[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Mar 18 18:05:01 UTC 2021
The branch, master has been updated
via 591c9196962 smbd: free open_rec state in remove_deferred_open_message_smb2_internal()
via 171a58ff3e8 smbd: cancel pending poll open timer in poll_open_done()
via 065ed088b3d smbd: reset dangling watch_req pointer in poll_open_done
from 12b8dbd0bbd s3: tests: Change logfile for printing expansion tests.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 591c9196962b695b01c0d86918b8f8a263e9665c
Author: Ralph Boehme <slow at samba.org>
Date: Tue Mar 16 18:18:46 2021 +0100
smbd: free open_rec state in remove_deferred_open_message_smb2_internal()
The lifetime of open_rec (struct deferred_open_record) ojects is the time
processing the SMB open request every time the request is scheduled, ie once we
reschedule we must wipe the slate clean. In case the request gets deferred
again, a new open_rec will be created by the schedule functions.
This ensures any timer-event tied to the open_rec gets cancelled and doesn't
fire unexpectedly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
RN: smbd panic when two clients open same file
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 18 18:04:09 UTC 2021 on sn-devel-184
commit 171a58ff3e8ee07cf5d7af08eabcb4a7379e7ce5
Author: Ralph Boehme <slow at samba.org>
Date: Wed Mar 17 16:24:28 2021 +0100
smbd: cancel pending poll open timer in poll_open_done()
The retry of the open is scheduled below, avoid rescheduling it a second time in
the open retry timeout function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 065ed088b3d5710c288e46a5bf1e063f9a29c8cc
Author: Ralph Boehme <slow at samba.org>
Date: Wed Mar 17 16:22:37 2021 +0100
smbd: reset dangling watch_req pointer in poll_open_done
We just freed subreq and a pointer to subreq is stored in open_rec->watch_req,
so we must invalidate the pointer.
Otherwise if the poll open timer fires it will do a
TALLOC_FREE(open_rec->watch_req);
on the dangling pointer which may crash or do something worse like freeing some
other random talloc memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/open.c | 3 +++
source3/smbd/smb2_create.c | 1 +
2 files changed, 4 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 5b3dc246e8a..1659df90366 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3040,6 +3040,9 @@ static void poll_open_done(struct tevent_req *subreq)
status = share_mode_watch_recv(subreq, NULL, NULL);
TALLOC_FREE(subreq);
+ open_rec->watch_req = NULL;
+ TALLOC_FREE(open_rec->te);
+
DBG_DEBUG("dbwrap_watched_watch_recv returned %s\n",
nt_errstr(status));
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 2dd3745dd32..8ff57c94aa0 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -1714,6 +1714,7 @@ static void remove_deferred_open_message_smb2_internal(struct smbd_smb2_request
state->open_was_deferred = false;
/* Ensure we don't have any outstanding immediate event. */
TALLOC_FREE(state->im);
+ TALLOC_FREE(state->open_rec);
}
void remove_deferred_open_message_smb2(
--
Samba Shared Repository
More information about the samba-cvs
mailing list