Project

General

Profile

Bug #1911

panic in smb_tree_connect

Added by Gordon Ross almost 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
-
Start date:
2011-12-20
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

[ Nexenta issue 6628 ]

Here's the stack back-trace:

ffffff00113068c0 strcasecmp+0x16(0, fffffffff83edda8)
ffffff0011306a50 smb_tree_log+0xb3()
ffffff0011306a90 smb_tree_connect_core+0x14a(ffffff0301c55ca0)
ffffff0011306ac0 smb_tree_connect+0x35(ffffff0301c55ca0)
ffffff0011306ae0 smb_com_tree_connect_andx+0x16(ffffff0301c55ca0)
ffffff0011306b80 smb_dispatch_request+0x4a9(ffffff0301c55ca0)
ffffff0011306bb0 smb_session_worker+0x6c(ffffff0301c55ca0)
ffffff0011306c40 taskq_d_thread+0xb1(ffffff02fc84ed58)
ffffff0011306c50 thread_start+8()

In this crash, the UNC path looks like this: \\192.168.1.166" It should have another slash and a share name. The share name is invalid, but should not cause a crash.

#1

Updated by Rich Lowe almost 9 years ago

A stack backtrace is not an evaluation. It is, however, sufficient to see the severity of the problem. Write in the eval, man.

#2

Updated by Gordon Ross almost 9 years ago

The fix is pretty simple:

diff -r 15b6c91053a3 usr/src/uts/common/fs/smbsrv/smb_tree.c
--- a/usr/src/uts/common/fs/smbsrv/smb_tree.c    Thu Dec 01 22:58:02 2011 -0500
+++ b/usr/src/uts/common/fs/smbsrv/smb_tree.c    Fri Dec 02 15:56:04 2011 -0500
@@ -232,7 +232,7 @@
     (void) smb_strlwr(unc_path);

     if ((name = smb_tree_get_sharename(unc_path)) == NULL) {
-        smb_tree_log(sr, name, "invalid UNC path");
+        smb_tree_log(sr, unc_path, "invalid UNC path");
         smbsr_error(sr, 0, ERRSRV, ERRinvnetname);
         return (NULL);
     }

#3

Updated by Gordon Ross almost 9 years ago

  • Status changed from New to Resolved
changeset:   13549:4bc299bbc356
tag:         tip
user:        Gordon Ross <gwr@nexenta.com>
date:        Fri Dec 02 15:56:04 2011 -0500

description:
    1911 panic in smb_tree_connect
    Reviewed by: Dan McDonald <danmcd@nexenta.com>
    Reviewed by: Andrew Stormont <andyjstormont@googlemail.com>
    Reviewed by: Garrett D'Amore <garrett@nexenta.com>
    Approved by: Richard Lowe <richlowe@richlowe.net>
#4

Updated by David Anderson almost 9 years ago

Gordon,

I have had at least one panic very similar to this, and 4 or 5 more before I had dumps working due to multithreading issues. Is there a chance at getting a fix for this I can put on my oi151a server? This is causing me some grief at the moment. I dont have a build environment to rebuild from the diff above easily, and was hoping I could at least get a patched module or something to update with to resolve this.

root@ews-data3:/ews_home/crash/ews-data3# uname -a
SunOS ews-data3 5.11 oi_151a i86pc i386 i86pc Solaris

Thanks
David

Also available in: Atom PDF