diff options
author | Jeremy Allison <jra@samba.org> | 2000-04-27 18:46:10 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2000-04-27 18:46:10 +0000 |
commit | e3987ff7a638f9ea8b6794f1ed0df530d8488033 (patch) | |
tree | 699420ad5d125a75131eb8b02329770172ec7948 /source3 | |
parent | 3d9141d4156a3207af03d4137acd4b1cde46cfae (diff) | |
download | samba-e3987ff7a638f9ea8b6794f1ed0df530d8488033.tar.gz samba-e3987ff7a638f9ea8b6794f1ed0df530d8488033.tar.bz2 samba-e3987ff7a638f9ea8b6794f1ed0df530d8488033.zip |
Fixed crash bugs Andrew pointed out with LOCK4 smbtorture
test. Was miscounting posix locks, plus was not taking into account
the case where other_fsp == fsp in the 'move locks' case. DOH ! This
code will be re-written anyway :-).
Jeremy.
(This used to be commit 5278ec016cb24d8263fe6e7c1d389f466270ef24)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/smb.h | 2 | ||||
-rw-r--r-- | source3/locking/locking.c | 17 | ||||
-rw-r--r-- | source3/smbd/open.c | 12 |
3 files changed, 16 insertions, 15 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h index 1559143418..2e11d66729 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -489,7 +489,7 @@ typedef struct files_struct time_t pending_modtime; int oplock_type; int sent_oplock_break; - unsigned int num_posix_locks; + int num_posix_locks; unsigned int num_posix_pending_closes; int *posix_pending_close_fds; BOOL can_lock; diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 811dfbc101..b61e8acedc 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -284,7 +284,7 @@ static BOOL is_posix_locked(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG_UI SMB_OFF_T count; DEBUG(10,("is_posix_locked: File %s, offset = %.0f, count = %.0f, type = %s\n", - fsp->fsp_name, (double)offset, (double)count, lock_type_name(lock_type) )); + fsp->fsp_name, (double)u_offset, (double)u_count, lock_type_name(lock_type) )); /* * If the requested lock won't fit in the POSIX range, we will @@ -315,7 +315,7 @@ static BOOL set_posix_lock(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG_UIN BOOL ret = True; DEBUG(5,("set_posix_lock: File %s, offset = %.0f, count = %.0f, type = %s\n", - fsp->fsp_name, (double)offset, (double)count, lock_type_name(lock_type) )); + fsp->fsp_name, (double)u_offset, (double)u_count, lock_type_name(lock_type) )); /* * If the requested lock won't fit in the POSIX range, we will @@ -350,17 +350,15 @@ static BOOL release_posix_lock(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG BOOL ret = True; DEBUG(5,("release_posix_lock: File %s, offset = %.0f, count = %.0f\n", - fsp->fsp_name, (double)offset, (double)count )); + fsp->fsp_name, (double)u_offset, (double)u_count )); if(u_count == 0) { /* * This lock must overlap with an existing read-only lock - * help by another fd. Just decrement the count but don't - * do any POSIX call. + * help by another fd. Don't do any POSIX call. */ - fsp->num_posix_locks--; return True; } @@ -374,10 +372,7 @@ static BOOL release_posix_lock(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG ret = fcntl_lock(fsp->fd,SMB_F_SETLK,offset,count,F_UNLCK); - if(ret) - fsp->num_posix_locks--; - - return True; + return ret; } /**************************************************************************** @@ -565,6 +560,8 @@ BOOL do_unlock(files_struct *fsp,connection_struct *conn, fsp->num_posix_locks--; + SMB_ASSERT(fsp->num_posix_locks >= 0); + return True; /* Did unlock */ } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 44bb6ebaf7..c7ca8256d2 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -57,12 +57,16 @@ static BOOL fd_close_posix_locks(files_struct *fsp) { files_struct *other_fsp; - DEBUG(10,("fd_close_posix_locks: file %s: fsp->num_posix_pending_closes = %u.\n", fsp->fsp_name, - (unsigned int)fsp->num_posix_pending_closes )); + DEBUG(10,("fd_close_posix_locks: file %s: fsp->num_posix_pending_closes = %u \ +fsp->posix_pending_close_fds = %lx.\n", fsp->fsp_name, + (unsigned int)fsp->num_posix_pending_closes, (unsigned long)fsp->posix_pending_close_fds )); for(other_fsp = file_find_di_first(fsp->dev, fsp->inode); other_fsp; other_fsp = file_find_di_next(other_fsp)) { + if(other_fsp == fsp) + continue; + if ((other_fsp->fd != -1) && other_fsp->num_posix_locks) { /* @@ -74,8 +78,8 @@ static BOOL fd_close_posix_locks(files_struct *fsp) unsigned int extra_fds = fsp->num_posix_pending_closes + 1; DEBUG(10,("fd_close_posix_locks: file %s: Transferring to \ -file %s, other_fsp->num_posix_pending_closes = %u.\n", - fsp->fsp_name, other_fsp->fsp_name, (unsigned int)other_fsp->num_posix_pending_closes )); +file %s, extra_fds = %u, other_fsp->num_posix_pending_closes = %u.\n", + fsp->fsp_name, other_fsp->fsp_name, extra_fds, (unsigned int)other_fsp->num_posix_pending_closes )); other_fsp->posix_pending_close_fds = (int *)Realloc(other_fsp->posix_pending_close_fds, (other_fsp->num_posix_pending_closes + |