From 8ef968a23dffb2e1c1518f7489d4ab0b14a71118 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 17 Jul 2012 22:43:06 +0200 Subject: s3-aio: Panic if we try to close a fsp with outstanding aio requests The core smbd must have taken care of this. If we don't do this properly, we have a race of the close(2) against a pwrite(2). We might end up writing to the wrong file. Signed-off-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Jul 19 03:40:17 CEST 2012 on sn-devel-104 --- source3/smbd/aio.c | 16 ---------------- source3/smbd/close.c | 16 +++++++++++++++- source3/smbd/proto.h | 1 - 3 files changed, 15 insertions(+), 18 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index 9f7390bba3..3b12879798 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -973,19 +973,3 @@ static void aio_pwrite_smb2_done(struct tevent_req *req) } tevent_req_done(subreq); } - -/**************************************************************************** - Handle any aio completion inline. -*****************************************************************************/ - -void aio_fsp_close(files_struct *fsp) -{ - unsigned i; - - for (i=0; inum_aio_requests; i++) { - struct tevent_req *req = fsp->aio_requests[i]; - struct aio_extra *aio_ex = tevent_req_callback_data( - req, struct aio_extra); - aio_ex->fsp = NULL; - } -} diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 720ffa7b64..3c5b6d74eb 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -707,7 +707,21 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp, NTSTATUS tmp; connection_struct *conn = fsp->conn; - aio_fsp_close(fsp); + if (fsp->num_aio_requests != 0) { + char *str; + /* + * reply_close and the smb2 close must have taken care of + * this. No other callers of close_file should ever have + * created async I/O. + * + * We need to panic here because if we close() the fd while we + * have outstanding async I/O requests, in the worst case we + * could end up writing to the wrong file. + */ + DEBUG(0, ("fsp->num_aio_requests=%u\n", + fsp->num_aio_requests)); + smb_panic("can not close with outstanding aio requests"); + } /* * If we're flushing on a close we can get a write diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 16e2d78608..8449fe916d 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -89,7 +89,6 @@ NTSTATUS schedule_aio_smb2_write(connection_struct *conn, DATA_BLOB in_data, bool write_through); bool cancel_smb2_aio(struct smb_request *smbreq); -void aio_fsp_close(files_struct *fsp); /* The following definitions come from smbd/blocking.c */ -- cgit