Patch Name: PHKL_10643 Patch Description: s700 10.20 exec, ptrace, MMF, large shmem, large buf cache Creation Date: 97/04/07 Post Date: 97/04/10 Hardware Platforms - OS Releases: s700: 10.20 Products: N/A Filesets: OS-Core.CORE-KRN OS-Core.KERN-RUN Automatic Reboot?: Yes Status: General Superseded Critical: Yes PHKL_10643: PANIC PHKL_10257: PANIC PHKL_10234: PANIC PHKL_9075: PANIC Path Name: /hp-ux_patches/s700/10.X/PHKL_10643 Symptoms: PHKL_10643: System panic with Memory Mapped Files on UFS filesystem. A typical kernel stack trace would show a data page fault panic in hdl_unsetbits() called from async_pagein_comp(). PHKL_10316: When ptrace is called from the DDE debugger while the DDE debugger has watchpoints set, the ptrace system call is called to single step the user process. If the ptrace call is handling a user signal and another signal event is pro- cessed before returning to the user process from ptrace, ptrace may incorretly sent the user's save_state program counter to an incorrect value and return EIO to the parent debugger. PHKL_10257: Panic with "vn_rele" with EXEC_MAGIC executable run over NFS PHKL_10234: panic: kernel scheduler interrupt PHKL_10176: The total length (including terminators) of all argv and env strings passed to a newly-EXECed process was 20480 bytes. If a greater length was detected, the exec() failed with E2BIG. PHKL_9919: Timing differences between CPU to large, causes MI Daemon to die frequently (often in less than 15 minutes). PHKL_9075: Applications using Memory Mapped Files were performing poorly when mapping thousands of pregions to the same file. The problem would mainly be noticed with shared (MAP_SHARED) and exclusive (MAP_FIXED with address in the process private data space) mappings. This patch is required when using the Object Store database product from ODI. Additionally, this patch provides an enhancement to the mprotect(2) system call: mprotect(2) used to fail protecting non mmap(2)'ed addresses. This patch enables to mprotect(2) data, stack and shared memory segment addresses. Finally, this patch fixes a kernel panic with large buffer cache: kernel panic with a data page fault when attempting to copy data from the last page of the third quadrant. This will only occur on systems with a buffer cache of one gigabyte or larger. The panic message will display the following: isr.ior = 0.bffffffc PHKL_8346: Executables cannot access more than 1.75 GB shared memory Defect Description: PHKL_10643: There were two defects in the UFS read-ahead pagein code causing the system to request more read-ahead pages than the system maximum limit. Since the number of requested pages exceeded the allowed maximum, this resulted in overflowing internal arrays, and the system could then panic while using garbled data. First, the book-keeping of the variables tracking the "last read-ahead" and the "expected next fault" was not always done properly. There was a situation where the "expected next fault" could end up exceeding the "last read-ahead", and this resulted in a read-ahead count greater than the system maximum limit. Second, there was a corner case code path using the "last read-ahead" variable before it had been initialized. PHKL_10316: If ptrace() is single stepping an user signal handler and handling a sigcleanup call, and another signal is handled during the return of this system call, the user's PC is overwritten by the single step breakpoint address before returning to the user. One way to reproduce the problem is to use DDE on a program that generates a lot of signals. Signal stepping through the program will eventually cause an internal I/O error. PHKL_10257: The problem fixed was a wrong assumption in add_text which expects the fstore to be the same as the bstore. Because of this assumption the original (and correct) bstore gets trashed when it is overwritten with the fstore after a call to duplicate a region. For an NFS executale with the sticky bit set, the fstore will NOT be the same as the bstore. We know have removed this assumption. PHKL_10234: Running an EXEC_MAGIC program using a stack pointer in the first quadrant could result in a panic: kernel scheduler interrupt. This problem would only be seen on UP systems. PHKL_10176: The internal buffer within the kernel was created with a length of 20480 bytes, with no provision for increasing its size. This patch provides for up to 100 such buffers, with all but the first allocated only if required (that is, if more than 20480 bytes of argv/env information is found). Thus, exec() now supports up to 2048000 bytes of argv/env information. PHKL_9919: Upon synchronization, non-monarch's expect the monarch to be waiting for them to synchronize. If the monarch is not waiting, the synchronization fails, and the offset_correction is set to 0. This happens only on bootup and may not happen every time. This causes times in the KI buffers to vary greatly, and that causes the MI Daemon to crash frequently. The problem is only at boot time, and will not occur later. This means a succesful boot will keep stay good, and a bad boot will stay bad. PHKL_9075: This patch provides two enhancements to Memory Mapped Files: increased performance when using thousands of mappings, and mprotect(2) opened to non-mmap(2) addresses. It also provides a fix for a defect with large buffer cache. The pregions list associated to a shared region was designed as a doubly-linked list thus providing a linear access to pregions in the list. This design was not suited to deal with thousands of pregions and the doubly-linked list was replaced by a skip-list for faster access. Two other changes were required to deliver better performance: the algorithm to check the total virtual address space and the routine to locate the stack pregion were enhanced. Only those addresses returned from a call to mmap(2) could be used for mprotect(2). However there were applications who needed to protect addresses in data, stack or shared memory segments; objects not created via call to mmap(2). So mprotect(2) was opened to allow mprotect'ing on data, stack and shared memory objects. Text is not allowed unless the executable is EXEC_MAGIC. A compiler feature with C language structure copies results in a reference to an untranslated address when copying the last 4 bytes in quadrant 3. This only shows up when the data in the buffer that is being copied includes address 0xbffffffc that is, it is the last full word in quadrant 3. The problem appears as a trap type 15: "data page fault". PHKL_8346: Current executable types cannot access more than 1.75 GB of shared memory. A new executable type is defined which uses the second quadrant of the address space for shared memory rather than process private data thus resulting in 2.75 GB of shared memory. With short pointer addressing on 32-bit PA architecture, each pointer addresses one of four quadrants each of which is 1 GB in size. Current executable types use quadrant 3 and quadrant 4 for shared memory. In user mode, quadrant 1 and quadrant 2 are used for user text and data, respectively. This results in a system wide maximum of 1.75 GB of shared memory (.25 GB in quadrant 4 is set aside for IO). In the new executable type, user data and stack are pushed into quadrant 1 and quad 2 is also used for shared memory. An existing application has to be relinked as the new executable type to avail of this feature. Alternately the application can be linked as an EXEC_MAGIC and the n the executable can be chatr'd to be the new executable type (SHMEM_MAGIC). The related patch for chatr is PHSS_8358. Only the chatr method is currently supported. Please note that this is an interim solution for increased shared memory addressing till 64-bit hp-ux becomes available. There are several limitations: - Only executables that are linked to be the new SHMEM_MAGIC executable type(or chatrd to be so) can avail of this feature. Other executables will continue to see a system wide maximum of 1.75 GB of shared memory. Processes that execute other types of executables will not be able to share the memory in quadrant 2 with a process that is executing the new executable type. - In the new SHMEM_MAGIC type, quadrant 2 is only used for system V shared memory (unlike quadrants 3 and 4 which are also used for shared memory mapped files). - In the new executable type text is mapped at different virtual addresses and so process intensive applications may not benefit. Any increase in performance due to the larger shared memory may be offset by decreases due to TLB inefficiency. Applications that use one process per processor may however benefit. - This will not be supported on future HP implementations of 64-bit architectures (beyond PA 2.0), nor will it need to be as with a 64-bit kernel the size of shared memory supported will be much larger than 2.75 GB. Programs that need more than 1.75 GB of shared memory on these architectures will have to be recompiled for these architectures. - Programs that are compiled as 64-bit executables on any 64-bit HP implementation (including PA 2.0) cannot be marked as SHMEM_MAGIC nor do they need to be as they will already have access to more than 1.75 GB of shared memory. SR: 4701334367 4701341362 4701345843 4701347922 5003314633 5003318667 5003334961 5003341925 5003344630 5003357616 5003359414 5003363820 Patch Files: /usr/conf/lib/libhp-ux.a(asm_rv.o) /usr/conf/lib/libhp-ux.a(clock.o) /usr/conf/lib/libhp-ux.a(hdl_fault.o) /usr/conf/lib/libhp-ux.a(hdl_init.o) /usr/conf/lib/libhp-ux.a(hdl_mprotect.o) /usr/conf/lib/libhp-ux.a(hdl_policy.o) /usr/conf/lib/libhp-ux.a(hdl_trans.o) /usr/conf/lib/libhp-ux.a(kern_exec.o) /usr/conf/lib/libhp-ux.a(kern_mman.o) /usr/conf/lib/libhp-ux.a(pm_context.o) /usr/conf/lib/libhp-ux.a(pm_procdup.o) /usr/conf/lib/libhp-ux.a(pm_resource.o) /usr/conf/lib/libhp-ux.a(pm_sendsig.o) /usr/conf/lib/libhp-ux.a(sysV_shm.o) /usr/conf/lib/libhp-ux.a(vfs_vm.o) /usr/conf/lib/libhp-ux.a(vm_machdep.o) /usr/conf/lib/libhp-ux.a(vm_mmap.o) /usr/conf/lib/libhp-ux.a(vm_pregion.o) /usr/conf/lib/libhp-ux.a(vm_region.o) /usr/conf/lib/libhp-ux.a(vm_sched.o) /usr/conf/lib/libhp-ux.a(vm_superpage.o) /usr/conf/lib/libhp-ux.a(vm_text.o) /usr/conf/lib/libhp-ux.a(vm_vas.o) /usr/conf/lib/libhp-ux.a(vm_vhand.o) /usr/conf/master.d/core-hpux /usr/conf/space.h.d/core-hpux.h what(1) Output: /usr/conf/lib/libhp-ux.a(asm_rv.o): asm_rv.s $Date: 97/02/28 14:51:08 $ $Revision: 1.57 .98.11 $ PATCH_10.20 (PHKL_10234) /usr/conf/lib/libhp-ux.a(clock.o): clock.c $Date: 97/01/23 16:09:43 $ $Revision: 1.39. 98.4 $ PATCH_10.20 (PHKL_9919) /usr/conf/lib/libhp-ux.a(hdl_fault.o): hdl_fault.c $Date: 96/08/26 22:28:39 $ $Revision: 1.13.98.9 $ PATCH_10.20 (PHKL_8346) /usr/conf/lib/libhp-ux.a(hdl_init.o): hdl_init.c $Date: 96/08/26 22:38:17 $ $Revision: 1.9.98.5 $ PATCH_10.20 (PHKL_8346) /usr/conf/lib/libhp-ux.a(hdl_mprotect.o): hdl_mprotect.c $Date: 96/11/20 10:52:46 $ $Revision : 1.4.98.3 $ PATCH_10.20 (PHKL_9075) /usr/conf/lib/libhp-ux.a(hdl_policy.o): hdl_policy.c $Date: 96/11/20 10:58:41 $ $Revision: 1.15.98.10 $ PATCH_10.20 (PHKL_9075) /usr/conf/lib/libhp-ux.a(hdl_trans.o): hdl_trans.c $Date: 96/11/21 16:23:49 $ $Revision: 1.12.98.11 $ PATCH_10.20 (PHKL_9075) /usr/conf/lib/libhp-ux.a(kern_exec.o): kern_exec.c $Date: 97/02/24 10:25:21 $ $Revision: 1.93.98.17 $ PATCH_10.20 (PHKL_10176) /usr/conf/lib/libhp-ux.a(kern_mman.o): kern_mman.c $Date: 96/11/20 11:01:53 $ $Revision: 1.35.98.4 $ PATCH_10.20 (PHKL_9075) /usr/conf/lib/libhp-ux.a(pm_context.o): pm_context.c $Date: 96/08/26 22:35:25 $ $Revision : 1.3.98.6 $ PATCH_10.20 (PHKL_8346) /usr/conf/lib/libhp-ux.a(pm_procdup.o): pm_procdup.c $Date: 96/08/26 22:42:06 $ $Revision : 1.11.98.12 $ PATCH_10.20 (PHKL_8346) /usr/conf/lib/libhp-ux.a(pm_resource.o): pm_resource.c $Date: 96/08/26 22:36:15 $ $Revisio n: 1.7.98.13 $ PATCH_10.20 (PHKL_8346) /usr/conf/lib/libhp-ux.a(pm_sendsig.o): pm_sendsig.c $Date: 97/03/05 13:52:09 $ $Revision : 1.4.98.11 $ PATCH_10.20 (PHKL_10316) /usr/conf/lib/libhp-ux.a(sysV_shm.o): sysV_shm.c $Date: 96/11/20 11:01:21 $ $Revision: 1.54.98.5 $ PATCH_10.20 (PHKL_9075) /usr/conf/lib/libhp-ux.a(vfs_vm.o): vfs_vm.c $Date: 97/04/07 13:35:26 $ $Revision: 1.1 7.98.16 $ PATCH_10.20 (PHKL_10643) /usr/conf/lib/libhp-ux.a(vm_machdep.o): vm_machdep.c $Date: 97/01/23 16:10:42 $ $Revision: 1.157.98.31 $ PATCH_10.20 (PHKL_9919) /usr/conf/lib/libhp-ux.a(vm_mmap.o): vm_mmap.c $Date: 96/11/20 11:02:00 $ $Revision: 1.17.98.14 $ PATCH_10.20 (PHKL_9075) /usr/conf/lib/libhp-ux.a(vm_pregion.o): vm_pregion.c $Date: 97/04/07 13:34:27 $ $Revision: 1.16.98.13 $ PATCH_10.20 (PHKL_10643) /usr/conf/lib/libhp-ux.a(vm_region.o): vm_region.c $Date: 96/11/20 11:01:58 $ $Revision: 1.20.98.4 $ PATCH_10.20 (PHKL_9075) /usr/conf/lib/libhp-ux.a(vm_sched.o): vm_sched.c $Date: 96/11/20 11:01:54 $ $Revision: 1.58.98.9 $ PATCH_10.20 (PHKL_9075) /usr/conf/lib/libhp-ux.a(vm_superpage.o): vm_superpage.c $Date: 96/08/26 22:40:13 $ $Revisi on: 1.2.98.3 $ PATCH_10.20 (PHKL_8346) /usr/conf/lib/libhp-ux.a(vm_text.o): vm_text.c $Date: 97/03/03 12:25:55 $ $Revision: 1 .56.98.9 $ PATCH_10.20 (PHKL_10257) /usr/conf/lib/libhp-ux.a(vm_vas.o): vm_vas.c $Date: 96/11/20 11:01:49 $ $Revision: 1.18.98.14 $ PATCH_10.20 (PHKL_9075) /usr/conf/lib/libhp-ux.a(vm_vhand.o): vm_vhand.c $Date: 96/11/20 11:02:03 $ $Revision: 1.20.98.5 $ PATCH_10.20 (PHKL_9075) /usr/conf/master.d/core-hpux: core-hpux $Date: 96/11/20 11:08:41 $ $Revision: 1. 6.98.13 $ PATCH_10.20 (PHKL_9075) /usr/conf/space.h.d/core-hpux.h: core-hpux.h: $Revision: 1.6.98.11 $ $Date: 96/11/20 11:07:03 $ PATCH_10.20 (PHKL_9075) cksum(1) Output: 3294814409 19476 /usr/conf/lib/libhp-ux.a(asm_rv.o) 1053092530 19912 /usr/conf/lib/libhp-ux.a(clock.o) 2914743296 13256 /usr/conf/lib/libhp-ux.a(hdl_fault.o) 555026448 6348 /usr/conf/lib/libhp-ux.a(hdl_init.o) 997333578 15648 /usr/conf/lib/libhp-ux.a(hdl_mprotect.o) 3636937882 11908 /usr/conf/lib/libhp-ux.a(hdl_policy.o) 2718340289 10016 /usr/conf/lib/libhp-ux.a(hdl_trans.o) 2185373297 16844 /usr/conf/lib/libhp-ux.a(kern_exec.o) 373925377 3096 /usr/conf/lib/libhp-ux.a(kern_mman.o) 3811483497 2236 /usr/conf/lib/libhp-ux.a(pm_context.o) 3662312379 6696 /usr/conf/lib/libhp-ux.a(pm_procdup.o) 2226603191 7076 /usr/conf/lib/libhp-ux.a(pm_resource.o) 2327822087 16172 /usr/conf/lib/libhp-ux.a(pm_sendsig.o) 925297696 8712 /usr/conf/lib/libhp-ux.a(sysV_shm.o) 3310110528 29820 /usr/conf/lib/libhp-ux.a(vfs_vm.o) 2384454065 91012 /usr/conf/lib/libhp-ux.a(vm_machdep.o) 133406500 21604 /usr/conf/lib/libhp-ux.a(vm_mmap.o) 1265397058 12324 /usr/conf/lib/libhp-ux.a(vm_pregion.o) 1266053234 11316 /usr/conf/lib/libhp-ux.a(vm_region.o) 3119256795 24816 /usr/conf/lib/libhp-ux.a(vm_sched.o) 4017694933 9992 /usr/conf/lib/libhp-ux.a(vm_superpage.o) 2800961341 14444 /usr/conf/lib/libhp-ux.a(vm_text.o) 1181531280 13300 /usr/conf/lib/libhp-ux.a(vm_vas.o) 1919993849 14372 /usr/conf/lib/libhp-ux.a(vm_vhand.o) 151105656 16751 /usr/conf/master.d/core-hpux 534048381 18816 /usr/conf/space.h.d/core-hpux.h Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHKL_8346 PHKL_9075 PHKL_9919 PHKL_10176 PHKL_10234 PHKL_10257 PHKL_10316 Equivalent Patches: PHKL_10644: s800: 10.20 Patch Package Size: 520 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHKL_10643 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHKL_10643.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHKL_10643.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHKL_10643. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHKL_10643.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHKL_10643.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Due to the number of objects in this patch, the customization phase of the update may take more than 10 minutes. During that time the system will not appear to make forward progress, but it will actually be installing the objects.