From 30622ed876cffff305a9b03686edb48de987704f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 21 May 2019 15:26:55 +0200 Subject: [PATCH] smbd: Fix a panic MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Opening a file with a stale (smbd died) LEVEL_II oplock makes vfs_set_filelen-> ... ->contend_level2_oplocks_begin_default trigger the immediate leading to do_break_to_none. This goes through because fsp->oplock_type is not initialized yet, thus 0. Also, file_has_read_oplocks is still valid, because the smbd that has died could not clean up the brlock.tdb entry. Later in the code the exclusive oplock is granted, which is then found by do_break_to_none, making it panic. This patch just runs the direct FTRUNCATE instead of vfs_set_filelen. This means the contend_level2_oplock code is skipped. The relevant break (LEVEL_II to NONE) is now done in delay_for_oplock() with the nice effect of removing a comment that was very confusing to me. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed May 22 20:09:29 UTC 2019 on sn-devel-184 --- selftest/knownfail | 1 - source3/smbd/open.c | 13 ++++++------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/selftest/knownfail b/selftest/knownfail index e3572d74d72..2c31bf91619 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -183,7 +183,6 @@ ^samba3.smb2.dir.modify ^samba3.smb2.oplock.batch20 ^samba3.smb2.oplock.stream1 -^samba3.smb2.oplock.levelii502 ^samba3.smb2.streams.rename ^samba3.smb2.streams.rename2 ^samba3.smb2.streams.attributes diff --git a/source3/smbd/open.c b/source3/smbd/open.c index ec7906b4b77..0a4abe0d820 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1911,12 +1911,7 @@ static bool delay_for_oplock(files_struct *fsp, break_to = e_lease_type & ~delay_mask; if (will_overwrite) { - /* - * we'll decide about SMB2_LEASE_READ later. - * - * Maybe the break will be deferred - */ - break_to &= ~SMB2_LEASE_HANDLE; + break_to &= ~(SMB2_LEASE_HANDLE|SMB2_LEASE_READ); } DEBUG(10, ("entry %u: e_lease_type %u, will_overwrite: %u\n", @@ -3675,13 +3670,17 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) { int ret; - ret = vfs_set_filelen(fsp, 0); + ret = SMB_VFS_FTRUNCATE(fsp, 0); if (ret != 0) { status = map_nt_error_from_unix(errno); TALLOC_FREE(lck); fd_close(fsp); return status; } + notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED, + FILE_NOTIFY_CHANGE_SIZE + | FILE_NOTIFY_CHANGE_ATTRIBUTES, + fsp->fsp_name->base_name); } /* -- 2.47.3