Patch-ID# 101945-29 Keywords: kernel libsocket sockmod procfs kadb nfs mp EFAULT NFS autofs security Synopsis: SunOS 5.4: jumbo patch for kernel Date: Aug/04/95 Solaris Release: 2.4 SunOS release: 5.4 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 101946 Topic: SunOS 5.4: jumbo patch for kernel NOTE: You need to also apply patch 102113 if you are printing on a NeWSprint printer. Patch 102113 prevents a hang from occurring when printing. BugId's fixed with this patch: 1120225 1124354 1130791 1143479 1145457 1150556 1151364 1151509 1152710 1152922 1155298 1157053 1158574 1159330 1159986 1160112 1162834 1163335 1164519 1164800 1165675 1165687 1166712 1166779 1166848 1167235 1168398 1169686 1169775 1169823 1169909 1170862 1171008 1171478 1172009 1172242 1172243 1172245 1172260 1172731 1172926 1172979 1172998 1173212 1173301 1173309 1173626 1173969 1174222 1174572 1174738 1174786 1174830 1174847 1174851 1174913 1175018 1175044 1175115 1175368 1175478 1175829 1175931 1175968 1176247 1176467 1176508 1176845 1177091 1177100 1177228 1177469 1177516 1177572 1177578 1177600 1177620 1177644 1177862 1178114 1178128 1178190 1178236 1178295 1178363 1178391 1178400 1178506 1178641 1178753 1178761 1178824 1178835 1178957 1178985 1179480 1179625 1179738 1180414 1181009 BugId's fixed with this patch: 1181201 1181258 1181259 1182051 1182158 1182458 1182492 1182597 1182686 1183568 1183837 1185149 1185694 1186224 1186557 1186805 1187536 1187901 1187948 1188259 1188287 1188464 1188701 1189271 1189389 1189968 1191078 1191457 1192238 1192982 1193696 1193721 1193801 1194355 1194928 1195436 1195437 1198278 1198439 Changes incorporated in this version: 1145457 1162834 1169823 1175931 1177469 1178641 1180414 1182158 1182597 1186805 1187536 1188701 1189271 1189389 1191078 1192982 1193696 1193721 1193801 1194355 1194928 1195436 1198278 1198439 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: 101918-01,101969-07,101971-01,101975-01,101981-02,101983-03,102119-01,102169-01,102926-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/fs/nfs/mount /etc/lib/unix_scheme.so.1 /kadb /kernel/drv/cn /kernel/drv/icmp /kernel/drv/ip /kernel/drv/logindmux /kernel/drv/logindmux.conf /kernel/drv/sbi /kernel/drv/tcp /kernel/drv/tl /kernel/drv/udp /kernel/fs/autofs /kernel/fs/cachefs /kernel/fs/lofs /kernel/fs/nfs /kernel/fs/procfs /kernel/fs/ufs /kernel/misc/strplumb /kernel/misc/swapgeneric /kernel/sched/TS /kernel/strmod/rlmod /kernel/strmod/sockmod /kernel/strmod/telmod /kernel/strmod/timod /kernel/sys/c2audit /kernel/sys/nfs /kernel/unix /sbin/init /sbin/su /sbin/sulogin /usr/4lib/libc.so.1.8 /usr/4lib/libc.so.2.8 /usr/bin/su /usr/include/sys/ddi_impldefs.h /usr/include/sys/errno.h /usr/include/sys/proc.h /usr/include/sys/stropts.h /usr/include/sys/strsubr.h /usr/kernel/sched/RT /usr/kvm/crash /usr/kvm/prtdiag /usr/lib/autofs/automountd /usr/lib/fs/autofs/automount /usr/lib/fs/nfs/inetboot /usr/lib/fs/nfs/mount /usr/lib/fs/nfs/umount /usr/lib/libauth.a /usr/lib/libauth.so.1 /usr/lib/libc.a /usr/lib/libc.so.1 /usr/lib/libsocket.a /usr/lib/libsocket.so.1 /usr/lib/pics/libc_pic.a /usr/lib/security/unix_scheme.so.1 /usr/lib/utmp_update /usr/sbin/in.rlogind /usr/sbin/in.telnetd /usr/ucblib/libucb.a /usr/ucblib/libucb.so.1 Problem Description: 1195436 With patch T101945-20 /.profile is not executed 1194928 System paniced when shutting down. Data fault panic in canputnext. 1194355 tcp server detects checksum error and loops 1193801 SysV synopsis mount() call doesn't exist on bcp library. 1193721 data fault in putq() due to NULL q_last pointer 1189389 machine panics with a data fault in mutex enter 1182158 Some cmds (ls, pwd) will hang when executed on nfs mounted directories. 1193696 kernel memory allocator: invalid free: buffer not in cache kmem_alloc_1152 1186805 other [] too many write error and EDQUOT messages from nfs to syslog 1191078 Machine hangs with many proc's in rmalloc_wait - memory leak 1178641 NFS client should fail to open files with the mandlock bit set 1175931 nfs loops on async write errors 1198278 ksh loops in kernel making NFS read calls on its history file. 1180414 streams allocb failure results in data corruption 1169823 synctodr() : unable to sync error message ever three days or so 1162834 deadlock between prioctl() and munmap() 1177469 /proc causes page deadlock in NFS 1182597 swapped out lwp->lwp_ar0 in prgetprregs causes data fault and hang 1187536 Deadlock using /proc 1188701 assertion failed: new_state != LMS_WAIT_CPU 1189271 procfs: run-on-last-close doesn't always work 1192982 deadlock condition detected: cycle in blocking chain 1198439 procfs is out-of-spec with respect to microstate accounting 1145457 ksh does not set the correct arguments for su - (from 101945-28) 1195437 Panic in ip layer (icmp_inbound_error missing pullupmsg) 1181201 port option does not work with autofs. 1124354 Scorpion and Gal-Ross panics on Scheduler stress test (from 101945-27) 1188464 In Binary capability mode, getpass() echos password 1175044 Signals don't work in 4.1.[23] csh running under 2.4 BCP mode 1187901 Process hung in nanosleep 1185149 nl_langinfo is not MT-safe 1158574 One interrupt level per slot on sun4d (from 101945-26) 1192238 "noac" mount option not honored immediately after mount 1172926 application hangs on a TCP connection if the remote system dies 1130791 2.x setsockopt SO_SNDBUF fails with protocol error for stream AF_UNIX domain (from 101945-25) 1189968 Need strict multihoming in IP to prevent breakins over the Internet 1187948 machine is hung because a thread is looping in connopen() (no-25). (from 101945-24) 1191457 DROPEN failed executing Fortran program (from 101945-23) 1188259 ls -a .. causes Data fault panic after lockfs -h and umount the file system 1182051 sched: Text fault while telnet test 1173309 system panics with assertion failed: tcp->tcp_rcv_head == NULL 1164519 Socket returns with "address already in use" because conn in "BOUND" state (from 101945-22) 1188287 NFS mounted files get truncated 1177228 Data fault in freeb routine while running sundiag 1165675 rquotad returns inappropriate error on nfs client This fix includes a modified sys/errno.h which introduces a new error number: EDQUOT (49). When an over-quota condition is encountered, the following filesystem-related system calls will fail and the errno will be set to EDQUOT. Previously, the errno was set to ENOSPC. The affected system calls are: creat(2), link(2), mkdir(2), mknod(2), open(2), rename(2), symlink(2), and write(2) Any applications that check for an over-quota condition during a failed system call may encounter EDQUOT (49) as a valid value for errno. (from 101945-21) 1181259 NFS mount fails with: couldnt bind to reserved port - ESC# 11042 (from 101945-20) 1178190 MT program with more than 6 thread will consume system resource totally. 1155298 bind of AF_UNIX address simultaneously from multiple processes can fail 1143479 setuid/setgid program takes on default system limits (from 101945-19) 1186557 pid_ref field wraps around manifests as kmem list corruption. 1186224 socket select hangs in NON-BLOCKED mode 1178506 INN wounded after upgrade to SunOS 5.4 1181009 setsockopt returns error when expanding max receive size to 20KB (AF_UNIX) 1169775 Solaris 2.X does not correctly handle Copy-On-Write faults on a page (from 101945-18) 1175368 SECURITY anyone can gain root access to a 2.3 machine (from 101945-17) 1185694 systems with 7 32MB DSIMMS fail to boot 1183568 NFS client get old data after file on server being updated. (from 101945-16) 1178114 ioctl SIOCSPGRP/FIOSETOWN path broken for MT libsocket(linked to libthread) code 1171008 Mux hangs when expecting messages on lower stream during I_LINK/UNLINK 1159986 lckpwdf causes passwd to crash (from 101945-15) 1183837 Random processes dump core on sun4d 1176508 panic mutex adaptive exit under 2.4 fcs when accessing directory over nfs. 1172998 x86: auto_lookup(): assertion failure in mutex_exit() on non-existent fs (from 101945-14) 1182492 autmountd's macro_expand function may cause buffer to overflow (from 101945-13) 1182686 kernel rwlocks can allow readers and writers simultaneously 1177600 No way to cache the root and /usr file systems with CacheFS (from 101945-12) 1178957 sigurg not delivered on second oob data arrival 1177644 swift specific mmu write function doesn't flush tlb 1164800 panic: ddi_setcallback: no callback structures 1159330 automountd unmounts the wrong lofs 1176247 Performance is poor on sun4m Viking MP systems due to unnecessary cross calls 1166712 significant priority inversion problems when using mmap file access. 1178753 SS20 with 7 x 32Mb Simms installed will panic and hangs. 1181258 SAVECORE SEGMENTATION FAULT WHILE TRYING TO SAVE CORE (from 101945-11) 1177620 gettimeofday doesn't work correctly when dual processors are used 1178363 unstrcpy() can cause an EFAULT failure when it copies certain bytes. The kernel string copy routine can cause a data fault during exec when the string being copied contains 0x80 and is aligned in a certain way. As most strings copied by the kernel use the 7-bit ASCII code, this error will almost never be seen. On MP sun4m systems, clock interrupts may be serviced more than once per tick, causing the system's notion of time to drift. (from 101945-10) 1178835 RCS operations fail on file system NFS mounted from AIX system. The problem happens when application do fchmod between writes (which is very rare) which has a chance to lead different views of the file attributes on client from that on server. The solution purges the client cache before doing setattr so that the views will be the same. (from 101945-09) 1178128 SX Sundiag test gets a segmentation faullt (SIGSEGV) when testing contiguous mem 1176845 Sun4m MP CPU startup sequence causes SS-20/Hypersparc machines to hang hard 1179480 sun4d needs to clear important registers on startup On a sun4d, during the first boot after a power-on reset, the system may experience panics due to stale bits leftover in the MFSR register after POST (with a successive boot succeeding). This fix ensures the MFSR is cleared during the cpu's startup. 1176845 ------- On MP SS-20 machines using 100Mhz HyperSPARC processors booting from the net causes the machine to hang hard. The problem is easily reproducible with 4-way MP systems and reproducible with 2-way MP systems also. The problem has been observed on MP platforms using the SuperSPARC processors also but it is hard to reproduce and the TTF is very long. This bug is induced by the MP CPU startup sequence. The problem with net boot hanging has been under investigation for nearly three months and other bugs had to be fixed in locore (level 14 interrupt handling), sun4m/machdep.c ( init_mon_clock, start_mon_clock and stop_mon_clock). See bugids (1168398, 1175829) for details. 1178128 ------- Sun manufacturing was testing SS-20/Colorado platforms and the SX test failed with a segmentation violation when testing SX functionality for rendering into physically contiguous memory. This has caused manufacturing to hold of the manufacturing line for SS-20/Colorado platforms. (from 101945-08) 1178641 NFS client should fail to open files with the mandlock bit set 1178295 /usr/sbin/eeprom caused Aurora machine to panic 1178236 System panics with data fault in free_zero_zero() 1177862 Illegal FP got "Segmentation Fault - core dumped" on MP Grizzly 1177516 SS10/SX panics when user program dumps core with a mapping to ZX 1177100 CPR doesn't support Grizzly configuration 1175478 Panic in prototype inkernel logdmuxunlink() after munlink failed 1175115 nfs write error "(file handle: xxx xxx" message cannot be redirected by syslog 1175018 cpu workarounds not correct for Voyager module on sun4d changes to support the SuperSPARC2 processor module on sun4d Note: User needs to apply this patch to fix 1175018 before the SuperSPARC 2 modules are installed. Otherwise user will have to use the workaround from the bug report to boot the machine. The problem occurs when nfs encounters write errors. NFS will print a write error to the console. In some cases the physical console is printed upon in the event that the console driver is deprived or resources. What has been done is to put a throttle on NFS write error messages, enabling the administrator to type on the console and try to figure out what is going on. I_UNLINK or I_PUNLINK commands may time out and close the stream before the multiplexor has processed the command. o The module identify code for ross625 cpu needs to be added into cpr and cprboot code. To run VAC MP startup code correctly for cprboot, cpu states for non-boot cpus needs to be cleared to 0 initially for x calls. The offline and quiesced flags are set back when we are running on the cpu startup threads. This problem involves a system panic when application software that maps certain portions of the ZX frame buffer dump core. The as_memory() routine in vm/vm_as.c is intended to "weed out" non-seg_vn segments from a process' address space when determining which segments should be written out to the core file created in the file system. However, as_memory() does not correctly check to determine if a segment is handled by seg_vn, which results in it informing it's caller (i.e. core_segs() in common/os/core.c) that the segment should be written out. In the case of device segments managed by the seg_drv driver, the segment is not backed by real memory. When core_segs() instructs vn_rdwr() to copy the contents of the segment data area to the core file (it does this because as_memory() tells it to), it may touch parts of the device that will lock up the hardware. Subsequent device access will timeout and lead to the panic. Test case psABI sct2.1 llsi/hard_traps 5 got UNRESOLVED error with Grizzly (MP) running Solaris-2.4. The expected result is to catch SIGILL (signal 4) without core dump. An isolated demo script is provided and the output for Viking (UP/MP) or Grizzly (UP) are: Caught signal number 4 and the output for Grizzly (MP) is: Segmentation Fault - core dumped Socket interface networking programs under heavy use may panic the machine with free_zero_zero() on the kernel call stack. This fixes the problem in the sockmod module. This fixes the panic that occurs on an SS5 running Solaris 2.4 with patch 101945-06 installed when the "eeprom" command is executed in order to change an option setting in NVRAM. The NFS server will deny access to mandatory lock files. This is done for two reasons. First, mandatory locking is not supported over NFS. Second, it is dangerous for the server to access mandatory lock files. It would be very easy for a normal user to completely hang the NFS server. The user could create a file and set the mode to indicate that it is a mandatory lock file. It could then lock the file with a program which then just does a pause. This user could then go to an NFS client and try to access the file. With each request from the client, including retries, another NFS server daemon on the server would get blocked, until the server ran out of NFS server daemons. (from 101945-07) 1177091 prgetstatus can generate pagefault holding p_lock, can deadlock if freemem is 0 1177578 strmakemsg/strgeterr causes panic in strrput due to NULL mblk ptr 1176467 fcntl system call fails in process run by rcmd 1172243 Customer runs application from dumb terminal and system crashes. The system can freeze under heavy swapping pressure due to procfs holding a critical lock when it takes a page fault. Doing I_SETSIG on a console window through serial line and exiting the process could cause a system panic. Kernel panic in putnext/ptcwrite. A socket endpoint not created through the socket library (by dup() of a socket endpoint for example) may experience some failures on fcntl()/ioctl() calls. (This bug is only limited to 2.4 release) (from 101945-06) 1174847 SS5 running 4.1.3U1 - running customer application - HARD HANGS 1177572 Installing Solaris 2.4 ON patch 101945-05 and running OW causes machine to panic The patch to bug ID 1151364 broke OW's consolidation. This happened because releasef() changed to have an extra argument. OW shouldn't have been dependent on releasef() which is private to the ON consolidation. Since this problem was not discovered until after the patch was made, it made more sense for ON to produce a new patch which restores releasef() to have its old interface. The interface changed for kaio. A new interface is added called areleasef() which is only used by kaio. This is an enhancement to the workaround created for bug 1161592. Change is local to sun4m/swift cpu code and has NO impact on other non-swift platforms. (from 101945-05) 1174830 savecore on diskless machine didn't generate unix, vmcore is trash 1174738 segmapdev uses condition variables with spin-type mutexes 1172998 x86: auto_lookup(): assertion failure in mutex_exit() on non-existent fs 1175829 booting continuously a diskless machine over network hangs a single CPU machine 1151364 asynchronous I/O in the user level hurts RDBMS performance This is a performance improvement for applications that are using libaio for doing async IO to raw files or devices. There are no API changes, only a new version of libaio.so.1 is installed. One side benefit of this fix is that async IO to tape should now work. This patch to bug 1151364 requires installation of libaio/kaio patch 102020-01 or later) 1175829 -------- During booting diskless over the net, a single CPU system hangs. The cause is that the kernel decides to let PROM handle the profiling timer (L14) interrupt after programming the timer with default values. The PROM waits for profiling timer (L14) to interrupt but that never happens as timer has been mistakenly stopped (when it was programmed with default values) 1174738 ------- The problem is that lp is a spin-type mutex (the devctx lock) passed by segmapdev_fault. It is illegal, but probably not well documented, to pass a spin-type mutex to cv_wait(). It is also illegal to pass 1 as the arg to mutex_init() for spin-type mutexes. That is a machine-dependent spl argument, and 1 isn't a valid choice (it needs to be a SPL above lock level. 1172998 -------- The panic: panic: mutex_adaptive_exit: mutex not owned by thread, lp f58936 70 owner e0000000 lock 0 waiters 0 curthread f5ce6360 Kernel crash dumps generated on diskless sun4m, sun4d or i86pc systems are not complete. (from 101945-04) 1175968 non-master cpu network interfaces broken on SS1000 1172243 Customer runs application from dumb terminal and system crashes. 1169686 4.1.3 system on network goes down, hangs 2.3 system The problem shows up when a "ps" thread is running through the virtual memory area to get the address space size for a mapped file. The address space lock is held and a get attributes function is called. This initiates an nfs get attribute request. If the machine that the request is made to is not responding the nfs request will block. The address space lock which is held by the blocked ps thread might block other processes on the local machine. Typically when a server goes down all nfs file system activity is blocked on any clients. The nfs operation resumes once the server comes up. In this situation a server is powered down and causes a client to hang. The hang is due to a process pile-up. The client is doing a ps and its thread is holding the address space lock (as_lock) for a running process lets call A. The A process is a mapped file from the server. The client ps thread path has reached rm_assize() which needs to get the file size so it calls VOP_GETATTR() which goes across the wire to the server. This operation goes nowhere because the server is not running. The as_lock held by the ps process is blocking other processes such as init. The solution is not to go over the wire but to return a cached entry for the file size. The change is to define a new attribute flag in vnode.h called ATTR_HINT. The rm_assize() function recognizes will use this flag when it calls VOP_GETATTR(). The nfs getattr function will see that the size of the file is requested and that the passed in flag is ATTR_HINT. It will return the file size from the rnode rather than make a request to the server. Typically when a server goes down all nfs file system activity is blocked on any clients. The nfs operation resumes once the server comes up. In this situation a server is powered down and causes a client to hang. The hang is due to a process pile-up. The client is doing a ps and its thread is holding the address space lock (as_lock) for a running process lets call A. The A process is a mapped file from the server. The client ps thread path has reached rm_assize() which needs to get the file size so it calls VOP_GETATTR() which goes across the wire to the server. This operation goes nowhere because the server is not running. The as_lock held by the ps process is blocking other processes such as init. The solution is not to go over the wire but to return a cached entry for the file size. The change is to define a new attribute flag in vnode.h called ATTR_HINT. The rm_assize() function recognizes will use this flag when it calls VOP_GETATTR(). The nfs getattr function will see that the size of the file is requested and that the passed in flag is ATTR_HINT. It will return the file size from the rnode rather than make a request to the server. Running applications that do I_SETSIG on console, when console is the serial port (i.e not the frame buffer), causes system to crash, when attempting to send signal to a process. Support for SC2000E and SS1000E was patched in the 2.3 and 2.4 releases, and integrated into the 2.5 release. This fix introduced a bug which causes non-zero system boards to have tpe-link-test turned to the incorrect setting. This has the effect of rendering the additional le interfaces non-functional. (from 101945-03) 1169909 Running xlib code in Realtime class causes code to block. in poll() 1167235 panic data fault in strioctl - apparently doing TIOCSPGRP 1150556 System becomes "panic: Overflow of asynchronous faults". This change is for proper handling of memory ECC errors. Previously, an attempt to enqueue an error when the async fault queue was full, resulted in panic: "Overflow of asynchronous faults" The new functionality is: When the queue is full, discard the entry and disable correctable error interrupt generation. Schedule re-enable of interrupt generation (via timeout) after a period of 30 minutes. Message generation is enabled to log information regarding SIMM and faulting address. An additional message is output: Excessive Asynchronous Faults: Possible Memory Deterioration Uncorrectable error occurring while the async fault queue is full results in immediate panic. In addition to queue overflow handling, the rate of error occurrence is also monitored. If the rate of errors is such that 256 errors are reported in less than 1 second, ce interrupts are disabled. Re-enable of the ce interrupts is scheduled for 30 minutes (via timeout). Protect with mutex the testing and setting of the session and controlling terminal related flags in the streamhead. Real time stream threads will block in a poll. (from 101945-02) 1174572 Viking workaround enabled on parts that do not need it 1172979 spurious SIGALRM received in test program that forks child processes 1172009 recv() on sockets should return the error only once for SunOS 4.X compatibility 1170862 kadb hangs on MP configuration 1173626 Race condition in ross625_mp_mmu_writepte() where ref/mod bits can be lost 1172242 HyperSPARC Ross_625 A.2/A.3 has bcopy error if destination page is read-only 1172245 iflush code need to be more intelligent for HyperSPARC-MP 1168398 MP CPU start up causes machine to lock up when booting from net 1166848 L1 A and then sync locks up machine 1166779 Add support for dragon+ dual power supply 1152922 prtdiag(1M) should display SBus clock frequency 1165687 reads on acceptor sockets not non-blocking under Solaris 2 when listener is 1160112 socket library accidentally closes file descriptor on error 1120225 recv() returns EPIPE when called with MSG_PEEK 1152710 socket lib in 2.3/2.2 have problems with not clearing bad connections and errno 1171478 socket recv() calls fail with EINVAL due to bad fix in 5.4 AF_UNIX and AF_INET sockets can sometimes get EPIPE errors for recv(MSG_PEEK). When the socket library sees the EPIPE error it will in some cases close the file descriptor causing the application to get EBADF errors for subsequent operations. A AF_UNIX listening socket can get into a permanent error state (returning EPIPE or ECONNRESET) for any operation until the socket is closed. The non-blocking attribute of a socket endpoint is not transferred from a non-blocking listener endpoint to a accepting endpoint. This causes some socket non-blocking programs to block. This patch fixes the problem by setting the accepting endpoint non-blocking attribute if the listener was non-blocking. Add dual power supply support to SC2000 and SC2000E systems. Systems with dual power supplies will receive warnings on system console when one of the redundant power supplies fails. Modify prtdiag(1M) to indicate SBus Clock frequency. The SC2000E and SS1000E run with 25 MHz SBus clock frequency. The SC2000 and SS1000 run with 20 MHz SBus clock frequency. This change to prtdiag(1M) makes it easy to determine the SBus clock frequency on the system. For versions greater than 2.10 of the Open Boot Prom, L1-A followed by "sync" will sometimes hang. Summary: Patch to support Hypersparc CPU (Colorado) Modules. Below is a brief description of each bug: 1170862 ------- On a Colorado MP machine, if you set up break-points in the kernel try to resume from there, the machine sometimes hangs. Neither L1-A nor taking the keyboard helps. One has to power cycle the machine. 1173626 ------- There is a small window in "ross625_mp_mmu_writepte()" where the reference or modified bits can be lost before cpus are captured 1172242 ------- This is needed for a Ross625 A0-A3 bug where it's possible for the hardware bcopy to write into the destination if the destination is write protected under some circumstances. 1172245: ------- The iflush code for Ross 625 (virtual address-cache cpu) needed to add in per-cpu local flush support instead of doing global broadcast to flush all cpus all the times. 1168398 ------- We have two processors in the system: CPU 0 and CPU 2. CPU 2 executed pause_cpus(), pause_cpus() created a pause_thread for CPU 0 and CPU2 was spinning on safe_list[0] waiting for pause thread for CPU 0 to set safe_list[0] to a 1. But CPU 0 never executed its pause thread. Instead, CPU 0 took a level 14 interrupt and dropped into the PROM and never re-surfaced from the PROM. In SunOS 4.X sockets when a read() or recv*() call returns an error the application can do another read()/recv*() and get an EOF. This patch applies this subtle aspect of socket semantics to SunOS 5.X. This specification of signal actions from the signal(5) manual page was being violated: Setting a signal action to SIG_IGN for a signal that is pending causes the pending signal to be discarded, whether or not it is blocked. Any queued values pending are also discarded, and the resources used to queue them are released and made available to queue other signals. The condition under which the pending signal was not being discarded was the specific case of SIGALRM signals generated by the setitimer(ITIMER_REAL) interface. The malfunction happens in a narrow race condition which will be triggered under intensive setting of a signal handler and setting it to SIG_IGN while the itimer is active. SunOS 5.4 sometimes enables a bug workaround on systems that do not need it. (from 101945-01) 1173969 MT process doesn't stop on multi processor systems dbx appears to malfunction when controlling a multithreaded process that does many fork1()s. The bug is in the system, not dbx. Also, stopping dbx with a jobcontrol signal from the terminal, ^Z, while it is controlling a multithreaded process will cause the multithreaded process to becomed permanently stopped. (from 101918-01) 1157053 ESC8146 System panics when doing a copy to NFS file system mounted across FDDI-S Cause of problem is due to non-aligned transfers. The memory address alignment trap happened in xdr_writeargs() when copying data in a loop. The address was not on a long word boundary, it was on a word boundary. nfs_feedback() can adjust the transfer address and size for a request such as for a retransmission. The xdr_writeargs() can make use of bcopy(). The xdr_writeargs() is in file nfs_xdr.c. There are a few other functions in this file that do a similar copy operation that should be changed to use bcopy. (from 101983-03) 1174913 autofs checking for local subnets doesn't work when NIS+ is the nameservice This patch is to fix bug 1174913: autofs checking for local subnets doesn't work when NIS+ is the nameservice. The problem is that when a mount takes place ,its not giving a preference to the interface that the client machine is sitting on. It should be mounting from the servers interface that the client machine is attached to first and then an alternate if that does not respond. This is because that the automounter is looking up the table netmask while it should be looking up the table netmasks. (from 101983-02) 1151509 automounter's built in timeout is too short for low speed lines automountd by default only waits 15 seconds for servers to reply to its initial connection requests. This timeout may be too short for slow links or for very busy servers. This patch allows the system administrator to tune the total timeout by specifying the number of attempts (original + retries). This is done by adding a retry=n entry to the options list for the busy server entry in the automounter map. The default is one attempt (retry=0), when no retry=n option is specified in the options field, or when the retry=n option is invalid. Each retry is equivalent to approximately 30 seconds. Since automountd is currently single-threaded, this option should be used with care, as it will cause automountd to take more time to decide whether a server is dead or not (reply received or not), causing incoming autofs kernel requests to be queued for longer periods of time. For example, the following /etc/auto_home map uses the retry=1 option to force automountd to send the original request, and retry it once more, before giving up with a "server not responding error". If the reply is received before the next retry, there will be no retransmission. NOTE: It is not recommended to set this option as the map default, since it will cause automountd to needlessly wait longer for replies from real dead servers which otherwise would have replied without the need for retries had they been up. /etc/auto_home: # Home directory map for automounter # userx -nosuid,hard,intr,retry=1 busy_server:/export/home/userx +auto_home (from 101983-01) 1174222 automounter does not mount from 4.1.3 NFS servers with libc patch automountd first makes a null RPC call to the remote portmapper (rpcbind) of the server from which it needs to mount to determine if the server is able to respond to mount requests or not. In some cases (multiple servers specified on map entry) it would call the remote portmapper using version 3, which is not available on non SVR4 systems. Some systems are now silent about version mismatches, which causes automountd to assume the server is dead (or at least it's rpcbind/portmapper). This patch fixes this problem by always using version 2 of the portmapper protocol. (from 101975-01) 1173301 some files may not show up under cachefs Files can sometimes be missing from a cachefs mounted directory. This can happen if the entry in question is the last one in the directory block, but would be the first one in the cachefs front file. If a client system runs touch on this file, it will erase the contents of the file on the server. (from 101969-07) 1182458 network interface can hang on NFS server with high ipReasmDuplicates counts (from 101969-06) 1178985 Multicast routing broken in Solaris 2.4 1179625 freeb(): bad pointer passed to kmem_cache_free A performance problem with T101969-05 will be seen in TCP/IP network connections over high bandwidth network interfaces (FDDI, ATM, 100Base-T, but not 10Base-T EtherNet) resulting in lower then expected throughput. There is no impact on TCP/IP functionality. IP Multicast routing does not work correctly in 2.4. The (publicly available) mrouted program does not receive any IGMP_HOST_MEMBERSHIP_REPORT messages due to the kernel incorrectly thinking that these messages are malformed. (from 101969-05) 1179625 freeb(): bad pointer passed to kmem_cache_free Kernel PANIC in freeb(), from freemsg(), from tcp_closei(), ... may be caused by TCP freemsg()ing an already freed mblk. This bug was introduced in a bug fix for 1167357. (from 101969-04) 1178391 system with PPP device using the same IP address as le0 will stop working 1178400 NFS copies btw 690MP(512) server and Sunos 4.1.3 corrupt data without any error MPs can transmit IP packets with the same ip_id field potentially causing fragmented packets to be reassembled incorrectly. Normally this is not a problem since the corruption will be detected by the UDP/TCP checksum. However, SunOS 4.X does not by default verify the UDP checksum in which case the incorrectly reassembled packets can cause NFS file corruption. When an IP address is shared between an ethernet and a point-to-point links and if the links go down and point-to-point links comes up first, the ethernet link will not be able to come up with the shared IP address.. (from 101969-03) 1172731 After PPP connects improper routing entries cause problems When an IP address is shared between a POINT-TO_POINT interface and a numbered interface can result in invalid routing entries. (from 101969-02) 1174786 Unnubered interfaces with respect to PPP have problems 1174851 SC2000 hang due to no ip clow control when used with FDDI board When a high bandwith network interface is receiving a large number of packets addressed to it, but with no one bound to the specified port, then IP does a lot of processing. IP sends an ICMP unreachable packet back to the source of the original packet. This can cause large amounts of kmem to be consumed, which can cause subsequent kmem_alloc() failures, including allocb() failures in the driver for the high bandwidth interface driver. This can cause subsequent fragments of large IP frames to be dropped by the driver. IP will then hold on to these incomplete frames awaiting the arival of the missing fragments which will never show up, IP holds on to these frames for 60 seconds. Which in the case of a NPI FDDI interface at 80Mb/S can be 300Mbyte of kmem. When a point-to-point interface shares an ip address with a numbered interface, point-to-point link will stop receiving packets if the numbered interface is shutdown. (from 101969-01) 1162269 all net IP broadcast packets (255.255.255.255) have a ttl of 1 Applications and environments that depend on routers forwarding broadcast packets might run into problems with the fact that IP sets the TTL of all broadcast packets to 1 (in order to avoid any broadcast storms when there are misconfigured machines on the wire). This patch makes it possible to override the default TTL of 1. (from 101971-01) 1172260 5.4 <-> 4.1.2 socket connection loses sync and delays transfer of data A TCP connection might not start immediately when a window update is received after the Solaris 5.4 side has sent a zero window probe. With some TCP implementations at the remote end there will be a few seconds of delay (waiting for a retransmit timeout). (from 101981-02) 1179738 Users with 8 characters name or more will not be logged into utmp (from 101981-01) 1173212 SECURITY: su can display root password in the console If a username is too long (greater than 8 characters), when su root fails or succeeds for that user, the characters typed in as the password are echoed to the console. (from 102169-01) 1178761 ufs_putapage:bn == UFS_HOLE panic when filesystem fills up... A corrupt inode can be created when extending a UFS file and running out of space. This can later cause a panic 'ufs_putapage: bn==UFS_HOLE'. (from 102926-01) 1178824 When catman is invoked on a system w/BSM & 101318-54 the system crashes (from 102119-01) 1163335 SS1000 interactive performance very poor with > 200 users logged in Traditional BSD-derived systems require per-character processing to be handled by the rlogin and telnet daemons. This is very inefficient, since it often requires several user level context switches per input character. This patch provides a "fast path" entirely in the kernel, which eliminates the added overhead of processing by a user-level daemon for normal data traffic. Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- 1) Stop automountd # /etc/init.d/autofs stop 2) Install patch 3) Edit the necessary entries on your automounter maps (add the retry=n option). 4) Restart automountd # /etc/init.d/autofs start Reboot after installation. Instructions to install patch using "installpatch" -------------------------------------------------- 1. Become super-user. 2. Apply the patch by typing: installpatch where is the directory containing installpatch, and is the directory containing the patch itself. Example: # cd /tmp/123456-01 # ./installpatch . 3. If any errors are reported, see "Patch Installation Errors" in the Command Descriptions section below. Rebooting the system or restarting the application after a successful patch installation is usually necessary to utilize patch. NOTE: On client server machines the patch package is NOT applied to existing clients or to the client root template space. Therefore, when appropriate, ALL CLIENT MACHINES WILL NEED THE PATCH APPLIED DIRECTLY USING THIS SAME INSTALLPATCH METHOD ON THE CLIENT. See the next section for instructions for installing a patch on a client. Instructions for installing a patch on a dataless client -------------------------------------------------------------------- 1. Before applying the patch, the following command must be executed on the server to give the client read-only, root access to the exported /usr file system so that the client can execute the pkgadd command: share -F nfs -o ro,anon=0 /export/exec//usr The command: share -F nfs -o ro,root= \ /export/exec//usr accomplishes the same goal, but only gives root access to the client specified in the command. 2. Login to the client system and become super-user. 3. Continue with step 2 in the "Instructions to install patch using installpatch" section above. Instructions for installing a patch on a diskless client -------------------------------------------------------------------- ** To install a patch on a diskless client, you may either follow the instructions for installing on a dataless client (that is, you may logon to the client and install the patch), or you may use the following instructions to install the patch while on the server. 1. Find the complete path for the root directory of the diskless client. 2. Install the patch normally, but add the command option -R to the command line. should be the completely specified. Example: # cd /tmp/123456-01 # ./installpatch -R /export/root/client1 . Instructions for backing out a patch using "backoutpatch" ----------------------------------------------------------- 1. Become super-user. 2. Change directory to /var/sadm/patch: cd /var/sadm/patch 3. Backout patch by typing: /backoutpatch where is the patch number. Example: # cd /var/sadm/patch # 123456-01/backoutpatch 123456-01 4. If any errors are reported, see "Patch Backout Errors" in the Command Descriptions section below. Instructions for backing out a patch on a dataless client ---------------------------------------------------------- 1. Give the client root access to /usr as specified in the installpatch section. 2. Logon to the client and follow backoutpatch instructions as specified above. Instructions for backing out a patch on a diskless client ----------------------------------------------------------- ** To backout a patch on a diskless client, you may either follow the instructions for backout on a dataless client (that is, you may logon to the client and backout the patch), or you may use the following instructions to backout the patch while on the server. 1. Find the complete path for the root directory of the diskless client. 2. Backout the patch normally, but add the command option -R to the command line. should be the completely specified. Example: # cd /export/root/client1/var/sadm/patch # ./123456-01/backoutpatch -R /export/root/client1 123456-01 Instructions for identifying patches installed on system: ---------------------------------------------------------- Patch packets that have been installed can be identified by using the -p option. To find out which patches are installed on a diskless client, use both the -R option and the -p option, where is the fully specified path to the client's root directory. #cd /tmp/123456-01 #./installpatch -p #./installpatch -R /export/root/client1 -p Also note that the command "showrev -p" will show the patches installed on the local machine, but will not show patches installed on clients. Command Descriptions -------------------- NAME installpatch - apply patch package to Solaris 2.x system backoutpatch - remove patch package, restore previously saved files SYNOPSIS installpatch [-udpV] [-S ] backoutpatch [-fV] [-S ] DESCRIPTION These installation and backout utilities apply only to Solaris 2.x associated patches. They do not apply to Solaris 1.x associated patches. These utilities are currently only provided with each patch package and are not included with the standard Solaris 2.x release software. OPTIONS installpatch: -u unconditional install, turns off file validation. Allows the patch to be applied even if some of the files to be patched have been modified since original installation. -d Don't back up the files to be patched. This means that the patch CANNOT BE BACKED OUT. -p Print a list of the patches currently applied -V Print script version number -S Specify an alternate service (e.g. Solaris_2.3) for patch package processing references. -R Specify an alternate package installation root. Most useful for installing patches on diskless clients while logged on to the server. backoutpatch: -f force the backout regardless of whether the patch was superseded -V print version number only -S Specify an alternate service (e.g. Solaris_2.3) for patch package processing references. -R Specify an alternate package installation root. Most useful for removing patches on diskless clients while logged on to the server. DIAGNOSTICS Patch Installation Errors: -------------------------- Error message: The prepatch script exited with return code . Installpatch is terminating. Explanation and recommended action: The prepatch script supplied with the patch exited with a return code other than 0. Run a script trace of the installpatch and find out why the prepatch had a bad return code. Fix the problem and re-run installpatch. To execute a script trace: # sh -x ./installpatch . > /tmp/patchout 2>&1 The file /tmp/patchout will list all commands executed by installpatch. You should be able to determine why your prepatch script failed by looking through the /tmp/patchout file. If you still can't determine the reason for failure, contact customer service. Error message: The postpatch script exited with return code . Backing out patch. Explanation and recommended action: The postpatch script provided with the patch exited with an error code other than 0, and the patch has not previously been applied. Installpatch will execute backoutpatch to return the system to its pre-patched state. Create a script trace of the installpatch (see above) and find out why the postpatch script failed. Correct and re-execute installpatch. If you are unable to determine why the postpatch script failed, contact customer service. Error message: The postpatch script exited with return code . Not backing out patch because this is a re-installation. The system may be in an unstable state! Installpatch is terminating. Explanation and recommended action: The postpatch script provided with the patch exited with an error code other than 0. Because this is a re-installation of a patch, installpatch will not automatically backout the patch. You may backout the patch manually using the backoutpatch command, then generate a script trace of the installpatch as described above. Find out why the postpatch failed, correct the problem, and re-install the patch. If you are unable to determine why the postpatch script failed, contact customer service. Error message: Patch has already been applied. Explanation and recommended action: This patch has already been applied to the system and no additional patch packages would be added due to a re-installation. If the patch has to be reapplied for some reason, backout the patch and then reapply it. Error message: Symbolic link in package Symbolic links can't be part of a patch. Installpatch is terminating. Explanation and recommended action: The patch was incorrectly built. Contact customer service to get a new patch. Error message: This patch is obsoleted by patch which has already been applied to this system. Patch installation is aborted. Explanation and recommended action: Occasionally, a patch is replaced by a new patch which incorporates the bug fixes in the old patch and supplies additional fixes also. At this time, the earlier patch is no longer made available to users. The second patch is said to "obsolete" the first patch. However, it is possible that some users may still have the earlier patch and try to apply it to a system on which the later patch is already applied. If the obsoleted patch were allowed to be applied, the additional fixes supplied by the later patch would no longer be available, and the system would be left in an inconsistent state. This error message indicates that the user attempted to install an obsoleted patch. There is no need to apply this patch because the later patch has already supplied the fix. Error Message: None of the packages to patch are installed on this system. Explanation and recommended action: The original packages for this patch have not been installed and therefore the patch cannot be applied. The original packages need to be installed before applying the patch. Error message: This patch is not applicable to client systems. Explanation and recommended action: The patch is only applicable to servers and standalone machines. Attempting to apply this patch to a client system will have no effect on the system. Error message: The -S and -R arguments are mutually exclusive. Explanation and recommended action: You have specified both a non-native service to patch, and a package installation root. These two arguments are mutually exclusive. If patching a non-native usr partition, the -S option should be used to patch all clients using that service. If patching a client's root partition (either native or non-native), the -R option should be used. Error message: The service cannot be found on this system. Explanation and recommended action: You have specified a non- native service to patch, but the specified service is not installed on your system. Correctly specify the service when applying the patch. Error message: The Package Install Root directory cannot be found on this system. Explanation and recommended action: You have specified a directory that is either not mounted, or does not exist on your system. Specify the directory correctly when applying the patch. Error message: The /usr/sbin/pkgadd command is not executable. Explanation and recommended action: The /usr/sbin/pkgadd command cannot be executed. The most likely cause of this is that installpatch is being run on a diskless or dataless client and the /usr file system was not exported with root access to the client. See the section above on "Instructions for installing a patch on a diskless or dataless client". Error message: packages are not proper patch packages. Explanation and recommended action: The patch directory supplied as an argument to installpatch did not contain the expected package format. Verify that the argument supplied to installpatch is correct. Error message: The following validation error was found: Explanation and recommended action: Before applying the patch, the patch application script verifies that the current versions of the files to be patched have the expected fcs checksums and attributes. If a file to be patched has been modified by the user, the user is notified of this fact. The user then has the opportunity to save the file and make a similar change to the patched version. For example, if the user has modified /etc/inet/inetd.conf and /etc/inet/inetd.conf is to be replaced by the patch, the user can save the locally modified /etc/inet/inetd.conf file and make the same modification to the new file after the patch is applied. After the user has noted all validation errors and taken the appropriate action for each one, the user should re-run installpatch using the "-u" (for "unconditional") option. This time, the patch installation will ignore validation errors and install the patch anyway. Error message: Insufficient space in /var/sadm/patch to save old files. Explanation and recommended action: There is insufficient space in the /var/sadm/patch directory to save old files. The user has two options for handling this problem: (1) generate additional disk space by deleting unneeded files, or (2) override the saving of the old files by using the "-d" (do not save) option when running installpatch. However if the user elects not to save the old versions of the files to be patched, backoutpatch CANNOT be used. One way to regain space on a system is to remove the save area for previously applied patches. Once the user has decided that it is unlikely that a patch will be backed out, the user can remove the files that were saved by installpatch. The following commands should be executed to remove the saved files for patch xxxxxx-yy: cd /var/sadm/patch/xxxxxx-yy rm -r save/* rm .oldfilessaved After these commands have been executed, patch xxxxxx-yy can no longer be backed out. Error message: Save of old files failed. Explanation and recommended action: Before applying the patch, the patch installation script uses cpio to save the old versions of the files to be patched. This error message means that the cpio failed. The output of the cpio would have been preceded this message. The user should take the appropriate action to correct the cpio failure. A common reason for failure will be insufficient disk space to save the old versions of the files. The user has two options for handling insufficient disk space: (1) generate additional disk space by deleting unneeded files, or (2) override the saving of the old files by using the "-d" option when running installpatch. However if the user elects not to save the old versions of the files to be patched, the patch CANNOT be backed out. Error message: Pkgadd of package failed with error code . See /tmp/log. for reason for failure. Explanation and recommended action: The installation of one of patch packages failed. Installpatch will backout the patch to leave the system in its pre-patched state. See the log file for the reason for failure. Correct the problem and re-apply the patch. Error message: Pkgadd of package failed with error code . Will not backout patch...patch re-installation. Warning: The system may be in an unstable state! See /tmp/log. for reason for failure. Explanation and recommended action: The installation of one of the patch packages failed. Installpatch will NOT backout the patch. You may manually backout the patch using backoutpatch, then re-apply the entire patch. Look in the log file for the reason pkgadd failed. Correct the problem and re-apply the patch. Patch Installation Messages: --------------------------- Note: the messages listed below are not necessarily considered errors as indicated in the explanations given. These messages are, however, recorded in the patch installation log for diagnostic reference. Message: Package not patched: PKG=SUNxxxx Original package not installed Explanation: One of the components of the patch would have patched a package that is not installed on your system. This is not necessarily an error. A Patch may fix a related bug for several packages. Example: suppose a patch fixes a bug in both the online-backup and fddi packages. If you had online-backup installed but didn't have fddi installed, you would get the message Package not patched: PKG=SUNWbf Original package not installed This message only indicates an error if you thought the package was installed on your system. If this is the case, take the necessary action to install the package, backout the patch (if it installed other packages) and re-install the patch. Message: Package not patched: PKG=SUNxxx ARCH=xxxxxxx VERSION=xxxxxxx Architecture mismatch Explanation: One of the components of the patch would have patched a package for an architecture different from your system. This is not necessarily an error. Any patch to one of the architecture specific packages may contain one element for each of the possible architectures. For example, Assume you are running on a sun4m. If you were to install a patch to package SUNWcar, you would see the following (or similar) messages: Package not patched: PKG=SUNWcar ARCH=sparc.sun4c VERSION=11.5.0,REV=2.0.18 Architecture mismatch Package not patched: PKG=SUNWcar ARCH=sparc.sun4d VERSION=11.5.0,REV=2.0.18 Architecture mismatch Package not patched: PKG=SUNWcar ARCH=sparc.sun4e VERSION=11.5.0,REV=2.0.18 Architecture mismatch Package not patched: PKG=SUNWcar ARCH=sparc.sun4 VERSION=11.5.0,REV=2.0.18 Architecture mismatch The only time these messages indicate an error condition is if installpatch does not correctly recognize your architecture. Message: Package not patched: PKG=SUNxxxx ARCH=xxxx VERSION=xxxxxxx Version mismatch Explanation: The version of software to which the patch is applied is not installed on your system. For example, if you were running Solaris 5.3, and you tried to install a patch against Solaris 5.2, you would see the following (or similar) message: Package not patched: PKG=SUNWcsu ARCH=sparc VERSION=10.0.2 Version mismatch This message does not necessarily indicate an error. If the version mismatch was for a package you needed patched, either get the correct patch version or install the correct package version. Then backout the patch (if necessary) and re-apply. Message: Re-installing Patch. Explanation: The patch has already been applied, but there is at least one package in the patch that could be added. For example, if you applied a patch that had both Openwindows and Answerbook components, but your system did not have Answerbook installed, the Answerbook parts of the patch would not have been applied. If, at a later time, you pkgadd Answerbook, you could re-apply the patch, and the Answerbook components of the patch would be applied to the system. Message: Installpatch Interrupted. Installpatch is terminating. Explanation: Installpatch was interrupted during execution (usually through pressing ^C). Installpatch will clean up its working files and exit. Message: Installpatch Interrupted. Backing out Patch... Explanation: Installpatch was interrupted during execution (usually through pressing ^C). Installpatch will clean up its working files, backout the patch, and exit. Patch Backout Errors: --------------------- Error message: prebackout patch exited with return code . Backoutpatch exiting. Explanation and corrective action: the prebackout script supplied with the patch exited with a return code other than 0. Generate a script trace of backoutpatch to determine why the prebackout script failed. Correct the reason for failure, and re-execute backoutpatch. Error message: postbackout patch exited with return code . Backoutpatch exiting." Explanation and corrective action: the postbackout script supplied with the patch exited with a return code other than 0. Look at the postbackout script to determine why it failed. Correct the failure and, if necessary, RE-EXECUTE THE POSTBACKOUT SCRIPT ONLY. Error message: Only one service may be defined. Explanation and corrective action: You have attempted to specify more than one service from which to backout a patch. Different services must have their patches backed out with different invocations of backoutpatch. Error message: The -S and -R arguments are mutually exclusive. Explanation and recommended action: You have specified both a non-native service to backout, and a package installation root. These two arguments are mutually exclusive. If backing out a patch from a non-native usr partition, the -S option should be used. If backing out a patch from a client's root partition (either native or non-native), the -R option should be used. Error message: The service cannot be found on this system. Explanation and recommended action: You have specified a non- native service from which to backout a patch, but the specified service is not installed on your system. Correctly specify the service when backing out the patch. Error message: Only one rootdir may be defined. Explanation and recommended action: You have specified more than one package install root using the -R option. The -R option may be used only once per invocation of backoutpatch. Error message: The directory cannot be found on this system. Explanation and recommended action: You have specified a directory using the -R option which is either not mounted, or does not exist on your system. Verify the directory name and re-backout the patch. Error message: Patch has not been successfully applied to this system. Explanation and recommended action: You have attempted to backout a patch that is not applied to this system. If you must restore previous versions of patched files, you may have to restore the original files from the initial installation CD. Error message: Patch has not been successfully applied to this system. Will remove directory Explanation and recommended action: You have attempted to back out a patch that is not applied to this system. While the patch has not been applied, a residual /var/sadm/patch/ (perhaps from an unsuccessful installpatch) directory still exists. The patch cannot be backed out. If you must restore old versions of the patched files, you may have to restore them from the initial installation CD. Error message: This patch was obsoleted by patch . Patches must be backed out in the order in which they were installed. Patch backout aborted. Explanation and recommended action: You are attempting to backout patches out of order. Patches should never be backed-out out of sequence. This could undermine the integrity of the more current patch. Error message: Patch was installed without backing up the original files. It cannot be backed out. Explanation and recommended action: Either the -d option of installpatch was set when the patch was applied, or the save area of the patch was deleted to regain space. As a result, the original files are not saved and backoutpatch cannot be used. The original files can only be recovered from the original installation CD. Error message: pkgrm of package failed return code . See /var/sadm/patch//log for reason for failure. Explanation and recommended action: The removal of one of patch packages failed. See the log file for the reason for failure. Correct the problem and run the backout script again. Error message: Restore of old files failed. Explanation and recommended action: The backout script uses the cpio command to restore the previous versions of the files that were patched. The output of the cpio command should have preceded this message. The user should take the appropriate action to correct the cpio failure. KNOWN PROBLEMS: On client server machines the patch package is NOT applied to existing clients or to the client root template space. Therefore, when appropriate, ALL CLIENT MACHINES WILL NEED THE PATCH APPLIED DIRECTLY USING THIS SAME INSTALLPATCH METHOD ON THE CLIENT. See instructions above for applying patches to a client. A bug affecting a package utility (eg. pkgadd, pkgrm, pkgchk) could affect the reliability of installpatch or backoutpatch which uses package utilities to install and backout the patch package. It is recommended that any patch that fixes package utility problems be reviewed and, if necessary, applied before other patches are applied. Such existing patches are: 100901 Solaris 2.1 101122 Solaris 2.2 101331 Solaris 2.3 SEE ALSO pkgadd, pkgchk, pkgrm, pkginfo, showrev, cpio