VULNERABILITY SCANS CAUSE TCPIP TO LOOP
APAR Identifier ...... PK34158 Last Changed ........ 07/09/28
VULNERABILITY SCANS CAUSE TCPIP TO LOOP
Symptom ...... LP LOOP Status ........... CLOSED PER
Severity ................... 3 Date Closed ......... 06/12/06
Component .......... 5735FAL00 Duplicate of ........
Reported Release ......... 520 Fixed Release ............ 999
Component Name TCP/IP V2 FOR V Special Notice
Current Target Date .. Flags
SCP ...................
Platform ............
Status Detail: SHIPMENT - Packaged solution is available for
shipment.
PE PTF List:
PTF List:
Release 510 : UK20415 available 06/12/08 (0702 )
Release 520 : UK20416 available 06/12/08 (0702 )
Parent APAR:
Child APAR list:
ERROR DESCRIPTION:
Vulnerability scans are cauing TCPIP to get into a program
check loop intermittantly.
.
Looking at the TCPIP console, TCPIP reports:
AMPX036I ASSERTION FAILURE CHECKING ERROR
TRACE BACK OF CALLED ROUTINES
ROUTINE STMT AT ADDRESS IN MODULE
ALLOCANDSOCKPASSIVEOPEN 4 00D140FA TCPREQUEST
SKTCPCLS 11 00D21148 TCPREQUEST
00:41:13 * MSG FROM TCPIP : VMDUMPing...
HCPMFS057I TCPIP not receiving; disconnected
Command complete
SPROCESSPENDMSG 80 00DE90E2 SOCKREQ
SockRequ 170 00E20AB4
Schedule 2082 00CF9424
<MAIN-PROGRAM> 14 00C421FE TCPIP
VSPASCAL 00E4D462
AMPX036I ASSERTION FAILURE CHECKING ERROR
TRACE BACK OF CALLED ROUTINES
ROUTINE STMT AT ADDRESS IN MODULE
ALLOCANDSOCKPASSIVEOPEN 5 00D1410C TCPREQUEST
SKTCPCLS 11 00D21148 TCPREQUEST
SPROCESSPENDMSG 80 00DE90E2 SOCKREQ
SockRequ 170 00E20AB4
Schedule 2082 00CF9424
<MAIN-PROGRAM> 14 00C421FE TCPIP
VSPASCAL 00E4D462
.
AMPX014I PROTECTION EXCEPTION
TRACE BACK OF CALLED ROUTINES
ROUTINE STMT AT ADDRESS IN MODULE
ALLOCSOCKOBJECTS 3 00D13ABC TCPREQUEST
ALLOCANDSOCKPASSIVEOPEN 6 00D14130
TCPREQUEST
SKTCPCLS 11 00D21148 TCPREQUEST
SPROCESSPENDMSG 80 00DE90E2 SOCKREQ
SockRequ 170 00E20AB4
Schedule 2082 00CF9424
LOCAL FIX:
PROBLEM SUMMARY:
****************************************************************
* USERS AFFECTED: All users of z/VM TCP/IP *
****************************************************************
* PROBLEM DESCRIPTION: z/VM TCP/IP Stack loops on SSL *
* server shutdown due to improper *
* accept() processing. *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
There are two problems here:
1. The SSL server receives an EIBMSOCKINUSE error on an
accept() call causing it to shut down.
2. The assertion failure which is caused by problem 1.
Problem 1 occurs because SkSslAcc() stores the new socket number
(from SockAssign) in the ACB before we know if we're really
going to allocate the socket and respond to the client. In the
case where the socket call blocks (because there are no
connection requests queued), we don't actually allocate the
socket. Then, should another call to SockAssign occur for this
client before the accept() is actually processed, SockAssign
may give out the same socket number. This causes the error on
the accept() call once it (the accept()) is ready to be
processed. Note that this is also a problem in SkTcpAcc() and
vSkTcpAcc() (e.g. the accept() error is not limited to the SSL
server).
Problem 2 occurs because the main SSL socket is closing before
all of the worker thread sockets close. So, when the stack sees
a worker thread close, and no listen on the main socket, it
tries to issue a passive open. Since the socket is closed, we
hit the assertion (SockListening is false).
PROBLEM CONCLUSION:
To address the problem with accept() processing, code has been
changed to update the socket number in the ACB just before we
respond to the client, such that we are sure the socket has been
allocated and SockAssign will not attempt to reuse the socket
number.
To address the assertion, close() processing for SSL sockets
has been modified to only issue the passive open in the case
where there is currently no listen on the socket and the
socket should be listening.
TEMPORARY FIX:
COMMENTS:
MODULES/MACROS: TCPIP TCPREQU TCPSSL T6PREQU
SRLS: NONE
RTN CODES:
CIRCUMVENTION:
MESSAGE TO SUBMITTER: