Empty file creation corruption on CIFS filesystem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux |
Won't Fix
|
High
|
|||
linux (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
This bug applies to 2.6.32 mainstream kernel.
Kernel bugzilla: https:/
I'm adding this bug here because I tested with Ubuntu 10.04 so I know it also affects it.
I'm checking the "security vulnerability" box because it can result in leaked file contents from removed files, but I'm no security expert so I may be wrong.
The text on that bugzilla entry follows:
-------
There is a bad regression of the CIFS driver on 2.6.32 kernels (tested
2.6.32.11, 2.6.32.12 and Ubuntu 10.04 LTS 2.6.32-22-generic).
The version of the server doesn't seem to matter (tested 2.6.27, 2.6.32 and
Ubuntu 8.04 LTS 2.6.24-27-generic), as long as the client is 2.6.32-something.
Empty files created on the server become non-empty (with the contents of some
earlier written file) when read by the client. This happens when using lockf()
and without using it.
The following bash script shows the problem:
-----------< test-cifs.sh >------
#!/bin/bash
while [ 1 ];
do
rnd=$(( $RANDOM % 2 + 1 ))
if [ -f $rnd ]; then
v=$( cat $rnd )
if [ -n "$v" -a "$v" != "$rnd" ]; then
echo "ERROR!!! rnd=$rnd val=$v"
exit -1
fi
rm -f $rnd
else
touch $rnd
echo $rnd > $rnd
fi
done
-----------< test-cifs.sh >------
When this script runs both on the server and on the client on the same shared
directory, after a few seconds (sometimes almost right away), the client will
exit with the error.
In a nutshell, the script creates a random (1 or 2) empty file if it doesn't
exist, else makes sure it's content are either empty or the same as the file
name. After the check removes the file.
The script running on the server will never fail, as expected, but the client
will sometimes see the file with the wrong contents.
This only occurs when the client is running 2.6.32 (.11-12 or the Ubuntu 10.04
one). Any other kernel version I tested will work as expected.
A workaround we found for this problem is to never delete the file, just
truncate it's size to zero. In this way the problem doesn't show.
Replacing the 'rm -f $rnd' with 'echo -n "" > $rnd', is the script equivalent
of this workaround.
I haven't tested 2.6.33 yet because we will have to work with 2.6.32 for the
time being, so it's not a solution for me.
I'm available for any further information.
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.21.
AplayDevices:
**** List of PLAYBACK Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC269 Analog [ALC269 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
Architecture: i386
ArecordDevices:
**** List of CAPTURE Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC269 Analog [ALC269 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info:
Card hw:0 'Intel'/'HDA Intel at 0xf7eb8000 irq 16'
Mixer name : 'Realtek ALC269'
Components : 'HDA:10ec0269,
Controls : 12
Simple ctrls : 7
DistroRelease: Ubuntu 10.04
HibernationDevice: RESUME=
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
MachineType: ASUSTeK Computer INC. 1000HE
Package: linux (not installed)
ProcCmdLine: BOOT_IMAGE=
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
ProcVersionSign
Regression: Yes
RelatedPackageV
Reproducible: Yes
StagingDrivers: rt2860sta
Tags: lucid filesystem regression-release needs-upstream-
Title: [STAGING]
Uname: Linux 2.6.32-22-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 07/23/2009
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1002
dmi.board.
dmi.board.name: 1000HE
dmi.board.vendor: ASUSTeK Computer INC.
dmi.board.version: x.xx
dmi.chassis.
dmi.chassis.type: 10
dmi.chassis.vendor: ASUSTek Computer INC.
dmi.chassis.
dmi.modalias: dmi:bvnAmerican
dmi.product.name: 1000HE
dmi.product.
dmi.sys.vendor: ASUSTeK Computer INC.
visibility: | private → public |
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
Changed in linux: | |
status: | Unknown → Won't Fix |
Changed in linux: | |
importance: | Unknown → High |
Hi Nuno,
Please be sure to confirm this issue exists with the latest development release of Ubuntu. ISO CD images are available from http:// cdimage. ubuntu. com/releases/ . If the issue remains, please run the following command from a Terminal (Applications- >Accessories- >Terminal) . It will automatically gather and attach updated debug information to this report.
apport-collect -p linux 577031
Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https:/ /wiki.ubuntu. com/KernelMainl ineBuilds . Once you've tested the upstream kernel, please remove the 'needs- upstream- testing' tag. This can be done by clicking on the yellow pencil icon next to the tag located at the bottom of the bug description and deleting the 'needs- upstream- testing' text. Please let us know your results.
Thanks in advance.
[This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]