Project

General

Profile

Bug #11833

Panic in smb2_setinfo_file / smb_set_basic_info

Added by Gordon Ross 4 months ago. Updated 3 months ago.

Status:
Closed
Priority:
High
Assignee:
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

While running some tests at the SDC plugfest,
NexentaStor 5.2.1 panic'ed with this stack:

> $C
ffffff00118cc890 smb_node_setattr+0x42(ffffff0ad4ef0020, 0, ffffff0429c65eb0,
ffffff1de43eb078, ffffff00118cc998)
ffffff00118cc910 smb_set_basic_info+0x102(ffffff0ad4ef0020, ffffff00118cc970)
ffffff00118cc940 smb2_setinfo_file+0x65(ffffff0ad4ef0020, ffffff00118cc970, 4)
ffffff00118ccaa0 smb2_set_info+0x130(ffffff0ad4ef0020)
ffffff00118ccb50 smb2sr_work+0x4b4(ffffff0ad4ef0020)
ffffff00118ccb90 smb2_tq_work+0x94(ffffff0ad4ef0020)
ffffff00118ccc20 taskq_d_thread+0xf3(ffffff047ef96878)
ffffff00118ccc30 thread_start+8()

History

#1

Updated by Gordon Ross 4 months ago

The problem is that we've been given an SMB2 set file info. request on a named pipe.
These functions need to error out for named pipes.

#2

Updated by Gordon Ross 3 months ago

I'm not sure how to reproduce this failure. It requires a client that will attempt a "set file info" on a file handle opened on a named pipe, and I'm not aware of any tests that will do that.
We verified the fix at the SDC 2019 plug-fest.

#3

Updated by Electric Monk 3 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 2dbda4a27c92d363997a5a840671e69167b33865

commit  2dbda4a27c92d363997a5a840671e69167b33865
Author: Gordon Ross <gwr@nexenta.com>
Date:   2019-10-19T13:02:31.000Z

    11833 Panic in smb2_setinfo_file / smb_set_basic_info
    Reviewed by: Matt Barden <matt.barden@nexenta.com>
    Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
    Reviewed by: Evan Layton <evan.layton@nexenta.com>
    Reviewed by: Andy Stormont <AStormont@racktopsystems.com>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Also available in: Atom PDF