Patch Name: PHKL_31905 Patch Description: s700_800 11.11 mprotect(2) hang panic Creation Date: 04/08/13 Post Date: 04/08/30 Hardware Platforms - OS Releases: s700: 11.11 s800: 11.11 Products: N/A Filesets: OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP Automatic Reboot?: Yes Status: General Release Critical: Yes PHKL_31905: PANIC PHKL_28384: HANG Category Tags: defect_repair general_release critical panic halts_system Path Name: /hp-ux_patches/s700_800/11.X/PHKL_31905 Symptoms: PHKL_31905: ( SR:8606293501 CR:JAGae57250 ) System panics with the following stack trace: panic+0x6c fdc_target_miss_PCXU fdcache_conditionally+0x90 checkaccess+0x6dc hdl_pfault+0x158 pfault+0x120 trap+0x6dc thandler+0xd20 Panic happened while running Oracle application which was using large pages for text. PHKL_28384: ( SR:8606282967 CR:JAGae46922 ) A multi-threaded application may hang if it repeatedly calls mprotect(2) to change protections. This only happens if protections are changed, rather than simply removing them entirely. Defect Description: PHKL_31905: ( SR:8606293501 CR:JAGae57250 ) This problem happens due to a very rare race condition in fault path. We release the lock for the page we faulted on to grab the superpage lock, as the page we have faulted on is part of a superpage. This creates a window for another thread accessing the same page to demote it. When the original thread acquires the lock, there is no check made to detect demotion of the page. Original thread continues to assume that it is working on a superpage and passes the base page address to fdc_target_miss_PCXU. At this point, there is no translation for the base page, which causes the system to panic. Resolution: In fault path, check whether we have translations after we acquire the superpage lock. If translation is not present for the page, break out of the fault path. PHKL_28384: ( SR:8606282967 CR:JAGae46922 ) Although mprotect(2) correctly handles protection IDs used by other processes sharing the same mmap'd memory object, including their per thread caches, mprotect(2) wasn't cleaning up protection IDs cached by other threads of the process changing the protections (the cache is per thread; the available list is per process). This could lead to a hang in the protection ID fault handler when the stale cached protection ID was used rather than refreshing the ID from the per process data. Resolution: Fixed the mprotect(2) code to clean up cached protection IDs in other threads of the same process. Also fixed the protection fault handler to detect an inconsistent setting of the write disable bit between cached and per process data, and disregard the cache if the setting differs. Enhancement: No SR: 8606282967 8606293501 Patch Files: OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: /usr/conf/lib/libvm-pdk.a(hdl_mprotect.o) /usr/conf/lib/libvm-pdk.a(vm_machreg.o) OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: /usr/conf/lib/libvm-pdk.a(hdl_mprotect.o) /usr/conf/lib/libvm-pdk.a(vm_machreg.o) what(1) Output: OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: /usr/conf/lib/libvm-pdk.a(hdl_mprotect.o): hdl_mprotect.c $Date: 2002/12/04 15:28:01 $Revision: r11.11/1 PATCH_11.11 (PHKL_28384) /usr/conf/lib/libvm-pdk.a(vm_machreg.o): vm_machreg.c $Date: 2004/08/13 02:06:40 $Revision: r 11.11/2 PATCH_11.11 (PHKL_31905) OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: /usr/conf/lib/libvm-pdk.a(hdl_mprotect.o): hdl_mprotect.c $Date: 2002/12/04 15:28:01 $Revision: r11.11/1 PATCH_11.11 (PHKL_28384) /usr/conf/lib/libvm-pdk.a(vm_machreg.o): vm_machreg.c $Date: 2004/08/13 02:06:40 $Revision: r 11.11/2 PATCH_11.11 (PHKL_31905) cksum(1) Output: OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: 900964054 17072 /usr/conf/lib/libvm-pdk.a(hdl_mprotect.o) 1698612766 9248 /usr/conf/lib/libvm-pdk.a(vm_machreg.o) OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: 140393158 36480 /usr/conf/lib/libvm-pdk.a(hdl_mprotect.o) 595812494 20920 /usr/conf/lib/libvm-pdk.a(vm_machreg.o) Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHKL_28384 Equivalent Patches: None Patch Package Size: 60 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHKL_31905 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHKL_31905.depot By default swinstall will archive the original software in /var/adm/sw/save/PHKL_31905. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHKL_31905.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHKL_31905.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHKL_31905.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None