[OpenAFS-devel] Re: PAGs/tokens/threads
Andrew Deason
adeason@sinenomine.net
Fri, 7 Aug 2009 11:29:36 -0500
On Fri, 7 Aug 2009 15:29:38 +0200 (CEST)
Alberto Mancini <mancini@math.unifi.it> wrote:
>
> On Fri, 7 Aug 2009, Simon Wilkinson wrote:
>
> > The current implementation only looks at the keyring if it can't
> > determine the PAG from the process's groups. If it has to use the
> > keyring, then it attempts to set the process's group list, so that
> > the group is used for all future lookups.
>
> Is this for performance reasons (or for something i do not see) or
> is just an implementation side-effect ?
I'm not authoritative, but I just thought of one possible reason for
this. If you only have keyrings and no gids representing the PAGs, it
/looks/ like (I'm not sure) that the hourly GCPAGs will destroy them.
Since that detects used PAGs by traversing the process list, identifying
the PAG in a process, and flagging that PAG as used.
However, when PagInCred falls back to checking the keyring, it checks
the calling process's keyring (via request_key), not the process passed
in (via, say, search_process_keyrings). Admittedly, it has a good reason
to, since we don't pass in a process, we pass in an AFS_UCRED. So, if
you have no gid PAGs in various processes, it won't detect the keyring
ones, and it will destroy them. (Well, actually, I think it might have a
failsafe that it doesn't destroy any if it didn't detect any PAGs, but
I'm not sure)
Someone can correct me if I'm wrong there, but I just noticed that that
doesn't look quite right. I can continue to look at it.
--
Andrew Deason
adeason@sinenomine.net