From rea-fbsd@codelabs.ru  Wed Sep 24 11:50:21 2008
Return-Path: <rea-fbsd@codelabs.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 028AE1065689
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Sep 2008 11:50:21 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45])
	by mx1.freebsd.org (Postfix) with ESMTP id AE4FE8FC0A
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Sep 2008 11:50:15 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25])
	by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256)
	id 1KiSso-000Ge9-Gs for FreeBSD-gnats-submit@freebsd.org; Wed, 24 Sep 2008 15:50:14 +0400
Message-Id: <20080924115014.4D2731AF41C@void.codelabs.ru>
Date: Wed, 24 Sep 2008 15:50:14 +0400 (MSD)
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reply-To: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] properly initialise ccb_h.path_id in cam_open_btl (lib/libcam)
X-Send-Pr-Version: 3.113
X-GNATS-Notify: scottl@freebsd.org, marius@freebsd.org

>Number:         127605
>Category:       kern
>Synopsis:       [libcam] [patch] properly initialise ccb_h.path_id in cam_open_btl
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    marius
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 24 12:00:05 UTC 2008
>Closed-Date:    Mon Dec 01 21:22:03 UTC 2008
>Last-Modified:  Sun Mar 17 04:33:40 UTC 2013
>Originator:     Eygene Ryabinkin
>Release:        FreeBSD 7.1-PRERELEASE i386
>Organization:
Code Labs
>Environment:

System: FreeBSD XXX 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #19: Tue Sep 23 13:21:48 MSD 2008 root@XXX:/usr/src/sys/i386/compile/XXX i386

>Description:

When I use cdrecord on the fresh 7.1-PRERELEASE, it fails to open the
device (atapicam one in my case) saying
-----
cdrecord: Invalid argument. Cannot open SCSI driver.
-----

I had traced this to the calls for XPT_DEV_MATCH on /dev/xpt0 with
ioctl(CAMIOCOMMAND) inside cam_open_btl() and it turned out that the
ccb.ccb_h.path_id is not filled in.  As I see, xptioctl in
sys/cam/cam_xpt.c invokes xpt_find_bus passing path_id as an argument
and returns EINVAL in case of error.

>How-To-Repeat:

For me it was sufficient to check out yesterday's (September 24th, 2008)
7.1-PRERELEASE, and spawn cdrecord on my recorder (IDE-connected PIONEER
DVD-RW DVR-108 1.14, with atapicam emulation layer).

cdrecord also fails to perform bus scanning with '-scanbus': is has
simular code to enumerate devices via XPT_DEV_MATCH.  But with old
libcam and fixed enumeration code it successfully returns the list of
devices, but fails to open any due to the problem in cam_open_btl().

Another way to reproduce the problem is to spawn 'camcontrol eject
b:t:l' with unpatched libcam:
-----
$ camcontrol eject 1:1:0
camcontrol: cam_open_btl: CAMIOCOMMAND ioctl failed
cam_open_btl: Invalid argument
-----

>Fix:

The following patch cures the problem in the libcam:
--- libcam-add-ids-for-XPT_DEV_MATCH.patch begins here ---
CAMIOCOMMAND with argument XPT_DEV_MATCH fails with EINVAL if field
ccb_h.path_id is not set to CAM_XPT_PATH_ID.  I am additionally setting
target_id and target_lun to the wildcard values.  Had not found the
exact specifications for what is needed for XPT_DEV_MATCH, but the code
in the camcontrol.c sets all three fields.

For the atapicam(4) CD-ROM device setting only ccb_h.path_id is
sufficient to get cam_open_btl() working for cdrecord tool from
sysutils/cdrtools [1].  But setting the other fields makes no harm here,
so I really don't know if it is needed or not.

[1] Needs patching too: it has the simular code for the bus scanning and
no ccb_h.path_id was set there as well.  Opened another PR.
-- 
Eygene, rea-fbsd@codelabs.ru
--- lib/libcam/camlib.c.orig	2008-09-24 14:56:25.000000000 +0400
+++ lib/libcam/camlib.c	2008-09-24 14:58:12.000000000 +0400
@@ -346,6 +346,9 @@
 
 	bzero(&ccb, sizeof(union ccb));
 	ccb.ccb_h.func_code = XPT_DEV_MATCH;
+	ccb.ccb_h.path_id = CAM_XPT_PATH_ID;
+	ccb.ccb_h.target_id = CAM_TARGET_WILDCARD;
+	ccb.ccb_h.target_lun = CAM_LUN_WILDCARD;
 
 	/* Setup the result buffer */
 	bufsize = sizeof(struct dev_match_result);
--- libcam-add-ids-for-XPT_DEV_MATCH.patch ends here ---

As I said in the patch description, I am not completely sure that one
should initialize all three fields, but it makes no harm for my test
cases.

Attaching the patch for the cdrecord here too, but it is just for the
reference.  I will open another PR and will try to contact Joerg
Schilling: seems like this needs to be patched in upstream as well.

--- patch-libscg::scsi-bsd.c begins here ---
--- libscg/scsi-bsd.c.orig	2008-09-24 14:03:04.000000000 +0400
+++ libscg/scsi-bsd.c	2008-09-24 14:04:03.000000000 +0400
@@ -674,6 +674,9 @@
 	 * system.
 	 */
 	ccb.ccb_h.func_code = XPT_DEV_MATCH;
+	ccb.ccb_h.path_id = CAM_XPT_PATH_ID;
+	ccb.ccb_h.target_id = CAM_TARGET_WILDCARD;
+	ccb.ccb_h.target_lun = CAM_LUN_WILDCARD;
 
 	/*
 	 * Setup the result buffer.
--- patch-libscg::scsi-bsd.c ends here ---

With these two patches I have no problem in burning CDs and performing
some basic commands via camcontrol on my CD unit.

I have no idea why this popped only in 7.1-PRERELEASE: I see that the
code that checks ccb_h.path_id is present since sys/cam/cam_xpt.c 1.176
that is 17 month old.  May be the problem is somewhere else, but I don't
see where it is.
>Release-Note:
>Audit-Trail:

From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: bin/127605: [patch] properly initialise ccb_h.path_id in
	cam_open_btl (lib/libcam)
Date: Wed, 24 Sep 2008 23:26:12 +0400

 --ZPt4rx8FFjLCG7dd
 Content-Type: text/plain; charset=koi8-r
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 I got why the mentioned error shows up on my machine, but it seems to be
 rare on the others: my particular host has no SCSI bus #0, ATAPI CAM
 CD-ROM is at the bus #1.  Two other machines I had tried EDT members
 enumeration at, have bus #0.  And since 'union cbb' is zeroed before
 use, the path_id is effectively set to 0.  And the code in
 sys/cam/cam_xpt.c that handles XPT_DEV_MATCH just checks if the passed
 bus exists, but, if I am not mistaken, does not use the obtained 'bus'
 argument in any specific way.
 
 Sooo, it seems to me that it is a bit redundant to set the fields
 target_id and target_lun, but it is wise to initialize path_id to
 CAM_XPT_PATH_ID, since this bus is always initialized within xpt_init()
 and if this bus is not created, xpt_init() bails out with EINVAL, thus
 refusing to create the xpt instance.
 --=20
 Eygene
  _                ___       _.--.   #
  \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
  /  ' `         ,       __.--'      #  to read the on-line manual  =20
  )/' _/     \   `-_,   /            #  while single-stepping the kernel.
  `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
      _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook=20
     {_.-``-'         {_/            #
 
 --ZPt4rx8FFjLCG7dd
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.9 (FreeBSD)
 
 iEYEARECAAYFAkjalFQACgkQthUKNsbL7YhSUQCdH9SzhOSjMTfWUQjPa0UvJmg4
 39kAoKNoIRTtkhMxJ8WJgULLkGqqmIVw
 =taPn
 -----END PGP SIGNATURE-----
 
 --ZPt4rx8FFjLCG7dd--

From: Marius Strobl <marius@alchemy.franken.de>
To: bug-followup@FreeBSD.org, rea-fbsd@codelabs.ru, ken@FreeBSD.org
Cc:  
Subject: Re: bin/127605: [patch] properly initialise ccb_h.path_id in cam_open_btl (lib/libcam)
Date: Wed, 24 Sep 2008 21:55:49 +0200

 On Wed, Sep 24, 2008 at 03:50:14PM +0400, Eygene Ryabinkin wrote:
 > 
 > >Description:
 > 
 > When I use cdrecord on the fresh 7.1-PRERELEASE, it fails to open the
 > device (atapicam one in my case) saying
 > -----
 > cdrecord: Invalid argument. Cannot open SCSI driver.
 > -----
 > 
 > I had traced this to the calls for XPT_DEV_MATCH on /dev/xpt0 with
 > ioctl(CAMIOCOMMAND) inside cam_open_btl() and it turned out that the
 > ccb.ccb_h.path_id is not filled in.  As I see, xptioctl in
 > sys/cam/cam_xpt.c invokes xpt_find_bus passing path_id as an argument
 > and returns EINVAL in case of error.
 > 
 > >How-To-Repeat:
 > 
 > For me it was sufficient to check out yesterday's (September 24th, 2008)
 > 7.1-PRERELEASE, and spawn cdrecord on my recorder (IDE-connected PIONEER
 > DVD-RW DVR-108 1.14, with atapicam emulation layer).
 > 
 > cdrecord also fails to perform bus scanning with '-scanbus': is has
 > simular code to enumerate devices via XPT_DEV_MATCH.  But with old
 > libcam and fixed enumeration code it successfully returns the list of
 > devices, but fails to open any due to the problem in cam_open_btl().
 > 
 > Another way to reproduce the problem is to spawn 'camcontrol eject
 > b:t:l' with unpatched libcam:
 > -----
 > $ camcontrol eject 1:1:0
 > camcontrol: cam_open_btl: CAMIOCOMMAND ioctl failed
 > cam_open_btl: Invalid argument
 > -----
 > 
 > >Fix:
 > 
 > The following patch cures the problem in the libcam:
 > --- libcam-add-ids-for-XPT_DEV_MATCH.patch begins here ---
 > CAMIOCOMMAND with argument XPT_DEV_MATCH fails with EINVAL if field
 > ccb_h.path_id is not set to CAM_XPT_PATH_ID.  I am additionally setting
 > target_id and target_lun to the wildcard values.  Had not found the
 > exact specifications for what is needed for XPT_DEV_MATCH, but the code
 > in the camcontrol.c sets all three fields.
 > 
 > For the atapicam(4) CD-ROM device setting only ccb_h.path_id is
 > sufficient to get cam_open_btl() working for cdrecord tool from
 > sysutils/cdrtools [1].  But setting the other fields makes no harm here,
 > so I really don't know if it is needed or not.
 > 
 > [1] Needs patching too: it has the simular code for the bus scanning and
 > no ccb_h.path_id was set there as well.  Opened another PR.
 > -- 
 > Eygene, rea-fbsd@codelabs.ru
 > --- lib/libcam/camlib.c.orig	2008-09-24 14:56:25.000000000 +0400
 > +++ lib/libcam/camlib.c	2008-09-24 14:58:12.000000000 +0400
 > @@ -346,6 +346,9 @@
 >  
 >  	bzero(&ccb, sizeof(union ccb));
 >  	ccb.ccb_h.func_code = XPT_DEV_MATCH;
 > +	ccb.ccb_h.path_id = CAM_XPT_PATH_ID;
 > +	ccb.ccb_h.target_id = CAM_TARGET_WILDCARD;
 > +	ccb.ccb_h.target_lun = CAM_LUN_WILDCARD;
 >  
 >  	/* Setup the result buffer */
 >  	bufsize = sizeof(struct dev_match_result);
 > --- libcam-add-ids-for-XPT_DEV_MATCH.patch ends here ---
 > 
 > As I said in the patch description, I am not completely sure that one
 > should initialize all three fields, but it makes no harm for my test
 > cases.
 > 
 
 I think this patch is fine as-is, at least Ken and I fixed
 basically the same bug the same way in camcontrol.c rev. 1.52.
 Ken, do you have any objections to committing it?
 
 Marius
 
State-Changed-From-To: open->patched 
State-Changed-By: marius 
State-Changed-When: Wed Nov 12 20:11:29 UTC 2008 
State-Changed-Why:  
Grab; mark patched; this was committed to head in r184379 
and to stable/7 in r184662. It will commited to stable/6 
after the freeze for FreeBSD 6.4 has been lifted. 

Marius 



Responsible-Changed-From-To: freebsd-bugs->marius 
Responsible-Changed-By: marius 
Responsible-Changed-When: Wed Nov 12 20:11:29 UTC 2008 
Responsible-Changed-Why:  
Grab; mark patched; this was committed to head in r184379 
and to stable/7 in r184662. It will committed to stable/6 
after the freeze for FreeBSD 6.4 has been lifted. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127605 
State-Changed-From-To: patched->closed 
State-Changed-By: marius 
State-Changed-When: Mon Dec 1 21:20:49 UTC 2008 
State-Changed-Why:  
Close; the patch was also committed to stable/6 in r185530. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127605 
>Unformatted:
