Return to BSD News archive
Newsgroups: comp.unix.bsd
Path: sserve!manuel!munnari.oz.au!spool.mu.edu!agate!dog.ee.lbl.gov!hellgate.utah.edu!fcom.cc.utah.edu!cs.weber.edu!terry
From: terry@cs.weber.edu (A Wizard of Earth C)
Subject: 386BSD PATCHKIT, FINAL ALPHA (Alpha-3)
Message-ID: <1992Sep21.070748.25418@fcom.cc.utah.edu>
Sender: news@fcom.cc.utah.edu
Reply-To: terry@icarus.weber.edu
Organization: Weber State University (Ogden, UT)
Date: Mon, 21 Sep 92 07:07:48 GMT
Lines: 619
Sorry for the size of this post. 8-(.
To all users (testers) of the alpha patchkit software.
The final alpha version of the patch kit (alpha-3) has been
uploaded to the "secret" directory on agate.berkeley.edu. After all
problems with any patches or the "patches" program in this distribution
have been corrected (I will wait until 28 Sep 92 for bug reports), the
first public beta version will be posted on 01 Oct 92 for general
consumption. This will include:
o The patchkit software with all known bugs fixed.
o The ability to install all patches that have not yet been
installed without requiring a human to say "yes" all the time.
o Any additional patches posted to comp.unix.bsd before 28 Sep 92.
o All software subsystems (like full driver sources) OK'ed for
distributions by their authors before 28 Sep 92. These are
distinct from patches in that they are not changes to existing
files. I am particularly interest in a fix for the "boot hang"
problem and Francis J. Hitchen's and Garrett A. Wollman's
ethernet drivers, and the Logitech bus mouse driver I saw here
a while ago, and the netstat utility from agate:.../unofficial.
==========================================================================
==========================================================================
The following is the "INDEX" file from the alpha-3 distribtion
on agate. It lists all patches contained in the alpha-3 patchkit. Note
that all patches necessary for an X kernel are in the patchkit. This
means that building a kernel from the base code with all patches installed
should allow you to run X with *your* kernel *without* the patches that
are supplied in the X distribution.
Note that installing patches will not automatically rebuild the
kernel or utilities containing the patched files. There is a file named
"FILES" with the distribution which tells all files effected. This is
sort of an interim soloution to the rebuild problem. At least you will
know where to go to do the rebuilding for files not in the directory
/usr/src/sys.386bsd (which are rebuilt when the kernel is rebuilt). The
major utilities affected are init, ps, ifconfig, and csh.
There are a total of 43 patches in the alpha-3 patchkit; this
is 24 more than the previous (alpha-2) release.
==========================================================================
==========================================================================
This is a list of all patches in the alpha-3 patch kit and their effects
patch00001
PATCH: PATCH NEEDED FOR KERNEL REBUILD TO SUCCEED
AUTHOR: Julian Elischer (julian@tfs.com) -- updated CGD patch
DESCRIPTION:
Many people who have made their own kernel configurations have discovered
that their kernel won't build until they change their Makefile to include
a reference to vers.o (missing symbol _version).
patch00002
PATCH: BIG MEMORY HANG
DESCRIPTION:
Because of the number of kernel map entries being to small
and an inappropriate calculation for the number of buffer pages, it was
possible for the kernel to hang if you had more than 8 Meg of memory
installed in your system.
patch00003
PATCH: INCORRECT CMOS RAM SIZE CAUSES CRASH
DESCRIPTION:
This patch fixes the problem encountered on HP Vectra, AT&T
6386E/33 WGS, AT&T StarServer E, and AT&T 6386/25 WGS systems where
the CMOS RAM size is not what was expected. It also has fixes to
allow running small kernels in 640K, and warns the user of conditions
which may cause the kernel to fail to boot correctly.
patch00004
PATCH: FIRST SECTOR IN MULTISECTOR READ IN BAD144 TABLE
AUTHOR: Frank Maclachlan (fpm@crash.cts.com)
DESCRIPTION:
The bad144 table search code at finds the sector in the bad144
table and replaces the block number, cylinder, head, and sector addresses
with values corresponding to the replacement sector. The sector count
register is loaded with the number of sectors in the entire transfer.
This is wrong; it *MUST* be set to *one* sector. A read would return
the wrong data in sectors after the first; a write would *overwrite*
other replacement sectors or even the bad144 table on the last track.
patch00005
PATCH: WHATIS COREDUMP
AUTHOR: Andrew Moore (alm@netcom.com)
DESCRIPTION:
The whatis program had two unitinitialized pointers which would
cause it to core dump sporadically depending on the initial stack contents.
patch00006
PATCH: CRASH FOR PARENT (.) REFERENCE AFTER CHROOT
AUTHOR: Christoph Robitschko (chmr@fstgs01.tu-graz.ac.at)
DESCRIPTION:
When chroot() was used to change the apparent root directory
for a process, a reference to "./", the parent directory of the new
"root" directory, the system "panic"ed.
patch00007
PATCH: GREENMAN BUGFIX KIT
AUTHOR: David Greenman (davidg@agora.uucp)
DESCRIPTION:
1. Buffers were being immediately aged after read, greatly reducing
file system performance.
2. The file system buffer cache hash calculation resulted in hash
collision occuring 100% of the time.
3. File system buffers were allocated twice. They were also deallocated
twice, so there was not a memory leak, but freebufspace was incorrect
and too much memory was being used.
patch00008
PATCH: MAN PATHBUF OVER 1K
AUTHOR: James W. Dolter
DESCRIPTION:
In the function config.c:cadd() the pointer bp isn't recalculated
when the pathbuf needs to be realloced. If realloc moves the storage
'bp' is left hanging. The bug manifests itself when you modify man.conf
such that the pathbuf expands beyond 1k.
patch00009
PATCH: MBUF ALLOCATION FLAGS
AUTHOR: Wolfgang Solfrank (ws@tools.de)
DESCRIPTION:
While the flags in sys/mbuf.h define M_DONTWAIT and M_WAIT in terms
of M_NOWAIT and M_WAITOK, these flags are only used for the kernel malloc.
But the actual code in kern/uipc_mbuf.h uses kmem_malloc, which has
only a parameter canwait. This parameter has just the opposite meaning
from the flag values above. This may result in occasional hangs of the
system (if mbuf allocation with M_DONTWAIT is called which may result in
a wait) or panics or other nasty things (if called with M_WAIT which may
return a NULL pointer that is not expected and as such not tested by the
calling code).
patch00010
PATCH: SCROLLING BACKWORDS ON CONSOLE CAUSES CRASH
AUTHOR: Frank Maclachlan (fpm@crash.cts.com)
DESCRIPTION:
I was horrified whilst scrolling backwards in a file with the less
pager at my console when my 386BSD system suddenly rebooted. Subsequent
tests revealed that the system would crash whenever I scrolled rapidly
backwards through this file using less.
Most files won't cause the system to crash. To demonstrate the failure,
do the the following (if you don't mind watching your system crash):
hd /usr/mdec/bootwd >junk # create a file
less junk # invoke less
G # go to the end of the file
^B^B^B... # rapid repeated control B's to
# scroll backwards
patch00011
PATCH: COPY ON WRITE FOR TEXT PAGES
AUTHOR: Paul Kranenburg (pk@cs.few.eur.nl)
DESCRIPTION:
The 386 does not generate a page protection fault while it is
executing in supervisor mode :-(, so copy on write handling never takes
place when the kernel stuffs data into a process's text- or any other
non-anonymous segment. So these cases must be explicitly checked for.
NOTE: This is a security hole where it is possible for any
normal user with access to the debugger and read access
to any suid root program to become root! You should
apply this patch immediately!
patch00012
PATCH: RING BUFFER LENGTH INCORRECTLY REPORTED
AUTHOR: Stephen McKay (robert@psych.psy.uq.oz.au [forwarder])
DESCRIPTION:
The RB_LEN() macro in /usr/include/sys/tty.h is sometimes out by 1.
In particular, in the case of a buffer containing a single character at the
very end, RB_LEN() would return 0. This caused ttread() to block until a
2nd character was read before delivering them both. The user would find
RAW mode programs such as vi would occasionally (1 in 1024 keypresses) get
"stuck" requiring a second keypress to bring it to life.
WARNING: On the whole, this seems reasonable... HOWEVER, I feel the
problem may be due to the ?: expression grouping. In
particular, perhaps all that's missing is some parenthesis
around "RBSZ - 1 - ((rp)->rb_hd - (rp)->rb_tl)".
patch00013
PATCH: FIX CSH SEGEMENTATION VIOLATION
AUTHOR: Kevin Lahey (kml@mosquito.cis.ufl.edu)
DESCRIPTION:
I have run into the csh segmentation violation bug, and I was too lazy to
install the simple "alloc + 4" bugfix, so I tracked it down. It seems to come
about whenever you are in a directory in your account which has a pathname
length which is divisable by 4, for instance, /users/kml/g. To test,
create such a directory, enter it, and sorta execute alot of commands.
Sooner or later, csh will die.
The fix is to add one to the space allocated for a string in the
dcanon() routine where it normalizes directory names which include
the string defined for the environment variable 'HOME'.
patch00014
PATCH: CAN'T kill -1 OR kill -15 DAEMONS STARTED IN /etc/rc
AUTHOR: Paul Kranenburg (pk@cs.few.eur.nl)
DESCRIPTION:
The init program doesn't set up the proper signal disposition for
the process (sh) it creates to run /etc/rc. While all signal handlers are
reset to SIG_DFL, the signal mask is left unchanged causing SIGHUP and
SIGTERM to be masked in all daemons started from /etc/rc.
patch00015
PATCH: MAKE HUNG ON SINGLE "-" ARGUMENT
AUTHOR: John Woods (jfw@eddie.mit.edu)
DESCRIPTION:
[ This is a patch rolled in from work done on 4.3Reno/NET2 ]
There is a bug in the new make from 4.3Reno and also present in the Net2
release (as found on uunet). A command line argument consisting of a lone
dash (-) causes an infinite loop ("make - make" was an excellent test case).
patch00016
PATCH: NFS SERVER CREATE TRUNCATES FILE
AUTHOR: Arne Henrik Juul (arnej@Lise.Unit.NO)
DESCRIPTION:
The file was always truncated if it existed. The reason why it only
happens when used from certain NFS clients, is that some clients does
not do a NFS create request at all if the file already exists.
patch00017
PATCH: DMA SPECIAL HANDLING/DMA CHANNEL 4-7 TRANSFER COUNT
AUTHOR: Frank Maclachlan (fpm@crash.cts.com)
DESCRIPTION:
At line 389 in isa_dmarangecheck(), the automatic variable priorpage
is used without being initially set to 0. This causes the function
to flag special handling for virtually all DMA transfer requests.
Also, no check is made for DMA requests crossing DMA page boundaries
(64k for DMA chans 0..3, 128k for DMA chans 4..7). This problem is
masked by priorpage not being initialized - almost all DMA is done
to/from safe 'bounce' buffers which don't cross DMA page boundaries
and the data are block moved from/to the user's buffer.
In line 359, nbytes is doubled by shifting it left 1 bit; it
should instead be divided by 2 by shifting right 1 bit position.
This occurs when any of the word mode DMA channels (4..7) is used.
patch00018
PATCH: CORRECT MINOR NUMBER FOR COM PORT (SELECT FAILS)
AUTHOR: Christoph Robitschko (chmr@fstgds01.tu-graz.ac.at)
DESCRIPTION:
I had the problem with select() not working on com ports. I got no
response from a post regarding this one, so I started to look into it
myself. I found out that the com driver calculates unit = minor(dev) -1;
This has the following implications:
/dev/com1 corresponds to COM0, /dev/com2 to COM1 (very confusing
in kernel messages)
It is incompatible with the config file entries com1 at..., com2 at...
Unpredictible results will occur if someone puts a com0 at.. in
his config file.
It is incompatible with the DOS usage of COM1, COM2 (But who cares 8-)
ttselect() calculates unit = minor(dev), and uses this as an index in
com_tty. Because this index is different from that used
in the com driver, select() on /dev/com1 looks at
/dev/com2 and select() on /dev/com2 looks at an undefined
entry in com_tty and returns always true.
WARNING: RE-mknod /dev/com1, /dev/com2, and modify your kernel config!
patch00019
PATCH: CLEAN UP SLIP INTERFACE TO KEEP FROM HANGING
AUTHOR: Poul-Henning Kamp (phk@data.fls.dk)
DESCRIPTION:
Here is a patch to clean up the interface between the tty-drivers, in
particular the com driver, and the sl# interfaces, this is not a work-around
but a genuine bug-fix.
Symptoms: after a number of "com#: silo overflow" SLIP ceases to work.
Overview of the problem: the slip interface will disregard any notice
from the tty-driver on problems (parity errors, framing errors or overruns),
which basicly means the one might as well throw the packet away right away.
Also overrun in the packetizing will go relatively unnotized.
patch00020
PATCH: CLONES OF WESTERN DIGITAL ETHERNET CARDS FAIL CHECKSUM
AUTHOR: Mike Durkin (mdurkin@tsoft.sf-bay.org)
DESCRIPTION:
Danpex EW-2016 is an inexpensive (US$85.) allegedly WD8013-compatible
ethernet card.
I have one of these cards also and after fiddling a bit with the source
found that the checksum in the probe fails. I commented it out and am
using the card successfully, NFS mounting to and from my Sun3s with no
problems.
This patch reports the failure, but doesn't fail the probe because of it.
patch00021
PATCH: SECOND WD STYLE DISK, BZERO MALLOCED FOR WARM BOOT
AUTHOR: Christoph Robitschko (chmr@edvz.tu-graz.ac.at)
DESCRIPTION:
System would not recognize second hard drive and would crash when
you try to acces a second drive which is configured but not connected.
I include a patch which should correct these problems. It will try to
open all configured disks at boot time and print the identification strings.
This patch also includes the laptop/warmboot patch the bzero's
malloc'ed memory, since this memory may contain the same data between
boots and cause the driver to believe the disk has already been connected.
patch00022
PATCH: CHANGE RUN LEVEL (SINGLE USER/MULTIUSER/HALT)
AUTHOR: Christoph Robitschko (chmr@edvz.tu-graz.ac.at)
DESCRIPTION:
/sbin/init did not set some internal flags correctly (Reboot, drain)
This caused it to not execute /etc/rc again if the system was brought down
to singleuser and the back up again. It also tried to start multiuser mode
when you tried halt or reboot in singleuser (when the singleuser shell was
terminated by halt/reboot).
patch00023
PATCH: CLEAN UP UTMP ENTRIES, LOG TO WTMP
AUTHOR: ? (please claim me)
DESCRIPTION:
This allows init to remove entries from the utmp file when users log
out, and also adds logout information for the wtmp file.
patch00024
PATCH: ENFORCE EXECUTE PERMISSIONS, MNT_NOEXEC
AUTHOR: cs481a07 (cs481a07@umbc5.umbc.edu)
DESCRIPTION:
>problem 3: I noticed that anyone could run shutdown. the permissions were
>
>-rwsr-x--- owner root group operator. I changed the permissions to
>-r-x------ and anyone can still run it. (you get the shutdown: NOT super-user)
This is a big security hole. In 0.0, a VOP_ACCESS was used, but root always
succeeds (and tries to execute anything). But the check for a single execute
bit is wrong too. I put the VOP_ACCESS back but also checked to make sure
at least one execute bit is on before root can execute the file. I also
checked if the filesystem was mounted for execution:
patch00025
PATCH: ADD ABILITY TO EXECUTE FILES WITH "#!" MAGIC NUMBER
AUTHOR: ? (please claim me)
DESCRIPTION:
If the first two characters of a file are "#!", this constitutes
a "magic number" which indicates that the file is a shell script and that
the character string following the "#!" should be executed, and that the
shell script itself should be used as stdin for the program executed.
patch00026
PATCH: FIX "make makedb" FOR CORRECTED "whatis.db" FILE FORMAT
AUTHOR: ? (please claim me)
DESCRIPTION:
The "whatis.db" file was in the wrong format, causing the "whatis"
and "apropos" commands to fail.
patch00027
PATCH: PERFORM CORRECT RANGE CHECHING ON "toupper()/tolower()"
AUTHOR: Wiljo Heinen (wiljo@freeside.ki.open.de)
DESCRIPTION:
The toupper() and tolower() functions did not do appropriate
range checking, and would shift the value of any ASCII character passed
+/- 32, respectively, without regard to whether the characters so shifted
were letters or not. This corrects the problem, although, like the rest
of the C library, does not take internationalized character sets into account.
patch00028
PATCH: ALLOW CONSOLE REDIRECTION TO WORK
AUTHOR: ? (please claim me) -- part of the X patch set
DESCRIPTION:
This allows writes to /dev/console to be redirected to a virtual
console for things like "xterm -C" and so on.
patch00029
PATCH: SIGTERM + 10 SECONDS BEFORE SIGKILL TO ALLOW NORMAL EXIT
AUTHOR: ? (please claim me) -- X patch set
DESCRIPTION:
When changing to single user run state, send a SIGTERM to processes
and give them 10 seconds to exit before sending a SIGKILL. This was added
to allow normal shutdown of processes. In particular, it allows the X
server to reset the screen and keyboards to normal states.
patch00030
PATCH: ALLOW MAPPING OF VGA MEMORY
AUTHOR: ? (please claim me) -- X patch set
DESCRIPTION:
Allow mapping of the VGA memory into the process address space.
Major reason for this is to allow the X server to operate.
patch00031
PATCH: VGA MAPPING AND SCANCODE GENERATION
AUTHOR: ? (please claim me) -- X patch set
DESCRIPTION:
This patch creates ioctl commands for putting the console in/
taking the console out of "X mode". When set into "X mode", the console
will generate scan codes at the keyboard and map the VGA memory into the
setting processes address space.
WARNING:
This patch takes several liberties. The first is not defining a
seperately settable "scan code mode". The second is changing the behaviour
of the keyboard in "normal" mode. This may result in an inability to use
alt-"-", alt-"=", or F11 or F12 on some machines, in particular, the Toshiba
T1100 and Epson Equity 1 and Equity 1+ laptops.
patch00032
PATCH: KERNEL NAMELIST DATABASE CREATION/USE
AUTHOR: Paul Kranenburg, ? (pk@cs.few.eur.nl, ?)
DESCRIPTION:
There are several bugs in the kernel namelist db creation/use and
bugs in kvm.c which causes ps and several other utils to fail to work
correctly.
The kvm.c patches are based in part on, but supersede, the patches posted
on usenet by Paul Kranenburg [which introduced bugs of its own].
In order for kvm_mkdb to work correctly, vers.o MUST be the first object
linked in the kernel. The Makefile.i386 should read:
SYSTEM_LD= @${LD} -z -T FE000000 -o $@ -X vers.o ${SYSTEM_OBJS}
(or vers.o should be first in SYSTEM_OBJS)
And, of course all things that depend on libutil.a will have to be rebuilt.
patch00033
PATCH: READ FROM "/dev/drum" CAUSES CRASH
AUTHOR: Paul Kranenburg (pk@cs.few.eur.nl)
DESCRIPTION:
Due to an improperly initialized buffer in 'physstrat', an attempt
to read from /dev/drum would generally cause a crash.
patch00034
PATCH: DISKLABEL PROGRAM REQUIRED ACTIVE PARTITION
AUTHOR: Gary A. Browning (gab10@griffcd.amdahl.com)
DESCRIPTION:
It turns out that if you have not set an active partition on the SECOND
drive, the disklabel program thinks that the DOS partition table is invalid
and promptly, and without warning, assumes it owns the whole disk. It then
writes it's label over the DOS partition table. I am not sure what it even
means to have an active partition on the second drive since DOS will not
boot from there anyway.
A valid DOS parition no longer must have exactly one active partition. This
is certainly not a required patch. The workaround is to always remember to
have an active partition on each disk.
patch00035
PATCH: ALLOW SELECTION OF 3COM 3C503 AUI/BNC FROM IFCONFIG
AUTHOR: Herb Peyerl (hpeyerl@novatel.cuc.ab.ca
DESCRIPTION:
There have been questions about the configuration of the AUI/BNC
connectors on the 3Com 3c503 card. The way the selection is made is to
check for IFF_LLC0 being set in the "ifnet" struct. If set, the driver
uses AUI, else BNC. The ifconfig program now allows the following syntax:
ifconfig ec0 inet $hostname aui
ifconfig ec0 inet $hostname bnc
Default with no options yields BNC operation.
patch00036
PATCH: PS FLOATING POINT EXCEPTION
AUTHOR: Goran Hammarback (goran@astro.uu.se)
DESCRIPTION:
There is a bug in the implicit type conversion from int to double in GCC,
probably dealing with the optimization of function return values. The
gist of this is that an extern double function that isn't declared has
an implicit type of int. Assigning a double variable the return value
of this function causes a floating point exception. Declaring the
function fixes 'ps'.
patch00037
PATCH: SOURCES NOT CORRECTLY IDENTIFIED IN "crond" MAKEFILE
AUTHOR: Adrian Hall (adrian@ibmpcug.co.uk)
DESCRIPTION:
The makefile for the crond had the objects listed in the sources
line. This caused "make depend" to fail.
patch00038
PATCH: ERRORS NOT SEEN WHEN READING RAW WD DEVICE
AUTHOR: Frank Maclachlan (fpm@crash.cts.com)
DESCRIPTION:
I/O errors are not reported when reading/writing from/to the raw
wd disk device. I noticed this when using 'dd' to scan a disk w/ known
bad blocks and couldn't find any.
The wd driver, '/sys/i386/isa/wd.c', sets the B_ERROR bit in
bp->b_flags, but fails to put an error code into bp->b_error. Physio()
in '/sys/kern/kern__physio.c', which manages the raw I/O in this case,
ignores the B_ERROR bit in b_flags and looks for an error code in b_error.
The user program is fed garbage data and no clue that an error occurred.
patch00039
PATCH: MAKE SOMETIMES REMOVES DIRECTORIES
AUTHOR: David Dawes (dawes@physics.su.OZ.AU)
DESCRIPTION:
I was building X386 this morning, and when I interrupted 'make' it
told me it had removed a directory. I checked and it really had unlinked
it. (I got it back by booting the fixit disk and running fsck.)
I've patched the make source so that it won't do this anymore.
patch00040
PATCH: CD-ROM FILES SEEM TO DISAPPAER
AUTHOR: Scott Burris (scott@pita.cns.ucla.edu)
DESCRIPTION:
The infamous "off by 1" problem hit two places in the isofs code.
There is a check to see that a directory entry doesn't span more than one
physical block -- if so, that's an error. Well if the directory entry just
happened to end at the last byte of the block, the kernel throught it
crossed into the next block and bailed out assuming the CD-ROM wasn't following
the standard. The effect is that not only can't you access the file associated
with this directory entry, you also can't see any files or directories located
after that entry.
This is relatively rare, because a series of directory entries must fit
perfectly into a 2048 byte CD-ROM block for this to trigger.
patch00041
PATCH: YANK FROM NAMED BUFFER
AUTHOR: Bob Wilcox (bob@obiwan.uucp) -- bad: news.dell.com!udell!obiwan
DESCRIPTION:
The inability to use a named buffer was the result of three lines
near the end of the tmpabort() function (in tmp.c) that unconditionally
closed and unlinked the temp file. These three lines were not present in
the distribution of elvis 1.5 that I had gotten back in April (from
prep.ai.mit.edu, I believe). Deleting these lines seemed to have fixed
this problem.
patch00042
PATCH: OCCASIONAL NFS READ REQUEST HANG
AUTHOR: Martin Renters (martin@innovis.com)
DESCRIPTION:
The problem is that nfs_readrpc() is sometimes called with the
argument bp->b_rcred. This is only ever initialized to NOCRED (-1).
The code in nfsm_reqh() doesn't check for NOCRED and simply uses whatever
happens to be in memory at that location.
patch00043
PATCH: MULTIBOARD ROUTING ON WESTERN DIGITAL BOARDS
AUTHOR: Michael Galassi (nerd@percival.rain.com)
DESCRIPTION:
Allow routing between multiple Western Digital ethernet boards
which are installed in the same host.
EOF -- This file has not been truncated
==========================================================================
==========================================================================
Terry Lambert
terry_lambert@gateway.novell.com
terry@icarus.weber.edu
---
Any opinions in this posting are my own and not those of my present
or previous employers.
--
-------------------------------------------------------------------------------
"I have an 8 user poetic license" - me
Get the 386bsd FAQ from agate.berkeley.edu:/pub/386BSD/386bsd-0.1/unofficial
-------------------------------------------------------------------------------