15909 – Race condition due to in-memory fsp_name copy being stale after rename

Bug 15909 - Race condition due to in-memory fsp_name copy being stale after rename

Summary: Race condition due to in-memory fsp_name copy being stale after rename

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-09-09 15:00 UTC by Volker Lendecke
Modified:	2025-09-09 15:00 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Volker Lendecke 2025-09-09 15:00:40 UTC

As part of the rename code path Samba changes the file name in the locking.tdb entry for the file. It also asynchronously informs all smbds about the changed name with async messages. This can lead to races when an smbd uses the in-memory fsp->fsp_name for file system operations when another process has renamed a file but the async message has not yet reached all smbds.