[OpenAFS-announce] OpenAFS on Red Had Enterprise Linux 6

Marc Dionne openafs-info@openafs.org
Fri, 23 Apr 2010 15:08:13 -0400


Red Hat has recently announced the availability of a beta version of
its next Red Hat Enterprise Linux release (RHEL6).  While OpenAFS is
functional with this release, it generates a large volume of messages
in the system log when used with a disk cache.

Background
The 2.6.32 kernel in RHEL6 enables IMA (Integrity Management
Architecture).  This feature uses counters to verify and require that
certain operations on files be "balanced", and produces warnings in
the syslog if they are not.
OpenAFS uses dentry_open() to open disk cache files, and in 2.6.32
this function does not increment any IMA counters.  Every caller is
expected to also call ima_counts_get() to properly increment the
counters and balance with the decrement that happens automatically in
fput().
Unfortunately, ima_counts_get() is available only for GPL modules,
which leaves non GPL modules with no way to use the dentry_open/fput
combination correctly.  As cache files are opened and closed
repeatedly in OpenAFS, this generates a very large number of warnings
in the system log.

Fixes
Kernel developers have acknowledged that this API is problematic, and
it has been reworked in 2.6.33 and later, notably with these commits:
       0552f879: Untangling ima mess, part 1: alloc_file()
       b65a9cfc: Untangling ima mess, part 2: deal with counters
       1429b3ec: Untangling ima mess, part 3: kill dead code in ima

These commits have not yet been backported to 2.6.32 and earlier stable kernels.

If you have a support contract with Red Hat and care about running
OpenAFS with RHEL 6, we encourage you to open a case through your
support channel and inquire about getting these changes backported to
RHEL 6.

Thanks,
Marc