Samba 4.11.6: Consecutive calls to smb_raw_open fail

Rungta, Vandana vrungta at amazon.com
Sat Mar 7 00:09:50 UTC 2020 

Hello Volker,

The following commit breaks the raw open test that has consecutive calls to smb_raw_open when using a VFS module which sets its own fsp extension during open:
 https://github.com/samba-team/samba/commit/32766db210426d92948a7d81d923f9d669ff3ed6#diff-16b9045b7fe56710f3a3e42a39ca1ec1

Test sequence from smbtorture test source4/torture/raw/open.c (test RAW_OPEN_OPEN):

          status = smb_raw_open(cli->tree, tctx, &io);

          CHECK_STATUS(status, NT_STATUS_OK);

          fnum = io.openold.out.file.fnum;

          CHECK_RDWR(fnum, RDWR_RDWR);



          status = smb_raw_open(cli->tree, tctx, &io);

  *   Succeeds -->         CHECK_STATUS(status, NT_STATUS_OK);

          fnum2 = io.openold.out.file.fnum;

 --> FAILS --> CHECK_RDWR(fnum2, RDWR_RDWR);   // Does a pread/pwrite

          smbcli_close(cli->tree, fnum2);

          smbcli_close(cli->tree, fnum);



Analysis:  Our user space file system VFS module will add a fsp extension to the fsp structure on open.  After the 2nd open, the pread and pwrite calls are passed a fsp that does not have the FSP extension set.


The test passes if we revert the commit. Since the commit moved the  fcb_or_dos_open call and changed it to no longer takes a fsp parameter and since it creates a new fsp and when dup’ng from the original fsp does not copy the fsp extension, the fsp extension is not preserved.  This fsp is then passed to our VFS module’s pread/pwrite without the fsp extension -> resulting in our VFS module returning an error “File not open”.  Internally in the Samba code it is processing NT_STATUS_SHARING_VIOLATION code paths.

Previous to this commit, the destination fsp that was passed to fcb_or_dos_open had the fsp_extension already set, so when dup’ing it did not need to be copied.  Now that the destination fsp is new, it does not have the fsp extension set and when the fsp is passed to the VFS module interface it no longer has the VFS module context.

I happy to provide any additional information / call traces that you need.



Thanks,

Vandana Rungta

More information about the samba-technical mailing list