[Info-vax] TCP/IP V5.6 ECO 4 caveat...

VAXman- at SendSpamHere.ORG VAXman- at SendSpamHere.ORG
Wed Nov 4 15:37:16 EST 2009 

I've looked at two Alpha crashes today.  Both were the results of kernel
code that accesses telnet devices.  The problem seems to be that a TCPIP
ECO (TCPIP V5.6 ECO4) trounces on R4 when calling IOC$SEACTHDEV.  Below
is the comment header from the source listings for this routine.  I took
the liberty of deleting the listing lines so that this will fit into 80
columns.

;+
;
; IOC$SEARCH - general I/O database search
; IOC$SEARCHDEV - search for specific physical device
; IOC$SEARCHALL - generic search for any device
;
; This routine searches the I/O database for the specified device, using
; the specified search rules. Depending on the search, a lock may or may
; not be taken out on the device when it is found.
;
; INPUTS:
;
;       R1 = address of descriptor of device / logical name string
;       R2 = flags
;       R3 = address to store lock value block
;       I/O database mutex held, IPL 2
;
; OUTPUTS:
;
;       R0 = SS$_NORMAL - device found
;          = SS$_ACCVIO - name string is not readable
;          = SS$_NONLOCAL - nonlocal device
;          = SS$_IVLOGNAM - invalid logical name (e.g., too long)
;          = SS$_TOOMANYLNAM - max. logical name recursion exceeded
;          = SS$_IVDEVNAM - invalid device name string
;          = SS$_NOSUCHDEV - device not found
;          = SS$_NODEVAVL - device exists but not available according to rules
;          = SS$_DEVALLOC - device allocated to other user
;          = SS$_NOPRIV - failed device protection
;          = SS$_TEMPLATEDEV - can't allocate template device
;          = SS$_DEVMOUNT - device already mounted
;          = SS$_DEVOFFLINE - device marked offline
;       R1 = UCB
;       R2 = DDB
;       R3 = system block
;       R4 - R11 preserved
========^^================ Don't you believe it!
;
;       Note: If failure, R1 - R3 point to the last structures looked at.
;
;       R2 and R3 are input only to IOC$SEARCH.
;
;       IOC$SEARCHDEV:  R2 = IOC$M_PHY ! IOC$M_ANY
;                       R3 = 0
;       IOC$SEARCHALL:  R2 = IOC$M_ANY ! IOC$M_LOCAL
;                       R3 = 0
;
;-

The crashes occurred after calling IOC$SEARCHDEV with a telnet device and
then accessing the PCB which should have been preserved in R4 across this
call according to the documentation.  This particular bit of code has been
in production for decades and only with installation of TCPIP V5.6 ECO 4
has there been any issue.  I've fixed the code by preserving R4 across the
IOC$SEARCHDEV.  This problem only occurs when accessing TCPIP devices and
not with any other terminal device.

Just a heads up!

-- 
VAXman- A Bored Certified VMS Kernel Mode Hacker    VAXman(at)TMESIS(dot)ORG

  http://www.quirkfactory.com/popart/asskey/eqn2.png
  
  "Well my son, life is like a beanstalk, isn't it?"

More information about the Info-vax mailing list