Bug 15699 - incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated
Summary: incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-08-23 03:10 UTC by David Disseldorp
Modified: 2024-10-17 12:05 UTC (History)
3 users (show)

See Also:


Attachments
cherry-picked fix for 4.19-test (5.77 KB, text/plain)
2024-08-29 00:20 UTC, David Disseldorp
npower: review-
Details
cherry-picked fix for 4.20-test (5.77 KB, patch)
2024-08-29 00:20 UTC, David Disseldorp
npower: review-
Details
cherry-picked fix for 4.21-test (5.77 KB, text/plain)
2024-08-29 00:21 UTC, David Disseldorp
npower: review-
Details
backport for 4.19/4.20 (14.60 KB, patch)
2024-08-29 09:11 UTC, Noel Power
ddiss: review+
Details
backported patch for 4.21 (14.60 KB, patch)
2024-08-29 09:12 UTC, Noel Power
ddiss: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description David Disseldorp 2024-08-23 03:10:26 UTC
This bug was raised by David Howells on the upstream Samba / cifs.ko mailing lists. Tom Talpey and Ronnie clarified the expected behaviour:

On 5/23/2024 2:36 AM, David Howells wrote:
> ronnie sahlberg <ronniesahlberg@gmail.com> wrote:
>   
>>> The problem is that it essentially renders SEEK_DATA/SEEK_HOLE unusable for
>>> applications on cifs.  If there's more than one extent above the starting
>>> position, they'll fail with EIO.  The only way to do it is to provide for a
>>> sufficiently large buffer to accommodate however many extents that there are
>>> (and there could be millions, in theory) in order to get just the first one.  
>>
>> Wait, I didn't read all the text in the initial posts correctly.
>> Do you mean if you ask for "max x bytes of response, enough for n
>> entries" then if there
>> are > n entries on the server you get nothing back?
>>
>> I am pretty sure Windows will return as many entries as fits in the
>> reponse out-data-size
>> nad some error code.
>> But you are saying that instead of returning a truncated out-blob that > If OutputBufferSize < ((OutputBufferIndex + 1) *   
sizeof(FILE_ALLOCATED_RANGE_BUFFER)) then:
> 
>     Set Status to STATUS_BUFFER_OVERFLOW.  

>> samba will return nothing?  
> 
> It returns a STATUS_BUFFER_TOO_SMALL error if there's more than one extent
> record to return.  

Yeah, I think this is a Samba server issue. Ronnie is right that it
should return a partial response and a STATUS_BUFFER_OVERFLOW error
indicating that it's partial. It's not supposed to return
STATUS_BUFFER_TOO_SMALL unless the entire buffer is less than one
entry.

MS-FSA section 2.5.10.22

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-fsa/385dec98-90fe-477f-9789-20a47a7b8467

Tom.
Comment 1 Samba QA Contact 2024-08-28 08:55:04 UTC
This bug was referenced in samba master:

5e278a52646a48e3671270e5b57ec5b852f9fb4b
Comment 2 David Disseldorp 2024-08-29 00:20:18 UTC
Created attachment 18419 [details]
cherry-picked fix for 4.19-test
Comment 3 David Disseldorp 2024-08-29 00:20:50 UTC
Created attachment 18420 [details]
cherry-picked fix for 4.20-test
Comment 4 David Disseldorp 2024-08-29 00:21:27 UTC
Created attachment 18421 [details]
cherry-picked fix for 4.21-test
Comment 5 Noel Power 2024-08-29 09:08:06 UTC
Comment on attachment 18419 [details]
cherry-picked fix for 4.19-test

Think if it isn't much trouble we should keep the torture test to ease verification and prevent regressions
Comment 6 Noel Power 2024-08-29 09:08:43 UTC
Comment on attachment 18420 [details]
cherry-picked fix for 4.20-test

same comment as 4.19 patch
Comment 7 Noel Power 2024-08-29 09:09:47 UTC
Comment on attachment 18421 [details]
cherry-picked fix for 4.21-test

as the others but in this case the missing torture function is in this release so no need to drop the test
Comment 8 Noel Power 2024-08-29 09:11:31 UTC
Created attachment 18423 [details]
backport for 4.19/4.20

test has been modified to use the existing torture_assert_u64 fn. I think for the test this is sufficient
Comment 9 Noel Power 2024-08-29 09:12:01 UTC
Created attachment 18424 [details]
backported patch for 4.21
Comment 10 Noel Power 2024-08-29 13:28:23 UTC
-> jule for backporting 4.19, 4.20, 4.21 (not sure if all are still supported)
Comment 11 Jule Anger 2024-08-29 13:55:37 UTC
Pushed to autobuild-v4-{21,20,19}-test.
Yes, they are all still supported.
Comment 12 Samba QA Contact 2024-08-29 15:31:03 UTC
This bug was referenced in samba v4-21-test:

10dddd55152efbe578b01b25c8bb58a9ea7abc3b
Comment 13 Samba QA Contact 2024-08-30 09:02:04 UTC
This bug was referenced in samba v4-20-test:

72aa92c67d861a676377dd13397d797394178e90
Comment 14 Jule Anger 2024-08-30 11:23:44 UTC
autobuild-v4-19-test failed for samba-h5l-build during make.
Reassigning to Noel.
Comment 20 Samba QA Contact 2024-09-02 10:02:04 UTC
This bug was referenced in samba v4-21-test:

b2ce6308c1927d844bbae519f0aa1c9ef446001c
Comment 21 Samba QA Contact 2024-09-02 10:03:03 UTC
This bug was referenced in samba v4-19-test:

1602d847354f0b72057ff3af1f9002e7c26bc494
Comment 22 Samba QA Contact 2024-09-02 11:44:54 UTC
This bug was referenced in samba v4-21-stable (Release samba-4.21.0):

10dddd55152efbe578b01b25c8bb58a9ea7abc3b
b2ce6308c1927d844bbae519f0aa1c9ef446001c
Comment 23 Samba QA Contact 2024-09-02 13:42:12 UTC
This bug was referenced in samba v4-20-test:

9e2c58c7d39737d4eae091a518bdcc21837b7f35
Comment 24 Jule Anger 2024-09-03 07:19:51 UTC
Closing out bug report.

Thanks!
Comment 25 Samba QA Contact 2024-09-17 11:47:15 UTC
This bug was referenced in samba v4-20-stable (Release samba-4.20.5):

72aa92c67d861a676377dd13397d797394178e90
9e2c58c7d39737d4eae091a518bdcc21837b7f35
Comment 26 Samba QA Contact 2024-10-17 12:05:18 UTC
This bug was referenced in samba v4-19-stable (Release samba-4.19.9):

1602d847354f0b72057ff3af1f9002e7c26bc494