s3: smbd: Allow a SHUTDOWN_CLOSE on a file with outstanding aio if there are no clien...

The process is exiting now so pthreads will never complete to cause
problems.

Remove the knownfail.d/aio_outstanding entry.

Followup-bugfix for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 24 20:14:15 UTC 2020 on sn-devel-184

(cherry picked from commit 205653732064ecf76d3198451240af468806ec14)

diff --git a/selftest/knownfail.d/aio_outstanding b/selftest/knownfail.d/aio_outstanding
deleted file mode 100644 (file)
index 6426f76..0000000
--- a/selftest/knownfail.d/aio_outstanding
+++ /dev/null
@@ -1,2 +0,0 @@
-samba3.blackbox.aio-outstanding
-

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index d5af62a277c70248a25f92bb396f289f6e74474c..1a6e33b4403d8ae91336e724a7d16987ff3ee867 100644 (file)
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -639,12 +639,38 @@ static NTSTATUS ntstatus_keeperror(NTSTATUS s1, NTSTATUS s2)
 static void assert_no_pending_aio(struct files_struct *fsp,
                                  enum file_close_type close_type)
 {
+       struct smbXsrv_client *client = global_smbXsrv_client;
+       size_t num_connections_alive;
        unsigned num_requests = fsp->num_aio_requests;
 
        if (num_requests == 0) {
                return;
        }
 
+       num_connections_alive = smbXsrv_client_valid_connections(client);
+
+       if (close_type == SHUTDOWN_CLOSE && num_connections_alive == 0) {
+               /*
+                * fsp->aio_requests and the contents (fsp->aio_requests[x])
+                * are both independently owned by fsp and are not in a
+                * talloc heirarchy. This allows the fsp->aio_requests array to
+                * be reallocated independently of the array contents so it can
+                * grow on demand.
+                *
+                * This means we must ensure order of deallocation
+                * on a SHUTDOWN_CLOSE by deallocating the fsp->aio_requests[x]
+                * contents first, as their destructors access the
+                * fsp->aio_request array. If we don't deallocate them
+                * first, when fsp is deallocated fsp->aio_requests
+                * could have been deallocated *before* its contents
+                * fsp->aio_requests[x], causing a crash.
+                */
+               while (fsp->num_aio_requests != 0) {
+                       TALLOC_FREE(fsp->aio_requests[0]);
+               }
+               return;
+       }
+
        DBG_ERR("fsp->num_aio_requests=%u\n", num_requests);
        smb_panic("can not close with outstanding aio requests");
        return;