Author: jra Date: 2007-08-03 16:51:43 +0000 (Fri, 03 Aug 2007) New Revision: 24164
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24164 Log: Fix for write cache corruption bug reported by Jean-Francois Panisset <[EMAIL PROTECTED]>. Awaiting confirmation from reporter. Jeremy. Modified: branches/SAMBA_3_0_25/source/smbd/fileio.c branches/SAMBA_3_2/source/smbd/fileio.c branches/SAMBA_3_2_0/source/smbd/fileio.c Changeset: Modified: branches/SAMBA_3_0_25/source/smbd/fileio.c =================================================================== --- branches/SAMBA_3_0_25/source/smbd/fileio.c 2007-08-03 16:06:44 UTC (rev 24163) +++ branches/SAMBA_3_0_25/source/smbd/fileio.c 2007-08-03 16:51:43 UTC (rev 24164) @@ -509,29 +509,39 @@ write_path = 3; - } else if ( (pos >= wcp->file_size) && + } else if ( (pos >= wcp->file_size) && (n == 1) && - (pos < wcp->offset + 2*wcp->alloc_size) && - (wcp->file_size == wcp->offset + wcp->data_size)) { + (wcp->file_size == wcp->offset + wcp->data_size) && + (pos < wcp->file_size + wcp->alloc_size)) { /* - +---------------+ - | Cached data | - +---------------+ + End of file ---->| + + +---------------+---------------+ + | Cached data | Cache buffer | + +---------------+---------------+ + + |<------- allocated size ---------------->| + +--------+ | 1 Byte | +--------+ MS-Office seems to do this a lot to determine if there's enough space on the filesystem to write a new file. + + Change to : + + End of file ---->| + +-----------------------+--------+ + | Zeroed Cached data | 1 Byte | + +-----------------------+--------+ */ - SMB_BIG_UINT new_start = wcp->offset + wcp->data_size; - flush_write_cache(fsp, WRITE_FLUSH); - wcp->offset = new_start; - wcp->data_size = pos - new_start + 1; + wcp->offset = wcp->file_size; + wcp->data_size = pos - wcp->file_size + 1; memset(wcp->data, '\0', wcp->data_size); memcpy(wcp->data + wcp->data_size-1, data, 1); Modified: branches/SAMBA_3_2/source/smbd/fileio.c =================================================================== --- branches/SAMBA_3_2/source/smbd/fileio.c 2007-08-03 16:06:44 UTC (rev 24163) +++ branches/SAMBA_3_2/source/smbd/fileio.c 2007-08-03 16:51:43 UTC (rev 24164) @@ -508,29 +508,39 @@ write_path = 3; - } else if ( (pos >= wcp->file_size) && + } else if ( (pos >= wcp->file_size) && (n == 1) && - (pos < wcp->offset + 2*wcp->alloc_size) && - (wcp->file_size == wcp->offset + wcp->data_size)) { + (wcp->file_size == wcp->offset + wcp->data_size) && + (pos < wcp->file_size + wcp->alloc_size)) { /* - +---------------+ - | Cached data | - +---------------+ + End of file ---->| + + +---------------+---------------+ + | Cached data | Cache buffer | + +---------------+---------------+ + + |<------- allocated size ---------------->| + +--------+ | 1 Byte | +--------+ MS-Office seems to do this a lot to determine if there's enough space on the filesystem to write a new file. + + Change to : + + End of file ---->| + +-----------------------+--------+ + | Zeroed Cached data | 1 Byte | + +-----------------------+--------+ */ - SMB_BIG_UINT new_start = wcp->offset + wcp->data_size; - flush_write_cache(fsp, WRITE_FLUSH); - wcp->offset = new_start; - wcp->data_size = pos - new_start + 1; + wcp->offset = wcp->file_size; + wcp->data_size = pos - wcp->file_size + 1; memset(wcp->data, '\0', wcp->data_size); memcpy(wcp->data + wcp->data_size-1, data, 1); Modified: branches/SAMBA_3_2_0/source/smbd/fileio.c =================================================================== --- branches/SAMBA_3_2_0/source/smbd/fileio.c 2007-08-03 16:06:44 UTC (rev 24163) +++ branches/SAMBA_3_2_0/source/smbd/fileio.c 2007-08-03 16:51:43 UTC (rev 24164) @@ -508,29 +508,39 @@ write_path = 3; - } else if ( (pos >= wcp->file_size) && + } else if ( (pos >= wcp->file_size) && (n == 1) && - (pos < wcp->offset + 2*wcp->alloc_size) && - (wcp->file_size == wcp->offset + wcp->data_size)) { + (wcp->file_size == wcp->offset + wcp->data_size) && + (pos < wcp->file_size + wcp->alloc_size)) { /* - +---------------+ - | Cached data | - +---------------+ + End of file ---->| + + +---------------+---------------+ + | Cached data | Cache buffer | + +---------------+---------------+ + + |<------- allocated size ---------------->| + +--------+ | 1 Byte | +--------+ MS-Office seems to do this a lot to determine if there's enough space on the filesystem to write a new file. + + Change to : + + End of file ---->| + +-----------------------+--------+ + | Zeroed Cached data | 1 Byte | + +-----------------------+--------+ */ - SMB_BIG_UINT new_start = wcp->offset + wcp->data_size; - flush_write_cache(fsp, WRITE_FLUSH); - wcp->offset = new_start; - wcp->data_size = pos - new_start + 1; + wcp->offset = wcp->file_size; + wcp->data_size = pos - wcp->file_size + 1; memset(wcp->data, '\0', wcp->data_size); memcpy(wcp->data + wcp->data_size-1, data, 1);
