Age | Commit message (Collapse) | Author |
|
These changes are enough to justify a .1 upgrade.
|
|
Respect environment-set $(LDFLAGS).
Fix provided by kergoth, I'm just merging it.
|
|
Handle various ways that a dev/ino pair can cease to have files and thus
need to cease to have xattrs. Also handle weird stuff like moving a file
across filesystems when it was one of multiple links to an inode with
extended attributes.
|
|
extended attributes are a property of inodes, not paths. There can be
multiple file database entries for a single inode, so switch to using
inodes rather than paths.
Still to-do: Delete them when deleting the last file with a given device
and inode.
|
|
The variable name is required but wasn't being extracted from the client's
message, resulting in xattr removal never working. This does not fully
address some deeper problems with the xattr implementation, but at least
the common removal case works.
|
|
The pseudo server should probably always run with 022 umask so the
sockets, database files, and such get created with sane modes.
|
|
Since the pseudo socket is actually created by a call to bind, the
bind call could create a file, which means it needs to record a
database entry.
|
|
So we had this really strange problem where, sometimes but not always,
pseudo would have strange problems on startup, where the pseudo server
would end up running under pseudo. And this produced the most fascinating
thing, which was:
unsetenv("LD_PRELOAD");
assert(getenv("LD_PRELOAD") == NULL);
for (int i = 0; environ[i]; ++i) {
assert(strncmp(environ[i], "LD_PRELOAD=", 11));
}
(pseudocode untested)
This would crash on the environ search. Because getenv() was not searching
environ.
WHAT.
So it turns out, *bash overrides getenv, setenv, and so on*. Under those
names. Hiding the glibc ones. And this creates horrible problems if you
assumed that your code could call those functions and expect them to work.
So as a workaround, pseudo now uses dlsym to find getenv, etc., from
glibc, and invokes those directly if possible. Also the client now uses
unwrapped fork/exec for spawning the server, which cleans up the
behavior of that code quite a bit.
|
|
Improved/simplified logic for the client spawning servers, to make it
(I hope) easier to see what it's trying to do and when. Also clearer
diagnostics about what may have gone wrong, and I don't check the pid file
unless there's a problem.
|
|
Server process now waits for its forked child when daemonizing, allowing
us to yield meaningful exit status. Lock is now taken by the child, since
it has a way to tell the parent about the exit status. (We send SIGUSR1 to
the server to cause the wait loop to stop when the client is ready to go.)
This allows us to switch to fcntl locking, which should in theory allow us
to run with the pseudo directory NFS-mounted. Woot!
Also mark a couple of overly spammy messages as PDBGF_VERBOSE to reduce the
volume of uninteresting dup spam when looking at client behaviors.
Client now uses execve to spawn server to work around a very strange behavior
of unsetenv.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
This is the big overhaul to have the server provide meaningful exit status
to clients.
In the process, I discovered that the server was running with signals blocked
if launched by a client, which is not a good thing, and prevented this from
working as intended.
Still looking to see why more than one server spawn seems to happen.
|
|
Improve event logging a little bit more, increase default event log size,
reduce retries (we shouldn't need that many if nothing's wrong), and make
the server log timestamps during database cleanup, since I'm suspicious of
that as a possible source of delays. Also cause server to emit a useful exit
status if it can't get a lock, and client to check server exit status when
spawning server.
|
|
For debugging the client/server startup, add an event logger to allow
better recording of events that we may, or may not, want to dump out
listings of later.
|
|
For sound reasons, the server wants to be sure no client is on fd 2. However,
the client shouldn't force the pseudo log file to be fd 2; it should leave
stderr alone when a log file is specified.
|
|
Recent fixes mostly to do with race conditions on server respawn, also
some xattr tweaks.
|
|
First, if aborting, display message even when no debugging is set, because
that's probably a big deal.
Second, if you use "pseudo <cmd>", try to die with the same signal that killed
the child process, if it died from a signal rather than exiting cleanly. (You
can't just pass the exit status out in that case, because exit(N) doesn't work
for N outside the range of non-signal exit statuses.)
|
|
There's a possible race condition if multiple clients try to start while
the server's down, especially if it's shutting down and thus holding a lock
but ignoring them. Logic altered to retry more often, at greater intervals.
Also, we are fine with being unable to spawn the server, because that can
happen if another client spawned it successfully. So we just retry sending
the message in a bit if we couldn't spawn a server, or immediately if we
could. (Because "could" spawn a server includes successfully communicating
with the newly-spawned server; the server-side code makes sure that the
child process won't exit before we expect such attempts to work, even if
they take a while.)
|
|
Only cancel shutdown if a client showed up. Change timeout from 1 second to
3 seconds, so it gets at least one time through the loop.
|
|
The automatic shutdown immediately after running a command seems to
be causing more problems than it's worth, so now it requires an explicit
-S.
|
|
Race conditions exist when the server shutdown takes long enough for
three attempts to access the server to fail. Solution: Add a slight
delay to the retry. Delay is variable (using getpid()%5). (Not "random"
because I have no evidence that the process the client is running in
will have seeded RNG, and I don't want to seed it and possibly screw
them up).
|
|
Apparently some things rely on the assumption that listxattr returns
extended attributes in sorted orders.
|
|
If a SHUTDOWN message has caused us to set the "die_peacefully" flag,
but there are new clients waiting, cancel the shutdown.
|
|
In some cases, there can be a race with multiple clients trying to
start a server at once, and they should just retry their messages,
rather than aborting. I haven't been able to consistently reproduce
this, so it's not very well tested, but it seems reasonable.
|
|
mknod(2) automatically defaults to S_IFREG if not given an explicit
file type, so pseudo should too. Otherwise, GNU tar can (for some
reason, it mostly does this when extracting xattrs?) invoke mknod
instead of open with O_CREAT to create a file, and just provide the
permission bits, and pseudo creates a "weird file" with no type bits
in the database, which is unhelpful.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
The f{re,}open{64,} functions use a default mode of 0666 & ~umask,
and defaulting to 0600 for the post-open chmod was breaking some use
cases. Problem and solution identified by Ross Burton, I just made the
local copy of the patch.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
So fchmodat(..., AT_SYMLINK_NOFOLLOW) isn't valid, and could
result in mkdirat/mkfifoat setting errno on success, which is
mostly harmless except for one or two programs which consider
a non-zero errno to be proof of failure.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
mkdirat() was calling real_fchmodat with invalid arguments (it turns
out that AT_SYMLINK_NOFOLLOW is both irrelevant and forbidden by Linux),
and the wrapper function did not restore errno to its previous value.
This breaks localedef, because localedef is unconditionally storing
the value of errno after a mkdir *whether or not the mkdir failed*,
which is almost certainly wrong. Similar issue with mkfifoat.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
I never did this because how could you do it generically, then a
friend who is better at Python gave me an idea for a way to do it,
and now wrapper debugging prints return values, not just errno
values, in most-to-all cases.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
And another branch, for 1.7.2, because I think that'll be the last of it.
Hah.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
There's some changes to allow things to work even if umask is 0700;
originally this was just regarded as a broken state, but it became
necessary to fix it in order for the xattrdb code to work, only the
fix could result in files having a raw filesystem mode that lacked
execute bits it should have had.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Two little bug fixes.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
When I trimmed the spurious free()s for the new lower-allocation
path strategy, I forgot to look for cases where I was relying on
the allocation, such as realpath(path, NULL).
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
lstat can fail on XFS if the inode number won't fit in a 32-bit value.
Use base_lstat. Also, just in case, don't call it if it's not initialized
yet (which should never happen).
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Performance cleanups including the experimental xattrdb feature.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
gcc is better about warnings and spotted variables being assigned but
not used. Clever gcc. Cleaned up the old bits.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Add some debug messages useful for tracking down xattr behaviors.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
When xattr emulation is used to store extended attributes, dummy
entries get made in the db using whatever UID/GID were in the real
stat buffer if no entry already existed. Change these to -1, and
treat -1 uid/gid as a missing entry for stat purposes.
xattrdb was not merging existing uid/gid values. Change this by
loading existing values to merge them in when executing chown/chmod
commands.
Newly-created files could end up with a filesystem mode of 0 if
you used umask, but this breaks xattrdb.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
When setting an extended attribute using the database, we create a
dummy entry for the file (so there will be a file row corresponding
to that path name for later lookups). But this entry was coming in
with host UID/GID values in some cases. Instead, use -1 uid/gid,
and have STAT report those as failures rather than as existing
values. (Other cases should not be copying them. I think.)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Dropping the alloc from file paths meant that pseudo_exec_path
could end up just returning its original argument, which was
const-qualified, meaning its return should also be const-qualified.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
OP_OPEN and OP_EXEC are used only when logging. The server can now
tell the client (in response to initial ping) whether or not it is
logging, and if it isn't, the client doesn't send those messages.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
This is a moderately experimental feature which stores values in an
extended attribute called 'user.pseudo_data' instead of in the database.
Still missing: Database<->filesystem synchronization for this.
For at least some workloads, this can dramatically improve performance.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Instead of allocating (and then freeing) these paths all the time,
use a rotating selection of buffers of fixed but probably large enough
size (the same size that would have been the maximum anyway in
general). With the exception of fts_open, there's no likely way to
end up needing more than two or three such paths at a time. fts_open
dups the paths since it could have a large number and need them for
a while. This dramatically reduces (in principle) the amount of allocation
and especially reallocation going on.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
A partially-implemented profiler for client time, which basically just
inserts (optional) gettimeofday calls in various places and stashes data
in a flat file containing one data block per pid.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Worked for trivial cases, but spuriously closed fd 0 and had
other issues. Separated implementations out.
|
|
|
|
Some years back, there was a historical reason (lost to the mists of
time) for which we had problems if we allowed actual creation of fifos,
but so far as we know we don't expect any problems with them now,
and there's a bitbake change which would like to be able to use fifos
for logging, so let's try enabling them and see what happens.
|
|
In the case where an "oldpath" is actually the data for an xattr
operation, don't truncate it. Trailing slashes should only be removed
from things which are actually filenames.
|
|
There was supposed to be a check for filenames showing up
with a trailing slash when the file was not a directory. What
actually made it in was a check for a mismatch between "is
a directory" and "has trailing slash", which produced spurious
messages saying the path had a trailing slash whenever a
directory path did *not* have a trailing slash. But that's
valid and should not produce diagnostics. Let alone thousands
of diagnostics.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
|
|
The (cd $prefix; pwd) only works when the prefix already exists.
Check for prefix existing before doing that.
|