dir: Introduce struct DirEntryFlex The directory package as implemented in AFS-2 allocates space for each directory entry as a DirEntry struct followed by 0-8 contiguous DirXEntry structs, as needed. This is implemented by: - afs_dir_NameBlobs calculates the number of blocks needed - FindBlobs allocates and returns index of entry - afs_dir_GetBlob returns pointer to 1st DirEntry struct After this, we populate DirEntry (and any contiguous DirXEntry blocks) with open code. Most existing code writes the entry's name via a string copy operation to DirEntry->name, which is only 16 bytes long. Therefore, for dir entry names that are 16 bytes or longer, OpenAFS routinely does string copies that look like buffer overruns. This has not previously caused problems because the OpenAFS code has arranged for a sufficiently large amount of contiguous memory to be available. However, this remains undefined behavior in the C abstract virtual machine; thus compilers are not required to produce safe operation. Recent changes in the OpenAFS build chain have made this approach no longer viable: 1) Linux 6.5 commit df8fc4e934c12b 'kbuild: Enable -fstrict-flex-arrays=3' modified the hardening of several kernel string operations when running with CONFIG_FORTIFY_SOURCE=y. 2) gcc 13 commit 79a89108dd352cd9288f5de35481b1280c7588a5 '__builtin_dynamic_object_size: Recognize builtin' provides some enhancements to _builtin_object_size. The Linux commit above will now use these when the kernel is built with gcc 13. When OpenAFS is built under Linux 6.5 or higher and gcc 13 or higher, the hardened strlcpy will BUG for directory entry names longer than 16 characters. Since there are multiple places where OpenAFS writes directory names, there are several symptoms that may manifest. However, the first one is usually a kernel BUG at cache manager initialization if running with afsd -dynroot _and_ there are any cell names 15 characters or longer in the client CellServDB. (A 15-character cellname reaches the 16 character limit when -dyrnoot adds the RW mountpoint ".<cellname>".) Address this by using flexible arrays (standardized with C99). A flexible array is a variable-length array that is declared with no size at all, e.g., name[]. Create an autoconf test to determine whether the compiler supports flexible arrays. Create a new struct DirEntryFlex. If the compiler supports flexible arrays, define name[]; otherwise retain the name[16] definition. Whenever we write a directory name, use DirEntryFlex so that any hardening will be satisfied that there is sufficient space for the name. However, the actual guarantee that this is true is still provided by the OpenAFS directory routines mentioned above - all of these remain unchanged. The DirEntry struct remains unchanged for continued use in OpenAFS, as well as for any out-of-tree users of the directory package. Change-Id: I6da5c6c295f051be90017084e5b3a3ef24d1271f Reviewed-on: https://gerrit.openafs.org/15573 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Cheyenne Wills <cwills@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
autoconf: Remove/update obsolete autoconf macros Autoconf 2.70 (released in 2020-12) produces warning messages about obsolete constructs by default. Running regen.sh with autoconf 2.70 installed produces the following warnings: .. configure.ac:7: warning: The macro `AC_CONFIG_HEADER' is obsolete. configure.ac:21: warning: AC_PROG_LEX without either yywrap or noyywrap is obsolete configure.ac:21: warning: The macro `AC_HEADER_STDC' is obsolete. configure.ac:21: warning: The macro `AC_HEADER_TIME' is obsolete. .. Replace AC_CONFIG_HEADER with AC_CONFIG_HEADERS Add the noyywrap parameter to AC_PROG_LEX. Use the noyywrap option since we already provide a yywrap function in the .l sources. Remove AC_HEADER_STDC. There are no references to the the autoconf variable set by this macro. This macro was marked as obsolete prior to autoconf 2.64 with the following note: "This macro is obsolescent, as current systems have conforming header files. New programs need not use this macro." AC_HEADER_TIME was marked as obsolete prior to autoconf 2.64 with the following note: "This macro is obsolescent, as current systems can include both files when they exist. New programs need not use this macro." The only reference that requires AC_HEADER_TIME is within the external roken code pulled from heimdal. Compiles that use the external upstream heimdal packages result in a build error if TIME_WITH_SYS_TIME is not defined: building src/crypto/hcrypto src/external/heimdal/hcrypto/camellia.c include/roken.h:803:58: error: ‘struct tm’ declared inside Update autoheader.m4 so a define for TIME_WITH_SYS_TIME is created. This avoids modifying the external heimdal/roken code. Change-Id: If4d6c0650aac617f535b35f81994b54a3b8ac021 Reviewed-on: https://gerrit.openafs.org/14838 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
configure.ac: Add missing double include guard This is primarily a sanity check (identified by clang-tidy). Change-Id: I92d05fdfed0e32c0e39cc2f8ce412b613c0a38fc Reviewed-on: https://gerrit.openafs.org/13333 Reviewed-by: Cheyenne Wills <cwills@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
autoconf: remove unnecessary mkdir during configure Remove an uneeded mkdir command to create the JAVA/libjafs object directory, since this directory is automatically created by the config.status when generating the JAVA/libjafs/Makefile. Change-Id: Ib02a38c5c23790cb07e5c2433fd4870e8763c3a3 Reviewed-on: https://gerrit.openafs.org/12994 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
autoconf: fix pio checks name The autoconf macro to perform the positional i/o checks was misnamed as hpux checks (since there happens to be a specific check for hpux at the top of the macro). Change the macro name and m4 file name to be more accurately named. Change-Id: Ib85728fbfe67930cb5f9f1f0e34f7aa1195fdfc6 Reviewed-on: https://gerrit.openafs.org/12992 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
autoconf: autoupdate macros Run autoupdate on macros. [mmeffie@sinenomine.net: re-run autoupdate, no other edits] Change-Id: I8b45edea97cf2e065f23f02d2d7f6a0e7adcb8a5 Reviewed-on: https://gerrit.openafs.org/12202 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
autoconf: detect ctf-tools and add ctf to libafs CTF is a reduced form of debug information similar to DWARF and stab. It describes types and function prototypes. The principal objective of the format is to shrink the data size as much as possible so that it could be included in a production environment. MDB, DTrace, and other tools use CTF debug information to read and display structures correctly. This commit introduces a new configure option called --with-ctf-tools. This option can be used to specify an alternative path where the tools can be found. If the path is not provided, the tools will be searched in a set of default directories (including $PATH). The CTF debugging information will only be included if the corresponding --enable-debug / --enable-debug-kernel is specified. Note: at the moment, the Solaris kernel module is the only module benefited by this commit. Change-Id: If0a584377652a573dd1846eae30d42697af398d0 Reviewed-on: https://gerrit.openafs.org/12680 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
autoconf: refactor acinclude.m4 The acinclude.m4 is very large and often requires to be changed for unrelated commits. Divy up the large acinclude.m4 into a number of smaller files to avoid so many contentions and to make the autoconf system easier to maintain. This is a non-functional change. Care has been taken preserve the ordering of the autoconf tests. Except for whitespace, the generated configure file has not been changed by this refactoring. This has been verified with a 'diff -u -w -B' comparison of the generated configure file before and after applying this commit. Change-Id: I70e7f846dea0055d00a60a47422aa73bff25c4c6 Reviewed-on: https://gerrit.openafs.org/12842 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Linux 4.15: check for 2nd argument to pagevec_init Linux 4.15 removes the distinction between "hot" and "cold" cache pages, and pagevec_init() no longer takes a "cold" flag as the second argument. Add a configure test and use it in osi_vnodeops.c . Change-Id: Ia5287b409b2a811d2250c274579e6f15fd18fdbb Reviewed-on: https://gerrit.openafs.org/12824 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net> Tested-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
macos: add support for MacOS 10.13 This commit introduces the new set of changes / files required to successfully build the OpenAFS source code on OS X 10.13 "High Sierra". Change-Id: I51928279d97c9d86c67db7de5eb7fc9d317fd381 Reviewed-on: https://gerrit.openafs.org/12741 Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
afs: fix kernel_write / kernel_read arguments The order / content of the arguments passed to kernel_write and kernel_read are not right. As a result, the kernel will panic if one of the functions in question is called. [kaduk@mit.edu: include configure check for multiple kernel_read() variants, per linux commits bdd1d2d3d251c65b74ac4493e08db18971c09240 and e13ec939e96b13e664bb6cee361cc976a0ee621a] FIXES 134440 Change-Id: I4753dee61f1b986bbe6a12b5568d1a8db30c65f8 Reviewed-on: https://gerrit.openafs.org/12769 Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Linux: Use kernel_read/kernel_write when __vfs variants are unavailable We hide the uses of set_fs/get_fs behind a macro, as those functions are likely to soon become unavailable: > Christoph Hellwig suggested removing all calls outside of the core > filesystem and architecture code; Andy Lutomirski went one step > further and said they should all go. https://lwn.net/Articles/722267/ Change-Id: Ib668f8fdb62ca01fe14321c07bd14d218744d909 Reviewed-on: https://gerrit.openafs.org/12729 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Linux: Test for __vfs_write rather than __vfs_read The following commit: commit eb031849d52e61d24ba54e9d27553189ff328174 Author: Christoph Hellwig <hch@lst.de> Date: Fri Sep 1 17:39:23 2017 +0200 fs: unexport __vfs_read/__vfs_write unexports both __vfs_read and __vfs_write, but keeps the former in fs.h--as it is is still being used by another part of the tree. This situation results in a false positive in our Autoconf check, which does not see the export statements, and ends up marking the corresponding API as available. That, in turn, causes some code which assumes symmetry with __vfs_write to fail to compile. Switch to testing for __vfs_write, which correctly marks the API as unavailable. Change-Id: I392f2b17b4de7bd81d549c84e6f7b5ef05e1b999 Reviewed-on: https://gerrit.openafs.org/12728 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Linux: Include linux/uaccess.h rather than asm/uaccess.h if present Starting with Linux 4.12 there is a module build error on s390 due to asm/uaccess.h using a macro defined in the common header. The common header has been around since 2.6.18 and has always included asm/uaccess.h, so switch to using the common header whenever it is present. Change-Id: Iaab0d7652483a2a2b1f144f3e90b6d3b902c146d Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Reviewed-on: https://gerrit.openafs.org/12714 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
LINUX: Switch to new bdi api for 4.12. super_setup_bdi() dynamically allocates backing_dev_info structures for filesystems and cleans them up on superblock destruction. Appears with Linux commit fca39346a55bb7196888ffc77d9e3557340d1d0b Author: Jan Kara <jack@suse.cz> Date: Wed Apr 12 12:24:28 2017 +0200 Change-Id: I67eed0fcb8c96733390579847db57fb8a4f0df3e Reviewed-on: https://gerrit.openafs.org/12614 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Linux: only include cred.h if it exists Commit c89fd17df1032ec2eacc0d0c9b73e19c5e8db7d2 introduced an explicit include of linux/cred.h since the latest kernel no longer includes it implicitly in sched.h. Alas, older kernels (like 2.6.18) don't have this file. Add a configure test for the existence of cred.h and only include it if actually present. Change-Id: Ia7e38160492b1e03cdb257e4b2bef4d18c4a28fb Reviewed-on: https://gerrit.openafs.org/12593 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Linux v4.11: signal stuff moved to sched/signal.h In Linux commit c3edc4010e9d102eb7b8f17d15c2ebc425fed63c, signal_struct and other signal handling declarations were moved from sched.h to sched/signal.h. This breaks existing OpenAFS autoconf tests for recalc_sigpending() and task_struct.signal->rlim, so that the OpenAFS kernel module can no longer build. Modify OpenAFS autoconfig tests to cope. Change-Id: Ic9f174b92704eabcbd374feffe5fbeb92c8987ce Reviewed-on: https://gerrit.openafs.org/12573 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Linux v4.11: getattr takes struct path With Linux commit a528d35e8bfcc521d7cb70aaf03e1bd296c8493f statx: Add a system call to make enhanced file info available The Linux getattr inode operation is altered to take two additional arguments: a u32 request_mask and an unsigned int flags that indicate the synchronisation mode. This change is propagated to the vfs_getattr*() function. - int (*getattr) (struct vfsmount *, struct dentry *, struct kstat *); + int (*getattr) (const struct path *, struct kstat *, + u32 request_mask, unsigned int sync_mode); The first argument, request_mask, indicates which fields of the statx structure are of interest to the userland call. The second argument, flags, currently may take the values defined in include/uapi/linux/fcntl.h and are optionally used for cache coherence: (1) AT_STATX_SYNC_AS_STAT tells statx() to behave as stat() does. (2) AT_STATX_FORCE_SYNC will require a network filesystem to synchronise its attributes with the server - which might require data writeback to occur to get the timestamps correct. (3) AT_STATX_DONT_SYNC will suppress synchronisation with the server in a network filesystem. The resulting values should be considered approximate. This patch provides a new autoconf test and conditional compilation to cope with the changes in our getattr implementation. Change-Id: Ie4206140ae249c00a8906331c57da359c4a372c4 Reviewed-on: https://gerrit.openafs.org/12572 Reviewed-by: Joe Gorse <jhgorse@gmail.com> Tested-by: Joe Gorse <jhgorse@gmail.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
SOLARIS: prevent BAD TRAP panic with Studio 12.5 Starting with Solaris Studio 12.3, it is documented that Solaris kernel modules (such as libafs) must not use any floating point, vector, or SIMD/SSE instructions on x86 hardware. However, each new Studio compiler release (12.4 and especially 12.5) is more likely to use these types of instructions by default. If the libafs kernel module includes any forbidden kernel instructions, Solaris will panic the system with: BAD TRAP: type=7 (#nm Device not available) Provide a new autoconfig test to specify the required compiler options (-xvector=%none -xregs=no%float) when building the OpenAFS kernel module for Solaris, so that no invalid x86 instructions are used. In addition, reinstate default kernel module optimization for Solaris. It had been disabled in commit 80592c53cbb0bce782eb39a5e64860786654be9f to address this same issue in Studio 12.3 and 12.4. However, Studio 12.5 started using some SSE instructions even with no optimization. This commit has been tested with OpenAFS master and Studio 12.5 at all optimization levels (none, -xO1 through -xO5) and verified to contain no XMM register instructions via the following command: $ gobjdump -dlr libafs64.o | grep xmm | wc -l Change-Id: Ic3c7860f7d524162fd9178a1dab5dd223722ee43 Reviewed-on: https://gerrit.openafs.org/12558 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
build: update search paths for solaris cc Move the macros to search for the solaris cc to a separate macro and update the search paths to keep up with released versions. Change-Id: Iaba816f1acf5f45d4e147ae517e73949eb8fe949 Reviewed-on: https://gerrit.openafs.org/12528 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>