Patch Name: PHKL_24815 Patch Description: s700 10.20 Fix for kthread b_sema wait queue corruption Creation Date: 01/08/01 Post Date: 01/08/08 Hardware Platforms - OS Releases: s700: 10.20 Products: N/A Filesets: OS-Core.CORE-KRN Automatic Reboot?: Yes Status: General Release Critical: Yes PHKL_24815: CORRUPTION PHKL_20849: PANIC CORRUPTION Path Name: /hp-ux_patches/s700/10.X/PHKL_24815 Symptoms: PHKL_24815: (SR: 8606193394 CR: JAGad62606) By allowing a thread to enqueue itself for a beta semaphore it already owns, we end up with corruption of the b_sema hash queue. This can cause different problems, from a thread/application hang to a system panic (usually spinlock deadlock) or hang, depending on the resources the thread holds. PHKL_20849: ( SR: 8606114394 CR: JAGac29158 ) Multiprocessor system paniced with the following stack trace: panic: Spinlock deadlock! panic+0x3c too_much_time+0x238 wait_for_lock_spinner+0x2f4 wait_for_lock_4way+0x2c b_psema_retry+0x1c soo_select+0x44 selscan+0x1bc select+0x6ec syscall+0x1a4 $syscallrtn The panicing processor timed out waiting on a spinlock. The processor holding the spinlock was in a loop searching for a thread that wanted the beta semaphore the panicing processor was releasing. The kt_wait_list chain was corrupted. The trace for the looping processor showed: crash event was a TOC b_sema_get_queue+0x2c mp_b_sema_wanted+0x38 sounlock+0x3f4 mp_socket_unlock+0x10 soclose+0x128 soo_close+0x7c closef+0x6c close+0x40 syscall+0x64c $syscallrtn+0x0 Defect Description: PHKL_24815: (SR: 8606193394 CR: JAGad62606) There is no runtime check that disallows a thread from enqueing itself for a beta semaphore it already owns and thus corrupting the beta semaphore wait list. Resolution: Add a runtime check to ensure the beta semaphore a thread is trying to lock is not already owned by that thread. PHKL_20849: ( SR: 8606114394 CR: JAGac29158 ) mp_b_sema_wanted() is called to check if there is a kthread at the head of the semaphore's wait queue that needs to be awaken when the semaphore is available. In acquiring the thread lock, this routine momentarily releases the spinlock associated with the semaphore and it assumes that the list of waiters for this lock has not changed. If the wait list for the semaphore lock was changed during the window, mp_b_sema_wanted() passes the semaphore lock to the wrong kthread and corrupts the kt_wait_list. Resolution: Added a check and retry to ensure the kt_wait queue was not changed after reacquiring the semaphore spinlock. SR: 8606114394 8606193394 Patch Files: /usr/conf/lib/libhp-ux.a(sem_beta.o) what(1) Output: /usr/conf/lib/libhp-ux.a(sem_beta.o): sem_beta.c $Date: 2001/08/01 16:48:08 $ $Revision : 1.12.98.7 $ PATCH_10.20 (PHKL_24815) cksum(1) Output: 2171740755 5424 /usr/conf/lib/libhp-ux.a(sem_beta.o) Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHKL_20849 Equivalent Patches: PHKL_24816: s800: 10.20 PHKL_24021: s700: 11.00 Patch Package Size: 70 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHKL_24815 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHKL_24815.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHKL_24815. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHKL_24815.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHKL_24815.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None