[Samba] WinXP/x64 - MFC CFile objects leak parent directory
dkrnic at googlemail.com
Wed Feb 6 20:52:34 GMT 2008
On 2/5/08, Volker Lendecke <Volker.Lendecke at sernet.de> wrote:
> On Tue, Feb 05, 2008 at 06:25:03PM +0100, Dragan Krnic wrote:
> > 1. messages.x64.fmt.bz2 formatted full_audit log
> > 2. pmn33.x64.bz2 formatted level 10 samba log
> > 3. wireshark.out.bz2 formatted wireShark print-out
> > 4. x64-26-07.bz2 capture file with relevant 200 packets
> This is not usable, sorry. Remove the formatting and send
> sniffs *COMPARING* both behaviours.
Sorry, Volker, I didn't manage to get both behaviours in one session
but here we go for the behaviour of a Windows XP/ia32:
The sequence of
opening the file for read,
getting the oplock (kernel_flock)
in lines 274 through 276 of the formatted full_audit log in the said file
# 1 messages.x86.fmt.bz2 flips directly to "fstat". But in the new file
# 1 messages.ia32.fmt.bz2 you can see that there is a whole lot more
being done on a 32-bit Windows XP, before it eventually continues
with "fstat" etc. The transactions in lines 278 ("stat") through 298
are missing in the full_audit log when the client is a Windows XP/x64
and this practically means that the handle on the parent's directory
never gets released by the client.
Since all of the transactions in these files are taking place at exactly the
same time today at 20:38:19, just as all the transactions occurred exactly
same time yesterday at 16:26:07, I've removed the timestamp, host name,
service name, user name and client's IP-address to make the file more
compact and easier to read. The format gives 20 characters (the length
of "sys_acl_get_tag_type") to the action, 6 char for sucess (empty) or
failure (NoDATA or NoFILE) and the rest of the line is the path name
relative to the share's root, followed eventually by a stream name (e.g.
I've abstained from formatting the samba log at level 10 in the new file:
#2 pmn30.ia32.bz2. I'm sorry, that the previous file was formatted in a
way that _I_ find easiest to follow - by coalescing all the lines between two
timestamps into one line. I'm a bit attention-challenged and can't see
the wood when there are too many trees around:-), so I thought everyone
will like the way I look at it. Anyway the new file contains 12322 lines
just as they are spewed out by Samba. I can't see where the kernel_flock
is logged in Samba level 10 - I guess around line #11675 or so but you'll
find it I'm sure.
The 3rd file in this letter is the raw capture file "ia32-20-38-19.bz2" with
186 relevant packets at that point in time. The problem transaction begins
at packet #69. I haven't enclosed the wireShark print-out of all expanded
packets at all, which you can produce yourself if you need it.
I hope you'll see what's wrong when an x64 XP client is communicating
with a Samba server as opposed to when a 32-bit XP client is doing it,
and doing it right.
More information about the samba