Bug 15148 - Missing READ_LEASE break could cause data corruption
Summary: Missing READ_LEASE break could cause data corruption
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.17.0rc1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-17 14:55 UTC by Stefan Metzmacher
Modified: 2022-09-28 15:41 UTC (History)
5 users (show)

See Also:

Attachments
Patches for v4-15-test (12.37 KB, patch)
2022-08-22 06:00 UTC, Stefan Metzmacher 		slow: review+
jra: review+
Details
Patches for v4-16-test (12.37 KB, patch)
2022-08-22 06:05 UTC, Stefan Metzmacher 		slow: review+
Details
Patches for v4-17-test (12.42 KB, patch)
2022-08-22 06:06 UTC, Stefan Metzmacher 		slow: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2022-08-17 14:55:32 UTC 
Imagine a file is opened by ClientA, with FileHandleA using LeaseKeyA
and ClientB, with FileHandleB using LeaseKeyB, both having an "R" lease.

Then ClientA sends a SMB2_write(FileHandleA), which triggers a
lease break to NONE for LeaseKeyB. While LeaseKeyA doesn't get
the break because it's used for FileHandleA.
It means we only have a single "R" lease left, which is hold under LeaseKeyA.

Now ClientA sends a SMB2_write(FileHandleA) again, we'll see no
lease break, but the logic in contend_level2_oplocks_begin_default()
will hit the if (state.num_broken == 0) case and clears
SHARE_MODE_LEASE_READ in share_mode_data->flags, while the "R" lease for
LeaseKeyA is still there.

Now ClientB sends a SMB2_write(FileHandleB), and we won't see
a lease break to NONE for LeaseKeyA, because the logic in
contend_level2_oplocks_begin_default() detects that
file_has_read_lease() returns false because SHARE_MODE_LEASE_READ
was already cleared.
Comment 1 Jeremy Allison 2022-08-17 17:08:19 UTC 
Metze, is this a duplicate of:

https://bugzilla.samba.org/show_bug.cgi?id=15112
Comment 2 Stefan Metzmacher 2022-08-18 10:03:37 UTC 
(In reply to Jeremy Allison from comment #1)

No it's different...
Comment 3 Samba QA Contact 2022-08-18 19:42:06 UTC 
This bug was referenced in samba master:

7592aad4d7a84d0ac66a156a22af3ad77803e55c
9e5ff607eb1b9c45c8836d3cff9d51b418740b87
96e2a82760ea06a89b7387b5cd3e864732afded3
Comment 4 Stefan Metzmacher 2022-08-22 06:00:13 UTC 
Created attachment 17485 [details]
Patches for v4-15-test
Comment 5 Stefan Metzmacher 2022-08-22 06:05:54 UTC 
Created attachment 17486 [details]
Patches for v4-16-test
Comment 6 Stefan Metzmacher 2022-08-22 06:06:16 UTC 
Created attachment 17487 [details]
Patches for v4-17-test
Comment 7 Jule Anger 2022-08-23 05:51:34 UTC 
Pushed to autobuild-v4-{17,16,15}-test.
Comment 8 Samba QA Contact 2022-08-23 07:35:41 UTC 
This bug was referenced in samba v4-15-test:

93febc222bf56f4df7d8a2ca760785620c1abe4c
ec1ad34f288526fb965dff14d49b6fccedd2140c
89110595b447729f1d0afa40aa011976943c1186
Comment 9 Samba QA Contact 2022-08-23 08:54:03 UTC 
This bug was referenced in samba v4-16-test:

19f285e080980b0fbac125d3e0877bfe8424ff25
b910d9f6e0077159f44a12437402811337c51533
9cb40437278fb7963f42efe69ce0227aa21303bc
Comment 10 Samba QA Contact 2022-08-23 08:58:27 UTC 
This bug was referenced in samba v4-17-test:

6ac28f4386867455dfcfc669a75e80f8c49a5386
0529214b3cc63f24cb7401360fc0d35b9c18ed49
c4c99397c568e1ebd8c67865147a2b01031d0445
Comment 11 Jule Anger 2022-08-23 09:33:41 UTC 
Closing out bug report.

Thanks!
Comment 12 Samba QA Contact 2022-08-23 14:51:16 UTC 
This bug was referenced in samba v4-17-stable (Release samba-4.17.0rc3):

6ac28f4386867455dfcfc669a75e80f8c49a5386
0529214b3cc63f24cb7401360fc0d35b9c18ed49
c4c99397c568e1ebd8c67865147a2b01031d0445
Comment 13 Samba QA Contact 2022-09-07 19:02:42 UTC 
This bug was referenced in samba v4-16-stable (Release samba-4.16.5):

19f285e080980b0fbac125d3e0877bfe8424ff25
b910d9f6e0077159f44a12437402811337c51533
9cb40437278fb7963f42efe69ce0227aa21303bc
Comment 14 Samba QA Contact 2022-09-28 15:41:56 UTC 
This bug was referenced in samba v4-15-stable (Release samba-4.15.10):

93febc222bf56f4df7d8a2ca760785620c1abe4c
ec1ad34f288526fb965dff14d49b6fccedd2140c
89110595b447729f1d0afa40aa011976943c1186