[Port-solaris] Re: sol11 AFS syscall

Andrew Deason adeason@sinenomine.net
Wed, 24 Nov 2010 11:46:50 -0500


On Tue, 23 Nov 2010 16:51:14 -0500
Jeffrey Hutzelman <jhutz@cmu.edu> wrote:

> Frank, if you have some other approach to suggest, feel free.  Bear in
> mind that for us, the AFS system call (or at least, some subcodes,
> including PAG management, token management, and pioctl()) _is_ an
> interface, and there is code outside OpenAFS which uses it.  So, while
> a change is possible, it's slow and a bit painful and thus something
> we'd prefer to avoid.

It is also worth noting that not only does this break our interface to
the OpenAFS kernel module, it does so in a way that is very conducive to
accidental data loss. Since current/past OpenAFS tools (or any
OpenAFS-aware program) will try to use syscall 65 for AFS queries,
they'll call unlinkat when trying to perform any AFS operation on
Solaris 11 or OpenSolaris on build 135 and onward.

And it so happens that the parameters for the pioctl operation for
listing AFS ACLs are compatible enough with unlinkat() to cause an
actual unlink to occur.

That is, if I take an OpenAFS 'fs' binary I built for Solaris 8-10, and
run:

$ fs listacl /foo/bar

Normally, this would output the AFS ACL for /foo/bar, or tell me that
/foo/bar is not a file in AFS. However, on Solaris 11 as it exists now,
instead this will cause /foo/bar to be unlinked! Needless to say, this
is very unexpected, and prone to data loss.

-- 
Andrew Deason
adeason@sinenomine.net