Patch Name: PHKL_30550

Patch Description: s700_800 11.11 VM panic lgpg shlibs; SIGSEGV handler reset

Creation Date: 04/03/04

Post Date: 04/04/19

Hardware Platforms - OS Releases:
	s700: 11.11
	s800: 11.11

Products: N/A

Filesets:
	OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP
	OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP

Automatic Reboot?: Yes

Status: General Release

Critical:
	Yes
	PHKL_30550: ABORT
		The defect results in unexpected SIGSEGV handler
		resets under some specific conditions. This may
		in turn cause applications to abort when they
		receive a SIGSEGV at a later time.
	PHKL_30449: ABORT
		The defect results in unexpected resetting of
		the SIGSEGV handler under some specific conditions.
		This may in turn cause applications to abort when
		they receive a SIGSEGV at a later time.
	PHKL_28765: PANIC

Category Tags:
	defect_repair general_release critical panic halts_system

Path Name: /hp-ux_patches/s700_800/11.X/PHKL_30550

Symptoms:
	PHKL_30550:
	( SR:8606341795 CR:JAGaf02702 )
	When an application which has installed a signal handler for
	SIGSEGV tries to lock memory in possible stack address range
	above the RLIMIT_STACK limit using mlock(2), it may lose the
	ability to handle the SIGSEGV any longer and may be
	terminated when a SIGSEGV is delivered to the application
	at a later time.

	PHKL_30449:
	( SR:8606340299 CR:JAGaf01218 )
	When an application which has installed a signal handler
	for SIGSEGV performs a "PROBER" instruction on a stack
	address beyond the process's RLIMIT_STACK limit, it may
	lose the ability to handle the SIGSEGV any longer and
	may be terminated when a SIGSEGV is delivered to the
	application at a later time. Such "PROBER" type access
	can be made by unwind library code for example.

	PHKL_28765:
	( SR:8606281027 CR:JAGae44994 )
	System panics with the panic string, mp_b_sema_sleep:
	blocking on owned semaphore or panics with a data page fault
	when unmapping a shared library that uses large pages.
	Only users using shared libraries with large pages should
	see this problem. The stack trace is similar to either of
	the following 2 traces:

	panic+0x14
	_mp_b_sema_sleep+0x88
	superpage_lock+0x54
	vm_vfdcheck+0x234
	for_val3+0x88
	for_val2+0x2d0
	foreach_valid+0x54
	vm_find_next_range+0x58
	vx_do_pageout+0x108
	vx_pageout+0xdc
	unmapvnode+0xf8
	do_munmap+0xf8
	foreach_pregion+0xc8
	munmap+0x78
	syscall+0x480
	$syscallrtn+0x0

	panic+0x14
	report_trap_or_int_and_panic+0x84
	trap+0xe04
	nokgdb+0x8
	pdv_protaccset2_0+0x3f8
	do_all_aliases_protaccset+0x88
	pdprotaccset+0x90
	hdl_user_protect+0x664
	vm_protect_pageout+0x48
	vx_do_pageout+0x1a4
	vx_pageout+0xe0
	unmapvnode+0xd0
	do_munmap+0xf0
	foreach_pregion+0xc8
	munmap+0x78
	syscall+0x28c
	$syscallrtn+0x0

Defect Description:
	PHKL_30550:
	( SR:8606341795 CR:JAGaf02702 )
	In kernel mode, accessing stack addresses beyond
	RLIMIT_STACK will result in stack growth failure
	through non-access fault. In this case kernel is
	resetting SIGSEGV handler which should not be done.

	Resolution:
	In the stack growth failure case, if the fault is from
	kernel mode and is a non-access fault, resetting of
	SIGSEGV handler will not be done.

	PHKL_30449:
	( SR:8606340299 CR:JAGaf01218 )
	The situation is due to improper handling of the failure
	arising out of "PROBER" type instructions. The kernel treats
	it as a normal stack access and tries to grow the stack.
	When it fails to grow the stack, it mistakenly removes the
	signal handler in preparation for SIGSEGV delivery. However
	the signal is not delivered to the application, as the
	kernel realizes that it is a "PROBER" type access.

	Resolution:
	The resolution is to remove the signal handler only when the
	access type is not a "PROBER" type access.

	PHKL_28765:
	( SR:8606281027 CR:JAGae44994 )
	A rare race condition can occur while unmapping a shared
	libraries using large pages. Another mmap of the same
	file can sneak in the time window and get large pages
	left over from the original mapping. If the address
	obtained by the second mapper is not aligned with the
	large page, that breaks an assumption regarding large
	page alignment, and various system panics can occur. The
	problem is the second mapper should not get the left over
	large pages from the first mapping. A panic can occur when
	the second mapper takes a page fault and tries to add a
	translation or when someone tries to do munmaps later on.

	Resolution:
	The fix detects the panic'ing condition in the fault path
	and demotes the large page as necessary. This alleviates
	the large page alignment issues.

Enhancement:
	No

SR:
	8606281027 8606340299 8606341795

Patch Files:
	
	OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP:
	/usr/conf/lib/libvm-pdk.a(hdl_fault.o)
	/usr/conf/lib/libvm-pdk.a(hdl_stack.o)

	OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP:
	/usr/conf/lib/libvm-pdk.a(hdl_fault.o)
	/usr/conf/lib/libvm-pdk.a(hdl_stack.o)

what(1) Output:
	
	OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP:
	/usr/conf/lib/libvm-pdk.a(hdl_fault.o):
		hdl_fault.c $Date: 2004/03/03 21:16:18 $Revision: r1
			1.11/3 PATCH_11.11 (PHKL_30550)
	/usr/conf/lib/libvm-pdk.a(hdl_stack.o):
		hdl_stack.c $Date: 2004/02/11 21:56:54 $Revision: r1
			1.11/1 PATCH_11.11 (PHKL_30449)

	OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP:
	/usr/conf/lib/libvm-pdk.a(hdl_fault.o):
		hdl_fault.c $Date: 2004/03/03 21:16:18 $Revision: r1
			1.11/3 PATCH_11.11 (PHKL_30550)
	/usr/conf/lib/libvm-pdk.a(hdl_stack.o):
		hdl_stack.c $Date: 2004/02/11 21:56:54 $Revision: r1
			1.11/1 PATCH_11.11 (PHKL_30449)

cksum(1) Output:
	
	OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP:
	841911588 23336 /usr/conf/lib/libvm-pdk.a(hdl_fault.o)
	2241591345 2048 /usr/conf/lib/libvm-pdk.a(hdl_stack.o)

	OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP:
	1293280137 42664 /usr/conf/lib/libvm-pdk.a(hdl_fault.o)
	1161099510 4496 /usr/conf/lib/libvm-pdk.a(hdl_stack.o)

Patch Conflicts: None

Patch Dependencies: None

Hardware Dependencies: None

Other Dependencies: None

Supersedes:
	PHKL_30449 PHKL_28765

Equivalent Patches: None

Patch Package Size: 60 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHKL_30550

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHKL_30550.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHKL_30550.  If you do not wish to retain a
	copy of the original software, include the patch_save_files
	option in the swinstall command above:

		-x patch_save_files=false

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHKL_30550.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHKL_30550.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHKL_30550.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions: None