drawterm, factotum, secstore and the auth commands
all had ther own implementation of readcons. we
want to have one common function for this to avoid
the duplication, so putting that in libauthsrv.
introduce PASSWDLEN which makes the use more explicit
than ANAMELEN.
when we get eof, stop the loop immidiately and do not
rely on the read to eventually return an error.
when convM2S() fails to decode the message, error out
and stop the loop. there is no point in continuing.
given that the memory leaks have been fixed, theres no need
for the obscure restart feature which is not reliable anyway.
remove the code updating procname on each 9p request.
handle convM2S error by exiting the service loop, dont read
9p channel after eof.
we used to not sign extend if the destination was unsigned
uvlong, which is wrong. we have to sign extend only based
on the signedness of the source (it gets propagated to vlong)
this bug hit in hjfs in the newentry() function, causing file
creation to fail with "create -- phase error":
newentry(...)
{
uvlong sj;
int si;
...
sj = si = -1;
...
}
usually, the plan9 partition table is contained in
the first 9fat partition after the pbs/fat header,
but when no 9fat partition is requested, we have
to make sure partitions wont overlap the partition
table (start at sector offset >= 2).
the pause function is different from just accessing the menu: it pauses both
single and multiplayer games, stops music and sound, and is recorded in demos
(does not cause a desync, unlike menu access).
this uses Kprint rather than Kbreak because Kbreak is e.g. Kctl+pause on some
keyboards.
the first time rtl8169link is called (from rtl8169pnp), the link isn't up, so
setting edev->mbps based on Phystatus register is skipped. edev->mbps is then
still set at the default 100, and that ends up being what devether uses.
this is why some rtl8169 cards are misprinted as 100Mbps in kmesg.
later, after rtl8169link is called again from rtl8169interrupt, the link is up
and edev->mbps is set to the correct value (as shown by e.g. /net/ether0/stats).
so instead, set speed regardless of link status.
blazing doors are a "fast" door type with its own sound effects, introduced in
doom2. doom2 map 2 has one right at the beginning.
this fixes two bugs:
- when a closing blazing door is completely shut, the closing sound effect is
erroneously played again (the first time being when it began closing). this
gives the impression of two doors closing.
- when reopening a closing blazing door (standing underneath a blazing door
while it's closing), the sound effect for regular doors opening is played,
instead of the one for blazing doors, because of a missing case in the switch
statement.
data[mn] and link[mn] are 24-bit values.
in the expression 'm = (n * ((freq * bpp)/8)) / (lsclk * lanes)',
uvlongs are used to prevent integer overflow, but since freq, bpp, lsclk and
lanes are all ints, the cast to uvlong does not happen until it's too late,
getting a wrong value.
instead, use u32int for m and n, and use casts where necessary.
example of bad calculation:
freq = 141400000
lsclk = 270000000
lanes = 2
bpp = 18
→ 0x7f3ee1ca6 (correct value: 0x4b69d0)
when ndb/dns runs as a resolver only (cfg.cachedb == 0),
we still want to purge the "local#" db records to reread
dns server configuration or react to changed ip addresses.
removing old poolcheck and dncheck code, these bugs have
been fixed a long time ago.
the onscreen cursor shows the cursor of the current
focused window or the window it points at. if there
is no window, then we set the default cursor (nil).
the arm compiler can lift long->vlong casts on multiplcation
and convert 64x64->64 multiplication into a 32x32->64 one
with optional 64 bit accumulate.
introduce rolor() function to subsitute (a << c) | (a >> (bits(a) - c))
with (a <<< c) where <<< is cyclic rotation and c is constant.
this almost doubles the speed of chacha encryption of 386 and amd64.
the peephole optimizer used to stop when it hit a shift or rol
instruction when attempting to eleminate moves by register
substitution. but we do not have to as long as the shift count
operand is not CX (which cannot be substituted) and CX is not
a subject for substitution.
neither symdel nor symstat were used anywhere. syminit was used but
had no effect. both syminit and symdel dereference pointers after
freeing them. symstat can be tricked into writing beyond the bounds of
its array
syminit() attemts to reset the symbol table by freeing
all the hash table entries, tho the code is buggy having
a obviously use after free bug.
as syminit() is only called once in main when it does not
contain any symbols, the bug never occured.
removing the unneccesary code alltogether.
add glob information to the word structure so we wont accidently
deglob quoted strings containing the GLOB. we store Globsize(word)
in in word->glob which avoids recalculating that values and the
check if a word should be globbed quick.
globlist() now substitutes the word inplace avoiding the copying
when all words are literals and avoids recursion.
minor cleanups: use list2str() in execeval(), move octal() to
unix.c, remove the (char*) casts to efree().
when using rio auto-complete to resolve file names for the "attach:" and
"include:" headers, the auto-completer might leave whitespaces at
the end of the line which leads upas/marshal to not find the file.
it is now possible to configure additional interfaces (like wifi)
and store the network information while preserving old entries
in /net/ndb. this allows to easily switch from ethernet to wifi
and have dhcp configure dns without having to clear /net/ndb.
Probably the temporary solution to obtain the Estonian uppercase Š and Ž [S and Z with caron (ˇ)] without Shift + AltGr, I note in https://code.9front.org/hg/plan9front/rev/5b6853beadb4 you've written a Shift + AltGr (table 7) for Polish, would be using the caron (ˇ) mapped to key 41 followed by Shift s or Shift z; it was a mistake to earlier map a mode 4 in my fix of /sys/lib/kbmap/ee. It is a bit of an inconvenience to have an AltGr mapping to š and ž, but not a Shift + AltGr mapping to Š and Ž, but that's the best I can do for now. I send a new ee file without the mode 4.
https://code.9front.org/hg/plan9front/rev/851d5d9022af
these should not be in here
1.97+4 31 'Š
1.98+4 44 'Ž
https://code.9front.org/hg/plan9front/rev/378ba39fc90a
Sincerely,
Eric Lindblad
netmkaddr() can return a the pointer to the host string if
it is already a full dial string. but we assumed to get
a copy and freed it before returning.
when _syserrno() fails to map a plan9 error string to
a unix error number, we copy the plan9 error string
to the per process error buffer "plan9err" and set
errno = EPLAN9.
when strerror() is called with EPLAN9, it returns
a pointer to the plan9err buffer.
I introduced a regression in sed that currently has screwed up
/sys/lib/man/secindex.
The issue is that sed 's/$/ foo/g' will actually replace the newline
character with foo instead of just appending at the end of the line.
This only makes a difference when sed is operating on a multiple line
record. The effect is a record like:
foo
bar
baz
becomes:
foo foobar foo baz foo
instead of
foo foo
bar foo
baz foo
problem is NaN() produces a SNaN, not a QNaN... and on the 387,
storing 80 bit SNaN in register to a 64-bit memory destination
traps.
SNaN/QNaN encoding is machine specific. mips has the qiet/signaling
bit inverted.
disabling fp exception in main() now, but that sucks.
i think the best solution would be to not even call strtod() in
is_number() but just write a regex or a little state machine that
will only accept numbers without nan and ±inf.
that might even make it faster and is more robust than relying on
the os's strtod() details.
if the input string contains invalid utf-8, runetochar() produces
unicode replacement characters that can overflow the literal buffer.
as the overflow check is done after runetochar(), add UTFmax bytes
of slack space avoiding the issue.
silly clients (web*) reconnect when the handshake failed with a lower
protocol version, which allows downgrade attacks (POODLE). but instead
of stopping this madness, they invented a new magic TLSID to indicate
to the server that this connection attempt is a retry, and rely on the
server to notice and stop them from sabotaging themselfs.
implement ECDHE key exchange with secp256r1 on the server side, providing
perfect forward secrecy (tho slowly).
it is easier to just keep the ECDH/DH state in the TlsSec structure,
which fits better with the grouping of the functions. we do the cleanup
in tlsConnectionFree() now, so a lot of error handling logic could go
away.
reinvestigated some error paths and removed the ones that cannot error.
move functions to fit the logical grouping.
combine the code for signing handshake hashes (for client certs) and
DH parameters. provide digestDHparams() function to be shared between
server and client code.
don't pass or generate sessionID's. this was never used nor
actually implemented and leaks the process pid.
get rid of version and random field duplications, move TlsSec
structure into TlsConnection.
make msgRecv() clear the message first, get rid of unneccesary
msgClear() calls.
instead of letting factotum_rsa_open() parse the certificate,
we pass in the rsa public key which is then matched against the
factotum keyring. this avoids parsing the x509 certificate
twice.
the sec->rsapub was not freed, so free it in tlsSecClose()
- dirpackage() was not checking if the stat entry lies within
the buffer. fixed.
- simplify dirpackage(), as we process all the bytes from
the buffer, we do not need to track "ss" here as its the same
as "ts".
- zero Dir* array pointer early in dirread() and dirreadall()
and avoid calling dirpackage on <= buffer length.
The /sys/lib/kbmap/ee file seemed to have CRs in it. If a first column in the table
(for modifier key) as 4 is for Alt Gr + Shift then the attached (UTF-8 without BOM)
should work as a replacement ee file.
Best Regards,
Eric Lindblad
assigning the expression value to a temporary variable in
BPSHORT() and BPLONG() saves arround 2K of text in rio on
arm and arround 1K on amd64.
loadchar(): use the passed in "h" as the char index instead
of recomputing it from c-f->cache. dont recompute wid.
cachechars(): do cache lookup and find oldest entry in a
single loop pass.
the openssl we currently use is outdated and will be removed
soon. webfs will handle the https for us with native tls code.
keys have to be stored in factotum for everyone who also wants
to commit directly.
This patch is only an adaptation for 9front of the patch located in
http://www.9legacy.org/9legacy/patch/pc-ether82563-i210.diff. The
major difference is that this patch ignores errors in checksum of
eeprom, because in my system the checksum was wrong. After 3 months,
I didn't have problems, and I think the patch can be used. although
it has some things that need to be fixed. If the link is inactive
when the system boots then it will remain inactive forever.
/n/bugs/open/libdrawfont.c_buffer_overflow
http://bugs.9front.org/open/libdrawfont.c_buffer_overflow/readmeray@raylai.com
Hi all,
In plan9port this bug keeps crashing mc when I run lc in a directory with Chinese characters. This is a diff from OpenBSD but it should apply cleanly to the various plan9 sources.
The code is basically trying to do a realloc (I guess realloc wasn't available back then?) but it copies too much from the original buffer.
Since realloc is available, just use it. If realloc isn't available outside plan9port (I haven't checked) the memmove line should be changed from:
memmove(f->subf, of, (f->nsubf+DSUBF)*sizeof *subf);
to:
memmove(f->subf, of, f->nsubf*sizeof *subf);
I hope this is helpful.
Ray
- return distinct error message when attempting to create Globalseg with physseg name
- copy directory name to up->genbuf so it stays valid after we unlock(&glogalseglock)
- cleanup wstat() handling, allow changing uid
- make sure global segment size is below SEGMAXSIZE
- move isoverlap() check from globalsegattach() into segattach()
- remove Proc* argument from globalsegattach(), segattach() and isoverlap()
- make Physseg.attr and segattach attr parameter an int for consistency
to figure out what network connection a particular tls
conversation refers to, we add the path of the underlying
we send the encrypted tls traffic over in the status file,
example:
term% grep -n '^Chan:' '#a'/tls/*/status
#a/tls/0/status:7: Chan: /net/tcp/6/data
#a/tls/1/status:7: Chan: /net/tcp/0/data
/n/bugs/open/multicasts_and_udp_buffers
http://bugs.9front.org/open/multicasts_and_udp_buffers/readmemichal@Lnet.pl
I have ported my small MPEG-TS analisis tool to Plan9.
To allow this application working I had to fix a bug in the kernel IPv4 code and increase UDP input buffer.
Bug is related to listening for IPv4 multicast traffic. There is no problem if you listen for only one group or multiple groups with different UDP ports. This works:
Write to UDP ctl:
anounce PORT
addmulti INTERFACE_ADDR MULTICAST_ADDR
headers
and you can read packets from data file.
You need to set headers option because otherwise every UDP packet for MULTICAST_ADDR!PORT is treat as separate connection. This is a bug and should be fixed too, but I didn't tried it.
There is a problem when you need to receive packets for multiple multicast groups. Usually the same destination port is used by multiple streams and above sequence of commands fails for second group because the port is the same.
Simple and probably non-intrusive fix is adding "|| ipismulticast(addr)" to if statement at /sys/src/9/ip/devip.c:861 line:
if(ipforme(c->p->f, addr) || ipismulticast(addr))
This fixes the problem and now you can use the following sequence to listen for multiple multicast groups even if they all have the same destination port:
announce MULTICAST_ADDR!PORT
addmulti INTERFACE_ADDR MULTICAST_ADDR
headers
After that my application started working but signals packet drops at >2 Mb/s input rate. The same is reported by kernel netlog. Increase capacity of UDP connection input queue fixes this problem /sys/src/9/ip/udp.c:153
c->rq = qopen(512*1024, Qmsg, 0, 0);
--
Michał Derkacz
access to the axi segment hangs the machine when the fpga
is not programmed yet. to prevent access, we introduce a
new SG_FAULT flag, that when set on the Segment.type or
Physseg.attr, causes the fault handler to immidiately
return with an error (as if the segment would not be mapped).
during programming, we temporarily set the SG_FAULT flag
on the axi physseg, flush all processes tlb's that have
the segment mapped and when programming is done, we clear
the flag again.
tsleep() used to cancel the timer with:
if(up->tt != nil)
timerdel(up);
which still can result in twakeup() to fire after tsleep()
returns (because we set Timer.tt to nil *before* we call the tfn).
in most cases, this is not an issue as the Rendez*
usually is just &up->sleep, but when it is dynamically allocated
or on the stack like in tsemacquire(), twakeup() will call
wakeup() on a potentially garbage Rendez structure!
to fix the race, we execute the wakup() with the Timer lock
held, and set p->trend to nil only after we called wakeup().
that way, the timerdel(); which unconditionally locks the Timer;
can act as a proper barrier and use up->trend == nil as the
condition if the timer has already fired.
for queue like non-seekable files, it is impossible to implement an
exportfs because one has to run the kernels devtab read() and write()
in separate processes, and that makes it impossible to maintain 9p message
order as the scheduler can come in and randomly schedule one process before
another.
so as soon as we have a transition from 9p -> syscalls, we'r screwed.
i currently see just two possibilities:
- introduce special file type like QTSEQ with strictly ordered i/o semantics
- fix all fileservers and exportfs to only do one outstanding i/o to QTSEQ files
which means maintaining a queue per fid
this doesnt propagate. so exporting slow 9p mount again will be limited
again by latency of the inner mount.
other option:
- return offset in Rread, so client can bring responses back into order. this
requires changing all fileservers and drivers to maintain such an per fid offset
and change the protocol to include it in the response, and also pass it to userspace
(new syscalls or pass it in TOS)
this only works for read pipelining, write is still screwed.
both options suck.
--
cinap
(ppp->secret comes from factotum and it can have any size)
This patch also sets the correct state after success and
failure cases in chap negotiation (without them the code was
working because it expected the other point to pass to net
phase or due to the timer).
p2.patch: Do not request encriptation with -c or -C in ppp
(it was a bit annoying request compression, and when the ACK
from the server was received then send a NAK).
p3.patch: Add support for md5 and mschap in in chap
(without this patch ppp was passing to the net stage
without worring about chap).
- remove redundant flushimage() calls before readmouse()
- remove flushimage() calls for allocimage(),freeimage() and originwindow()
this is experimental. it will break allocimage() error handling unless the
caller does explicit flushimage() calls, tho the gains
in usability over high latency connections is huge. in most cases, programs
will just terminate when encountering these errors.
both server and client need to be convinced that the connection
is broken for a connection reestablishment to happen as the server
will only start looking for incoming clients when the connection
already broke. so use the 8 second interval sync messages
to check for connection lifeness. if we miss two syncs in time,
we declare the connecton to be broken and will try to reconnect.
k0ga reports:
Hello,
While I was setting my pppoe conexion with my ISP
I discovered several problems in ip/pppoe. I used
the command line ip/pppoe -A '' ether0 and I got
this:
...
dropping unwanted pkt: wrong ac name
panic: D2B called on non-block dc10 (double-free?)
note rcved: sys: trap: fault read addr=0x0 pc=0x000066e1
pppoe 1013: suicide: sys: trap: fault read addr=0x0 pc=0x000066e1
cpu% acid 1013
/proc/1013/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
acid: stk()
abort()+0x0 /sys/src/libc/9sys/abort.c:6
ppanic(p=0xd1b8,fmt=0xc7f9)+0x146 /sys/src/libc/port/malloc.c:166
D2B(p=0xd1b8,v=0xdc10)+0x57 /sys/src/libc/port/pool.c:926
poolfreel(v=0xdc10,p=0xd1b8)+0x20 /sys/src/libc/port/pool.c:1152
poolfree(p=0xd1b8,v=0xdc10)+0x3b /sys/src/libc/port/pool.c:1287
free(v=0xdc18)+0x23 /sys/src/libc/port/malloc.c:250
clearstate()+0x1b /sys/src/cmd/ip/pppoe.c:328
pppoe(ether=0xdfffefc1)+0x123 /sys/src/cmd/ip/pppoe.c:426
main(argv=0xdfffefa0,argc=0x1)+0x89 /sys/src/cmd/ip/pppoe.c:100
_main+0x31 /sys/src/libc/386/main9.s:16
acid:
clearstate() is called in pppoe.c:424, and it frees acname and sets it
to nil. pktread() is called in pppoe.c:434 with parameter wantoffer,
which frees acname again in line pppoe.c:360 but doesn't set it to
nil, so clearstate() makes a double free in the next iteration.
for version <= TLS1.1, there is no sigalg field in the ServerKeyExchange
message and the signature digest algorithm is fixed to md5+sha1 and we
only support RSA signatures (TLS1.1 doesnt know about ECDSA).
this allows running kbdfs under kbdfs :-)
going use this in new drawterm. drawterm provides the initial
/dev/kbd, but only sends rune up/down messages (keeps it simple).
the servers kbdfs reads that and exports itself the full
set of files, similar to what we do in vncs. this also
provides note processing.
the dns file service can be restarted, which causes it to forget
all fid state. given the simple file system structure of the dns
service (just a single dns file), we can assume that rpcs
on a unknown fid refers to the root, so the mountpoint will stay
valid and /net/dns can be reopend avoiding the need for a remount
of the dns service after restart.
The execexec() function should never return, as it irreversably changes
the filedescriptor table for the new program. This means rc's internal
filedesciptors for reading the script get implicitely closed and we cannot
continue the rc interpreter when Execute() fails. So Execute() now sets the
error status, and execexec() runs Xexit() in case Execute() returns.
when we look up role=speakfor key and askforkeys is set, the
findkey() can return RpcNeedkey, which causes us to skip the
query for a role=client key. Instead, we now check for the
return value != RpcOk (and != RpcConfirm which we want to
handle the same for both queries).
we have to free the attribute lists when returning RpcConfirm.
the ini buffer was not reset when we got eof in the message
body read causing a endless loop. instead of defining our
own read9pmsg() function, just handle the first read specially
when we consumed the first 4 bytes for the "impo" protocol
escape check.
this code was if(0) for a long time due to wrong parentesis,
fixed parentesis cause print spam on some machines making them
unusage (kenji okomoto). removing the check alltogether.
this is a reimplementation of cpu and import utilities in rc using a tlsclient
and tlssrv as the encryption and authentication layers. there is only one new
service, which after authentication and encryption setup accepts an arbitrary
rc script over the network and executes it with the standard filedescriptors
redirected to the conversaion (this is *after* authentication and in the
context of the authorized user).
the new rcpu program has a few improvements over cpu(1):
- doesnt mangle program arguments
- the remote process will get the clients standard file descriptors, so error
and output are separated and you can consume the clients input from the
remote side :-)
- forwards error status of remote process
theres no backwards mode for rimport, but a new program called rexport
for the same purpose.
all these services use exportfs without the bolted on initial handshake,
so the hope is to clean up exportfs in the future and remove all the ugly
crap in there.
theres a bootstrap problem:
when /bin/init is run, it processes /lib/namespace where we might want to
mount or bind resources to /n or /mnt. but mntgen was run later in
cpurc/termrc so these mounts would be ignored.
we already have mntgen in bootfs, so we can provide these mountpoints early.
i keep the termrc/cpurc mntgens where they are, but ignore the error
prints. this way old kernels will continue to work.
When a window is moved or reshaped, that implicitely tops
the window and makes it current. The conseqence of this
is that we always have to redraw the window as if it where
a current window in any case. This was handled for Reshaped
windows, but not when the window was just moved. We now
handle both cases the exact same way, getting rid of the
Moved wctl message.
make kbdproc() and mouseproc() share fd table with the main proc
and not explicitely close the file descriptors. so /dev/mouse gets
closed *after* /dev/draw/new to avoid the white window refresh issue.
apparently, this causes some quadcore ramnode vm to hang on boot,
even tho all cores successfully started up and are operational.
i suspect some side effect from timersinit()... this would also
mean *notsc= would break it (syncclock() would continue)...
its unclear.
i'm reverting this for now until the problem is better understood.
when testing in qemu, launching each ap became slower and slower
because all the ap's where spinning in syncclock() waiting for
cpu0 to update its mach0->tscticks, which happens only much later
after all cpu's have been started up.
now we wait for each cpu to do its timer callibration and
manually update our tscticks while we wait and each cpu will
not spin but halt while waiting for active.thunderbirdsarego.
this reduces the system load and noise for timer callibration
and makes the mp startup linear with regard to the number of
cores.
the shared command language assumed 512 byte sectors, which is
not the case for fdisk as it uses cylinders for the block unit.
so we introduce an extra argument in the Edit structure and
parseexpr() function so byte sizes are properly converted to
the block unit when the K,M,G and T postfixes are used.
the pcap files produced by snoopy had the wrong timestamps because it expected:
/* magic=0xa1b2c3d4 */
ulong ts_sec; /* seconds*/
ulong ts_usec; /* microseconds */
but we wrote:
uvlong ts; /* nanoseconds */
now, we write:
/* magic=0xa1b23c4d */
ulong ts_sec; /* seconds */
ulong ts_nsec; /* nanoseconds */
spew → I fixed the memory leak setjmp/longjmp problem with libjson
spew → http://www.spew.club/json.patch
spew → full file: http://www.spew.club/json.c
spew → going to bed, I'll annoy cinap_lenrek tomorrow to try to get this committed
instead of testing for special field primes each time in mpmod(),
make it explicit with a mpfiled() function that tests a modulus N
to be of some special form that can be reduced more efficiently with
some precalculation, and replaces N with a Mfield* when it can. the
Mfield*'s are recognized by mpmod() as they have the MPfield flag
set and provide a function pointer that executes the fast reduction.
as the generated parser intermixes lines from .y source
and the parser text, the line source/lineno for yyparse()
shows up wrong in the debugger. to make stack traces a
bit less crazy, put a #line 1 "/sys/lib/yaccpar" before
copying in the parser text.
introduce cpushutdown() function that does the common
operation of initiating shutdown, returning once all
cpu's got the message and are about to shutdown. this
avoids duplicated code which isnt really machine specific.
automatic reboot on panic only when *debug= is not set
and the machine is a cpu server or has no display,
otherwise just hang.
chacha20 comes in two variants: ietf rfc7539, using 96 bit iv and 32 bit counter
and draft-agl-tls-chacha20poly1305 using 64 bit iv and a 64 bit counter. so
setupChachastate() now takes a ivlen argument which sets the mode.
add ccpoly_encrypt()/ccpoly_decrypt() routines.
to implement timing safe ccpoly_decrypt(), a constant time memcmp was needed, so
adding tsmemcmp() to libsec.
when the "resize" wctl was used on a hidden window, the window
was put back on the screen, however, it was not removed from
the hidden[] array so trying to hide the window again failed
because whide() assumed it was already hidden.
the fix is to not unhide the window, but preserve the hidden
state, so windows can programmatically be reshaped and moved,
but will remain hidden unless explicitely unhidden.
to solve the usb device enumeration race on boot, usbd creates /env/usbbusy
on startup and once all devices have been enumerated and readers have consumed
all the events, we remove the file so nusbrc/bootrc can continue. this makes
sure all the usb devices that where plugged in on boot are made available.
when opening a /env file ORCLOSE, and the process exits, envgrp() would
return nil can crash in envremove() because procexit will have set up->egrp
to nil before calling closefgrp().
the solution is to capture the environment on open, keeping a reference in
Chan.aux, so it doesnt matter on what process the close happens and a
env chan will always refer to its original environment group.
instead of checking addr+len >= addr, check len >= -addr so
that addr == 0 is never valid for len > 0 even if we decide
to have memory at the zero page so theres never any chance
user can pass in "nil" pointers.
put up some signs where we fall thru the switch cases in
fixfault()
