Bug 14816 - smbd built with ‘-DDISABLE_OPATH=1’ will hang opening FIFO file in the samba share.
Summary: smbd built with ‘-DDISABLE_OPATH=1’ will hang opening FIFO file in the samba ...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.14.5
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
: 14853 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-09-02 19:58 UTC by mig28suarez
Modified: 2021-10-06 11:19 UTC (History)
2 users (show)

See Also:


Attachments
git-am fix for master. (893 bytes, patch)
2021-09-02 21:42 UTC, Jeremy Allison
no flags Details
git-am fix for master. (5.49 KB, patch)
2021-09-03 02:18 UTC, Jeremy Allison
no flags Details
Patch for 4.14 and 4.15 cherry-picked from master (6.04 KB, patch)
2021-09-06 10:56 UTC, Ralph Böhme
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description mig28suarez 2021-09-02 19:58:41 UTC
I noticed a problem building samba with ‘-DDISABLE_OPATH=1’. The resulting smbd process can hang if there is a FIFO file in the samba share. The build was done on ‘CentOS Linux release 7.6.1810 (Core)’. 

(gdb) bt
#0  0x00007f781febbe47 in openat64 () from /lib64/libc.so.6
#1  0x00007f78237f55a9 in vfswrap_openat (handle=0x56546a488950, dirfsp=0x56546a494ba0,
    smb_fname=0x56546a4c2810, fsp=0x56546a4c1510, flags=131072, mode=0)
    at ../../source3/modules/vfs_default.c:725
#2  0x00007f782388c60d in smb_vfs_call_openat (handle=0x56546a488950,
    dirfsp=0x56546a494ba0, smb_fname=0x56546a4c2810, fsp=0x56546a4c1510, flags=131072,
    mode=0) at ../../source3/smbd/vfs.c:1830
#3  0x00007f7823874c15 in non_widelink_open (dirfsp=0x56546a494ba0, fsp=0x56546a4c1510,
    smb_fname=0x56546a4c2810, flags=131072, mode=0, link_depth=0)
    at ../../source3/smbd/open.c:787
#4  0x00007f7823875037 in fd_openat (dirfsp=0x56546a494ba0, smb_fname=0x56546a4c2810,
    fsp=0x56546a4c1510, flags=0, mode=0) at ../../source3/smbd/open.c:918
#5  0x00007f78237fd119 in openat_pathref_fsp (dirfsp=0x56546a494ba0,
    smb_fname=0x56546a4c2810) at ../../source3/smbd/files.c:497
#6  0x00007f7823803994 in smbd_dirptr_get_entry (ctx=0x56546a48c5a0,
    dirptr=0x56546a488c90, mask=0x56546a497e50 "*", dirtype=22, dont_descend=false,
    ask_sharemode=true, get_dosmode_in=true, match_fn=
    0x7f782384e239 <smbd_dirptr_lanman2_match_fn>, mode_fn=
    0x7f782384e55e <smbd_dirptr_lanman2_mode_fn>, private_data=0x7ffe4a836a40,
    _fname=0x7ffe4a836a58, _smb_fname=0x7ffe4a836a50, _mode=0x7ffe4a836a64,
    _prev_offset=0x7ffe4a836a68) at ../../source3/smbd/dir.c:888
#7  0x00007f7823851cc7 in smbd_dirptr_lanman2_entry (ctx=0x56546a48c5a0,
    conn=0x56546a4960f0, dirptr=0x56546a488c90, flags2=49217,
    path_mask=0x56546a497e50 "*", dirtype=22, info_level=262, requires_resume_key=0,
    dont_descend=false, ask_sharemode=true, get_dosmode=true, align=8 '\b',
    do_pad=false, ppdata=0x56546a48c600, base_data=0x56546a4af140 "p",
    end_data=0x56546a4c0137 "", space_remaining=60378, _smb_fname=0x7ffe4a836bd8,
    got_exact_match=0x7ffe4a836bd7, _last_entry_off=0x56546a48c624, name_list=0x0,
    file_id=0x7ffe4a836bb0) at ../../source3/smbd/trans2.c:2550
#8  0x00007f78238e37af in smb2_query_directory_next_entry (req=0x56546a48c3f0)
    at ../../source3/smbd/smb2_query_directory.c:555
#9  0x00007f78238e3479 in smbd_smb2_query_directory_send (mem_ctx=0x56546a48ac00,
    ev=0x56546a4623a0, smb2req=0x56546a48ac00, fsp=0x56546a494ba0,
    in_file_info_class=37 '%', in_flags=0 '\000', in_file_index=0,
    in_output_buffer_length=65528, in_file_name=0x56546a497e50 "*")
    at ../../source3/smbd/smb2_query_directory.c:523
#10 0x00007f78238e2512 in smbd_smb2_request_process_query_directory (req=0x56546a48ac00)
    at ../../source3/smbd/smb2_query_directory.c:129

-------------------------

(gdb) f 1
#1  0x00007f78237f55a9 in vfswrap_openat (handle=0x56546a488950, dirfsp=0x56546a494ba0,
    smb_fname=0x56546a4c2810, fsp=0x56546a4c1510, flags=131072, mode=0)
    at ../../source3/modules/vfs_default.c:725
725             result = openat(fsp_get_pathref_fd(dirfsp),
(gdb) l
720             if (fsp->fsp_flags.is_pathref && !have_opath) {
721                     become_root();
722                     became_root = true;
723             }
724
725             result = openat(fsp_get_pathref_fd(dirfsp),
726                             smb_fname->base_name,
727                             flags,
728                             mode);
729
(gdb) p smb_fname->base_name
$1 = 0x56546a4c2950 "a_pipe"


--------------------------------

[miguel@mig28centos7-vm ~]$ stat a_pipe
  File: ‘a_pipe’
  Size: 0               Blocks: 0          IO Block: 4096   fifo
Device: fd02h/64770d    Inode: 9469886     Links: 1
Access: (0664/prw-rw-r--)  Uid: ( 1000/  miguel)   Gid: ( 1000/  miguel)
Context: unconfined_u:object_r:user_home_t:s0
Access: 2021-08-25 15:25:14.137376316 -0400
Modify: 2021-08-25 15:25:14.137376316 -0400
Change: 2021-08-25 15:25:14.137376316 -0400
 Birth: -
Comment 1 Jeremy Allison 2021-09-02 21:34:20 UTC
Hmmm. Here is the code that takes care of this in the normal open path:

#if defined(O_NONBLOCK) && defined(S_ISFIFO)
                /*
                 * We would block on opening a FIFO with no one else on the
                 * other end. Do what we used to do and add O_NONBLOCK to the
                 * open flags. JRA.
                 */

                if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
                        local_flags &= ~O_TRUNC; /* Can't truncate a FIFO. */
                        local_flags |= O_NONBLOCK;
                        truncating = false;
                }
#endif

I think I see the needed patch here.
Comment 2 Jeremy Allison 2021-09-02 21:42:22 UTC
Created attachment 16760 [details]
git-am fix for master.

Can you try this patch ? I think it might fix the issue. If so, I'll add a test and get it into ci for upstream.
Comment 3 Jeremy Allison 2021-09-03 02:18:17 UTC
Created attachment 16761 [details]
git-am fix for master.

Includes regression test. In CI here:

https://gitlab.com/samba-team/devel/samba/-/pipelines/364444092
Comment 5 mig28suarez 2021-09-03 12:56:13 UTC
Yes. The patch appears to have fixed issue. Will FIFO files always be opened with O_NONBLOCK regardless of whether or not O_PATH is available?

Thanks.
Comment 6 Jeremy Allison 2021-09-03 17:03:56 UTC
Yes, all fifo's will have O_NONBLOCK set for both pathref and normal opens, as was the case in 4.14.x and below.

Thanks for confirming the fix. I'll ping people to get this in master and then it should be an easy cherry-pick backport for 4.15.0.
Comment 7 Samba QA Contact 2021-09-06 09:52:08 UTC
This bug was referenced in samba master:

a54d9ffc87ebe602a0e7c48e35643ed2ff1a00bc
2f2c53c4f8f59a497bc33a24e5e0fc15ea076876
Comment 8 Ralph Böhme 2021-09-06 10:56:19 UTC
Created attachment 16775 [details]
Patch for 4.14 and 4.15 cherry-picked from master
Comment 9 Ralph Böhme 2021-09-06 11:27:00 UTC
Reassigning to Jule for inclusion in 4.14 and 4.15.
Comment 10 Samba QA Contact 2021-09-06 20:43:54 UTC
This bug was referenced in samba v4-15-test:

5ec6be2ae364febd7be36051dd72126708544e4c
4889512c705169468dee4bba85abfef93b3fcf03
Comment 11 Samba QA Contact 2021-09-07 08:43:37 UTC
This bug was referenced in samba v4-15-stable (Release samba-4.15.0rc5):

5ec6be2ae364febd7be36051dd72126708544e4c
4889512c705169468dee4bba85abfef93b3fcf03
Comment 12 Samba QA Contact 2021-09-07 11:13:37 UTC
This bug was referenced in samba v4-14-test:

1bb8ed2b6192bfe6343037fafd0d1bf940db9302
b5cbbf0542c5f176b8dd07c326430d37e06b3412
Comment 13 Jule Anger 2021-09-07 11:53:04 UTC
Closing out bug report.

Thanks!
Comment 14 Samba QA Contact 2021-10-05 13:26:35 UTC
This bug was referenced in samba v4-14-stable (Release samba-4.14.8):

1bb8ed2b6192bfe6343037fafd0d1bf940db9302
b5cbbf0542c5f176b8dd07c326430d37e06b3412
Comment 15 Ralph Böhme 2021-10-06 11:19:19 UTC
*** Bug 14853 has been marked as a duplicate of this bug. ***