**************************** ECO SUMMARY INFORMATION **************************** Release Date: 13-NOV-2003 Kit Name: DEC-AXPVMS-VMS73_IPC-V0200--4.PCSI Kit Applies To: OpenVMS ALPHA V7.3 Approximate Kit Size: 832 blocks Installation Rating: Installat Reboot Required: Yes - rolling reboot Superseded Kits: VMS73_IPC-V0100 Mandatory Kit Dependencies: VMS73_UPDATE-V0200 VMS73_PCSI-V0100 Optional Kit Dependencies: None VMS73_IPC-V0200.PCSI-DCX_AXPEXE Checksum: 934678116 ======================================================================= Hewlett-Packard OpenVMS ECO Cover Letter ======================================================================= ECO NUMBER: VMS73_IPC-V0200 PRODUCT: OpenVMS Alpha OPERATING SYSTEM V7.3 UPDATE PRODUCT: OpenVMS Alpha OPERATING SYSTEM V7.3 1 KIT NAME: VMS73_IPC-V0200 2 KIT DESCRIPTION: 2.1 Installation Rating: INSTALL_1 : To be installed by all customers. This installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) 2.2 Reboot Requirement: Reboot Required. HP strongly recommends that a reboot is performed immediately after kit installation to avoid system instability. If you have other nodes in your OpenVMS cluster, they must also be rebooted in order to make use of the new image(s). If it is not possible or convenient to reboot the entire cluster at this time, a rolling re-boot may be performed. 2.3 Version(s) of OpenVMS to which this kit may be applied: OpenVMS Alpha V7.3 2.4 New functionality or new hardware support provided: No. 3 KITS SUPERSEDED BY THIS KIT: - VMS73_IPC-V0100 4 KIT DEPENDENCIES: 4.1 The following remedial kit(s), or later, must be installed BEFORE installation of this, or any required kit: - VMS73_PCSI-V0100 - VMS73_UPDATE-V0200 Page 2 4.2 In order to receive all the corrections listed in this kit, the following remedial kits, or later, should also be installed: - None 5 FILES PATCHED OR REPLACED: o [SYS$LDR]SYS$IPC_SERVICES.EXE (new image) Image Identification Information image name: "SYS$IPC_SERVICES" image file identification: "V1.3-X03E-X9UH" image file build identification: "X9UH-0060010010" link date/time: 21-AUG-2003 15:22:39.31 linker identification: "A11-50" Image Checksum: 609242701 6 PROBLEMS ADDRESSED IN THIS KIT 6.1 New problems addressed in the VMS73_IPC-V0200 kit 6.1.1 The REGISTRY appeared to hang while running down 6.1.1.1 Problem Description: The REGISTRY appeared to hang while running down. Images Affected: - [SYS$LDR]SYS$IPC_SERVICES.EXE 6.1.1.2 CLDs, and QARs reporting this problem: 6.1.1.3 CLD(s) None. 6.1.1.4 QAR(s) 75-66-460 Page 3 6.1.1.5 Problem Analysis: ICC was in an ICC AST routine that is queued by IPC$_UNLINK to signal that the association had been rundown. 6.1.1.6 Work-arounds: None. 6.1.2 Non-paged pool fills with ICCPSBs. 6.1.2.1 Problem Description: Non-paged pool fills with ICCPSBs, consuming the pool. Images Affected: - [SYS$LDR]SYS$IPC_SERVICES.EXE 6.1.2.2 CLDs, and QARs reporting this problem: 6.1.2.3 CLD(s) None. 6.1.2.4 QAR(s) None. 6.1.2.5 Problem Analysis: There is a function inside the module ICC$TRANSFER_ROUTINES.B32 called cleanup_pxb. This function takes two parameters, the second being a boolean to indicate whether the ICC structure should be deallocated. The cleanup_pxb function is called from a number of places in the code, in particular, in EXE$ICC_REPLY in the synch path. If a SS$_SYNCH status is received from IPC for the reply, and the caller has indicated it is prepared to accept SYNCH, cleanup_pxb will be called for the ICCPSB with one parameter, not two. The missing second parameter influences whether nonpaged pool is returned for the ICCPSB. The flag defaults to FALSE and pool is leaked. Page 4 6.1.2.6 Work-arounds: None. 6.1.3 Hang at IPL 2 and bytecount quota could be leaked 6.1.3.1 Problem Description: o A hang can occur at IPL 2 due to quota recovery. o Under some circumstances, if a SYS$ICC_TRANSMIT or SYS$ICC_TRANSCEIVE call returned a non-success status, bytecount quota could be leaked. Images Affected: - [SYS$LDR]SYS$IPC_SERVICES.EXE 6.1.3.2 CLDs, and QARs reporting this problem: 6.1.3.3 CLD(s) 70-3-6452,CFS.95931 6.1.3.4 QAR(s) None. 6.1.3.5 Problem Analysis: o Credit accounting could be called at IPL2. o Not all failure paths out of the common routine called by TRANSMIT and TRANSCEIVE correctly returned previously charged quota. 6.1.3.6 Work-arounds: None. Page 5 6.1.4 INVEXCEPTN bugcheck at SYS$IPC_SERVICES+137D4 or SYS$IPC_SERVICES+13734 6.1.4.1 Problem Description: The system can crash with an INVEXCEPTN bugcheck at SYS$IPC_SERVICES+137D4 or SYS$IPC_SERVICES+13734 Crashdump Summary Information ----------------------------- Bugcheck Type: INVEXCEPTN, Exception while above ASTDEL Failing PC: FFFFFFFF.8035D734 SYS$IPC_SERVICES+13734 Failing PS: 30000000.00000804 Module: SYS$IPC_SERVICES (Link Date/Time: 10-JAN-2003 18:41:27.05) Offset: 00013734 Stack Pointers: KSP = 00000000.7FF87698 ESP = 00000000.7FF8B7A0 SSP = 00000000.7FF9BD20 USP = 00000000.7AE49710 Failing Instruction: SYS$IPC_SERVICES+13734: LDL R3,#X0008(R5) Images Affected: - [SYS$LDR]SYS$IPC_SERVICES.EXE 6.1.4.2 CLDs, and QARs reporting this problem: 6.1.4.3 CLD(s) None. 6.1.4.4 QAR(s) 75-83-676 6.1.4.5 Problem Analysis: ICC is calling IPC$UNLINK twice on the same logical link. When the first ICC unlink is interrupted, or waits, and a second ICC unlink (same link) begins but "fails" (IPC returns SS$_DISCONNECT to ICC), ICC deallocates the ICCPCB+IPLK. When IPC, for the first unlink, then signals the disconnect completion, the ICCPCB+IPLK given to IPC to do the job are gone, and the ACCVIO occurs. Page 6 6.1.4.6 Work-arounds: None. 6.1.5 Quota is leaked 6.1.5.1 Problem Description: o Calls to SYS$ICC_TRANSMIT[W] or SYS$ICC_TRANCEIVE[W] that failed would leak 256 bytes of quota. o If a call to SYS$ICC_TRANSMIT[W] or SYS$ICC_TRANCEIVE[W] specifies a buffer that is not a multiple of 64 bytes in length, 64 bytes of BYTCNT quota is lost if the call fails (e.g. if the link had been disconnected by the remote side.) Images Affected: - [SYS$LDR]SYS$IPC_SERVICES.EXE 6.1.5.2 CLDs, and QARs reporting this problem: 6.1.5.3 CLD(s) 70-3-6452,CFS.95931,70-3-6709,CFS.97674 6.1.5.4 QAR(s) None. 6.1.5.5 Problem Analysis: o Return code does not credit quota in all cases. o The quota debit calls round up to a multiple of 64. The code attempted to credit quota with a single call that had been debited in two separate calls. The sum of two numbers rounded, is not always equal to the the rounded sum of two numbers. Page 7 6.1.5.6 Work-arounds: None. 6.1.6 System can crash with a BADDALRQSZ bugcheck 6.1.6.1 Problem Description: The system can crash with a BADDALRQSZ bugcheck when IPC deallocates a zero size ACB (AST Control Block) on disconnect. Crashdump Summary Information: ------------------------------ Bugcheck Type: BADDALRQSZ, Bad memory deallocation request size or address Failing PC: FFFFFFFF.80045958 EXE$DEANONPGDSIZ_C+000A8 Failing PS: 10000000.00000804 Module: SYSTEM_PRIMITIVES (Link Date/Time: 17-JAN-2003 21:12:57.01) Offset: 00015958 Stack Pointers: KSP = 00000000.7FF876D0 ESP = 00000000.7FF8C000 SSP = 00000000.7FF9CD00 USP = 00000000.000DFB30 Failing Instruction: EXE$DEANONPGDSIZ_C+000A8: BUGCHK Images Affected: - [SYS$LDR]SYS$IPC_SERVICES.EXE 6.1.6.2 CLDs, and QARs reporting this problem: 6.1.6.3 CLD(s) None. 6.1.6.4 QAR(s) 75-83-728 Page 8 6.1.6.5 Problem Analysis: EXE$DEANONPGDSIZ will bugcheck with BADDALRQSZ if the size of the target packet is 0. The reason why IPC was trying to deallocate an ACB of zero size is due to a bug in disconnect processing. The crashing node, A, had initiated a connection to node B. Before node A had received an accept or reject response to the link request, node B delivered a disconnect message. There is a flaw in the test for a fully formed logical link in the logic that processes an incoming disconnect message. Although the link was not fully formed, the logic took the path as if it were. Part of disconnecting a fully formed link is deallocating the various structures associated with that link. One of these structures is an ACB whose address is stored in the IPLK describing the link. Since the ACB fields are provided by the incoming buffer only on receipt of an accept or reject (which had not arrived) the contents were garbage. 6.1.6.6 Work-arounds: None. 6.1.7 System can crash with an "INCONSTATE, Inconsistent I/O data base" bugcheck. 6.1.7.1 Problem Description: System can crash with an "INCONSTATE, Inconsistent I/O data base" bugcheck. Crashdump Summary Information: ------------------------------ Bugcheck Type: INCONSTATE, Inconsistent I/O data base Failing PC: FFFFFFFF.8039F7E8 SYS$IPC_SERVICES+3D7E8 Failing PS: 20000000.00000804 Module: SYS$IPC_SERVICES (Link Date/Time: 16-OCT-2001 01:57:51.25) Offset: 0003D7E8 Stack Pointers: KSP = FFFFFFFF.9DDF1CA0 ESP = FFFFFFFF.9DDF3000 SSP = FFFFFFFF.9DDED000 USP = FFFFFFFF.9DDED000 Failing Instruction: SYS$IPC_SERVICES+3D7E8: BUGCHK Page 9 Images Affected: - [SYS$LDR]SYS$IPC_SERVICES.EXE 6.1.7.2 CLDs, and QARs reporting this problem: 6.1.7.3 CLD(s) 70-3-6983,CFS.99600 6.1.7.4 QAR(s) None. 6.1.7.5 Problem Analysis: TVCB$W_SENDSEQNM was incremented unconditionally, but decremented only when the CDRP send sequence number was zero. 6.1.7.6 Work-arounds: None. 6.1.8 System can crash with an "INVEXCEPTN, Exception while above ASTDEL" bugcheck 6.1.8.1 Problem Description: System can crash with an "INVEXCEPTN, Exception while above ASTDEL" bugcheck at SYS$IPC_SERVICES+368AC. Crashdump Summary Information: ------------------------------ Bugcheck Type: INVEXCEPTN, Exception while above ASTDEL Failing PC: FFFFFFFF.8036E8AC SYS$IPC_SERVICES+368AC Failing PS: 30000000.00000804 Module: SYS$IPC_SERVICES (Link Date/Time: 18-JUL-2002 19:56:02.02) Offset: 000368AC Stack Pointers: KSP = FFFFFFFF.A2387B28 ESP = FFFFFFFF.A2389000 SSP = FFFFFFFF.A2385000 USP = FFFFFFFF.A2385000 Failing Instruction: SYS$IPC_SERVICES+368AC: INSQUEL/D Page 10 Images Affected: - [SYS$LDR]SYS$IPC_SERVICES.EXE 6.1.8.2 CLDs, and QARs reporting this problem: 6.1.8.3 CLD(s) 70-3-7047,CFS.100124,CFS.78468 6.1.8.4 QAR(s) None. 6.1.8.5 Problem Analysis: When the error path is taken during TP$CONNECT_INITIATE due to a bad TVCB state, a deallocated TLCB is still on the TVCB queue, still in the TVCB connect cell, and still counted as a connection on the TVCB (TVCB$B_REF_CNT). If the deallocation of the TLCB and a TLCB reallocation occur closely enough in time, the effect is an attempt to queue the same TLCB off the TVCB, twice. 6.1.8.6 Work-arounds: None. 7 INSTALLATION INSTRUCTIONS: 7.1 Installation Command Install this kit with the POLYCENTER Software installation utility by logging into the SYSTEM account, and typing the following at the DCL prompt: PRODUCT INSTALL VMS73_IPC /SOURCE=[location of Kit] The kit location may be a tape drive, CD, or a disk directory that contains the kit. Additional help on installing PCSI kits can be found by typing HELP PRODUCT INSTALL at the system prompt Page 11 7.2 Scripting of Answers to Installation Questions During installation, this kit will ask and require user response to several questions. If you wish to automate the installation of this kit and avoid having to provide responses to these questions, you must create a DCL command procedure that includes the following definitions and commands: - $ DEFINE/SYS NO_ASK$BACKUP TRUE - $ DEFINE/SYS NO_ASK$REBOOT TRUE - Add the following qualifiers to the PRODUCT INSTALL command and add that command to the DCL procedure. /PROD=DEC/BASE=AXPVMS/VER=V2.0 - De-assign the logicals assigned For example, a sample command file to install the VMS73_IPC-V0200 kit would be: $ $ DEFINE/SYS NO_ASK$BACKUP TRUE $ DEFINE/SYS NO_ASK$REBOOT TRUE $! $ PROD INSTALL VMS73_IPC/PROD=DEC/BASE=AXPVMS/VER=V2.0 $! $ DEASSIGN/SYS NO_ASK$BACKUP $ DEASSIGN/SYS NO_ASK$REBOOT $! $ exit 8 COPYRIGHT AND DISCLAIMER: (C) Copyright 2003 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP and/or its subsidiaries required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Neither HP nor any of its subsidiaries shall be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for HP products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. Page 12 DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL COMPAQ BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.