[OpenAFS-devel] OpenAFS Release Team weekly meeting
OpenAFS Release Team weekly meeting Date: November 16, 2023 Participants: - Stephan Wiesand, OpenAFS Release Manager - Ben Kaduk - Cheyenne Wills - Mark Vitale The OpenAFS Release Team meetings are held each Thursday at 12:00pm Eastern, 9:00am Pacific on Libera.Chat IRC channel #openafs-releaseteam. There will no meeting on Thursday November 23 in observance of the U.S. Thanksgiving holiday. Release team working status is maintained at: https://wiki.openafs.org/devel/Whiteboard/ Stable (1.8.x) == Final additions to 1.8.11 are under review: 15527 Make OpenAFS 1.8.11pre1 15551 Update NEWS for 1.8.11 pre-release 15596 Linux: Fix to use time_t instead of time64_t 15598 dir: Allow 256-byte directory entry names in salvager 15599 dir: Introduce struct DirEntryFlex 15600 Linux 6.7: convert to inode a/mtime accessor funcs Development (1.9.x/master) == Cheyenne continues to monitor linux-next changes. So far OpenAFS 1.8.x require only 15600 (mentioned above) to build on the current Linux 6.7 release candidate. The connleaks topic has been prioritized for review for master: 14851 rx: prevent leak of cache manager NAT ping rx_connections 15135 rx: Reap client conns in rxi_ReapConnetions 15349 rx: Avoid unnecessary locking in rxi_ReapConnections Recent Changes == Merged onto 'openafs-stable-1_8_x' branch since 2023-10-23: 15589 Linux 6.6: convert to ctime accessor functions Updated for 'openafs-stable-1_8_x' branch since 2023-10-23: 15600 Linux 6.7: convert to inode a/mtime accessor funcs 15596 Linux: Fix to use time_t instead of time64_t 15599 dir: Introduce struct DirEntryFlex 15598 dir: Allow 256-byte directory entry names in salvager 15551 Update NEWS for 1.8.11 pre-release Merged onto 'master' branch since 2023-10-23: 15591 macos: Add support for MacOS 14.X (Sonoma) 15597 Linux 6.7: convert to inode a/mtime accessor funcs 15573 dir: Introduce struct DirEntryFlex 15574 dir: Allow 256-byte directory entry names in salvager 15595 Linux: Fix to use time_t instead of time64_t Updated for 'master' branch since 2023-10-23: 15135 rx: Reap client conns in rxi_ReapConnections 15349 rx: Avoid unnecessary locking in rxi_ReapConnections 14951 rx: prevent leak of cache manager NAT ping rx_connections 15429 macOS: Remove duplicated signing files from PKGROOT 15452 macos: Update SDK for Ventura 13 15158 rx: Use atomics for rx_securityClass refcounts 14621 rx: Define symbolic names for Rx magic numbers 14607 ubik: remove superfluous checks of rx_NewConnection return 15553 ubik: ensure correct election deadline 14608 ubik: ensure correct election timeout for vlserver 15594 dir: Eliminate dtest false negative failures 15592 budb: Remove superfluous rx_SetRxDeadTime 15593 README 15563 rxkad: rxkad_CheckResponse correct handling of krb5 localauth tokens ___ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
Re: [OpenAFS-devel] Kernel BUG on Linux 6.5.3
Hi Michael, Just a quick note to let you know that we were able to duplicate this. The root cause is an interaction between Linux 6.5 CONFIG_FORTIFY_SOURCE=y string helpers and a recent change in OpenAFS 1.8.10 to use strlcpy, which is now fortified in your kernel. OpenAFS has always managed the name string for directory entries in a very quirky but ultimately memory-safe way. However, due to the new interaction described above, Fortify now sees any directory entry name longer that 16 chars as a buffer overrun. In your case, this is triggered during cache manager initialization by the first cell in CellServDB with a cell name longer than 16 characters. I have fixed the specific kernel BUG you reported, and was able to bring up a working cell. However, there are several additional paths where similar issues in "long" directory entry names are still present. Therefore, I'm still working on finding and fixing those. I'll let you know when I think I've fixed them all and have something in gerrit for you to try. Regards, -- Mark Vitale OpenAFS Release Team > On Sep 14, 2023, at 4:19 PM, Michael Laß wrote: > > Hi Mark, > > Am Donnerstag, dem 14.09.2023 um 16:06 -0400 schrieb MS Vitale: >> >> I didn't look closely, but I doubt you are missing anything. >> Instead, this might be an edge case provoked by site-specific >> contents of dynroot. >> Could you please supply a list of all your cell names from CellServDB >> and any aliases from CellAlias? > > My CellServDB is the one currently shipped in src/afsd [1], extended by > the following entry: > >> fritz.box #Test cell > 192.168.178.230 #afs.fritz.box > > But since two other users reported the issue today, I don't think it's > related to that additional entry. > > I don't have any CellAlias file set up. > > Best regards, > Michael > > [1] > https://github.com/openafs/openafs/blob/538f450033a67e251b473ff92238b3124b85fc72/src/afsd/CellServDB ___ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
Re: [OpenAFS-devel] Kernel BUG on Linux 6.5.3
Michael, > On Sep 14, 2023, at 4:19 PM, Michael Laß wrote: > > Hi Mark, > > Am Donnerstag, dem 14.09.2023 um 16:06 -0400 schrieb MS Vitale: >> >> I didn't look closely, but I doubt you are missing anything. >> Instead, this might be an edge case provoked by site-specific >> contents of dynroot. >> Could you please supply a list of all your cell names from CellServDB >> and any aliases from CellAlias? > > My CellServDB is the one currently shipped in src/afsd [1], extended by > the following entry: > >> fritz.box #Test cell > 192.168.178.230 #afs.fritz.box > > But since two other users reported the issue today, I don't think it's > related to that additional entry. > > I don't have any CellAlias file set up. Okay, thanks. I have not reproduced this yet, but I'm pretty confident about the root cause. I'm working on a fix. Regards, -- Mark ___ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
Re: [OpenAFS-devel] Kernel BUG on Linux 6.5.3
Michael, Thank you for the report. I have not seen this before. > On Sep 14, 2023, at 2:55 PM, Michael Laß wrote: > > on Arch Linux we are observing a kernel BUG with Linux 6.5.3 and a > patched OpenAFS 1.8.10. Patched means that it contains the following > changes on top of the 1.8.10 release: > > fea2bd506 linux: Replace fop iterate with fop iterate_shared > 01d7316f6 hcrypto: rename abort to _afscrypto_abort > aef0016df Linux 6.5: Use register_sysctl() > 48e0bd7d9 LINUX: Make sysctl definitions more concise > 04083bc9a Linux 6.5: Replace generic_file_splice_read > > Here's an excerpt of the error: > > Sep 13 19:57:54.727778 pcitds29 kernel: detected buffer overflow in > strlcpy > Sep 13 19:57:54.728304 pcitds29 kernel: [ cut here ]--- > - > Sep 13 19:57:54.740823 pcitds29 kernel: kernel BUG at > lib/string_helpers.c:1031! > Sep 13 19:57:54.740881 pcitds29 kernel: invalid opcode: [#1] > PREEMPT SMP NOPTI > [...] > Sep 13 19:57:54.741049 pcitds29 kernel: Call Trace: > Sep 13 19:57:54.741056 pcitds29 kernel: > Sep 13 19:57:54.741062 pcitds29 kernel: ? die+0x128/0x130 > Sep 13 19:57:54.741069 pcitds29 kernel: ? do_trap+0xc9/0x170 > Sep 13 19:57:54.741074 pcitds29 kernel: ? fortify_panic+0x13/0x20 > Sep 13 19:57:54.741080 pcitds29 kernel: ? fortify_panic+0x13/0x20 > Sep 13 19:57:54.741087 pcitds29 kernel: ? exc_invalid_op+0x92/0xc0 > Sep 13 19:57:54.741093 pcitds29 kernel: ? fortify_panic+0x13/0x20 > Sep 13 19:57:54.741099 pcitds29 kernel: ? asm_exc_invalid_op+0x1a/0x20 > Sep 13 19:57:54.741164 pcitds29 kernel: ? fortify_panic+0x13/0x20 > Sep 13 19:57:54.741172 pcitds29 kernel: ? fortify_panic+0x13/0x20 > Sep 13 19:57:54.741179 pcitds29 kernel: > afs_dynroot_addDirEnt+0x1ef/0x210 [openafs > 3f311692cd9b17721fc863c5e870abbfd609f083] > Sep 13 19:57:54.741185 pcitds29 kernel: afs_GetDynroot+0x8dd/0xc50 > [openafs 3f311692cd9b17721fc863c5e870abbfd609f083] > Sep 13 19:57:54.741192 pcitds29 kernel: > afs_DynrootNewVnode+0x369/0x960 [openafs > 3f311692cd9b17721fc863c5e870abbfd609f083] > Sep 13 19:57:54.741199 pcitds29 kernel: afs_GetVCache+0x234/0x540 > [openafs 3f311692cd9b17721fc863c5e870abbfd609f083] > Sep 13 19:57:54.741205 pcitds29 kernel: afs_fill_super+0x2b0/0x3d0 > [openafs 3f311692cd9b17721fc863c5e870abbfd609f083] > Sep 13 19:57:54.741210 pcitds29 kernel: ? > __pfx_afs_fill_super+0x10/0x10 [openafs > 3f311692cd9b17721fc863c5e870abbfd609f083] > Sep 13 19:57:54.741215 pcitds29 kernel: mount_nodev+0x1a0/0x250 > Sep 13 19:57:54.741223 pcitds29 kernel: legacy_get_tree+0x28/0x50 > Sep 13 19:57:54.741229 pcitds29 kernel: vfs_get_tree+0x26/0xd0 > Sep 13 19:57:54.741236 pcitds29 kernel: path_mount+0x4bb/0xb70 > Sep 13 19:57:54.741240 pcitds29 kernel: __x64_sys_mount+0x11a/0x150 > Sep 13 19:57:54.741245 pcitds29 kernel: do_syscall_64+0x5d/0x90 > Sep 13 19:57:54.741252 pcitds29 kernel: ? > do_user_addr_fault+0x2cd/0x9e0 > Sep 13 19:57:54.741259 pcitds29 kernel: ? exc_page_fault+0x7f/0x180 > Sep 13 19:57:54.741264 pcitds29 kernel: > entry_SYSCALL_64_after_hwframe+0x6e/0xd8 > > The full error can be seen in this post: > https://aur.archlinux.org/packages/openafs#comment-933721 > > It might be that dirSize is not computed correctly in > afs_RebuildDynroot. Although this function is not shown in the trace, I > think it is the only way to go from afs_GetDynroot to > afs_dynroot_addDirEnt. I agree that this is probably the failure path. > The strlcpy in afs_dynroot_addDirEnt was introduced in 14938 (15243 on > 1.8.x) but it could very well be that this now only shows an error that > was there before. > > Or did I maybe miss an important patch for 1.8.10 on Linux 6.5? I didn't look closely, but I doubt you are missing anything. Instead, this might be an edge case provoked by site-specific contents of dynroot. Could you please supply a list of all your cell names from CellServDB and any aliases from CellAlias? Thanks, -- Mark Vitale OpenAFS Release Team ___ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
[OpenAFS-devel] OpenAFS Release Team weekly meeting
OpenAFS Release Team weekly meeting Date: August 03, 2023 Participants: - Stephan Wiesand, OpenAFS Release Manager - Ben Kaduk - Cheyenne Wills - Mark Vitale The OpenAFS Release Team meetings are held each Thursday at 12:00pm Eastern, 9:00am Pacific, on IRC channel #openafs-releaseteam of Libera.Chat. Release team working status is maintained at: https://wiki.openafs.org/devel/Whiteboard/ Stable (1.8.x) == * Reviews are in progress for candidates for 1.8.11-pre1. * Mike Meffie is reviewing master for additional 1.8.11 pullup candidates. * Ben is looking into refreshing the OpenAFS Ubuntu PPA to deal with kernel level changes in Ubuntu 22.04 Development (1.9.x/master) == * OpenAFS + current Linux 6.5 patches are still building clean on the latest Linux 6.5 release candidates. Recent Changes == Updated for 'openafs-stable-1_8_x' branch since 2023-07-27: 15517 vol: Don't leak volume bitmaps 15527 Make OpenAFS 1.8.11pre1 15518 cf: Undef _FORTIFY_SOURCE for use-after-free check 15513 makesrpm: Support custom version strings 15523 hcrypto: rename abort to _afscrypto_abort 15520 Linux 6.5: Replace generic_file_splice_read 15514 build: Add rpm target 15512 bozo: Do not create client directory and symlinks 15511 Add command fallback to server config 15508 gcc: Avoid false positive use-after-free in crypto 15507 cf: Fix cast-function-type err w/disable-checking 15509 viced: Verify primary host address 15506 afs: Check UHasTokens in afs_GCUserData 15510 pts: Use cmd_AddParmAtOffset for common parms 15515 LINUX: Make 'fs flush*' invalidate dentry 15521 LINUX: Make sysctl definitions more concise 15519 UKERNEL: Build linktest with COMMON_CFLAGS 15522 Linux 6.5: Use register_sysctl() 15516 rxkad: Free memory used to check rxkad response Updated for 'master' branch since 2023-07-27: 15524 rx: Check for callNumber before NULL server call 15327 vol: Re-evaluate conditons for cond vars 15526 util: Avoid bad ascii[1] in volutil_GetPartitionID 15525 Check length before .readonly/.backup suffix 15460 audit: Call osi_audit_check at initialization ___ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
[OpenAFS-devel] OpenAFS Release Team weekly meeting
OpenAFS Release Team weekly meeting Date: July 27, 2023 Participants: - Stephan Wiesand, OpenAFS Release Manager - Ben Kaduk - Michael Meffie - Mark Vitale The OpenAFS Release Team meetings are held each Thursday at 12:00pm Eastern, 9:00am Pacific, on IRC channel #openafs-releaseteam of Libera.Chat. Release team working status is maintained at: https://wiki.openafs.org/devel/Whiteboard/ Stable (1.8.x) == * OpenAFS 1.8.10 was released on July 23, 2023. * A number of master fixes were pulled up to the 1.8.x branch for review (see list below). These are all targeted for 1.8.11-pre1, tentatively scheduled for next week. Development (1.9.x/master) == * rx_securityClass threadsafe fixes (15155 -or- 15158) are targeted for master review with the goal of pulling them up for a future 1.8.x release. * Audit facility refactoring and fixes (15415, 15460) are also under active review. Recent Changes == Merged onto 'openafs-stable-1_8_x' branch since 2023-06-29: 15240 afs: Replace strcpy &co by safer alternatives 15490 Make OpenAFS 1.8.10 Updated for 'openafs-stable-1_8_x' branch since 2023-06-29: 15518 cf: Undef _FORTIFY_SOURCE for use-after-free check 15513 makesrpm: Support custom version strings 15523 hcrypto: rename abort to _afscrypto_abort 15520 Linux 6.5: Replace generic_file_splice_read 15514 build: Add rpm target 15512 bozo: Do not create client directory and symlinks 15511 Add command fallback to server config 15508 gcc: Avoid false positive use-after-free in crypto 15507 cf: Fix cast-function-type err w/disable-checking 15509 viced: Verify primary host address 15506 afs: Check UHasTokens in afs_GCUserData 15510 pts: Use cmd_AddParmAtOffset for common parms 15515 LINUX: Make 'fs flush*' invalidate dentry 15521 LINUX: Make sysctl definitions more concise 15519 UKERNEL: Build linktest with COMMON_CFLAGS 15522 Linux 6.5: Use register_sysctl() 15517 vol: Don't leak volume bitmaps 15516 rxkad: Free memory used to check rxkad response Merged onto 'master' branch since 2023-06-29: 15501 hcrypto: rename abort to _afscrypto_abort 15500 Linux 6.5: Use register_sysctl() 15414 audit: Update comments 15499 cf: Undef _FORTIFY_SOURCE for use-after-free check 15486 Linux 6.5: Replace generic_file_splice_read 15363 doc: Fix the AFS::ukernel man page title 15471 gcc: Avoid false positive use-after-free in crypto 14743 afs: Replace strcpy &co by safer alternatives 15098 backup: Make backup tests build again 15343 xdr: Avoid xdr_string maxsize check when freeing 15428 vol: Don't leak volume bitmaps 15417 cf: Fix cast-function-type err w/disable-checking Updated for 'master' branch since 2023-06-29: 15460 audit: Call osi_audit_check at initialization 15459 audit: Refactor osi_audit_check 15399 doc: Move man page generation from regen.sh to make-release 15484 bozo: Refuse SBOZO_GetDates if in restricted mode 15482 bozo: Return error on failure in SBOZO_GetDates 15365 doc: Build man pages when pod2man is found 15387 doc: Stage man pages before installing 15364 doc: Generate man pages in batches 15505 libadmin/adminutil: util_RXDebugVersion len 64 -> 1024 and trailing NUL 15503 rx: rx_receiveVersionPacket send full version C-string 15504 rxdebug: increase maximum version length from 64 to 1024 incl NUL 15502 rx: introduce and use rxi_populateDebugHeader 15480 auth: Remove src/auth/copyauth 15481 cf: Avoid nested C func in inode op create test 15438 tests: Avoid realpath(x, NULL) 15437 tests: Standardize src/tests includes 15341 tests: Remove snprintf.c from src/tests 15396 tests: Add COMMON_LIBS macro to src/tests/Makefile 15342 tests: Make src/tests buildable 15488 vlserver: Remove unused global variable xheader 15487 ubik: Remove vestigial register logic from BeginTrans() 11907 Introduce rxping and rxtraceroute 12744 Do not merge: Check buildbot verification 15498 Use xdrfree_type() instead of xdr_free(xdr_type) 15497 rxgen: Introduce xdrfree_type() 14849 afsweb: remove unsupported afsweb component 14839 JAVA: remove unsupported JAVA component 15492 Add function comment for afs_SetParent() 15394 macOS: Set parent of volume root vnodes correctly 15491 viced: avoid NULL dereference in GiveUpCallBacks 15489 WINNT: Use safer string functions in DumpAfsLog ___ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel