From 82e88f70f181300f6f98691f6680839a94470e13 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 18 Sep 2023 14:43:23 -0700 Subject: [PATCH] s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist. Make this DEVELOPER-only as it walks the entire open file list on every file close (with associated aio). This helps catch really subtle problems with orphaned aio lnk structs. Reproducer test case to follow. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- source3/smbd/smb2_aio.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/source3/smbd/smb2_aio.c b/source3/smbd/smb2_aio.c index 8c01c76a3e9..88aa68d218f 100644 --- a/source3/smbd/smb2_aio.c +++ b/source3/smbd/smb2_aio.c @@ -64,6 +64,9 @@ struct aio_extra *create_aio_extra(TALLOC_CTX *mem_ctx, } struct aio_req_fsp_link { +#ifdef DEVELOPER + struct smbd_server_connection *sconn; +#endif files_struct *fsp; struct tevent_req *req; }; @@ -74,6 +77,24 @@ static int aio_del_req_from_fsp(struct aio_req_fsp_link *lnk) files_struct *fsp = lnk->fsp; struct tevent_req *req = lnk->req; +#ifdef DEVELOPER + struct files_struct *ifsp = NULL; + bool found = false; + + /* + * When this is called, lnk->fsp must still exist + * on the files list for this connection. Panic if not. + */ + for (ifsp = lnk->sconn->files; ifsp; ifsp = ifsp->next) { + if (ifsp == fsp) { + found = true; + } + } + if (!found) { + smb_panic("orphaned lnk on fsp aio list.\n"); + } +#endif + for (i=0; inum_aio_requests; i++) { if (fsp->aio_requests[i] == req) { break; @@ -130,6 +151,9 @@ bool aio_add_req_to_fsp(files_struct *fsp, struct tevent_req *req) lnk->fsp = fsp; lnk->req = req; +#ifdef DEVELOPER + lnk->sconn = fsp->conn->sconn; +#endif talloc_set_destructor(lnk, aio_del_req_from_fsp); return true; -- 2.47.3