"stat open" lseek(fd = -1)
David Disseldorp
ddiss at samba.org
Mon Mar 4 11:03:32 UTC 2019
On Fri, 1 Mar 2019 13:36:49 -0800, Jeremy Allison wrote:
> On Wed, Feb 27, 2019 at 04:52:28PM +0100, David Disseldorp via samba-technical wrote:
> > Hi Samba archaeologists,
> >
> > Explicit "stat open" tracking was removed way back in 2002 with
> > b9e91d2a8e41a43d7ebb7d7eed807a7d8de9b329. This change instead added a
> > "fd == -1" check to the vfs_default lseek handler, which has remained to
> > this day.
> > Does anybody know whether this lseek(fd = -1) condition can still /
> > could ever be triggered? If so, how?
...
> So the only question is SMB_VFS_LSEEK still used as we now use pread
> for everything (or we should).
>
> $ git grep SMB_VFS_LSEEK gives:
>
> docs-xml/Samba-Developers-Guide/vfs.xml:#define SMB_VFS_LSEEK(fsp, fd, offset, whence) \
> source3/include/vfs_macros.h:#define SMB_VFS_LSEEK(fsp, offset, whence) \
> source3/smbd/reply.c: if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
> source3/smbd/reply.c: res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
> source3/smbd/reply.c: ret = SMB_VFS_LSEEK(fsp2, 0, SEEK_END);
> source3/smbd/smb2_ioctl_filesys.c: data_off = SMB_VFS_LSEEK(fsp, curr_off, SEEK_DATA);
> source3/smbd/smb2_ioctl_filesys.c: hole_off = SMB_VFS_LSEEK(fsp, data_off, SEEK_HOLE);
> source3/torture/cmd_vfs.c: pos = SMB_VFS_LSEEK(vfs->files[fd], offset, whence);
>
> The calls inside smb2_ioctl_filesys.c are protected
> by:
>
> /* READ_DATA permission is required */
> status = check_access_fsp(fsp, FILE_READ_DATA);
>
> so they should be OK.
>
> source3/torture/cmd_vfs.c is merely a test.
>
> The calls in reply.c come from:
>
> 1). reply_lseek(), which doesn't check access permissions (so might
> be called on a stat open).
>
> 2). reply_copy(), which opens src and dest as real, not stat
> files.
>
> So I think SMB1 with an SMBlseek call is the only possible
> caller here.
>
> Does that help ?
Yes, very much so - thanks Jeremy!
reply_lseek() bails on check_fsp() failure (triggered on -1 fd), so I
think that covers all callers and allows for removal of the VFS check.
Please see attached.
Cheers, David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-vfs-drop-lseek-stat-open-checks.patch
Type: text/x-patch
Size: 1825 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190304/5e6d1d2a/0001-vfs-drop-lseek-stat-open-checks.bin>
More information about the samba-technical
mailing list