Marcio Barbosa [Thu, 22 Feb 2018 22:53:23 +0000]
ubik: don't set database epoch to 0 if not needed
If our attempt to receive a fresh database from a peer fails, we will
overwrite the version.epoch field of our current local copy of the
database with an invalid value, "0". The idea behind this approach is
to make sure that this database will not be seen as a legit copy if the
transfer is not completed properly. Although it is questionable if this
approach is still necessary (since the current version writes the data
into a temporary file), it is undisputed that the database version does
not have to be invalidated if the transfer fails in a early stage where
no data has been written and we could safely continue to reuse the local
copy for read-only queries. Early failures may happen if:
1. The peer sending the database to us is not the peer we believe to be
the sync site;
2. The sender is not authorized to call DISK_SendFile;
In both cases, the database epoch is invalidated. As a result of that,
we may have the following consequences:
1. Reads may not be allowed
Once the on disk epoch is invalidated, if the server in question is
rebooted, the invalid on disk epoch will be used to initialize the in
memory epoch. At this point, reads may not be allowed since
urecovery_AllBetter checks if the in memory epoch is greater than 1.
Reads should not be blocked forever since the sync-site will send a new
database to this remote and, as a result of that, the invalid version
will be corrected.
2. Data can be lost
If the site with the invalid epoch is the one with the most recent
database, the database can be rolled back to an earlier version during a
new quorum establishment. Consider the following scenario where we have
three sites:
Site A (up - database up to date) (sync-site)
Site B (up - database up to date)
Site C (down - old database)
The epoch of B is invalidated due to the problem fixed by this patch.
Then, A is turned off and C is turned on. In this scenario, the new
sync-site will distribute the old database held by C since its epoch is
greater than 0.
To fix the problem in question, do not set the database epoch to 0
if the local database was not modified.
Acknowledgements:
Hartmut Reuter <hartmut.reuter@gmx.de>
- found the problem;
- suggested a possible solution;
Benjamin Kaduk <kaduk@mit.edu>
- submitted the first version;
Andrew Deason <adeason@sinenomine.net>
- suggested changes;
Reviewed-on: https://gerrit.openafs.org/12924
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
(cherry picked from commit
bd6a2484011dad6298c4ce97dd0cd68e0834baa5)
Change-Id: I64808d4adf6a5925083a671308a60f93ca427180
Reviewed-on: https://gerrit.openafs.org/12937
Reviewed-by: Hartmut Reuter <reuter@rzg.mpg.de>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Tue, 20 Feb 2018 16:51:01 +0000]
afs: improve -volume-ttl error messages
Change the afs call which sets the volume ttl value to return EFAULT
instead of EINVAL when given an out of range value for the volume ttl
parameter. This is more consistent with the other op codes, which
return EFAULT when given an out of range parameter and allows the caller
to distinguish between an invalid opcode and a bad parameter.
Move the volume ttl range constants to afs_args.h, which is where
constants related to the op codes are supposed to be defined. This makes
the constants available to the caller in afsd.c as well as the
implementation in afs_call.c.
Update afsd to print a more sensible error message when the volume ttl
set calls fails due to an out of range parameter.
Reviewed-on: https://gerrit.openafs.org/12918
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
6d74e3d6a1becf86cec30efc2d01a5692167afe1)
Change-Id: I2cd86b6fbba31f74862bb902ac94b0874de8afac
Reviewed-on: https://gerrit.openafs.org/12936
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Sat, 10 Mar 2018 00:34:54 +0000]
Make OpenAFS 1.8.0
Update version strings for 1.8.0.
Change-Id: I80be6d31a6578c6cc8de636e6064d320b25a4246
Reviewed-on: https://gerrit.openafs.org/12954
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Sat, 10 Mar 2018 00:32:29 +0000]
Update NEWS for 1.8.0 final release
Change-Id: I70d73b832cd69395c712b42a391cd4d6d3ea4c8f
Reviewed-on: https://gerrit.openafs.org/12953
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Fri, 2 Mar 2018 02:28:23 +0000]
afs_pioctl: avoid -Wpointer-sign
Change the declaration of 'addr' to be a signed int, to match
RXAFS_CallBackRxConnAddr() and the afsd_pd_GetInt() used with it.
This was detected by clang 4.0 in FreeBSD 11.1, via -Wpointer-sign.
Reviewed-on: https://gerrit.openafs.org/12934
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
79f33b859aeb3c91f2cce7597fdc138978c4e1d9)
Change-Id: Iee85059bebfc8d6fbda3409b720576bd4f6c5f8f
Reviewed-on: https://gerrit.openafs.org/12938
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Mark Vitale [Fri, 2 Mar 2018 04:16:56 +0000]
LINUX: fix RedHat 7.5 ENOTDIR issues
Red Hat Linux 7.5 beta introduces a new file->f_mode flag
FMODE_KABI_ITERATE as a means for certain in-tree filesystems to
indicate that they have implemented file operation iterate() instead of
readdir(). The kernel routine iterate_dir() tests this flag to decide
whether to invoke the file operation iterate() or readdir().
The OpenAFS configure script detects that the file operation iterate()
is available under RH7.5 and so implements iterate() as
afs_linux_readdir(). However, since OpenAFS does not set
FMODE_KABI_ITERATE on any of its files, the kernel's iterate_dir() will
not invoke iterate() for any OpenAFS files. OpenAFS has also not
implemented readdir(), so iterate_dir() must return -ENOTDIR.
Instead, modify OpenAFS to fall back to readdir() in this case.
Reviewed-on: https://gerrit.openafs.org/12935
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
c818f86b79a636532d396887d4f22cc196c86288)
Change-Id: I71386b17f0c751b69c86ef0f5766a5baf3dc36bd
Reviewed-on: https://gerrit.openafs.org/12950
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Andrew Deason [Thu, 15 Feb 2018 22:41:33 +0000]
rxdebug: NUL-terminate version before printing
Currently, 'rxdebug -version' never initializes the buffer we read the
version string into. Usually this is not noticeable, since all OpenAFS
binaries tend to pad the Rx version response packet with NULs, so we
get back several NULs to terminate the string. However, this is not
guaranteed, and if we do not get back a NUL-terminated string, we can
easily read beyond the end of the buffer.
To avoid this, initialize the 'version' buffer with NULs before we do
anything, and set the last byte to NUL, in case we exactly filled the
buffer.
Reviewed-on: https://gerrit.openafs.org/12908
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit
a66629eac4dda4eea37b4f06e0850641cb2a7387)
Change-Id: I850ce16840ee264dce506e8b3c887004bca11e20
Reviewed-on: https://gerrit.openafs.org/12912
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Andrew Deason [Thu, 15 Feb 2018 22:53:57 +0000]
doc: Edits to the 'afsd -volume-ttl' manpage
Make a few misc changes to the text for the new -volume-ttl option:
- Minor grammatical/typo fixes
- Emphasize a little more that the default behavior allows for vldb
info to be cached _forever_
- Provide some info on the effects of changing this value
- Provide a suggested "typical" value, to give some clue as to what
should be set here, so a curious user doesn't just set this to the
first value they see (10 minutes)
Reviewed-on: https://gerrit.openafs.org/12909
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Andrew Deason <adeason@sinenomine.net>
(cherry picked from commit
e6c2624249a6ab96053c1d1134aec8e3f6bcee9e)
Change-Id: I781ec2e8b4873093f65d11b5883f8b74ad397cff
Reviewed-on: https://gerrit.openafs.org/12913
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Wed, 21 Feb 2018 01:31:11 +0000]
redhat: package libuafs perl bindings
Require the swig package as a build dependency. Build and package the
libuafs perl bindings. Place these libraries in the openafs-devel
package, along with the man page (moved from the openfs-client package).
This fixes an rpm build error when the swig package is present on the
build system,
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/lib64/perl/AFS/ukernel.pm
/usr/lib64/perl/ukernel.so
FIXES 134470
Reviewed-on: https://gerrit.openafs.org/12919
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
278581c24a802834719e0d57f27978321556c9bb)
Change-Id: I892e1f58e92f1eb66eeae8fb0d237bed0bdb2a62
Reviewed-on: https://gerrit.openafs.org/12921
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Jeffrey Altman [Sat, 10 Feb 2018 15:47:24 +0000]
rx: Do not count RXGEN_OPCODE towards abort threshold
An RXGEN_OPCODE is returned for opcodes that are not implemented by the
rx service. These opcodes might be deprecated opcodes that are no
longer supported or more recently registered opcodes that have yet to
be implemented. Clients should not be punished for issuing unsupported
calls. The clients might be old and are issuing no longer supported
calls or they might be newer and are issuing yet to be implemented calls
as part of a feature test and fallback strategy.
This change ignores RXGEN_OPCODE errors when deciding how to adjust the
rx_call.abortCount. When an RXGEN_OPCODE abort is sent the
rx_call.abortCount and rx_call.abortError are left unchanged which
preserves the state for the next failing call.
Note that this change intentionlly prevents the incrementing of the
abortCount for client connections as they never send delay aborts.
Reviewed-on: https://gerrit.openafs.org/12906
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
f82d1c7d5aeae148305e867c1f79c6ea2f9e0a2a)
Change-Id: I7a4216bea3a355c31a390c5b4753b4ab0c25661c
Reviewed-on: https://gerrit.openafs.org/12914
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Tue, 26 Dec 2017 23:42:39 +0000]
Make OpenAFS 1.8.0pre5
Update version strings for the fifth 1.8.0 prerelease.
Change-Id: I118da0fc55013ccfb2b5cd586cefb1b0c27f10d9
Reviewed-on: https://gerrit.openafs.org/12910
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Fri, 9 Feb 2018 22:59:19 +0000]
Update NEWS for 1.8.0pre5
Change-Id: I09e509694c5f7ad59e279b89bd9e144aca2ec4e7
Reviewed-on: https://gerrit.openafs.org/12904
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Wed, 21 Jun 2017 20:24:05 +0000]
ubik: check if epoch is sane before db relabel
The sync-site relabels its database at the end of the first write
transaction. The new label will be equal to the time at which the
sync-site in question first received its coordinator mandate. This time
is stored by a global called ubik_epochTime. In order to make sure that
the new database label is sane, only relabel the database if
ubik_epochTime is within a specific range.
Reviewed-on: https://gerrit.openafs.org/12640
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
f5c289d00aaf7c5525b477da5b89f6675456c211)
Change-Id: I78ebd2b8aeae01ef5e3b826ad6f1de5a5c1db79e
Reviewed-on: https://gerrit.openafs.org/12886
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Sat, 9 Dec 2017 17:37:59 +0000]
Replace <rpc/types.h> with <rx/xdr.h>
Our in-tree xdr.h appears to have started life as a concatenation of
rpc/types.h and rpc/xdr.h, and should include all the needed functionality.
Indeed, commit
7293ddf325b149cae60d3abe7199d08f196bd2b9 even indicates
that we expect to be using our in-tree XDR everywhere anyway, so the
system XDR is superfluous.
Note that afs/sysincludes.h (not afsincludes.h!) already includes
rx/xdr.h ifndef AFS_LINUX22_ENV.
This change should help systems running glibc 2.26 or newer, which has
stopped providing the Sun RPC headers by default.
While here remove some duplicate includes of rpc/types.h in the
AIX-specific sources.
The Solaris NFS translator bits cannot really be changed, since the system
headers are used and have tight interdependencies.
Update rxgen to not emit rpc/types.h inclusion.
[mmeffie: squash 12801 to not emit rpc/types.h from rxgen]
Reviewed-on: https://gerrit.openafs.org/12800
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
e443a9fb67dbc29e6cc36661a4ac6e91af113f23)
Change-Id: I351e5c1e1223c49ca76e3d68c264ac1625abae60
Reviewed-on: https://gerrit.openafs.org/12894
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Ian Wienand [Thu, 1 Feb 2018 23:52:26 +0000]
Add .gitreview
git-review [1] makes it much easier to submit changes. Add a default
configuration file.
[1] https://docs.openstack.org/infra/git-review/usage.html
Reviewed-on: https://gerrit.openafs.org/12884
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
c7c71d2429cf685f3ffad6b2e6d102d900edc197)
Change-Id: I271cfeb6aea888ae40539e248a18131b0affeda8
Reviewed-on: https://gerrit.openafs.org/12901
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Mark Vitale [Tue, 30 Jun 2015 05:54:21 +0000]
SOLARIS: Avoid vcache locks when flushing pages for RO vnodes
We have multiple code paths that hold the following locks at the same
time:
- avc->lock for a vcache
- The page lock for a page in 'avc'
In order to avoid deadlocks, we need a consistent ordering for obtaining
these two locks. The code in afs_putpage() currently obtains avc->lock
before the page lock (Obtain*Lock is called before pvn_vplist_dirty).
The code in afs_getpages() also obtains avc->lock before the page lock,
but it does so in a loop for all requested pages (via pvn_getpages()).
On the second iteration of that loop, it obtains avc->lock, and the page
from the first iteration of the loop is still locked. Thus, it obtains a
page lock before locking avc->lock in some cases.
Since we have two code paths that obtain those two locks in a different
order, a deadlock can occur. Fixing this properly requires changing at
least one of those code paths, so the locks are taken in a consistent
order. However, doing so is complex and will be done in a separate
future commit.
For this commit, we can avoid the deadlock for RO volumes by simply
avoiding taking avc->lock in afs_putpages() at all while the pages are
locked. Normally, we lock avc->lock because pvn_vplist_dirty() will call
afs_putapage() for each dirty page (and afs_putapage() requires
avc->lock held). But for RO volumes, we will have no dirty pages
(because RO volumes cannot be written to from a client), and so
afs_putapage() will never be called.
So to avoid this deadlock issue for RO volumes, avoid taking avc->lock
across the pvn_vplist_dirty() call in afs_putpage(). We now pass a dummy
pageout callback function to pvn_vplist_dirty() instead, which should
never be called, and which panics if it ever is.
We still need to hold avc->lock a few other times during afs_putpage()
for other minor reasons, but none of these hold page locks at the same
time, so the deadlock issue is still avoided.
[mmeffie: comments, and fix missing write lock, fix lock releases]
[adeason: revised commit message]
Reviewed-on: https://gerrit.openafs.org/12247
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
5e09a694ec2c0cd20f5dee500eff6bc3dd04c097)
Change-Id: I5d4e4ddba12c09dc549edeee3cad7de40582ac65
Reviewed-on: https://gerrit.openafs.org/12900
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Fri, 5 Jan 2018 04:00:15 +0000]
rx: remove trailing semicolons from FBSD mutex operations
Since the first introduction of FreeBSD support, the macros
(MUTEX_ENTER, etc.) for kernel mutex operations have included
trailing semicolons, unique among all the platforms.
This did not cause problems until the recent work on rx event
handlers, which put a MUTEX_ENTER() in the body of an 'if' clause
with no brackets, and attempted to follow it with an 'else' clause.
This results in the following (rather obtuse) compiler error:
/root/openafs/src/rx/rx.c:3666:5: error: expected expression
else
^
Which is more visible in the preprocessed source, as
if (condition)
expression;;
else
other_expression;
is clearly invalid C.
To fix the FreeBSD kernel module build, remove the unneeded semicolons.
Reviewed-on: https://gerrit.openafs.org/12853
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
0760feb7992e1e39f716c5f583fe7f6e85584262)
Change-Id: I503a5967a167e9be92721af8dc82d191f3bf18ba
Reviewed-on: https://gerrit.openafs.org/12899
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Sat, 9 Dec 2017 17:44:51 +0000]
libuafs: remove stale afs_nfsdisp.lo rule
afs_nfsdisp.lo is not used, so we do not need a build rule for it.
Reviewed-on: https://gerrit.openafs.org/12802
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
decb4308d4e18ad9f6f181e3df5f737698dba7ad)
Change-Id: I53680df1c8648ceb43cc032cada573964622d5b4
Reviewed-on: https://gerrit.openafs.org/12898
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Christof Hanke [Mon, 18 Dec 2017 15:58:39 +0000]
Avoid gcc warning
When using the configure option --enable-checking with gcc 7.2.1,
the compilation fails with
vutil.c:860:20: error: ā%sā directive writing up to 255 bytes into \
a region of size 63 [-Werror=format-overflow=]
This can be seen in the logs of the openSUSE Tumbleweed builder
for e.g. build 2368.
Avoid this warning by using snprintf which is provided by libroken
for all platforms.
Reviewed-on: https://gerrit.openafs.org/12813
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
fd4eaebb60dbefc27be98015fee23a3cf5d9752d)
Change-Id: I3be14f6f1228fd09f036da7ff4f1505c65e49406
Reviewed-on: https://gerrit.openafs.org/12897
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Mon, 21 Aug 2017 18:21:54 +0000]
ubik: avoid DISK_Begin on sites that didn't vote for sync
As already described on
7c708506, SDISK_Begin fails on remotes if
lastYesState is not set. To fix this problem,
7c708506 does not allow
write transactions until we know that lastYesState is set on at least
quorum (ubik_syncSiteAdvertised == 1). In other words, if enough sites
received a beacon packet informing that a sync-site was elected, write
transactions will be allowed. This means that ubik_syncSiteAdvertised
can be true while lastYesState is not set in a few sites.
Consider the following scenario in a cell with frequent write
transactions:
Site A => Sync-site (up)
Site B => Remote 1 (up)
Site C => Remote 2 (down - unreachable)
Since A and B are up, we have quorum. After the second wave of beacons,
ubik_syncSiteAdvertised will be true and write transactions will be
allowed. At some point, C is not unreachable anymore. Site A sends a
copy of its database to C, but C did not vote for A yet (lastYesState ==
0). A new write transaction is initialized and, since lastYesState is
not set on C, DISK_Begin fails on this remote site and C is marked as
down. Since C is reachable, A will mark this remote site as up. The
sync-site will send its database to C, but C did not vote for A yet. A
new write transaction is initialized and, since lastYesState is not set
on C, DISK_Begin fails on this remote site and C is marked as down. In a
cell with frequent write transactions, this cycle will repeat forever.
As a result, the sync-site will be constantly sending its database to C
and quorum will be operating with less sites, increasing the chances
of re-elections.
To fix this problem, do not call DISK_Begin on remotes that did not
vote for the sync-site yet.
Reviewed-on: https://gerrit.openafs.org/12715
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
68ec78950a6e39dc1bf15012d4b889728086d0b7)
Change-Id: I3764c23125f0bc675762449cd29b282ba403f871
Reviewed-on: https://gerrit.openafs.org/12896
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Wed, 31 Jan 2018 21:52:40 +0000]
add rfc3961.h to kernel sources
Export this header to the kernel sources in the libafs_tree, since it is
needed for the kernel module build.
FIXES 134476
Reviewed-on: https://gerrit.openafs.org/12882
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
073522b3d49467af107d1143cfa015c53347e1e3)
Change-Id: I4e5c7883a1dd4b66b9252f4e630ca489f05e9ad3
Reviewed-on: https://gerrit.openafs.org/12890
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Tue, 9 Jan 2018 04:28:24 +0000]
Add param.h files for recent FreeBSD
Add files for FreeBSD 10.4, 11.1, and 12.0 (12-CURRENT), for i386 and amd64.
Reviewed-on: https://gerrit.openafs.org/12863
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
88dc4d93f5ef080da8f56fac453f095e6c79d4a0)
Change-Id: I6ddb0f03e209b0ce9c7ed1168c86a675d7802c23
Reviewed-on: https://gerrit.openafs.org/12888
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Tue, 9 Jan 2018 03:27:04 +0000]
FBSD: catch up to missing sysnames
Add sysnames for i386 and amd64 10.4, 11.1, and 12.0 (12-CURRENT, at present).
Reviewed-on: https://gerrit.openafs.org/12862
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
c390f368a5012f866c1b4ce46d6ac6af6cef2fd5)
Change-Id: I5183c19d446fd0c00bd26c32ca3f7f00a4d12907
Reviewed-on: https://gerrit.openafs.org/12887
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Mon, 21 Aug 2017 19:50:14 +0000]
ubik: update ubik_dbVersion during SDISK_SendFile
The ubik_dbVersion global represents the sync site's database version
and it is mostly used by the remote sites for sanity checks. Currently,
this global is updated when database changes are made on the sync site
(SDISK_Commit or SDISK_SetVersion), as well as every time we vote "yes"
for the sync-site in a beacon reply. Unfortunately, ubik_dbVersion is
not updated when a copy of the sync site's database is received via
DISK_SendFile, and it won't get updated until our next "yes" vote.
During this window, the current database version will not match
ubik_dbVersion. As a result, any write transaction during this time
frame will fail on the remote site in question.
To fix this problem, do not wait for the next beacon packet to update
ubik_dbVersion when the sync site's database is received; just update
it when we get the new database. Since no write transactions are
allowed while the db is transferring, ubik_dbVersion can be safely
updated.
Reviewed-on: https://gerrit.openafs.org/12716
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
50c1d1088d2adcbb37b6a9d23fdd63617b1267be)
Change-Id: Icbbe9efb9c8dab9ac69237380e824d4a523a53d3
Reviewed-on: https://gerrit.openafs.org/12885
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Andrew Deason [Fri, 12 Jan 2018 03:27:28 +0000]
LINUX: Avoid locking inode in check_dentry_race
Currently, check_dentry_race locks the parent inode in order to ensure
it is not running in parallel with d_splice_alias for the same inode.
(For old Linux kernel versions; see commit
b0461f2d: "LINUX:
Workaround d_splice_alias/d_lookup race".)
However, it is possible to hit this area of code when the parent inode
is already locked. When someone tries to create a file, directory, or
symlink, Linux tries to lookup the dentry for the target path, to see
if it already exists. While looking up the last component of the path,
Linux locks the directory, and if it finds a dentry for the target
name, it calls d_invalidate on it while the parent directory is
locked.
For a dentry with a NULL inode, we'll then try to lock the parent
inode in check_dentry_race. But since the inode is already locked, we
will deadlock.
From a user's point of view, the hang can be reproduced by doing
something similar to:
$ mkdir dir # succeeds
$ rmdir dir
$ ls -l dir
ls: cannot access dir: No such file or directory
$ mkdir dir # hangs
To avoid this, we can just change which lock we're using to avoid
check_dentry_race/d_splice_alias from running in parallel. Instead of
locking the parent inode, introduce a new global lock (called
dentry_race_sem), and lock that in check_dentry_race and around our
d_splice_alias call. We know that those are the only two users of this
new lock, so this should avoid any such deadlocks.
This does potentially reduce performance, since all tasks that hit
check_dentry_race or d_splice_alias will take the same global lock.
However, this at least still allows us to make use of negative
dentries, and this entire code path only applies to older Linux
kernels. It could be possible to add a new lock into struct vcache
instead, but using a global lock like this commit does is much
simpler.
Reviewed-on: https://gerrit.openafs.org/12868
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
ef1d4c8d328e9b9affc9864fd084257e9fa08445)
Change-Id: Ia8e28519fff36baca7dc4061ceef6719a2a738d4
Reviewed-on: https://gerrit.openafs.org/12881
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Caitlyn Marko [Thu, 9 Feb 2017 14:16:17 +0000]
SOLARIS: save kernel module function arguments for debugging
Add the -Wu,-save_args compiler option when building kernel modules
under Solaris 10 and 11 for the amd64 architecture.
Binaries generated with this option save function arguments on the stack
during function entry for debugging purposes. Up to six integer
arguments are saved on function entry, and are not modified during the
execution of the function.
[mmeffie: commit message update]
Reviewed-on: https://gerrit.openafs.org/12798
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
32d0493a7e4f74f5e5efdfde5eca29ed7d1bf3ec)
Change-Id: I478ce65da78b86aa3c13e1c615bafd51d0f5d567
Reviewed-on: https://gerrit.openafs.org/12903
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Mon, 5 Feb 2018 21:16:17 +0000]
autoconf: detect ctf-tools and add ctf to libafs
CTF is a reduced form of debug information similar to DWARF and stab. It
describes types and function prototypes. The principal objective of the
format is to shrink the data size as much as possible so that it could
be included in a production environment. MDB, DTrace, and other tools
use CTF debug information to read and display structures correctly.
This commit introduces a new configure option called --with-ctf-tools.
This option can be used to specify an alternative path where the tools
can be found. If the path is not provided, the tools will be searched
in a set of default directories (including $PATH). The CTF debugging
information will only be included if the corresponding --enable-debug /
--enable-debug-kernel is specified.
Note: at the moment, the Solaris kernel module is the only module
benefited by this commit.
Reviewed-on: https://gerrit.openafs.org/12680
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
88cb536f99dc58fdbeb9fa6c47c26774241a0cb6)
Change-Id: I174347370a83b31f68d2631c965e17d72b438cd1
Reviewed-on: https://gerrit.openafs.org/12902
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Sat, 30 Dec 2017 22:59:38 +0000]
autoconf: refactor linux-checks.m4
Further refactoring of the autoconf macros. Divy up the linux kernel
checks into smaller files.
This is a non-functional change. Care has been taken preserve the
ordering of the autoconf tests. Except for whitespace, the generated
configure file has not been changed by this refactoring. This has been
verified with a 'diff -u -w -B' comparison of the generated configure
file before and after applying this commit.
Reviewed-on: https://gerrit.openafs.org/12844
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
6a2b85cd4c00a08e165cb96d2cb56bf87c6324bc)
Change-Id: Iae325bc14fb160f27791b2f3d82198fe671badd8
Reviewed-on: https://gerrit.openafs.org/12878
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Sat, 30 Dec 2017 17:12:59 +0000]
autoconf: refactor ostype.m4
Further refactoring of the autoconf macros. Move more linux and solaris
specific checks into their own files.
This is a non-functional change. Care has been taken preserve the
ordering of the autoconf tests. Except for whitespace, the generated
configure file has not been changed by this refactoring. This has been
verified with a 'diff -u -w -B' comparison of the generated configure
file before and after applying this commit.
Reviewed-on: https://gerrit.openafs.org/12843
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
3c2e39bab7d927aa5f20d02a5e327927a4b2b553)
Change-Id: I4d91753afd90e4735ab61413e757f6852750a3de
Reviewed-on: https://gerrit.openafs.org/12877
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Fri, 29 Dec 2017 19:24:28 +0000]
autoconf: refactor acinclude.m4
The acinclude.m4 is very large and often requires to be changed for
unrelated commits. Divy up the large acinclude.m4 into a number of
smaller files to avoid so many contentions and to make the autoconf
system easier to maintain.
This is a non-functional change. Care has been taken preserve the
ordering of the autoconf tests. Except for whitespace, the generated
configure file has not been changed by this refactoring. This has been
verified with a 'diff -u -w -B' comparison of the generated configure
file before and after applying this commit.
Reviewed-on: https://gerrit.openafs.org/12842
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
c72622a244e561173e86ffe88ee3c9a8c823a76a)
Change-Id: I9504eaa2430fd35f79b55c3df96c82cc7e58fafd
Reviewed-on: https://gerrit.openafs.org/12876
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Mon, 8 Feb 2016 17:12:22 +0000]
CellServDB update 14 Mar 2017
Update all remaining copies of CellServDB in the tree, and make the
Red Hat packaging use it by default too.
Reviewed-on: https://gerrit.openafs.org/12880
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
3ca1352170f87994d42578c5bc75e52c4103bc69)
Change-Id: I773d35745e14903dd3069a0627932153900e0ba6
Reviewed-on: https://gerrit.openafs.org/12889
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Wed, 17 Jan 2018 22:33:50 +0000]
redhat: fix conditional for kernel-debuginfo files directive
Commit
443dd5367e0cd9050ad39a6594c5be521271b4e9 added support for a
separate debuginfo package for the kernel module. Unfortunately, the
%files directive for the kernel module debuginfo package was incorrectly
placed in the %if stanza of the build_userspace condition, so the
rpmbuild fails when attempting to build just the kernel module.
That is, when running rpmbuild with the options:
rpmbuild --define "build_userspace 0" --define "build_modules 1" ...
rpmbuild fails with:
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/lib/debug/lib/modules/.../extra/openafs/openafs.ko.debug
Fix this by moving the new %files directive out of the build_userspace
conditional.
Reviewed-on: https://gerrit.openafs.org/12874
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
f599e1ce6354c42a9c0c8f7205ba8a03c35ea72b)
Change-Id: I07e25d3dd43b2cd7056cefb8f0f5c10f78347b85
Reviewed-on: https://gerrit.openafs.org/12875
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Sat, 22 Jul 2017 02:30:43 +0000]
redhat: avoid rpmbuild exclude directives
Older versions of rpmbuild do not support the files exclude directive,
so fall back to the old way in which we remove the files to be excluded
and list the files to be included.
Reviewed-on: https://gerrit.openafs.org/12733
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
a71288a387095ccb4be83c1abae34ada80f53185)
Change-Id: I01c20bc21ec6143be76458c311d826023c370d51
Reviewed-on: https://gerrit.openafs.org/12873
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Sat, 22 Jul 2017 02:16:44 +0000]
redhat: move .krb variants to the kauth-client subpackage
Move the deprecated klog.krb, pagsh.krb, and tokens.krb programs and man
pages to the optional openafs-kauth-client subpackage.
Reviewed-on: https://gerrit.openafs.org/12732
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
4d247e1ae446c512031511273d556ef1fd32dca1)
Change-Id: I3c6164022b07f0c3283cb54ffd26e1f9c3dd67bb
Reviewed-on: https://gerrit.openafs.org/12872
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Thu, 20 Jul 2017 08:13:04 +0000]
redhat: specify man pages without wildcards
Currently, some of the man pages are specified with the full name and
some are specified with a wildcard for the filename extension. Instead,
specify all the man pages without a wildcards to be more consistent and
to avoid putting incorrect man pages in packages.
This change removes a stray copy the klog.krb5.1 man page from
openafs-kauth-client subpackage and moves the AuthLog/AuthLog.dir man
pages to the optional openafs-kauth-server subpackage.
Reviewed-on: https://gerrit.openafs.org/12731
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
671db4ca5a76625d9b7133510cc1cbdda8a5d9b9)
Change-Id: I9d10cc7aad94a2dc004526acb426a9b9badc8e3c
Reviewed-on: https://gerrit.openafs.org/12871
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Fri, 21 Jul 2017 22:05:48 +0000]
redhat: remove afsd.fuse man page
The afsd.fuse binary is not currently packaged; do not package the man
page.
Reviewed-on: https://gerrit.openafs.org/12730
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
a9810b829bdccfed4d1718b11cf4dd51f9565e00)
Change-Id: I7c829a492e999cc989e9341e94f56d6669722a4c
Reviewed-on: https://gerrit.openafs.org/12870
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Tue, 26 Dec 2017 23:42:39 +0000]
Make OpenAFS 1.8.0pre4
Update version strings for the fourth 1.8.0 prerelease.
Change-Id: Ib7defe21ca5e5a8c2214879633a467e002f3269b
Reviewed-on: https://gerrit.openafs.org/12837
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Tue, 26 Dec 2017 23:41:59 +0000]
Update NEWS for 1.8.0pre4
Change-Id: I0ba71b1e837309b36db39895914b6a8b9380a81f
Reviewed-on: https://gerrit.openafs.org/12836
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Mark Vitale [Fri, 1 Dec 2017 01:26:46 +0000]
LINUX: Avoid d_invalidate() during afs_ShakeLooseVCaches()
With recent changes to d_invalidate's semantics (it returns void in Linux 3.11,
and always returns success in RHEL 7.4), it has become increasingly clear that
d_invalidate() is not the best function for use in our best-effort
(nondisruptive) attempt to free up vcaches that is afs_ShakeLooseVCaches().
The new d_invalidate() semantics always force the invalidation of a directory
dentry, which contradicts our desire to be nondisruptive, especially when
that directory is being used as the current working directory for a process.
Our call to d_invalidate(), intended to merely probe for whether a dentry
can be discarded without affecting other consumers, instead would cause
processes using that dentry as a CWD to receive ENOENT errors from getcwd().
A previous commit (
c3bbf0b4444db88192eea4580ac9e9ca3de0d286) tried to address
this issue by calling d_prune_aliases() instead of d_invalidate(), but
d_prune_aliases() does not recursively descend into children of the given
dentry while pruning, leaving it an incomplete solution for our use-case.
To address these issues, modify the shakeloose routine TryEvictDentries() to
call shrink_dcache_parent() and maybe __d_drop() for directories, and
d_prune_aliases() for non-directories, instead of d_invalidate(). (Calls to
d_prune_aliases() for directories have already been removed by reverting commit
c3bbf0b4444db88192eea4580ac9e9ca3de0d286.)
Just like d_invalidate(), shrink_dcache_parent() has been around "forever"
(since pre-git v2.6.12). Also like d_invalidate(), it "walks" the parent
dentry's subdirectories and "shrinks" (unhashes) unused dentries. But unlike
d_invalidate(), shrink_dcache_parent() will not unhash an in-use dentry, and
has never changed its signature or semantics.
d_prune_aliases() has also been available "forever", and has also never changed
its signature or semantics. The lack of recursive descent is not an issue for
non-directories, which cannot have such children.
[kaduk@mit.edu: apply review feedback to fix locking and avoid extraneous
changes, and reword commit message]
Reviewed-on: https://gerrit.openafs.org/12830
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
afbc199f152cc06edc877333f229604c28638d07)
Change-Id: I6d37e5584b57dcbb056385a79f67b92a363e08d2
Reviewed-on: https://gerrit.openafs.org/12851
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Mark Vitale [Thu, 30 Nov 2017 22:56:13 +0000]
LINUX: consolidate duplicate code in osi_TryEvictDentries
The two stanzas for HAVE_DCACHE_LOCK are now functionally identical;
remove the preprocessor conditionals and duplicate code.
Minor functional change is incurrred for very old (before 2.6.38) Linux
versions that have dcache_lock; we are now obtaining the d_lock as well.
This is safe because d_lock is also quite old (pre-git, 2.6.12), and it
is a spinlock that's only held for checking d_unhashed. Therefore, it
should have negligible performance impact. It cannot cause deadlocks or
violate locking order, because spinlocks can't be held across sleeps.
Reviewed-on: https://gerrit.openafs.org/12792
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@dson.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
5076dfc14b980aed310f3862875d5e9919fa199d)
Change-Id: I7a17494b40c049a562dec20c50c27125f54436d0
Reviewed-on: https://gerrit.openafs.org/12850
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Mark Vitale [Thu, 30 Nov 2017 21:51:32 +0000]
LINUX: consolidate duplicate code in canonical_dentry
The two stanzas for HAVE_DCACHE_LOCK are now identical;
remove the preprocessor conditionals and duplicate code.
No functional change should be incurred by this commit.
Reviewed-on: https://gerrit.openafs.org/12791
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
0678ad26b6069040a6ea86866fb59ef5968ea343)
Change-Id: If0f9516201cea747a753db04ba2d0e2cac69971b
Reviewed-on: https://gerrit.openafs.org/12849
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Mark Vitale [Thu, 30 Nov 2017 21:46:16 +0000]
LINUX: add afs_d_alias_lock & _unlock compat wrappers
Simplify some #ifdefs for HAVE_DCACHE_LOCK by pushing them down into
new helpers in osi_compat.h.
No functional change should be incurred by this commit.
Reviewed-on: https://gerrit.openafs.org/12790
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
652cd597d9b3cf1a9daccbbf6bf35f1b0cd55a94)
Change-Id: I6aec7d6a21e68011ca10ceaa15e83d80f52fad59
Reviewed-on: https://gerrit.openafs.org/12848
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Mark Vitale [Thu, 30 Nov 2017 21:08:38 +0000]
LINUX: create afs_linux_dget() compat wrapper
For dentry operations that cover multiple dentry aliases of
a single inode, create a compatibility wrapper to hide differences
between the older dget_locked() and the current dget().
No functional change should be incurred by this commit.
Reviewed-on: https://gerrit.openafs.org/12789
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
74f4bfc627c836c12bb7c188b86d570d2afdcae8)
Change-Id: Id854e5957547a1370cadb400f7f699c30d861fd1
Reviewed-on: https://gerrit.openafs.org/12847
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Mark Vitale [Thu, 30 Nov 2017 18:45:27 +0000]
Revert "LINUX: do not use d_invalidate to evict dentries"
Linux recently changed the semantics of d_invalidate() to:
- return void
- invalidate even a current working directory
OpenAFS commit
c3bbf0b4444db88192eea4580ac9e9ca3de0d286 switched libafs
to use d_prune_aliases() instead.
However, since that commit, several things have happened:
- RHEL 7.4 changed the semantics of d_invalidate() such that it
invalidates the cwd, but did NOT change the return type to void.
This broke our autoconf test for detecting the new semantics.
- Further research reveals that d_prune_aliases() was not the best
choice for replacing d_invalidate(). This is because for directories,
d_prune_aliases() doesn't invalidate dentries when they are referenced
by its children, and it doesn't walk the tree trying to invalidate
child dentries. So it can leave dentries dangling, if the only
references to thos dentries are via children.
In preparation for future commits, revert
c3bbf0b4444db88192eea4580ac9e9ca3de0d286 .
Reviewed-on: https://gerrit.openafs.org/12788
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
367693bd7da2de593e3329f6acc4a4d07621fb97)
Change-Id: I3dfa9127adf8424fe675e237194d6ade5a7fc4f1
Reviewed-on: https://gerrit.openafs.org/12846
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Mark Vitale [Thu, 30 Nov 2017 19:04:48 +0000]
Revert "LINUX: eliminate unused variable warning"
This reverts commit
19599b5ef5f7dff2741e13974692fe4a84721b59
to allow also reverting commit
c3bbf0b4444db88192eea4580ac9e9ca3de0d286 .
Reviewed-on: https://gerrit.openafs.org/12787
Reviewed-by: Andrew Deason <adeason@dson.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
f8247078bd33a825d8734b2c8f05120d15ab3ffd)
Change-Id: I023c88e19d9f1a18b2bfaec8a35bd635f157b570
Reviewed-on: https://gerrit.openafs.org/12845
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Pat Riehecky [Thu, 12 Mar 2015 19:33:10 +0000]
redhat: separate debuginfo package for kmod rpm
Place the debuginfo for the kmod into its own rpm so that
it doesn't have to track against the userspace packages.
FIXES 132034
Reviewed-on: https://gerrit.openafs.org/11867
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
443dd5367e0cd9050ad39a6594c5be521271b4e9)
Change-Id: I6a24bb08242ec34c123880e9cbca4580a3560cba
Reviewed-on: https://gerrit.openafs.org/12822
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Stephan Wiesand [Fri, 22 Dec 2017 13:40:32 +0000]
Linux 4.15: check for 2nd argument to pagevec_init
Linux 4.15 removes the distinction between "hot" and "cold" cache
pages, and pagevec_init() no longer takes a "cold" flag as the
second argument. Add a configure test and use it in osi_vnodeops.c .
Reviewed-on: https://gerrit.openafs.org/12824
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Tested-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
fb1f14d8ee963678a9caad0538256c99c159c2c4)
Change-Id: Ib9e0751e4900d984a4197d18ee9ebb1bdc7bf331
Reviewed-on: https://gerrit.openafs.org/12829
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Stephan Wiesand [Fri, 22 Dec 2017 13:17:09 +0000]
Linux: use plain page_cache_alloc
Linux 4.15 removes the distinction between "hot" and "cold" cache
pages, and no longer provides page_cache_alloc_cold(). Simply use
page_cache_alloc() instead, rather than adding yet another test.
Reviewed-on: https://gerrit.openafs.org/12823
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Tested-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
be5f5b2aff2d59986dd8e7dd7dd531be24c27cb2)
Change-Id: I2d4df508abfa9d3c7020b8a2817ed3e882a4dbbc
Reviewed-on: https://gerrit.openafs.org/12828
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Thu, 12 Oct 2017 15:42:40 +0000]
macos: make the OpenAFS client aware of APFS
Apple has introduced a new file system called APFS. Starting from High
Sierra, APFS replaces Mac OS Extended (HFS+) as the default file system
for solid-state drives and other flash storage devices.
The current OpenAFS client is not aware of APFS. As a result, the
installation of the current client into an APFS volume will panic the
machine.
To fix this problem, make the OpenAFS client aware of APFS.
Reviewed-on: https://gerrit.openafs.org/12743
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
6e57b22642bafb177e0931b8fb24042707d6d62f)
Change-Id: I60d2a57fae3ee227bb3327a5e18962f46b49c991
Reviewed-on: https://gerrit.openafs.org/12827
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Fri, 6 Oct 2017 13:01:12 +0000]
macos: packaging support for MacOS X 10.13
This commit introduces the new set of changes / files required to
successfully create the dmg installer on OS X 10.13 "High Sierra".
Reviewed-on: https://gerrit.openafs.org/12742
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
e533d0737058940d59d93467c9b4d6d3ec2834e6)
Change-Id: I8932f6a3db6a0572aa36944aa339b888fac94b7d
Reviewed-on: https://gerrit.openafs.org/12826
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Tue, 3 Oct 2017 20:01:56 +0000]
macos: add support for MacOS 10.13
This commit introduces the new set of changes / files required to
successfully build the OpenAFS source code on OS X 10.13 "High Sierra".
Reviewed-on: https://gerrit.openafs.org/12741
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
804c9cbf501d4ca91b69ad8fd6d64e49efa25a47)
Change-Id: I9abcccf8313c8ac075eb1edbd36cbaa565968b38
Reviewed-on: https://gerrit.openafs.org/12825
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Fri, 15 Dec 2017 01:54:57 +0000]
Fix macro used to check kernel_read() argument order
The m4 macro implementing the configure check is called
LINUX_KERNEL_READ_OFFSET_IS_LAST, but it defines a preprocessor symbol
that is just KERNEL_READ_OFFSET_IS_LAST. Our code needs to check
for the latter being defined, not the former.
Reported by Aaron Ucko.
Reviewed-on: https://gerrit.openafs.org/12808
Reviewed-by: Anders Kaseorg <andersk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
edc5463f3db4b6af2307741d9f4ee8f2c81cd98e)
Change-Id: I7bc6615118f1200d3f257e7a01652b49b458a8fa
Reviewed-on: https://gerrit.openafs.org/12809
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Tue, 5 Dec 2017 00:14:22 +0000]
Update NEWS for rx security fix
Change-Id: I30282ac8f51a7b16dd851fdbd41464f8fdafc279
Benjamin Kaduk [Mon, 4 Dec 2017 23:20:57 +0000]
OPENAFS-SA-2017-001: rx: Sanity-check received MTU and twind values
Rather than blindly trusting the values received in the
(unauthenticated) ack packet trailer, apply some minmial sanity checks
to received values. natMTU and regular MTU values are subject to
Rx minmium/maximum packet sizes, and the transmit window cannot drop
below one without risk of deadlock.
The maxDgramPackets value that can also be present in the trailer
already has sufficient sanity checking.
Extremely low MTU values (less than 28 == RX_HEADER_SIZE) can cause us
to set a negative "maximum usable data" size that gets used as an
(unsigned) packet length for subsequent allocation and computation,
triggering an assertion when the connection is used to transmit data.
FIXES 134450
(cherry picked from commit
894555f93a2571146cb9ca07140eb98c7a424b01)
Change-Id: I98e2a65d1aa291a73e8cfed9c9eaac71c6af00dc
Benjamin Kaduk [Wed, 8 Nov 2017 13:11:45 +0000]
Make OpenAFS 1.8.0pre3
Update the version strings for the third 1.8.0 prerelease.
Change-Id: I25a4eee4de04e57ffcf9055f69ae9a3d683b8d64
Reviewed-on: https://gerrit.openafs.org/12765
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Tue, 7 Nov 2017 03:30:04 +0000]
Update NEWS for 1.8.0pre3
Change-Id: I38110825cbe8b5c4ca18d86e4542374ae26f6fd4
Reviewed-on: https://gerrit.openafs.org/12764
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Benjamin Kaduk [Tue, 28 Nov 2017 04:17:28 +0000]
afs: Fix bounds check in PNewCell
Reported by the opensuse buildbot:
CC [M] /home/buildbot/opensuse-tumbleweed-i386-builder/build/src/libafs/MODLOAD-4.13.12-1-default-MP/rx_packet.o
/home/buildbot/opensuse-tumbleweed-i386-builder/build/src/afs/afs_pioctl.c: In function āPNewCellā:
/home/buildbot/opensuse-tumbleweed-i386-builder/build/src/afs/afs_pioctl.c:3075:55: error: ā*ā in boolean context, suggest ā&&ā instead [-Werror=int-in-bool-context]
if ((afs_pd_remaining(ain) < AFS_MAXCELLHOSTS +3) * sizeof(afs_int32))
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
The bug was introduced in commit
718f85a8b6.
Reviewed-on: https://gerrit.openafs.org/12782
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
4fa0ee620cfb9991ca9748b5ee116cc8e1e6c505)
Change-Id: I0963403846a62dddf2d13ce3c03d772a6d869119
Reviewed-on: https://gerrit.openafs.org/12784
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Tue, 28 Nov 2017 04:07:53 +0000]
rx: fix call refcount leak in error case
The recent event handling normalization in commit
304d758983b499dc568d6ca57b6e92df24b69de8 had event handlers switch
to dropping their reference on the associated connection/call just
before return. An early return case was missed in the conversion,
leading to a refcount leak in an error case.
Reviewed-on: https://gerrit.openafs.org/12781
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
66b74e78ba5fea6a8236dcd3b8b46e1dfa6a0ac7)
Change-Id: I532c49b2ef6ec95dd26a99c02e12ea53348f9690
Reviewed-on: https://gerrit.openafs.org/12783
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Thu, 16 Nov 2017 22:24:03 +0000]
afs: fix kernel_write / kernel_read arguments
The order / content of the arguments passed to kernel_write and
kernel_read are not right. As a result, the kernel will panic if one of
the functions in question is called.
[kaduk@mit.edu: include configure check for multiple kernel_read()
variants, per linux commits
bdd1d2d3d251c65b74ac4493e08db18971c09240
and
e13ec939e96b13e664bb6cee361cc976a0ee621a]
FIXES 134440
Reviewed-on: https://gerrit.openafs.org/12769
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
3ce55426ee6912b78460465bcaa1428333ad1fbc)
Change-Id: I28f04f7625a471c37f98515d5186f80082bf6a43
Reviewed-on: https://gerrit.openafs.org/12780
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Mon, 6 Nov 2017 22:37:46 +0000]
tests: fix out of bounds access in the rx-event test
Use the NUMEVENTS symbol which defines the array size instead of an
incorrect hard coded number when checking if a second event can be added
to be fired at the same time. This fixes a potential out of bounds
access of the event test array.
Also update the comment which incorrectly mentions the incorrect number
of events in the test.
Reviewed-on: https://gerrit.openafs.org/12762
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
50a3eb7b7ee94bffaadc98429bd404164e89ec7f)
Change-Id: I7a975e7498c1c7416a800c9294c97ee4de4fd57a
Reviewed-on: https://gerrit.openafs.org/12779
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Thu, 16 Nov 2017 10:49:49 +0000]
Sprinkle rx_GetConnection() for concision
Instead of inlining the body (taking the lock, incrementing the
refcount, and dropping the lock), use the convenience function
designed for this purpose.
Reviewed-on: https://gerrit.openafs.org/12772
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
2ae84bf053fe66b73a2c77b5d71305bae2c17587)
Change-Id: I60794d877a76fbb7c8ba59207e710a20641cc8f1
Reviewed-on: https://gerrit.openafs.org/12778
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Thu, 16 Nov 2017 10:48:02 +0000]
rx: fix mutex leak in error case
Reported by Mark Vitale
Reviewed-on: https://gerrit.openafs.org/12771
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
01bcfd3e14f6ee1faa4b8ce5a7932de37d585fd3)
Change-Id: I4384d6813a5cfb053e6991eb3c157fa59ecfa11b
Reviewed-on: https://gerrit.openafs.org/12777
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Wed, 1 Nov 2017 00:49:09 +0000]
Add event-related mutex assertions
In utility functions that access fields of type struct rxevent *,
assert that the appropriate lock is held for the access in question.
These assertions are only compiled in when built with -DOPR_DEBUG_LOCKS,
which can be enbled by --debug-locks at configure time.
Reviewed-on: https://gerrit.openafs.org/12757
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
a7a3108e602c83176c5578c9f28b6312f71aba78)
Change-Id: I147a2e475feffb1b75a08ac5b08614bd6d8f46a5
Reviewed-on: https://gerrit.openafs.org/12776
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Sun, 8 Oct 2017 03:42:38 +0000]
Standardize rx_event usage
Go over all consumers of the rx event framework and normalize its usage
according to the following principles:
rxevent_Post() is used to create an event, and it returns an event
handle (with a reference on the event structure) that can be used
to cancel the event before its timeout fires. (There is also an
additional reference on the event held by the global event tree.)
In all(*) usage within the tree, that event handle is stored within
either an rx_connection or an rx_call. Reads/writes to the member variable
that holds the event handle require either the conn_data_lock or call
lock, respectively -- that means that in most cases, callers of
rxevent_Post() and rxevent_Cancel() will be holding one of those
aforementioned locks. The event handlers themselves will need to
modify the call/connection object according to the nature of the
event, which requires holding those same locks, and also a guarantee
that the call/connection is still a live object and has not been
deallocated! Whether or not rxevent_Cancel() succeeds in cancelling
the event before it fires, whenever passed a non-NULL event structure
it will NULL out the supplied pointer and drop a reference on the
event structure. This is the correct behavior, since the caller
has asked to cancel the event and has no further use for the event
handle or its reference on the event structure. The caller of
rxevent_Cancel() must check its return value to know whether or
not the event was cancelled before its handler was able to run.
The interaction window between the call/connection lock and the lock
protecting the red/black tree of pending events opens up a somewhat
problematic race window. Because the application thread is expected
to hold the call/connection lock around rxevent_Cancel() (to protect
the write to the field in the call/connection structure that holds
an event handle), and rxevent_Cancel() must take the lock protecting
the red/black tree of events, this establishes a lock order with the
call/connection lock taken before the eventTree lock. This is in
conflict with the event handler thread, which must take the eventTree
lock first, in order to select an event to run (and thus know what
additional lock would need to be taken, by virtue of what handler
function is to be run). The conflict is easy to resolve in the
standard way, by having a local pointer to the event that is obtained
while the event is removed from the red/black tree under the eventTree
lock, and then the eventTree lock can be dropped and the event run
based on the local variable referring to it. The race window occurs
when the caller of rxevent_Cancel() holds the call/connection lock,
and rxevent_Cancel() obtains the eventTree lock just after the event
handler thread drops it in order to run the event. The event handler
function begins to execute, and immediately blocks trying to obtain
the call/connection lock. Now that rxevent_Cancel() has the eventTree
lock it can proceed to search the tree, fail to find the indicated event
in the tree, clear out the event pointer from the call/connection
data structure, drop its caller's reference to the event structure,
and return failure (the event was not cancelled). Only then does the
caller of rxevent_Cancel() drop the call/connection lock and allow
the event handler to make progress.
This race is not necessarily problematic if appropriate care is taken,
but in the previous code such was not the case. In particular, it
is a common idiom for the firing event to call rxevent_Put() on itself,
to release the handle stored in the call/connection that could have
been used to cancel the event before it fired. Failing to do so would
result in a memory leak of event structures; however, rxevent_Put() does
not check for a NULL argument, so a segfault (NULL dereference) was
observed in the test suite when the race occurred and the event handler
tried to rxevent_Put() the reference that had already been released by
the unsuccessful rxevent_Cancel() call. Upon inspection, many (but not
all) of the uses in rx.c were susceptible to a similar race condition
and crash.
The test suite also papers over a related issue in that the event handler
in the test suite always knows that the data structure containing the
event handle will remain live, since it is a global array that is allocated
for the entire scope of the test. In rx.c, events are associated with
calls and connections that have a finite lifetime, so we need to take care
to ensure that the call/connection pointer stored in the event remains
valid for the duration of the event's lifecycle. In particular, even an
attempt to take the call/connection lock to check whether the corresponding
event field is NULL is fraught with risk, as it could crash if the lock
(and containing call/connection) has already been destroyed! There are
several potential ways to ensure the liveness of the associated
call/connection while the event handler runs, most notably to take care
in the call/connection destruction path to ensure that all associated
events are either successfully cancelled or run to completion before
tearing down the call/connection structure, and to give the pending event
its own reference on the associated call/connection. Here, we opt for
the latter, acknowledging that this may result in the event handler thread
doing the full call/connection teardown and delay the firing of subsequent
events. This is deemed acceptable, as pending events are for intentionally
delayed tasks, and some extra delay is probably acceptable. (The various
keepalive events and the challenge event could delay the user experience
and/or security properties if significantly delayed, but I do not believe
that this change admits completely unbounded delay in the event handler
thread, so the practical risk seems minimal.)
Accordingly, this commit attempts to ensure that:
* Each event holds a formal reference on its associated call/connection.
* The appropriate lock is held for all accesses to event pointers in
call/connection structures.
* Each event handler (after taking the appropriate lock) checks whether
it raced with rxevent_Cancel() and only drops the call/connection's
reference to the event if the race did not occur.
* Each event handler drops its reference to the associated call/connection
*after* doing any actions that might access/modify the call/connection.
* The per-event reference on the associated call/connection is dropped by
the thread that removes the event from the red/black tree. That is,
the event handler function if the event runs, or by the caller of
rxevent_Cancel() when the cancellation succeed.
* No non-NULL event handles remain in a call/connection being destroyed,
which would indicate a refcounting error.
(*) There is an additional event used in practice, to reap old connections,
but it is effectively a background task that reschedules itself
periodically, with no handle to the event retained so as to be able
to cancel it. As such, it is unaffected by the concerns raised here.
While here, standardize on the rx_GetConnection() function for incrementing
the reference count on a connection object, instead of inlining the
corresponding mutex lock/unlock and variable access.
In contrast to what was done on master, for the 1.8 branch we do not
force-enable refcount checking.
Reviewed-on: https://gerrit.openafs.org/12756
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
304d758983b499dc568d6ca57b6e92df24b69de8)
Change-Id: I68e6cc162a148b6ebbabe037a7bc3cccd648423c
Reviewed-on: https://gerrit.openafs.org/12775
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Benjamin Kaduk [Thu, 5 Oct 2017 04:03:44 +0000]
Adjust rx-event test to exercise cancel/fire race
We currently do not properly handle the case where a thread runs
rxevent_Cancel() in parallel with the event-handler thread attempting
to fire that event, but the test suite only picked up on this issue
in a handful of the Debian automated builds (somewhat less-resourced
ones, perhaps).
Modify the event scheduling algorithm in the test so as to create a
larger chunk of events scheduled to fire "right away" and thereby
exercise the race condition more often when we proceed to cancel
a quarter of events "right away".
Reviewed-on: https://gerrit.openafs.org/12755
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
bdb509fb1d8e0fdca05dffecdbcbf60a95ea502e)
Change-Id: I27cebed3c2c3daff10b8d3f5f6f949e667791a72
Reviewed-on: https://gerrit.openafs.org/12774
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael LaĆ [Thu, 2 Nov 2017 20:16:49 +0000]
gtx: link against libtinfo if termlib is seperated
If ncurses is built with "./configure --with-termlib=tinfo", gtx fails
to link because of an undefined reference to the LINES symbol which is
then provided by libtinfo.so and not libncurses.so.
If ncurses is present, additionally check whether LINES is provided by
ncurses or tinfo and set $LIB_curses accordingly.
This change is based on a patch provided by Bastian Beischer.
FIXES 134420
Reviewed-on: https://gerrit.openafs.org/12760
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
311f1d28a2f626350b33ad432e674055b62511bd)
Change-Id: I2f69fe51bbefeeb2a17145a88aa9c891644f2f61
Reviewed-on: https://gerrit.openafs.org/12763
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael LaĆ <lass@mail.uni-paderborn.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Damien Diederen [Mon, 18 Sep 2017 10:18:39 +0000]
Linux: Use kernel_read/kernel_write when __vfs variants are unavailable
We hide the uses of set_fs/get_fs behind a macro, as those functions
are likely to soon become unavailable:
> Christoph Hellwig suggested removing all calls outside of the core
> filesystem and architecture code; Andy Lutomirski went one step
> further and said they should all go.
https://lwn.net/Articles/722267/
Reviewed-on: https://gerrit.openafs.org/12729
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
5ee516b3789d3545f3d78fb3aba2480308359945)
Change-Id: I28a7126bf6ab048f8d949f190e557a3fa44f3f46
Reviewed-on: https://gerrit.openafs.org/12737
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Damien Diederen [Mon, 18 Sep 2017 09:59:40 +0000]
Linux: Test for __vfs_write rather than __vfs_read
The following commit:
commit
eb031849d52e61d24ba54e9d27553189ff328174
Author: Christoph Hellwig <hch@lst.de>
Date: Fri Sep 1 17:39:23 2017 +0200
fs: unexport __vfs_read/__vfs_write
unexports both __vfs_read and __vfs_write, but keeps the former in
fs.h--as it is is still being used by another part of the tree.
This situation results in a false positive in our Autoconf check,
which does not see the export statements, and ends up marking the
corresponding API as available.
That, in turn, causes some code which assumes symmetry with
__vfs_write to fail to compile.
Switch to testing for __vfs_write, which correctly marks the API as
unavailable.
Reviewed-on: https://gerrit.openafs.org/12728
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
929e77a886fc9853ee292ba1aa52a920c454e94b)
Change-Id: I03e3c8222360a6b04b45b45a8f56b5df054f6783
Reviewed-on: https://gerrit.openafs.org/12736
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Mon, 16 Oct 2017 21:53:22 +0000]
Correct m4 conditionals in curses.m4
AS_IF does not invoke the test(1) shell builtin for us, so we must
take care to consistently use it ourself.
While here, sprinkle some missing double-quotes around variable
expansions in AS_IF statements in this file.
Submitted by Bastian Beischer.
FIXES 134414
Change-Id: Iccfe311011f17de6317cf64abdc58b0812b81b8c
Reviewed-on: https://gerrit.openafs.org/12738
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
e0c5ada214596d5adb6798682d5e280cc99f447c)
Reviewed-on: https://gerrit.openafs.org/12739
Anders Kaseorg [Sat, 2 Sep 2017 03:37:07 +0000]
vol: Fix two buffers being one char too short
Fixes these warnings:
namei_ops.c: In function 'namei_copy_on_write':
namei_ops.c:1328:31: warning: 'snprintf' output may be truncated before the last format character [-Wformat-truncation=]
snprintf(path, sizeof(path), "%s-tmp", name.n_path);
^~~~~~~~
namei_ops.c:1328:2: note: 'snprintf' output between 5 and 260 bytes into a destination of size 259
snprintf(path, sizeof(path), "%s-tmp", name.n_path);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vol_split.c: In function 'split_volume':
vol_split.c:576:22: warning: 'sprintf' may write a terminating nul past the end of the destination [-Wformat-overflow=]
sprintf(symlink, "#%s", V_name(newvol));
^~~~~
vol_split.c:576:5: note: 'sprintf' output between 2 and 33 bytes into a destination of size 32
sprintf(symlink, "#%s", V_name(newvol));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reviewed-on: https://gerrit.openafs.org/12722
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
0a9a6b57ce6e1c97fcc651c8cb74e66fc8422a1e)
Change-Id: Ia60439aed7925b786a0213d96a7afb413579e01f
Reviewed-on: https://gerrit.openafs.org/12723
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Seth Forshee [Tue, 22 Aug 2017 12:59:11 +0000]
Linux: Include linux/uaccess.h rather than asm/uaccess.h if present
Starting with Linux 4.12 there is a module build error on s390
due to asm/uaccess.h using a macro defined in the common header.
The common header has been around since 2.6.18 and has always
included asm/uaccess.h, so switch to using the common header
whenever it is present.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Reviewed-on: https://gerrit.openafs.org/12714
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
962f4838dc461567d896304f617a0923745d13d5)
Change-Id: I5a7834b982458159804bc4d940e39ef283253299
Reviewed-on: https://gerrit.openafs.org/12718
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Wed, 2 Aug 2017 01:43:41 +0000]
Make OpenAFS 1.8.0pre2
Update the version strings for the second 1.8.0 prerelease.
Change-Id: I3e3f950d0565b877a4da4f8843a015ac392484d5
Reviewed-on: https://gerrit.openafs.org/12683
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Wed, 2 Aug 2017 01:57:52 +0000]
Remove src/mcas
This lock-free library toolkit is intriguing and may be the subject
of future work, but such development will occur on the master branch,
and these files are just clutter on openafs-stable-1_8_x. Remove
them to give the tree a more clean start.
Remove src/mcas and stop mentioning it in SOURCE-MAP; don't reference
it in the rpctests, either.
Change-Id: I21b1b6b64a709fe40aa53aaf3470d128c0dc2f86
Reviewed-on: https://gerrit.openafs.org/12682
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Wed, 2 Aug 2017 01:55:52 +0000]
Remove src/rxgk
These files were commited slightly prematurely to the tree; rxgk
support is intended for the 2.0 release, and will not appear in the
1.8.x release series.
Remove src/rxgk and drop mentions of rxgk from configure/Makefile.in/etc.
Change-Id: Ib7d40eaac85b05d920781b61f73dbdf8fedfcc2b
Reviewed-on: https://gerrit.openafs.org/12681
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Sat, 15 Apr 2017 00:38:27 +0000]
redhat: move bosserver and fssync-debug man pages
Move the bosserver and fssync-debug/dafssync-debug man pages to the
openafs-server package, which distributes those programs.
Change-Id: I9c84ad485834177fd43b28acd444d3d54c648cc8
Reviewed-on: https://gerrit.openafs.org/12601
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Fri, 14 Apr 2017 01:48:06 +0000]
redhat: kauth client and server sub-packages
Move the kaserver and kauth client programs to conditionally built
packages called openafs-kauth-server and openafs-kauth-client.
Packagers can build these by specifying '--with kauth'. They are not
built by default to discourage use.
This commit subsumes the openafs-kpasswd package into the
openafs-kauth-client package.
Change-Id: I1322f05d7fe11d466c9ed71a5059c21b759d95ab
Reviewed-on: https://gerrit.openafs.org/12600
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Mon, 10 Apr 2017 19:06:02 +0000]
redhat: do not package kauth by default
Do not package kaserver and related programs by default to discourage
use. Add the '--with kauth' rpmbuild option to allow packagers to
continue include the kauth programs for compatibility.
Change-Id: I8bf9f6dc221afc22ed6c9a33cf101d705e6c4920
Reviewed-on: https://gerrit.openafs.org/12597
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Mon, 31 Jul 2017 01:57:05 +0000]
Default to crypt mode for unix clients
Though the protection offered by rxkad, even with rxkad-k5 and rxkad-kdf, is
insufficient to protect traffic from a determined attacker, it remains the
case that the internet is not a safe place for user data to travel in the
clear, and has not been for a long time. The Windows client encrypts by
default, and all or nearly all the Unix client packaging scripts set crypt
mode by default. Catch up to reality and default to crypt mode in the
Unix cache manager.
Change-Id: If0061ddca3bedf0df1ade8cb61ccb710ec1181d4
Reviewed-on: https://gerrit.openafs.org/12668
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Marcio Barbosa [Mon, 31 Jul 2017 19:27:10 +0000]
ubik: remove useless signal call
The current version does not have a corresponding LWP_WaitProcess call
for the beacon_globals.ubik_amSyncSite global. As a result, the
LWP_NoYieldSignal(&beacon_globals.ubik_amSyncSite) signal call can be
safely removed.
Change-Id: I72c4ccfe8e68551673dc728dd699ba8c561d76d1
Reviewed-on: https://gerrit.openafs.org/12673
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Michael Meffie [Wed, 2 Aug 2017 19:25:45 +0000]
doc: add a document to describe rx debug packets
This document gives a basic description of Rx debug packets, the
protocol to exchange debug packets, and the version history.
Change-Id: Ic040d336c1e463f7da145f1a292c20c5d5f215df
Reviewed-on: https://gerrit.openafs.org/12677
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Wed, 2 Aug 2017 00:36:18 +0000]
doc: add kolya's rx-spec to doc/txt
Add rx protocol spec and rx debug spec written by Nickolia Zeldovich.
Rx protocol specification draft (2002)
Nickolai Zeldovich, kolya@MIT.EDU
Change-Id: I65a9a83a8889503f3a82c8fde7a87f84d2736c8d
Reviewed-on: https://gerrit.openafs.org/12676
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Wed, 2 Aug 2017 00:10:32 +0000]
doc: relocate notes from arch to txt
The doc/txt directory has become the de facto home for text-based
technical notes. Relocate the contents of the doc/arch directory to
doc/txt. Relocate doc/examples to doc/txt/examples.
Update the doc/README file to be more current and remove old work in
progress comments.
Change-Id: Iaa53e77eb1f7019d22af8380fa147305ac79d055
Reviewed-on: https://gerrit.openafs.org/12675
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Wed, 2 Aug 2017 01:50:37 +0000]
Add NEWS entry for recent ubik changes
Of the ubik-fix-write-after-recovery topic, this seems like the most
noteworthy portion, with the other bits wrapped up in the preface.
Change-Id: Icc1afb9f851ef2d7ade49c2382cc023997f1bf26
Reviewed-on: https://gerrit.openafs.org/12679
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Fri, 21 Jul 2017 03:02:15 +0000]
ubik: update epoch as soon as sync-site is elected
The ubik_epochTime represents the time at which the coordinator first
received its coordinator mandate. However, this global is currently not
updated at the moment when a new sync-site is elected. Instead,
ubik_epochTime is only updated at the very end of the first write
transaction, when a new database label is written (in udisk_commit).
This causes at least 2 different issues:
For one, this means that we change ubik_epochTime while a remote
transaction is in progress. If VOTE_Beacon is called after
ubik_epochTime is updated, but before the remote transaction ends, the
remote sites will detect that the transaction id in ubik_currentTrans is
wrong (via urecovery_CheckTid(), since the epoch doesn't match), and
they will abort the transaction. This means the transaction will fail,
and it may cause a loss of quorum until another election is completed.
Another issue is that ubik_epochTime can be 0 at the beginning of a
write transaction, if this is the first election that this site has won.
Since ubik_epochTime is used to construct transaction ids, this means
that we can have different transactions that originate from different
sites at different times, but they have the same epoch in their tid.
For example, say a write transaction starts with epoch 0, but the
originating site is killed/interrupted before finishing. That write
transaction will linger on remote sites in ubik_currentTrans with an
epoch of 0 (since the originating site will never call
DISK_ReleaseLocks, or DISK_Abort, etc). Normally the sync site will kill
such a lingering transaction via urecovery_CheckTid, but since the epoch
is 0, and the election winner's epoch is also 0, the transaction looks
valid and may never be killed. If that transaction is holding a lock on
the database, this means that the database will forever remain locked,
effectively preventing any access to the db on that site.
To fix both of these issues, update ubik_epochTime with the current
time as soon as we win the election. This ensures that the epoch is not
updated in the middle of a transaction, and it ensures that all
transactions are created with a unique epoch: the epoch of the election
that we won.
Note that with this commit, we do not ever set ubik_epochTime to the
magic value of '2' during database init. The special '2' epoch only
needs to be set in the database itself, and it is never an actual epoch
that represents a real quorum that went through the election process.
The database will be labelled with a 'real' epoch after the first write,
like normal.
[kaduk@mit.edu: comment the locking strategy in ubeacon_Interact()]
Change-Id: I6cdcf5a73c1ea564622bfc8ab7024d9901af4bc8
Reviewed-on: https://gerrit.openafs.org/12609
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Joe Gorse [Thu, 6 Jul 2017 19:47:24 +0000]
LINUX: afs_create infinite fetchStatus loop
For a file in a directory with the CStatd bit cleared, we can get
an infinite fetchStatus loop.
In afs_create(), afs_getDCache() may return NULL due to an error.
If unchecked it will loop which may produce multiple fetchStatus()
calls to the fileserver.
Credit: Yadav Yadavendra for identifying and analysing this issue.
Change-Id: Iecd77d49a5f3e8bb629396c57246736b39aa935f
Reviewed-on: https://gerrit.openafs.org/12651
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Benjamin Kaduk [Thu, 3 Aug 2017 00:31:17 +0000]
Update NEWS for volume stats default change
Change-Id: I1a184bf638609866f6f7f1d11c224dfee1113eef
Reviewed-on: https://gerrit.openafs.org/12678
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Tue, 1 Aug 2017 21:21:13 +0000]
volser: preserve volume stats by default
Commit
dfceff1d3a66e76246537738720f411330808d64 added the
-preserve-vol-stats flag to the volume server. This enabled a change in
the volume server to preserve volume usage statistics during reclone and
restore operations. Otherwise, volume usage counters of read-only
volumes are cleared when volumes are released, making it difficult to
track usage with the volume stats.
Make this feature the default behavior of the volume server and provide
the option -clear-vol-stats to use the old behavior if so desired. This
change makes the -preserve-vol-stats the default, and keeps it as a
hidden flag for sites which may already have that flag set in the
BosConfig.
Since this changes a default behavior of the volume server, this change
is only appropriate on a major or minor release boundary, not in the
middle of a stable series.
Change-Id: I3706ede64b7b18a80b39ebd55f2e1824bb7dbc57
Reviewed-on: https://gerrit.openafs.org/12674
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Mon, 22 May 2017 16:55:32 +0000]
ubik: avoid early DISK_Begin calls we know will fail
Currently, we can start a write transaction on a site immediately after
it is elected as the sync site. However, after commit
d47beca1,
SDISK_Begin on remote sites will fail right after an election occurs
(since lastYesState is not set, and so urecovery_AllBetter will fail).
And after commit
fac0b742, this error is always noticed and propagated
back to the application.
As a result, when we try to write immediately after a sync site is
elected, the transaction will fail with UNOQUORUM, the remote sites will
be marked as down, and we may lose quorum and require another election
to be performed. This can easily happen repeatedly for a site that
frequently tries to make changes to a ubik database.
To avoid marking other sites down and going through another election
process, do not allow write transactions until we know that lastYesState
is set on the remote sites. We do this by waiting until the next wave of
beacons are sent, which tell the remote sites that we are the sync site.
In other words, only allow write transactions after the sync site knows
that the remote sites also know that the sync site has been elected.
With this commit, a write transaction immediately after an election
will still fail with UNOQUORUM, but we avoid triggering an error on the
remote sites, and avoid losing quorum in this situation.
Change-Id: I9e1a76b4022e6d734af1165d94c12e90af04974d
Reviewed-on: https://gerrit.openafs.org/12592
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Marcio Barbosa [Wed, 21 Jun 2017 20:42:37 +0000]
ubik: allow remote dbase relabel if up to date
When a site is elected the sync-site, its database is not immediately
relabeled. The database in question will be relabeled at the end of the
first write transaction (in udisk_commit). To do so, the dbase->version
is updated on the sync-site first (1) and then the versions of the
remote sites are updated through SDISK_SetVersion() (2).
In order to make sure that the remote site holds the same database as
the sync-site, the SDISK_SetVersion() function checks if the current
version held by the remote site (ubik_dbVersion) is equal to the
original version stored by the sync-site (oldversionp). If
ubik_dbVersion is not equal to oldversionp, SDISK_SetVersion() will
fail with USYNC.
However, ubik_dbVersion can be updated by the vote thread at any time.
That is, if the sync site calls VOTE_Beacon() on the remote site between
events (1) and (2), the remote site will set ubik_dbVersion to the new
version, while ubik_dbase->version is still set to the old version. As
a result, ubik_dbVersion will not be equal to oldversionp and
SDISK_SetVersion() will fail with USYNC. This failure may cause a loss
of quorum until another election is completed.
To fix this problem, let SDISK_SetVersion() relabel the database when
ubik_dbase->version is equal to oldversionp. In order to try to only
affect the scenario described above, also check if ubik_dbVersion is
equal to newversionp.
Change-Id: I97e6f8cacd1c9bca0b4c72374c058c5fe5b638b3
Reviewed-on: https://gerrit.openafs.org/12613
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Joe Gorse [Wed, 10 May 2017 15:38:25 +0000]
afs: fix repeated BulkStatus calls for directories.
There is a filetype comparison check in afs_DoBulkStat just after
BulkFetch RPC. This check will fail for directories even though
bulkStatus was done for directories.
This code is apparently necessary for Darwin, but it causes this problem
otherwise. Thus it is removed from the rest of the builds using the
AFS_DARWIN_ENV preprocessor variable.
Credit: Yadav Yadavendra for identifying and analysing this issue.
Change-Id: I9645f0e7a3327cb5f20cdf3ba2bf1cc5b1509bb5
Reviewed-on: https://gerrit.openafs.org/12610
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Michael Meffie [Thu, 20 Jul 2017 04:12:05 +0000]
relocate old afs docs to doc/txt
Move the afs/DOC files to the top-leve doc/txt directory, since this has
become the home for developer oriented documentation.
Change-Id: I128d338c69534b4ee6043105a7cfd390b280afe3
Reviewed-on: https://gerrit.openafs.org/12662
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Thu, 20 Jul 2017 03:48:42 +0000]
Incorporate old release notes into NEWS
Cleanup the doc/txt directory by incorporating the old release
notes into the NEWS file.
Change-Id: I63911fc5cb0b476e201148c6d3fa3441f4746ab7
Reviewed-on: https://gerrit.openafs.org/12661
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Thu, 20 Jul 2017 02:39:51 +0000]
Update NEWS for 1.8.0pre2
Change-Id: I5f83e81f25177bde1ea691e756359563e80ee3f2
Reviewed-on: https://gerrit.openafs.org/12660
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Thu, 20 Jul 2017 03:09:01 +0000]
Import NEWS from openafs-stable-1_6_x
Import change descriptions for 1.6.20.1, 1.6.20.2, 1.6.21.
Change-Id: Ib4f06c7046eb6e1bb0a1ccfb9f6c45191154fe0e
Reviewed-on: https://gerrit.openafs.org/12659
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Stephan Wiesand [Wed, 26 Jul 2017 13:18:08 +0000]
Linux: fix whitespace in osi_sysctl.c
Remove dozens of trailing spaces and make consistent use of tabs
for indentation throughout the file.
Change-Id: Ibbd17d2b9828590ffd84b76aac70646e9fe9cb2c
Reviewed-on: https://gerrit.openafs.org/12665
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Andrew Deason [Thu, 15 Jun 2017 20:32:41 +0000]
LINUX: Workaround d_splice_alias/d_lookup race
Before Linux kernel commit
4919c5e45a91b5db5a41695fe0357fbdff0d5767,
d_splice_alias in some cases can d_rehash the given dentry without
attaching it to the given inode, right before the dentry is unhashed
again. This means that for a few moments, that negative dentry is
visible to __d_lookup, and thus is visible to path lookup and can be
given to afs_linux_dentry_revalidate.
Currently, afs_linux_dentry_revalidate will say that the dentry is
valid, because d_time and other fields are set; it's just not attached
to an inode. This causes an ENOENT error on lookup, even though the
file is there (and no OpenAFS code said otherwise).
Normally this race is rare, but it can be frequently exercised if
we access the same directory via different names at the same time.
This can happen with multiple mountpoints to the same volume, or by
accessing an @sys directory via its abbreviated and expanded forms.
To get around this, make afs_linux_dentry_revalidate check negative
'dentry's to see if they are unhashed. We also lock the parent inode,
in order to guarantee that a problematic d_splice_alias call isn't
running at the same time (and thus, we know the dentry will not be
unhashed immediately afterwards). This slows down
afs_linux_dentry_revalidate for valid negative 'dentry's a little, but
it allows us to use negative dentry's at all.
Linux kernel commit
4919c5e45a91b5db5a41695fe0357fbdff0d5767 fixes
this issue, which was included in 2.6.34, so don't do this workaround
for 2.6.34 and on.
Change-Id: I8e58ebed4441151832054b1ef3f1aa5af1c4a9b5
Reviewed-on: https://gerrit.openafs.org/12638
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Stephan Wiesand [Mon, 24 Jul 2017 09:37:54 +0000]
Linux 4.13: use designated initializers where required
struct path is declared with the "designated_init" attribute,
and module builds now use -Werror=designated-init. Cope.
And as pointed out by Michael Meffie, struct ctl_table has
the same requirement now, so use a designated initializer
for the final element of the sysctl table too.
Change-Id: I0ec45aac961dcefa0856a15ee218085626a357c7
Reviewed-on: https://gerrit.openafs.org/12663
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Fri, 7 Jul 2017 15:11:12 +0000]
afs: fix afs_xserver deadlock in afsdb refresh
When setting up a new volume, the cache manager calls afs_GetServer() to
setup the server object for each fileserver associated with the volume.
The afs_GetServer() function locks afs_xserver and then, among other
things, calls afs_GetCell() to lookup the cell info by cell number.
When the cache manager is running in afsdb mode, afs_GetCell() will
attempt to refresh the cell info if the time-to-live has been exceeded
since the last call to afs_GetCell(). During this refresh the AFSDB
calls afs_GetServer() to update the vlserver information. The afsdb
handler thread and the thread processing the volume setup become
deadlocked since the afs_xserver lock is already held at this point.
This bug will manifest when the DNS SRV record TTL is smaller than the
time the fileservers respond to the GetCapabilities RPC within
afs_GetServer() and there are multiple read-only servers for a volume.
Avoid the deadlock by using the afs_GetCellStale() variant within
afs_GetServer(). This variant returns the memory resident cell info
without the afsdb upcall and the subsequent afs_GetServer() call.
Change-Id: Iad57870f84c5e542a5ee20f00ea03b3fc87683a1
Reviewed-on: https://gerrit.openafs.org/12652
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Tue, 11 Jul 2017 12:51:08 +0000]
afs: restore force_if_down check when getting connections
Commit
cb9e029255420608308127b0609179a46d9983ad removed the
force_if_down check in afs_ConnBySA, which effictively turned on
force_if_down flag for every call to afs_ConnBySA. This caused
afs_ConnBySA to always return connections, even for server addresses
marked down and force_if_down set to 0.
One serious consequence of this bug is the cache manager will retry the
preferred vlserver indefinitely when it is unreachable. This is because
the loop in afs_ConnMHosts always tries hosts in preferred order and
expects afs_ConnBySA to return a NULL if the server address has no
connections because it is marked down.
Restore the check for server addresses marked down to honor the
force_if_down flag again so we do not get connections for down servers
unless requested.
Change-Id: Ia117354929a62b0cedc218040649e9e0b8d8ed23
Reviewed-on: https://gerrit.openafs.org/12653
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Michael Meffie [Mon, 10 Apr 2017 18:23:12 +0000]
redhat: fix rpmbuild command line option defaults
Fix the handling of default values for the various rpmbuild options
which can be given. These have been broken as code was shuffled around
over the years.
Remove obsolete comments about detecting what to build based on the
architecture.
Provide the '--without authlibs' option to disable the openafs-authlibs
package.
Change-Id: I6c8db1f3163ee241f9a4d1282345a0ddeabd284c
Reviewed-on: https://gerrit.openafs.org/12596
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
git://git.openafs.org / openafs.git / log