From owner-freebsd-bugs@FreeBSD.ORG  Fri Mar 18 15:50:03 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4DD9716A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 18 Mar 2005 15:50:03 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0E5F843D53
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 18 Mar 2005 15:50:03 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j2IFo2Kk070825
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 18 Mar 2005 15:50:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j2IFo2Sn070824;
	Fri, 18 Mar 2005 15:50:02 GMT
	(envelope-from gnats)
Resent-Date: Fri, 18 Mar 2005 15:50:02 GMT
Resent-Message-Id: <200503181550.j2IFo2Sn070824@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Andriy Gapon <avg@icyb.net.ua>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 12E1016A4CE
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 18 Mar 2005 15:46:39 +0000 (GMT)
Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 194BA43D48
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 18 Mar 2005 15:46:37 +0000 (GMT)
	(envelope-from avg@topspin.kiev.ua)
Received: from oddity.topspin.kiev.ua (oddity-e.topspin.kiev.ua
	[212.40.38.87])
	by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id RAA00929
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 18 Mar 2005 17:46:35 +0200 (EET)
	(envelope-from avg@topspin.kiev.ua)
Received: from oddity.topspin.kiev.ua (localhost [127.0.0.1])
	j2IFkYSP001477	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 18 Mar 2005 17:46:34 +0200 (EET)
	(envelope-from avg@oddity.topspin.kiev.ua)
Received: (from avg@localhost)
	by oddity.topspin.kiev.ua (8.13.1/8.13.1/Submit) id j2IFkYxg001476;
	Fri, 18 Mar 2005 17:46:34 +0200 (EET)
	(envelope-from avg)
Message-Id: <200503181546.j2IFkYxg001476@oddity.topspin.kiev.ua>
Date: Fri, 18 Mar 2005 17:46:34 +0200 (EET)
From: Andriy Gapon <avg@icyb.net.ua>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: kern/78987: udf fs: readdir returns error when it should not
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Mar 2005 15:50:03 -0000


>Number:         78987
>Category:       kern
>Synopsis:       udf fs: readdir returns error when it should not
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 18 15:50:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Andriy Gapon
>Release:        FreeBSD 5.3-RELEASE-p5 i386
>Organization:
>Environment:
System: FreeBSD 5.3-RELEASE-p5 i386


	
>Description:
while reading large enough directory from a udf filesystem,
when total size of directory entries is greater than size of
a userland buffer, udf readdir leaks to userland its internal
error code used to mark such condition. This happens because
the calling code neglects to distinguish between real uiomove()
errors and internal flag set in udf_uiodir() when 
uio->uio_resid < de_size
In my case the error ocurred when a directory had 436 entries in it.
Kernel produced the following messages:
uiomove returned -1
>How-To-Repeat:
1a. find a UDF disk with a director(y|ies) with many files
or
1b. create a UDF filesystem with a directory with a lot of files in it,
using sysutils/udfclient for example
2. perform ls -l on the directory
3. see that ls returns only a small subset of entries and the following
messages are produced by kernel:
uiomove returned -1
>Fix:
The following code is based on the similar code in isofs/cd9660, it
keeps proper handling for error==-1, but does not let it be returned
to userland and removes a message about it.

	

--- bigdir.patch begins here ---
--- sys/fs/udf/udf_vnops.c.orig_orig	Thu Mar 17 15:08:39 2005
+++ sys/fs/udf/udf_vnops.c	Thu Mar 17 15:13:41 2005
@@ -787,7 +790,8 @@
 			    ds->this_off);
 		}
 		if (error) {
-			printf("uiomove returned %d\n", error);
+			if(error > 0)
+				printf("uiomove returned %d\n", error);
 			break;
 		}
 
@@ -797,6 +801,8 @@
 	*a->a_eofflag = uiodir.eofflag;
 	uio->uio_offset = ds->offset + ds->off;
 
+	if(error < 0)
+		error = 0;
 	if (!error)
 		error = ds->error;
 
--- bigdir.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: