The Samba-Bugzilla – Attachment 5243 Details for
Bug 7067
Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am format patch for 3.4.6.
0001-Fix-bug-7067-Linux-asynchronous-IO-aio-can-cause-smb.patch (text/plain), 4.78 KB, created by
Jeremy Allison
on 2010-01-28 16:47:06 UTC
(
hide
)
Description:
git-am format patch for 3.4.6.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2010-01-28 16:47:06 UTC
Size:
4.78 KB
patch
obsolete
>From 93795c12386b915bc9a591e30473fd95bab05a6b Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 26 Jan 2010 16:51:57 -0800 >Subject: [PATCH] Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to respond to a read or write. > >Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability >to allow Linux threads under different euids to send signals to each other. > >Jeremy. >(cherry picked from commit 899bd0005f56dcc1e95c3988d41ab3f628bb15db) >--- > source3/include/smb.h | 3 +- > source3/lib/system.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++--- > source3/smbd/server.c | 8 ++++++ > 3 files changed, 71 insertions(+), 5 deletions(-) > >diff --git a/source3/include/smb.h b/source3/include/smb.h >index 2a3c455..29c614b 100644 >--- a/source3/include/smb.h >+++ b/source3/include/smb.h >@@ -1690,7 +1690,8 @@ minimum length == 24. > enum smbd_capability { > KERNEL_OPLOCK_CAPABILITY, > DMAPI_ACCESS_CAPABILITY, >- LEASE_CAPABILITY >+ LEASE_CAPABILITY, >+ KILL_CAPABILITY > }; > > /* >diff --git a/source3/lib/system.c b/source3/lib/system.c >index e815766..6349af5 100644 >--- a/source3/lib/system.c >+++ b/source3/lib/system.c >@@ -592,6 +592,11 @@ char *sys_getwd(char *s) > > #if defined(HAVE_POSIX_CAPABILITIES) > >+/* This define hasn't made it into the glibc capabilities header yet. */ >+#ifndef SECURE_NO_SETUID_FIXUP >+#define SECURE_NO_SETUID_FIXUP 2 >+#endif >+ > /************************************************************************** > Try and abstract process capabilities (for systems that have them). > ****************************************************************************/ >@@ -622,6 +627,32 @@ static bool set_process_capability(enum smbd_capability capability, > } > #endif > >+#if defined(HAVE_PRCTL) && defined(PR_SET_SECUREBITS) && defined(SECURE_NO_SETUID_FIXUP) >+ /* New way of setting capabilities as "sticky". */ >+ >+ /* >+ * Use PR_SET_SECUREBITS to prevent setresuid() >+ * atomically dropping effective capabilities on >+ * uid change. Only available in Linux kernels >+ * 2.6.26 and above. >+ * >+ * See here: >+ * http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html >+ * for details. >+ * >+ * Specifically the CAP_KILL capability we need >+ * to allow Linux threads under different euids >+ * to send signals to each other. >+ */ >+ >+ if (prctl(PR_SET_SECUREBITS, 1 << SECURE_NO_SETUID_FIXUP)) { >+ DEBUG(0,("set_process_capability: " >+ "prctl PR_SET_SECUREBITS failed with error %s\n", >+ strerror(errno) )); >+ return false; >+ } >+#endif >+ > cap = cap_get_proc(); > if (cap == NULL) { > DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n", >@@ -650,6 +681,11 @@ static bool set_process_capability(enum smbd_capability capability, > cap_vals[num_cap_vals++] = CAP_LEASE; > #endif > break; >+ case KILL_CAPABILITY: >+#ifdef CAP_KILL >+ cap_vals[num_cap_vals++] = CAP_KILL; >+#endif >+ break; > } > > SMB_ASSERT(num_cap_vals <= ARRAY_SIZE(cap_vals)); >@@ -659,16 +695,37 @@ static bool set_process_capability(enum smbd_capability capability, > return True; > } > >- cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals, >- enable ? CAP_SET : CAP_CLEAR); >+ /* >+ * Ensure the capability is effective. We assume that as a root >+ * process it's always permitted. >+ */ >+ >+ if (cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals, >+ enable ? CAP_SET : CAP_CLEAR) == -1) { >+ DEBUG(0, ("set_process_capability: cap_set_flag effective " >+ "failed (%d): %s\n", >+ (int)capability, >+ strerror(errno))); >+ cap_free(cap); >+ return false; >+ } > > /* We never want to pass capabilities down to our children, so make > * sure they are not inherited. > */ >- cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR); >+ if (cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, >+ cap_vals, CAP_CLEAR) == -1) { >+ DEBUG(0, ("set_process_capability: cap_set_flag inheritable " >+ "failed (%d): %s\n", >+ (int)capability, >+ strerror(errno))); >+ cap_free(cap); >+ return false; >+ } > > if (cap_set_proc(cap) == -1) { >- DEBUG(0, ("set_process_capability: cap_set_proc failed: %s\n", >+ DEBUG(0, ("set_process_capability: cap_set_flag (%d) failed: %s\n", >+ (int)capability, > strerror(errno))); > cap_free(cap); > return False; >diff --git a/source3/smbd/server.c b/source3/smbd/server.c >index 2c5ce40..25571a9 100644 >--- a/source3/smbd/server.c >+++ b/source3/smbd/server.c >@@ -1027,6 +1027,14 @@ extern void build_options(bool screen); > gain_root_privilege(); > gain_root_group_privilege(); > >+ /* >+ * Ensure we have CAP_KILL capability set on Linux, >+ * where we need this to communicate with threads. >+ * This is inherited by new threads, but not by new >+ * processes across exec(). >+ */ >+ set_effective_capability(KILL_CAPABILITY); >+ > fault_setup((void (*)(void *))exit_server_fault); > dump_core_setup("smbd"); > >-- >1.6.6 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 7067
:
5242
| 5243 |
5244