smbd: Fix a panic

Opening a file with a stale (smbd died) LEVEL_II oplock makes

vfs_set_filelen-> ... ->contend_level2_oplocks_begin_default

trigger the immediate leading to do_break_to_none. This goes through
because fsp->oplock_type is not initialized yet, thus 0. Also,
file_has_read_oplocks is still valid, because the smbd that has died
could not clean up the brlock.tdb entry.

Later in the code the exclusive oplock is granted, which is then found
by do_break_to_none, making it panic.

This patch just runs the direct FTRUNCATE instead of vfs_set_filelen.
This means the contend_level2_oplock code is skipped.

The relevant break (LEVEL_II to NONE) is now done in delay_for_oplock()
with the nice effect of removing a comment that was very confusing to
me.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 22 20:09:29 UTC 2019 on sn-devel-184

diff --git a/selftest/knownfail b/selftest/knownfail
index e3572d74d727437c4657d9eb13fb2d8bf33d56ae..2c31bf916190c7cc420c9ce145bffb4bcedbe3f5 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -183,7 +183,6 @@
 ^samba3.smb2.dir.modify
 ^samba3.smb2.oplock.batch20
 ^samba3.smb2.oplock.stream1
-^samba3.smb2.oplock.levelii502
 ^samba3.smb2.streams.rename
 ^samba3.smb2.streams.rename2
 ^samba3.smb2.streams.attributes

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index ec7906b4b7782f33c4550dc1a2b85d74c6540a47..0a4abe0d820e6c248f0165829bb70f9cb94c2959 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1911,12 +1911,7 @@ static bool delay_for_oplock(files_struct *fsp,
                break_to = e_lease_type & ~delay_mask;
 
                if (will_overwrite) {
-                       /*
-                        * we'll decide about SMB2_LEASE_READ later.
-                        *
-                        * Maybe the break will be deferred
-                        */
-                       break_to &= ~SMB2_LEASE_HANDLE;
+                       break_to &= ~(SMB2_LEASE_HANDLE|SMB2_LEASE_READ);
                }
 
                DEBUG(10, ("entry %u: e_lease_type %u, will_overwrite: %u\n",
@@ -3675,13 +3670,17 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
            (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) {
                int ret;
 
-               ret = vfs_set_filelen(fsp, 0);
+               ret = SMB_VFS_FTRUNCATE(fsp, 0);
                if (ret != 0) {
                        status = map_nt_error_from_unix(errno);
                        TALLOC_FREE(lck);
                        fd_close(fsp);
                        return status;
                }
+               notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
+                            FILE_NOTIFY_CHANGE_SIZE
+                            | FILE_NOTIFY_CHANGE_ATTRIBUTES,
+                            fsp->fsp_name->base_name);
        }
 
        /*