<<< DOCD$:[NOTES$LIBRARY]SCT-GRYPHON.NOTE;1 >>> -< sct-gryphon >- ================================================================================ Note 2544.0 RMS: Restrict scan of 3 index XABs to index file No replies EVMS::EWOODS "{VDE SCT}" 150 lines 6-DEC-1996 10:24 -------------------------------------------------------------------------------- Project: RMS Project Leader: Elinor M. Woods Development Stream: GRYPHON_SSB Checkin Type: BugFix Reviewed by: Stu Davidson Problem Symptom: Process running ALLIN1 invokes an ALLIN1 function (FILE$PROTECTION) -- which involves an RMS $OPEN with an XAB chain -- and either process terminates (BUGCHECKFATAL not enabled) or system crashes (BUGCHECKFATAL enabled) with SSRVEXCEPT (exec-mode accvio). Diagnosis: Crash occurs when initiating a scan of BLB queue in RM0CACHE. BLB queue address is obtained from IFAB, address of which is expected to be in R10 by RM0CACHE. However, at time of crash R10 contained FWA address. Offsetting off FWA (not IFAB) resulted in zero address for BLB queue. Hence, accvio when trying to use this address. Path into RM0CACHE began with scan of XAB chain off user's FAB. It is a sequential file but ALLIN1 has chained every possible XAB off FAB, including those only for indexed file (which is allowable - RMS should just ignore them). One of the XABs way down in the chain is an XABALL. In RMS0OPEN, after it has executed the device dependent code (sequential, relative or indexed), in a common exit path, it processes the XABALL which leads to a call to RM$XALLO3/RM3ALLOC. The first thing RM$XALLO3 does is check whether this is an indexed file, and if it isn't, it exits with a success. So the routine (which leads to the RM$CACHE call) should never be executed for an indexed file. However, its check of whether this is an indexed file, assumes R10 contains the IFAB pointer. At the time of the common exit path in RMS0OPEN, R10 contains the FWA for sequential files and the IFAB for indexed files. Using the fileorg offset on the FWA gets you the upper-byte of a longword virtual address field for a FWA buffer. Only if this top byte of the address field contains a "02" will the sequential file be viewed to be an indexed file. It requires a large application to be loaded into P0 for the FWA buffer allocated by RMS at runtime at a virtual address in P0 this high. (And in addition, the user has to have chained the inappropriate indexed file XABALL off the sequential file.) In the ALLIN1 case, there was a "02" in the top byte of the address. This is a day 1 bug in the RMS code. Why was it seen for the first time in Gryphon? In the early days of Gryphon (FT1) a bug fix was made to the scan of XABs (SCT-GRYPHON 250). Previously when there was a chain of XABs, other than the first XAB in the chain it was a crapshoot which of the remaining got scanned. In this case the XABALL was not getting scanned for ALLIN1, but since this was a sequential file and it shouldn't have been filled in, it was never missed by ALLIN1. With the FT1 fix, now each and every XAB in the chain is properly being processed, and the day 1 bug came to light of day. Cure: Ensure that the check of the fileorg byte in the IFAB uses the IFAB address so that the XABALL is only processed if it is an indexed file. Platforms affected: Alpha and VAX Modules: [RMS]RMS0OPEN.MAR Affected Images: [SYS$LDR]RMS.EXE Impact/Risks: Low risk (very focused fix) How this change was Tested: The images were rebuilt. To come up with an application large enough to reproduce this problem would have required too large an effort (as well as time). Fortunately, ALLIN1 was willing and able to test an image with the fix. FILE$PROTECTION now works correctly. In addition, we took the opportunity to requalify what we view to be the final SSB RMS.EXE and ran all our regression test suites; no regression was found. ALLIN1 also took the opportunity to requalify its regression tests; it also found no other regression. Associated QARs,CLDs,SPRs: EVMS-GRYPHON-FT 295 Comments: (optional) DIFFERENCES: ************ File ROOT:[RMS.SRC]RMS0OPEN.MAR;2 1 $BEGIN RMS0OPEN,47,RM$RMS, 2 ****** File ROOT:[RMS.SRC]RMS0OPEN.MAR;1 1 $BEGIN RMS0OPEN,46,RM$RMS, 2 ************ ************ File ROOT:[RMS.SRC]RMS0OPEN.MAR;2 37 ; X-47 EMW0123 Elinor M. Woods 03-Dec-1996 38 ; Make XAB_SCAN that invokes 3 indexed (RM3) routines 39 ; conditional on file being indexed. These routines 40 ; on entry check that the file is indexed; however, 41 ; for this check they assume R10 contains a pointer to 42 ; the IFAB. This assumption is met if file is indexed, 43 ; but not if it is sequential (if sequential, R10 44 ; contains pointer to FWA). This could result in these 45 ; routines being executed inappropriately for a sequential 46 ; file (even leading to a SSRVEXCEPT). 47 ; 48 ; X-46 TGS050 Tom Speer 06-May-1996 ****** File ROOT:[RMS.SRC]RMS0OPEN.MAR;1 37 ; X-46 TGS050 Tom Speer 06-May-1996 ************ ************ File ROOT:[RMS.SRC]RMS0OPEN.MAR;2 1036 10$: CMPB IFB$B_ORGCASE(R9),#IFB$C_IDX ; indexed file? 1037 BNEQ 20$ ; if not indexed file, skip invoking these 1038 ; 3 indexed xab routines 1039 XAB_SCAN <,- ; scan the xab chain (note: these routines 1040 ,- ; assume that R10 points to IFAB) 1041 >,OFFSET=LONG ****** File ROOT:[RMS.SRC]RMS0OPEN.MAR;1 1025 10$: XAB_SCAN <,- ; scan the xab chain 1026 ,- 1027 >,OFFSET=LONG ************ ************ File ROOT:[RMS.SRC]RMS0OPEN.MAR;2 1045 20$: 1046 1047 ; ****** File ROOT:[RMS.SRC]RMS0OPEN.MAR;1 1031 ; ************ Number of difference sections found: 4 Number of difference records found: 19 DIFFERENCES /IGNORE=()/MERGED=1/OUTPUT=ROOT:[RMS.SRC]RMS0OPEN.DIF;1- ROOT:[RMS.SRC]RMS0OPEN.MAR;2- ROOT:[RMS.SRC]RMS0OPEN.MAR;1