Bug 15148 - Missing READ_LEASE break could cause data corruption
Summary: Missing READ_LEASE break could cause data corruption
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.17.0rc1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-17 14:55 UTC by Stefan Metzmacher
Modified: 2022-09-07 19:02 UTC (History)
5 users (show)

See Also:


Attachments
Patches for v4-15-test (12.37 KB, patch)
2022-08-22 06:00 UTC, Stefan Metzmacher
slow: review+
jra: review+
Details
Patches for v4-16-test (12.37 KB, patch)
2022-08-22 06:05 UTC, Stefan Metzmacher
slow: review+
Details
Patches for v4-17-test (12.42 KB, patch)
2022-08-22 06:06 UTC, Stefan Metzmacher
slow: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2022-08-17 14:55:32 UTC
Imagine a file is opened by ClientA, with FileHandleA using LeaseKeyA
and ClientB, with FileHandleB using LeaseKeyB, both having an "R" lease.

Then ClientA sends a SMB2_write(FileHandleA), which triggers a
lease break to NONE for LeaseKeyB. While LeaseKeyA doesn't get
the break because it's used for FileHandleA.
It means we only have a single "R" lease left, which is hold under LeaseKeyA.

Now ClientA sends a SMB2_write(FileHandleA) again, we'll see no
lease break, but the logic in contend_level2_oplocks_begin_default()
will hit the if (state.num_broken == 0) case and clears
SHARE_MODE_LEASE_READ in share_mode_data->flags, while the "R" lease for
LeaseKeyA is still there.

Now ClientB sends a SMB2_write(FileHandleB), and we won't see
a lease break to NONE for LeaseKeyA, because the logic in
contend_level2_oplocks_begin_default() detects that
file_has_read_lease() returns false because SHARE_MODE_LEASE_READ
was already cleared.
Comment 1 Jeremy Allison 2022-08-17 17:08:19 UTC
Metze, is this a duplicate of:

https://bugzilla.samba.org/show_bug.cgi?id=15112
Comment 2 Stefan Metzmacher 2022-08-18 10:03:37 UTC
(In reply to Jeremy Allison from comment #1)

No it's different...
Comment 3 Samba QA Contact 2022-08-18 19:42:06 UTC
This bug was referenced in samba master:

7592aad4d7a84d0ac66a156a22af3ad77803e55c
9e5ff607eb1b9c45c8836d3cff9d51b418740b87
96e2a82760ea06a89b7387b5cd3e864732afded3
Comment 4 Stefan Metzmacher 2022-08-22 06:00:13 UTC
Created attachment 17485 [details]
Patches for v4-15-test
Comment 5 Stefan Metzmacher 2022-08-22 06:05:54 UTC
Created attachment 17486 [details]
Patches for v4-16-test
Comment 6 Stefan Metzmacher 2022-08-22 06:06:16 UTC
Created attachment 17487 [details]
Patches for v4-17-test
Comment 7 Jule Anger 2022-08-23 05:51:34 UTC
Pushed to autobuild-v4-{17,16,15}-test.
Comment 8 Samba QA Contact 2022-08-23 07:35:41 UTC
This bug was referenced in samba v4-15-test:

93febc222bf56f4df7d8a2ca760785620c1abe4c
ec1ad34f288526fb965dff14d49b6fccedd2140c
89110595b447729f1d0afa40aa011976943c1186
Comment 9 Samba QA Contact 2022-08-23 08:54:03 UTC
This bug was referenced in samba v4-16-test:

19f285e080980b0fbac125d3e0877bfe8424ff25
b910d9f6e0077159f44a12437402811337c51533
9cb40437278fb7963f42efe69ce0227aa21303bc
Comment 10 Samba QA Contact 2022-08-23 08:58:27 UTC
This bug was referenced in samba v4-17-test:

6ac28f4386867455dfcfc669a75e80f8c49a5386
0529214b3cc63f24cb7401360fc0d35b9c18ed49
c4c99397c568e1ebd8c67865147a2b01031d0445
Comment 11 Jule Anger 2022-08-23 09:33:41 UTC
Closing out bug report.

Thanks!
Comment 12 Samba QA Contact 2022-08-23 14:51:16 UTC
This bug was referenced in samba v4-17-stable (Release samba-4.17.0rc3):

6ac28f4386867455dfcfc669a75e80f8c49a5386
0529214b3cc63f24cb7401360fc0d35b9c18ed49
c4c99397c568e1ebd8c67865147a2b01031d0445
Comment 13 Samba QA Contact 2022-09-07 19:02:42 UTC
This bug was referenced in samba v4-16-stable (Release samba-4.16.5):

19f285e080980b0fbac125d3e0877bfe8424ff25
b910d9f6e0077159f44a12437402811337c51533
9cb40437278fb7963f42efe69ce0227aa21303bc