<<< DOCD$:[NOTES$LIBRARY]SCT-RAVEN.NOTE;1 >>> -< The SCT Raven conference >- ================================================================================ Note 709.0 RAVEN_FT1: evms-raven #291 No replies EVMS::PERCIVAL "{VDE SCT}" 349 lines 3-JUN-1997 17:14 -------------------------------------------------------------------------------- Title: SCS Invalid Sequence number Project: Bugfix Author: Ian Percival Component being changed: VAX Driver FACILITY SCSSESSION.MAR AXP Cluster FACILITY SCSSESSION.MAR Images affected: AXP: SYS$SCS.EXE VAX: PADRIVER.EXE PEDRIVER.EXE PIDRIVER.EXE PWDRIVER.EXE PBDRIVER.EXE Date: 13-May-1997 1. Change Information: Type of change: Bug fix.. Where is the change being made: VAX/AXP RAVEN_FT1 Reviewed by: Ian Percival Bob Brassard Checkin information: On VAX please make the generation number match the software ident number of 21; at present the two disagree. 2. Symptom Description: INVEXCEPTN @SYS$SCS_NPRO+06284 crashes can occur - this problem has been especially prevalent when associated with HSJ50 problems. See QAR text for details. 3. Problem Statement: These crashes are due to the system recieving an SCS connection establishment message from an HSJ50 containing an invalid SCS connection ID. The conn. ID is used to look up a CDT that has not been initialized. The actual crashes are due to attempting to use the CDT$L_PB (containing its initialization value of 0) as the base address of a reference. The bogus destination connection ID is parsed by VMS as 2 words; the lower word is an index into the Connection list (CDL), and the high word is a connection sequence number. The connection sequence number is invalid. The crash is occurring in routine SCS$REC_SCSMSG:: after calling SCS$CHK_CONIDX in module SCSSESSION.MAR. Failing instructions are: MOVL CDT$L_PB(R3),R0 BICW #PB$M_SCS_EXP,PB$W_STS(R0) At this point R0 contains 0 as the CDT is not in use. 4. Goals of this change: QAR EVMS-RAVEN #291 will be closed after this change Stability of OpenVMS will improve, hardware or firmware failures on remote nodes can no longer cause local nodes to crash in this way. 5. Known Restrictions / Possible Limitations / Risks: None 6. Design / Algorithms: Modify routine SCS$CHK_CONIDX to always check that the sequence number is valid. If not, break the Virtual Circuit and log the error. As a result of the above modifications the routine SCS$CHK_SRC_CONIDX must also be changed. 7. Testing: The code was modified to inject invalid sequence numbers during a CTM run. 8. Documentation: None 9. Implementation: VAX Changes:.... ************ File WORK302:[PERCIVAL.CLD.DRIVER.SRC]SCSSESSION.MAR;4 2 .IDENT 'X-21' 3 ;**************************************************************************** ****** File WORK302:[PERCIVAL.CLD.DRIVER.SRC]SCSSESSION.ORIGINAL;1 2 .IDENT 'X-20' 3 ;**************************************************************************** ************ ************ File WORK302:[PERCIVAL.CLD.DRIVER.SRC]SCSSESSION.MAR;4 43 ; X-21 JIP0007 Ian Percival 13-May-1997 44 ; CHANGE_SPEC: Invalid Connection ID 45 ; QAR: EVMS-RAVEN #291 46 ; When an invalid connection ID seq # is received in a message 47 ; we now simply close the VC rather than bugchecking. 48 ; 1.Fix change spec label in X-20 49 ; 2.Modify routine SCS$CHK_CONIDX 50 ; 3.Modify routine SCS$CHK_SRC_CONIDX 51 ; 52 ; X-20 JIP0002 Ian Percival 20-Mar-1997 53 ; CHANGE_SPEC: SCS to VMS Status conversion 54 ; 1.VMS_STATUS_TAB modified to provide error status if ****** File WORK302:[PERCIVAL.CLD.DRIVER.SRC]SCSSESSION.ORIGINAL;1 43 ; X-20 JIP0002 Ian Percival 20-Mar-1997 44 ; CHANGE_SPEC: 45 ; 1.VMS_STATUS_TAB modified to provide error status if ************ ************ File WORK302:[PERCIVAL.CLD.DRIVER.SRC]SCSSESSION.MAR;4 2312 MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list 2313 ****** File WORK302:[PERCIVAL.CLD.DRIVER.SRC]SCSSESSION.ORIGINAL;1 2303 BRB 10$ ; Join common code 2304 SCS$CHK_CONIDX: 2305 2306 MOVZWL SCS$L_DST_CONID(R2),R0 ; Extract index from msg 2307 10$: MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list 2308 ************ ************ File WORK302:[PERCIVAL.CLD.DRIVER.SRC]SCSSESSION.MAR;4 2317 CMPW SCS$L_SRC_CONID+2(R2),- ; Compare seq # in src conid 2318 CDT$L_LCONID+2(R3) ; and in conid in CDT 2319 BNEQ BAD_CONIDX ; Branch if not the same (fail) 2320 MOVZWL #SS$_NORMAL,R0 ; Set status to success 2321 RSB ; Return 2322 2323 SCS$CHK_CONIDX: 2324 2325 MOVZWL SCS$L_DST_CONID(R2),R0 ; Extract index from msg 2326 MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list 2327 2328 CMPW R0,CDL$W_MAXCONIDX(R3) ; Index too large? 2329 BGTRU BAD_CONIDX ; Branch if so 2330 MOVL (R3)[R0],R3 ; Turn index to CDT addr 2331 CMPW SCS$L_DST_CONID+2(R2),- ; Compare seq # in dest conid 2332 CDT$L_LCONID+2(R3) ; and in conid in CDT 2333 BNEQ BAD_CONIDX ; Branch if not the same (fail) 2334 MOVZWL #SS$_NORMAL,R0 ; Set status to success 2335 RSB ; Return 2336 2337 BAD_CONIDX: ****** File WORK302:[PERCIVAL.CLD.DRIVER.SRC]SCSSESSION.ORIGINAL;1 2312 MOVZWL #SS$_NORMAL,R0 ; Set status to success 2313 RSB ; Return 2314 2315 BAD_CONIDX: ************ Number of difference sections found: 4 Number of difference records found: 37 DIFFERENCES /IGNORE=()/MERGED=1/OUTPUT=WORK302:[PERCIVAL.CLD.DRIVER.SRC]DIFF.TXT;1- WORK302:[PERCIVAL.CLD.DRIVER.SRC]SCSSESSION.MAR;4- WORK302:[PERCIVAL.CLD.DRIVER.SRC]SCSSESSION.ORIGINAL;1 ------------------------------------------------------------------------------- New VAX Code:- SCS$CHK_SRC_CONIDX: MOVZWL SCS$L_SRC_CONID(R2),R0 ; Extract index from msg MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list CMPW R0,CDL$W_MAXCONIDX(R3) ; Index too large? BGTRU BAD_CONIDX ; Branch if so MOVL (R3)[R0],R3 ; Turn index to CDT addr CMPW SCS$L_SRC_CONID+2(R2),- ; Compare seq # in src conid CDT$L_LCONID+2(R3) ; and in conid in CDT BNEQ BAD_CONIDX ; Branch if not the same (fail) MOVZWL #SS$_NORMAL,R0 ; Set status to success RSB ; Return SCS$CHK_CONIDX: MOVZWL SCS$L_DST_CONID(R2),R0 ; Extract index from msg MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list CMPW R0,CDL$W_MAXCONIDX(R3) ; Index too large? BGTRU BAD_CONIDX ; Branch if so MOVL (R3)[R0],R3 ; Turn index to CDT addr CMPW SCS$L_DST_CONID+2(R2),- ; Compare seq # in dest conid CDT$L_LCONID+2(R3) ; and in conid in CDT BNEQ BAD_CONIDX ; Branch if not the same (fail) MOVZWL #SS$_NORMAL,R0 ; Set status to success RSB ; Return ------------------------------------------------------------------------------- Old VAX code SCS$CHK_SRC_CONIDX: MOVZWL SCS$L_SRC_CONID(R2),R0 ; Extract index from msg BRB 10$ ; Join common code SCS$CHK_CONIDX: MOVZWL SCS$L_DST_CONID(R2),R0 ; Extract index from msg 10$: MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list CMPW R0,CDL$W_MAXCONIDX(R3) ; Index too large? BGTRU BAD_CONIDX ; Branch if so MOVL (R3)[R0],R3 ; Turn index to CDT addr MOVZWL #SS$_NORMAL,R0 ; Set status to success RSB ; Return ------------------------------------------------------------------------------- AXP Changes.... ************ File WORK8:[PERCIVAL.CLD.CLUSTER.SRC]SCSSESSION.MAR;11 2 .IDENT 'X-19' 3 ;**************************************************************************** ****** File WORK8:[PERCIVAL.CLD.CLUSTER.SRC]SCSSESSION.ORIGINAL;1 2 .IDENT 'X-18' 3 ;**************************************************************************** ************ ************ File WORK8:[PERCIVAL.CLD.CLUSTER.SRC]SCSSESSION.MAR;11 43 ; X-19 JIP0007 Ian Percival 13-MAY-1997 44 ; CHANGE_SPEC: Invalid Connection IDs 45 ; QAR: EVMS-RAVEN #291 46 ; When an invalid connection ID seq # is received in a message 47 ; we now simply close the Virtual Circuit rather than 48 ; bugchecking. 49 ; 1. Modify routine SCS$CHK_CONIDX 50 ; 2. Modify routine SCS$CHK_SRC_CONIDX 51 ; 52 ; X-18 JIP0002 Ian Percival 20-MAR-1997 ****** File WORK8:[PERCIVAL.CLD.CLUSTER.SRC]SCSSESSION.ORIGINAL;1 43 ; X-18 JIP0002 Ian Percival 20-MAR-1997 ************ ************ File WORK8:[PERCIVAL.CLD.CLUSTER.SRC]SCSSESSION.MAR;11 2614 MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list 2615 CMPW R0,CDL$W_MAXCONIDX(R3) ; Index too large? 2616 .BRANCH_UNLIKELY 2617 BGTRU BAD_CONIDX ; Branch if so 2618 MOVL (R3)[R0],R3 ; Turn index to CDT addr 2619 CMPW SCS$L_SRC_CONID+2(R2),- ; Compare seq # in src conid 2620 CDT$L_LCONID+2(R3) ; and in conid in CDT 2621 .BRANCH_UNLIKELY ; 2622 BNEQ BAD_CONIDX ; Branch if not the same (fail) 2623 MOVZWL #SS$_NORMAL,R0 ; Set status to success 2624 RSB ; Return 2625 2626 SCS$CHK_CONIDX: ****** File WORK8:[PERCIVAL.CLD.CLUSTER.SRC]SCSSESSION.ORIGINAL;1 2605 BRB 10$ ; Join common code 2606 SCS$CHK_CONIDX: ************ ************ File WORK8:[PERCIVAL.CLD.CLUSTER.SRC]SCSSESSION.MAR;11 2631 MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list 2632 CMPW R0,CDL$W_MAXCONIDX(R3) ; Index too large? 2633 .BRANCH_UNLIKELY 2634 BGTRU BAD_CONIDX ; Branch if so 2635 MOVL (R3)[R0],R3 ; Turn index to CDT addr 2636 CMPW SCS$L_DST_CONID+2(R2),- ; Compare seq # in dest conid 2637 CDT$L_LCONID+2(R3) ; and in conid in CDT 2638 .BRANCH_UNLIKELY ; 2639 BNEQ BAD_CONIDX ; Branch if not the same (fail) 2640 MOVZWL #SS$_NORMAL,R0 ; Set status to success 2641 RSB ; Return ****** File WORK8:[PERCIVAL.CLD.CLUSTER.SRC]SCSSESSION.ORIGINAL;1 2611 10$: MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list 2612 2613 CMPW R0,CDL$W_MAXCONIDX(R3) ; Index too large? 2614 BGTRU BAD_CONIDX ; Branch if so 2615 MOVL (R3)[R0],R3 ; Turn index to CDT addr 2616 MOVZWL #SS$_NORMAL,R0 ; Set status to success 2617 RSB ; Return ************ Number of difference sections found: 4 Number of difference records found: 32 DIFFERENCES /IGNORE=()/MERGED=1/OUTPUT=WORK8:[PERCIVAL.CLD.CLUSTER.SRC]DIFF.TXT;1- WORK8:[PERCIVAL.CLD.CLUSTER.SRC]SCSSESSION.MAR;11- WORK8:[PERCIVAL.CLD.CLUSTER.SRC]SCSSESSION.ORIGINAL;1 -------------------------------------------------------------------------------- New AXP Code: SCS$CHK_SRC_CONIDX: .JSB_ENTRY INPUT=,OUTPUT=,PRESERVE=, - SCRATCH=<> MOVZWL SCS$L_SRC_CONID(R2),R0 ; Extract index from msg MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list CMPW R0,CDL$W_MAXCONIDX(R3) ; Index too large? .BRANCH_UNLIKELY BGTRU BAD_CONIDX ; Branch if so MOVL (R3)[R0],R3 ; Turn index to CDT addr CMPW SCS$L_SRC_CONID+2(R2),- ; Compare seq # in src conid CDT$L_LCONID+2(R3) ; and in conid in CDT .BRANCH_UNLIKELY ; BNEQ BAD_CONIDX ; Branch if not the same (fail) MOVZWL #SS$_NORMAL,R0 ; Set status to success RSB ; Return SCS$CHK_CONIDX: .JSB_ENTRY INPUT=,OUTPUT=,PRESERVE=, - SCRATCH=<> MOVZWL SCS$L_DST_CONID(R2),R0 ; Extract index from msg MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list CMPW R0,CDL$W_MAXCONIDX(R3) ; Index too large? .BRANCH_UNLIKELY BGTRU BAD_CONIDX ; Branch if so MOVL (R3)[R0],R3 ; Turn index to CDT addr CMPW SCS$L_DST_CONID+2(R2),- ; Compare seq # in dest conid CDT$L_LCONID+2(R3) ; and in conid in CDT .BRANCH_UNLIKELY ; BNEQ BAD_CONIDX ; Branch if not the same (fail) MOVZWL #SS$_NORMAL,R0 ; Set status to success RSB ; Return ------------------------------------------------------------------------------- Old AXP code: SCS$CHK_SRC_CONIDX: .JSB_ENTRY INPUT=,OUTPUT=,PRESERVE=, - SCRATCH=<> MOVZWL SCS$L_SRC_CONID(R2),R0 ; Extract index from msg BRB 10$ ; Join common code SCS$CHK_CONIDX: .JSB_ENTRY INPUT=,OUTPUT=,PRESERVE=, - SCRATCH=<> MOVZWL SCS$L_DST_CONID(R2),R0 ; Extract index from msg 10$: MOVL G^SCS$GL_CDL,R3 ; Get base of CDT list CMPW R0,CDL$W_MAXCONIDX(R3) ; Index too large? BGTRU BAD_CONIDX ; Branch if so MOVL (R3)[R0],R3 ; Turn index to CDT addr MOVZWL #SS$_NORMAL,R0 ; Set status to success RSB ; Return