| Age | Commit message (Collapse) | Author |
|---|
|
This adds SPDX license headers to all source files in pseudo so license
identification models current best practise.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Turns out you need <stdint.h> for int64_t and friends and
some systems were picking it up implicitly and others weren't.
|
|
bind_int doesn't handle 64-bit ints on most targets, we need
bind_int64, and weren't using it. What a silly bug. Caught
and fixed by <Jack.Fewx@dell.com>.
Signed-off-by: seebs <seebs@seebs.net>
|
|
So ino_t is uint64_t, sqlite field types are magical and erratic and
if a value doesn't fit inside signed int64, it gets converted to
float64. of course. This means that the top half of the inode range
produces invalid-ish values, because a 64-bit double is typically
53 bits of mantissa, so a value around 2^64 will convert to a float64
value which is going to compare equal to at least 2^10 other integer
values if they were also converted to float64. Which makes weird
problems.
|
|
When deleting a specific file, delete xattrs only if it's the last file
with that device/inode pair.
Signed-off-by: Seebs <seebs@seebs.net>
|
|
Caught by joshuagl: In pdb_clear_unused_xattrs(), the prepared statement
has no bound parameters, so there's no bindings to clear.
Signed-off-by: Seebs <seebs@seebs.net>
|
|
When deleting files, we *do* know the inode and attribute, most of the
time, so we pass those in whenever possible. The full purge of unmatched
xattrs should not happen when the correct dev/ino are believed to be known.
Signed-off-by: Seebs <seebs@seebs.net>
|
|
Don't call sqlite3_finalize() on the static sqlite3_stmt scan as
we reuse it later. The sqlite3_reset() and sqlite4_clear_bindings()
calls are sufficient to reset the prepared statement and reusing
the sqlite3_stmt that has had sqlite3_finalize() on it results in
segfaults and data loss.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
|
|
Handle various ways that a dev/ino pair can cease to have files and thus
need to cease to have xattrs. Also handle weird stuff like moving a file
across filesystems when it was one of multiple links to an inode with
extended attributes.
|
|
extended attributes are a property of inodes, not paths. There can be
multiple file database entries for a single inode, so switch to using
inodes rather than paths.
Still to-do: Delete them when deleting the last file with a given device
and inode.
|
|
Improve event logging a little bit more, increase default event log size,
reduce retries (we shouldn't need that many if nothing's wrong), and make
the server log timestamps during database cleanup, since I'm suspicious of
that as a possible source of delays. Also cause server to emit a useful exit
status if it can't get a lock, and client to check server exit status when
spawning server.
|
|
Apparently some things rely on the assumption that listxattr returns
extended attributes in sorted orders.
|
|
Trying to track down problems which sometimes result in files showing
up as nameless files, producing clashes later. Looks like there were two
issues; one is we were creating links for files that we'd already
found by inode. The other is that rename was sending bogus LINK messages
in some cases. Also simplified the find_file_dev path to extract the
path as part of the initial operation, since there wasn't any case where
that wasn't being done immediately afterwards.
|
|
XFS apparently has 64-bit inodes. Our inode data path was
*almost* 64-bit clean. This doesn't require a database format change
because sqlite3 doesn't distinguish, but it will probably
invalidate existing files.db things on XFS. But they were broken
anyway.
|
|
More complicated, because we actually need to make com.apple stuff work
probably.
|
|
Was using the length of the name instead of the length of the
value on insert, but not on update, so initial settings of values
were busted often.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
The xattr first-pass implementation was allocating a buffer to
hold the name and value for a set operation, then pseudo_client was
allocating *another* buffer to hold the path and those two values.
pseudo_client_op develops more nuanced argument handling, and also
uses a static buffer for the extended paths it sometimes needs. So
for the typical use case, only occasional operations will need to
reallocate/expand the buffer, and we'll be down to copying things
into that buffer once per operation, instead of having two alloc/free
pairs and two copies.
And of course, that wasn't two alloc/free pairs, it was one alloc/free
pair and one alloc without a free. Whoops.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Issue #1: If an operation came in for an item with no path
provided by the wrapper, the client would not construct the
combined "path" value. Fixed, and missing paths are now
consistently handled as 0-byte paths.
Issue #2: The database code was assuming the values were
strings, and ignoring a specified length.
Issue #3: The computation of the length of the stored value
was off by one, because it was including the extra terminating
null the client added in case the value was a path.
With this in place, "cp -a" on CentOS is consistently
duplicating the system.posix_acl_access fields as expected,
but unfortunately not handling their permissions too.
(Intent is to translate a system.posix_acl_access setxattr
into corresponding permissions whenever possible.)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Initial, incomplete, support for extended attributes. Extended
attributes are implemented fairly naively, using a second table
in the file database using the primary file table's id as a
foreign key. The ON DELETE CASCADE behavior requires sqlite 3.6.19
or later with foreign key and trigger support compiled in.
To reduce round-trips, the client does not check for existing
attributes, but rather, sends three distinct set messages;
OP_SET_XATTR, OP_CREATE_XATTR, OP_REPLACE_XATTR. A SET message
always succeeds, a CREATE fails if the attribute already
exists, and a REPLACE fails if the attribute does not already
exist.
The /* flags */ feature of makewrappers is used to correct
path names appropriately, so all functions are already working
with complete paths, and can always use functions that work
on links; if they were supposed to dereference, the path
fixup code got that.
The xattr support is enabled, for now, conditional on
whether getfattr --help succeeds.
Not yet implemented: Translation for system.posix_acl_access,
which is used by "cp -a" (or "cp --preserve-all") on some
systems to try to copy modes.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
This is a moderately intrusive change. The basic overall effect:
Debugging messages are now controlled, not by a numeric "level",
but by a series of flags, which are expressed as a string of
letters. Each flag has a single-letter form used for string
specifications, a name, a description, a numeric value (1 through N),
and a flag value (which is 1 << the numeric value). (This does mean
that no flag has the value 1, so we only have 31 bits available.
Tiny violins play.)
The other significant change is that the pseudo_debug calls
are now implemented with a do/while macro containing a conditional,
so that computationally-expensive arguments are never evaluated
if the corresponding debug flags weren't set. The assumption is
that in the vast majority of cases (specifically, all of them
so far) the debug flags for a given call are a compile-time constant,
so the nested conditional will never actually show up in code
when compiled with optimization; we'll just see the appropriate
conditional test.
The VERBOSE flag is magical, in that if the VERBOSE flag is
used in a message, the debug flags have to have both VERBOSE and
at least one other flag for the call to be made.
This should dramatically improve performance for a lot of cases
without as much need for PSEUDO_NDEBUG, and improve the ability of
users to get coherent debugging output that means something and is
relevant to a given case.
It's also intended to set the stage for future development work
involving improving the clarity and legibility of pseudo's diagnostic
messages in general.
Old things which used numeric values for PSEUDO_DEBUG will sort
of continue to work, though they will almost always be less verbose
than they used to. There should probably be a pass through adding
"| PDBGF_CONSISTENCY" to a lot of the messages that are specific
to some other type.
|
|
It turns out that file databases don't get very large, and that
sqlite3 can be quite fast with an in-memory database. It also turns
out that dumping the database to disk on exit (or during idle times)
is pretty cheap compared to constant updates.
So: We add "--enable-memory-db", which defaults to on if you have
sqlite 3.7 or later, and off for 3.6 (because 3.6 has horrible
performance with in-memory db on some hosts we tried).
|
|
This is a spiffied-up rebase of a bunch of intermediate changes, presented
as a whole because it is, surprisingly, less confusing that way. The basic
idea is to separate the guts code into categories ranging from generic
stuff that can be the same everywhere and specific variants. The big scary
one is the Darwin support, which actually seems to run okay on 64-bit OS X
10.6. (No other variants were tested.) The other example given is support
for the old clone() syscall on RHEL 4, which affects some wrlinux use cases.
There's a few minor cleanup bits here, such as a function with inconsistent
calling conventions, but nothing really exciting.
|
|
|
|
Changing the file journal to OFF, this makes things a bit more susceptible
to failure in cases where pseudo crashes or the system crashes.. however, this
is believed to be unlikely.
Timing:
Before:
real 6m42.093s
user 0m34.321s
sys 2m46.086s
(with journal set to MEMORY)
real 6m33.037s
user 0m33.133s
sys 2m48.668s
After (journal set to OFF)
real 6m17.313s
user 0m32.757s
sys 2m47.654s
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
We change the index from simply "path" to "path, dev, ino". This allows for
slightly faster searches for the exact file information, and does not cause
any penalty for a simple "path" based search.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Add sqlite call profiling, this allows us to see the sqlite calls
that are being made as the system runs, via the pseudo log.
It was noted that by this profiling that a small change to pseudo.c,
when a file was found, reduced the sqlite SELECT calls by about 1/3.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
be out of sync in a very inconvenient way.
Changes include:
* Some whitespace fixes, also move the pseudo_variables definition
into pseudo_util.c since it's not used anywhere else.
* Further improvements in the fork() support:
We now recognize both positive and negative forms of PSEUDO_DISABLED,
so we can distinguish between "it was removed from the environment
by env -i" (restore the old value) and "it was intentionally turned
off" (the new value wins).
* clone(2) support. This is a little primitive, and programs might still
fail horribly due to clone's semantics, but at least it's there and
passes easy test cases.
Plus a big patch from Mark Hatle:
Cleanup fork/clone and PSEUDO_DISABLED
guts/fork.c:
* cleanup function and make it more robust
* be sure to call pseudo_setupenv prior to pseudo_client_reset
to match exec behavior
pseudo_wrappers.c:
* fix mismatched type in execl_to_v call via typecast
* Simplify fork call via single call to wrap_fork()
* be sure to save pseudo_disabled
* be sure to call pseudo_setupenv prior to pseudo_client_reset
to match exec behavior
tests:
* Add a test of whether pseudo can be disabled/enabled on a fork.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
database to preserve the meaning of log messages in old databases
in case of renumbering... but these tables were never used, and
the tables used to create them were, in fact, out of date and
inconsistent with the range of operations now supported. Remove
the vestigial remains of the never-implemented feature.
Also, update .gitignore to stop git from complaining about some
more generated files.
|
|
are generated from text files and templates, making it now (we hope)
impossible for the list of strings to get out of sync with the
enum.
|
|
one device to another, for instance.
|
|
bug in the speculative-unlink operation.
The intent is to mark and then confirm or cancel the delete. This
removes the quirk where we tried to stash old database entries,
which didn't handle directories anyway; "rmdir non-empty-directory"
is a bit too common a case to dismiss as unthinkable.
|
|
Add PSEUDO_BINDIR, PSEUDO_LIBDIR, and PSEUDO_LOCALSTATEDIR to allow for more
easy customization of PSEUDO components at run-time. If these are not set
they will be automatically generated based on the existing PSEUDO_PREFIX path.
PSEUDO_BINDIR = PSEUDO_PREFIX /bin
PSEUDO_LIBDIR = PSEUDO_PREFIX /lib
PSEUDO_LOCALSTATEDIR = PSEUDO_PREFIX /var/pseudo
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
CQ: WIND00225366
When moving a directory, pseudo performs the following sequence: stat
old, unlink new, link old and then rename. When linking a file, pseudo
first makes sure the file does not already exist in the database and
does an unlink. So the full sequence was stat old, unlink new, link
old ( unlink old, unlink contents of old, relink old ), rename. The
fix removes the unlinking of the contents of old.
|
|
Address a couple of compiler warnings, add a couple of signals to the
list of caught signals, etcetera.
|
|
pdb_history was overloaded as a delete function. Separated this
out into a query-builder and a pair of functions to use it, which
makes it cleaner.
|
|
Stop vacuuming the logs database under normal usage -- it's expensive
and slow, and not useful.
Make link(2) "correctly" (following Linux, rather than POSIX) link
to a symlink rather than to the file the symlink links to.
|
|
When you rename across devices, inode can change. Until now,
pseudo had no tools for handling a change in inode, but this
is clearly a legitimate case.
|
|
|
|
It is possible for the database to get out of sync with the
filesystem. Detecting this after the fact can be hard. Provide a
hook for requesting a check.
Also merge in some LD_LIBRARY_PATH fixes.
|
|
Send program name (program_invocation_name from glibc) along with the
tag.
Along the way, restructure the fds/pids/tags arrays to be an array
of client structures in pseudo_server, and add the message type
to the set of things logged -- logging that a message was a ping is
more useful than appending the text "ping" to it. Add support
for type and program to pseudolog.
Add deletion to pseudolog.
Handle usage message formatting when there's an odd number of known
specifiers for pseudolog.
Conflicts:
ChangeLog.txt
pseudo_server.c
|
|
|
|
This allows us to track execution, although the tracking for it
requires some additional thought -- the basic assumption is that we
don't want to canonicalize names into the chroot() directory, but
since all the filename canonicalization assumes that we want this,
that will take some sneaking. It's a little useful as is, though,
so I'm running with it.
|
|
This patch adds support for checking whether a file was opened for
reading, writing, or both, as well as tracking append flags. It is
not very well tested. This is preparation for improved host
contamination checking.
|
|
None of them seem to have been genuine problems, but it's prettier now,
and some were questionable.
|
|
Add chroot() and a large number of things needed to make it work.
The list of intercepted calls is large but not exhaustive.
|
|
|
Richard Purdie
Seebs
Joshua Lock
Peter Seebach
Mark Hatle
seebs
Konrad Scherer
Peter Seebach