g_lock: fix cleanup of stale entries in g_lock_trylock()

g_lock_trylock() always incremented the counter 'i', even after cleaning a stale
entry at position 'i', which means it skipped checking for a conflict against
the new entry at position 'i'.

As result a process could get a write lock, while there're still
some read lock holders. Once we get into that problem, also more than
one write lock are possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13195

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Dec 20 20:31:48 CET 2017 on sn-devel-144

diff --git a/selftest/knownfail.d/local-g-lock6 b/selftest/knownfail.d/local-g-lock6
deleted file mode 100644 (file)
index 14fd5c8..0000000
--- a/selftest/knownfail.d/local-g-lock6
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smbtorture_s3.LOCAL-G-LOCK6.smbtorture

diff --git a/source3/lib/g_lock.c b/source3/lib/g_lock.c
index 50ea56634ba00266872fb909b2ac748acf5039fa..68a9ab3b061fcb2dbea6419e3da106617e3f4902 100644 (file)
--- a/source3/lib/g_lock.c
+++ b/source3/lib/g_lock.c
@@ -230,7 +230,9 @@ static NTSTATUS g_lock_trylock(struct db_record *rec, struct server_id self,
                }
        }
 
-       for (i=0; i<lck.num_recs; i++) {
+       i = 0;
+
+       while (i < lck.num_recs) {
                struct g_lock_rec lock;
 
                g_lock_get_rec(&lck, i, &lock);
@@ -269,7 +271,9 @@ static NTSTATUS g_lock_trylock(struct db_record *rec, struct server_id self,
                         */
                        g_lock_rec_del(&lck, i);
                        modified = true;
+                       continue;
                }
+               i++;
        }
 
        modified = true;