SUBJECT: 05/13/99 SGI DCE/DFS issues and information SGI DCE/DFS issues and information ----------------------------------- PV 487076 - Reading data in a file hole can result in random data. Description: On a DFS filesystem, if a program reads a portion of a file that was never written (a "file hole"), it is not always zero filled and could result in indeterminate results. Fix: This problem was documented as a known problem in SGI's 1.1C release of DCE/DFS. It has been resolved in the 1.2.2a release for IRIX 6.5.2 and later. PV 673644 - 64K DFS data corruption. Description: This problem involves a very small timing window in both the 1.1 and 1.2.2 DFS code along with the transfer of large files; therefore, most customers will not experience this problem. The corruption is caused by a locking problem in the DFS kernel code. The problem is related to the timing of the write request on the DFS daemon thread that is writing data back to the server from the client's cache. In the cases that have been observed to date, 64K of NULL (zero value) data appears where the lost data belongs on the server. Fix: Beginning with the IRIX 6.5.4 release, the DFS kernel code is distributed as an overlay to the IRIX OS. The fix for this problem has been integrated with that release. ** Customers using the DFS Domestic Security Option, please see the note below. A patch, 3653, for customers who are running DCE/DFS 1.2.2a on IRIX 6.5.2(m/f) or 6.5.3(m/f) is now available from the SGI patch distribution locations. Sites must be running IRIX 6.5.2 or higher to obtain this fix. There are no plans for a patch for IRIX 6.2, 6.3, or 6.4. Customers who are running IRIX 6.2, 6.3, or 6.4 must upgrade to IRIX 6.5.2 (or later). ** Domestic Security Option. Patch 3660 is available for customers running with the Domestic Security Option on IRIX 6.5.2(m/f) or later. PV 678402 - IRIX DCE 1.2.2/1.2.2a clients are unable to configure with DCE servers based on Open Group's DCE 1.2.2. Description: Configuration of the IRIX 1.2.2/1.2.2a DCE client fails with the following error message: ERROR: login failure. message from login: 1999-03-29-09:46:33.740-06:00I----- dce_login_noexec ERROR sec login preauth.c 1298 0x00000000 krb5_obtain_dce_tp_preauth failed ; errno text : Generic preauthentication failure (dce / krb) Sorry. Password Validation Failure. - Generic error (see e-text) (dce / krb) Failed to log in to DCE. Continuing will return to the Main Menu. During pre-authentication the IRIX DCE 1.2.2 client will request public key encryption with the server as the default. When the server sends data back, the client cannot decrypt it, because the IRIX DCE 1.2.2 client does not support the public key encryption feature. The problem only occurs with an IRIX DCE 1.2.2 client configured to a DCE server based on Open Group's 1.2.2 release, such as IBM's release 2.2. DCE servers based on the 1.1 release do not support public key encryption and therefore will ignor the request. Client Server Problem 1.2.2 1.2.2 Yes 1.2.2 1.1 No 1.1C 1.2.2 No 1.1C 1.1 No Fix: Engineering is in the process of creating patch 3672 for the base release and patch 3673 for sites running the Domestic Security Option. These patches will include a fix for this problem as well as other non-kernel fixes since the release of DCE/DFS 1.2.2a. Kernel fixes will be released with the IRIX operating system as of IRIX 6.5.4 and beyond. **Note - due to US export restrictions, the domestic security package and it's patches will still require special distribution methods. Email will be sent to this mailing list when the patches are available. ------------------ Tips and Reminders ------------------ Mixing DCE pthreads and sproc calls. DCE pthreads or DCE services cannot use sproc(2), sprocsp(2), nsproc(2), or related system calls. Both DCE pthreads and IRIX pthreads are incompatible with sproc. Pthreads and sprocs have fundamentally different characteristics such as process identity, memory, and parent-child relations which prevent coexistence. Even if an application does not use DCE pthreads directly but does use other DCE services, the application cannot use sproc system calls, because DCE uses pthreads internally. As a reminder, prior to IRIX 6.5 and DCE 1.2.2, IRIX pthreads and DCE pthreads are incompatible. An application which uses DCE services must use the DCE pthread API and cannot use the IRIX pthread API. In IRIX 6.5 and DCE 1.2.2, DCE threads are layered on top of IRIX pthreads. This allows an application which uses DCE services to use the IRIX pthread API instead of the DCE pthread API. The two API's still cannot be mixed. A thread which is created using the DCE pthread API must be managed using the DCE pthread API, and a thread which is created using the IRIX pthread API must be managed using the IRIX pthread API. The same rules apply to other pthread entities such as mutexes and condition variables. IRIX DCE 1.2.2. Just a reminder that IRIX DCE/DFS 1.2.2 package is no longer supported and problems should not be reported against this package. If you are running IRIX DCE/DFS 1.2.2, please upgrade to version 1.2.2a as soon as possible. This package is available from the following web site: http://www.sgi.com/Products/Evaluation/#dce_dfs The DCE/DFS 1.2.2a package is so available on CDrom through your SGI service representative. The Domestic package is not available online and must be ordered through your service representative. You can identify the DCE version by entering the following command: $ /usr/sbin/versions dce dfs 1.2.2a will show - Distributed Computing Environment, 1.2.2a Distributed File System, 1.2.2a ** DCE/DFS 1.2.2a requires IRIX OS release 6.5.2(m/f) or later. SGI DCE/DFS Customer Support and Engineering