[PATCH] Fix bug #11375 - ordering issue in teardown in server exit.

Stefan Metzmacher metze at samba.org
Tue Nov 24 21:09:39 UTC 2015


Am 24.11.2015 um 22:01 schrieb Jeremy Allison:
> On Tue, Nov 24, 2015 at 09:42:00PM +0100, Stefan Metzmacher wrote:
>> Hi Jeremy,
>>
>>> Fix is pretty self-explainatory.
>>>
>>> Please review and push if happy !
>>
>> This is very similar to https://bugzilla.samba.org/show_bug.cgi?id=11218
>> and https://bugzilla.samba.org/show_bug.cgi?id=11394
>>
>> I was trying to reproduce this for a long time now,
>> without success.
>>
>> How do you reproduce this reliable?
> 
> I can't. Richard's company was having this
> happen 16 times / day.
> 
>> I'm sure your fix is able to fix the problem,
>> but I don't understand how this can happen.
> 
> Yeah, me neither :-(.
> 
>> smbXsrv_session_logoff_all() called ealier should
>> have removed all sessions already, so the session_table
>> should be empty at that stage..., or am I wrong???
> 
> smbXsrv_session_logoff_all() calls smbXsrv_session_logoff_all_callback()
> which calls smbXsrv_session_clear_and_logoff, which calls smbXsrv_session_logoff().
> 
> Inside that we do all the de-initialization,
> but we don't free struct smbXsrv_session *session,
> so it's still allocated and hanging off client->table.
> 
> Then we free global_smbXsrv_client. That calls
> the destructor on the struct smbXsrv_session *session
> memory allocated off client->table, so we call
> smbXsrv_session_destructor(). That invokes
> smbXsrv_session_clear_and_logoff(), which calls
> smbXsrv_session_logoff() *again*.
> 
> So that's how it's getting called twice (and
> without the patch client->sconn is now NULL).

smbXsrv_session_logoff() sets session->table = NULL;
and should exit immediately the 2nd time.
Am I missing something?

This can only explained if it's NOT called twice,
but the first time AFTER sconn is already gone.

A wild guess, could we have a bug in dbwrap_rbt traverse?
That may skip entries randomly?

> The thing I can't figure out, is when
> smbXsrv_session_logoff() is called the first
> time, it checks session->compat and does
> (essentially):
> 
> if (session->compat) {
> 	file_close_user(sconn, session->compat->vuid);
> 	.... other stuff..
> 	invalidate_vuid(sconn, session->compat->vuid);
> 	session->compat = NULL;
> }
> 
> So the second time it gets called session->compat
> should be NULL and the sconn references shouldn't
> be made.
> 
> But still, this has been confirmed to work by
> Richard.
> 
> Actually my first patch would also have worked I
> think, as session is a child of global_smbXsrv_client->table,
> but the logic behind that was less clear (even though
> it's more explicit about avoiding any ordering issues
> when global_smbXsrv_client talloc children are being
> deleted).
> 
> The only other way to fix this is the below, but
> I thought that was *way* too ugly :-).

Yes.

> Jeremy.
> 
> diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c
> index c5b7b79..27c5395 100644
> --- a/source3/smbd/smbXsrv_session.c
> +++ b/source3/smbd/smbXsrv_session.c
> @@ -1400,7 +1400,7 @@ NTSTATUS smbXsrv_session_logoff(struct smbXsrv_session *session)
>         }
>         session->db_rec = NULL;
> 
> -       if (session->compat) {
> +       if (sconn && session->compat) {
>                 file_close_user(sconn, session->compat->vuid);
>         }
> 
> @@ -1419,7 +1419,9 @@ NTSTATUS smbXsrv_session_logoff(struct smbXsrv_session *session)
>         }
> 
>         if (session->compat) {
> -               invalidate_vuid(sconn, session->compat->vuid);
> +               if (sconn) {
> +                       invalidate_vuid(sconn, session->compat->vuid);
> +               }
>                 session->compat = NULL;
>         }
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151124/9f5e950e/signature.sig>


More information about the samba-technical mailing list