewed-on: http://gerrit.openafs.org/10363 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 7b5f27f944ad773a45f1d47fa9b8962097999783 Author: Mark Vitale Date: Thu Oct 3 21:42:10 2013 -0400 auth: prevent uninitialized key list in AFS config _afsconf_OpenInternal() may exit early for a number of reasons before properly initalizing afsconf_dir->listKeys. This leads to a crash when _afsconf_CloseInternal() attempts to clean up listKeys. Prevent this situation by calling afsconf_InitKeys() before any possible exit from _afsconf_OpenInternal(). Change-Id: I6911427817a2518a576c00a7ea56351f9fb4fd19 Reviewed-on: http://gerrit.openafs.org/10323 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit aa440ec7cbb8732ad0d9e1e1401fe4929c2cfd50 Author: Michael Meffie Date: Fri Oct 25 13:47:59 2013 -0400 ubik: fix include quotes Include the generated header in the current directory. Change-Id: Iaa22fcfd0e22e5f33e7c9bf8a26a838b25668160 Reviewed-on: http://gerrit.openafs.org/10361 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 4af32591f05ce2d3237c0aeaa785799d11680152 Author: Andrew Deason Date: Wed Oct 23 15:32:19 2013 -0500 vos: Remove pthread send/receive select() Commit 65e701fee4968b17066bb81e25b7adaa4024d4f3 introduced a couple of select() calls when the pthreaded vos writes to or reads from a usd pipe, corresponding to the IOMGR_Select() calls in LWP. However, these select() calls are unnecessary, since the read() or write() calls themselves will block anyway. The reason they are there for LWP is so the IOMGR can run another process while we're waiting for the file descriptor to be ready. The select() in ReceiveFile currently incorrectly waits for the output to be ready for reading, even though we're trying to write to it. As a result, if we try to 'vos dump' to a pipe with the pthreaded vos (such as stdout), we will hang forever, since it will never be ready for reading. To fix this, just get rid of the select() calls, since they don't really do anything. FIXES 131749 Change-Id: Ibe8841e0c01f1e55ac4ca1a8a99ab71083654662 Reviewed-on: http://gerrit.openafs.org/10360 Reviewed-by: Derrick Brashear Reviewed-by: Jeffrey Altman Tested-by: BuildBot commit f7c31f865cd6cda9105a362f26fdd82a500adb37 Author: Perry Ruiter Date: Tue Oct 22 05:46:10 2013 -0700 afs: Clarify comment Fixing a couple typos and rewording a comment for clarity in afs_segments.c Change-Id: Ic631b6f8d59e4e9a56f61e583a8ef0f8f8794d8b Reviewed-on: http://gerrit.openafs.org/10364 Reviewed-by: Mark Vitale Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 1b674ae30925c8459e1a5614e19562af460850d8 Author: Ben Kaduk Date: Tue Oct 15 16:56:07 2013 -0400 Sysname and param.h for FreeBSD 9.2 and 11.0 9.2 is newly released and HEAD is now 11-current. Change-Id: Ic79ff26aa39e08940b6035770fe4c6f15b02c418 Reviewed-on: http://gerrit.openafs.org/10341 Reviewed-by: Derrick Brashear Tested-by: Andrew Deason Reviewed-by: Jeffrey Altman commit 1bdcc3c7bca092f189f434f1f7b174090c24250c Author: Ben Kaduk Date: Tue Oct 15 16:00:01 2013 -0400 Adjust for microtime() ABI on all XBSD On the BSDs, struct timeval is not two 32-bit integers like our struct clock, so the ABI is quite incompatible. Use the native type for the function call and translate to our local type accordingly. This lets us get rid of a workaround for the FreeBSD kernel build, wherein particular compiler flags masked the stack corruption that can occur due to this ABI mismatch. Change-Id: I68f9947b0875dca7343ecd41a4c529d5c5bc3be5 Reviewed-on: http://gerrit.openafs.org/10340 Reviewed-by: Jeffrey Hutzelman Tested-by: BuildBot Reviewed-by: Antoine Verheijen Reviewed-by: Jeffrey Altman commit e222b08c4049dae95475eda2d5c54bd43dd45e2e Author: Benjamin Kaduk Date: Wed Sep 25 16:57:41 2013 -0400 Fix build for FreeBSD 10.0 Move a rmlock.h inclusion up a bit so that the vm headers can get the rmlock assertion (and other) macros they need. The filedesc structure has been expanded on FreeBSD to support a stronger capabilities system; getting to the actual file descriptor requires another structure access. limits.h and stdarg.h need sys/ and machine/ prefixes for inclusion in the kernel on FreeBSD. Fixing this lets us get rid of some unnecessary -I arguemnts in the kernel module build, which seem to have not been functioning as expected, anyway. Catch up to VM layer changes. This builds, but crashes at runtime due to some ABI incompatibilities that appear in the rx event layer; those will be fixed in a separate patch. Change-Id: Icc253b1e938a58a7ab8d1b789c82b9b940d263fd Reviewed-on: http://gerrit.openafs.org/10339 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Jeffrey Altman commit 0a5e878aa0a71c4dfaef1806744ed78bcc13b9f4 Author: Andrew Deason Date: Thu Oct 17 20:22:48 2013 -0400 viced: Improve client error log messages Commit 6c41b1f740e16b5b9adfe9026630595be6f0699e improved a few log messages to include the client ip and port of the request triggering that log message. Include the viceid and fid (if applicable), too, so an administrator may more easily identify the cause. This creates the function LogClientError, so we can use a common function for logging very similar information. This also modifies h_FindClient_r to give the viceid to the caller, even in the case of error. In addition, this modifies CallPreamble to accept a fid and modifies all callers to accomodate. Change-Id: I326e17538265ea3251db27a05ede25c33e9a230d Reviewed-on: http://gerrit.openafs.org/10347 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 5828b993c3757665348643de16fe36aa90cb98f4 Author: Christof Hanke Date: Wed Oct 9 08:06:03 2013 +0200 tabular_output: enable compilation on Windows Add the required directives to the makefile. Change-Id: I7a6e612b37cbf1f6cb61faf55d7c248f8f85808c Reviewed-on: http://gerrit.openafs.org/10328 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 0954c7859939b548afab01d11b7bc6288cdbc3ea Author: Christof Hanke Date: Wed Oct 9 08:01:35 2013 +0200 tabular_output: move public headers from tabular_output.h to afsutil_prototypes.h Like this, tabular_output.h does not have to be included in any devel-package. Change-Id: I9e3089fe4a65b2a801c45ba513a8f5dc49ce609b Reviewed-on: http://gerrit.openafs.org/10327 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 950dec0715de719f90a4cf59293f0c70d42841cc Author: Ben Kaduk Date: Thu Oct 10 13:50:26 2013 -0400 Convert buserver to libutil's logging The primary motivation is to get automatic log rotation, but we also get built-in locking for the logging calls. This does have a side effect of changing the format used to print timestamps in the log file. Export WriteLogBuffer from liboafs_util so as to be mostly compatible with the ... idiosyncrasy of LogError()'s previous behavior. Garbage-collect the unused (and un-exported) printHashTable() and LogNetDump(). Change-Id: I860370e60082ea355806b3f1945eee76db7c32e3 Reviewed-on: http://gerrit.openafs.org/10333 Tested-by: BuildBot Reviewed-by: Karl Ramm Reviewed-by: Derrick Brashear commit 600712877ca0883c6ec609d51909336964b06cba Author: Andrew Deason Date: Thu Oct 3 12:38:08 2013 -0500 salvager: Ignore linktable-only RW volumes In general, the salvager will try to salvage any volume if we find an inode for that volume. However, for namei, we'll always have at least one inode for the RW volume, even if we only have e.g. an RO volume at a particular site, since the linktable special inode is always marked as for the RW volume id. So, if we salvage a volume group that only has an RO, normally we would also try to salvage the corresponding RW, even if it doesn't exist. We would then recreate the "missing" metadata files, so after salvaging, the RW appears to exist as a normal volume. The salvager currently tries to avoid this by skipping salvaging the RW if we find more than one volume in the volume group, and if the RW only has one special inode, and that one special inode is the linktable. This solves the problem most of the time, but misses a few corner cases: - If we found more than one linktable, we'll try to salvage the RW anyway. This shouldn't happen, but certain cases of corruption can cause incorrectly-named linktables, resulting in multiple linktables. - If we only find one volume (the RW), we'll still salvage the RW, even if the only inode for it is a single linktable. This can happen due to botched salvages in the past, or interrupted deletes and such. It's just cruft. In any situation like those, we cause an RW volume to be created where there previously was none. This can be a problem, since the RW volume is unknown to the administrator, and does not appear in the VLDB. Such "phantom" volumes can be very confusing and can cause problems in the future. For example, if that same RW volume is moved to the server with the "phantom" RW volume, we now have two of the same RW volume on the same server on different partitions, which is a big problem. So, to avoid these corner cases, check all of the special inodes to see if all of them are linktables. Also perform this check if we don't have any non-special inodes (even if we only see 1 volume), to catch the "cruft" case above. Change-Id: I00df021ebedce44f69302a48ed2716bd9bda124e Reviewed-on: http://gerrit.openafs.org/10321 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 2286fac1447e2e9e834957ec414cb5605f51e63b Author: Andrew Deason Date: Tue Oct 1 17:31:44 2013 -0500 namei: Set inconsistent linktable linkCount to 0 Currently, if we detect an inconsistent linktable filename (where the filename indicates it's for a different volume than the directory path indicates), we don't set the linkCount for the inode info. This means that our caller will get random garbage for the linkCount. In many cases this value is ignored, but for the salvager, if this is the only linktable file we find, we treat it as the linktable we should be using. Thus, if linkCount contains undefined data, we might try to INC or DEC the linktable a bunch of times, depending on what random stack garbage the linkCount is filled with. The salvager shouldn't be INC/DEC'ing these linktables according to the their linkCount anyway, but in the meantime, at least ensure that this doesn't contain stack garbage, so we ensure that we won't try to INC or DEC this thousands or millions of times. Change-Id: Ib5e7f45d5739878434cbe57b6f2ab532f002e5b8 Reviewed-on: http://gerrit.openafs.org/10320 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 0b1ee8c1c359fe16693bf117524f54160ebe53e3 Author: Ben Kaduk Date: Mon Jul 29 14:22:46 2013 -0400 Reorder bosserver startup prior to pthreads The rx calls will take locks when built in pthreaded mode, and must go after rx_Init(). Some other setup would benefit from using time-domain locking and should run before we go multithreaded. In particular, initialize bozo_confdir while single-threaded, as it is otherwise protected by the afsconf internal locking. While here, pass NULL to afsconf_SetCellInfo -- bozo_confdir would always be NULL there, anyway. Change a couple globals into local variables in main; they are just used to defer setup after argument parsing. ReadBozoFile will create worker threads to monitor child processes, so it cannot move up too far. Change when we daemonize, too. Change-Id: If7b6883748919270c9a5a41cd8e6fb724e95aa36 Reviewed-on: http://gerrit.openafs.org/10285 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Derrick Brashear Tested-by: BuildBot commit 54eb2485b59550ba42569ed3a8d76211a3a35019 Author: Ben Kaduk Date: Wed Jul 17 15:00:11 2013 -0400 bozo: Remove dead code and minor cleanup This stuff has been #if 0'd for ages; put it out of its misery. While here, remove the global bnode_waiting which is not used for anything. bnode_SoftInt claims to return a pointer, so return NULL instead of 0. Change-Id: Ie7b32bbc606a105190d246355f47bd7ea885c6f8 Reviewed-on: http://gerrit.openafs.org/10284 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Derrick Brashear Tested-by: BuildBot commit 47124f337b43f8731bfbe3bd71e42d046a4d1075 Author: Andrew Deason Date: Mon Aug 12 17:37:29 2013 -0500 viced: Avoid endless BCB loop Without this commit, when we break callbacks for a fid, we loop over all callbacks for the fid, break a few of them, and then start over. We do this repeatedly until we run out of callbacks. If a client sees a callback break, and then establishes a new callback promise while the fileserver is still breaking callbacks, the fileserver can break the same callback for the same host again and again. This can continue forever, if the client establishes its new callback promises quickly enough. So to avoid this, when we start breaking callbacks, flag all of the callback structures that we want to look at. Then when we repeatedly loop through all of the callbacks for the fid, only look at the flagged callback structures. This adds a 'flags' field to struct CallBack, and defines a single flag, CBFLAG_BREAKING. This is an alternative fix to the issue also fixed in 843d705c. This implementation avoids allocating extra memory under locks, and has the slight benefit of not breaking callbacks that were elsewhere deleted during the BCB. This comes at the cost of a single extra traversal through our callback list, and the cost of claiming one of the bits in the CallBack structure. Change-Id: I6418bd404de61ec7a531261ecf581eeea719a2d4 Reviewed-on: http://gerrit.openafs.org/10172 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear commit 2482340afb906a9719994742ef26500c6e67ccea Author: Andrew Deason Date: Tue Aug 20 20:51:04 2013 -0500 Revert "Atomically collect callbacks to be broken" This mostly reverts commit 843d705ca6f0250c3760ec2aa1f3403d19de3df1. That commit causes each callback-breaking thread to potentially use up a large amount of memory, as well as possibly causing large memory allocations under H_LOCK, which isn't great. There are other ways to allow for atomic callback breaks. Revert that commit to allow for alternative methods to be implemented in separate subsequent commits. Do this in separate commits so pullups to stable branches are easier. This does not revert the change in the definition of MAX_CB_HOSTS. That value can still be large due to the improved multi_Rx implementation. Change-Id: I14024b4d80696b0361658b1c5ae7af308629fab4 Reviewed-on: http://gerrit.openafs.org/10171 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit de7bd44d00d51272a53eb109efabc14b65021e33 Author: Andrew Deason Date: Mon Sep 30 18:12:21 2013 -0500 salvager: Improve comments "these used to be asserts" is not a useful comment. This area of code does maybe look a little confusing at first glance, though, so replace these with comments that are more informative. Change-Id: I4e0b9dff3d010931e02559e82165ffbd61c5b189 Reviewed-on: http://gerrit.openafs.org/10313 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 6a4831e0e9a003bed06ac2269987c69090d3f7e7 Author: Andrew Deason Date: Mon Sep 30 17:53:36 2013 -0500 salvager: Fix in-memory invalid linktable counts When we have a nonexistant or invalid linktable, we manually set all of the linkcounts to 1, since we're recreating the link table from scratch. However, we also have a linkCount count in our in-memory allInodes array, which could be populated by garbage if we had a garbage linktable. So make sure to set our in-memory linkCount to 1 for each inode, so we don't use garbage linkcount data. Change-Id: I8f4873e12f70f81ee6f2c764957e77136b0a385e Reviewed-on: http://gerrit.openafs.org/10312 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 93b0e0d50fb14561ca2b8b0c20876826335ec1ab Author: Andrew Deason Date: Mon Sep 30 17:51:40 2013 -0500 salvager: Whitespace formatting The whitespace here is pretty weird. Clean it up a little. Change-Id: Ia558d453301ee1231cfb21ee87dc7f190dc905d7 Reviewed-on: http://gerrit.openafs.org/10311 Tested-by: BuildBot Reviewed-by: Derrick Brashear commit 2bbba424ad6728a221688f782b4df90bf6da4a63 Author: Ben Kaduk Date: Wed May 29 19:18:22 2013 -0400 FBSD: plug refcount leak in pioctl When gop_lookupname_user returns a non-NULL vnode, the vnode came from afs_GetVCache (by way of afs_lookup) which takes a reference on the vnode entry. There's no need to take another spurious reference here. The existing code already knows that there's a reference in place, as there is an AFS_RELE down where FBSD80_ENV unlocks the vnode if it's locked (that code is also suspicious). Prior to this patch, things like 'fs flush /path/to/file' would leak a reference on that cache entry, preventing clean shutdown. Change-Id: Iefb7be16bb76b709ffd7cfc082ef9078adf9e354 Reviewed-on: http://gerrit.openafs.org/9957 Reviewed-by: Benjamin Kaduk Reviewed-by: Derrick Brashear Tested-by: BuildBot commit b0d75d0687a3436201411384c570448a49a9db15 Author: Christof Hanke Date: Tue Oct 8 11:53:17 2013 +0200 linux-kernel-module: move keyring-specific function afs_set_session_keyring into if defined(LINUX_KEYRING_SUPPORT) block. Otherwise compilation fails. Change-Id: I44bb015990782793eac9326b983b704b2248b230 Reviewed-on: http://g