smbd: Fix a panic

Opening a file with a stale (smbd died) LEVEL_II oplock makes

vfs_set_filelen-> ... ->contend_level2_oplocks_begin_default

trigger the immediate leading to do_break_to_none. This goes through
because fsp->oplock_type is not initialized yet, thus 0. Also,
file_has_read_oplocks is still valid, because the smbd that has died
could not clean up the brlock.tdb entry.

Later in the code the exclusive oplock is granted, which is then found
by do_break_to_none, making it panic.

This patch just runs the direct FTRUNCATE instead of vfs_set_filelen.
This means the contend_level2_oplock code is skipped.

The relevant break (LEVEL_II to NONE) is now done in delay_for_oplock()
with the nice effect of removing a comment that was very confusing to
me.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 22 20:09:29 UTC 2019 on sn-devel-184

diff --git a/selftest/knownfail b/selftest/knownfail
index b035725057493505e7e2f2c35ed09aeffa7de240..4139bfd02bc3961f08f6451d851ecb35154dd607 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -175,7 +175,6 @@
 ^samba3.smb2.dir.modify
 ^samba3.smb2.oplock.batch20
 ^samba3.smb2.oplock.stream1
-^samba3.smb2.oplock.levelii502
 ^samba3.smb2.streams.rename
 ^samba3.smb2.streams.rename2
 ^samba3.smb2.streams.attributes

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 461fb7eb23785f40fe1a2b93946b13aa54b1cf04..af6a36f0bd0c95500aac2399aefb16cdf503d262 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1875,12 +1875,7 @@ static bool delay_for_oplock(files_struct *fsp,
                break_to = e_lease_type & ~delay_mask;
 
                if (will_overwrite) {
-                       /*
-                        * we'll decide about SMB2_LEASE_READ later.
-                        *
-                        * Maybe the break will be deferred
-                        */
-                       break_to &= ~SMB2_LEASE_HANDLE;
+                       break_to &= ~(SMB2_LEASE_HANDLE|SMB2_LEASE_READ);
                }
 
                DEBUG(10, ("entry %u: e_lease_type %u, will_overwrite: %u\n",
@@ -3622,13 +3617,17 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
            (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) {
                int ret;
 
-               ret = vfs_set_filelen(fsp, 0);
+               ret = SMB_VFS_FTRUNCATE(fsp, 0);
                if (ret != 0) {
                        status = map_nt_error_from_unix(errno);
                        TALLOC_FREE(lck);
                        fd_close(fsp);
                        return status;
                }
+               notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
+                            FILE_NOTIFY_CHANGE_SIZE
+                            | FILE_NOTIFY_CHANGE_ATTRIBUTES,
+                            fsp->fsp_name->base_name);
        }
 
        /*