Return to BSD News archive
Newsgroups: comp.unix.bsd Path: sserve!manuel!munnari.oz.au!spool.mu.edu!agate!dog.ee.lbl.gov!hellgate.utah.edu!fcom.cc.utah.edu!cs.weber.edu!terry From: terry@cs.weber.edu (A Wizard of Earth C) Subject: 386BSD PATCHKIT, FINAL ALPHA (Alpha-3) Message-ID: <1992Sep21.070748.25418@fcom.cc.utah.edu> Sender: news@fcom.cc.utah.edu Reply-To: terry@icarus.weber.edu Organization: Weber State University (Ogden, UT) Date: Mon, 21 Sep 92 07:07:48 GMT Lines: 619 Sorry for the size of this post. 8-(. To all users (testers) of the alpha patchkit software. The final alpha version of the patch kit (alpha-3) has been uploaded to the "secret" directory on agate.berkeley.edu. After all problems with any patches or the "patches" program in this distribution have been corrected (I will wait until 28 Sep 92 for bug reports), the first public beta version will be posted on 01 Oct 92 for general consumption. This will include: o The patchkit software with all known bugs fixed. o The ability to install all patches that have not yet been installed without requiring a human to say "yes" all the time. o Any additional patches posted to comp.unix.bsd before 28 Sep 92. o All software subsystems (like full driver sources) OK'ed for distributions by their authors before 28 Sep 92. These are distinct from patches in that they are not changes to existing files. I am particularly interest in a fix for the "boot hang" problem and Francis J. Hitchen's and Garrett A. Wollman's ethernet drivers, and the Logitech bus mouse driver I saw here a while ago, and the netstat utility from agate:.../unofficial. ========================================================================== ========================================================================== The following is the "INDEX" file from the alpha-3 distribtion on agate. It lists all patches contained in the alpha-3 patchkit. Note that all patches necessary for an X kernel are in the patchkit. This means that building a kernel from the base code with all patches installed should allow you to run X with *your* kernel *without* the patches that are supplied in the X distribution. Note that installing patches will not automatically rebuild the kernel or utilities containing the patched files. There is a file named "FILES" with the distribution which tells all files effected. This is sort of an interim soloution to the rebuild problem. At least you will know where to go to do the rebuilding for files not in the directory /usr/src/sys.386bsd (which are rebuilt when the kernel is rebuilt). The major utilities affected are init, ps, ifconfig, and csh. There are a total of 43 patches in the alpha-3 patchkit; this is 24 more than the previous (alpha-2) release. ========================================================================== ========================================================================== This is a list of all patches in the alpha-3 patch kit and their effects patch00001 PATCH: PATCH NEEDED FOR KERNEL REBUILD TO SUCCEED AUTHOR: Julian Elischer (julian@tfs.com) -- updated CGD patch DESCRIPTION: Many people who have made their own kernel configurations have discovered that their kernel won't build until they change their Makefile to include a reference to vers.o (missing symbol _version). patch00002 PATCH: BIG MEMORY HANG DESCRIPTION: Because of the number of kernel map entries being to small and an inappropriate calculation for the number of buffer pages, it was possible for the kernel to hang if you had more than 8 Meg of memory installed in your system. patch00003 PATCH: INCORRECT CMOS RAM SIZE CAUSES CRASH DESCRIPTION: This patch fixes the problem encountered on HP Vectra, AT&T 6386E/33 WGS, AT&T StarServer E, and AT&T 6386/25 WGS systems where the CMOS RAM size is not what was expected. It also has fixes to allow running small kernels in 640K, and warns the user of conditions which may cause the kernel to fail to boot correctly. patch00004 PATCH: FIRST SECTOR IN MULTISECTOR READ IN BAD144 TABLE AUTHOR: Frank Maclachlan (fpm@crash.cts.com) DESCRIPTION: The bad144 table search code at finds the sector in the bad144 table and replaces the block number, cylinder, head, and sector addresses with values corresponding to the replacement sector. The sector count register is loaded with the number of sectors in the entire transfer. This is wrong; it *MUST* be set to *one* sector. A read would return the wrong data in sectors after the first; a write would *overwrite* other replacement sectors or even the bad144 table on the last track. patch00005 PATCH: WHATIS COREDUMP AUTHOR: Andrew Moore (alm@netcom.com) DESCRIPTION: The whatis program had two unitinitialized pointers which would cause it to core dump sporadically depending on the initial stack contents. patch00006 PATCH: CRASH FOR PARENT (.) REFERENCE AFTER CHROOT AUTHOR: Christoph Robitschko (chmr@fstgs01.tu-graz.ac.at) DESCRIPTION: When chroot() was used to change the apparent root directory for a process, a reference to "./", the parent directory of the new "root" directory, the system "panic"ed. patch00007 PATCH: GREENMAN BUGFIX KIT AUTHOR: David Greenman (davidg@agora.uucp) DESCRIPTION: 1. Buffers were being immediately aged after read, greatly reducing file system performance. 2. The file system buffer cache hash calculation resulted in hash collision occuring 100% of the time. 3. File system buffers were allocated twice. They were also deallocated twice, so there was not a memory leak, but freebufspace was incorrect and too much memory was being used. patch00008 PATCH: MAN PATHBUF OVER 1K AUTHOR: James W. Dolter DESCRIPTION: In the function config.c:cadd() the pointer bp isn't recalculated when the pathbuf needs to be realloced. If realloc moves the storage 'bp' is left hanging. The bug manifests itself when you modify man.conf such that the pathbuf expands beyond 1k. patch00009 PATCH: MBUF ALLOCATION FLAGS AUTHOR: Wolfgang Solfrank (ws@tools.de) DESCRIPTION: While the flags in sys/mbuf.h define M_DONTWAIT and M_WAIT in terms of M_NOWAIT and M_WAITOK, these flags are only used for the kernel malloc. But the actual code in kern/uipc_mbuf.h uses kmem_malloc, which has only a parameter canwait. This parameter has just the opposite meaning from the flag values above. This may result in occasional hangs of the system (if mbuf allocation with M_DONTWAIT is called which may result in a wait) or panics or other nasty things (if called with M_WAIT which may return a NULL pointer that is not expected and as such not tested by the calling code). patch00010 PATCH: SCROLLING BACKWORDS ON CONSOLE CAUSES CRASH AUTHOR: Frank Maclachlan (fpm@crash.cts.com) DESCRIPTION: I was horrified whilst scrolling backwards in a file with the less pager at my console when my 386BSD system suddenly rebooted. Subsequent tests revealed that the system would crash whenever I scrolled rapidly backwards through this file using less. Most files won't cause the system to crash. To demonstrate the failure, do the the following (if you don't mind watching your system crash): hd /usr/mdec/bootwd >junk # create a file less junk # invoke less G # go to the end of the file ^B^B^B... # rapid repeated control B's to # scroll backwards patch00011 PATCH: COPY ON WRITE FOR TEXT PAGES AUTHOR: Paul Kranenburg (pk@cs.few.eur.nl) DESCRIPTION: The 386 does not generate a page protection fault while it is executing in supervisor mode :-(, so copy on write handling never takes place when the kernel stuffs data into a process's text- or any other non-anonymous segment. So these cases must be explicitly checked for. NOTE: This is a security hole where it is possible for any normal user with access to the debugger and read access to any suid root program to become root! You should apply this patch immediately! patch00012 PATCH: RING BUFFER LENGTH INCORRECTLY REPORTED AUTHOR: Stephen McKay (robert@psych.psy.uq.oz.au [forwarder]) DESCRIPTION: The RB_LEN() macro in /usr/include/sys/tty.h is sometimes out by 1. In particular, in the case of a buffer containing a single character at the very end, RB_LEN() would return 0. This caused ttread() to block until a 2nd character was read before delivering them both. The user would find RAW mode programs such as vi would occasionally (1 in 1024 keypresses) get "stuck" requiring a second keypress to bring it to life. WARNING: On the whole, this seems reasonable... HOWEVER, I feel the problem may be due to the ?: expression grouping. In particular, perhaps all that's missing is some parenthesis around "RBSZ - 1 - ((rp)->rb_hd - (rp)->rb_tl)". patch00013 PATCH: FIX CSH SEGEMENTATION VIOLATION AUTHOR: Kevin Lahey (kml@mosquito.cis.ufl.edu) DESCRIPTION: I have run into the csh segmentation violation bug, and I was too lazy to install the simple "alloc + 4" bugfix, so I tracked it down. It seems to come about whenever you are in a directory in your account which has a pathname length which is divisable by 4, for instance, /users/kml/g. To test, create such a directory, enter it, and sorta execute alot of commands. Sooner or later, csh will die. The fix is to add one to the space allocated for a string in the dcanon() routine where it normalizes directory names which include the string defined for the environment variable 'HOME'. patch00014 PATCH: CAN'T kill -1 OR kill -15 DAEMONS STARTED IN /etc/rc AUTHOR: Paul Kranenburg (pk@cs.few.eur.nl) DESCRIPTION: The init program doesn't set up the proper signal disposition for the process (sh) it creates to run /etc/rc. While all signal handlers are reset to SIG_DFL, the signal mask is left unchanged causing SIGHUP and SIGTERM to be masked in all daemons started from /etc/rc. patch00015 PATCH: MAKE HUNG ON SINGLE "-" ARGUMENT AUTHOR: John Woods (jfw@eddie.mit.edu) DESCRIPTION: [ This is a patch rolled in from work done on 4.3Reno/NET2 ] There is a bug in the new make from 4.3Reno and also present in the Net2 release (as found on uunet). A command line argument consisting of a lone dash (-) causes an infinite loop ("make - make" was an excellent test case). patch00016 PATCH: NFS SERVER CREATE TRUNCATES FILE AUTHOR: Arne Henrik Juul (arnej@Lise.Unit.NO) DESCRIPTION: The file was always truncated if it existed. The reason why it only happens when used from certain NFS clients, is that some clients does not do a NFS create request at all if the file already exists. patch00017 PATCH: DMA SPECIAL HANDLING/DMA CHANNEL 4-7 TRANSFER COUNT AUTHOR: Frank Maclachlan (fpm@crash.cts.com) DESCRIPTION: At line 389 in isa_dmarangecheck(), the automatic variable priorpage is used without being initially set to 0. This causes the function to flag special handling for virtually all DMA transfer requests. Also, no check is made for DMA requests crossing DMA page boundaries (64k for DMA chans 0..3, 128k for DMA chans 4..7). This problem is masked by priorpage not being initialized - almost all DMA is done to/from safe 'bounce' buffers which don't cross DMA page boundaries and the data are block moved from/to the user's buffer. In line 359, nbytes is doubled by shifting it left 1 bit; it should instead be divided by 2 by shifting right 1 bit position. This occurs when any of the word mode DMA channels (4..7) is used. patch00018 PATCH: CORRECT MINOR NUMBER FOR COM PORT (SELECT FAILS) AUTHOR: Christoph Robitschko (chmr@fstgds01.tu-graz.ac.at) DESCRIPTION: I had the problem with select() not working on com ports. I got no response from a post regarding this one, so I started to look into it myself. I found out that the com driver calculates unit = minor(dev) -1; This has the following implications: /dev/com1 corresponds to COM0, /dev/com2 to COM1 (very confusing in kernel messages) It is incompatible with the config file entries com1 at..., com2 at... Unpredictible results will occur if someone puts a com0 at.. in his config file. It is incompatible with the DOS usage of COM1, COM2 (But who cares 8-) ttselect() calculates unit = minor(dev), and uses this as an index in com_tty. Because this index is different from that used in the com driver, select() on /dev/com1 looks at /dev/com2 and select() on /dev/com2 looks at an undefined entry in com_tty and returns always true. WARNING: RE-mknod /dev/com1, /dev/com2, and modify your kernel config! patch00019 PATCH: CLEAN UP SLIP INTERFACE TO KEEP FROM HANGING AUTHOR: Poul-Henning Kamp (phk@data.fls.dk) DESCRIPTION: Here is a patch to clean up the interface between the tty-drivers, in particular the com driver, and the sl# interfaces, this is not a work-around but a genuine bug-fix. Symptoms: after a number of "com#: silo overflow" SLIP ceases to work. Overview of the problem: the slip interface will disregard any notice from the tty-driver on problems (parity errors, framing errors or overruns), which basicly means the one might as well throw the packet away right away. Also overrun in the packetizing will go relatively unnotized. patch00020 PATCH: CLONES OF WESTERN DIGITAL ETHERNET CARDS FAIL CHECKSUM AUTHOR: Mike Durkin (mdurkin@tsoft.sf-bay.org) DESCRIPTION: Danpex EW-2016 is an inexpensive (US$85.) allegedly WD8013-compatible ethernet card. I have one of these cards also and after fiddling a bit with the source found that the checksum in the probe fails. I commented it out and am using the card successfully, NFS mounting to and from my Sun3s with no problems. This patch reports the failure, but doesn't fail the probe because of it. patch00021 PATCH: SECOND WD STYLE DISK, BZERO MALLOCED FOR WARM BOOT AUTHOR: Christoph Robitschko (chmr@edvz.tu-graz.ac.at) DESCRIPTION: System would not recognize second hard drive and would crash when you try to acces a second drive which is configured but not connected. I include a patch which should correct these problems. It will try to open all configured disks at boot time and print the identification strings. This patch also includes the laptop/warmboot patch the bzero's malloc'ed memory, since this memory may contain the same data between boots and cause the driver to believe the disk has already been connected. patch00022 PATCH: CHANGE RUN LEVEL (SINGLE USER/MULTIUSER/HALT) AUTHOR: Christoph Robitschko (chmr@edvz.tu-graz.ac.at) DESCRIPTION: /sbin/init did not set some internal flags correctly (Reboot, drain) This caused it to not execute /etc/rc again if the system was brought down to singleuser and the back up again. It also tried to start multiuser mode when you tried halt or reboot in singleuser (when the singleuser shell was terminated by halt/reboot). patch00023 PATCH: CLEAN UP UTMP ENTRIES, LOG TO WTMP AUTHOR: ? (please claim me) DESCRIPTION: This allows init to remove entries from the utmp file when users log out, and also adds logout information for the wtmp file. patch00024 PATCH: ENFORCE EXECUTE PERMISSIONS, MNT_NOEXEC AUTHOR: cs481a07 (cs481a07@umbc5.umbc.edu) DESCRIPTION: >problem 3: I noticed that anyone could run shutdown. the permissions were > >-rwsr-x--- owner root group operator. I changed the permissions to >-r-x------ and anyone can still run it. (you get the shutdown: NOT super-user) This is a big security hole. In 0.0, a VOP_ACCESS was used, but root always succeeds (and tries to execute anything). But the check for a single execute bit is wrong too. I put the VOP_ACCESS back but also checked to make sure at least one execute bit is on before root can execute the file. I also checked if the filesystem was mounted for execution: patch00025 PATCH: ADD ABILITY TO EXECUTE FILES WITH "#!" MAGIC NUMBER AUTHOR: ? (please claim me) DESCRIPTION: If the first two characters of a file are "#!", this constitutes a "magic number" which indicates that the file is a shell script and that the character string following the "#!" should be executed, and that the shell script itself should be used as stdin for the program executed. patch00026 PATCH: FIX "make makedb" FOR CORRECTED "whatis.db" FILE FORMAT AUTHOR: ? (please claim me) DESCRIPTION: The "whatis.db" file was in the wrong format, causing the "whatis" and "apropos" commands to fail. patch00027 PATCH: PERFORM CORRECT RANGE CHECHING ON "toupper()/tolower()" AUTHOR: Wiljo Heinen (wiljo@freeside.ki.open.de) DESCRIPTION: The toupper() and tolower() functions did not do appropriate range checking, and would shift the value of any ASCII character passed +/- 32, respectively, without regard to whether the characters so shifted were letters or not. This corrects the problem, although, like the rest of the C library, does not take internationalized character sets into account. patch00028 PATCH: ALLOW CONSOLE REDIRECTION TO WORK AUTHOR: ? (please claim me) -- part of the X patch set DESCRIPTION: This allows writes to /dev/console to be redirected to a virtual console for things like "xterm -C" and so on. patch00029 PATCH: SIGTERM + 10 SECONDS BEFORE SIGKILL TO ALLOW NORMAL EXIT AUTHOR: ? (please claim me) -- X patch set DESCRIPTION: When changing to single user run state, send a SIGTERM to processes and give them 10 seconds to exit before sending a SIGKILL. This was added to allow normal shutdown of processes. In particular, it allows the X server to reset the screen and keyboards to normal states. patch00030 PATCH: ALLOW MAPPING OF VGA MEMORY AUTHOR: ? (please claim me) -- X patch set DESCRIPTION: Allow mapping of the VGA memory into the process address space. Major reason for this is to allow the X server to operate. patch00031 PATCH: VGA MAPPING AND SCANCODE GENERATION AUTHOR: ? (please claim me) -- X patch set DESCRIPTION: This patch creates ioctl commands for putting the console in/ taking the console out of "X mode". When set into "X mode", the console will generate scan codes at the keyboard and map the VGA memory into the setting processes address space. WARNING: This patch takes several liberties. The first is not defining a seperately settable "scan code mode". The second is changing the behaviour of the keyboard in "normal" mode. This may result in an inability to use alt-"-", alt-"=", or F11 or F12 on some machines, in particular, the Toshiba T1100 and Epson Equity 1 and Equity 1+ laptops. patch00032 PATCH: KERNEL NAMELIST DATABASE CREATION/USE AUTHOR: Paul Kranenburg, ? (pk@cs.few.eur.nl, ?) DESCRIPTION: There are several bugs in the kernel namelist db creation/use and bugs in kvm.c which causes ps and several other utils to fail to work correctly. The kvm.c patches are based in part on, but supersede, the patches posted on usenet by Paul Kranenburg [which introduced bugs of its own]. In order for kvm_mkdb to work correctly, vers.o MUST be the first object linked in the kernel. The Makefile.i386 should read: SYSTEM_LD= @${LD} -z -T FE000000 -o $@ -X vers.o ${SYSTEM_OBJS} (or vers.o should be first in SYSTEM_OBJS) And, of course all things that depend on libutil.a will have to be rebuilt. patch00033 PATCH: READ FROM "/dev/drum" CAUSES CRASH AUTHOR: Paul Kranenburg (pk@cs.few.eur.nl) DESCRIPTION: Due to an improperly initialized buffer in 'physstrat', an attempt to read from /dev/drum would generally cause a crash. patch00034 PATCH: DISKLABEL PROGRAM REQUIRED ACTIVE PARTITION AUTHOR: Gary A. Browning (gab10@griffcd.amdahl.com) DESCRIPTION: It turns out that if you have not set an active partition on the SECOND drive, the disklabel program thinks that the DOS partition table is invalid and promptly, and without warning, assumes it owns the whole disk. It then writes it's label over the DOS partition table. I am not sure what it even means to have an active partition on the second drive since DOS will not boot from there anyway. A valid DOS parition no longer must have exactly one active partition. This is certainly not a required patch. The workaround is to always remember to have an active partition on each disk. patch00035 PATCH: ALLOW SELECTION OF 3COM 3C503 AUI/BNC FROM IFCONFIG AUTHOR: Herb Peyerl (hpeyerl@novatel.cuc.ab.ca DESCRIPTION: There have been questions about the configuration of the AUI/BNC connectors on the 3Com 3c503 card. The way the selection is made is to check for IFF_LLC0 being set in the "ifnet" struct. If set, the driver uses AUI, else BNC. The ifconfig program now allows the following syntax: ifconfig ec0 inet $hostname aui ifconfig ec0 inet $hostname bnc Default with no options yields BNC operation. patch00036 PATCH: PS FLOATING POINT EXCEPTION AUTHOR: Goran Hammarback (goran@astro.uu.se) DESCRIPTION: There is a bug in the implicit type conversion from int to double in GCC, probably dealing with the optimization of function return values. The gist of this is that an extern double function that isn't declared has an implicit type of int. Assigning a double variable the return value of this function causes a floating point exception. Declaring the function fixes 'ps'. patch00037 PATCH: SOURCES NOT CORRECTLY IDENTIFIED IN "crond" MAKEFILE AUTHOR: Adrian Hall (adrian@ibmpcug.co.uk) DESCRIPTION: The makefile for the crond had the objects listed in the sources line. This caused "make depend" to fail. patch00038 PATCH: ERRORS NOT SEEN WHEN READING RAW WD DEVICE AUTHOR: Frank Maclachlan (fpm@crash.cts.com) DESCRIPTION: I/O errors are not reported when reading/writing from/to the raw wd disk device. I noticed this when using 'dd' to scan a disk w/ known bad blocks and couldn't find any. The wd driver, '/sys/i386/isa/wd.c', sets the B_ERROR bit in bp->b_flags, but fails to put an error code into bp->b_error. Physio() in '/sys/kern/kern__physio.c', which manages the raw I/O in this case, ignores the B_ERROR bit in b_flags and looks for an error code in b_error. The user program is fed garbage data and no clue that an error occurred. patch00039 PATCH: MAKE SOMETIMES REMOVES DIRECTORIES AUTHOR: David Dawes (dawes@physics.su.OZ.AU) DESCRIPTION: I was building X386 this morning, and when I interrupted 'make' it told me it had removed a directory. I checked and it really had unlinked it. (I got it back by booting the fixit disk and running fsck.) I've patched the make source so that it won't do this anymore. patch00040 PATCH: CD-ROM FILES SEEM TO DISAPPAER AUTHOR: Scott Burris (scott@pita.cns.ucla.edu) DESCRIPTION: The infamous "off by 1" problem hit two places in the isofs code. There is a check to see that a directory entry doesn't span more than one physical block -- if so, that's an error. Well if the directory entry just happened to end at the last byte of the block, the kernel throught it crossed into the next block and bailed out assuming the CD-ROM wasn't following the standard. The effect is that not only can't you access the file associated with this directory entry, you also can't see any files or directories located after that entry. This is relatively rare, because a series of directory entries must fit perfectly into a 2048 byte CD-ROM block for this to trigger. patch00041 PATCH: YANK FROM NAMED BUFFER AUTHOR: Bob Wilcox (bob@obiwan.uucp) -- bad: news.dell.com!udell!obiwan DESCRIPTION: The inability to use a named buffer was the result of three lines near the end of the tmpabort() function (in tmp.c) that unconditionally closed and unlinked the temp file. These three lines were not present in the distribution of elvis 1.5 that I had gotten back in April (from prep.ai.mit.edu, I believe). Deleting these lines seemed to have fixed this problem. patch00042 PATCH: OCCASIONAL NFS READ REQUEST HANG AUTHOR: Martin Renters (martin@innovis.com) DESCRIPTION: The problem is that nfs_readrpc() is sometimes called with the argument bp->b_rcred. This is only ever initialized to NOCRED (-1). The code in nfsm_reqh() doesn't check for NOCRED and simply uses whatever happens to be in memory at that location. patch00043 PATCH: MULTIBOARD ROUTING ON WESTERN DIGITAL BOARDS AUTHOR: Michael Galassi (nerd@percival.rain.com) DESCRIPTION: Allow routing between multiple Western Digital ethernet boards which are installed in the same host. EOF -- This file has not been truncated ========================================================================== ========================================================================== Terry Lambert terry_lambert@gateway.novell.com terry@icarus.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers. -- ------------------------------------------------------------------------------- "I have an 8 user poetic license" - me Get the 386bsd FAQ from agate.berkeley.edu:/pub/386BSD/386bsd-0.1/unofficial -------------------------------------------------------------------------------