Patch-ID# 101318-39 Keywords: kernel kadb sendmail syslog libc lockd tcp ip tmpfs security Synopsis: SunOS 5.3: Jumbo patch for kernel (includes libc, sendmail, lockd) Date: Mar/31/94 Solaris Release: 2.3 SunOS release: 5.3 Unbundled Product: Unbundled Release: Topic: SunOS 5.3: Jumbo patch for kernel (includes libc) ***** Special Note for systems running Oracle, Informix, or Sybase ***** As of rev -34, there are kernel bugs fixed in this patch, but Sun also found some bugs in DB vendors' code which makes DBs fail to startup with the fixed kernel. As a result, Sun is coordinating with DB vendors regarding their corresponding fixes. The complete solution is to have both the 101318 patch, rev 34 or higher, installed on Solaris 2.3 AND the corresponding fixes from the DBMS vendors installed as well. Here is when the DB vendor fixes are expected to be available: Oracle: Oracle has a V7.0.16 patch now available free of charge to customers. Informix: Informix's fix will appear in the production version of Online 6.0, which will ship in April/May Sybase: the fix is expected to appear in a Sybase "roll-up" in mid 4/94. The exact EBF numbers to look for are: For Sybase SQL Server 4.9.xS: use EBF# 2592 For Sybase System 10S and beyond: use EBF# 2594 For additional detail and other work around information please see the file SPECIAL_NOTICE_DBMS also included with this patch. ************************************************************************* BugId's fixed with this patch: 1139493 1108615 1139124 1130721 1144765 1146912 1146985 1130721 1143439 1140209 1137581 1144922 1145401 1145746 1150058 1142365 1140047 1123788 1132554 1145661 1145617 1144308 1137978 1144228 1147226 1139753 1147620 1147165 1150306 1149105 1149088 1123140 1146534 1149928 1152482 1152251 1151159 1153051 1152977 1153790 1152995 1144086 1152995 1153911 1150613 1154515 1153178 1151999 1146597 1154325 1152168 1149458 1146840 1150304 1088703 1097418 1151044 1153024 1142479 1155136 1154975 1145471 1142622 1113339 1121069 1148689 1142662 1157047 1155803 1152410 1156550 1152960 1153324 1139753 1142840, 1145035 1151181 1151181 1152199 1149201 1154452 1157110 1157460 1157463 1158000 1157524 1153276 1157978 1144536 1159160 1160505 1157990 1160207 1155948 1140802 1160720 1159439 1157267 1140503 1140378 1122992 1132086 Changes incorporated in this version: 1160720 1159439 1157267 1140503 1140378 1122992 1132086 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: 101267-01,101326-01,101349-01,101319-02,101346-03,101485-01,101371-04 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: kadb all of {sun4,sun4c,sun4d,sun4e,sun4m} versions kernel/unix all of {sun4,sun4c,sun4d,sun4e,sun4m} versions kernel/fs/procfs all of {sun4,sun4c,sun4d,sun4e,sun4m} versions kernel/fs/tmpfs kernel/drv/arp kernel/drv/cgfourteen kernel/drv/clone kernel/drv/icmp kernel/drv/ip kernel/drv/log kernel/drv/sx kernel/drv/sx_cmem kernel/drv/tcp kernel/drv/udp kernel/exec/elfexec kernel/exec/aoutexec kernel/misc/seg_drv kernel/sched/TS kernel/strmod/arp kernel/strmod/sockmod kernel/strmod/timod kernel/sys/shmsys usr/kernel/sched/RT usr/sbin/syslogd usr/lib/libc.a usr/lib/libc.so.1 usr/lib/nfs/lockd usr/lib/pics/libc_pic.a usr/lib/sendmail usr/lib/sendmail.mx etc/ttysrch postinstall script to edit etc/syslog.conf postremove script to remove edits from etc/syslog.conf Problem Description: 1160720 fix for bugid 1150613 has to be backed out as it is not general 1159439 buffer cache code can deadlock 1157267 users with passwd file entries > 132 chars. cannot change passwd 1140503 cgfourteen cursor does not turn off in response to FBIOSCURSOR ioctl 1140378 galaxy with 2 ross modules hang on Solaris 5.2 running sundiag 1122992 galaxy ross system hang shortly after sundiag start 1132086 libc has window where programs can dump core in sigaction call 1132086 libc has window where programs can dump core in sigaction call The values in the signal handler were set to the new action before a system call if the action was SIG_DFL or SIG_IGN. This resulted in ksh sometimes dumps core with SIGSEGV. 1140378 galaxy with 2 ross modules hang on Solaris 5.2 running sundiag 1122992 galaxy ross system hang shortly after sundiag start Very often Ross machines would hang when running Sundiag or even just normal system activity. 1157267 users with passwd file entries > 132 chars. cannot change passwd Users with passwd file entries > 132 characters cannot change their passwd using the "passwd" command. Error is "username does not exist", even though users are in /etc/passwd and /etc/shadow files. This is true of users whose entries come after the first entry > 132 characters in the passwd file. The users can log in, but cannot change their passwd with the "passwd" command. This problem can be re-produced by adding in an entry > 132 chars. to the /etc/passwd file, and manually editing the /etc/shadow file to add entry for this user. (don't use pwconv because of Bug 1151625.) Log in as user and try to change the passwd, it will fail with the error "username does not exist". Add another entry to the passwd file that is less than 132 chars. but add it after the long entry, and log in and try to change the passwd, will get the same error as for the user with the long passwd entry. Can change passwd for users with passwd file entries > 132 chars. on Solaris 2.2. 1159439 buffer cache code can deadlock Under extremely heavy I/O loads the system may deadlock due to a lock ordering problem in the buffer cache. (from 101318-38) 1160505 sendmail dumps core when handed a debug flag larger than the max int. 1157990 df -k does not report correct values for tmpfs 1160207 panic: tmp_getapage: no anon slot when reading tmpfs files over nfs 1155948 Sybase BCP performance poor under 2.3 1140802 ttyname(), ttyname_r() library call scans entire /dev/pts dir to find tty 1157990 df -k does not report correct values for tmpfs df -k reports incorrect values on a tmpfs filesystem mounted with the size option. 1160207 panic: tmp_getapage: no anon slot when reading tmpfs files over nfs Reading holey tmpfs files exported via NFS panics the system. 1155948 Sybase BCP performance poor under 2.3 Bug in IP causes TCP/IP performance degradation. 1140802 ttyname(), ttyname_r() library call scans entire /dev/pts dir to find tty The ttyname() (and ttyname_r()) routine stats every entry in /dev/pts directory until it can find the one matching the file descriptor that has been passed as an argument. This can result in too many stat system calls on large machines with many timeshare users because of large number of /dev/pts/<###> entries being used. (from 101318-37) 1159160 f77 compilation fails because combination of fseek and fwrite writes wrong bits Some combinations of fseek and fwrite on tmpfs files can lead to corruption of the written file. This is present in the 101318 Rev 31 and 32 patches for 1093 as well as in 494, but not in 1093 FCS (from 101318-36) 1157978 interrupted back to back store can cause kernel panic 1144536 need swift idle support for next release The first bug fix is a software workaround to a Swift chip bug. Back to back stores that are interrupted can cause kernel panics. The second bug fix is to support cpu idle for the SPARCstation 5. (from 101318-35) 1154452 serial port loses when SX context switches 1157110 Resetting SPAM chip could hang the system (due to unexpected level 15) 1157460 Nachos video frame transfer rate to SX memory is very low 1157463 Eliminating one redundant cache flush can benefit performance. 1158000 101318-32 conflicts with the X.25 patch 101524-01 1157524 locks are left on NFS files after the locking process is killed 1153276 sendmail can't rebuild huge aliases file sendmail can't rebuild huge aliases file Suppose a process obtains a record lock on an NFS file and is then killed with SIGKILL ("kill -9"). The process will fail to release the record lock when it exits. 1158000: 101318-32 conflicts with the X.25 patch 101524-01 Kernel panics upon X.25 bring up when both 101318-32 and 101524-01 are installed on the system. See above synopsis. (from 101318-34) 1152960 panic: srmmu_unlock() during Sybase dataserver shutdown 1153324 System gets a srmmu_pteunload panic when starting Oracle DB. 1156550 Fix for 1137125 needs to recognize newer Vikings 1152410 deadlock occurs in ufs under heavy nfs workload 1155803 ndbm hangs when two large records hash to the same value 1157047 32MB DSIMMs do not always work in SS10 and derivatives 1139753 locking hangs under heavy load; disturbing ICMP messages 1152960: panic: srmmu_unlock() during Sybase dataserver shutdown 1153324: System gets a srmmu_pteunload panic when starting Oracle DB. Customers seeing data base programs (Informix, Oracle, Sybase) with ISM turned on causes system to crash. There are kernel bugs fixed in this patch, but we also found some bugs in DB vendors' code which makes DBs fail to startup with the fixed kernel. As a result, we are coordinating with DB vendors to fix their releases too. Here is when patch/new release from DB will be available: Oracle: a fix will be available as a patch to the newly released 7.0.16 in early 3/94. Informix: the fix will be in 6.0.UD1 to be released in 2/94. Sybase: the fix is expected to appear in a Sybase "roll-up" in mid 4/94. The exact EBF numbers to look for are: For Sybase SQL Server 4.9.xS: use EBF# 2592 For Sybase System 10S and beyond: use EBF# 2594 1156550 Fix for 1137125 needs to recognize newer Vikings The current fix for bug 1137125 needs to be modified to handle newer versions of SuperSPARC. 1152410 deadlock occurs in ufs under heavy nfs workload Under heavy CFE (a filesystem benchmark) workload with a ss1 being pounded by a ss2 at full speed, deadlock happens seemingly waiting to do a pagelock. There isone case readdir was waiting for pagelock and the enclosed threadlist shows a casewhere ufs_putpages waiting for pagelock. 1155803 ndbm hangs when two large records hash to the same value The problem is that ndbm, the libc database thing, hangs when two records of over 512 bytes hash to the same value. The man page says that when this occurs and error is returned, however this is currently not the case. This fix now generates an error per the man page. 1157047 32MB DSIMMs do not always work in SS10 and derivatives The new 32MB DSIMMS contain two discontiguous 16MB memory regions and thus look like two DSIMMS rather than one. There currently exists code in the sun4m kernel that assumes no more than 8 regions of physical DRAM thus four 32MB DSIMMS plus one of any other sort of DSIMM (or any other configuration using more than 8 "slots" for DRAM) will cause a kernel panic during boot. If more than 8 regions of DRAM exist the current code does NOTHING at all (ie, it just quits, doesn't do what it is supposed to do). 1139753 locking hangs under heavy load; disturbing ICMP messages Under heavy loads, NFS locking clients may be unable to provide replies to their servers' occasional portmap GETPORT requests within the default RPC timeout. This in turn prevents the server from responding to outstanding locking requests from that client (and others), causing the server lockd to appear to be hung or dead. (from 101318-33) Bugid1148689 1142662 mlockall(MCL_CURRENT) returns EIO if used with threads When a thread is created and mlockall(MCL_CURRENT) is called it fails with EIO, mlockall(MCL_FUTURE) works but this does not guarantee that the pages loaded so far have been locked in memory. mlock/mlockall and MAP_NORESERVE. An mlock/mlockall on a mapping of /dev/zero (anonymous memory) will lock all pages in memory. However, an mlock/mlockall operation on a MAP_NORESERVE mapping of /dev/zero will NOT lock pages that have not been faulted in (i.e., have not been accessed). mlock/mlockall will only lock all existing anonymous pages in memory. Thus, applications which expect all pages in an address space to be locked in memory via mlockall(2) should ensure that all pages belonging to MAP_NORESERVE mappings, if any, are accessed before invoking mlockall(). The threads library creates all default thread stacks as a MAP_NORESERVE mapping. Thus, applications which create threads and expects all pages to be locked via mlockall() must provide a stack which is represented by a virtual address range NOT mapped as MAP_NORESERVE. Bugid 1148689 : Problem secure nfs between solaris1.x and solaris2.2 After several testings and investigation, the description of this bug should really be : "Under Solaris 2.x secure NFS, a non-root user on a 2.x NFS Client cannot write a large file to a securely mounted NFS File system after the NFS Server reboots (only if you did a write before the sever reboots." (from 101318-32) 1154325 kernel route table corruption when using routed on a network with gated running 1152168 System call use blu, can cause loading error. 1149458 pwconv strips out entries that begin with + from /etc/passwd 1146840 severe performance problems with a few hundred active tcp connections 1150304 tcp_eager_swap fails moving timer_mp if more than one eager connection 1088703 upstream message during I_UNLINK can cause panic 1097418 qprocsoff reordering problem 1151044 TCP connections hung in ESTALISHED state. 1153024 Assertion failure in strrput : ASSERT (!(stp->sd_flag & STPLEX)) 1142479 infinite loop in callbparams_free 1155136 Recursive mutex enter in streams strrput+x980 1154975 IP perimeters cause 1000 op LADDIS drop 1145471 3-5 out of 600 concurrent tcp connections just hang and never timed out. 1142622 interactive performance poor on MP system w/CPU bound procs 1113339 t_sndrel()/shutdown() immediately after sending small dataset causes data lost Data may get lost while using TCP (/dev/tcp in TLI and AF_INET/SOCK_STREAM sockets) when a t_sndrel()/shutdown() call is made immediately after sending a very small amount of data. Mouse tracking is rough when an MP system is running enough CPU-bound processes to occupy all on-line processors. Under heavy load and with lost packets, a TCP server can get into a state where connections never re-transmit. The symptom is connections in ESTABLISHED state with data on the send queue shown by "netstat" and no retransmissions visible by "snoop". 1146840 severe performance problems with a few hundred active tcp connections The performance of sockets decrease significantly when there are a couple of hundered sockets open. 1088703 upstream message during I_UNLINK can cause panic A multiplexing driver might see messages arriving in its lower put procedure for a queue which has already been I_UNLINKed. 1142479 infinite loop in callbparams_free Streams drivers and modules using qtimeout(9F) or qbufcall(9F) can cause the kernel to go in infinite loop in callbparams_free. 1155136 Recursive mutex enter in streams strrput+x980 Stressing TCP/IP on a multiprocessor can cause a recursive mutex_enter panic. The stack trace shows that mutex_enter was called by strrput. 1154975 - IP perimeters cause 1000 op LADDIS drop 1149458 pwconv strips out entries that begin with + from /etc/passwd Passwd entries beginning with "+" or "-" are silently removed from the files /etc/passwd and /etc/shadow on the second invocation of pwconv(1M). This fix prevents such entries from being silently discarded. Very large displacements (jumps) are not supported in Solaris 2.x, when calling the libc cerror routine from elsewhere in the library or user code. With this fix, these displacements are supported. Because the maximum displacement of BICC branch instruction is 8 megabytes, programs cannot be linked when separated by more than 8 megabytes. This circumstance arises out of the multi-pass semantics of the Solaris 2.x loader, and specific to this instance, the incremental loading done by a third-party (lisp) interpreter, which results in unusual text segment distribution, and displacements of greater than 22 bits. 1154325: kernel route table corruption when using routed on a network with gated running When running on a network with routing daemons that generate host routes for machines on the directly attached network (e.g. in netstat -rn: 155.155.48.43 155.155.48.43 UGH 0 0 the routing table will not contain any routes with 155.155.48.43 as a gateway. This will lead to lack of connectivity. in.routed will syslog messages like: in.routed[1923]: rtadd SIOCADDRT: Network is unreachable (from 101318-31) 1154515 binaries compiled with "-N" on 4.1.x fail on Solaris 2.3 w/ "Exec format error" OMAGIC binaries do not work on Solaris 2.x. 1153178 tmpfs deals incorrectly with directory permissions 1151999 problem with directory links in tmpfs - pwd gets confused 1146597 panic in strpermod_allocate when MTPERMOD driver opened twice consecutively With X.25 8.0 it is possible to panic the system by a user opening /dev/x25 twice (the first open will fail and the second will panic the system). (from 101485-01) 1121069 creating a.out cores can cause panics The kernel can panic with a data fault when an a.out core file is produced because the kernel reads off the end of the user structure. This can produce "WARNING: Kernel BE" or "WARNING: Kernel TO" followed by an "Access bus error" bad trap. The pc is usually in bcopy_asm, and the stack shows the routines "core" and "aoutcore". (from 101318-30) 1150613 _lwp_create doesn't pass on process priority New lwp created using _lwp_create() doesn't inherit the scheduling parameters properly from the parent lwp. (from 101318-29) 1153911 compiler code reordering breaks small4m parity reporting - use volatile During a memory error (i.e. parity error) the MFAR register is reported incorrectly. The address given will report an error from the wrong SIMM. The fix is to use the volatile type to preserve the correct MFAR address, allowing customer to find the correct bad SIMM. (from 101318-28) 1152995 Bad core file generated when mmap() range exceeds object size. A program that uses mmap(2) to map a file and that creates a mapping larger than the size of the file and that then aborts with a core dump will generate a core file that is not readable by a debugger. (from 101318-27) 1144086 data fault in ts_alloc or trap in tstile_alloc when lofs fileystem mounted. The system may run out of turnstiles (a locking resource). Running with the loopback file system may exacerbate this problem. First appeared on an SC2000. 1152995 backed out because of side effect problems (from 101318-26) 1152995 Bad core file generated when mmap() range exceeds object size. A program that uses mmap(2) to map a file and that creates a mapping larger than the size of the file and that then aborts with a core dump will generate a core file that is not readable by a debugger. 1153790 s1093 kadb will not boot kadb on viking 3.5 systems really fixed in this rev (from 101318-25) 1153790 s1093 kadb will not boot kadb on viking 3.5 systems This fix isn't right (from 101318-24) 1152977 Interactive response suffers when CPU intensive jobs are running When CPU intensive jobs ("main(){while(1);}", to take a trivial example) are running, interactive response can suffer badly. Symptoms include sluggish mouse pointer movement, and intermittent echoing of characters in shells. (from 101318-23) 1151159 random and strange bad behavior on 4d systems, i.e. panics, watchdogs, etc. 1153051 enabling of workaround for random and strange behavior on 4d systems In systems utilizing SuperSPARC processors, there is a possiblity of random and strange bad behavior on 4d systems. A cause for some of these problems has been identified to be, on occasion, a misoperation of the SuperSPARC processor under very limited circumstances. (from 101318-22) 1152482 kernel panic in prgetstatus 1152251 read from PIOCOPENPD causes panic: data fault A program which does a /proc PIOCOPENPD call, followed by a read on the resulting file descriptor after the target process exits, will trigger a panic of the system due to a DATA FAULT resulting from a dereference of a NULL pointer. This scenario can result from using the SunPro collector which performs performance analysis on another program. This is one of the standard SPARCWorks tools. Rutgers has had at least two panics like this one: BAD TRAP: cpu_id=2 type=9 addr=4 rw=1 rp=e4e364 A kadb stack trace shows 'prgetstatus' called from 'prioctl'. (from 101318-21) 1151619: sockmodwput data fault panic due to socklog problem socklog() was being passed a NULL pointer while calculating the size of the message block. This resulted in the kernel panic with Data Fault. (from 101318-20) 1149928: TCP/IP scalability problems This patch reduces the time spent locking and unlocking the outer perimeters used by TCP and IP. 1149929: STREAMS outer perimeter scalability problems This patch reduces the time spent locking and unlocking the outer perimeters used by TCP and IP. It also reduces the lock contention on the strmsglock (used by the STREAMS allocator) and reduces the time spent running at high IPL from the Ethernet driver. (from 101318-19) 1146534 swift_mmu_writeptp code in wrong order causing watchdog reset. Under heavy load, a SPARCstation 5 will watchdog reset. This has been seen running kenbus, LST, and svvs. (from 101318-18) 1149088 tcp and sockmod does not protect against QUEUE_ptr in T_CONN_RES going away 1123140 transport providers can crash if accessing T_CON_RES QUEUE_ptr field 1149088: tcp and sockmod does not protect against QUEUE_ptr in T_CONN_RES going away 1123140: transport providers can crash if accessing T_CON_RES QUEUE_ptr field If TLI applications close the accepting file descriptor (passed to t_accept) while the t_accept is in progress the kernel can panic in tcp_accept, in sockmod, or in timod. (The sockmod panic will only occur if the file descriptor that is opened by the accept() in the socket library is closed.) (from 101318-17) 1149105 Lost entries in wtmpx and wtmp wtmp/wtmpx and utmp/utmpx corrupted during syncronization (update) (from 101346-03) 1145617: NFS/NIS+ servers + clients hang in tcp_lookup If a Solaris machine receives a tcp packet sent to the all-zeros IP address (an old broadcast address that should no longer by used) the kernel might go in an infinite loop. The loop is in drain_syncq calling tcp_rput calling tcp_lookup_listeners and then calling put. (from 101346-02) 1145661 accept() fails with EPROTO, attempts to reconnect on socket fail Applications can see the socket accept() call fail with errno being EPROTO. This error indicates that the TCP 3-way open handshake failed to complete and should be handled by just retrying the poll/select/accept call. This patch prevents the EPROTO errors from being returned by accept(). (from 101346-01) 1144308 Solaris crashes with urgent data RFC 1122 The machine can get a watchdog reset or alternatively hang when receiving urgent data. If it hangs it hangs "hard" i.e. L1-A does not work, and unpluggingand replugging the keyboard does not work either. A snoop trace of last packet received should have the Urgent flag bit set and with an Urgent pointer of 0. (Note: the 2.2 version of snoop does not print the Urgent pointer field - the 2.3 version does.) (from 101319-02) 1144228 Sparc center 2000 running Solaris 2.2 panics with data fault in do_urg_outofline System panics in various places in do_urg_outofline() routine. Typical stack trace would look like: do_urg_outofline() sockmodrsrv() runservice() with a NULL message block(bp). (from 101319-01) 1137978 telnet returning "protocol error" when attempting to telnet to netbuilder router From either solaris 2.1 or 2.2 system, telnet returns "protocol error" when telneting into the 3com router. (from 101318-16) 1147165: Streams resources depleted suddenly (due to no syncq flow control) A machine can rapidly run out of kernel memory under heavy load. This is signified by netstat -m (on the core dump) reporting tens of thousands of allocated messages. 1150306: data fault in background - streams close race The kernel can crash with a data fault. The stack trace shows that background calling mutex_enter which takes a data fault. (from 101318-15) 1147620 system hangs in deadflck Under certain circumstances, the kernel may hang due to an error in file and record locking. In this case, a kernel thread will be found to be looping infinitly in deadflck(). (from 101318-14) 1139753 locking hangs under heavy load; disturbing ICMP messages Under heavy loads, NFS locking clients may be unable to provide replies to their servers' occasional portmap GETPORT requests within the default RPC timeout. This in turn prevents the server from responding to outstanding locking requests from that client (and others), causing the server lockd to appear to be hung or dead. (from 101318-13) 1132554 fcntl: error No record locks available, lockd: out of lock 1147226 NFS locking broken when byte order is different 1132554: NFS file servers can leak record locks. Eventually all lock requests (including local locks) fail with ENOLCK. Another symptom is syslog messages from lockd (on the server) complaining that it is out of locks. This bug can also cause the server to incorrectly grant lock requests, which can lead to corruption of user data files. 1147226: Patch 101267-01 introduced a bug in NFS clients that could cause locking operations to fail if the server is not running SunOS or if the server is not a SPARC system. The symptom is syslog messages from lockd (on the client), complaining about malformed filehandles. (from 101267-01) 1142365: lockd incorrectly examines export information when comparing filehandles. Consider a scenario where a PC application, running under WABI or SunPC, uses File Sharing to synchronize instances of itself. If one instance is running on an NFS server and another instance is running on an NFS client, the NFS server will allow access to both instances at the same time, when it should really only allow access to one at a time. This can cause data corruption. 1140047: suppose a 3-byte (or bigger) region of an NFS file is locked. Now suppose that one or more bytes in the middle of the region are unlocked, leaving two locked regions on either side of the "hole". The client does not properly manage these two regions when they are unlocked. The problem does not appear until the server reboots and the client attempts to reclaim (relock) at least one of the regions. This can lead to situations where the server thinks a region is locked, but nobody owns the lock. The server console may display _nfssys: error Stale NFS file handle if the file was deleted before the server rebooted. 1123788: lockd on an NFS client detects and filters out retransmitted requests from the client kernel. The code to detect retransmissions does not look at the filehandle in the request. Although this does not seem to have been a problem in practice, it could conceivably lead to cases where the application gets the wrong return code from a lock request. (from 101318-12) 1150058 SPARCstation-10 SX Vid SIMM Cursor RAM Write Enable is weak and corrupts writes This fix is to the Video SIMM Operating System Driver (cg14 driver) and provides a software workaround to problems observed with a broken cursor image when the cursor is written to. (from 101318-11) Bug id 1146924: SS10-51 SS600-51 will fail "watchdog reset" or hard hang under load (from 101318-10) 1140209 Cannot exit login sessions simultaneously from Alphanumeric terminals properly The zombie processes were not being removed by the parent process when the handler for SIGCHLD was being reset, 1142882: panic on exit The u.u_ttyp field was being set incorrectly when a pre-svr4 module was being pushed. The oldvalue of u.u_ttyp was not saved and later checked to see if it needs to be reset to NULL or not. (from 101318-09) 1143439 using fork() and libaio together leads to system panics When using libaio to do asynchronous I/O in a process and also doing a fork() in the same process, there is a window in which the system will panic. The same phenomenon occurs with multi-threaded processes that use fork1() (this has been observed with SunPC and the volume manager). Finally, using a /proc tool that reads the address space of a running process, like /usr/ucb/ps -ww, can lead to a panic of the same (not identical) sort. (from 101349-01) 1137581 C2+ gets watch dog reset with Sundia 1144922 cgfourteen driver could still get remap panic 1145401 sx driver memory leak 1145746 C2+ panics when creating an X Window The reliability lab typically runs Sundiag on machines continuously for extended periods of time (more than a week). When doing such relibility testing on the SPARstation 10BSX machines we discovered problems: a) machines randomly get a watchdog reset (bug ids (1137581 and 1144922). b) After running the machines for a period of 72 hours or greater the machines seem to hang or behave sluggishly after exiting from Sundiag. (bug id 1145401) c) In some very rare situations, when unmapping a range of virtual addresses cloned for SX, the machine panics, because the thread unmapping the address range holds the writer's lock on the address space and then tries to acquire a reader's lock on the same address space. (Bug id 1145746 (from 101318-08) 1130721 panic messages are not logged in /var/adm/messages previous putback for this bug caused system to panic if more than one syslogd was started (from 101318-07) 1146985 data fault panic in lock_try due to interval timer signal There is a race condition in exit() and lwp_exit() where they are cancelling outstanding itimer() callouts. If the race is lost, a callout remains that eventually fires and attempts to access a non-existent lwp or process, leading to the system panic reported by the customer. (from 101318-06) 1130721 panic messages are not logged in /var/adm/messages Added postinstall script to edit etc/syslog.conf and postremove script to remove the edits. This should have been done as part of 101318-03 (from 101318-05) 1146912 panic: deadlock - cycle in blocking chain when using /proc to read a process When using tools that read the address space of other processes via /proc, there is a window of vulnerability in the operating system that can cause a panic with the message: Deadlock condition detected: cycle in blocking chain. Tools that read the address space of other processes include: /usr/bin/truss /usr/ucb/ps /usr/bin/adb /opt/SUNWspro/bin/dbx 3rd party debuggers (e.g., gdb) The window of vulnerability is extremely small, but the problem has been seen on heavily-loaded multiprocessors. (from 101318-04) 1144765 SunPC fails on sun4m systems running Solaris 2.3 The SunPC card doesn't work on sun4m platforms (from 101318-03) 1130721 panic messages are not logged in /var/adm/messages the mechanism implemented in sunos5.0 to save log messages produced before syslogd is started doesn't allow messages recorded in the message buffer before the reboot to be logged. this patch returns to the original method of saving log messages and corrects the problems which prompted the incorrect fix in 5.0. (from 101318-02) 1108615 I_LOOK etc tests for end of stream by walking mid point qnext Kernel crash (data fault). The pc is in the SAMESTR macro either in the build_sqlist function or in the getendq function. (from 101318-01) 1139493 fcntl(2) => ENOLCK and "klm_lockctl: bad nonblk LOCK error 3" If there are problems communicating with the lock manager on an NFS server and a blocking lock request (e.g., fcntl(..., F_SETLKW, ...)) receives a signal, the lock request might not get cancelled. This would leave the file locked with no way to unlock it, short of rebooting the client or server. (from 101326-01) 1139124 syslog does not output more than approx 100 characters, no errors reported syslog messages longer than 100 characters result in an empty syslogd posting. Only the header of the message is printed. The message part is empty. (from 101371-04) 1149201 wrong header information appears on e-mail heading on a sporadic basis wrong header information appears on e-mail heading on a sporadic basis (from 101371-03) 1151181 sendmail security 1152199 sendmail .foward capability can bypass read permissions two more security hole was reported since the last security patch was issued. The hole allows unauthorized access to (system) files via e-mail. This patch fix bug 1152199, and also provide a improved fix for 1151181. (from 101371-02) 1151181 sendmail security (from 101371-01) 1142840 Sendmail ignores $HOME parameter in .forward file 1145035: sendmail can not deliver to dead.letter file Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- Unless patch 101331-01 or later is installed, installation of this patch will result in the following warning: WARNING: unable to rename This warning may be ignored and kadb is successfully installed. Reboot after installation. Instructions to install patch using "installpatch" -------------------------------------------------- 1. Become super-user. 2. Apply the patch by typing: //installpatch / where is the directory containing the patch and is the patch number. must be a full path name. Example: # /tmp/123456-01/installpatch /tmp/123456-01 3. If any errors are reported, see "Patch Installation Errors" in the Command Descriptions section below. Rebooting the system or restarting the application after a successful patch installation is usually necessary to utilize patch. NOTE: On client server machines the patch package is NOT applied to existing clients or to the client root template space. Therefore, when appropriate, ALL CLIENT MACHINES WILL NEED THE PATCH APPLIED DIRECTLY USING THIS SAME INSTALLPATCH METHOD ON THE CLIENT. See the next section for instructions for installing a patch on a client. Instructions for installing a patch on a diskless or dataless client -------------------------------------------------------------------- 1. Before applying the patch, the following command must be executed on the server to give the client read-only, root access to the exported /usr file system so that the client can execute the pkgadd command: share -F nfs -o ro,anon=0 /export/exec//usr The command: share -F nfs -o ro,root= \ /export/exec//usr accomplishes the same goal, but only gives root access to the client specified in the command. 2. Login to the client system and become super-user. 3. Continue with step 2 in the "Instructions to install patch using installpatch" section above. Instructions for backing out patch using "backoutpatch" ------------------------------------------------------- 1. Become super-user. 2. Change directory to /var/sadm/patch: cd /var/sadm/patch 3. Backout patch by typing: /backoutpatch where is the patch number. Example: # 123456-01/backoutpatch 123456-01 4. If any errors are reported, see "Patch Backout Errors" in the Command Descriptions section below. Instructions for identifying patches installed on system: ---------------------------------------------------------- Patch packets that have been installed can be identified by using the showrev command with the "-p" option: showrev -p Also note that installpatch has a similar "-p" option which will also just identify patches already installed. Command Descriptions -------------------- NAME installpatch - apply patch package to Solaris 2.x system backoutpatch - remove patch package, restore previously saved files SYNOPSIS installpatch [-udpV] [-S ] backoutpatch [-fV] [-S ] DESCRIPTION These installation and backout utilities apply only to Solaris 2.x associated patches. They do not apply to Solaris 1.x associated patches. These utilities are currently only provided with each patch package and are not included with the standard Solaris 2.x release software. OPTIONS installpatch: -u unconditional install, turns off file validation. Allows the patch to be applied even if some of the files to be patched have been modified since original installation. -d Don't back up the files to be patched. This means that the patch can't be backed out. -p Print a list of the patches currently applied -V Print script version number -S Specify an alternate service (e.g. Solaris_2.3) for patch package processing references. backoutpatch: -f force the backout regardless of whether the patch was superseded -V print version number only -S Specify an alternate service (e.g. Solaris_2.3) for patch package processing references. DIAGNOSTICS Patch Installation Errors: -------------------------- Error message: Patch has already been applied. Explanation and recommended action: This patch has already been applied to the system. If the patch has to be reapplied for some reason, backout the patch and then reapply it. Error message: This patch is obsoleted by patch which has already been applied to this system. Patch installation is aborted. Explanation and recommended action: Occasionally, a patch is replaced by a new patch which incorporates the bug fixes in the old patch and supplies additional fixes also. At this time, the earlier patch is no longer made available to users. The second patch is said to "obsolete" the first patch. However, it is possible that some users may still have the earlier patch and try to apply it to a system on which the later patch is already applied. If the obsoleted patch were allowed to be applied, the additional fixes supplied by the later patch would no longer be available, and the system would be left in an inconsistent state. This error message indicates that the user attempted to install an obsoleted patch. There is no need to apply this patch because the later patch has already supplied the fix. Error Message: None of the packages to patch are installed on this system. Explanation and recommended action: The original packages for this patch have not been installed and therefore the patch cannot be applied. The original packages need to be installed before applying the patch. Error message: This patch is not applicable to client systems. Explanation and recommended action: The patch is only applicable to servers and standalone machines. Attempting to apply this patch to a client system will have no effect on the system. Error message: The /usr/sbin/pkgadd command is not executable. Explanation and recommended action: The /usr/sbin/pkgadd command cannot be executed. The most likely cause of this is that installpatch is being run on a diskless or dataless client and the /usr file system was not exported with root access to the client. See the section above on "Instructions for installing a patch on a diskless or dataless client". Error message: packages are not proper patch packages. Explanation and recommended action: The patch directory supplied as an argument to installpatch did not contain the expected package format. Verify that the argument supplied to installpatch is correct. Error message: The following validation error was found: Explanation and recommended action: Before applying the patch, the patch application script verifies that the current versions of the files to be patched have the expected fcs checksums and attributes. If a file to be patched has been modified by the user, the user is notified of this fact. The user then has the opportunity to save the file and make a similar change to the patched version. For example, if the user has modified /etc/inet/inetd.conf and /etc/inet/inetd.conf is to be replaced by the patch, the user can save the locally modified /etc/inet/inetd.conf file and make the same modification to the new file after the patch is applied. After the user has noted all validation errors and taken the appropriate action for each one, the user should re-run installpatch using the "-u" (for "unconditional") option. This time, the patch installation will ignore validation errors and install the patch anyway. Error message: Insufficient space in /var/sadm/patch to save old files. Explanation and recommended action: There is insufficient space in the /var/sadm/patch directory to save old files. The user has two options for handling this problem: (1) generate additional disk space by deleting unneeded files, or (2) override the saving of the old files by using the "-d" (do not save) option when running installpatch. However if the user elects not to save the old versions of the files to be patched, backoutpatch CANNOT be used. One way to regain space on a system is to remove the save area for previously applied patches. Once the user has decided that it is unlikely that a patch will be backed out, the user can remove the files that were saved by installpatch. The following commands should be executed to remove the saved files for patch xxxxxx-yy: cd /var/sadm/patch/xxxxxx-yy rm -r save/* rm .oldfilessaved After these commands have been executed, patch xxxxxx-yy can no longer be backed out. Error message: Save of old files failed. Explanation and recommended action: Before applying the patch, the patch installation script uses cpio to save the old versions of the files to be patched. This error message means that the cpio failed. The output of the cpio would have been preceded this message. The user should take the appropriate action to correct the cpio failure. A common reason for failure will be insufficient disk space to save the old versions of the files. The user has two options for handling insufficient disk space: (1) generate additional disk space by deleting unneeded files, or (2) override the saving of the old files by using the "-d" option when running installpatch. However if the user elects not to save the old versions of the files to be patched, the patch CANNOT be backed out. Error message: Pkgadd of package failed with error code . See /tmp/log. for reason for failure. Explanation and recommended action: The installation of one of patch packages failed. Any previously installed packages in the patch should have been removed. See the log file for the reason for failure. Correct the problem and re-apply the patch. Patch Installation Messages: --------------------------- Note: the messages listed below are not necessarily considered errors as indicated in the explanations given. These messages are, however, recorded in the patch installation log for diagnostic reference. Message: Package not patched: PKG=SUNxxxx Original package not installed Explanation: One of the components of the patch would have patched a package that is not installed on your system. This is not necessarily an error. A Patch may fix a related bug for several packages. Example: suppose a patch fixes a bug in both the online-backup and fddi packages. If you had online-backup installed but didn't have fddi installed, you would get the message Package not patched: PKG=SUNWbf Original package not installed This message only indicates an error if you thought the package was installed on your system. If this is the case, take the necessary action to install the package, backout the patch (if it installed other packages) and re-install the patch. Message: Package not patched: PKG=SUNxxx ARCH=xxxxxxx VERSION=xxxxxxx Architecture mismatch Explanation: One of the components of the patch would have patched a package for an architecture different from your system. This is not necessarily an error. Any patch to one of the architecture specific packages may contain one element for each of the possible architectures. For example, Assume you are running on a sun4m. If you were to install a patch to package SUNWcar, you would see the following (or similar) messages: Package not patched: PKG=SUNWcar ARCH=sparc.sun4c VERSION=11.5.0,REV=2.0.18 Architecture mismatch Package not patched: PKG=SUNWcar ARCH=sparc.sun4d VERSION=11.5.0,REV=2.0.18 Architecture mismatch Package not patched: PKG=SUNWcar ARCH=sparc.sun4e VERSION=11.5.0,REV=2.0.18 Architecture mismatch Package not patched: PKG=SUNWcar ARCH=sparc.sun4 VERSION=11.5.0,REV=2.0.18 Architecture mismatch The only time these messages indicate an error condition is if installpatch does not correctly recognize your architecture. Message: Package not patched: PKG=SUNxxxx ARCH=xxxx VERSION=xxxxxxx Version mismatch Explanation: The version of software to which the patch is applied is not installed on your system. For example, if you were running Solaris 5.3, and you tried to install a patch against Solaris 5.2, you would see the following (or similar) message: Package not patched: PKG=SUNWcsu ARCH=sparc VERSION=10.0.2 Version mismatch This message does not necessarily indicate an error. If the version mismatch was for a package you needed patched, either get the correct patch version or install the correct package version. Then backout the patch (if necessary) and re-apply. Patch Backout Errors: --------------------- Error message: Patch has not been successfully applied to this system. Explanation and recommended action: The user has attempted to back out a patch that was never applied to this system. It is possible that the patch was applied, but that the patch directory /var/sadm/patch/ was deleted somehow. If this is the case, the patch cannot be backed out. The user may have to restore the original files from the initial installation CD. Error message: This patch was obsoleted by patch $1. Patches must be backed out in the order in which they were installed. Patch backout aborted. Explanation and recommended action: The obsoleted contents of an older patch rev that apparently still exists under /var/sadm/patch should never be restored out of sequence. This could undermine the integrity of the more current patch rev installed and the restoration of the files it has saved. Error message: Patch was installed without backing up the original files. It cannot be backed out. Explanation and recommended action: Either the -d option of installpatch was set when the patch was applied, or the save area of the patch was deleted to regain space. As a result, the original files are not saved and backoutpatch cannot be used. The original files can only be recovered from the original installation CD. Error message: pkgrm of package failed return code . See /var/sadm/patch//log for reason for failure. Explanation and recommended action: The removal of one of patch packages failed. See the log file for the reason for failure. Correct the problem and run the backout script again. Error message: Restore of old files failed. Explanation and recommended action: The backout script uses the cpio command to restore the previous versions of the files that were patched. The output of the cpio command should have preceded this message. The user should take the appropriate action to correct the cpio failure. KNOWN PROBLEMS: On client server machines the patch package is NOT applied to existing clients or to the client root template space. Therefore, when appropriate, ALL CLIENT MACHINES WILL NEED THE PATCH APPLIED DIRECTLY USING THIS SAME INSTALLPATCH METHOD ON THE CLIENT. See instructions above for applying patches to a client. A bug affecting a package utility (eg. pkgadd, pkgrm, pkgchk) could affect the reliability of installpatch or backoutpatch which uses package utilities to install and backout the patch package. It is recommended that any patch that fixes package utility problems be reviewed and, if necessary, applied before other patches are applied. Such existing patches are: 100901 Solaris 2.1 101122 Solaris 2.2 101331 Solaris 2.3 SEE ALSO pkgadd, pkgchk, pkgrm, pkginfo, showrev