git.openafs.org Git - openafs.git/commit

author	Mark Vitale <mvitale@sinenomine.net>
	Mon, 7 Nov 2016 19:16:50 +0000 (14:16 -0500)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Wed, 30 Nov 2016 17:21:39 +0000 (12:21 -0500)
commit	f591f6fae3d8b8d44140ca64e53bad840aeeeba0
tree	a4f17351dc10f7e3b35ac1edc1b98a731ae2634b	tree \| snapshot
parent	a26c5054ee501ec65db3104f6a6a0fef634d9ea7	commit \| diff

dir: do not leak contents of deleted directory entries

Deleting an AFS directory entry (afs_dir_Delete) merely removes the
entry logically by updating the allocation map and hash table.  However,
the entry itself remains on disk - that is, both the cache manager's
cache partition and the fileserver's vice partitions.

This constitutes a leak of directory entry information, including the
object's name and MKfid (vnode and uniqueid).  This leaked information
is also visible on the wire during FetchData requests and volume
operations.

Modify afs_dir_Delete to clear the contents of deleted directory
entries.

Patchset notes:
This commit only prevents leaks for newly deleted entries.  Another
commit in this patchset prevents leaks of partial object names upon
reuse of pre-existing deleted entries.  A third commit in this
patchset prevents yet another kind of directory entry leak, when
internal buffers are reused to create or enlarge existing directories.
All three patches are required to prevent new leaks.  Two additional
salvager patches are also included to assist administrators in the
cleanup of pre-existing leaks.

[kaduk@mit.edu: style nit for sizeof() argument]

Change-Id: Iabaafeed09a2eb648107b7068eb3dbf767aa2fe9
Reviewed-on: https://gerrit.openafs.org/12460
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>