HPE Community
Operating System - HP-UX
1753789 Members
7787 Online
108799 Solutions
New Discussion

Re: How does the kernel detect a bus check HPMC?

 
SOLVED
Go to solution
cnb
Honored Contributor

‎04-21-2011 10:06 AM

‎04-21-2011 10:06 AM

Re: How does the kernel detect a bus check HPMC?

Excellent research and findings!

Looks like its time to update drivers and patches :-)


Best Regards,

-cnb

0 Kudos
Reply
Michael_Pelleti
Occasional Advisor

‎10-11-2011 11:44 AM

‎10-11-2011 11:44 AM

Re: How does the kernel detect a bus check HPMC?

We discovered, not too long after my last post, that the invalid memory access originated from the use of uninitialized data - the prev_r19 member of the previous frame descriptor structure - by the HP LIBCL library in U_get_previous_frame_x().

 

This function called U_get_shLib_text_addr() with the invalid address, which then executed a PROBE,R and a LDW instruction on the address.  If the address found in the uninitialized prev_r19 location happened to fall in the unused range of a public-mapped PCI IO page, the HPMC would occur because the PROBE,R would return true due to it being a public IO map, and the out-of-range LDW would be ignored by the PCI card, and the HPMC would be thrown six PCI clock cycles later.

 

The libcl library stack-unwind component is used extensively in Ada and C++ programs, as part of the exception handling mechanism, so every time an exception was raised in the code the runtime library ran the risk of crashing the system.

 

If the previous-frame structure memory had been a calloc() instead of malloc(), there would have been no problem, since the PROBE,R instruction would return false for a null pointer.

 

The fix, as I understand it, was to add one line of code when entering U_get_previous_frame():

previous_frame->prev_r19 = 0;

 

I'm not sure whether it's been released as an official patch yet, they were telling us November last we talked to them.

 

So, this is my third HP-UX 11.11 bug-squash in one year - PHKL_41910, PHKL_42072, and this one. Not bad, eh? :)

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎10-12-2011 02:38 AM

‎10-12-2011 02:38 AM

Re: How does the kernel detect a bus check HPMC?

It looks like you have found a flaw in the kernel or your driver.

0 Kudos
Reply
mvpel
Trusted Contributor

‎10-26-2011 10:54 AM - edited ‎10-26-2011 04:10 PM

‎10-26-2011 10:54 AM - edited ‎10-26-2011 04:10 PM

Re: How does the kernel detect a bus check HPMC?

The flaw was indeed in the LIBCL library. It turns out that the fix was not included in PHSS_42247, since it affected PA-RISC 1.1 Pascal-language stack-unwinding operations, and the problem is a very far-corner case. So I guess we'll be using the site-specific patch for the forseeable future.

 

 

 

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎10-26-2011 08:45 PM

‎10-26-2011 08:45 PM

Re: How does the kernel detect a bus check HPMC?

>The flaw was indeed in the LIBCL library

 

If a user mode program can crash the box, it is a problem in the kernel or driver.

If that is fixed, the only "flaw" is one of performance.

0 Kudos
Reply
mvpel
Trusted Contributor

‎11-11-2011 11:57 AM

‎11-11-2011 11:57 AM

Re: How does the kernel detect a bus check HPMC?

Dennis - some of the PCI cards in the system have PROT_URW IO maps so that they can be used within critical segments of real-time code where system calls are not allowed - it was this fact in combination with LIBCL's dereference of an uninitialized pointer that caused the HPMC.

 

We're given to understand that HP's intent was that the previous frame descriptor's structure would have a calloc() before the first call to U_get_previous_frame(), but that intent didn't make it into the documentation nearly 15 years ago.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.