Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!mcvax!ukc!warwick!arthur
From: arthur@warwick.UUCP (John Vaudin)
Newsgroups: comp.os.minix
Subject: Bug fix to signal handling within fs
Message-ID: <539@ubu.warwick.UUCP>
Date: Tue, 2-Jun-87 11:52:53 EDT
Article-I.D.: ubu.539
Posted: Tue Jun  2 11:52:53 1987
Date-Received: Sat, 6-Jun-87 10:29:20 EDT
Reply-To: arthur@ubu.UUCP (John Vaudin)
Organization: Computer Science, Warwick University, UK
Lines: 50

We have discovered a couple of bugs in the Minix file system, in the
'do_unpause' function in the file 'pipe.c'.  Do_unpause has to get the
minor device number of the tty which the suspended process (the one
which is to be unpaused) is suspended on.  In the distribution, the code
looks like this:    (line numbers from the book -- page 645)

10591   if (task != XPIPE) {
10592         f = get_filp(rfp->fp_fd);
10593         dev = f->filp_ino->izone[0];    /* device on which.........

There are two bugs (at least!) in line 10592; Firstly, the saved value of
the suspended processes file descriptor must be right-shifted by eight to
get rid of 'fs_call' which was saved with it (line 10499).  For an example
of the correct usage see line 10525.  Secondly, the 'get_filp' function
returns the (filp *) corresponding to the given file descriptor in the
CURRENT process, not the suspended process it is trying to unpause!  A
simple solution is to copy the 'get_filp' code (there is not very much of
it) into 'do_unpause', and substitute 'rfp' (the suspended process pointer)
for 'fp' (the current process pointer).

Thus, line 10592 should be replaced by

              fild = rfp->fp_fd>>8;            /* declare int fild at top */
              if (fild < 0 || fild >= NR_FDS)  /* and do some error handling */
                                               /* here... */
              f = rfp->fp_filp[fild];

Also in do_exit on line 12093 there is a bug in the code in the distribution
but which is not in the book. The code on line 12110 that goes

	if(fp->fp_suspended == SUSPENDED){
		if(fp->fp_tack==XPIPE) susp_count--;
		pro=exitee;
		do_unpause();
		^^^^^^^^^^^^^
		fp->fp_suspended=NOT_SUSPENDED;
	}

contains a call to unpause() to clear up any pending input if the process
was SUSPENDED on a tty read or pipe read. Unfortunately the code on line
12106 has already closed all the file descriptors so un_pause() will not
be able to find the device to clear. The fix is to move the above section
of code to line 12104 BEFORE the file descriptors are closed.

I'm afraid I do not know what symptoms this bug causes. On our ns32000 
version of MINIX it causes the filesystem to memory fault, but I guess
8088's don't do that sort of thing not having MMU's (smug :-)
 
John Vaudin             arthur@warwick.UUCP
Tim Bissell             donald@warwick.UUCP