s3-aio: Panic if we try to close a fsp with outstanding aio requests

The core smbd must have taken care of this. If we don't do this properly,
we have a race of the close(2) against a pwrite(2). We might end up
writing to the wrong file.

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 19 03:40:17 CEST 2012 on sn-devel-104

diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c
index 9f7390bba37d6b6bd9addb690a3ccc39f9f0613e..3b128797984d6a653619291588c086c4cccc47cf 100644 (file)
--- a/source3/smbd/aio.c
+++ b/source3/smbd/aio.c
@@ -973,19 +973,3 @@ static void aio_pwrite_smb2_done(struct tevent_req *req)
        }
        tevent_req_done(subreq);
 }
-
-/****************************************************************************
- Handle any aio completion inline.
-*****************************************************************************/
-
-void aio_fsp_close(files_struct *fsp)
-{
-       unsigned i;
-
-       for (i=0; i<fsp->num_aio_requests; i++) {
-               struct tevent_req *req = fsp->aio_requests[i];
-               struct aio_extra *aio_ex = tevent_req_callback_data(
-                       req, struct aio_extra);
-               aio_ex->fsp = NULL;
-       }
-}

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 720ffa7b649d5089b18c6784a1e50f2faa2874cd..3c5b6d74eb0c8a68865d24d817ef218feb7e4a2f 100644 (file)
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -707,7 +707,21 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
        NTSTATUS tmp;
        connection_struct *conn = fsp->conn;
 
-       aio_fsp_close(fsp);
+       if (fsp->num_aio_requests != 0) {
+               char *str;
+               /*
+                * reply_close and the smb2 close must have taken care of
+                * this. No other callers of close_file should ever have
+                * created async I/O.
+                *
+                * We need to panic here because if we close() the fd while we
+                * have outstanding async I/O requests, in the worst case we
+                * could end up writing to the wrong file.
+                */
+               DEBUG(0, ("fsp->num_aio_requests=%u\n",
+                         fsp->num_aio_requests));
+               smb_panic("can not close with outstanding aio requests");
+       }
 
        /*
         * If we're flushing on a close we can get a write

diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 16e2d78608a9f087abc1eb1fb922d1d45239ce4e..8449fe916df9d927a02a9b94e6acc6d93fc0c4a1 100644 (file)
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -89,7 +89,6 @@ NTSTATUS schedule_aio_smb2_write(connection_struct *conn,
                                DATA_BLOB in_data,
                                bool write_through);
 bool cancel_smb2_aio(struct smb_request *smbreq);
-void aio_fsp_close(files_struct *fsp);
 
 /* The following definitions come from smbd/blocking.c  */