The Samba-Bugzilla – Attachment 18266 Details for
Bug 15527
fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for v418,v419,v420
bug-15527-v418.patch (text/plain), 5.29 KB, created by
Noel Power
on 2024-03-14 08:46:26 UTC
(
hide
)
Description:
patch for v418,v419,v420
Filename:
MIME Type:
Creator:
Noel Power
Created:
2024-03-14 08:46:26 UTC
Size:
5.29 KB
patch
obsolete
>From a000ce99064c0c757c9ea66df516c9f98afaa01f Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Mon, 5 Feb 2024 15:03:48 +0100 >Subject: [PATCH 1/2] smbd: simplify handling of failing fstat() after > unlinking file > >close_remove_share_mode() already called vfs_stat_fsp(), so we can skip the >fstat() triggered in fd_close() by fsp->fsp_flags.fstat_before_close being true. > >This avoids getting an EACCESS error when doing an fstat() on the removed file >which seems to happen with some FUSE filesystems. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 6e6324cff29089a636823786183222a73fe7cb28) >--- > source3/smbd/close.c | 1 + > source3/smbd/open.c | 15 +-------------- > 2 files changed, 2 insertions(+), 14 deletions(-) > >diff --git a/source3/smbd/close.c b/source3/smbd/close.c >index b42f4d2db71..04e39774950 100644 >--- a/source3/smbd/close.c >+++ b/source3/smbd/close.c >@@ -603,6 +603,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, > */ > > fsp->fsp_flags.delete_on_close = false; >+ fsp->fsp_flags.fstat_before_close = false; > lck_state.reset_delete_on_close = true; > > done: >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 3e7a8f45ebd..0862c956c45 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -952,20 +952,7 @@ NTSTATUS fd_close(files_struct *fsp) > if (fsp->fsp_flags.fstat_before_close) { > status = vfs_stat_fsp(fsp); > if (!NT_STATUS_IS_OK(status)) { >- /* >- * If this is a stream and delete-on-close was set, the >- * backing object (an xattr from streams_xattr) might >- * already be deleted so fstat() fails with >- * NT_STATUS_NOT_FOUND. So if fsp refers to a stream we >- * ignore the error and only bail for normal files where >- * an fstat() should still work. NB. We cannot use >- * fsp_is_alternate_stream(fsp) for this as the base_fsp >- * has already been closed at this point and so the value >- * fsp_is_alternate_stream() checks for is already NULL. >- */ >- if (fsp->fsp_name->stream_name == NULL) { >- return status; >- } >+ return status; > } > } > >-- >2.35.3 > > >From 73e08c4fde883014e8a9396c4f8c31600b162316 Mon Sep 17 00:00:00 2001 >From: Noel Power <noel.power@suse.com> >Date: Tue, 20 Feb 2024 09:26:29 +0000 >Subject: [PATCH 2/2] s3/smbd: If we fail to close file_handle ensure we should > reset the fd > >if fsp_flags.fstat_before_close == true then close_file_smb will call >vfs_stat which can fail. If it does fail then the fd associated >with the file handle will still be set (and we will hit an assert >is the file handle destructor) when calling file_free. >We need to set fd to -1 to avoid that. To achieve that we capture and >return the vfs_stat_fsp failure status while still processing the rest >of the fd_close logic. > >[2024/02/20 09:23:48.454671, 0, pid=9744] ../../source3/smbd/smb2_close.c:226(smbd_smb2_close) > smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED >[2024/02/20 09:23:48.454757, 0, pid=9744] ../../source3/smbd/fd_handle.c:40(fd_handle_destructor) > PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd == -1) || (fh->fd == AT_FDCWD) >[2024/02/20 09:23:48.454781, 0, pid=9744] ../../lib/util/fault.c:178(smb_panic_log) > =============================================================== >[2024/02/20 09:23:48.454804, 0, pid=9744] ../../lib/util/fault.c:185(smb_panic_log) > INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744 (4.21.0pre1-DEVELOPERBUILD) >[2024/02/20 09:23:48.454844, 0, pid=9744] ../../lib/util/fault.c:190(smb_panic_log) > If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting >[2024/02/20 09:23:48.454869, 0, pid=9744] ../../lib/util/fault.c:191(smb_panic_log) > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527 >Signed-off-by: Noel Power <noel.power@suse.com> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Noel Power <npower@samba.org> >Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224 > >(cherry picked from commit 6ee3f809a54d7b833ff798e68a93ada00a215d4d) >--- > source3/smbd/open.c | 14 ++++++++------ > 1 file changed, 8 insertions(+), 6 deletions(-) > >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 0862c956c45..e5309a7be98 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -942,7 +942,7 @@ NTSTATUS fd_openat(const struct files_struct *dirfsp, > > NTSTATUS fd_close(files_struct *fsp) > { >- NTSTATUS status; >+ NTSTATUS stat_status = NT_STATUS_OK; > int ret; > > if (fsp == fsp->conn->cwd_fsp) { >@@ -950,10 +950,12 @@ NTSTATUS fd_close(files_struct *fsp) > } > > if (fsp->fsp_flags.fstat_before_close) { >- status = vfs_stat_fsp(fsp); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >+ /* >+ * capture status, if failure >+ * continue close processing >+ * and return status >+ */ >+ stat_status = vfs_stat_fsp(fsp); > } > > if (fsp->dptr) { >@@ -975,7 +977,7 @@ NTSTATUS fd_close(files_struct *fsp) > if (ret == -1) { > return map_nt_error_from_unix(errno); > } >- return NT_STATUS_OK; >+ return stat_status; > } > > /**************************************************************************** >-- >2.35.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
npower
:
review?
(
jra
)
slow
:
review+
Actions:
View
Attachments on
bug 15527
: 18266