Question on how smbd handles signals (possible bug)

tvrtko.ursulin at sophos.com tvrtko.ursulin at sophos.com
Tue Sep 23 16:35:49 GMT 2008 

Hello all,

We were looking at a problem one of our customers had when running 
on-access anti-malware protection on their Samba server. The issue is that 
sometimes creating a file fails leaving a zero-sized file behind.

Initial analysis leads us to think that signals handlers smbd sets up 
should be either created with SA_RESTART or EINTR from open should be 
correctly handled by retrying the operation. Otherwise if a signal is 
delivered while smbd is executing an open system call EINTR will cause the 
operation to fail as can be seen from the strace log below.

6219  write(21, "  calling open_file with flags=0x2 flags2=0x40 
mode=0764\n", 57) = 57
6219  open("ppt28.tmp", O_RDWR|O_CREAT|O_LARGEFILE, 0764) = ? ERESTARTSYS 
(To be restarted)
6219  --- SIGRT_4 (Real-time signal 2) @ 0 (0) ---
6219  write(26, "\1", 1)                = 1
6219  rt_sigreturn(0xbfffef00)          = -1 EINTR (Interrupted system 
call)
6219  write(21, "  fd_open: name ppt28.tmp, flags = 0102 mode = 0764, fd = 
-1. Interrupted system call\n", 86) = 86
6219  write(21, "  Error opening file ppt28.tmp (Interrupted system call) 
(local_flags=66) (flags=66)\n", 85) = 85

Earlier in the strace we see:

6219  rt_sigaction(SIGRT_4, {0x82444d0, [], SA_SIGINFO}, NULL, 8) = 0

And there is more than one line as above as smbd runs, none of which 
specifies SA_RESTART (some other signal handlers do on the other hand).

Why having our on-access product triggers this bug and it is not seen (a 
guess - haven't checked) otherwise? Probably because open system calls 
take a lot longer when our product is installed (opening process gets 
blocked in it while file content scanning takes place)  which increases 
the window for the bug to trigger.

So you guys here will know the internals of smbd much better than me so 
hopefully you will be able to tell me if we are on the right track 
thinking how this is a bug or something else is afoot?

Many thanks,

Tvrtko


Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon,
OX14 3YP, United Kingdom.

Company Reg No 2096520. VAT Reg No GB 348 3873 20.

More information about the samba-technical mailing list