[Samba] The connection would be broken when read rate is too big

Ralph Böhme slow at samba.org
Thu Mar 2 21:39:16 UTC 2017


On Thu, Mar 02, 2017 at 01:23:50PM -0800, Jeremy Allison wrote:
> On Thu, Mar 02, 2017 at 11:03:50AM +0100, Ralph Böhme wrote:
> > On Wed, Mar 01, 2017 at 05:12:23PM -0800, Jeremy Allison wrote:
> > > On Wed, Mar 01, 2017 at 04:29:49PM -0800, Jeremy Allison wrote:
> > > > On Wed, Mar 01, 2017 at 08:31:32AM +0000, Chenyehua via samba wrote:
> > > > > I don’t know why the fd is marked to readable when the send queue is more than the max.
> > > > > Or why mark the fd readable but not allocate memory to the state->req.
> > > > > 
> > > > > My solution: Allocate memory to the state->req before return when the send
> > > > > queue is more than the max in smbd_smb2_request_next_incoming function.
> > > > > 
> > > > > Could you give us some help about the problem.
> > > > 
> > > > I'm looking at this now. Your report looks correct.
> > > > Can you log a bug at bugzilla.samba.org so we can
> > > > track this ?
> > > 
> > > Can you try the following (raw and untested) patch ?
> > 
> > Fwiw, I looked into this as well and came to the same conclusion.
> 
> Here's the official patch to the bug I logged:
> 
> https://bugzilla.samba.org/show_bug.cgi?id=12608
> 
> I managed to reproduce locally by
> setting aio read size = 1 and then mangling smbd_smb2_request_next_incoming()
> to block any reads if there were any outgoing entries
> in the queue - but it wasn't reliably reproducible or easily
> tested.

Something like the attached should work to reproduce it. Untested, but you get
the idea.

> If you can think of a good way to add a reliable
> regression test I'd be happy to review, but I think the
> patch is good on its own.
> 
> Please review and push if happy.

Pushed!

Cheerio!
-slow
-------------- next part --------------
From 403e1f88446a4116b8099d395a4361819c6ad51b Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Thu, 2 Mar 2017 22:32:08 +0100
Subject: [PATCH] HACK: s3/smbd: only write one byte in
 smbd_smb2_flush_send_queue()

Reproducer for bug #12608.
---
 source3/smbd/smb2_server.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index b0a4afc..0d2421c 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3575,6 +3575,7 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct smbXsrv_connection *xconn)
 	while (xconn->smb2.send_queue != NULL) {
 		struct smbd_smb2_send_queue *e = xconn->smb2.send_queue;
 		bool ok;
+		size_t saved_iov_len;
 
 		if (e->sendfile_header != NULL) {
 			NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
@@ -3622,7 +3623,11 @@ static NTSTATUS smbd_smb2_flush_send_queue(struct smbXsrv_connection *xconn)
 			continue;
 		}
 
+		saved_iov_len = e->vector[0].iov_len;
+		e->vector[0].iov_len = 1;
 		ret = writev(xconn->transport.sock, e->vector, e->count);
+		e->vector[0].iov_len = saved_iov_len;
+
 		if (ret == 0) {
 			/* propagate end of file */
 			return NT_STATUS_INTERNAL_ERROR;
-- 
2.9.3



More information about the samba-technical mailing list