IBM Support

IT23530: Unexpected intermittent MQPUT failure when using AMS protection

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When using an AMS-enabled application or channel, MQPUT
    operations to a queue with a protection policy intermittently
    fail with MQRC_SECURITY_ERROR (RC=2063), even though the policy
    and configuration are valid, and other MQPUTs from the same
    application are successful.
    
    Failure Data Capture (FDC) records are generated with probeID
    XC130006, reporting a SIGSEGV signal with the following
    stacktrace:
    
    MQM Function Stack
    MQOPEN
    zstMQOPEN
    smqxOpenAfter
    smqiOpenAfter
    smqiInitCrypto
    smqiInitProtectionSettings
    smqodInitializeProtSettings
    xcsFFST
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    This issue affects users of MQv9, who are using AMS-enabled
    applications or channels to put or get messages to queues with
    protection policies.
    
    The issue is observed only when multiple application threads
    make concurrent MQAPI calls which require invocation of the AMS
    interceptor code, and the possibility of encountering the issue
    increases as concurrency increases.
    
    The issue has only been observed by IBM with multiple threads
    performing MQPUT, but could theoretically also affect threads
    performing MQGET.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    A logic omission in the AMS native interceptor code meant that
    calls to initialise MQ's underlying cryptographic libraries were
    not correctly serialised. Under periods of high concurrency
    within applications making MQ API calls which require
    interception, this exposed a timing window where an illegal
    memory access could be performed.
    
    This illegal access resulted in the API call (MQPUT in observed
    cases) returning MQRC_SECURITY_ERROR, and the FDC record being
    generated to report the exception.
    

Problem conclusion

  • The MQ native interceptor logic has been corrected to correctly
    serialise calls to initialise the underlying cryptographic
    libraries as appropriate.
    
    The MQ native interceptor logic is found in the MQ client and
    server native libraries to which MQ applications can be linked,
    and is also used by message channel agent processes performing
    MCA AMS interception.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v9.0 CD    9.0.5
    v9.0 LTS   9.0.0.4
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT23530

  • Reported component name

    IBM MQ BASE M/P

  • Reported component ID

    5724H7261

  • Reported release

    900

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-12-18

  • Closed date

    2018-01-31

  • Last modified date

    2018-01-31

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM MQ BASE M/P

  • Fixed component ID

    5724H7261

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
31 January 2018