ECO NUMBER: VMS72_SYS-V0300 PRODUCT: OpenVMS Alpha OPERATING SYSTEM 7.2 UPDATE PRODUCT: OpenVMS Alpha OPERATING SYSTEM 7.2 COVER LETTER 1 KIT NAME: VMS72_SYS-V0300 2 KITS SUPERSEDED BY THIS KIT: VMS72_SYS-V0200. 3 KIT DEPENDENCIES: 3.1 The following remedial kit(s) must be installed BEFORE installation of this, or any required kit: VMS72_UPDATE-V0200. 3.2 In order to receive all the corrections listed in this kit, the following remedial kits should also be installed: None. 4 KIT DESCRIPTION: 4.1 Version(s) of OpenVMS to which this kit may be applied: OpenVMS ALPHA V7.2 4.2 Files patched or replaced: o [SYS$LDR]IMAGE_MANAGEMENT.EXE (new image) o [SYS$LDR]LOGICAL_NAMES.EXE (new image) o [SYS$LDR]PROCESS_MANAGEMENT.EXE (new image) o [SYS$LDR]PROCESS_MANAGEMENT_MON.EXE (new image) o [SYS$LDR]SECURITY.EXE (new image) o [SYS$LDR]SECURITY_MON.EXE (new image) o [SYS$LDR]SYS$CLUSTER.EXE (new image) o [SYS$LDR]IMAGE_MANAGEMENT.STB (new image) o [SYS$LDR]PROCESS_MANAGEMENT.STB (new image) -- COVER LETTER -- Page 2 13 March 2000 o [SYS$LDR]PROCESS_MANAGEMENT_MON.STB (new image) o [SYS$LDR]SECURITY_MON.STB (new image) o [SYS$LDR]SECURITY.STB (new image) 4.3 Problems addressed in VMS72_SYS-V0300 kit. o Subprocesses created from image (LIB$SPAWN) do not inherit the parents image privileges. Images Affected: - [SYS$LDR]PROCESS_MANAGEMENT.EXE - [SYS$LDR]PROCESS_MANAGEMENT_MON.EXE o If process termination occurs while image activation is in progress, an ACCVIO may occur. Images Affected: - [SYS$LDR]IMAGE_MANAGEMENT.EXE - [SYS$LDR]PROCESS_MANAGEMENT.EXE o IPL synchronization issues in the Cluster Wide Process Services code for the $GETJPI system service opens a context corruption timing window. The problem can crash either the sending or target node in an OpenVMS Cluster via CWSERR or INVEXCEPTN bugchecks in SYS$CLUSTER code. In most cases the target node crashes but the actual corruption occurred on the sending node. Images Affected: - [SYS$LDR]PROCESS_MANAGEMENT.EXE - [SYS$LDR]SYS$CLUSTER.EXE o A BASIC application terminates abnormally with the BAS$_PROLOSSOR, DEVFOREIGN or ACCVIO status. Images Affected: - [SYS$LDR]PROCESS_MANAGEMENT.EXE - [SYS$LDR]PROCESS_MANAGEMENT.STB -- COVER LETTER -- Page 3 13 March 2000 - [SYS$LDR]PROCESS_MANAGEMENT_MON.EXE - [SYS$LDR]PROCESS_MANAGEMENT.STB o MFPR_xxx and MTPR_xxx PALcode instructions can leave registers R1, R16 and R17 with unpredictable results. These registers were not always saved and restored in ASTDEL_STACK.M64. Although corruptions of these registers have not been known to occur, the potential is there, particularly on newer platforms. Images Affected: - [SYS$LDR]PROCESS_MANAGEMENT.EXE - [SYS$LDR]PROCESS_MANAGEMENT.STB - [SYS$LDR]PROCESS_MANAGEMENT_MON.EXE - [SYS$LDR]PROCESS_MANAGEMENT.STB o SET PROCESS/PRIORITY=n fails with the following error: "%SET-E-NOTSET, need ALTPRI privilege to elevate above base priority" when the target process is on a remote cluster node. Images Affected: - [SYS$LDR]SYS$CLUSTER.EXE o A call to $SETPRV may not result in the requested modifications being applied to the security structures. Subsequent calls requiring the UNSET privileges may fail with SS$_NOPRIV. This only occurs when the SYSGEN parameter ARB_SUPPORT equals 3. Images Affected: - [SYS$LDR]PROCESS_MANAGEMENT.EXE - [SYS$LDR]PROCESS_MANAGEMENT.STB - [SYS$LDR]PROCESS_MANAGEMENT_MON.EXE - [SYS$LDR]PROCESS_MANAGEMENT.STB o Image activation retry fails for process created for single image execution. Image activation retry is used to deal with un-satisfied shared address data dependencies. For example: $ RUN SYS$SYSTEM:INSTALL -- COVER LETTER -- Page 4 13 March 2000 sys$library:librtl /delete sys$library:librtl /open/header/shared $ start/que MM$TEST_LATSYM %RMS-F-SYN, file specification syntax error Images Affected: - [SYS$LDR]PROCESS_MANAGEMENT.EXE - [SYS$LDR]PROCESS_MANAGEMENT_MON.EXE o System crashes with INVEXCEPTN while above ASTDEL. The failing PC is at OTS$REM_UL_C+B8 in SYS$BASE_IMAGE. Images Affected: - [SYS$LDR]PROCESS_MANAGEMENT.EXE - [SYS$LDR]PROCESS_MANAGEMENT_MON.EXE o Redefining a logical name table, such as LNM$TEMPORARY_MAILBOX, to a process-private logical name table may lead to a system crash if the process also creates a mailbox with a logical name. The crash would typically occur when the CLUSTER_SERVER process was the current process. Images Affected: - [SYS$LDR]LOGICAL_NAMES.EXE 5 PROBLEMS ADDRESSED IN VMS72_SYS-V0200 KIT o When granting identifiers to a user, access to a queue that had previously worked was no longer working. This is shown below: $ submit/user=USER1/nolog SYS$SYSDEVICE:[USER1]test/que=USER1$test %SUBMIT-F-CREJOB, error creating job -JBC-E-NOPRIV, insufficient privilege or queue protection violation $ $ uaf grant/id ID1 USER1 %UAF-I-GRANTMSG, identifier ID1 granted to USER1 $ $ submit/user=USER1/nolog SYS$SYSDEVICE:[USER1]test/que=USER1$test Job TEST (queue USER1$TEST, entry 7) started on USER1$TEST $ $ uaf grant/id ID2 USER1 %UAF-I-GRANTMSG, identifier ID2 granted to USER1 $ $ submit/user=USER1/nolog SYS$SYSDEVICE:[USER1]test/que=USER1$test -- COVER LETTER -- Page 5 13 March 2000 Job TEST (queue USER1$TEST, entry 8) started on USER1$TEST $ $ uaf grant/id ID3 USER1 %UAF-I-GRANTMSG, identifier ID3 granted to USER1 $ $ submit/user=USER1/nolog SYS$SYSDEVICE:[USER1]test/que=USER1$test Job TEST (queue USER1$TEST, entry 9) started on USER1$TEST $ $ uaf grant/id ID4 USER1 %UAF-I-GRANTMSG, identifier ID4 granted to USER1 $ $ submit/user=USER1/nolog SYS$SYSDEVICE:[USER1]test/que=USER1 $test %SUBMIT-F-CREJOB, error creating job -JBC-E-NOPRIV, insufficient privilege or queue protection violation Images Affected: - [SYS$LDR]SECURITY.EXE o Third party access checks are failing after all rights are removed and new rights are added using Grant/RevokeID services. Images Affected: - [SYS$LDR]SECURITY.EXE - [SYS$LDR]SECURITY.STB - [SYS$LDR]SECURITY_MON.EXE - [SYS$LDR]SECURITY_MON.STB o SRVEXCEPT, Unexpected system service exception Images Affected: - [SYS$LDR]SECURITY.EXE 6 PROBLEMS ADDRESSED IN VMS72_SYS-V0100 KIT o A problem that can lead to non-privileged system crashes has been identified in all OpenVMS V7.2-1 systems, and in OpenVMS Alpha V7.2 systems with the VMS72_UPDATE-V0100 or VMS72_HARDWARE-V0100 ECO kit(s) installed. The following OpenVMS Alpha environments are specifically affected: OpenVMS Alpha V7.2-1 -- COVER LETTER -- Page 6 13 March 2000 OpenVMS Alpha V7.2 with DEC-AXPVMS-VMS72_UPDATE-V0100--4 OpenVMS Alpha V7.2 with DEC-AXPVMS-VMS72_HARDWARE-V0100--4 No other OpenVMS Alpha releases or ECO kits are affected. OpenVMS VAX is not affected. In the specified OpenVMS Alpha system environments, certain non-privileged programming errors and certain command errors within specific non-privileged DCL commands can trigger an OpenVMS system service exception and a resulting system crash. The bugcheck is "SSRVEXCEPT, Unexpected system service exception", and the crash itself can be identified by locating a reference to the EXE$NAM_TO_PCB routine and the PROCESS_MANAGEMENT module in the contents of the stack present at the time of the system crash, and specifically by looking in a stack frame prior to the failing stack frame in the system crashdump. The user or the application that has issued the errant DCL command or the errant system service call can also be determined from the contents of the system crashdump. To correct this problem, OpenVMS Engineering recommends the installation of the following ECO kit (or later) for OpenVMS Alpha V7.2: DEC-AXPVMS-VMS72-SYS-V0100--4 Even though this problem exists only on V7.2 systems that have the VMS72_HARDWARE-V0100 and/or VMS72_UPDATE-V0100 kit(s) installed, OpenVMS Engineering recommends that customers install this kit in ALL V7.2 environments. This will prevent occurrence of this problem in the event the HARDWARE or UPDATE kits are installed at a later time. The following ECO kit (or later) should be installed for OpenVMS Alpha V7.2-1: DEC-AXPVMS-VMS721-SYS-V0100--4 To activate the fix, a system reboot is required. The OpenVMS Alpha version and the ECO kits presently installed on the local system can be identified using the DCL command: PRODUCT SHOW PRODUCT VMS/FULL To activate the fix, a system reboot is required. The OpenVMS Alpha version and the ECO kits presently installed on the local system can be identified using the DCL command: PRODUCT SHOW PRODUCT VMS/FULL -- COVER LETTER -- Page 7 13 March 2000 Images Affected: - [SYS$LDR]PROCESS_MANAGEMENT.EXE - [SYS$LDR]PROCESS_MANAGEMENT_MON.EXE - [SYS$LDR]PROCESS_MANAGEMENT.STB - [SYS$LDR]PROCESS_MANAGEMENT_MON.STB 7 KIT INSTALLATION RATING: The following kit installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) INSTALLATION RATING: INSTALL_1 : To be installed by all customers. 8 INSTALLATION INSTRUCTIONS: Install this kit with the VMSINSTAL utility by logging into the SYSTEM account, and typing the following at the DCL prompt: PRODUCT INSTALL VMS72_SYS-V0300 /SOURCE=[location of Kit] The kit location may be a tape drive, CD, or a disk directory that contains the kit. Additional help on installing PCSI kits can be found by typing HELP PRODUCT INSTALL at the system prompt This kit requires a system reboot. Compaq strongly recommends that a reboot is performed immediately after kit installation to avoid system instability If you have other nodes in your OpenVMS cluster, they must also be rebooted in order to make use of the new image(s). If it is not possible or convenient to reboot the entire cluster at this time, a rolling re-boot may be performed. Copyright (c) Compaq Computer Corporation, 2000 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. -- COVER LETTER -- Page 8 13 March 2000 The software contained on this media is proprietary to and embodies the confidential technology of Compaq Computer Corporation. Possession, use, or dissemination of the software and media is authorized only pursuant to a valid written license from Compaq Computer Corporation. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL COMPAQ BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.