ECO NUMBER: VMS721_RMS-V0500 PRODUCT: OpenVMS Alpha OPERATING SYSTEM V7.2-1 UPDATE PRODUCT: OpenVMS Alpha OPERATING SYSTEM V7.2-1 COVER LETTER 1 KIT NAME: VMS721_RMS-V0500 2 KITS SUPERSEDED BY THIS KIT: VMS721_RMS-V0400 3 KIT DEPENDENCIES: 3.1 The following remedial kit(s), or later, must be installed BEFORE installation of this, or any required kit: o VMS721_PCSI-V0100 o VMS721_UPDATE-V0300 3.2 In order to receive all the corrections listed in this kit, the following remedial kits, or later, should also be installed: None. 4 KIT DESCRIPTION: 4.1 Version(s) of OpenVMS to which this kit may be applied: OpenVMS Alpha V7.2-1 4.2 Files patched or replaced: o [SYSEXE]CONVERT.EXE (new image) o [SYSLIB]CONVSHR.EXE (new image) o [SYS$LDR]DDIF$RMS_EXTENSION.EXE (new image) o [SYSEXE]EDF.EXE (new image) o [SYSEXE]RECLAIM.EXE (new image) o [SYS$LDR]RMS.EXE (new image) -- COVER LETTER -- Page 2 18 July 2002 o [SYSLIB]SDARMS$SHARE.EXE (new image) o [SYS$LDR]RMSDEF.STB (new file) 5 PROBLEMS ADDRESSED IN VMS721_RMS-V0500 KIT o RMS: Avoid an exec-mode infinite loop if RMS ever attempts to add a duplicate key value to a compressed index bucket. An index bucket should never have a duplicate key value. There is the potential, however, some inconsistency (corruption) in a lower level could result in such an attempt in the case of a compressed key. A correction has been added to issue a nonfatal RMS bugcheck (ISAM) and avoid the loop. Images Affected: - [SYS$LDR]RMS.EXE o RMS: Fix for some records being potentially skipped over in a reverse key search. If the very last bucket in the data bucket chain for a particular key-of-reference is empty (no valid records), the potential exists for any valid records in the next-to-the-last bucket (and only this bucket) being skipped over in the backwards scan done by a reverse key search. This problem is restricted to a reverse key search. Images Affected: - [SYS$LDR]RMS.EXE o RMS: Correction for circumflex returned in resultant string for search error cases. When a one-character wildcard % is used in a search, if no file is found (an error is returned), the resultant string returned in the user NAM[L] structure has a circumflex (^) character inappropriately inserted just before the %. This affects a number of DCL utilities which display the resultant string with their error messages (e.g., DELETE, TYPE, RENAME and COPY). For example: $ delete %.jnk;* %DELETE-W-SEARCHFAIL, error searching for SYS$COMMON:[FOO]^%.JNK;* -RMS-E-FNF, file not found Images Affected: -- COVER LETTER -- Page 3 18 July 2002 - [SYS$LDR]RMS.EXE o CONVERT: Fix for remote file DAP protocol regression. The convert utility fails with the following error when the input file is a sequential file on a remote foreign (non-VMS) system and the output file is a sequential file on a VMS system if and only if /SORT is explicitly specified or implied by /FDL: %CONV-F-READERR, Error reading (IBM_filename) -RMS-F-BUG_DAP, Data Access Protocol error detected; DAP code = 0001A008 The problem is not reproducable using a remote VMS system. Images Affected: - [SYSEXE]CONVERT.EXE - [SYSLIB]CONVSHR.EXE 6 PROBLEMS ADDRESSED IN VMS721_RMS-V0400 KIT o Avoid possibility of exec-mode accvio due to a (very rare) Alpha image activation problem, with RMS being a potential victim. The process may either: - Terminate with an access violation (ACCVIO) if the SYSGEN parameter BUGCHECKFATAL is not enabled; or - Crash the system with a SSRVEXCEPT ACCVIO if the SYSGEN parameter BUGCHECKFATAL is enabled. This problem is fixed in the image activation (SSB) image for OpenVMS V7.2-1H1. Images Affected: - [SYS$LDR]RMS.EXE o RMS fix for inconsistent secondary key index structure. Any application that does a lot of deleting or does updates that change a no duplicate secondary key value to another value in an indexed file is a potential candidate for this problem. An ANALYZE/RMS_FILE of the indexed file reports the following error for a secondary key: -- COVER LETTER -- Page 4 18 July 2002 "Index bucket references missing data bucket with VBN nnn" The problem may be that the secondary index structure has duplicate index value entries and there should never be duplicates in the index structure. If the secondary index allows a binary search (is uncompressed), records could be hidden using an exact secondary key lookup. This problem results from the entire space being inappropriately reclaimed for the physically last SIDR record in some secondary data bucket which contains only deleted entries. This problem is restricted to an indexed file with a secondary key that allows no duplicates. The primary key contents will be intact and correct, and a convert of the file will rebuild the secondary indexes and leave the file in a consistent state. Images Affected: - [SYS$LDR]RMS.EXE o Fix to prevent the CONVERT/RECLAIM utility from producing an inconsistent index structure in an indexed file during a reclamation. An ANALYZE/RMS_FILE reports the following error: "Index bucket references missing data bucket with VBN nnn" A level 1 index record associated with a data (level 0) bucket that was reclaimed was not removed from the index bucket, as it should have been. It is extremely difficult to detect in advance of doing a convert/reclaim whether an indexed file is vulnerable if a reclaim were applied to it. For example, one condition is that one of the initial level 1 index buckets associated with data buckets eligible for reclamation has some condition (for example, only one index record) that will cause a rollback of a removed index record during a reclamation. Without the fix, doing a full convert (without the /RECLAIM qualifier) ensures avoiding this problem. Images Affected: - [SYSEXE]RECLAIM.EXE - [SYSEXE]CONVERT.EXE - [SYSLIB]CONVSHR.EXE -- COVER LETTER -- Page 5 18 July 2002 o Fix to the CONVERT utility to prevent the signal of a fatal read error (CONV-F-READERR) with an RMS-S-NORMAL secondary status when callable convert is invoked within a threaded application. This correction prevents the erroneous error signal when the end of the input file is reached. Although callable convert is not a thread safe application, it is possible to invoke the callable interface from within a single instance within a single thread. Images Affected: - [SYSEXE]CONVERT.EXE - [SYSLIB]CONVSHR.EXE o Fix to the CONVERT utility to prevent a convert which uses either network or tape input from creating an empty output indexed file. Images Affected: - [SYSEXE]CONVERT.EXE - [SYSLIB]CONVSHR.EXE o Fix to the CONVERT utility to avoid an access violation converting a sequential file when the input file has a zero maximum record size (MRS). Images Affected: - [SYSEXE]CONVERT.EXE - [SYSLIB]CONVSHR.EXE 7 PROBLEMS ADDRESSED IN VMS721_RMS-V0300 KIT o Fix to increase the directory path cache size to accommodate larger directories. A threaded process may deplete the RMS directory path cache when multiple process threads are performing simultaneous directory lookups. This can result in a race condition in which the threads end up in an infinite loop attempting to traverse their respective paths while the cache is being frequently flushed. This problem is aggravated when the directory paths contain long names and/or deep structures. The directory path cache size has been increased to prevent this behavior. -- COVER LETTER -- Page 6 18 July 2002 Images Affected: - [SYS$LDR]RMS.EXE o Fix to increase the size of RMS's internal ASB stack. RMS's internal ASB stack boundaries may be exceeded due to unanticipated third party EXEC mode activity such as an AST delivery while RMS is operating on its internal stack. Because the stack was initially sized for exclusive RMS use, the stack limits can overflow causing adjacent RMS data structures to become corrupted. This can result in various aberrant RMS conditions including non-fatal EXEC mode System Service Exceptions. Images Affected: - [SYS$LDR]RMS.EXE o Fix to prevent EXEC mode hangs with EXEC ASTs disabled. Under rare circumstances, non-atomic access to an RMS process global data cell could result in status bits being lost during concurrent cell access. A status bit to indicate whether RMS currently has ASTs disabled could inadvertently be cleared through this access resulting in an infinite hang within RMS waiting for an AST delivery, but with EXEC mode ASTs disabled. Atomic access to this cell prevents this from occurring. Images Affected: - [SYS$LDR]RMS.EXE o Enhance minimum process quotas that the RMSREC_SERVER detached process is created with. This server is dedicated to RMS RU journaling detached recovery. ENQLM and PGFLQUOTA are the process quotas that some applications have found it necessary to override the minimum on their system or cluster by increasing the associated PQL_Mxxxx sysgen parameter (e.g. PQL_MENQLM). The defaults for these quotas are now 1 million for ENQLM and 100 thousand for PGFLQUOTA. The enhancement also sets WSEXTENT at runtime to the WSMAX sysgen parameter. Images Affected: - [SYS$LDR]RMS.EXE o Rollback of a remote file transfer change made in V7.2 to its day 1 behavior in order to restore prior performance metrics for remote file transfers that request file transfer mode by -- COVER LETTER -- Page 7 18 July 2002 setting the SQO (FAB$L_FOP) option. The change was made to ignore the file transfer mode (FTM) request if the remote file was write shared. This has led to a number of reports of applications that previously had SQO specified for remote files that are experiencing significant performance degradations in their remote applications with the V7.2 family and V7.3. We have reviewed the previous behavior for file transfer mode and found that while there is the appearance of locking inconsistencies for readers when FTM is used, there is no potential for data corruption. We have concluded that when users set the FTM (SQO) option, they are in effect giving permission for the same kind of inconsistencies that a user allows when the read-regardless (RRL) option is set. This change restores the pre-V7.2 behavior for the file transfer mode for remote files. If SQO is set, file transfer mode will be used regardless of the sharing specified for the remote file. Users should expect to see the same kind of inconsistencies in reading data as they see when the read-regardless (RRL) option is set. The SQO option should be disabled if this is not acceptable for some application. In addition, to avoid the possibility of a hang that may be induced by retrying remote accesses after a record lock error, users should consider setting both the no-lock (NLK) and read-regardless (RRL) options in the RAB$L_ROP in applications that use the file transfer mode (SQO) option for remote file accesses. (Note: The new NQL (no query locking) option introduced in V7.2-1H1 is not supported by the DAP protocol for remote files.) An application should continue to work with the restored behavior without a new change even if a change has been made to an existing application to restore the file transfer mode behavior since the SQO fix was made in V7.2 (e.g., adding the UPI sharing option). There is just one potential problem that we need to point out. For new applications designed and implemented in V7.2 or later that may allow remote accesses to write shared files, they should check whether SQO (FAB$L_FOP) is enabled. Currently the SQO option is being ignored (unless the UPI sharing option is specified), and the file transfer mode is not being used for any remote accesses. With the restore of pre-V7.2 SQO behavior, it will start being used and so the behavior of the application could change. Anyone with a new application that has SQO set and the possibility of write shared files being remotely accessed by the application should consider whether the SQO option needs to be disabled. Images Affected: - [SYS$LDR]RMS.EXE -- COVER LETTER -- Page 8 18 July 2002 8 PROBLEMS ADDRESSED IN VMS721_RMS-V0200 KIT o Fix to prevent a non-fatal SSRVEXCEPT bugcheck when a wildcard network copy completes. Attempts to perform wild card file copy operations across the network may fail with a non-fatal SSRVEXCEPT bugcheck upon completion when a third party event notification software package is installed. Stale information contained within a recycled DAP message buffer could cause an invalid path to be executed during the implicit $DISPLAY of a file during RMS rundown. Images Affected: - [SYS$LDR]RMS.EXE o Fix for remote file transfer performance degradation if UPI enabled. As a side-effect of a DAP/FAL change made to the OpenVMS Alpha Version 7.2 family, the SQO (sequential only) option was inappropriately disabled in a record stream when the UPI (user provided interlock) option was enabled if RMS detected any form of write sharing. This resulted in reducing the performance of a remote file transfer that had the UPI option enabled due to the overhead of sending the file record-by-record rather than using the more efficient block mode transfer supported by the SQO option. This problem is fixed in OpenVMS Alpha V7.3. Images Affected: - [SYS$LDR]RMS.EXE o Fix to prevent an RMS$_IOP error when more than 16383 files are accessed. An image which issues more than 16383 $OPEN calls or $CONNECT calls may receive an RMS$_IOP (Invalid Operation) error on a subsequent RMS call. The Internal File and Stream Identifier (IFI/ISI) values are limited to 14 bits. Prior to this change, RMS failed to enforce this limit resulting in the inadvertent setting of some extraneous bits when more than 16383 files were opened or streams connected by a process. RMS has been modified to return a RMS$_DME error status and not continue when this limit is exceeded for an $OPEN or $CONNECT. This problem is fixed in OpenVMS Alpha V7.3. -- COVER LETTER -- Page 9 18 July 2002 Images Affected: - [SYS$LDR]RMS.EXE o Fix to prevent a hang on EFN 29 with missing upcall from threaded application. A user application that is threaded may have a thread hang waiting on event flag 29. The IOSB of the thread has been filled in, but the thread continues to be stalled. This fix ensures that an upcall is always made when RMS activity completes. This problem is fixed in OpenVMS Alpha V7.3. Images Affected: - [SYS$LDR]RMS.EXE o RMS support for new qualifier /SHARE added to SET FILE, which is dependent on the VMS721_CLIUTL-V0100 kit being installed. The /SHARE qualifier allows you to enable or disable global buffers or statistics on a file currently being accessed by other users. Only new accessors of the file will acquire the new settings. This qualifier requires SYSPRV (system privilege). The /SHARE qualifier is only valid with the following qualifiers: /[NO]GLOBAL_BUFFER=count/SHARE /[NO]STATISTICS/SHARE If other qualifiers are needed, they must be entered in a separate SET FILE command. /[NO]GLOBAL_BUFFER=count/SHARE The /SHARE qualifier can be used to enable or disable global buffers on a file currently being accessed. However, any new global buffer settings will only be applied to new accessors of the file. And if a file is already opened with global buffers, any new number of global buffers will not take effect until the file is closed by all accessors of the file. /[NO]STATISTICS/SHARE The /SHARE qualifier can be used to enable or disable statistics on a file currently being accessed. However, only statistics of new accessors of the file will be measured. -- COVER LETTER -- Page 10 18 July 2002 EXAMPLE: $ SET FILE/SHARE/GLOBAL_BUFFER=5000/STATISTICS INVENTORY.IDX This example sets 5000 global buffers on the INVENTORY.IDX file and enables statistics. Without the /SHARE qualifier, if the file was open when the SET FILE command was issued, the following error would be returned: SYSTEM-W-ACCONFLICT (file access conflict). The /SHARE qualifier allows the global buffers and statistics to be enabled on an open file. However, these settings only apply to new accessors of the file. Images Affected: - [SYS$LDR]RMS.EXE - [SYSEXE]SET.EXE - [SYSLIB]DCLTABLES.EXE with modified SET.CLD The latter two images require the installation of the VMS721_CLIUTL-V0100 kit. o Fix to prevent accvio when repeated calls are made to Convert callable interface. When making repeated calls to the Convert callable interface from within a user application, an access violation or various sort errors may be returned. The following conditions must exist for this error to occur: o An application must be making repeated calls to the callable CONVERT interface. o The current file being converted must have more than 3 keys. o At least one of the previously converted files must have had all compressions disabled. o The current file being converted must have some compression enabled. Images Affected: - [SYSLIB]CONVSHR.EXE o Fix for SQO error on CONVERT/NOSORT with collated key. Producing an indexed file with a collated key using the qualifier /NOSORT with the CONVERT utility may fail with the following error: %CONV-F-READERR, error reading -- COVER LETTER -- Page 11 18 July 2002 -RMS-F-SQO, operation not sequential (SQO set) This problem is fixed in OpenVMS Alpha V7.3. Images Affected: - [SYSEXE]CONVERT.EXE - [SYSLIB]CONVSHR.EXE o Fix to correct the bucket size calculation for values that are evenly divisible by the cluster size. The Edit/fdl Design Facility (EDF) may calculate a larger than necessary bucket size when the bucket size is evenly divisible by the cluster size of the disk. This problem is fixed in OpenVMS Alpha V7.3. Images Affected: - [SYSEXE]EDF.EXE o A GEM compiler related problem is corrected. There are two ways the user may see the effect of this problem: 1. ORA-482 crashes on Oracle 8.1.6 OPS. 2. A process can exit with an unhandled exception with the PC in SYS$PUT. Images Affected: - [SYS$LDR]RMS.EXE 9 KIT INSTALLATION RATING: The following kit installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) INSTALLATION RATING: INSTALL_1 : To be installed by all customers. -- COVER LETTER -- Page 12 18 July 2002 10 INSTALLATION INSTRUCTIONS: Install this kit with the POLYCENTER Software installation utility by logging into the SYSTEM account, and typing the following at the DCL prompt: PRODUCT INSTALL VMS721_RMS /SOURCE=[location of Kit] The kit location may be a tape drive, CD, or a disk directory that contains the kit. Additional help on installing PCSI kits can be found by typing HELP PRODUCT INSTALL at the system prompt This kit requires a system reboot. Compaq strongly recommends that a reboot is performed immediately after kit installation to avoid system instability If you have other nodes in your OpenVMS cluster, they must also be rebooted in order to make use of the new image(s). If it is not possible or convenient to reboot the entire cluster at this time, a rolling re-boot may be performed. 10.1 Special Installation Instructions: 10.1.1 SYSGEN Parameter Changes As part of the post installation processing of this kit, two SYSGEN parameters (PIOPAGES and IMGIOCNT) will be modified in order to accommodate changes being made within the RMS image. The post installation process will make an effort to add appropriate lines to the MODPARAMS.DAT files for all system roots found on the installation disk and will perform a SYSGEN write current with the modifications on the system from which this kit is being installed. The installation process will provide the status of these changes and any further instructions as necessary. 10.1.2 Scripting of Answers to Installation Questions During installation, this kit will ask and require user response to several questions. If you wish to automate the installation of this kit and avoid having to provide responses to these questions, you must create a DCL command procedure that includes the following definitions and commands: - $ DEFINE/SYS NO_ASK$BACKUP TRUE - $ DEFINE/SYS NO_ASK$REBOOT TRUE -- COVER LETTER -- Page 13 18 July 2002 - Add the following qualifiers to the PRODUCT INSTALL command and add that command to the DCL procedure. /PROD=DEC/BASE=AXPVMS/VER=V5.0 - De-assign the logicals assigned For example, a sample command file to install the VMS721_RMS-V0500 kit would be: $ $ DEFINE/SYS NO_ASK$BACKUP TRUE $ DEFINE/SYS NO_ASK$REBOOT TRUE $! $ PROD INSTALL VMS721_RMS/PROD=DEC/BASE=AXPVMS/VER=V5.0 $! $ DEASSIGN/SYS NO_ASK$BACKUP $ DEASSIGN/SYS NO_ASK$REBOOT $! $ exit Copyright (c) Compaq Computer Company, 2002 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. COMPAQ, the COMPAQ logo, VAX, Alpha, VMS, and OpenVMS are registered in the U.S. Patent and Trademark Office. All other product names mentioned herein may be trademarks of their respective companies. Confidential computer software. Valid license from COMPAQ are required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. COMPAQ shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is provided as is without warranty of any kind and is subject to change without notice. The warranties for COMPAQ products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL COMPAQ BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.