This bug applies to 2.6.32 mainstream kernel.
Kernel bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=15925
I'm adding this bug here because I tested with Ubuntu 10.04 so I know it also affects it.
I'm checking the "security vulnerability" box because it can result in leaked file contents from removed files, but I'm no security expert so I may be wrong.
The text on that bugzilla entry follows:
--------------------------------
There is a bad regression of the CIFS driver on 2.6.32 kernels (tested
2.6.32.11, 2.6.32.12 and Ubuntu 10.04 LTS 2.6.32-22-generic).
The version of the server doesn't seem to matter (tested 2.6.27, 2.6.32 and
Ubuntu 8.04 LTS 2.6.24-27-generic), as long as the client is 2.6.32-something.
Empty files created on the server become non-empty (with the contents of some
earlier written file) when read by the client. This happens when using lockf()
and without using it.
The following bash script shows the problem:
-----------< test-cifs.sh >------------------------
#!/bin/bash
while [ 1 ];
do
rnd=$(( $RANDOM % 2 + 1 ))
if [ -f $rnd ]; then
v=$( cat $rnd )
if [ -n "$v" -a "$v" != "$rnd" ]; then
echo "ERROR!!! rnd=$rnd val=$v"
exit -1
fi
rm -f $rnd
else
touch $rnd
echo $rnd > $rnd
fi
done
-----------< test-cifs.sh >------------------------
When this script runs both on the server and on the client on the same shared
directory, after a few seconds (sometimes almost right away), the client will
exit with the error.
In a nutshell, the script creates a random (1 or 2) empty file if it doesn't
exist, else makes sure it's content are either empty or the same as the file
name. After the check removes the file.
The script running on the server will never fail, as expected, but the client
will sometimes see the file with the wrong contents.
This only occurs when the client is running 2.6.32 (.11-12 or the Ubuntu 10.04
one). Any other kernel version I tested will work as expected.
A workaround we found for this problem is to never delete the file, just
truncate it's size to zero. In this way the problem doesn't show.
Replacing the 'rm -f $rnd' with 'echo -n "" > $rnd', is the script equivalent
of this workaround.
I haven't tested 2.6.33 yet because we will have to work with 2.6.32 for the
time being, so it's not a solution for me.
I'm available for any further information.
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.21.
AplayDevices:
**** List of PLAYBACK Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC269 Analog [ALC269 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
Architecture: i386
ArecordDevices:
**** List of CAPTURE Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC269 Analog [ALC269 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: lucas 1227 F.... pulseaudio
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info:
Card hw:0 'Intel'/'HDA Intel at 0xf7eb8000 irq 16'
Mixer name : 'Realtek ALC269'
Components : 'HDA:10ec0269,1043834a,00100004'
Controls : 12
Simple ctrls : 7
DistroRelease: Ubuntu 10.04
HibernationDevice: RESUME=UUID=13e381ff-38f3-4280-9fc0-2c8e8df0ece8
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
MachineType: ASUSTeK Computer INC. 1000HE
Package: linux (not installed)
ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.32-22-generic root=UUID=5932f02c-dae7-458d-9c70-e9531fd95401 ro quiet splash
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
Regression: Yes
RelatedPackageVersions: linux-firmware 1.34
Reproducible: Yes
StagingDrivers: rt2860sta
Tags: lucid filesystem regression-release needs-upstream-testing staging
Title: [STAGING]
Uname: Linux 2.6.32-22-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 07/23/2009
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1002
dmi.board.asset.tag: To Be Filled By O.E.M.
dmi.board.name: 1000HE
dmi.board.vendor: ASUSTeK Computer INC.
dmi.board.version: x.xx
dmi.chassis.asset.tag: 0x00000000
dmi.chassis.type: 10
dmi.chassis.vendor: ASUSTek Computer INC.
dmi.chassis.version: x.x
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1002:bd07/23/2009:svnASUSTeKComputerINC.:pn1000HE:pvrx.x:rvnASUSTeKComputerINC.:rn1000HE:rvrx.xx:cvnASUSTekComputerINC.:ct10:cvrx.x:
dmi.product.name: 1000HE
dmi.product.version: x.x
dmi.sys.vendor: ASUSTeK Computer INC.
Hi Nuno,
Please be sure to confirm this issue exists with the latest development release of Ubuntu. ISO CD images are available from http://
apport-collect -p linux 577031
Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https:/
Thanks in advance.
[This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]