Fix bug 10216

[Volker Lendecke]

Hi!

Attached find a bugfix for 10216. Only in master.

Please review&push!

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 7c06a25bae4db1332fb95ce2a6f4637977bf3635 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 18 Oct 2013 15:12:35 +0000
Subject: [PATCH 1/2] smbd: Fix bug 10216

While refactoring find_oplock_types to validate_oplock_types I forgot
that stat opens will end up in locking.tdb. So even with a batch oplock
around we can have more than one entry. This means the consistency check
in validate_oplock_types was wrong and too strict.

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/smbd/open.c |   32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index fa52fcc..c3e1a76 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1211,6 +1211,7 @@ static bool validate_oplock_types(files_struct *fsp,
 	bool ex_or_batch = false;
 	bool level2 = false;
 	bool no_oplock = false;
+	uint32_t num_non_stat_opens = 0;
 	uint32_t i;
 
 	/* Ignore stat or internal opens, as is done in
@@ -1235,6 +1236,8 @@ static bool validate_oplock_types(files_struct *fsp,
 			continue;
 		}
 
+		num_non_stat_opens += 1;
+
 		if (BATCH_OPLOCK_TYPE(e->op_type)) {
 			/* batch - can only be one. */
 			if (share_mode_stale_pid(d, i)) {
@@ -1294,7 +1297,7 @@ static bool validate_oplock_types(files_struct *fsp,
 
 	remove_stale_share_mode_entries(d);
 
-	if ((batch || ex_or_batch) && (d->num_share_modes != 1)) {
+	if ((batch || ex_or_batch) && (num_non_stat_opens != 1)) {
 		DEBUG(1, ("got batch (%d) or ex (%d) non-exclusively (%d)\n",
 			  (int)batch, (int)ex_or_batch,
 			  (int)d->num_share_modes));
@@ -1312,17 +1315,38 @@ static bool delay_for_oplock(files_struct *fsp,
 {
 	struct share_mode_data *d = lck->data;
 	struct share_mode_entry *entry;
+	uint32_t num_non_stat_opens = 0;
+	uint32_t i;
 
 	if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
 		return false;
 	}
-	if (lck->data->num_share_modes != 1) {
+	for (i=0; i<d->num_share_modes; i++) {
+		struct share_mode_entry *e = &d->share_modes[i];
+		if (e->op_type == NO_OPLOCK && is_stat_open(e->access_mask)) {
+			continue;
+		}
+		num_non_stat_opens += 1;
+
+		/*
+		 * We found the a non-stat open, which in the exclusive/batch
+		 * case will be inspected further down.
+		 */
+		entry = e;
+	}
+	if (num_non_stat_opens == 0) {
+		/*
+		 * Nothing to wait for around
+		 */
+		return false;
+	}
+	if (num_non_stat_opens != 1) {
 		/*
-		 * More than one. There can't be any exclusive or batch left.
+		 * More than one open around. There can't be any exclusive or
+		 * batch left, this is all level2.
 		 */
 		return false;
 	}
-	entry = &d->share_modes[0];
 
 	if (server_id_is_disconnected(&entry->pid)) {
 		/*
-- 
1.7.9.5


From 49c2c19bf2f4e4e9e0b3f18289b6f82a8ea47493 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 18 Oct 2013 13:11:38 +0000
Subject: [PATCH 2/2] torture: Add reproducer for bug 10216

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/torture/raw/oplock.c |   12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/source4/torture/raw/oplock.c b/source4/torture/raw/oplock.c
index 34e270d..c0738e9 100644
--- a/source4/torture/raw/oplock.c
+++ b/source4/torture/raw/oplock.c
@@ -556,6 +556,18 @@ static bool test_raw_oplock_exclusive4(struct torture_context *tctx, struct smbc
 	CHECK_VAL(break_info.count, 0);
 	CHECK_VAL(break_info.failures, 0);
 
+	/*
+	 * Open another non-stat open. This reproduces bug 10216. Make sure it
+	 * won't happen again...
+	 */
+	io.ntcreatex.in.flags = 0;
+	io.ntcreatex.in.access_mask = SEC_FILE_READ_DATA;
+	status = smb_raw_open(cli2->tree, tctx, &io);
+	CHECK_STATUS(tctx, status, NT_STATUS_SHARING_VIOLATION);
+	torture_wait_for_oplock_break(tctx);
+	CHECK_VAL(break_info.count, 0);
+	CHECK_VAL(break_info.failures, 0);
+
 	smbcli_close(cli1->tree, fnum);
 	smbcli_close(cli2->tree, fnum2);
 
-- 
1.7.9.5