Subject: Invalid tmscp endcode panic (#404)
Index:	pdpuba/tmscp.c 2.11BSD

Description:
	If a TMSCP generates an invalid (0) endcode the kernel will panic.

Repeat-By:
	Have flakey hardware and a bug in the TMSCP driver.

Fix:
	There was code in the kernel to handle an invalid endcode.  Alas
	the wrong pointer was passed down to the routine which would perform
	iodone to release the request.

	Devices shouldn't be generating '0' endcodes in the first place
	because the 'endcode' is the initial opcode (read, write, spaceforward,
	etc) and that is *never* 0.  However the kernel should use the correct
	pointer and not panic when presented with such a endcode ;)

	To apply this patch cut where indicated and save to a file (/tmp/404).
	Then:

		patch -p0 < /tmp/404

	If you have any TMSCP devices in the system you may wish to compile
	and install a new kernel (and new GENERIC kernel as well) at this
	time:

		cd /sys/GENERIC
		make
		install -m 744 unix /genunix

		cd /sys/YOUR_KERNEL_NAME
		make
		make install

	As always this and previous updates to 2.11BSD are available via
	anonymous FTP to either FTP.IIPO.GTEGSC.COM or MOE.2BSD.COM in the
	directory /pub/2.11BSD.

------------------------------cut here--------------------------
*** /sys/pdpuba/tmscp.c.old	Sat Mar  7 18:10:56 1998
--- /sys/pdpuba/tmscp.c	Fri Apr 24 19:50:11 1998
***************
*** 1,6 ****
  #define	TMSDEBUG	1
  
! /*	@(#)tmscp.c	1.10 (2.11BSD GTE) 1998/3/7 */
  
  #if	!defined(lint) && defined(DOSCCS)
  static	char	*sccsid = "@(#)tmscp.c	1.24	(ULTRIX)	1/21/86";
--- 1,6 ----
  #define	TMSDEBUG	1
  
! /*	@(#)tmscp.c	1.11 (2.11BSD GTE) 1998/4/24 */
  
  #if	!defined(lint) && defined(DOSCCS)
  static	char	*sccsid = "@(#)tmscp.c	1.24	(ULTRIX)	1/21/86";
***************
*** 32,37 ****
--- 32,42 ----
   * 
   * Modification History:
   *
+  * 24-Apr-98 - sms
+  *	An incorrect pointer was being passed to tms_iodone() from tmscprsp()
+  *	when dealing with the 'invalid endcode' case.  While that value should
+  * 	never be generated by normal hardware the kernel should not panic.
+  *
   * 07-Mar-98 - sms
   *	Fix a bug that caused EOM to be 'sticky'.  Once EndOfMedia was detected
   *	the only way to clear it was to unload and reload the tape.  Remove
***************
*** 1241,1247 ****
  		if	(tmscpprintf & 0x8)
  			log(LOG_INFO, "tms%d,%d: inv end=%x st=%x\n",
  				sc->sc_unit,mp->mscp_unit,em_endcode,em_status);
! 		tms_iodone(mp, tms);
  		return;
  	case	M_OP_WRITE:
  	case	M_OP_READ:
--- 1246,1252 ----
  		if	(tmscpprintf & 0x8)
  			log(LOG_INFO, "tms%d,%d: inv end=%x st=%x\n",
  				sc->sc_unit,mp->mscp_unit,em_endcode,em_status);
! 		tms_iodone(mp, sc);
  		return;
  	case	M_OP_WRITE:
  	case	M_OP_READ:
*** /VERSION.old	Fri Apr  3 22:21:18 1998
--- /VERSION	Fri Apr 24 19:51:28 1998
***************
*** 1,5 ****
! Current Patch Level: 403
! Date: April 3, 1998
  
  2.11 BSD
  ============
--- 1,5 ----
! Current Patch Level: 404
! Date: April 24, 1998
  
  2.11 BSD
  ============
