Question on how smbd handles signals (possible bug)

tvrtko.ursulin at sophos.com tvrtko.ursulin at sophos.com
Tue Sep 23 17:09:15 GMT 2008 

Volker Lendecke <Volker.Lendecke at SerNet.DE> wrote on 23/09/2008 17:58:00:

> On Tue, Sep 23, 2008 at 05:35:49PM +0100, tvrtko.ursulin at sophos.com 
wrote:
> > We were looking at a problem one of our customers had when running 
> > on-access anti-malware protection on their Samba server. The issue is 
that 
> > sometimes creating a file fails leaving a zero-sized file behind.
> > 
> > Initial analysis leads us to think that signals handlers smbd sets up 
> > should be either created with SA_RESTART or EINTR from open should be 
> > correctly handled by retrying the operation. Otherwise if a signal is 
> > delivered while smbd is executing an open system call EINTR will cause 
the 
> > operation to fail as can be seen from the strace log below.
> > 
> > 6219  write(21, "  calling open_file with flags=0x2 flags2=0x40 
> > mode=0764\n", 57) = 57
> > 6219  open("ppt28.tmp", O_RDWR|O_CREAT|O_LARGEFILE, 0764) = ? 
ERESTARTSYS 
> > (To be restarted)
> > 6219  --- SIGRT_4 (Real-time signal 2) @ 0 (0) ---
> > 6219  write(26, "\1", 1)                = 1
> > 6219  rt_sigreturn(0xbfffef00)          = -1 EINTR (Interrupted system 

> > call)
> > 6219  write(21, "  fd_open: name ppt28.tmp, flags = 0102 mode = 0764, 
fd = 
> > -1. Interrupted system call\n", 86) = 86
> > 6219  write(21, "  Error opening file ppt28.tmp (Interrupted system 
call) 
> > (local_flags=66) (flags=66)\n", 85) = 85
> > 
> > Earlier in the strace we see:
> > 
> > 6219  rt_sigaction(SIGRT_4, {0x82444d0, [], SA_SIGINFO}, NULL, 8) = 0
> 
> We don't expect this right now because this should never
> happen on a disk. Thus your modified kernel violates the
> standard behaviour. You should talk to the vendor of that
> kernel to fix it to comply with Posix.

Are you 100% sure about this? I wasn't so I went to read about it and 
found at least that you can make open block if you set a lease on the 
file. Man page for fcntl (on modern Linux at least) describes this in the 
'Leases' section. It says that an open (and truncate) can be blocked until 
the process holding a lease on that file releases it. If a signal arrives 
at that point EINTR is documented to happen.

> Nevertheless, does the attached patch help?

I'll have a look when I get access to the attachment.

Thanks,

Tvrtko


Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon,
OX14 3YP, United Kingdom.

Company Reg No 2096520. VAT Reg No GB 348 3873 20.

More information about the samba-technical mailing list