IBM Support

IT23530: Unexpected intermittent MQPUT failure when using AMS protection

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When using an AMS-enabled application or channel, MQPUT
operations to a queue with a protection policy intermittently
fail with MQRC_SECURITY_ERROR (RC=2063), even though the policy
and configuration are valid, and other MQPUTs from the same
application are successful.

Failure Data Capture (FDC) records are generated with probeID
XC130006, reporting a SIGSEGV signal with the following
stacktrace:

MQM Function Stack
MQOPEN
zstMQOPEN
smqxOpenAfter
smqiOpenAfter
smqiInitCrypto
smqiInitProtectionSettings
smqodInitializeProtSettings
xcsFFST

Local fix

  • 



Problem summary


    

  • ****************************************************************
USERS AFFECTED:
This issue affects users of MQv9, who are using AMS-enabled
applications or channels to put or get messages to queues with
protection policies.

The issue is observed only when multiple application threads
make concurrent MQAPI calls which require invocation of the AMS
interceptor code, and the possibility of encountering the issue
increases as concurrency increases.

The issue has only been observed by IBM with multiple threads
performing MQPUT, but could theoretically also affect threads
performing MQGET.


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
A logic omission in the AMS native interceptor code meant that
calls to initialise MQ's underlying cryptographic libraries were
not correctly serialised. Under periods of high concurrency
within applications making MQ API calls which require
interception, this exposed a timing window where an illegal
memory access could be performed.

This illegal access resulted in the API call (MQPUT in observed
cases) returning MQRC_SECURITY_ERROR, and the FDC record being
generated to report the exception.

    



Problem conclusion


    

  • The MQ native interceptor logic has been corrected to correctly
serialise calls to initialise the underlying cryptographic
libraries as appropriate.

The MQ native interceptor logic is found in the MQ client and
server native libraries to which MQ applications can be linked,
and is also used by message channel agent processes performing
MCA AMS interception.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.0 CD    9.0.5
v9.0 LTS   9.0.0.4

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT23530
    • 

  • Reported component name
    IBM MQ BASE M/P
    • 

  • Reported component ID
    5724H7261
    • 

  • Reported release
    900
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-12-18
    • 

  • Closed date
    2018-01-31
    • 

  • Last modified date
    2018-01-31
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM MQ BASE M/P
    • 

  • Fixed component ID
    5724H7261
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            31 January 2018
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback