Windows: Pin the Cc FileObject during section create. This means that if we purge the data cache while the section is being created then the MJ_CLOSE will not happen until we unpin the FO. Thus we can drop any embarsssing locks prior to the close and meddling antivirus products can do odd stuff in the close path. Note that there may not be a file object, but in that case there will be no close on the purge since any CcInitialize operations will wait on us dropping the SOP lock exe - hence the SOP cannot be set up. Also note that this only applies to the data section, but we do not purge the image section. Change-Id: I63884888d98eb4eb03858ed962d74bd3b4702042 Reviewed-on: http://gerrit.openafs.org/10189 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows: IOCTL_AFS_SET_REPARSE_POLICY IOCTL_AFS_SET_REPARSE_POLICY is a new ioctl that can be executed by anyone to alter the behavior of AFS Symlink-to-File reparse point processing. Policy can be set for a global default or for the active authentication group. If the AFS_REPARSE_POINT_TO_FILE_AS_FILE policy is active, afs symlinks will not be reported as reparse points if the symlink target is known to be a file. This patchset implements the ioctl but not the "reparse point to file as file" functionality. Per authgroup policy setting is not permitted by the ioctl but is not supported at this time. This patchset was modified by Jeffrey Altman. Change-Id: I6fd8b3c7f94dd97e15d6b82642f43cb2d8193563 Reviewed-on: http://gerrit.openafs.org/9341 Tested-by: BuildBot <buildbot@rampaginggeek.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows: Replace AFSDbgMsgLog func with macro In order to reduce computation overhead when trace logging is not active replace the AFSDbgMsgLog function call with a macro, AFSDbgTrace. Change-Id: I7bccee0ddffcd8488f81fcebbb970aa15c8dc52e Reviewed-on: http://gerrit.openafs.org/9621 Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows: Move work item queues over to the Control Device Currently, when the library is unloaded it stops all worker threands and then evaporates the work item queues. Thus any work items which are pending will disappear. Whilst it is OK that the threads going away, any work items need to remain queued so that when the library is restarted the work can continue. This checkin does this by moving the work item queues and their synchronization primitives into the FS maintained Control Device Object Extension. The list of worker threads remains in the Library Device Object Extension. Change-Id: If5c7cd3bdfea1a368c8df69649e627bac3a9585f Reviewed-on: http://gerrit.openafs.org/9139 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows: Add Cell name to AFSProcessRequest parameters Knowing the cell name for the request can be useful to the file system driver which otherwise does not have access to a conversion from FileID.CellID to Cell name. Change-Id: Ia10bae0d9c8bc7824a400ff30268d7ac0b9b2935 Reviewed-on: http://gerrit.openafs.org/9107 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows: Fcb sectionObjectResource Add a SectionObjectResource to the AFS_FCB structure. This lock replaces the Fcb.Resource in protecting the SectionObjectPointers. The new resource is being added to assist in avoiding deadlocks caused by Trend Micro and perhaps other AV products when CcPurgeCacheSection() is called while holding the Fcb.Resource which is required in AFSProcessOpen(). Change-Id: I738c175512e97e1ec153be52ab874f16389d4c95 Reviewed-on: http://gerrit.openafs.org/8563 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows: Use MountRoot for Absolute Symlinks Replace the absolute symlink processing in AFSLocateName(). Implement AFSIsAbsoluteAFSName() to test whether or not the path is in fact an absolute /afs path by comparing the input string to the registry MountRoot value which specifies the case sensitive root path for all absolute symlinks stored in the AFS cell. If a symlink target path begins with a directory separator and is not an absolute afs path name, return an error. Construct the substitution string using the target path without the MountRoot prefix. Add functionality to AFSRedir.sys to read the MountRoot from the registry and pass it on to AFSRedirLib.sys. Change-Id: Ie1df24da1e6de257c73dc34c80a75288bad47d29 Reviewed-on: http://gerrit.openafs.org/8353 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows: Remove Fcb.Specific.File.LazyWriterThread The LazyWriterThread should not be recorded in the FCB. It is possible for multiple lazy writes to occur on a file in parallel in separate threads. The value is not used for anything in any case. AFSCommonWrite() tests the LazyWriterThread value but only if 'bMapped' is FALSE. Since 'bMapped' is always TRUE, the comparison is never performed. Remove the test and the value. Change-Id: Iddbb65d2125f39f0362aba72ae20ab2666944367 Reviewed-on: http://gerrit.openafs.org/8241 Tested-by: Rod Widdowson <rdw@steadingsoftware.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows: AFSExFreePool -> AFSExFreePoolWithTag Replace AFSExFreePool() with AFSExFreePoolWithTag() which is a wrapper around both ExFreePool() and ExFreePoolWithTag(). If a 'Tag' value, is provided, ExFreePoolWithTag() is used. Otherwise, ExFreePool(). Specify allocation tag values wherever possible. Path name buffer tags are not specified because they are allocated using multiple tags. The same is true for network provider string buffers. This is being done in order to debug a memory corruption issue. Warning: this is a change to the AFSRedir->AFSRedirLib interface and therefore both drivers must be updated with a reboot and not simply restarting the service. Change-Id: Id5c0503141d1077d6c2beae5d28602160105a312 Reviewed-on: http://gerrit.openafs.org/7807 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows: correct typos or mistaken comments Change-Id: Iae278c0121c1b4d3cc9aaab276fab798c1a8065b Reviewed-on: http://gerrit.openafs.org/7316 Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com> Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Windows: Wait for memory allocation if necessary The kernel has a limited pool of memory. If there is no memory available to satisfy a request, that request will fail initially with a STATUS_OUT_OF_RESOURCES error which in most cases is exposed to the user-mode application as STATUS_ACCESS_DENIED. This can produce inconsistent results. This patchset introduces an Event object, MemoryAvailableEvent, which is signalled when the redirector deallocates memory. This should in many cases permit requests to succeed where they otherwise would have failed immediately. The WaitingForMemoryCount field tracks the number of threads that are waiting for memory to become available. A subsequent patch could use this value to accelerate the tear down of cached data. To avoid deadlocks, blocking threads will only wait for a maximum of 30 seconds at a time. As long as the redirector continues to free memory, the thread can re-queue itself. However, if a timeout occurs, the allocation request will fail. Change-Id: I0aa549be3852b31b68d7b42ecab4ca982c75f6ba Reviewed-on: http://gerrit.openafs.org/6886 Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Windows: Redirector opens must set a valid FsContext A successful open must have FileObject->FsContext set to a structure with a valid/initialized FSRTL_ADVANCED_FCB_HEADER object. Not having this breaks assumptions in the kernel. Patchset edited by Jeffrey Altman <jaltman@your-file-system.com> Change-Id: I70c9045bfa02c54074c015e6e871ead63efb6769 Reviewed-on: http://gerrit.openafs.org/6782 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com> Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Windows: remove unnecessary DirectoryEnumEvent The DirectoryEnumEvent is not required to implement: AFSSetEnumerationEvent AFSClearEnumerationEvent AFSIsEnumerationInProgress The DirectoryEnumCount is modified by interlocked operations and can be used as a marker for when an enumeration is in progress. Change-Id: I414ce2bc753b0fd60a3fac51c2cf3d264a32ab05 Reviewed-on: http://gerrit.openafs.org/6725 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com> Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Windows: Use AuthGroups for extent request error reporting The afs redirector current tracks the most recent extent error in the File Control Block. Prior to this patchset the error was returned to the requesting thread when the process Id matched the most recent Process to issue a request. This approach resulted in a couple of problems. 1. There are multiple threads that can issue an extent request on the same file at the same time representing different processes. Resetting the process Id with each new request could clear the error prior to its receipt. 2. The failure may be due to inappropriate permissions. Permissions are not associated with proceses but with Authentication Groups. This patchset makes several changes: 1. It enables the afsd_service to track the active authgroup as part of the cm_user_t structure and associates that object with the BIOD object to ensure that the active authgroup can be reported to the afs redirector. 2. It modifies the AFSExtentFailureCB structure to include the AuthGroup GUID. 3. It tracks the AuthGroup GUID associated with the extent failure in the non-paged file control block. 4. It converts all tests on Process Id to use AuthGroup instead. 5. It alters the behavior of error delivery such that reported error is only cleared after it has been reported once to a thread using the matching AuthGroup. These changes make the situation better but not perfect as error states can still be lost. However, it avoids the case most often seen in production where two processes (a end user process and an anti-malware process) are fighting over a file and the anti-malware process has no permission to access the file under its own credentials. Change-Id: Ia5c3877b8d46de695c86884c4166dc812885a72c Reviewed-on: http://gerrit.openafs.org/6396 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com> Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Windows: Track AuthGroup in Context Control Block Tracking the AuthGroup in the File Control Block proved to be insufficient to ensure that dirty extents can be stored back to the file server when an anti-virus service opens a file in authgroup without 'write' permission immediate after the application performing a WriteFile() opens it. In this situation the Fcb ends up with the AuthGroup set to the anti-virus value and not the one that belongs to the writing application. Tracking the AuthGroup by Ccb provides the ability to select an AuthGroup from the list of open handles instead of tracking the most recent one. Change-Id: I851ea646feb531d7c765e1cf789a4ba541e4a150 Reviewed-on: http://gerrit.openafs.org/6333 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com> Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Windows: AFS Redirector Support Headers This patchset includes all of the common headers upon which all of the subsequent submissions depend. Co-authored by Jeffrey Altman <jaltman@your-file-system.com> Change-Id: I3b2ba6fe0a9a5231801db2cd1a340b9c518b9be4 Reviewed-on: http://gerrit.openafs.org/5431 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com> Tested-by: Rod Widdowson <rdw@steadingsoftware.com> Reviewed-by: Jeffrey Altman <jaltman@openafs.org> Tested-by: Jeffrey Altman <jaltman@openafs.org>