Patch-ID# 100867-01
Keywords: CTE2741, than, enabled, panic:fpa, sun3x, buf, panic, read(2), nbyte, enabled, fpa, panic:fpa, read, 2
Synopsis: 4.0.3;4.1;4.1.1;4.1.1_U1: "panic:FPA not enabled" when read(2) nbyte is larger than buf on Sun3x machine
Date: Feb/03/93
 
SunOS release: 4.0.3, 4.1, 4.1.1, 4.1.1_U1
 
BugId's fixed with this patch:  1091980

Architectures for which this patch is available:   sun3x

Patches which may conflict with this patch:  

Note: 

Obsoleted by:

Problem Description: 
	A user application can crash a Sun3x/480 by passing invalid 
	parameters to systems calls such as read(2) and write(2).

	In attempting to complete these calls on behalf of the user, 
	the kernel's copyin/copyout routines can access addresses > 
	the top of user stack.

	As the FPA lives above the top of user stack in the virtual 
	address space, the kernel gets a bus error that it thinks is 
	due to improper kernel access to a (not present) FPA.  As a 
	result the kernel panics with "FPA not enabled".



INSTALL:

1) Login as root.

2) Save existing binary:
	mv /sys/sun3x/OBJ/locore.o /sys/sun3x/OBJ/locore.o.fcs

3) Install new binary:
	cp {4.0.3;4.1;4.1.1;4.1.1_U1}/locore.o /sys/sun3x/OBJ/locore.o

4) You will then have to re-run config and make on your kernel.
Please refer to the System and Network administration manual
for information on building and installing a custom kernel.



ADDENDUM :   

