[Pkg-samba-maint] DO NOT REPLY [Bug 6651] smbd SIGSEGV when breaking oplocks

samba-bugs at samba.org samba-bugs at samba.org
Fri Aug 21 21:30:25 UTC 2009 

https://bugzilla.samba.org/show_bug.cgi?id=6651


jra at samba.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
Attachment #4580 is|0                           |1
           obsolete|                            |
   Attachment #4585|                            |review?(metze at samba.org)
               Flag|                            |




------- Comment #9 from jra at samba.org  2009-08-21 16:30 CST -------
Created an attachment (id=4585)
 --> (https://bugzilla.samba.org/attachment.cgi?id=4585&action=view)
Updated patch.

Ok, this is an update on the previous patch. As Petr Vandrovec pointed out,
sig_state->sig_info[signum][] has to be treated as a ring buffer. The key to
the change is that on receipt of a signal the siginfo_t data isn't stored into:

int count = sig_count(sig_state->signal_count[signum])
sig_state->sig_info[signum][count] = *info

but is stored into (count + sig_state->signal_count[signum].seen MOD buffer
size) (SA_INFO_QUEUE_COUNT) instead. sig_state->signal_count[signum].seen MOD
buffer size is the index of the first unprocessed siginfo_t data.

When processing the received signals inside tevent_common_check_signal() the
same calculation is used to find the first entry in the ring buffer to process.
The other changes are the same.

The only additional modification (I found this useful when hand-testing the
fix) is to zero fill the siginfo_t array when allocating, and memset each
processed entry back to zero after it was processed. This will make finding
runtime errors in this code easier, as if a handler is ever called with a
siginfo_t struct that is zero filled we know we have a logic error.

I'm pretty satisfied with this fix, and plan to commit one it's passed testing
(unless Petr Vandrovec can spot any more logic errors or race conditions I've
missed).

Petr, Metze and Volker, please review - thanks !

Jeremy.


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.

More information about the Pkg-samba-maint mailing list