From nobody@FreeBSD.org  Sun Apr 20 06:53:03 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 95E9C106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 20 Apr 2008 06:53:03 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 86D8B8FC17
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 20 Apr 2008 06:53:03 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3K6qjQ6075990
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 20 Apr 2008 06:52:45 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m3K6qjp8075989;
	Sun, 20 Apr 2008 06:52:45 GMT
	(envelope-from nobody)
Message-Id: <200804200652.m3K6qjp8075989@www.freebsd.org>
Date: Sun, 20 Apr 2008 06:52:45 GMT
From: Stas Timokhin <stast@bsdportal.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: sftp duplicates filename when get listing directory on CDROM
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         122925
>Category:       kern
>Synopsis:       [cd9660] [patch] sftp(1) duplicates filename when get listing directory on CDROM
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kib
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 20 07:00:01 UTC 2008
>Closed-Date:    Fri Oct 31 14:02:46 UTC 2008
>Last-Modified:  Fri Oct 31 14:02:46 UTC 2008
>Originator:     Stas Timokhin
>Release:        7.0-RELEASE
>Organization:
None
>Environment:
FreeBSD home.stasyan.com 7.0-RELEASE FreeBSD 7.0-RELEASE #2: Sat Mar 29 21:51:47 NOVT 2008     root@home.stasyan.com:/usr/src/sys/i386/compile/EASTERN70  i386
>Description:
Output of sftp ls command contains duplicate strings when runs on cd9660-mount.
It looks like this:
sftp> ls -l
dr-xr-xr-x   13 root     wheel        2048 Feb 25 02:28 7.0-RELEASE
dr-xr-xr-x   13 root     wheel        2048 Feb 25 02:28 7.0-RELEASE
dr-xr-xr-x   13 root     wheel        2048 Feb 25 02:28 7.0-RELEASE
-r--r--r--    1 root     wheel        5114 Feb 25 02:28 ERRATA.HTM
-r--r--r--    1 root     wheel        5114 Feb 25 02:28 ERRATA.HTM
-r--r--r--    1 root     wheel        5114 Feb 25 02:28 ERRATA.HTM
-r--r--r--    1 root     wheel        3671 Feb 25 02:28 ERRATA.TXT

>How-To-Repeat:
$ mount_cd9660 /dev/acd0 /cdrom
$ sftp localhost
$ cd /cdrom
sftp> ls   (make 3-5 attempts for bug apperance)


>Fix:


>Release-Note:
>Audit-Trail:

From: Bruce Cran <bruce@cran.org.uk>
To: bug-followup@FreeBSD.org, stast@bsdportal.ru
Cc:  
Subject: Re: bin/122925: sftp duplicates filename when get listing directory
 on CDROM
Date: Sun, 20 Apr 2008 15:22:23 +0100

 On my amd64 laptop I see the file listing repetition, while on my i386 
 desktop system the listing appears correct but the message:
 
 g_vfs_done():md1[READ(offset=8102099357864646656, length=2048)]error = 5
 
 appears on the console after every listing is done.  A plain ssh or 
 local listing doesn't produce the error.  The 7.0-RELEASE-i386-disc1.iso 
 file was mounted via md(4).
 
 --
 Bruce
State-Changed-From-To: open->feedback 
State-Changed-By: vwe 
State-Changed-When: Sat May 17 20:53:12 UTC 2008 
State-Changed-Why:  

Stas, 
please show us output of dmesg and your kernel config. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122925 

From: Michael Powell <nightrecon@gmail.com>
To: bug-followup@freebsd.org,
 stast@bsdportal.ru
Cc:  
Subject: Re: bin/122925: sftp(1) duplicates filename when get listing directory on CDROM
Date: Sun, 18 May 2008 17:45:11 -0400

 I have seen this since doing a fresh install of FreeBSD 7 Release on my 
 pf/gateway server. I only use sftp to occasionally copy something. My other 
 server machine (web development box) has Samba on it for sharing and does not 
 show this behavior. Only reading the cdrom via sftp does this. Since my 
 hardware is likely different from the OP, it may not be hardware related. 
 
 server# uname -a
 FreeBSD server.test.zip 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Tue Apr  1 
 22:10:31 EDT 2008     
 testuser@server.test.zip:/usr/obj/usr/src/sys/kernel_altq  i386
 
 dmesg:
 
 Copyright (c) 1992-2008 The FreeBSD Project.
 Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
 	The Regents of the University of California. All rights reserved.
 FreeBSD is a registered trademark of The FreeBSD Foundation.
 FreeBSD 7.0-RELEASE #0: Tue Apr  1 22:10:31 EDT 2008
     testuser@server.test.zip:/usr/obj/usr/src/sys/kernel_altq
 Timecounter "i8254" frequency 1193182 Hz quality 0
 CPU: Intel Pentium III (666.54-MHz 686-class CPU)
   Origin = "GenuineIntel"  Id = 0x683  Stepping = 3
   
 Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
 real memory  = 134152192 (127 MB)
 avail memory = 125841408 (120 MB)
 acpi0: <PTLTD   RSDT> on motherboard
 acpi0: [ITHREAD]
 acpi0: Power Button (fixed)
 acpi0: reservation of 0, a0000 (3) failed
 Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
 cpu0: <ACPI CPU> on acpi0
 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
 pci0: <ACPI PCI bus> on pcib0
 agp0: <Intel 82820 host to AGP bridge> on hostb0
 pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
 pci1: <ACPI PCI bus> on pcib1
 vgapci0: <VGA-compatible display> mem 
 0xf5000000-0xf5ffffff,0xf4800000-0xf4803fff,0xf4000000-0xf47fffff irq 11 at 
 device 0.0 on pci1
 pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
 pci2: <ACPI PCI bus> on pcib2
 skc0: <D-Link DGE-530T Gigabit Ethernet> port 0x4000-0x40ff mem 
 0xf4a04000-0xf4a07fff at device 9.0 on pci2
 skc0: DGE-530T Gigabit Ethernet Adapter rev. (0x9)
 sk0: <Marvell Semiconductor, Inc. Yukon> on skc0
 sk0: Ethernet address: 00:1b:11:c3:1f:92
 miibus0: <MII bus> on sk0
 e1000phy0: <Marvell 88E1011 Gigabit PHY> PHY 0 on miibus0
 e1000phy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, 
 auto
 skc0: [ITHREAD]
 xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0x4400-0x447f mem 
 0xf4a01000-0xf4a0107f irq 10 at device 13.0 on pci2
 miibus1: <MII bus> on xl0
 xlphy0: <3c905C 10/100 internal PHY> PHY 24 on miibus1
 xlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
 xl0: Ethernet address: 00:50:04:d3:17:e3
 xl0: [ITHREAD]
 isab0: <PCI-ISA bridge> at device 31.0 on pci0
 isa0: <ISA bus> on isab0
 atapci0: <Intel ICH UDMA66 controller> port 
 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x1000-0x100f at device 31.1 on pci0
 ata0: <ATA channel 0> on atapci0
 ata0: [ITHREAD]
 ata1: <ATA channel 1> on atapci0
 ata1: [ITHREAD]
 pci0: <serial bus, USB> at device 31.2 (no driver attached)
 acpi_button0: <Power Button> on acpi0
 atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
 atkbd0: <AT Keyboard> irq 1 on atkbdc0
 atkbd0: [GIANT-LOCKED]
 atkbd0: [ITHREAD]
 fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
 fdc0: [FILTER]
 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
 sio0: type 16550A
 sio0: [FILTER]
 sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
 sio1: type 16550A
 sio1: [FILTER]
 orm0: <ISA Option ROMs> at iomem 
 0xc0000-0xc7fff,0xc8000-0xc87ff,0xe0000-0xeffff pnpid ORM0000 on isa0
 sc0: <System console> at flags 0x100 on isa0
 sc0: VGA <16 virtual consoles, flags=0x300>
 vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
 ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
 ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode
 ppc0: FIFO with 16/16/8 bytes threshold
 ppbus0: <Parallel port bus> on ppc0
 ppbus0: [ITHREAD]
 lpt0: <Printer> on ppbus0
 lpt0: Interrupt-driven port
 ppi0: <Parallel I/O> on ppbus0
 ppc0: [GIANT-LOCKED]
 ppc0: [ITHREAD]
 Timecounter "TSC" frequency 666539794 Hz quality 800
 Timecounters tick every 10.000 msec
 ad0: 9536MB <Maxtor 5T010H1 TAH71DP0> at ata0-master UDMA66
 ad1: 14669MB <WDC WD153BA 16.13M16> at ata0-slave UDMA66
 acd0: CDROM <ATAPI 48X CDROM/VER-3.30> at ata1-master UDMA33
 Trying to mount root from ufs:/dev/ad0s1a
 
 
 kernel config:
 
 #
 # kernel_altq  FreeBSD 7 RC1 test-1 
 
 cpu		I686_CPU
 ident		SERVER	
 
 # To statically compile in device wiring instead of /boot/device.hints
 #hints		"GENERIC.hints"		# Default places to look for devices.
 
 
 #options 	SCHED_4BSD		# 4BSD scheduler
 options		SCHED_ULE		# ULE scheduler
 options 	PREEMPTION		# Enable kernel thread preemption
 options 	INET			# InterNETworking
 #options 	INET6			# IPv6 communications protocols
 #options 	SCTP			# Stream Control Transmission Protocol
 options 	FFS			# Berkeley Fast Filesystem
 options 	SOFTUPDATES		# Enable FFS soft updates support
 #options 	UFS_ACL			# Support for access control lists
 options 	UFS_DIRHASH		# Improve performance on big directories
 #options 	UFS_GJOURNAL		# Enable gjournal-based UFS journaling
 #options 	MD_ROOT			# MD is a potential root device
 #options 	NFSCLIENT		# Network Filesystem Client
 #options 	NFSSERVER		# Network Filesystem Server
 #options 	NFS_ROOT		# NFS usable as /, requires NFSCLIENT
 #options 	MSDOSFS			# MSDOS Filesystem
 options 	CD9660			# ISO 9660 Filesystem
 options 	PROCFS			# Process filesystem (requires PSEUDOFS)
 options 	PSEUDOFS		# Pseudo-filesystem framework
 #options 	GEOM_PART_GPT		# GUID Partition Tables.
 #options 	GEOM_LABEL		# Provides labelization
 #options 	COMPAT_43TTY		# BSD 4.3 TTY compat [KEEP THIS!]
 #options 	COMPAT_FREEBSD4		# Compatible with FreeBSD4
 #options 	COMPAT_FREEBSD5		# Compatible with FreeBSD5
 #options 	COMPAT_FREEBSD6		# Compatible with FreeBSD6
 #options 	SCSI_DELAY=5000		# Delay (in ms) before probing SCSI
 #options 	KTRACE			# ktrace(1) support
 options 	SYSVSHM			# SYSV-style shared memory
 options 	SYSVMSG			# SYSV-style message queues
 options 	SYSVSEM			# SYSV-style semaphores
 options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
 #options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
 #options 	ADAPTIVE_GIANT		# Giant mutex is adaptive.
 #options 	STOP_NMI		# Stop CPUS using NMI instead of IPI
 #options 	AUDIT			# Security event auditing
 
 nooption KSE
 
 
 device		pf
 device		pflog
 
 options		ALTQ
 options		ALTQ_PRIQ
 
 
 # Bus support.
 device		pci
 
 # Floppy drives
 device		fdc
 
 # ATA and ATAPI devices
 device		ata
 device		atadisk		# ATA disk drives
 device		atapicd		# ATAPI CDROM drives
 options 	ATA_STATIC_ID	# Static device numbering
 
 
 
 # atkbdc0 controls both the keyboard and the PS/2 mouse
 device		atkbdc		# AT keyboard controller
 device		atkbd		# AT keyboard
 #device		psm		# PS/2 mouse
 
 #device		kbdmux		# keyboard multiplexer
 
 device		vga		# VGA video card driver
 
 
 # syscons is the default console driver, resembling an SCO console
 device		sc
 
 device		agp		# support several AGP chipsets
 
 
 
 # Serial (COM) ports
 device		sio		# 8250, 16[45]50 based serial ports
 device		uart		# Generic UART driver
 
 # Parallel port
 device		ppc
 device		ppbus		# Parallel port bus (required)
 device		lpt		# Printer
 device		ppi		# Parallel port interface device
 
 
 
 # PCI Ethernet NICs that use the common MII bus controller code.
 # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
 device		miibus		# MII bus support
 device		sk		# SysKonnect SK-984x & SK-982x gigabit Ethernet
 device		xl		# 3Com 3c905c 
 
 
 
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
 device		ether		# Ethernet support
 #device		sl		# Kernel SLIP
 #device		ppp		# Kernel PPP
 device		tun		# Packet tunnel.
 device		pty		# Pseudo-ttys (telnet etc)
 #device		md		# Memory "disks"
 #device		gif		# IPv6 and IPv4 tunneling
 #device		faith		# IPv6-to-IPv4 relaying (translation)
 #device		firmware	# firmware assist module
 
 # The `bpf' device enables the Berkeley Packet Filter.
 # Be aware of the administrative consequences of enabling this!
 # Note that 'bpf' is required for DHCP.
 device		bpf		# Berkeley packet filter
 
 
  

From: Bruce Cran <bruce@cran.org.uk>
To: bug-followup@FreeBSD.org, stast@bsdportal.ru
Cc:  
Subject: Re: bin/122925: sftp(1) duplicates filename when get listing directory
 on CDROM
Date: Sun, 18 May 2008 23:52:40 +0100

 This is occurring because sftp-server expects readdir(3) to return NULL 
 for a given DIR* twice in a row after all the files have been retrieved. 
 It seems that under certain conditions that isn't true.
 
 The client sends an FXP_READDIR command; the server loops calling 
 readdir() until it gets a NULL back.  At this point it sends the results 
 back to the client, but doesn't appear to tell it it already has all the 
 entries. Instead, the client sends another FXP_READDIR, at which point 
 the server again calls readdir() with the existing DIR*, which has 
 already once before returned NULL.  Normally readdir() does return NULL 
 for a second time and the client gets back SSH2_FX_EOF.  Occasionally 
 however, readdir will just start reading the directory contents all over 
 again.
 
 The following program also shows the same behaviour, but less regularly.
 
 #include <stdio.h>
 #include <sys/types.h>
 #include <dirent.h>
 
 int main()
 {
 	DIR *dp = opendir("/cdrom/");
 
 	if (dp == NULL)
 		return (-1);
 
 	struct dirent *d = NULL;
 
 	do {
 		d = readdir(dp);
 	} while (d != NULL);
 
 	d = readdir(dp);
 	if (d != NULL)
 		printf("readdir is starting again\n");
 
 	closedir(dp);
 	return 0;
 }
State-Changed-From-To: feedback->analyzed 
State-Changed-By: linimon 
State-Changed-When: Sun May 18 23:02:48 UTC 2008 
State-Changed-Why:  
Problem seems to be specific to readdir(3). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122925 

From: Jaakko Heinonen <jh@saunalahti.fi>
To: Bruce Cran <bruce@cran.org.uk>
Cc: bug-followup@FreeBSD.org, stast@bsdportal.ru
Subject: Re: bin/122925: sftp(1) duplicates filename when get listing
	directory on CDROM
Date: Tue, 20 May 2008 10:48:33 +0300

 On 2008-05-18, Bruce Cran wrote:
 >  This is occurring because sftp-server expects readdir(3) to return NULL 
 >  for a given DIR* twice in a row after all the files have been retrieved. 
 >    It seems that under certain conditions that isn't true.
 
 Thanks for the test case.
 
 The problem seems to lie in cd9660_readdir()
 (src/sys/fs/cd9660/cd9660_vnops.c). The problem is that if we have
 reached end of file (directory) and enter again to cd9660_readdir()
 the idp->uio_off variable is not initialized correctly. In the end of
 the function the file offset is set to idp->uio_off. So this basically
 means that the file offset changes to a random value. This causes
 effects such readdir(3) starting again at some position or g_vfs_done()
 errors when data is attempted to read from bogus offset.
 
 I believe that this patch fixes the problem:
 
 Index: cd9660_vnops.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/fs/cd9660/cd9660_vnops.c,v
 retrieving revision 1.113
 diff -p -u -r1.113 cd9660_vnops.c
 --- cd9660_vnops.c	15 Feb 2007 22:08:34 -0000	1.113
 +++ cd9660_vnops.c	20 May 2008 06:45:20 -0000
 @@ -495,6 +495,7 @@ cd9660_readdir(ap)
  	}
  	idp->eofflag = 1;
  	idp->curroff = uio->uio_offset;
 +	idp->uio_off = uio->uio_offset;
  
  	if ((entryoffsetinblock = idp->curroff & bmask) &&
  	    (error = cd9660_blkatoff(vdp, (off_t)idp->curroff, NULL, &bp))) {
 
 Could you please test the patch?
 
 -- 
 Jaakko

From: Stas Timokhin <stast@bsdportal.ru>
To: Jaakko Heinonen <jh@saunalahti.fi>
Cc: Bruce Cran <bruce@cran.org.uk>,
 bug-followup@freebsd.org
Subject: Re: bin/122925: sftp(1) duplicates filename when get listing directory on CDROM
Date: Tue, 20 May 2008 15:44:15 +0700

 > Could you please test the patch?
 Yes, i  done this test. Everything looks good, thanks !
 

From: Michael Powell <nightrecon@gmail.com>
To: Jaakko Heinonen <jh@saunalahti.fi>
Cc: Bruce Cran <bruce@cran.org.uk>,
 bug-followup@freebsd.org
Subject: Re: bin/122925: sftp(1) duplicates filename when get listing directory on CDROM
Date: Tue, 20 May 2008 07:13:28 -0400

 Patch seems to test OK here as well. Thanks!
Responsible-Changed-From-To: freebsd-bugs->kib 
Responsible-Changed-By: kib 
Responsible-Changed-When: Wed Jun 11 12:22:57 UTC 2008 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122925 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/122925: commit references a PR
Date: Wed, 11 Jun 2008 12:46:37 +0000 (UTC)

 kib         2008-06-11 12:46:09 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/fs/cd9660        cd9660_vnops.c 
   Log:
   SVN rev 179722 on 2008-06-11 12:46:09Z by kib
   
   In cd9660_readdir vop, always initialize the idp->uio_off member.
   
   The while loop that is assumed to initialize the uio_off later, may
   be not entered at all, causing uninitialized value to be returned in
   uio->uio_offset.
   
   PR:  122925
   Submitted by:   Jaakko Heinonen <jh saunalahti fi>
   MFC after:      1 weeks
   
   Revision  Changes    Path
   1.114     +1 -0      src/sys/fs/cd9660/cd9660_vnops.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/122925: commit references a PR
Date: Wed, 18 Jun 2008 09:32:26 +0000 (UTC)

 kib         2008-06-18 09:31:56 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_7)
     sys/fs/cd9660        cd9660_vnops.c 
   Log:
   SVN rev 179857 on 2008-06-18 09:31:56Z by kib
   
   MFC r179722:
   In cd9660_readdir vop, always initialize the idp->uio_off member.
   
   PR:     122925
   
   Revision   Changes    Path
   1.113.2.1  +1 -0      src/sys/fs/cd9660/cd9660_vnops.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: analyzed->patched  
State-Changed-By: brucec 
State-Changed-When: Mon Jul 14 13:39:52 UTC 2008 
State-Changed-Why:  
Patched in current and RELENG_7 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122925 
State-Changed-From-To: patched->closed 
State-Changed-By: kib 
State-Changed-When: Fri Oct 31 14:02:18 UTC 2008 
State-Changed-Why:  
Do not want to touch 6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122925 
>Unformatted:
