Patch Name: PHKL_22840

Patch Description: s700_800 11.00 IDS/9000; syscalls related to file/socket

Creation Date: 00/11/29

Post Date: 00/12/15

Hardware Platforms - OS Releases:
	s700: 11.00
	s800: 11.00

Products: N/A

Filesets:
	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP
	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP

Automatic Reboot?: Yes

Status: General Release

Critical:
	Yes
	PHKL_22840: PANIC
	PHKL_22209: PANIC
	PHKL_22146: PANIC
	PHKL_21857: PANIC

Category Tags:
	defect_repair enhancement general_release critical panic

Path Name: /hp-ux_patches/s700_800/11.X/PHKL_22840

Symptoms:
	PHKL_22840:
	( SR: 8606165509 DTS: JAGad34802 )
	Multithreaded applications may panic the system after
	doing select, poll or other system calls caused by bad
	file/socket pointer. The stack of the panic thread might
	look like:

	    panic+0x14
	    report_trap_or_int_and_panic+0x4c
	    trap+0xe9c
	    $RDB_trap_patch+0x38
	    select+0x36c
	    syscall+0x750
	    $syscallrtn+0x0
	    panic+0x14
	    report_trap_or_int_and_panic+0x84
	    trap+0xd9c
	    nokgdb+0x8
	    soo_select2+0x14
	    soo_select+0x14
	    pollscan+0xa8
	    poll+0x104
	    syscall+0x480
	    $syscallrtn+0x0

	PHKL_22209:
	( SR: 8606144099   DTS: JAGad13432 )
	Multithreaded applications may panic the system after
	doing a fork(2).  The stack of the panic thread might look
	like this:

	    panic+0x14
	    report_trap_or_int_and_panic+0x80
	    trap+0xdb8
	    nokgdb+0x8
	    vn_close+0x10
	    vno_close+0x20
	    closef+0x68
	    close+0x48
	    syscall+0x480
	    $syscallrtn+0x0

	PHKL_22146:
	( SR: 8606144971 CR: JAGad14309 )
	A multiprocessor system running a multithreaded application
	panics due to spinlock contention.  This happens in an
	environment where heavy file system processing is done over
	the net.  The crux of the problem is that, the application
	is attempting to close a file twice.

	PHKL_21857:
	( SR: 8606141690 CR: JAGad11050 )
	Currently kernel threads that allocate file descriptors are
	prevented access to that file descriptor until the open is
	complete.  Certain file types -- such as sockets -- that
	have a delayed opening mechanism require that for
	multithreaded applications that the opening thread may have
	access to the file descriptor during this opening transition
	state and that all other threads of the process are
	prevented access, in order for syscalls such as accept(2) to
	work correctly.

	PHKL_21355:
	( SR: 8606132618 CR: JAGad01767 )
	The Praesidium IDS/9000 product requires this patch in order
	to run.  This patch has no impact on systems without the
	Praesidium IDS/9000 product installed and enabled.

Defect Description:
	PHKL_22840:
	( SR: 8606165509 DTS: JAGad34802 )
	There are two different panics involved.
	1. One problem is a race condition between two theads in a
	   process.  One thread is allocating a user file descriptor
	   while the other is trying to access this same file
	   descriptor.

	2. The other problem is that the getf/putf scheme does not
	   support multiple recursive getf/putf pairs in a single
	   thread.  There is a race condition between two threads in
	   a process when one thread is in multiple recursive
	   getf/putf calls for a file descriptor while the other is
	   also trying to get this file descriptor.

	Resolution:
	1. Before accessing a file descriptor with getf(), the file
	   descriptor thread lock should first be obtained to
	   exclude other operations on this file descriptor by other
	   threads.

	2. Add a condition statement in putf() to ensure that the
	   protection for the file descriptor is released only when
	   no one is accessing it.

	PHKL_22209:
	( SR: 8606144099   DTS: JAGad13432 )
	During a fork from a multithreaded process, some file
	descriptors may be copied from the parent to the child
	without having a hold (ie, incrementing the reference count)
	on the file for the child.
	These files may become inactive during the child's lifetime,
	and thereafter referencing the fields of the file by the
	child results in a Data Page Fault.

	Resolution:
	Modified fork code to put a hold (increment the reference
	count) on all applicable files while
	setting up the child process.  The code which manages the
	highest file descriptor count (which fork relies on) has
	been corrected so that it always reflects an accurate value
	with respect to the parent process.

	PHKL_22146:
	( SR: 8606144971 CR: JAGad14309 )
	In a multiprocessor system one processor panics when it
	can't get a spinlock. This happens when one processor is
	executing falloc() and the other crfree(). The panic
	occurs in the crfree() because the application is trying
	to close the same file twice, in essence it is trying
	to close a non-existing file or 'fp' the second time.

	Resolution:
	Check the file credentials before they are freed by
	crfree() in the closef() function, that is used to close
	a file.

	PHKL_21857:
	( SR: 8606141690 CR: JAGad11050 )
	Enhancement to the file descriptor handling code
	that enables multithreaded application appropriate
	access to files that are in the process of being opened.

	Resolution:
	Set the fd_locker_tid field in ufalloc() function
	so that the thread that did falloc() has access to the
	file descriptor untill the open is complete and in the
	interim no other thread is allowed access to the file
	descriptor.

	PHKL_21355:
	( SR: 8606132618 CR: JAGad01767 )
	This patch is one of 16 patches (PHKL_21348-PHKL_21363)
	required by the Praesidium IDS/9000 product.  These patches
	enable the collection and tracking of information from
	various system calls.  Unless all of the enabling patches
	(or their successors) and the product are installed, and the
	product is enabled, this patch has no impact on the system.

	Resolution:
	This patch enables the gathering of information from the
	fcntl(), fstat(), and close() system calls.

SR:
	8606132618 8606141690 8606144099 8606144971 8606165509

Patch Files:
	
	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP:
	/usr/conf/lib/libhp-ux.a(kern_dscrp.o)

	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP:
	/usr/conf/lib/libhp-ux.a(kern_dscrp.o)

what(1) Output:
	
	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP:
	/usr/conf/lib/libhp-ux.a(kern_dscrp.o):
		kern_dscrp.c $Date: 2000/11/27 10:41:05 $Revision: r
			11ros/13 PATCH_11.00 (PHKL_22840)

	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP:
	/usr/conf/lib/libhp-ux.a(kern_dscrp.o):
		kern_dscrp.c $Date: 2000/11/27 10:41:05 $Revision: r
			11ros/13 PATCH_11.00 (PHKL_22840)

cksum(1) Output:
	
	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP:
	4027802647 17092 /usr/conf/lib/libhp-ux.a(kern_dscrp.o)

	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP:
	2549588896 39488 /usr/conf/lib/libhp-ux.a(kern_dscrp.o)

Patch Conflicts: None

Patch Dependencies:
	s700: 11.00: PHKL_18543
	s800: 11.00: PHKL_18543

Hardware Dependencies: None

Other Dependencies: None

Supersedes:
	PHKL_22209 PHKL_22146 PHKL_21857 PHKL_21355

Equivalent Patches: None

Patch Package Size: 90 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHKL_22840

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHKL_22840.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHKL_22840.  If you do not wish to retain a
	copy of the original software, use the patch_save_files option:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -x patch_save_files=false -s /tmp/PHKL_22840.depot

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHKL_22840.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHKL_22840.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHKL_22840.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions:
	This patch depends on base patch PHKL_18543.
	For successful installation please insure that PHKL_18543
	is already installed, or that PHKL_18543 is included
	in the same depot with this patch and PHKL_18543
	is selected for installation.

