Is Samba AIO affected by recent Linux data corruption bug?
Bram Matthys
syzop at vulnscan.org
Thu Dec 14 07:38:22 UTC 2023
Hi everyone,
In relation to the recent Linux filesystem corruption bug with O_DIRECT
[1]. I read that to trigger this, an application needs to use O_DIRECT
and that the bug is that the file position is not updated properly. So
the bug does not happen with pwrite(), or if lseek() is always called prior.
My questin: would this bug be triggered by Samba? I know Samba does AIO
and that it is enabled by default (i have it on too). But I see heavy
use of pwrite(). Does that mean things are safe? Or does it also use
O_DIRECT without pwrite/lseek as well.
Would love to hear from a samba dev or someone who otherwise is familiar
with this part of the code, to be sure. It is hard for me as an outsider
to judge/audit the code in such a short timeframe and so easy to miss
something.
The reason is, I missed the word on this filesystem corruption issue and
due to an unfortunate timing (system maintenance with a reboot to the
affected kernel last weekend) we had a production machine running 3 days
with the affected kernel. As for Samba, we are on 4.18.8.
Of course I have been doing a quick compare with last safe backup but
sadly that is of limited use. It only shows what files have changed but
not if the change is among one of the many legit changes or a case of
file corruption. So far I have zero indications of corruption but it
would be so much better to know if Samba would trigger this bug or not.
I can imagine the Samba team would have had similar questions, if not on
list then from customers directly, in the past week or so.
Thanks in advance,
Bram Matthys
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057843 and
https://lore.kernel.org/stable/20231205122122.dfhhoaswsfscuhc3@quack3/ etc.
More information about the samba-technical
mailing list