Patch Name: PHNE_30367 Patch Description: s700_800 11.11 Cumulative STREAMS Patch Creation Date: 04/06/22 Post Date: 04/08/03 Hardware Platforms - OS Releases: s700: 11.11 s800: 11.11 Products: N/A Filesets: Streams.STREAMS2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP Streams.STREAMS2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP Streams.STREAMS-32ALIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP Streams.STREAMS-MIN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP Streams.STREAMS-64ALIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP Streams.STREAMS-64SLIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP Automatic Reboot?: Yes Status: General Release Critical: Yes PHNE_30367: HANG CORRUPTION OTHER OTHER JAGaf13584 Polling reused sockets increases wait time in poll(). PHNE_29961: PANIC HANG PHNE_29825: HANG PHNE_29454: PANIC HANG PHNE_29278: PANIC HANG PHNE_28788: PANIC HANG PHNE_28476: HANG PANIC PHNE_27910: MEMORY_LEAK PHNE_27703: PANIC ABORT MEMORY_LEAK PHNE_27170: PANIC HANG PHNE_26758: ABORT PHNE_26728: MEMORY_LEAK HANG PANIC PHNE_26710: HANG PHNE_25460: PANIC HANG ABORT PHNE_25084: PANIC HANG MEMORY_LEAK PHNE_24274: PANIC PHNE_23715: HANG Category Tags: defect_repair enhancement general_release critical panic halts_system corruption memory_leak Path Name: /hp-ux_patches/s700_800/11.X/PHNE_30367 Symptoms: PHNE_30367: 1. In a multi-threaded process, polling reused sockets can increase the wait time in poll(). ( SR: 8606352780 CR: JAGaf13584 ) 2. Data corruption occurs when a large amount of data transfer is done on STREAMS based pipes operating in non-blocking mode. ( SR: 8606316376 CR: JAGae79093 ) 3. When socket caching is enabled, a socket based application can potentially hang due to a race in STREAMS between the thread caching the socket-based stream and the thread reusing it. ( SR: 8606367043 CR: JAGaf27607 ) PHNE_29961: 1. System panics with the following stack trace: panic+0x6c too_much_time+0x2e8 wait_for_lock+0x23c slu_retry+0x1c clean_str_spu_sw_q+0xb0 osr_pop_subr+0xf8 osr_close_subr+0x320 hpstreams_close_int+0x344 streams_close+0x14 soclose+0xfc soo_close+0x90 closef+0x64 close+0x90 syscall+0x750 $syscallrtn+0x0 JAGae86571. 2. The system appears to be hung due to processing the per-processor queue backlog. The system may continue to function if it is given enough time to process the backlog. JAGaf04608 3. System hangs in hpstreams_option1() with the following stack trace: hpstreams_option1+0x664 prf_putchar+0x31c prf+0xb4c uprintf+0x50 vx_common_msgprint+0x374 vx_umsgprint+0x84 vx_nospace+0xc0 vx_zero_alloc+0x468 vx_alloc_clear+0x33c vx_write1+0x700 vx_rdwr+0x168 JAGad41710. PHNE_29825: 1. NFS client hangs with the following stack trace when it accesses an mmap'd file by writing to the controlling terminal and the NFS server is not responding. _swtch+0xd4 _sleep+0x154 _csq_acquire+0xdc hpstreams_option1+0x48c prf_putchar+0x2a0 prf+0xd70 uprintf+0x50 rfscall+0x538 rfs3call+0x78 nfs3read+0xf4 nfs3_do_bio+0xf0 nfs_strat_map+0x3c nfs_strategy+0x3cc nfs3_strategy+0x1c asyncpageio+0xb0 syncpageio+0x84 nfspgin_io+0xf8 nfs_pagein+0x57c virtual_fault+0x1b4 vfault+0x118 trap+0x664 nokgdb+0x8 copyin+0x7c hpstreams_write_int+0x634 hpstreams_write+0x2c spec_rdwr+0x180 vno_rw+0x1d4 write+0x104 syscall+0x6f8 $syscallrtn+0x0 JAGae47252 PHNE_29454: 1. System panic with the following stack trace: post_hndlr+0xc50 vm_hndlr+0x360 bubbledown prf+0x1a20 printf+0xa0 kmem_arena_panic+0x450 kfree+0x160 q_free+0xa0 osr_pop_subr+0x8c0 osr_close_alive_subr+0x670 dmodsw_set_alive+0x220 sad_wput+0x1550 putnext+0x100 wait_iocack+0x100 str_trans_ioctl+0x6b0 hpstreams_ioctl_int+0x220 hpstreams_ioctl+0xa0 spec_ioctl+0x480 vno_ioctl+0x2d0 ioctl+0x160 syscall+0x1990 JAGae65651. 2. The system appears to hang due to processing the sync queue backlog. The system may continue to function if it is given enough time to process the backlog. JAGae81248 3. Application hang in streams on accept(2) with the following stack: _sleep+0x214 ioctl_sleep+0x684 str_async_ioctl+0x59c str_async_sthinsert_ioctl+0xb0 hpstreams_ioctl_int+0x17c streams_ioctl+0x34 soaccept+0x290 sodequeue+0x108 accept+0xcc syscall+0x204 $syscallrtn+0x0 JAGae88222 PHNE_29278: 1. System panics with the following stack trace when a UP LAN driver is linked under an IP Multiplexor. JAGae79895 panic+0x6c report_trap_or_int_and_panic+0x94 interrupt+0x208 kgdb_pre_int+0x1d8 skip_int_save_crs2_0+0x38 put_release2+0xc8 ip_rput_local+0x7bc ip_rput+0x184 putnext+0xcc putnext2+0x48 hp_dlpi_mblk_fast_in+0x408 hp_dlpi_mblk_intr_put+0x91c streams_put+0xdc streams_put2+0x58 hp_dlpi_mblk_intr+0x190 gelan_receive_pkts+0x21c gelan_isr+0xc4 sapic_interrupt+0x2c mp_ext_interrupt+0x26c kgdb_pre_int+0x158 skip_int_save_crs2_0+0x38 pset_idle_loop+0x874 idle+0x114 swidle_exit+0x0 2. NFS client hangs with the following stack trace when it accesses an mmap'd memory. JAGae80111 _swtch+0xc4 _sleep_one+0x3d0 ksleep_one+0x168 hp_cv_timedwait_sig+0x70 clnt_cots_kcallit+0x6bc rfscall+0x27c rfs3call+0x78 nfs3_getattr_otw+0x8c nfs3getattr+0x148 nfs3_getattr+0x88 nfs_pagein+0x108 virtual_fault+0x164 vfault+0x14c trap+0x5e4 thandler+0xd20 copyin+0x80 hpstreams_write_int+0x288 hpstreams_write+0x2c spec_rdwr+0x160 vno_rw+0x1ac write+0x108 syscall+0x750 syscallinit+0x554 PHNE_28788: 1. Multithreaded STREAMS UP emulated driver hangs on thread exit with the following stack trace. JAGae65088 _switch+0xc4 thread_exit+0x1e8 thread_process_suspend+0x188 issig+0x2a4 syscall+0x8f0 syscallinit+0x554 2. System panics due to memory corruption in the STREAMS message block structure(b_datap = 0) with the following stack trace. JAGae75384 kmem_arena_panic+0x2e0 kmem_chk_poison+0x110 allocb_dupb+0xaf0 tcp_wput+0xa80 putnext+0x100 streams_write_uio+0x1250 sosend+0x4320 sendit+0x610 send+0xb0 PHNE_28476: 1. Application hang in _csq_acquire() with following stack trace. JAGae54549 _swtch+0xc4 _sleep+0x3f0 _csq_acquire+0x88 streams_mpsleep+0x584 SV_WAIT+0x24 tcp_close+0x650 close_wrapper+0x38 csq_protect+0x11c osr_pop_subr+0x218 osr_close_subr+0xe00 hpstreams_close_int+0x300 streams_close+0x14 soclose+0xec soo_close+0x90 closef+0x64 close+0x90 syscall+0x62c $syscallrtn+0x0 2. System panics on a spinlock being held for too long with either of the following stack trace. JAGae60574 panic+0x6c too_much_time+0x2b4 wait_for_lock+0x1e8 sl_retry+0x1c str_sched_mp_daemon+0xe0 str_sched_daemon+0x294 im_mpnetstr+0x28 DoCalllist+0x3c main+0x28 $vstart+0x48 istackatbase+0x84 or trap+0xed4 nokgdb+0x8 rem_sqh+0xc _csq_acquire+0x148 str_sched_mp_daemon+0x118 str_sched_daemon+0x294 im_mpnetstr+0x28 DoCalllist+0x3c main+0x28 PHNE_27910: 1. Memory leak if a stream is processing an IOCTL and a second, unexpected M_PCPROTO message arrives at the stream head before the first one is processed. JAGae50568 2. t_klisten and t_kconnect always fail with TLOOK error. JAGae48436 PHNE_27703: 1. Data page fault panic in t_chk_ack(). JAGae34036 panic+0x6c report_trap_or_int_and_panic+0x94 trap+0x11ec nokgdb+0x8 freeb+0x1c t_chk_ack+0x304 t_kaccept+0x958 2. t_accept() returns TBADSEQ instead of TLOOK in some situations when a connect or disconnect indication is pending on the listen endpoint. This can cause nfsd to terminate after writing the following message to syslog: "All transports have been closed with errors. Exiting." JAGae31270 3. Memory leak when dupb() and pullupmsg() is done on an unaligned message. JAGae34924 4. Data Page fault panic in ins_sqh(). JAGae42689 panic+0x6c report_trap_or_int_and_panic+0x94 trap+0xef4 thandler+0xd20 ins_sqh+0xc csq_newparent+0x144 osr_link+0xbbc str_plumb_ioctl+0x3e8 hpstreams_ioctl_int+0x3f4 hpstreams_ioctl+0x50 spec_ioctl+0xac vno_ioctl+0x98 syscall+0x204 PHNE_27170: 1. System panics when a NULL pointer is dereferenced in hpstreams_select(). JAGae28460 2. Data page fault panic with following stack trace. JAGae25712 panic+0x4d0 bad_news+0x580 bubbledown+0x0 tioctl_sleep+0x144 tcp_wput_proto+0x180 tcp_wput+0x1a30 csq_turnover_with_lock+0xf0 puthere+0x240 3. rpcinfo command hangs when specified without options. JAGad30091 4. CPU hang in str_timeout with the following stack trace. JAGae29704 streams_untimeout+0x98 J3525_F_StopPort+0xbc J3525_F_Stop+0xc0 hd_stop+0x44 wanwput+0xf24 csq_turnover_with_lock+0x84 streams_put+0x258 wan_disconnect+0xec J3525_F_VHSI_ModemLineTimeOut+0xd04 str_timeout+0xb8 invoke_callouts_for_self+0xc0 sw_service+0xb0 5. System panic for unaligned destination address with the following stack trace. JAGae32875 panic+0x6c pdexchange_pages+0x310 luserremap+0x794 remapout+0x11c hpstreams_read_int+0xb84 streams_read_uio+0x28 soreceive+0x97c soo_rw+0x40 rwuio+0xe4 readv+0xe0 syscall+0x204 syscallinit+0x554 6. When socket caching is enabled (socket_tcp_caching is non-zero), the high and low water marks on the queues of a stream for a socket using cached stream may be incorrect. JAGae21869 7. When the system is flooded with a long burst of inbound network requests, the system may hang or panic due to a shortage of memory. Most of the memory can be found in one or more STREAMS synchronization queues or one of the STREAMS str_spu_sw_q's. JAGad95495 8. When the system is flooded with write() requests, it causes ldterm's synchronization queue list to grow without bound causing a system hang or panic. JAGad69419 PHNE_26758: 1. XTI-based 11.0 COBOL application fails to load when run on 11.11. Application aborts with error: /usr/lib/dld.sl: Unresolved symbol: t_strctlsz (storage) /usr/lib/dld.sl: Unresolved symbol: t_strmsgsz (storage) /usr/lib/dld.sl: Unresolved symbol: t_strqlen (storage) Abort(coredump) JAGae22051 PHNE_26728: 1. System hangs due to memory starvation when t_klisten() fails to release memory in an error condition. JAGae01950 2. An internal data structure variable is not initialized in the correct function. This could cause a panic if an obsolete STREAMS feature is enabled for a non-socket driver. JAGae10739 3. Potential memory leak or deadlock in t_klook(). This can cause a system hang or panic because the system is out of memory or data structure locks are held too long. JAGae13713 4. Enhancement is needed in t_ksndrel() to bypass data queue flow-control in non-blocking mode. This will enable future improvements in the close() system call. JAGae14955 PHNE_26710: 1. In a multi-threaded socket application, a thread doing soaccept() hangs forever. JAGae14249 PHNE_25460: 1. Child processes do not receive a SIGHUP. This may cause processes such as rlogin or telnet to not respond to a SIGHUP. JAGad84809 2. poll(2) causes thread to hang when timeout argument is set to 1 msec with zero file descriptors. JAGad91360 3. One file has incorrect file permissions. JAGad77575 4. Postinstall script aborts with the error "Bad system call" when a system is updated from HP-UX 10.20 to HP-UX 11.11. This leaves a "core" file in the root directory ("/"). JAGae01638 5. Add STREAMS support for Real Time Extensions. JAGae02308 6. Postinstall script logs the error message "/usr/sbin/insf: not found" when a STREAMS patch is installed from Ignite/UX image. JAGad45731 PHNE_25084: 1. In a multi-threaded socket application when a thread closes a socket on which another thread is doing accept(), the closing thread hangs. JAGad88349 2. Multiple processes sleeping forever in _csq_acquire(). This problem has only occurred on systems with AS/U installed. JAGad87837 3. A process running in the background gets terminated intermittently when it reads from dtterm. JAGad25743 4. A process running in the background gets terminated when it writes to dtterm. This requires "tostop" terminal setting ON. JAGad57981 5. System panic caused by memory corruption when two instances of freeb() free the same block of kernel allocated memory. JAGad50215 6. Enhancement to enable dequeueing of poll_s structures for future improvements to the select(2) system call. JAGad15265 7. Missing first telnet prompt while telnet'ing to the BSD 4.3 Server. JAGad39478 8. Potential memory leak in hpstreams_option1(). This can cause a system hang or panic because the system is out of memory or data structure locks are held too long. JAGad45190 9. Threads hung sleeping in ioctl_sleep. JAGad86805 _swtch+0xc4 _sleep+0x4cc ioctl_sleep+0x30c ioctl_bufcall+0x80 str_async_ioctl+0x670 hpstreams_ioctl_int+0xf8 streams_ioctl+0x34 PHNE_24972: 1. Add support for the new Event Port driver. JAGad65762 PHNE_24274: 1. System panics due to race condition in the unweld path. JAGad40848 2. Some of the NFS threads loop indefinitely on streams_poll() even when data is available at the stream head. JAGad15958 3. Pass third argument to fo_select due to a FS patch JAGad27893 4. Open command returns ENOLCK error when opening DLKM driver. JAGad44291 5. On a multi-processor system, a thread may hang indefinitely in the poll(2) system call when polling for input and data is available to be read. This is more likely to happen when the system is heavily loaded, or when multiple threads simultaneously call poll(2) with the same file descriptor. JAGad68721 PHNE_23715: 1. remsh(1) hangs in shutdown(2) when the stream is flow-controlled. JAGad36101 2. poll() times out immediately when timeout arg is set to INT_MAX. JAGad56971 3. This patch is a member of a set of patches needed to enable the HP-UX Virtual Partitions product. When the HP-UX Virtual Partitions product (VPARSBASE or T1335AA) is installed, it will install the full set of required patches for that product, including this patch. If the HP-UX Virtual Partitions product is not installed, this change will have no impact on your system. JAGad70977 Defect Description: PHNE_30367: 1. When polling sockets, the thread address stored to wake up the thread sleeping in poll(2) is retained on completion of poll(). The address that was left behind for a socket can result in erroneously waking up threads that have not polled this socket but that are newly created threads having the same address. These false wake ups increase the wait time in poll(). ( SR: 8606352780 CR: JAGaf13584 ) Resolution: The code was modified to store the thread-id, as well as the thread address, when no events are reported. Using this thread-id, the framework makes sure to wake up only threads that were polled earlier, and not new threads with the same address. 2. For non-blocking writes, during flow control conditions STREAMS returns failure in the case of partial writes. This causes applications to resend the buffer resulting in writing a part of the buffer more than once. ( SR: 8606316376 CR: JAGae79093 ) Resolution: The data corruption is fixed by returning success during partial writes. 3. A potential race exists between the thread caching the socket based stream and the thread reusing it. This may leave the SQ_INUSE flag set on the reused stream, even when the synchronization queue is not in use. This causes subsequent calls on the stream to sleep in a non-interruptible state. ( SR: 8606367043 CR: JAGaf27607 ) Resolution: Appropriate synchronization has been provided to avoid the race between the two threads. PHNE_29961: 1. spinlock deadlock in clean_str_spu_sw_q(). JAGae86571 Resolution: Replaced the SPINLOCK_USAV()/SPINUNLOCK_USAV() macros, used for the per-processor locks by regular spinlock()/spinunlock() calls. 2. The apparent hang is a result of removing the flow control restrictions from the per-processor queue too soon. This allows more messages onto the per-processor queue and causes the system to process more SQEs than intended. JAGaf04608 Resolution: 1) Mark the per-processor queue as full when the number of processed and yet to be processed SQEs in the per-processor queue are greater than the high water mark. 2) Remove flow control restrictions from the per-processor queue only after exiting the processing loop. 3. A deadlock can occur when a thread calling uprintf() is put in the TSSTOP state while holding a file system lock, and another thread is blocked while trying to acquire that lock. JAGad41710 Resolution: The problem is fixed by preventing the thread doing uprintf() from entering the TSSTOP state. This fix requires PHKL_24253, PHKL_24254, PHKL_24255, PHKL_24256 and PHKL_24257. PHNE_29825: 1. STREAMS does not allow the same thread to re-acquire the controlling terminal sync queue through a different OSR in hpstreams_option1(). This causes the thread to hang. JAGae47252 Resolution: Record the thread id in the stream head sync queue of the controlling terminal when the stream head sync queue is acquired. hpstreams_option1() does not re-acquire the controlling terminal sync queue if the current thread id matches the recorded thread id. PHNE_29454: 1. When a stream head is to be kept alive (reused), the system frees the q_bandp without initializing the pointer to null. When this stream head is reused there is a stale pointer in it. This causes a panic if the stale pointer is used. JAGae65651 Resolution: Null the pointer in q_bandp if the message is freed. 2. The apparent hang is due to removing the flow control restrictions from the sync queue too soon. This allows more messages onto the sync queue and causes the system to process more SQEs than intended. JAGae81248 Resolution: 1) Mark the sync queue as full when the number of processed SQEs and the yet to be processed SQEs in the sync queue are greater than the high water mark. 2) Remove flow control restrictions from the sync queue only after exiting the processing loop. 3. When TOPS is enabled, a message on the per processor queue delivered to a stream associated with a reused cached socket may leave the SQ_INUSE flag set on the reused stream even when the synchronization queue is not in use. This causes the subsequent calls on the stream to sleep infinitely in an uninterruptible state. JAGae88222 Resolution: A new function has been provided to prevent a message on the per processor queue from being delivered to a stream associated with a reopened cached socket. PHNE_29278: 1. When a plumb operation is done on a UP LAN driver, STREAMS does not update the UP emulation processor information in all the streams that are linked under the IP Multiplexor. This causes a thread to dereference uninitialized data and results in a system panic. JAGae79895 Resolution: When a UP driver is plumbed, STREAMS sets the UP emulation processor in all the streams that are linked under an MP-aware STREAMS multiplexor. 2. The SQ_IN_STREAMS flag is set when a thread enters the NFS subsystem through copyin() from STREAMS. This causes the NFS client thread to deadlock if it puts a request onto its data queue. JAGae80111 Resolution: Unset the SQ_IN_STREAMS flag before calling copyin(), copyout() and uiomove() in STREAMS. PHNE_28788: 1. STREAMS does not release kernel binding when it binds a UP stream with kernel binding for a syscall. This can lead to a thread hang or a system panic. JAGae65088 Resolution: UP binding is released before returning from the streams framework if it was bound in the framework. 2. On a multi-processor system, if a thread running freeb() decrements the db_ref count before it disassociates a STREAMS message block from the data block, then the duplicated message block which is being freed by the other thread could end up freeing both the original and duplicate message blocks. This in turn, results in memory corruption causing system panic. JAGae75384 Resolution: Implemented a strong store ordering to ensure that the data block is always disassociated from a STREAMS message block before the db_ref count is decremented. PHNE_28476: 1. In schedule_csq_turnover() SQ_INUSE flag is not unset when the first message on the synchronization queue is a sq_wrapper entry. This leads to a deadlock for a thread that tries to acquire the synchronization queue (having a sq_wrapper as its first element) through csq_acquire(), after waking up from sleep() in streams_mpsleep(). JAGae54549 Resolution: Schedule the entry on the synchronization queue in schedule_csq_turnover() so that if the first entry is a sq_wrapper entry on the synchronization queue, SQ_INUSE gets unset and the deadlock is avoided. 2. The initialization done when a cached socket stream is reused can corrupt the scheduler's run queue, if any of the service routines associated with the reused socket stream exists in the scheduler's run queue. This corruption in turn can cause a panic. JAGae60574 Resolution: The internal routine where the queues of a stream associated with a cached socket are reinitialized, is modified to return an error to mark it as unusable, if one of the queues for this stream has an entry in the scheduler's run queue. PHNE_27910: 1. Stream head read put procedures do not free the old message in the stream head ioctl buffer before over-writing it with the new message for the ioctl buffer. JAGae50568 Resolution: Free the old message in the ioctl buffer before over-writing it with the new message in the stream head put procedures. 2. In t_kpoll_prim() we check for the expected message length to be size of the message primitive to be received plus 16 bytes, where we should have only checked for the size of the message primitive to be received. This causes t_klisten() and t_kconnect() to always return TLOOK error. JAGae48436 Resolution: Check only for the size of the message primitive to be received in the t_kpoll_prim() call. PHNE_27703: 1. During t_kaccept() freeing of uninitialized message caused panic. JAGae34036 Resolution: Initialize message block pointer to prevent system panic in case of error path. 2. t_accept() set t_errno to TBADSEQ instead of TLOOK in some situations when a connect or disconnect indication was pending on the listen endpoint. Consequently, applications did not know to call t_listen() or t_rcvdis() in order to read the corresponding T_CONN_IND or T_DISCON_IND message. This might cause subsequent XTI calls to fail because of an unexpected message on the stream. JAGae31270 Resolution: If t_accept() receives a T_ERROR_ACK message after sending the T_CONN_RES message downstream, t_accept() now sets t_errno to TLOOK if there is a T_CONN_IND or T_DISCON_IND message on the stream. 3. Memory leak happened when a STREAMS module or driver uses following sequence of operations 1) m1 = allocb(size) 2) m2 = dupb(m1) 3) free(m1) 4) pullupmsg(m2) where b_rptr is unaligned. JAGae34924 Resolution: Set b_datap to NULL in freeb when reference count is decremented which will free the memory during pullupmsg. 4. When two streams are being linked through the I_LINK or I_PLINK ioctls and the multiplexing driver involved has a synchronization level other than SQLVL_QUEUEPAIR, an uninitialized pointer dereferenced in the synchronization queue element causes the panic. JAGae42689 Resolution: A call is made to a new internal routine during the I_LINK process, which eliminates the need to dereference the uninitialized parts of the synchronization queue element. PHNE_27170: 1. In hpstreams_select(), a pointer is first being dereferenced and later a check made to see if it is NULL. JAGae28460 Resolution: Changes made to dereference only a non-NULL pointer. 2. When an ioctl that performs an atomic blocking stream head insert operation is in progress and it is interrupted by a signal, a stream can be closed too early. If sleep exits due to a signal and the stream is closed before TCP sees the downstream message, TCP would later access the stale queue pointer that can cause the panic with data page fault. JAGae25712 Resolution: In the ioctl that performs an atomic blocking stream head insert operation, if we must wait, then sleep in non-interruptible mode else sleep in interruptible mode. 3. The sequence number generated in STREAMS code uses a structure address. Since it's held in a 32-bit variable, the first 4 bytes of the address are lost. During comparison, a full 64-bit structure address is compared to a truncated 32-bit sequence number, so in this case they will never match. JAGad30091 Resolution: A unique integer sequence number is created. 4. streams_untimeout() busy waits for str_timeout() to finish which can cause a deadlock to occur in a corner case. JAGae29704 Resolution: Remove timeout entry from active timeout queue before calling the module's timeout function. This avoids the deadlock when STREAMS untimeout is called while executing the module's timeout handler. 5. In hpstreams_read_int(), the address used to check a page boundary is not the same as the address to be remapped to. JAGae32875 Resolution: Added a check, to check if the address is page aligned before doing remap. 6. The high and low water marks on the queues of a stream associated with a cached socket, are not reinitialized to default values when the stream is reused. JAGae21869 Resolution: A new function is provided to reinitialize to default values. 7. When the system is flooded with a long burst of inbound network requests, the system may hang or panic due to a shortage of memory. Most of the memory can be found in one or more STREAMS synchronization queues or one of the STREAMS str_spu_sw_q's. JAGad95495 Resolution: New kernel services are provided so that internal STREAMS partners can implement flow-control policies based on the STREAMS synchronization queue. 8. ldterm's synchronization queue list grows without bound causing a system panic or hang due to shortage of system memory. JAGad69419 Resolution: STREAMS provides a new capability to allow the stream head to control outbound write requests. PHNE_26758: 1. When a XTI-based 11.0 COBOL application is run on 11.11, it aborts with error. This is because globals -- t_strqlen, t_strctlsz & t_strmsgsz were removed in 11.11. The problem is actually due to a defect in 13.2x or older revisions of the COBOL compiler's -U option, which generates external references to all global data variables, even when they were not actually referenced. JAGae22051 Resolution: The problem has been fixed by restoring t_strqlen, t_strctlsz & t_strmsgsz as global variables. PHNE_26728: 1. t_klisten() does not release allocated memory when exiting from an error. This may consume a lot of memory and cause a system hang if there are many instances of t_klisten() exiting with errors. JAGae01950 Resolution: The memory leak is fixed by freeing the osr_s structure when an error occurs. 2. An internal data structure variable, sth_socket, is not initialized in the correct function. This could cause a panic if an obsolete STREAMS feature, stream caching, is enabled for a non-socket driver. JAGae10739 Resolution: Initialize sth_socket variable in sth_alive_init(). 3. For M_DATA messages, t_klook() does not release the allocated memory and fails to release the ownership of the queue. This can cause a system hang or panic because the system is out of memory or the data structure lock is held too long. JAGae13713 Resolution: Allocated memory is freed and the ownership of the queue is released for all messages in t_klook(). 4. t_ksndrel() does not provide a mechanism to bypass data queue flow-control in non-blocking mode. JAGae14955 Resolution: A new flag is provided in the t_ksndrel() interface to allow the kernel caller to bypass flow-control when non-blocking mode is specified. This enables future improvements in the close() system call. PHNE_26710: 1. In a multi-threaded socket application, when soaccept() and getsockopt() or setsockopt() operations are done on the same socket, the thread doing soaccept() hangs. JAGae14249 Resolution: Provided a new ioctl that performs an atomic stream head insert operation. PHNE_25460: 1. Original implementation of M_HANGUP was sending the SIGHUP to just the process leader. JAGad84809 Resolution: SIGHUP is sent to process group on receiving M_HANGUP for STREAMS tty. 2. When poll(2) is called with zero file descriptors and a timeout of 1 msec, thread hangs because of race condition. This occurs in case of short sleep during the handling of pending signal, where thread's status shows that it is in a run state, but it is actually just about to go to sleep. JAGad91360 Resolution: The race condition has been eliminated in STREAMS by making a call to select_as_nanosleep() when zero file descriptors are passed and by setting the timeout to no less than 2 ticks. 3. Change file permissions. JAGad77575 Resolution: This fixes a file permissions problem. 4. Postinstall script aborts with the error "Bad system call" when a system is updated from HP-UX 10.20 to HP-UX 11.11. This leaves a "core" file in the root directory ("/"). This is due to the fact that the insf command cannot run because the correct libraries are not available at the time that postinstall runs during the update. JAGae01638 Resolution: The device files for Transport loopback drivers -- tlcots, tlcotsod, and tlclts -- are created in a configure script instead of in a postinstall script. 5. Add STREAMS support for Real Time Extensions. JAGae02308 Resolution: STREAMS is changed to prevent delivery of software interrupts to CPUs that are bound to a Real Time processor set (PSet). This is an extension of vPars support. 6. Postinstall script logs the error "/usr/sbin/insf: not found" when a STREAMS patch installed from Ignite/UX image. This is due to the fact that the insf command is not available because not all filesystems are mounted at the time that postinstall runs. Resolution: insf command is executed in configure script instead of postinstall script with appropriate path. PHNE_25084: 1. The close function goes into an interruptible sleep if the socket file descriptor is also in use by another thread. JAGad88349 Resolution: This patch contains changes required to support the fix for this problem. When an application calls close() for an AF_INET socket file descriptor, any threads blocked in an interruptible sleep in a syscall for the same file descriptor will be awakened, and the syscall will return EBADF. 2. The spinlocks associated with weld_sqh and mult_sqh were acquired in a wrong order in some routines resulting in a deadlock. JAGad87837 Resolution: Modified the order in which the weld_sqh and mult_sqh are acquired in osr_pop_subr() and str_plumb_ioctl() to fix the deadlock. 3. When the background job tries to read from the dtterm, STREAMS sends SIGTTIN and does a sleep(). When it comes out of the sleep, not due to an interrupt, the read function exits out intermittently without retry or further processing. JAGad25743 Resolution: Continue processing the read on a SIGCONT. 4. When the background job tries to write to the dtterm, STREAMS sends SIGTTOU and does a sleep(). When it comes out of the sleep, not due to an interrupt, the write function exits out without retry or further processing. JAGad57981 Resolution: Continue processing the write on a SIGCONT. 5. When duplicated messages that are pulled up (coalesced) into a single block by using msgpullup() are freed, there is a timing window where two instances of freeb() can free the same message twice. This will result in memory corruption which will cause a panic later when the memory is used again. JAGad50215 Resolution: Added a spinlock in the function that frees pulled up messages so only one instance of freeb() can operate on a pulled up message at a time. This prevents a second instance of freeb() from operating on the same message at the same time. 6. There is no way currently to dequeue a poll_s structure from the wake-up list when a thread exits select(2). JAGad15265 Resolution: A new kernel function is being provided to enable future improvements to select(2). 7. Missing first telnet prompt. JAGad39478 Resolution: In the inbound path for sockets a wakeup was missed when normal data follows OOB data. The fix was to catch the missed wakeup in the inbound path. 8. hpstreams_option1() does not release the allocated memory upon an error exit from ioctl_sleep_until_first(). This can cause a system hang or panic because the system is out of memory or data structure locks are held too long. JAGad45190 Resolution: The memory leak is fixed by freeing the structures osr_s (arena M_STROSR) and tiocoption1 (arena M_STREAMS). 9. Threads hung sleeping in ioctl_sleep. JAGad86805 Resolution: The fix to wakeup the sleeping thread is to issue the wakeup on the appropriate sleep channel. PHNE_24972: 1. This patch contains enhancements required to support the HP-UX Event Port driver. JAGad65762 Resolution: Modified STREAMS to support the polling of STREAMS based fds using Event Port driver. PHNE_24274: 1. When both the ends of the welded queue are closed simultaneously, a race in the welded close path leads to the following panic. JAGad40848 $call_trap+0x38 spinlock+0x10 _csq_acquire+0xe4 osr_pop_subr+0x35c osr_close_subr+0xc0c hpstreams_close_int+0x30c Resolution: Modified unweld-mechanism to eliminate the race condition in that path. 2. Some of the NFS threads loop indefinitely on streams_poll() even when data is available at the stream head. JAGad15958 Resolution: The race in the wakeup path when data arrives at the stream head and the poll_s struct being enqueued at the same stream head which caused the hang has been eliminated. 3. Pass third argument to fo_select due to a FS patch. JAGad27893 Resolution: A third argument is now passed to the fo_select function pointer calls in STREAMS to be consistent with the changes made in the File System code. 4. DLKM returns ENOLCK on autoload failures. JAGad44291 Resolution: All DLKM load failures are masked and instead an ENODEV is returned on opening a DLKM driver. 5. On a multi-processor system, a thread may hang indefinitely in poll(2) when polling for input and data is available to be read. The wakeup() call for a thread may be ineffective for either of the following reasons: 1) The thread migrates from one processor to another before going to sleep in poll(2). This could cause the wake-up path to use the wrong sleep lock. 2) Multiple threads simultaneously call poll(2) with the same file descriptor, and the threads go to sleep at the same time. The sleep collision could be undetected within a certain time window. JAGad68721 Resolution: The thread remembers the processor that it started on, and it uses that processor id to get the sleep lock. This resolves the problem with thread migration. A change in sleep() makes it atomic when setting the thread's wake-up channel and putting the thread to sleep. This resolves the sleep collision race. The patches PHKL_25233 and PHKL_25389 are needed in order for this fix to be effective. PHNE_23715: 1. remsh(1) hangs in shutdown(2) when the stream is flow-controlled. JAGad36101 Resolution: Provide a version of streams_putmsg() which unconditionally does the putnext(). 2. poll() times out immediately when timeout arg is set to INT_MAX. JAGad56971 Resolution: Cast the timeout value to avoid making it negative. 3. This patch contains minor enhancements required to support the HP-UX Virtual Partitions product. JAGad70977 Resolution: Enhancements added to support CPU migration. Enhancement: No (superseded patches contained enhancements) PHNE_27170: This patch provides a new set of in-kernel STREAMS utilities to perform flow-control on STREAMS synchronization queues. When a system is flooded with a long burst of inbound data from the network or with outbound write requests to ldterm, these new utilities can be used to flow-control synchronization queues. By default, the flow-control limit is set to a high value, so that the system does not reach the flow-control point. PHNE_24972: Support for Event Port driver was added as an enhancement. PHNE_23715: This patch is a member of a set of patches needed to enable the HP-UX Virtual Partitions product. SR: 8606166814 8606187762 8606201803 8606171584 8606146615 8606158563 8606175047 8606199534 8606196559 8606219201 8606218689 8606156405 8606188765 8606180995 8606145929 8606170214 8606175950 8606217653 8606215628 8606222245 8606208389 8606232403 8606233084 8606176492 8606247849 8606232720 8606244249 8606248557 8606247273 8606257748 8606200235 8606264131 8606261390 8606160771 8606265386 8606268637 8606257566 8606226426 8606269796 8606267026 8606270688 8606278631 8606286629 8606284490 8606290703 8606297042 8606301642 8606312568 8606317334 8606317550 8606302292 8606318758 8606325934 8606283300 8606324106 8606343756 8606172450 8606352780 8606367043 8606316376 Patch Files: Streams.STREAMS2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: /usr/conf/lib/libstream.a Streams.STREAMS2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: /usr/conf/lib/libstream.a OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: /usr/conf/lib/libdebug.a(streams.o) OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: /usr/conf/lib/libdebug.a(streams.o) Streams.STREAMS-32ALIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/lib/libnsl_s.a /usr/lib/libxti.a Streams.STREAMS-MIN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: /usr/lib/libnsl_s.2 /usr/lib/libxti.2 Streams.STREAMS-64ALIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/lib/pa20_64/libxti.a Streams.STREAMS-64SLIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/lib/pa20_64/libxti.2 what(1) Output: Streams.STREAMS2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: /usr/conf/lib/libstream.a: tl.c $Date: 2002/07/09 11:15:00 $Revision: r11.11/1 PATCH_11.11 (PHNE_27170) streams_pstat.c $Date: 2003/10/17 14:55:04 $Revision : r11.11/1 PATCH_11.11 (PHNE_29825) str_util.c $Date: 2004/01/06 15:30:00 $Revision: r11 .11/22 PATCH_11.11 (PHNE_29961) str_synch.c $Date: 2003/07/24 15:30:00 $Revision: r1 1.11/6 PATCH_11.11 (PHNE_29454) str_subr.c $Date: 2003/11/17 15:30:00 $Revision: r11 .11/10 PATCH_11.11 (PHNE_29961) str_shead.c $Date: 2002/11/26 15:30:00 $Revision: r1 1.11/9 PATCH_11.11 (PHNE_27910) str_scalls.c $Date: 2004/06/15 14:55:04 $Revision: r 11.11/33 PATCH_11.11 (PHNE_30367) str_runq.c $Date: 2003/07/24 15:30:00 $Revision: r11 .11/3 PATCH_11.11 (PHNE_29454) str_osr.c $Date: 2003/07/11 14:55:04 $Revision: r11. 11/5 PATCH_11.11 (PHNE_29278) str_memory.c $Date: 2003/06/05 11:15:00 $Revision: r 11.11/3 PATCH_r11.11 (PHNE_28788) str_init.c $Date: 2002/08/07 17:00:00 $Revision: r11 .11/6 PATCH_11.11 (PHNE_27170) str_env.c $Date: 2003/06/05 11:15:00 $Revision: r11. 11/2 PATCH_11.11 (PHNE_28788) str_debug.c $Date: 2003/06/05 11:15:00 $Revision: r1 1.11/1 PATCH_11.11 (PHNE_28788) $Revision: libstream.a: STREAMS: PATCH_11.11 (PHN E_30367) Tue Jun 22 10:26:59 PDT 2004 $ Streams.STREAMS2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: /usr/conf/lib/libstream.a: tl.c $Date: 2002/07/09 11:15:00 $Revision: r11.11/1 PATCH_11.11 (PHNE_27170) streams_pstat.c $Date: 2003/10/17 14:55:04 $Revision : r11.11/1 PATCH_11.11 (PHNE_29825) str_util.c $Date: 2004/01/06 15:30:00 $Revision: r11 .11/22 PATCH_11.11 (PHNE_29961) str_synch.c $Date: 2003/07/24 15:30:00 $Revision: r1 1.11/6 PATCH_11.11 (PHNE_29454) str_subr.c $Date: 2003/11/17 15:30:00 $Revision: r11 .11/10 PATCH_11.11 (PHNE_29961) str_shead.c $Date: 2002/11/26 15:30:00 $Revision: r1 1.11/9 PATCH_11.11 (PHNE_27910) str_scalls.c $Date: 2004/06/15 14:55:04 $Revision: r 11.11/33 PATCH_11.11 (PHNE_30367) str_runq.c $Date: 2003/07/24 15:30:00 $Revision: r11 .11/3 PATCH_11.11 (PHNE_29454) str_osr.c $Date: 2003/07/11 14:55:04 $Revision: r11. 11/5 PATCH_11.11 (PHNE_29278) str_memory.c $Date: 2003/06/05 11:15:00 $Revision: r 11.11/3 PATCH_r11.11 (PHNE_28788) str_init.c $Date: 2002/08/07 17:00:00 $Revision: r11 .11/6 PATCH_11.11 (PHNE_27170) str_env.c $Date: 2003/06/05 11:15:00 $Revision: r11. 11/2 PATCH_11.11 (PHNE_28788) str_debug.c $Date: 2003/06/05 11:15:00 $Revision: r1 1.11/1 PATCH_11.11 (PHNE_28788) $Revision: libstream.a: STREAMS: PATCH_11.11 (PHN E_30367) Tue Jun 22 10:25:48 PDT 2004 $ OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: /usr/conf/lib/libdebug.a(streams.o): streams.c $Date: 2004/06/21 14:55:04 $Revision: r11. 11/3 PATCH_11.11 (PHNE_30367) OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: /usr/conf/lib/libdebug.a(streams.o): streams.c $Date: 2004/06/21 14:55:04 $Revision: r11. 11/3 PATCH_11.11 (PHNE_30367) Streams.STREAMS-32ALIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/lib/libnsl_s.a: $Revision: libnsls_s.a: STREAMS: PATCH_11.11 (PHN E_27703) Fri Sep 27 13:18:58 PDT 2002 $ Streams.STREAMS-MIN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: /usr/lib/libnsl_s.2: $Revision: libnsls_s.2: STREAMS: PATCH_11.11 (PHN E_27703) Fri Sep 27 13:19:06 PDT 2002 $ Streams.STREAMS-32ALIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/lib/libxti.a: $Revision: libxti.a: STREAMS: PATCH_11.11 (PHNE_2 7703) Fri Sep 27 13:18:16 PDT 2002 $ Streams.STREAMS-MIN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: /usr/lib/libxti.2: $Revision: libxti.2: STREAMS: PATCH_11.11 (PHNE_2 7703) Fri Sep 27 13:18:08 PDT 2002 $ Streams.STREAMS-64ALIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/lib/pa20_64/libxti.a: $Revision: libxti.a: STREAMS: PATCH_11.11 (PHNE_2 7703) Fri Sep 27 13:17:04 PDT 2002 $ Streams.STREAMS-64SLIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/lib/pa20_64/libxti.2: $Revision: libxti.2: STREAMS: PATCH_11.11 (PHNE_2 7703) Fri Sep 27 13:17:12 PDT 2002 $ cksum(1) Output: Streams.STREAMS2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: 3943412666 1260636 /usr/conf/lib/libstream.a Streams.STREAMS2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: 1896315748 618080 /usr/conf/lib/libstream.a OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: 3461261172 201160 /usr/conf/lib/libdebug.a(streams.o) OS-Core.CORE2-KRN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: 1285879904 157696 /usr/conf/lib/libdebug.a(streams.o) Streams.STREAMS-32ALIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: 1557417565 162728 /usr/lib/libnsl_s.a Streams.STREAMS-MIN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: 961322910 135168 /usr/lib/libnsl_s.2 Streams.STREAMS-32ALIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: 1720760509 165894 /usr/lib/libxti.a Streams.STREAMS-MIN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: 1752569787 135168 /usr/lib/libxti.2 Streams.STREAMS-64ALIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: 563049417 322872 /usr/lib/pa20_64/libxti.a Streams.STREAMS-64SLIB,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: 949672595 141168 /usr/lib/pa20_64/libxti.2 Patch Conflicts: None Patch Dependencies: s700: 11.11: PHKL_25233 PHKL_25389 PHKL_29696 PHKL_24253 PHKL_24254 PHKL_24255 PHKL_24256 s800: 11.11: PHKL_25233 PHKL_25389 PHKL_29696 PHKL_24253 PHKL_24254 PHKL_24255 PHKL_24256 Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_23715 PHNE_24274 PHNE_24972 PHNE_25084 PHNE_25460 PHNE_26710 PHNE_26728 PHNE_26758 PHNE_27170 PHNE_27703 PHNE_27910 PHNE_28476 PHNE_28788 PHNE_29278 PHNE_29454 PHNE_29825 PHNE_29961 Equivalent Patches: None Patch Package Size: 1190 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_30367 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_30367.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_30367. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_30367.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_30367.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_30367.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None