APAR status
Closed as program error.
Error description
When using an AMS-enabled application or channel, MQPUT operations to a queue with a protection policy intermittently fail with MQRC_SECURITY_ERROR (RC=2063), even though the policy and configuration are valid, and other MQPUTs from the same application are successful. Failure Data Capture (FDC) records are generated with probeID XC130006, reporting a SIGSEGV signal with the following stacktrace: MQM Function Stack MQOPEN zstMQOPEN smqxOpenAfter smqiOpenAfter smqiInitCrypto smqiInitProtectionSettings smqodInitializeProtSettings xcsFFST
Local fix
Problem summary
**************************************************************** USERS AFFECTED: This issue affects users of MQv9, who are using AMS-enabled applications or channels to put or get messages to queues with protection policies. The issue is observed only when multiple application threads make concurrent MQAPI calls which require invocation of the AMS interceptor code, and the possibility of encountering the issue increases as concurrency increases. The issue has only been observed by IBM with multiple threads performing MQPUT, but could theoretically also affect threads performing MQGET. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: A logic omission in the AMS native interceptor code meant that calls to initialise MQ's underlying cryptographic libraries were not correctly serialised. Under periods of high concurrency within applications making MQ API calls which require interception, this exposed a timing window where an illegal memory access could be performed. This illegal access resulted in the API call (MQPUT in observed cases) returning MQRC_SECURITY_ERROR, and the FDC record being generated to report the exception.
Problem conclusion
The MQ native interceptor logic has been corrected to correctly serialise calls to initialise the underlying cryptographic libraries as appropriate. The MQ native interceptor logic is found in the MQ client and server native libraries to which MQ applications can be linked, and is also used by message channel agent processes performing MCA AMS interception. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v9.0 CD 9.0.5 v9.0 LTS 9.0.0.4 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT23530
Reported component name
IBM MQ BASE M/P
Reported component ID
5724H7261
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-12-18
Closed date
2018-01-31
Last modified date
2018-01-31
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM MQ BASE M/P
Fixed component ID
5724H7261
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 January 2018