Patch-ID# 101777-59 Keywords: Amdahl kernel kadb libc lockd security libthread libaio automountd Synopsis: A+Edition 1.0: Jumbo patch for kernel (includes libc, lockd) Date: Oct/31/94 Solaris Release: 2.3 SunOS release: 5.3 Unbundled Product: A+Edition Unbundled Release: 1.0 WARNING: Install this patch ONLY on systems running Amdahl's A+Edition. Topic: A+Editon 1.0: Jumbo patch for kernel (includes libc, lockd) NOTE 1: You need to also apply Sun patch 102113-01 if you are printing on a NeWSprint printer. Patch 102113-01 prevents a hang from occuring when printing. NOTE 2: If this patch is applied to a server, Sun patch 101318-59 should also be applied to dataless clients that also mount /usr from that server. Failure to do so will generate this error message when openwin is started on the client: "Binding Unix socket: Invalid argument" NOTE 3: For systems running Oricale, Informix, or Sybase please see the file SPECIAL_NOTICE_DBMS also included with this patch. Amdahl Work Requests fixed with this patch: 187 213 270 389 BugId's fixed with this patch: 1139493 1108615 1139124 1130721 1144765 1146912 1146985 1130721 1143439 1140209 1137581 1144922 1145401 1145746 1150058 1142365 1140047 1123788 1132554 1145661 1145617 1144308 1137978 1144228 1147226 1139753 1147620 1147165 1150306 1149105 1149088 1123140 1146534 1149928 1152482 1152251 1151159 1153051 1152977 1153790 1152995 1144086 1152995 1153911 1150613 1154515 1153178 1151999 1146597 1154325 1152168 1149458 1146840 1150304 1088703 1097418 1151044 1153024 1142479 1155136 1154975 1145471 1142622 1113339 1121069 1148689 1142662 1157047 1155803 1152410 1156550 1152960 1153324 1139753 1154452 1157110 1157460 1157463 1158000 1157524 1157978 1144536 1159160 1157990 1160207 1155948 1140802 1160720 1159439 1157267 1140503 1140378 1122992 1132086 1157265 1155515 1147647 1160681 1151592 1152033 BugId's fixed with this patch: 1135394 1138196 1137587 1137798 1138207 1141642 1162202 1163533 1160087 1151192 1147977 1146549 1139327 1125134 1138196 1137587 1137798 1138207 1141642 1162202 1155948 1163747 1138196 1137587 1137798 1138207 1141642 1162202 1150417 1164156 1138924 1164504 1159757 1158215 1098381 1154060 1156947 1146726 1151137 1165902 1156132 1159248 1164569 1165270 1158674 1166629 1156103 1165689 1155951 1165649 1117303 1163167 1163170 1164554 1165987 1159882 1166933 1165736 1159152 1107880 1167602 1164428 1155298 1168240 1166581 1145573 1140610 1145129 1139765 1144962 1142583 1147964 1145542 1150596 1136034 1149774 1150491 1157062 1160379 1153253 1163275 1155701 1145421 1156518 1163847 1153274 1149399 1160662 1158639 1158638 1161525 1148003 1163445 1168083 1169132 1168055 1167439 1168672 1167154 1164156 BugId's fixed with this patch: 1130726 1151598 1159347 1165413 1163776 1123876 1156103 1167485 1145573 1140610 1145129 1139765 1144962 1142583 1147964 1145542 1150596 1136034 1149774 1150491 1157062 1160379 1153253 1163275 1155701 1145421 1156518 1163847 1153274 1149399 1160662 1158639 1158638 1161525 1148003 1163445 1143231 1145573 1140610 1145129 1139765 1144962 1142583 1147964 1145542 1150596 1136034 1149774 1150491 1157062 1160379 1153253 1163275 1155701 1145421 1156518 1163847 1153274 1149399 1160662 1158639 1158638 1161525 1170350 1170091 1165247 1170814 1170036 1169640 1170527 1169904 1170233 1145573 1140610 1145129 1139765 1144962 1142583 1147964 1145542 1150596 1136034 1149774 1150491 1157062 1160379 1153253 1163275 1155701 1145421 1156518 1163847 1153274 1149399 1160662 1158639 1158638 1161525 1169109 1168365 BugId's fixed with this patch: 1168635 1166848 1165014 1158398 1171363 1091548 1145573 1140610 1145129 1139765 1144962 1142583 1147964 1145542 1150596 1136034 1149774 1150491 1157062 1160379 1153253 1163275 1155701 1145421 1156518 1163847 1153274 1149399 1160662 1158639 1158638 1161525 1164428 1172320 1170544 1170669 1172155 1169424 1165250 1145573 1140610 1145129 1139765 1144962 1142583 1147964 1145542 1150596 1136034 1149774 1150491 1157062 1160379 1153253 1163275 1155701 1145421 1156518 1163847 1153274 1149399 1160662 1158639 1158638 1161525 1146922 1153229 1154502 1156649 1152710 1168167 1170038 1172979 1172118 1171833 1171609 1169590 1167647 1163312 1173731 1160112 1120225 1172243 1166779 1152922 1174222 1173212 1170488 1151883 1169909 1166349 1165687 1162269 1164519 1174851 1174572 1172438 1172260 1172243 1172009 BugId's fixed with this patch: 1171599 1175304 1174851 1174270 1167235 1175968 1151704 1140626 Changes incorporated in this version: 1175968 1151704 1140626 Relevant Architectures: sparc sun4d Patches accumulated and obsoleted by this patch: 101318-59, 101294-02,101267-01,101326-01,101349-01,101319-02,101346-03,101485-01,101411-04,101672-01,101674-01,101316-02,101315-01,101329-16,101597-02,101869-01,101489-04,101859-01 Patches which conflict with this patch: Patches required with this patch: 102113-01 Obsoleted by: Files included with this patch: /usr/kvm/crash /usr/include/sys/socket.h /etc/default/utmpd /etc/init.d/rpc /etc/init.d/utmpd /etc/rc0.d/K50utmpd /etc/rc1.d/K50utmpd /etc/rc2.d/S88utmpd /etc/ttysrch /kadb /kernel/drv/arp /kernel/drv/cgfourteen /kernel/drv/clone /kernel/drv/cn /kernel/drv/icmp /kernel/drv/ip /kernel/drv/log /kernel/drv/sx /kernel/drv/sx_cmem /kernel/drv/tcoo /kernel/drv/tcp /kernel/drv/udp /kernel/drv/zs /kernel/exec/aoutexec /kernel/exec/elfexec /kernel/fs/procfs /kernel/fs/tmpfs /kernel/fs/ufs /kernel/misc/seg_drv /kernel/sched/TS /kernel/strmod/arp /kernel/strmod/ldterm /kernel/strmod/ptem /kernel/strmod/sockmod /kernel/strmod/timod /kernel/sys/c2audit /kernel/sys/shmsys /kernel/unix /platform/aplus4d/kernel/exec/aoutexec /platform/aplus4d/kernel/fs/procfs /platform/aplus4d/kernel/drv/arp /platform/aplus4d/kernel/drv/clone /platform/aplus4d/kernel/drv/icmp /platform/aplus4d/kernel/drv/ip /platform/aplus4d/kernel/drv/log /platform/aplus4d/kernel/drv/tcp /platform/aplus4d/kernel/drv/udp /platform/aplus4d/kernel/drv/zs /platform/aplus4d/kernel/exec/elfexec /platform/aplus4d/kernel/exec/aoutexec /platform/aplus4d/kernel/fs/procfs /platform/aplus4d/kernel/fs/tmpfs /platform/aplus4d/kernel/fs/ufs /platform/aplus4d/kernel/sched/TS /platform/aplus4d/kernel/sched/RT /platform/aplus4d/kernel/strmod/arp /platform/aplus4d/kernel/strmod/ldterm /platform/aplus4d/kernel/strmod/ptem /platform/aplus4d/kernel/strmod/sockmod /platform/aplus4d/kernel/strmod/timod /platform/aplus4d/kernel/sys/c2audit /platform/aplus4d/kernel/sys/shmsys /platform/aplus4d/kernel/misc/seg_drv /platform/aplus4d/kernel/drv/cn /platform/aplus4d/kernel/drv/tcoo /usr/include/sys/poll.h /sun4/kernel/drv/cgsix.conf /usr/bin/nisaddcred /usr/bin/nischmod /usr/bin/nisgrpadm /usr/kernel/sched/RT /usr/lib/autofs/automountd /usr/lib/fs/autofs/automount /usr/lib/libaio.so.1 /usr/lib/libc.a /usr/lib/libp/libc.a /usr/lib/libc.so.1 /usr/lib/libnsl.a /usr/lib/libnsl.so.1 /usr/lib/libsocket.so.1 /usr/lib/nfs/lockd /usr/lib/pics/libc_pic.a /usr/lib/straddr.so.2 /usr/lib/libstraddr.a /usr/lib/utmpd /usr/sbin/pwconv /usr/sbin/rpc.nisd /usr/sbin/syslogd postinstall script to edit etc/syslog.conf postremove script to remove edits from etc/syslog.conf /usr/lib/fs/autofs/automount /usr/sbin/nislog /usr/lib/nis/nisaddent /usr/lib/nis/nisserver /usr/lib/libthread.so.1 Problem Description: (from 101777-55) 389 polldat not removed from poll head queue by polldel() (from 101777-54) 187 telnet performance issue: Break up the poll lock 213 panic when /tmpfs becomes full 270 aioread and aiowrite can actually fail - return status of call is not checke d (from 101318-59) 1175968 non-master cpu network interfaces broken on SS1000 1151704 kernel read fault at addr=0x2000, pte=0x1 uadmin: Text fault 1140626 MP systems panics with Data Fault The system can panic with a BAD TRAP, Data fault with the following stack backtrace: Begin traceback... sp = e95982b0 cpu_prop_op+0x48 @ 0xe000b2a8, fp=0xe9598328 args=14c002c b4c45e0 1 0 e00dc900 e959844c cdev_prop_op+0x68 @ 0xe00483e0, fp=0xe9598388 args=14c002c b4c45e0 1 9 e00dc900 e959844c e_ddi_getprop+0x48 @ 0xe003164c, fp=0xe95983e8 args=14c002c b4c45e0 1 9 e00dc900 e959844c Sysbase+0x5b59c @ 0xf545b59c, fp=0xe9598450 args=14c002c b4c45e0 e00dc900 9 ffffffff 0 Sysbase+0x5b1b8 @ 0xf545b1b8, fp=0xe95984b0 args=14c002c 3 f63b8180 f63b8184 f546ba84 f63b8180 Sysbase+0xaa894 @ 0xf54aa894, fp=0xe9598568 args=e00e7ff4 14c002c 3 f6294604 e00fee64 f6294600 lookuppn+0x4bc @ 0xe0059560, fp=0xe95985d0 args=f658d400 f658d474 e959863c f658d408 f666ff00 0 vn_create+0x68 @ 0xe009e7f0, fp=0xe9598740 args=e95987f4 0 e95987fc 0 f5a54e08 f63d3208 mknod+0x164 @ 0xe009bd24, fp=0xe9598800 args=0 0 e9598868 1 0 e9598864 syscall+0x3d8 @ 0xe002c4c0, fp=0xe95988b8 args=e9598e94 f000 0 6000 0 1 .syscall+0xa4 @ 0xe0005d34, fp=0xe9598938 args=e00daef4 e9598eb4 0 e9598e90 fffffffc ffffffff (unknown)+0x11660 @ 0x11660, fp=0xdffffc50 args=22ac4 61ff d32c d3 d300 d32c End traceback... init 6 panics Support for SC2000E and SS1000E was patched in the 2.3 and 2.4 releases, and integrated into the 2.5 release. This fix introduced a bug which causes non-zero system boards to have tpe-link-test turned to the incorrect setting. This has the effect of rendering the additional le interfaces non-functional. (from 101318-58) 1167235 panic data fault in strioctl - apparently doing TIOCSPGRP 1174270 ufs 'recursive mutex enter' panic. 1174851 SC2000 hang due to no ip clow control when used with FDDI board 1175304 vnode v_count is not maintained correctly Protect with mutex the testing and setting of the session and controlling terminal related flags in the streamhead. While running 'hsmdump' it is possible for the system to panic with "recursive mutex enter". 'hsmdump' uses a special ioctl() to put a "name lock" on the filesystem. There is a very subtle code path in which the locking protocol is subverted, hence, the panic. In testing of patch 101318-57 for bug 1174851, a problem was found. vnode v_count numbers are not maintained correctly causing vnodes to never disappear or, in the earliest bug, drop to zero prematurely and panic the system. (from 101318-57) 1174851 SC2000 hang due to no ip clow control when used with FDDI board 1174572 Viking workaround enabled on parts that do not need it 1172438 apps using AUTH_DES fail when many simultaneous requests are made 1172260 2.3 <-> 4.1.2 socket connection looses sync and delays transfer of data 1172243 Customer runs application from dumb terminal and system crashes. 1172009 recv() on sockets should return the error only once for SunOS 4.X compatibility 1171599 multiple simultaneous priocntl(0,0,PC_GETCID,) commands panic kernel The problem relates to the priocntl(..., PC_GETCID, ...) system call, which returns the class id of a named scheduling class. If more than one process makes this call at the same time with the same named class, and the class does not exist in the system, the system may panic. In SunOS 4.X sockets when a read() or recv*() call returns an error the application can do another read()/recv*() and get an EOF. This patch applies this subtle aspect of socket semantics to SunOS 5.X. Current patch has a bug in it. System would panic if stream event structure's pidp was null. Crash does not display accurate data. Stream event structure member se_proc was replaced by se_pidp. The pid structure must now be read to get the process slot number. A TCP connection might not start immediately when a window update is received after the Solaris 2.3 side has sent a zero window probe. With some TCP implementations at the remote end there will be a few seconds of delay (waiting for a retransmit timeout). When more than 25 users try and login into a NIS+ client simultaneously, only about 25 can make it. The rest get the "Login incorrect" message. Automatically apply the patch for bug 1137125 on systems that need it. When a high bandwith network interface is receiving a large number of packets addressed to it, but with no one bound to the specified port, then IP does a lot of processing. IP sends an ICMP unreachable packet back to the source of the original packet. This can cause large amounts of kmem to be consumed, which can cause subsequent kmem_alloc() failures, including allocb() failures in the driver for the high bandwidth interface driver. This can cause subsequent fragments of large IP frames to be dropped by the driver. IP will then hold on to these incomplete frames awaiting the arival of the missing fragments which will never show up, IP holds on to these frames for 60 seconds. Which in the case of a NPI FDDI interface at 80Mb/S can be 300Mbyte of kmem. (from 101318-56) 1172243 Customer runs application from dumb terminal and system crashes. 1166779 Add support for dragon+ dual power supply 1152922 prtdiag(1M) should display SBus clock frequency 1174222 5.3 automounter does not mount from 4.1.3 NFS servers with libc patch 1173212 SECURITY: su can display root password in the console 1170488 rpc.nisd running in compatability mode dumped core 1151883 NIS compat mode does not support maps of kind "x.y" or "x.y.z" 1169909 Running xlib code in Realtime class causes code to block. in poll() 1166349 panic vn_rele: vnode ref count 0 1165687 non-blocking reads on sockets block under Solaris 2.3 1162269 all net IP broadcast packets (255.255.255.255) have a ttl of 1 1164519 Socket returns with "address already in use" because conn in "BOUND" state Applications and environments that depend on routers forwarding broadcast packets might run into problems with the fact that IP sets the TTL of all broadcast packets to 1 (in order to avoid any broadcast storms when there are misconfigured machines on the wire). This patch makes it possibleto override the default TTL of 1. TCP sockets that are reset by the peer will return to the BOUND state instead of the IDLE state. If the application holds this socket open, it will prevent any other application to binding to the same TCP port number. This can cause services such as FTP to hang. The non-blocking attribute of a socket endpoint is not transferred from a non-blocking listener endpoint to a accepting endpoint. This causes some socket non-blocking programs to block. This patch fixes the problem by setting the accepting endpoint non-blocking attribute if the listener was non-blocking. fix for a "panic vn_rele: vnode ref count 0" situation Real time stream threads will block in a poll. NIS+ YP compat server does not support special "x.y" maps. It also dumps core when a NULL key field is received from a YP client. If a username is too long (greater than 8 characters), when su root fails or succeeds for that user, the characters typed in as the password are echoed to the console. automountd first makes a null RPC call to the remote portmapper (rpcbind) of the server from which it needs to mount to determine if the server is able to respond to mount requests or not. In some cases (multiple servers specified on map entry) it would call the remote portmapper using version 3, which is not available on non SVR4 systems. Some systems are now silent about version mismatches, which causes automountd to assume the server is dead (or at least it's rpcbind/portmapper). This patch fixes this problem by always using version 2 of the portmapper protocol. Add dual power supply support to SC2000 and SC2000E systems. Systems with dual power supplies will receive warnings on system console when one of the redundant power supplies fails. Modify prtdiag(1M) to indicate SBus Clock frequency. The SC2000E and SS1000E run with 25 MHz SBus clock frequency. The SC2000 and SS1000 run with 20 MHz SBus clock frequency. This change to prtdiag(1M) makes it easy to determine the SBus clock frequency on the system. Running applications that do I_SETSIG on console, when console is the serial port (i.e not the frame buffer), causes system to crash, when attempting to send signal to a process. (from 101318-55) 1172979 spurious SIGALRM received in test program that forks child processes 1172118 hat_share fails during seg_dup if parent's L1 has lost ISM mappings 1171833 memory leak in thr_setspecific 1171609 lockd swap leak 1169590 Writing directly to /dev/fd/0 will cause a panic 1167647 Auditing of some system call fail. 1163312 processes can hang during exec() when exec args area is depleted 1173731 ps hangs inside prlock function 1160112 socket library accidentally closes file descriptor on error 1120225 recv() returns EPIPE when called with MSG_PEEK 1152710 socket lib in 2.3/2.2 have problems with not clearing bad connections and errno AF_UNIX and AF_INET sockets can sometimes get EPIPE errors for recv(MSG_PEEK). processes can hang during exec() when exec args area is depleted Doing a cat > /dev/fd/0 will panic the system. C2audit checks to make sure that there is only one file path per file struct. In the file descriptor file system a file struct is aliased thruogh a different path. The check for duplicate path can be removed in audit.c, this will fix the panic. During auditing of an open or creat failure due to a permission problem, the audit subsystem will fail to output the path to the file. This create a security problem for the cites that use auditing to monitor their systems. modified audit_savepath and audit_setf to make sure that te path token is always produced. The fix is to a portion of the lock manager which creates client handles. The change was made to keep lockd from allocating the maximum size of 64k for send and receive buffers. The new size is 4k. The bug is that each thread in an MT program which uses Thread Specific Data (TSD) (the thr_setspecific(3t) interfaces), leaks 2 words plus 1 word per TSD key. So, for example, if there are 6 TSD keys, 2 + 6 words are leaked per thread created/exited. i.e. 32 bytes per thread created/exited. If the rate of thread creation/destruction is high, this could lead to a substantial memory leak, especially for long running applications. Using ISM on LX, Classics, SparcStation 5 may cause the system to panic with ""invalid shared memory l1 ptp" message. This specification of signal actions from the signal(5) manual page was being violated: Setting a signal action to SIG_IGN for a signal that is pending causes the pending signal to be discarded, whether or not it is blocked. Any queued values pending are also discarded, and the resources used to queue them are released and made available to queue other signals. The condition under which the pending signal was not being discarded was the specific case of SIGALRM signals generated by the setitimer(ITIMER_REAL) interface. The malfunction happens in a narrow race condition which will be triggered under intensive setting of a signal handler and setting it to SIG_IGN while the itimer is active. (from 101318-54) 1164428 System will hang when echoing msgs between ttya & ttyb 1172320 1155298 fix in patch 101318-49 breaks c2_audit 1170544 utmpd loops consuming all cpu if CDE is installed 1170669 utmpd issues error messages 1172155 utmpd - runs away consuming CPU resources 1169424 rsh hangs occasionally during high activity. daemon rshd not running 1165250 2.3 system hangwith ldterm out of blocks message 1168167 BSM with nt flag and 101318 patch loaded crashes at login 1170038 Panic memory address alignment in audit_sock under 2.3 from rpcbind when audit Problem is seen on highly active networks when connection establishment to a TCP port that is currently in TIME-WAIT state from the same client attempting to reconnect. This can causes the server to adjust its global TCP ISS (Initial Send Sequence) number backwards. This can cause a subsequent connection establishment by the server to another system to be ignored, as others will see this sequence number as being older. Resulting in applications using TCP (network sockets) to hang. This ISS adjustment is done in an attempt to guarantee that ISS numbers are always greater then the last sequence number used in a previous incarnation of a server/client/port connection. While at the same time conserving the sequence number space. But the global ISS must never move backwards in time !!! Under certain circumstances the utmp daemon can go into an infinite loop hanging, or at least slowing down, the system. This fix is distinct from an earlier runaway, 1170544. This fix is an update to the utmp daemon, /usr/lib/utmpd, which was created in an earlier patch for CTE Esc #9122. These bugs were found during the shakeout of a prefcs version of 494. One problem, 1170544, occurrs when a user logs in while using CDE. The other occurrs on large multiuser systems such as an SC1000 or SC2000. Essentially utmpd makes extensive use of the /proc file system and the poll() system call to monitor the termination of processes that have made entries into the utmp files. The fixes to the utmpd presented here work around some anomalies associated with /proc. Patch number 101318-49 has a change not comptible with "c2_audit". Customers that use it need this fix. ptem has a write service procedure and will flow control if there is any message on the queue or the canput into next queue fails. System hangs with the following message: Warning: ldterm (ldtermsrv/newmsg) out of blocks Warning: ldtermsrv: out of blocks patch 101318 modifed /usr/include/sys/strsubr.h. It moved a variable which c2audit was relying on. c2audit was not included on the path, so when the patch was installed it would write at an old offset clobbering the newly added variables. (from 101318-53) 1171363 CTE101318-50 heavy xdm use panic: Deadlock condition detected in blocking chain 1091548 server does not stay alive handling multiple, serially-calling clients 1169109 setuid/setgid program takes on default system limit 1168365 Solaris 2.3/Sun4d system will panic illegal instruction in exec system call. 1168635 5.2 ss1000 crashes in dofusers when "fusers *" on large flat directory 1166848 L1 A and then sync locks up machine 1165014 autoup set to 120 - system would not do a core dump 1158398 Dump fails during sync Problems may occur, when syncing filesystems after a panic. If the sync gets hung, the system should eventually cause a panic timeout, which allows the system to continue and create the coredump. This patch addresses one problem with semaphore use during panic time which may cause the sync to hang. Also, it changes sync_timeout to be updated more frequently, timing out the sync quicker if it gets hung. Finally, changes where made to the sun4d kernel, so if the panic occurs at an IPL above clock, timeouts can still occur. Proc structure corruption due to locking error. Patch 101318-50 for SunOS 5.3 contains a new daemon, /usr/lib/utmpd, that maintains the consistency of /etc/utmp and /etc/wtmp (/var/adm/utmp and /var/adm/wtmp). This is so the 'who' command will show accurately who is logged in at any time. The utmp daemon relies on the polling feature of /proc to do its work. The polling feature of /proc has a lock ordering problem with respect to the poll() system call that can lead to a deadlock. The deadlock, when detected, results in a system panic: panic: Deadlock condition detected: cycle in blocking chain The panic has been observed when making heavy use of xdm (the X Display Manager) on an SS1000. However, the problem is generic to all machines running the 5.3 patch 101318-50. A TLI server with the same fd for listening and accepting endpoints will fail to accept subsequent connection attempts. While the listening port remains the same for each subsequent connection, the client's port changes, so all subsequent connections are unique in terms of bindings. The module loading subsystem is not fully MT-safe. This can be manifested in several ways including BAD TRAP panics while booting Japanese Solaris 2.3; BAD TRAP panics following the message "exec type 108 is already installed"; other panics or BAD TRAPs with module loading routines appearing in the backtrace; and threads appearing to be stuck trying to waiting to load or unload a module. Invoking a setuid program will reset resource limits to system default. (from 101318-52) 1170350 rlogin (and services like rcp/rsh/rdist that use rcmd()) can become disabled 1170091 Patch 101318 the fix for :already allocated shared memory l1ptp, panics sun4m's 1165247 Support for IPX/SPX address family in libsocket 1170814 system deadlocks in thread_lock_high() 1170036 MXCC-based copy/zero code incorrect for sun4m 1169640 sprintf format "%.4S" prints improperly when strings include 0216 or 0217 1170527 segmentation violation in select or socket calls 1169904 syslogd core dump in ismyaddr() 1170233 Syslogd prints "???" instead of client host name ismyaddr(nbp = 0x456e0), line 1419 in "syslogd.c" amiloghost(), line 1599 in "syslogd.c" init(), line 1118 in "syslogd.c" sigacthandler(0x1, 0x0, 0xefffee08, 0xa, 0xefffec28, 0xeffff099) at 0xef6eadf8 main(argc = 1, argv = 0xeffff8fc), line 315 in "syslogd.c" Some socket programs may experience a core dump caused by segment violation under heavy use. Certain error conditions, if they happen on the system cause an internal socket library data structure corruption. The printf routines can fail to count 0x8e or 0x8f character when calculating precision in %.s format. On SPARCstation systems installed with the SuperSPARC processors and SuperCache external cache controllers the kernel block copy and block zero code uses the SuperCache's hardware stream copy features. When a block copy or block zero is performed the code did not wait for the last operation to finish. If kernel code subsequently wrote to the last memory locations touched by a block copy/zero the order of the two operations may have become reversed with the block copy/zero data being returned on subsequent accesses instead of the kernel's data. The fix is for the kernel to wait for the stream operation to complete before returning from the block copy/zero code. If an interrupt thread acquires a readers-writer lock held (but being released by) the thread it pins, a deadlock can occur. This deadlock will appear in pi_waive() calling thread_lock_high(). This problem has been observed on sun4d machines, but it could potentially happen on any machine running Solaris 2.3. However, the window during which this problem could manifest itself is of small duration; the probability of occurrance is low (but it has happened). The address and protocol family declarations AF_IPX/PF_IPX need to be added to header file socket.h and library modified for support of these. These are needed only with SPX/IPX protocol unbundled networking products. When ISM is run on LX, Classics and ROSS 600MPs with 2.3 patch 101318-45 and above, the machine may crash. The rlogin/rsh/rdist/rcp services may not work after they timeout once because of temporary network load or connectivity problems. This fixes a problem in the fix for bug 1138924 TCP connection in zero-window condition times out. that was fixed in rev -44 of this patch. Sites which installed the patch rev-44 or greater upto the patch level where this fix gets shipped might have this problem. (from 101318-51) 1143231 Synchronization stubs should be exported for third party vendors The synchronization stubs in libc should be exported for the use of other libraries. The problem is that third party vendors can't benefit from this technique in making their libraries MT safe. Currently they have no way in making a library work for both single- and multithreaded apps at the same time. (from 101318-50) 1168083 2.3 syslogd dumps core near _netdir_getbyaddr() 1169132 Occasional failures to open symlinks during system reliability tests 1168055 BCP programs broken in libnsl 1167439 [bcp-libc] Clients of OW for 4.x don't run properly in the BCP mode. 1168672 libaio should call _sig* functions 1167154 ndd(1) causes kernel panic. 1164156 listen() can cause bound port number to silently change 1130726 rsh fails intermittently (with patch 100468-03) 1151598 pututline and pututxline can erroneously return failure 1159347 pututline() does not work properly 1165413 in.rlogind, in.telnetd do not reuse DEAD_PROCESS utmp entries 1163776 kill -9 of xterm does not clean up utmp entry 1123876 UDP can't bind to broadcast address 1156103: pwconv segfaults when last record is +/- 1167485 Solaris-2.3, patch #101318-4[45], syslog msgs not output An UDP/ICMP application cannot bind to a broadcast IP address without this fix. While no packet should be emitted by the system with a broadcast IP source address, a bind to a broadcast IP address should be allowed. A packet sent from such an endpoint will be emitted with the source IP address of the interface. The endpoint receives the packets with the destination address set to the specific broadcast address to which the endpoint is bound. This patch fixes the following utmp problems: 1. Duplicate utmp entries (1165413). If a program that makes an entry dies (like xterm) then cmdtool is started you use to see two entries. Now stale entrys get cleaned up by a new program - the utmp daemon. 2. pututline could return a failure even though it made an entry (1151598). Also if you gave it an alternate file name it wouldn't work (1159347) unless you were root. 1164156 listen() can cause bound port number to silently change 1130726 rsh fails intermittently (with patch 100468-03) When running 1000's of rsh connections some of them can hang. Executing multiple "ndd /dev/tcp tcp_status" simultaneously on a multiprocessor system can cause a "Data fault" PANIC on Solaris 2.3 systems. BCP programs compiled under 4.x coredump when Patch 101484-03 is installed Symlinks are sometimes resolved incorrectly. strcmp(0x20002100, 0xdfffdf00, 0x72, 0, 0x10, 0x72656477) at 0xdf6f6158 searchhost(0x44480, 0, 0xdfffe764, 0xdfffdf08, 0xdfffe768, 0xdfffdf08) at 0xdf6011dc _netdir_getbyaddr(0x486b0, 0x468e8, 0xdf60140c, 0, 0x44480, 0) at 0xdf600cc0 netdir_getbyaddr(0x486b0, 0, 0x468e8, 0, 0x47998, 0x46ad8) at 0xdf778bec cvthname(nbp = 0x468e8) at 0x13f00 main(argc = 1, argv = 0xdffffd6c) at 0x1248c pwconv was dumping core in some circumstance involving +/- type entries in the passwd file. A patch was supplied that fixed this problem (-46), but introduced a number of other problems, including putting the string "x," into the passwd file instead of "x", zeroing out the passwd aging info and removing shadow entries with *LK* or NP. This patch appears to have fixed those problems. Incorrect accounting of the number of processes logging syslog messages was preventing more that one process to receive syslog messages. (from 101318-49) 1167602 stale nfs file handle, lockd unable to do cnvt 1164428 System will hang when echoing msgs between ttya & ttyb 1155298 bind of AF_UNIX address simultaneously from multiple processes can fail 1168240 flk_allocate_lock() can data fault if kernel memory exhausted 1166581 local locking fails to inform lockd when files can be closed A bind of address to AF_UNIX socket can fail if there are multiple processes all doing binds at the same time and and an unrelated process unlink()'s the AF_UNIX address path at the same time without closing the socket it was bound to. ptem module didnot have a service procedure when the write put procedure was doing a putq() during STOPPED state. This resulted in depletion of message buffers. Certain older NFS clients can cause repeated request to unlock a stale file handle causing the error message: _nfssys: error Stale NFS file handle lockd: unable to do cnvt. To flood the console. Lock manager can leak file descriptors. (from 101318-48) 1165736 autofs/lofs: panic : vn_rele: vnode ref count 0 1159152 zs driver latency increased by 20-30msec in 5.3 1107880 shared cd mounted w/o -r option gets multiple lockd error messages The timeout value for the receipt of the next character is determined by the transmission speed. So that for higher baud rate the timeout value is small. It is possible for the system to panic under certain conditions related mounting and unmounting filesystems. This will most likely show up when using loopback filesystems with the automounter. If you have a cd-rom mounted and then shared (both read-only, as they have to be--the system won't allow you to do otherwise) and then you mount this shared filesystem on another machine without specifying read-only, then when you run answerbook off the cd you will get the following messages scrolling hundreds of times in the console of the machine which is sharing the cd. lockd[288]: _nfssys: error Read-only file system lockd[288]: lockd: unable to do cnvt. (from 101318-47) 1166933 machine panic with memory address alignment in flk_insert_in_list, esc9392 The vnode is pointing to an active lock that is trashed. (from 101318-46) 1166629 Gypsy panics: Data fault, booting on1093 and kernel jumbo patch 101318-45 1156103 pwconv segfaults when last record is +/- 1165689 SC2000 fails to boot with more than 25 DWIS/S SBus Cards. 1155951 TCP 3-way handshake doesn't complete is last ack is lost 1165649 ISM crash with jumbo patch 101318-36 installed 1117303 Unable to install/attach driver cgsix error 1163167 spamified memory is left uncached after unspamification 1163170 program shows linear degradation in performance 1164554 segsx_cmem_fault does not handle F_SOFTLOCK/F_SOFTUNLOCK 1165987 SS20 running 2.3 with SX crashing with could not find a free SX_hmentblk The cgsix driver fails to work on sun4/110 machines The system crashes if users try to use locking operations on ISM segments. 1159882 bcopy for 4.1.3 twice as fast as bcopy A performance improvement is obtained using the MXCC to assist bcopy, when either source and/or destination memory are not cached. Bcopy will include use of the MXCC block transfer when the following conditions are met: - transfer length of 1 page minimum - source and destination addresses are page aligned - either source or destination memory NOT cacheABLE. 1155951: TCP 3-way handshake doesn't complete is last ack is lost Under heavy load tcp connections (such as rsh) can time out during the connection establishment. This happens when the SYN+ACK packet is lost. The system hangs when devices use up all IOPB space. Hooking up more than 25 ISP controllers is an example. A problem with password file entries which use the "+" or "-" feature, when shadow password files are constructed using pwconv, has been fixed. Previously, pwconv failed somewhat untidily for password files with this yp/nis/nis+ entry. It now words as advertized, correctly modifying password files (substituting the string "x" for encrypted passwords, and properly writing shadow password files. Installing kernel jumbo patch 101318-41 or better on Gypsy causes the kernel to panic during boot. (from 101318-45) 1165902 truss broken with patch 101318-42 for bugid 1160087 1156132 ioctl dose not work on Solaris2.3 1159248 Kernel panics in tcp_snmp_get while doing netstat 1164569 rmdir on tmpfs w/ sticky bit set causes panic data fault if not owner of dir 1165270 system panics with freeing free fraq/block/inode 1158674 infinite loop in deadflck() hangs system This patch uses a different algorithm to fix many file and record locking problems. During a panic, only the panic'ing thread is allowed to run. Because of this, during a panic the thread always gets the locks it requests. In some cases I/O buffers and critical ufs data structures are locked because the buffer or data structure is in the middle of being modified and should *not* be written out. This is the suspected cause of several ufs panics that involve inconsistent meta-data. The fix is to have the buffer and inode code respect the BUSY and IREF flags (respectively) during a panic. Sun machines can be crashed by users, using tmpfs. Tmpfs is default installation Mount /tmp as a tmpfs filesystem. chmod 1777 /tmp As a non-root user, mkdir /tmp/testdir As a different non-root user, rmdir /tmp/testdir. BAD TRAP: type=9 rp=f057a72c addr=3 mmu_fsr=3a6 rw=2 rmdir: Data fault 1159248: the tcp_tcph structure is not initialized in some states of tcp, and dereferencing th_lport (or th_fport) causes the machine to panic at tcp_snmp_get+188 The zs driver was not sending ACK for the ioctls TIOCSBRK and TIOCCBRK. The check for the lwp_sysabort flag in lwp, set via /proc, was being done before the call to issig(). (from 101318-44) 1150417 4d system running 2.3 panics with already allocated shared memory message 1164156 listen() can cause bound port number to silently change 1138924 TCP connection in zero-window condition times out. 1164504 FIN_WAIT_2 connections disappearing 1159757 netdir_getbyaddr(3) dumps core in syslogd daemon when running in DNS env. only 1158215 Solaris2.3: syslog(3) can't output japanese language Solaris 2.3: syslog(3) can't output japanese language netdir_getbyaddr(3) dumps core in the syslogd daemon when running in DNS environment only. 1164156: command piped in rsh hangs in Solaris 2.3 rsh can sometimes hang due to the port number changing as part of the listen() call on the reserved port. This can also effect other applications where multiple applications contend for the same port number. 1138924: TCP connection in zero-window condition times out. A two way tcp connection (such as cat /etc/termcap | rsh host2 '/usr/bin/cat -' > termcap.cat ) can hang and time out. 1164504: FIN_WAIT_2 connections disappearing With the fix for 1135394 connections in FIN_WAIT_2 state might be removed too quickly when the application does a shutdown() before the close(). This patch is for customers using ISM and run into this panic: "already allocated shared memory l1 ptp" (from 101318-43) 1155948 Sybase BCP performance poor under 2.3 1163747 Unbundling of sendmail from patch 101318 1155948 Sybase BCP performance poor under 2.3 Bug in IP causes TCP/IP performance degradation. 1163747 Unbundling of sendmail from patch 101318 sendmail/sendmail.mx is now unbundled from patch 101318. Patch 101318-43 or later is still needed to fix bug id 1155803, ndbm hangs when two large records hash to the same value. The unbundled sendmail patch fixes all other known sendmail problems and will work without patch 101318, with the exception of bug id 1155803. Patches 101318-35 through 101318-42 also contain the additional libc fix needed for 1155803, but MUST be installed prior to the installation of 101739 and NEVER be installed after 101739. Doing so will backout all sendmail fixes that occured after 101371-04. (from 101318-42) 1125134 IP wrongly sends ethernet packet to token ring and possibly other drivers 1139327 remove enterq/leaveq from ttycommon 1146549 bug in ip flow control cause system hang 1147977 panic: recursive mutex_enter. when doing ndd /dev/udp udp_status 1151192 srmmu_setup panic oracle data fault srmmu_pteload 1160087 large output ALM2 doesn't respond properly to interrupt signal after XOFF 1163533 panic Deadlock condition detected: cycle in blocking chain 1125134 IP wrongly sends down ethernet packet to token ring Datalink drivers that use the 'M_DATA fastpath' can in some cases receive M_DATA packets with Ethernet headers. This has been observed for Token ring drivers among others. Often the Ethernet packet is destined to the Ethernet broadcast address. 1139327 remove enterq/leaveq from ttycommon Async drivers that support the tty subsystem, calling tty_common.c routines, currently need to call the undocumented enterq/leaveq routines because this is required by ttycommon_ioctl(). Machine with a third party driver hangs at Raytheon. 1146549 bug in ip flow control cause system hang When the ethernet cable is disconnected, in a redundant (fault- tolerant) set up, SUN machine hangs forever. 1147977 panic: recursive mutex_enter. when doing ndd /dev/udp udp_status Running the command 'ndd /dev/udp udp_status' will alwaya panic the machine. 1151192 srmmu_setup panic oracle data fault srmmu_pteload SPARCstation Classics have panic'd in srmmu_setup due to a race. 1160087 large output ALM2 doesn't respond properly to interrupt signal after XOFF Send the M_SIG message type first so that when the stopped thread wakes up and runs it sees the signal SIGINT and exits. 1163533: panic Deadlock condition detected: cycle in blocking chain When running a significant load of multiple ndd commands on /dev/tcp the machine can deadlock resulting in a kernel panic. (from 101318-41) 1151592 workaround needed for swift prefetch bug. 1152033 x11perf on Aurora P1.1 and S494 prealpha6 ON caused panic 1135394 Detached connections can stay in FIN_WAIT_2 forever 1160681 find returns cannot open /: no such file or directory 1135394 Detached connections can stay in FIN_WAIT_2 forever It is possible for TCP connections to get into the FIN_WAIT_2 state and stay there forever. These connections may prevent another application from binding to the TCP port number that the connection is bound to if the application does not enable the SO_REUSEADDR option. 1151592 workaround needed for swift prefetch bug. 1152033 x11perf on Aurora P1.1 and S494 prealpha6 ON caused panic This patch solves two problem. 1. It works around a prefetch cpu bug, and 2. A kernel bug causes a panic running x11perf. 1160681 find returns cannot open /: no such file or directory When using the following find command: /bin/find / -type f ( -perm -4000 -o -perm -2000 ) -exec /bin/ls -lda {} \; as root on a 2.3 machine, the command fails about half the time with: "cannot open /: no such file or directory" (from 101318-40) 1157265 pwconv erases the NIS entry in the passwd and shadow files 1155515 sockmod leaks memory when T_CONN_REQ is T_ERROR_ACK'd 1147647 localtime_r has a memory leak 1155515 sockmod leaks memory when T_CONN_REQ is T_ERROR_ACK'd This is a generic bug in sockmod but most likely to be seen when X25 8.0 product is running. There is a memory leak caused when connect() requests are rejected on the local machine. X25 provider does it often enough for this memory leak to assume significant proportions. 1157265 pwconv erases the NIS entry in the passwd and shadow files If I ran pwconv with no changes to either the passwd and shadow files and a correct NIS entry in each, the NIS entry gets erased in both the passwd and shadow files. If I make a change to the passwd file or shadow file, pwconv works as it is documented but it still erases the NIS enties. Additional infomation from a duplicate of 1157265, bug id 1059438: If there is an NIS entry in /etc/shadow, pwconv gives the following message /usr/sbin/pwconv: Bad entry in /etc/shadow. Conversion is not done and will not execute. The NIS entry I had in /etc/shadow was: +::0:0::: (from 101318-39) 1160720 fix for bugid 1150613 has to be backed out as it is not general 1159439 buffer cache code can deadlock 1157267 users with passwd file entries > 132 chars. cannot change passwd 1140503 cgfourteen cursor does not turn off in response to FBIOSCURSOR ioctl 1140378 galaxy with 2 ross modules hang on Solaris 5.2 running sundiag 1122992 galaxy ross system hang shortly after sundiag start 1132086 libc has window where programs can dump core in sigaction call 1132086 libc has window where programs can dump core in sigaction call The values in the signal handler were set to the new action before a system call if the action was SIG_DFL or SIG_IGN. This resulted in ksh sometimes dumps core with SIGSEGV. 1140378 galaxy with 2 ross modules hang on Solaris 5.2 running sundiag 1122992 galaxy ross system hang shortly after sundiag start Very often Ross machines would hang when running Sundiag or even just normal system activity. 1157267 users with passwd file entries > 132 chars. cannot change passwd Users with passwd file entries > 132 characters cannot change their passwd using the "passwd" command. Error is "username does not exist", even though users are in /etc/passwd and /etc/shadow files. This is true of users whose entries come after the first entry > 132 characters in the passwd file. The users can log in, but cannot change their passwd with the "passwd" command. This problem can be re-produced by adding in an entry > 132 chars. to the /etc/passwd file, and manually editing the /etc/shadow file to add entry for this user. (don't use pwconv because of Bug 1151625.) Log in as user and try to change the passwd, it will fail with the error "username does not exist". Add another entry to the passwd file that is less than 132 chars. but add it after the long entry, and log in and try to change the passwd, will get the same error as for the user with the long passwd entry. Can change passwd for users with passwd file entries > 132 chars. on Solaris 2.2. 1159439 buffer cache code can deadlock Under extremely heavy I/O loads the system may deadlock due to a lock ordering problem in the buffer cache. (from 101318-38) 1157990 df -k does not report correct values for tmpfs 1160207 panic: tmp_getapage: no anon slot when reading tmpfs files over nfs 1155948 Sybase BCP performance poor under 2.3 1140802 ttyname(), ttyname_r() library call scans entire /dev/pts dir to find tty 1157990 df -k does not report correct values for tmpfs df -k reports incorrect values on a tmpfs filesystem mounted with the size option. 1160207 panic: tmp_getapage: no anon slot when reading tmpfs files over nfs Reading holey tmpfs files exported via NFS panics the system. 1155948 Sybase BCP performance poor under 2.3 Bug in IP causes TCP/IP performance degradation. 1140802 ttyname(), ttyname_r() library call scans entire /dev/pts dir to find tty The ttyname() (and ttyname_r()) routine stats every entry in /dev/pts directory until it can find the one matching the file descriptor that has been passed as an argument. This can result in too many stat system calls on large machines with many timeshare users because of large number of /dev/pts/<###> entries being used. (from 101318-37) 1159160 f77 compilation fails because combination of fseek and fwrite writes wrong bits Some combinations of fseek and fwrite on tmpfs files can lead to corruption of the written file. This is present in the 101318 Rev 31 and 32 patches for 1093 as well as in 494, but not in 1093 FCS (from 101318-36) 1157978 interrupted back to back store can cause kernel panic 1144536 need swift idle support for next release The first bug fix is a software workaround to a Swift chip bug. Back to back stores that are interrupted can cause kernel panics. The second bug fix is to support cpu idle for the SPARCstation 5. (from 101318-35) 1154452 serial port loses when SX context switches 1157110 Resetting SPAM chip could hang the system (due to unexpected level 15) 1157460 Nachos video frame transfer rate to SX memory is very low 1157463 Eliminating one redundant cache flush can benefit performance. 1158000 101318-32 conflicts with the X.25 patch 101524-01 1157524 locks are left on NFS files after the locking process is killed Suppose a process obtains a record lock on an NFS file and is then killed with SIGKILL ("kill -9"). The process will fail to release the record lock when it exits. 1158000: 101318-32 conflicts with the X.25 patch 101524-01 Kernel panics upon X.25 bring up when both 101318-32 and 101524-01 are installed on the system. See above synopsis. (from 101318-34) 1152960 panic: srmmu_unlock() during Sybase dataserver shutdown 1153324 System gets a srmmu_pteunload panic when starting Oracle DB. 1156550 Fix for 1137125 needs to recognize newer Vikings 1152410 deadlock occurs in ufs under heavy nfs workload 1155803 ndbm hangs when two large records hash to the same value 1157047 32MB DSIMMs do not always work in SS10 and derivatives 1139753 locking hangs under heavy load; disturbing ICMP messages 1152960: panic: srmmu_unlock() during Sybase dataserver shutdown 1153324: System gets a srmmu_pteunload panic when starting Oracle DB. Customers seeing data base programs (Informix, Oracle, Sybase) with ISM turned on causes system to crash. There are kernel bugs fixed in this patch, but we also found some bugs in DB vendors' code which makes DBs fail to startup with the fixed kernel. As a result, we are coordinating with DB vendors to fix their releases too. Here is when patch/new release from DB will be available: Oracle: a fix will be available as a patch to the newly released 7.0.16 in early 3/94. Inforimx: the fix will be in 6.0.UD1 to be released in 2/94. Sybase: For users of the Sybase SQL Server version 10.0 or later. With certain memory configurations, a small number of sites may experience a situation where the Sybase SQL Server may fail to boot. If this occurs, contact Sybase Technical Support for assistance. For users of Sybase SQL Server 4.9.2 or earlier, this patch should have no impact. 1156550 Fix for 1137125 needs to recognize newer Vikings The current fix for bug 1137125 needs to be modified to handle newer versions of SuperSPARC. 1152410 deadlock occurs in ufs under heavy nfs workload Under heavy CFE (a filesystem benchmark) workload with a ss1 being pounded by a ss2 at full speed, deadlock happens seemingly waiting to do a pagelock. There isone case readdir was waiting for pagelock and the enclosed threadlist shows a casewhere ufs_putpages waiting for pagelock. 1155803 ndbm hangs when two large records hash to the same value The problem is that ndbm, the libc database thing, hangs when two records of over 512 bytes hash to the same value. The man page says that when this occurrs and error is returned, however this is currently not the case. This fix now generates an error per the man page. 1157047 32MB DSIMMs do not always work in SS10 and derivatives The new 32MB DSIMMS contain two discontiguous 16MB memory regions and thus look like two DSIMMS rather than one. There currently exists code in the sun4m kernel that assumes no more than 8 regions of physical DRAM thus four 32MB DSIMMS plus one of any other sort of DSIMM (or any other configuration using more than 8 "slots" for DRAM) will cause a kernel panic during boot. If more than 8 regions of DRAM exist the current code does NOTHING at all (ie, it just quits, doesn't do what it is supposed to do). 1139753 locking hangs under heavy load; disturbing ICMP messages Under heavy loads, NFS locking clients may be unable to provide replies to their servers' occasional portmap GETPORT requests within the default RPC timeout. This in turn prevents the server from responding to outstanding locking requests from that client (and others), causing the server lockd to appear to be hung or dead. (from 101318-33) Bugid1148689 1142662 mlockall(MCL_CURRENT) returns EIO if used with threads When a thread is created and mlockall(MCL_CURRENT) is called it fails with EIO, mlockall(MCL_FUTURE) works but this does not guarantee that the pages loaded so far have been locked in memory. mlock/mlockall and MAP_NORESERVE. An mlock/mlockall on a mapping of /dev/zero (anonymous memory) will lock all pages in memory. However, an mlock/mlockall operation on a MAP_NORESERVE mapping of /dev/zero will NOT lock pages that have not been faulted in (i.e., have not been accessed). mlock/mlockall will only lock all existing anonymous pages in memory. Thus, applications which expect all pages in an address space to be locked in memory via mlockall(2) should ensure that all pages belonging to MAP_NORESERVE mappings, if any, are accessed before invoking mlockall(). The threads library creates all default thread stacks as a MAP_NORESERVE mapping. Thus, applications which create threads and expects all pages to be locked via mlockall() must provide a stack which is represented by a virtual address range NOT mapped as MAP_NORESERVE. Bugid 1148689 : Problem secure nfs between solaris1.x and solaris2.2 After several testings and investigation, the description of this bug should really be : "Under Solaris 2.x secure NFS, a non-root user on a 2.x NFS Client cannot write a large file to a securely mounted NFS File system after the NFS Server reboots (only if you did a write before the sever reboots." (from 101318-32) 1154325 kernel route table corruption when using routed on a network with gated running 1152168 System call use blu, can cause loading error. 1149458 pwconv strips out entries that begin with + from /etc/passwd 1146840 severe performance problems with a few hundred active tcp connections 1150304 tcp_eager_swap fails moving timer_mp if more than one eager connection 1088703 upstream message during I_UNLINK can cause panic 1097418 qprocsoff reordering problem 1151044 TCP connections hung in ESTALISHED state. 1153024 Assertion failure in strrput : ASSERT (!(stp->sd_flag & STPLEX)) 1142479 infinite loop in callbparams_free 1155136 Recursive mutex enter in streams strrput+x980 1154975 IP perimeters cause 1000 op LADDIS drop 1145471 3-5 out of 600 concurrent tcp connections just hang and never timed out. 1142622 interactive performance poor on MP system w/CPU bound procs 1113339 t_sndrel()/shutdown() immediately after sending small dataset causes data lost Data may get lost while using TCP (/dev/tcp in TLI and AF_INET/SOCK_STREAM sockets) when a t_sndrel()/shutdown() call is made immediately after sending a very small amount of data. Mouse tracking is rough when an MP system is running enough CPU-bound processes to occupy all on-line processors. Under heavy load and with lost packets, a TCP server can get into a state where connections never re-transmit. The symptom is connections in ESTABLISHED state with data on the send queue shown by "netstat" and no retransmissions visible by "snoop". 1146840 severe performance problems with a few hundred active tcp connections The performance of sockets decrease significantly when there are a couple of hundered sockets open. 1088703 upstream message during I_UNLINK can cause panic A multiplexing driver might see messages arriving in its lower put procedure for a queue which has already been I_UNLINKed. 1142479 infinite loop in callbparams_free Streams drivers and modules using qtimeout(9F) or qbufcall(9F) can cause the kernel to go in infinite loop in callbparams_free. 1155136 Recursive mutex enter in streams strrput+x980 Stressing TCP/IP on a multiprocessor can cause a recursive mutex_enter panic. The stack trace shows that mutex_enter was called by strrput. 1154975 - IP perimeters cause 1000 op LADDIS drop 1149458 pwconv strips out entries that begin with + from /etc/passwd Passwd entries beginning with "+" or "-" are silently removed from the files /etc/passwd and /etc/shadow on the second invocation of pwconv(1M). This fix prevents such entries from being silently discarded. Very large displacements (jumps) are not supported in Solaris 2.x, when calling the libc cerror routine from elsewhere in the library or user code. With this fix, these displacements are supported. Because the maximum displacement of BICC branch instruction is 8 megabytes, programs cannot be linked when separated by more than 8 megabytes. This circumstance arises out of the multi-pass semantics of the Solaris 2.x loader, and specific to this instance, the incremental loading done by a third-party (lisp) interpreter, which results in unusual text segment distribution, and displacements of greater than 22 bits. 1154325: kernel route table corruption when using routed on a network with gated running When running on a network with routing daemons that generate host routes for machines on the directly attached network (e.g. in netstat -rn: 155.155.48.43 155.155.48.43 UGH 0 0 the routing table will not contain any routes with 155.155.48.43 as a gateway. This will lead to lack of connectivity. in.routed will syslog messages like: in.routed[1923]: rtadd SIOCADDRT: Network is unreachable (from 101318-31) 1154515 binaries compiled with "-N" on 4.1.x fail on Solaris 2.3 w/ "Exec format error" OMAGIC binaries do not work on Solaris 2.x. 1153178 tmpfs deals incorrectly with directory permissions 1151999 problem with directory links in tmpfs - pwd gets confused 1146597 panic in strpermod_allocate when MTPERMOD driver opened twice consecutively With X.25 8.0 it is possible to panic the system by a user opening /dev/x25 twice (the first open will fail and the second will panic the system). (from 101485-01) 1121069 creating a.out cores can cause panics The kernel can panic with a data fault when an a.out core file is produced because the kernel reads off the end of the user structure. This can produce "WARNING: Kernel BE" or "WARNING: Kernel TO" followed by an "Access bus error" bad trap. The pc is usually in bcopy_asm, and the stack shows the routines "core" and "aoutcore". (from 101318-30) 1150613 _lwp_create doesn't pass on process priority New lwp created using _lwp_create() doesn't inherit the scheduling parameters properly from the parent lwp. (from 101318-29) 1153911 compiler code reordering breaks small4m parity reporting - use volatile During a memory error (i.e. parity error) the MFAR register is reported incorrectly. The address given will report an error from the wrong SIMM. The fix is to use the volatile type to preserve the correct MFAR address, allowing customer to find the correct bad SIMM. (from 101318-28) 1152995 Bad core file generated when mmap() range exceeds object size. A program that uses mmap(2) to map a file and that creates a mapping larger than the size of the file and that then aborts with a core dump will generate a core file that is not readable by a debugger. (from 101318-27) 1144086 data fault in ts_alloc or trap in tstile_alloc when lofs fileystem mounted. The system may run out of turnstiles (a locking resource). Running with the loopback file system may exacerbate this problem. First appeared on an SC2000. 1152995 backed out because of side effect problems (from 101318-26) 1152995 Bad core file generated when mmap() range exceeds object size. A program that uses mmap(2) to map a file and that creates a mapping larger than the size of the file and that then aborts with a core dump will generate a core file that is not readable by a debugger. 1153790 s1093 kadb will not boot kadb on viking 3.5 systems really fixed in this rev (from 101318-25) 1153790 s1093 kadb will not boot kadb on viking 3.5 systems This fix isn't right (from 101318-24) 1152977 Interactive response suffers when CPU intensive jobs are running When CPU intensive jobs ("main(){while(1);}", to take a trivial example) are running, interactive response can suffer badly. Symptoms include sluggish mouse pointer movement, and intermittent echoing of characters in shells. (from 101318-23) 1151159 random and strange bad behavior on 4d systems, i.e. panics, watchdogs, etc. 1153051 enabling of workaround for random and strange behavior on 4d systems In systems utilizing SuperSPARC processors, there is a possiblity of random and strange bad behavior on 4d systems. A cause for some of these problems has been identified to be, on occasion, a misoperation of the SuperSPARC processor under very limited circumstances. (from 101318-22) 1152482 kernel panic in prgetstatus 1152251 read from PIOCOPENPD causes panic: data fault A program which does a /proc PIOCOPENPD call, followed by a read on the resulting file descriptor after the target process exits, will trigger a panic of the system due to a DATA FAULT resulting from a dereference of a NULL pointer. This scenario can result from using the SunPro collector which performs performance analysis on another program. This is one of the standard SPARCWorks tools. Rutgers has had at least two panics like this one: BAD TRAP: cpu_id=2 type=9 addr=4 rw=1 rp=e4e364 A kadb stack trace shows 'prgetstatus' called from 'prioctl'. (from 101318-21) 1151619: sockmodwput data fault panic due to socklog problem socklog() was being passed a NULL pointer while calculating the size of the message block. This resulted in the kernel panic with Data Fault. (from 101318-20) 1149928: TCP/IP scalability problems This patch reduces the time spent locking and unlocking the outer perimeters used by TCP and IP. 1149929: STREAMS outer perimeter scalability problems This patch reduces the time spent locking and unlocking the outer perimeters used by TCP and IP. It also reduces the lock contention on the strmsglock (used by the STREAMS allocator) and reduces the time spent running at high IPL from the Ethernet driver. (from 101318-19) 1146534 swift_mmu_writeptp code in wrong order causing watchdog reset. Under heavy load, a SPARCstation 5 will watchdog reset. This has been seen running kenbus, LST, and svvs. (from 101318-18) 1149088 tcp and sockmod does not protect against QUEUE_ptr in T_CONN_RES going away 1123140 transport providers can crash if accessing T_CON_RES QUEUE_ptr field 1149088: tcp and sockmod does not protect against QUEUE_ptr in T_CONN_RES going away 1123140: transport providers can crash if accessing T_CON_RES QUEUE_ptr field If TLI applications close the accepting file descriptor (passed to t_accept) while the t_accept is in progress the kernel can panic in tcp_accept, in sockmod, or in timod. (The sockmod panic will only occur if the file descriptor that is opened by the accept() in the socket library is closed.) (from 101318-17) 1149105 Lost entries in wtmpx and wtmp wtmp/wtmpx and utmp/utmpx corrupted during syncronization (update) (from 101346-03) 1145617: NFS/NIS+ servers + clients hang in tcp_lookup If a Solaris machine receives a tcp packet sent to the all-zeros IP address (an old broadcast address that should no longer by used) the kernel might go in an infinite loop. The loop is in drain_syncq calling tcp_rput calling tcp_lookup_listeners and then calling put. (from 101346-02) 1145661 accept() fails with EPROTO, attempts to reconnect on socket fail Applications can see the socket accept() call fail with errno being EPROTO. This error indicates that the TCP 3-way open handshake failed to complete and should be handled by just retrying the poll/select/accept call. This patch prevents the EPROTO errors from being returned by accept(). (from 101346-01) 1144308 Solaris crashes with urgent data RFC 1122 The machine can get a watchdog reset or alternatively hang when receiving urgent data. If it hangs it hangs "hard" i.e. L1-A does not work, and unpluggingand replugging the keyboard does not work either. A snoop trace of last packet received should have the Urgent flag bit set and with an Urgent pointer of 0. (Note: the 2.2 version of snoop does not print the Urgent pointer field - the 2.3 version does.) (from 101319-02) 1144228 Sparc center 2000 running Solaris 2.2 panics with data fault in do_urg_outofline System panics in various places in do_urg_outofline() routine. Typical stack trace would look like: do_urg_outofline() sockmodrsrv() runservice() with a NULL message block(bp). (from 101319-01) 1137978 telnet returning "protocol error" when attempting to telnet to netbuilder router From either solaris 2.1 or 2.2 system, telnet returns "protocol error" when telneting into the 3com router. (from 101318-16) 1147165: Streams resources depleted suddenly (due to no syncq flow control) A machine can rapidly run out of kernel memory under heavy load. This is signified by netstat -m (on the core dump) reporting tens of thousands of allocated messages. 1150306: data fault in background - streams close race The kernel can crash with a data fault. The stack trace shows that background calling mutex_enter which takes a data fault. (from 101318-15) 1147620 system hangs in deadflck Under certain circumstances, the kernel may hang due to an error in file and record locking. In this case, a kernel thread will be found to be looping infinitly in deadflck(). (from 101318-14) 1139753 locking hangs under heavy load; disturbing ICMP messages Under heavy loads, NFS locking clients may be unable to provide replies to their servers' occasional portmap GETPORT requests within the default RPC timeout. This in turn prevents the server from responding to outstanding locking requests from that client (and others), causing the server lockd to appear to be hung or dead. (from 101318-13) 1132554 fcntl: error No record locks available, lockd: out of lock 1147226 NFS locking broken when byte order is different 1132554: NFS file servers can leak record locks. Eventually all lock requests (including local locks) fail with ENOLCK. Another symptom is syslog messages from lockd (on the server) complaining that it is out of locks. This bug can also cause the server to incorrectly grant lock requests, which can lead to corruption of user data files. 1147226: Patch 101267-01 introduced a bug in NFS clients that could cause locking operations to fail if the server is not running SunOS or if the server is not a SPARC system. The symptom is syslog messages from lockd (on the client), complaining about malformed filehandles. (from 101267-01) 1142365: lockd incorrectly examines export information when comparing filehandles. Consider a scenario where a PC application, running under WABI or SunPC, uses File Sharing to synchronize instances of itself. If one instance is running on an NFS server and another instance is running on an NFS client, the NFS server will allow access to both instances at the same time, when it should really only allow access to one at a time. This can cause data corruption. 1140047: suppose a 3-byte (or bigger) region of an NFS file is locked. Now suppose that one or more bytes in the middle of the region are unlocked, leaving two locked regions on either side of the "hole". The client does not properly manage these two regions when they are unlocked. The problem does not appear until the server reboots and the client attempts to reclaim (relock) at least one of the regions. This can lead to situations where the server thinks a region is locked, but nodbody owns the lock. The server console may display _nfssys: error Stale NFS file handle if the file was deleted before the server rebooted. 1123788: lockd on an NFS client detects and filters out retransmitted requests from the client kernel. The code to detect retransmissions does not look at the filehandle in the request. Although this does not seem to have been a problem in practice, it could conceivably lead to cases where the application gets the wrong return code from a lock request. (from 101318-12) 1150058 SPARCstation-10 SX Vid SIMM Cursor RAM Write Enable is weak and corrupts writes This fix is to the Video SIMM Operating System Driver (cg14 driver) and provides a software workaround to problems observed with a broken cursor image when the cursor is written to. (from 101318-11) Bug id 1146924: SS10-51 SS600-51 will fail "watchdog reset" or hard hang under load (from 101318-10) 1140209 Cannot exit login sessions simultaneously from Alphanumeric terminals properly The zombie processes were not being removed by the parent process when the handler for SIGCHLD was being reset, 1142882: panic on exit The u.u_ttyp field was being set incorrectly when a pre-svr4 module was being pushed. The oldvalue of u.u_ttyp was not saved and later checked to see if it needs to be reset to NULL or not. (from 101318-09) 1143439 using fork() and libaio together leads to system panics When using libaio to do asynchronous I/O in a process and also doing a fork() in the same process, there is a window in which the system will panic. The same phenomenon occurs with multi-threaded processes that use fork1() (this has been observed with SunPC and the volume manager). Finally, using a /proc tool that reads the address space of a running process, like /usr/ucb/ps -ww, can lead to a panic of the same (not identical) sort. (from 101349-01) 1137581 C2+ gets watch dog reset with Sundia 1144922 cgfourteen driver could still get remap panic 1145401 sx driver memory leak 1145746 C2+ panics when creating an X Window The reliability lab typically runs Sundiag on machines continuously for extended periods of time (more than a week). When doing such relibility testing on the SPARstation 10BSX machines we discovered problems: a) machines randomly get a watchdog reset (bug ids (1137581 and 1144922). b) After running the machines for a period of 72 hours or greater the machines seem to hang or behave sluggishly after exiting from Sundiag. (bug id 1145401) c) In some very rare situations, when unmapping a range of virtual addresses cloned for SX, the machine panics, because the thread unmapping the address range holds the writer's lock on the address space and then tries to acquire a reader's lock on the same address space. (Bug id 1145746 (from 101318-08) 1130721 panic messages are not logged in /var/adm/messages previous putback for this bug caused system to panic if more than one syslogd was started (from 101318-07) 1146985 data fault panic in lock_try due to interval timer signal There is a race condition in exit() and lwp_exit() where they are cancelling outstanding itimer() callouts. If the race is lost, a callout remains that eventually fires and attempts to access a non-existent lwp or process, leading to the system panic reported by the customer. (from 101318-06) 1130721 panic messages are not logged in /var/adm/messages Added postinstall script to edit etc/syslog.conf and postremove script to remove the edits. This should have been done as part of 101318-03 (from 101318-05) 1146912 panic: deadlock - cycle in blocking chain when using /proc to read a process When using tools that read the address space of other processes via /proc, there is a window of vulnerability in the operating system that can cause a panic with the message: Deadlock condition detected: cycle in blocking chain. Tools that read the address space of other processes include: /usr/bin/truss /usr/ucb/ps /usr/bin/adb /opt/SUNWspro/bin/dbx 3rd party debuggers (e.g., gdb) The window of vulnerability is extremely small, but the problem has been seen on heavily-loaded multiprocessors. (from 101318-04) 1144765 SunPC fails on sun4m systems running Solaris 2.3 The SunPC card doesn't work on sun4m platforms (from 101318-03) 1130721 panic messages are not logged in /var/adm/messages the mechanism implemented in sunos5.0 to save log messages produced before syslogd is started doesn't allow messages recorded in the message buffer before the reboot to be logged. this patch returns to the original method of saving log messages and corrects the problems which prompted the incorrect fix in 5.0. (from 101318-02) 1108615 I_LOOK etc tests for end of stream by walking mid point qnext Kernel crash (data fault). The pc is in the SAMESTR macro either in the build_sqlist function or in the getendq function. (from 101318-01) 1139493 fcntl(2) => ENOLCK and "klm_lockctl: bad nonblk LOCK error 3" If there are problems communicating with the lock manager on an NFS server and a blocking lock request (e.g., fcntl(..., F_SETLKW, ...)) receives a signal, the lock request might not get cancelled. This would leave the file locked with no way to unlock it, short of rebooting the client or server. (from 101326-01) 1139124 syslog does not output more than approx 100 characters, no errors reported syslog messages longer than 100 characters result in an empty syslogd posting. Only the header of the message is printed. The message part is empty. (from 101294-02) 1162202 Patch 101294-01 forces input baud rate the same as output baud rate In zsa_open() set the input baud rate if the default setting for cflag in /kernel/drv/options.conf wants to set the input baud rate. Otherwise set the output baud rate only. (from 101294-01) 1138196 min baud B50 unable to receive 25 bytes in 7 seconds even if transmitted 1137587 tcflow: START and STOP characters are not read when IXON is not set 1137798 PARENB, INPCK, and PARMRK are set, three character sequence not read correctly 1138207 tcflush is not clearing the data to be read 1141642 Local printer on /dev/term/a doesn't work at all on 4/50 The failures were due to bugs in the zs driver and ldterm module not handling the software flow control (tcflow) correctly. (from 101294-02) 1162202 Patch 101294-01 forces input baud rate the same as output baud rate In zsa_open() set the input baud rate if the default setting for cflag in /kernel/drv/options.conf wants to set the input baud rate. Otherwise set the output baud rate only. (from 101294-01) 1138196 min baud B50 unable to receive 25 bytes in 7 seconds even if transmitted 1137587 tcflow: START and STOP characters are not read when IXON is not set 1137798 PARENB, INPCK, and PARMRK are set, three character sequence not read correctly 1138207 tcflush is not clearing the data to be read 1141642 Local printer on /dev/term/a doesn't work at all on 4/50 The failures were due to bugs in the zs driver and ldterm module not handling the software flow control (tcflow) correctly. (from 101294-02) 1162202 Patch 101294-01 forces input baud rate the same as output baud rate In zsa_open() set the input baud rate if the default setting for cflag in /kernel/drv/options.conf wants to set the input baud rate. Otherwise set the output baud rate only. (from 101294-01) 1138196 min baud B50 unable to receive 25 bytes in 7 seconds even if transmitted 1137587 tcflow: START and STOP characters are not read when IXON is not set 1137798 PARENB, INPCK, and PARMRK are set, three character sequence not read correctly 1138207 tcflush is not clearing the data to be read 1141642 Local printer on /dev/term/a doesn't work at all on 4/50 The failures were due to bugs in the zs driver and ldterm module not handling the software flow control (tcflow) correctly. (from 101316-02) 1152150 RPC errors when SunUnify started in BCP mode BCP RPC server programs (compiled on SunOS 4.x) don't respond when started from inetd over TCP in wait mode. (from 101316-01) 1131237 Socket library is not signal safe 1143043: _s_synch socket library deadlock The Solaris 2.3 socket library is not safe for use with programs that use signals. This patch makes it safe for use with programs that use signals. (from 101674-01) 1160720: Backing out the change made for bugid #1150613 as it is not more ral. (from 101411-04) 1151137 file system (directory) access sometimes very slow Under heavy filesystem (nfs and ufs) load in which the ufs inode cache is full and the dnlc (directory name lookup cache) contains mostly nfs entries, lots of CPU cycles are spent trying to free up a ufs inode from the dnlc rather than create a new ufs inode. (from 101411-03) 1156947 Solaris 2.3 kernel "panic:ufs_putapage:bn == UFS_HOLE" 1146726 Concurrent activity inside large directories leads to erronous results 1146726 Concurrent activity inside large directories leads to erronous results Multiple finds within a directory will sometimes return ENOENT (entry not found) even though the entry does exist. Large directory names exacerbate this problem. 1156947 Solaris 2.3 kernel "panic:ufs_putapage:bn == UFS_HOLE" Drivers using physio() to copy data to mmap'ed files can cause UFS_HOLE panics. (from 101411-02) 1154060 ufs quota reports users going over quota to the console. When a user goes over quota (either soft or hard limits for either files or disk blocks) on an NFS-mounted filesystem, a message appears on the console of the NFS server. This occurs because there is no controlling tty for the NFS server process which is acting on behalf of the user. When many users on the same NFS server go over quota at the same time, the console can become unusable due to the quantity of messages that appear on the screen. (from 101411-01) 1098381 ufs write creates zero length file with blocks allocated when buf read faults Passing the write() call an invalid buffer pointer can cause an internal copy to fail, after space has been allocated to the end of the file for the new data. The additional blocks are not freed after the failed copy, and may later cause a UFS_HOLE panic; or may cause fsck to complain about unallocated blocks at the end of a file. (from 101329-16) 1149399 service should not allow concurrent resyncs 1160662 readonly child is updating the local database from the master 1158639 __log_resync() automatically resets the transaction log state to LOG_STABLE 1158638 update timestamp can be lost after checkpointing 1161525 checkpoint before all replicas are in sync can lead to full resyncs on replicas The NIS+ transation log can corrupt under heavy updates and checkpointing. (from 101329-15) 1163847 automountd doesn't work with Apollo pathnames which start with // 1153274 machine panics with recursive mutex_enter while using the automounter 1163847 automountd doesn't work with Apollo pathnames which start with // - fix automountd problems mounting remote directories that contain multiple consecutive slashes (//) 1153274 machine panics with recursive mutex_enter while using the automounter - fix system panics caused by recursive loopback automounts. (from 101329-14) 1156518 Cannot mount mvs/nfs mounts using autofs under Solaris 2.2 & 2.3.?? automountd wrongly assumed that the mounted filesystem had to start with a '/' (slash). This assumption may be invalid if the server is not a UNIX system. Such is the case of MVS, DOS and others. (from 101329-13) 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly 1155701 memory leak found in the NIS+ server code 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly A problem occurs because the entries for hosts.byaddr are returned one at a time in the order they occur in the hosts table. The fix is to merge the entries for a particular address into one entry and return that instead. We have to be careful to not merge entries for different addresses. 1155701 memory leak found in the NIS+ server code Memory leaks in the NIS+ code is using up all the system resource. (from 101329-12) 1163275 automountd sporadically dumps core with SEGV Correct problem with automountd dumping core with SEGV on xdrmem_getbytes/memcpy. (from 101329-11) 1153253 rpc.nisd with PATCH#101329-04 dumps core without any notice. rpc.nisd crashes immediately after starting up. (from 101329-10) 1160379 Major security hole in automount. Fixes Security hole in the automounter (5.3 is the only affected release). (from 101329-09) 1157062 autofs and loopback mounts in direct hieracrhical maps broken This patch allows automountd to correctly remount loopback file systems after it determines that at least one member of the hierarchy was busy and therefore could not be remounted. automountd needs to format the mount options before it passes them to /usr/lib/fs/lofs/mount. (from 101329-08) 1150491 cron dies with SIGSEGV in __nis_core_lookup Cron dumps core when the NIS+ environment is unstable. (from 101329-07) 1149774 remote users can override the way NFS filesystems are mounted to gain root acces Closes hole left by previous fix to automounter's security. Fixes options security hole in automounter when using wildcards. (from 101329-06) 1149774 remote users can override the way NFS filesystems are mounted to gain root access: security (from 101329-05) 1136034 NIS+ creates invalid hostname NIS+ does not work correctly if the hostname in /etc/hosts file is fully qualified. (from 101329-04) 1150596 patch 101329-03 disables RPC threading. The patch 101329-03 created a problem with MT RPC. When running Multi Threaded and using RPC you get the error: Assertion failed: RW_READ_HELD(&rpcaddr_cache_lock), file rpc/rpcb_clnt.c, line 127 Which means the routine check_cache() is being called without a Read Lock being held. This is because of this patch. This will be seen by anyone who tries to run a program that is MT while using RPC. (from 101329-03) nisaddcred creates LOCAL entries with the wrong group ID when invoked by a non-root user who is a member of the NIS+ group for the credential table. (from 101329-02) 1139765 Data corruption in NIS+ cache manager 1144962 rpc.nisd dumps core (while undergoing update from YP maps via nisaddent -my) 1142583 NIS+ command(s) fail to use master server 1147964 NIS+ servers start repeatedly doing FULL RESYNCS because stdio runs out of fd's These set of fixes and work arounds fix a number of problems found at a very large customer using only NIS+ for their name service. The fixes consists of a number of memory leaks discovered by Purify, a real important fix to __nis_core_lookup() (one copy in the NIS+ server and one libnsl) and a fix/workaround to a running out of open file descriptor problem causes by a combination of heavy load (shift changes at site) and the fact that stdio only allows 256 of the 1024 file descriptors to be used causing stdio opens to fail leading to the NIS+ servers constantly doing FULL resyncs. The workaround bumps up TCP connection above 256 to allow stdio to use the lower numbered file descriptors for itself. (from 101329-01) 1145573 CADDS software package fails with rpc error Servers using librpcsoc (source compatiblity) library for service creation do not respond to client requests. This is not a problem in previous releases. (from 101315-01) 1140610 autofs does not work with cachefs file system type 1145129 automountd doesn't follow NIS+ table paths This patch fixes the following problems: 1. autofs will fail to mount entries from the hosts map which specify the cachefs filesystem option, such is the case of /net when the cachefs option is specified. 2. autofs mounts which trigger hierarchical mounts will fail when automountd remounts members of a hierarchy which have previously been unmounted due to an inactive filesystem unmount request. This only occurs when using cachefs. 3. autofs wrongly assumes that the backfstype option is placed last in the list of options. 4. automountd will not follow NIS+ table paths when the auto_* tables are pathed to tables in another domain. (from 101597-02) 1163445 libaio blows away user-defined signal handler when system() call is made 1.The problem is because both aio and libc are handling signals. The following is my analysis. In the test program the calls to signal are going to libaio signal handling routines and the signal calls in the system() code gets into libc handling routines. This is where the problem comes from. 2. aiowrite/aioread may return success in case of a certain error condition. (from 101597-01) 1148003 libaio and libthread not compatible The async IO library (libaio) and the threads library (libthread) were exporting symbols that should have been static to these libraries. This caused applications that were using both threads and async IO to not work properly. Note: This should permit applications to link with libthread and libaio. it doesn't guarentee that all threaded programs can use libaio. That problem will be fixed later. (from 101329-16) 1149399 service should not allow concurrent resyncs 1160662 readonly child is updating the local database from the master 1158639 __log_resync() automatically resets the transaction log state to LOG_STABLE 1158638 update timestamp can be lost after checkpointing 1161525 checkpoint before all replicas are in sync can lead to full resyncs on replicas The NIS+ transation log can corrupt under heavy updates and checkpointing. (from 101329-15) 1163847 automountd doesn't work with Apollo pathnames which start with // 1153274 machine panics with recursive mutex_enter while using the automounter 1163847 automountd doesn't work with Apollo pathnames which start with // - fix automountd problems mounting remote directories that contain multiple consecutive slashes (//) 1153274 machine panics with recursive mutex_enter while using the automounter - fix system panics caused by recursive loopback automounts. (from 101329-14) 1156518 Cannot mount mvs/nfs mounts using autofs under Solaris 2.2 & 2.3.?? automountd wrongly assumed that the mounted filesystem had to start with a '/' (slash). This assumption may be invalid if the server is not a UNIX system. Such is the case of MVS, DOS and others. (from 101329-13) 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly 1155701 memory leak found in the NIS+ server code 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly A problem occurs because the entries for hosts.byaddr are returned one at a time in the order they occur in the hosts table. The fix is to merge the entries for a particular address into one entry and return that instead. We have to be careful to not merge entries for different addresses. 1155701 memory leak found in the NIS+ server code Memory leaks in the NIS+ code is using up all the system resource. (from 101329-12) 1163275 automountd sporadically dumps core with SEGV Correct problem with automountd dumping core with SEGV on xdrmem_getbytes/memcpy. (from 101329-11) 1153253 rpc.nisd with PATCH#101329-04 dumps core without any notice. rpc.nisd crashes immediately after starting up. (from 101329-10) 1160379 Major security hole in automount. Fixes Security hole in the automounter (5.3 is the only affected release). (from 101329-09) 1157062 autofs and loopback mounts in direct hieracrhical maps broken This patch allows automountd to correctly remount loopback file systems after it determines that at least one member of the hierarchy was busy and therefore could not be remounted. automountd needs to format the mount options before it passes them to /usr/lib/fs/lofs/mount. (from 101329-08) 1150491 cron dies with SIGSEGV in __nis_core_lookup Cron dumps core when the NIS+ environment is unstable. (from 101329-07) 1149774 remote users can override the way NFS filesystems are mounted to gain root acces Closes hole left by previous fix to automounter's security. Fixes options security hole in automounter when using wildcards. (from 101329-06) 1149774 remote users can override the way NFS filesystems are mounted to gain root access: security (from 101329-05) 1136034 NIS+ creates invalid hostname NIS+ does not work correctly if the hostname in /etc/hosts file is fully qualified. (from 101329-04) 1150596 patch 101329-03 disables RPC threading. The patch 101329-03 created a problem with MT RPC. When running Multi Threaded and using RPC you get the error: Assertion failed: RW_READ_HELD(&rpcaddr_cache_lock), file rpc/rpcb_clnt.c, line 127 Which means the routine check_cache() is being called without a Read Lock being held. This is because of this patch. This will be seen by anyone who tries to run a program that is MT while using RPC. (from 101329-03) nisaddcred creates LOCAL entries with the wrong group ID when invoked by a non-root user who is a member of the NIS+ group for the credential table. (from 101329-02) 1139765 Data corruption in NIS+ cache manager 1144962 rpc.nisd dumps core (while undergoing update from YP maps via nisaddent -my) 1142583 NIS+ command(s) fail to use master server 1147964 NIS+ servers start repeatedly doing FULL RESYNCS because stdio runs out of fd's These set of fixes and work arounds fix a number of problems found at a very large customer using only NIS+ for their name service. The fixes consists of a number of memory leaks discovered by Purify, a real important fix to __nis_core_lookup() (one copy in the NIS+ server and one libnsl) and a fix/workaround to a running out of open file descriptor problem causes by a combination of heavy load (shift changes at site) and the fact that stdio only allows 256 of the 1024 file descriptors to be used causing stdio opens to fail leading to the NIS+ servers constantly doing FULL resyncs. The workaround bumps up TCP connection above 256 to allow stdio to use the lower numbered file descriptors for itself. (from 101329-01) 1145573 CADDS software package fails with rpc error Servers using librpcsoc (source compatiblity) library for service creation do not respond to client requests. This is not a problem in previous releases. (from 101315-01) 1140610 autofs does not work with cachefs file system type 1145129 automountd doesn't follow NIS+ table paths This patch fixes the following problems: 1. autofs will fail to mount entries from the hosts map which specify the cachefs filesystem option, such is the case of /net when the cachefs option is specified. 2. autofs mounts which trigger hierarchical mounts will fail when automountd remounts members of a hierarchy which have previously been unmounted due to an inactive filesystem unmount request. This only occurs when using cachefs. 3. autofs wrongly assumes that the backfstype option is placed last in the list of options. 4. automountd will not follow NIS+ table paths when the auto_* tables are pathed to tables in another domain. (from 101597-02) 1163445 libaio blows away user-defined signal handler when system() call is made 1.The problem is because both aio and libc are handling signals. The following is my analysis. In the test program the calls to signal are going to libaio signal handling routines and the signal calls in the system() code gets into libc handling routines. This is where the problem comes from. 2. aiowrite/aioread may return success in case of a certain error condition. (from 101597-01) 1148003 libaio and libthread not compatible The async IO library (libaio) and the threads library (libthread) were exporting symbols that should have been static to these libraries. This caused applications that were using both threads and async IO to not work properly. Note: This should permit applications to link with libthread and libaio. it doesn't guarentee that all threaded programs can use libaio. That problem will be fixed later. (from 101329-16) 1149399 service should not allow concurrent resyncs 1160662 readonly child is updating the local database from the master 1158639 __log_resync() automatically resets the transaction log state to LOG_STABLE 1158638 update timestamp can be lost after checkpointing 1161525 checkpoint before all replicas are in sync can lead to full resyncs on replicas The NIS+ transation log can corrupt under heavy updates and checkpointing. (from 101329-15) 1163847 automountd doesn't work with Apollo pathnames which start with // 1153274 machine panics with recursive mutex_enter while using the automounter 1163847 automountd doesn't work with Apollo pathnames which start with // - fix automountd problems mounting remote directories that contain multiple consecutive slashes (//) 1153274 machine panics with recursive mutex_enter while using the automounter - fix system panics caused by recursive loopback automounts. (from 101329-14) 1156518 Cannot mount mvs/nfs mounts using autofs under Solaris 2.2 & 2.3.?? automountd wrongly assumed that the mounted filesystem had to start with a '/' (slash). This assumption may be invalid if the server is not a UNIX system. Such is the case of MVS, DOS and others. (from 101329-13) 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly 1155701 memory leak found in the NIS+ server code 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly A problem occurs because the entries for hosts.byaddr are returned one at a time in the order they occur in the hosts table. The fix is to merge the entries for a particular address into one entry and return that instead. We have to be careful to not merge entries for different addresses. 1155701 memory leak found in the NIS+ server code Memory leaks in the NIS+ code is using up all the system resource. (from 101329-12) 1163275 automountd sporadically dumps core with SEGV Correct problem with automountd dumping core with SEGV on xdrmem_getbytes/memcpy. (from 101329-11) 1153253 rpc.nisd with PATCH#101329-04 dumps core without any notice. rpc.nisd crashes immediately after starting up. (from 101329-10) 1160379 Major security hole in automount. Fixes Security hole in the automounter (5.3 is the only affected release). (from 101329-09) 1157062 autofs and loopback mounts in direct hieracrhical maps broken This patch allows automountd to correctly remount loopback file systems after it determines that at least one member of the hierarchy was busy and therefore could not be remounted. automountd needs to format the mount options before it passes them to /usr/lib/fs/lofs/mount. (from 101329-08) 1150491 cron dies with SIGSEGV in __nis_core_lookup Cron dumps core when the NIS+ environment is unstable. (from 101329-07) 1149774 remote users can override the way NFS filesystems are mounted to gain root acces Closes hole left by previous fix to automounter's security. Fixes options security hole in automounter when using wildcards. (from 101329-06) 1149774 remote users can override the way NFS filesystems are mounted to gain root access: security (from 101329-05) 1136034 NIS+ creates invalid hostname NIS+ does not work correctly if the hostname in /etc/hosts file is fully qualified. (from 101329-04) 1150596 patch 101329-03 disables RPC threading. The patch 101329-03 created a problem with MT RPC. When running Multi Threaded and using RPC you get the error: Assertion failed: RW_READ_HELD(&rpcaddr_cache_lock), file rpc/rpcb_clnt.c, line 127 Which means the routine check_cache() is being called without a Read Lock being held. This is because of this patch. This will be seen by anyone who tries to run a program that is MT while using RPC. (from 101329-03) nisaddcred creates LOCAL entries with the wrong group ID when invoked by a non-root user who is a member of the NIS+ group for the credential table. (from 101329-02) 1139765 Data corruption in NIS+ cache manager 1144962 rpc.nisd dumps core (while undergoing update from YP maps via nisaddent -my) 1142583 NIS+ command(s) fail to use master server 1147964 NIS+ servers start repeatedly doing FULL RESYNCS because stdio runs out of fd's These set of fixes and work arounds fix a number of problems found at a very large customer using only NIS+ for their name service. The fixes consists of a number of memory leaks discovered by Purify, a real important fix to __nis_core_lookup() (one copy in the NIS+ server and one libnsl) and a fix/workaround to a running out of open file descriptor problem causes by a combination of heavy load (shift changes at site) and the fact that stdio only allows 256 of the 1024 file descriptors to be used causing stdio opens to fail leading to the NIS+ servers constantly doing FULL resyncs. The workaround bumps up TCP connection above 256 to allow stdio to use the lower numbered file descriptors for itself. (from 101329-01) 1145573 CADDS software package fails with rpc error Servers using librpcsoc (source compatiblity) library for service creation do not respond to client requests. This is not a problem in previous releases. (from 101315-01) 1140610 autofs does not work with cachefs file system type 1145129 automountd doesn't follow NIS+ table paths This patch fixes the following problems: 1. autofs will fail to mount entries from the hosts map which specify the cachefs filesystem option, such is the case of /net when the cachefs option is specified. 2. autofs mounts which trigger hierarchical mounts will fail when automountd remounts members of a hierarchy which have previously been unmounted due to an inactive filesystem unmount request. This only occurs when using cachefs. 3. autofs wrongly assumes that the backfstype option is placed last in the list of options. 4. automountd will not follow NIS+ table paths when the auto_* tables are pathed to tables in another domain. (from 101329-16) 1149399 service should not allow concurrent resyncs 1160662 readonly child is updating the local database from the master 1158639 __log_resync() automatically resets the transaction log state to LOG_STABLE 1158638 update timestamp can be lost after checkpointing 1161525 checkpoint before all replicas are in sync can lead to full resyncs on replicas The NIS+ transation log can corrupt under heavy updates and checkpointing. (from 101329-15) 1163847 automountd doesn't work with Apollo pathnames which start with // 1153274 machine panics with recursive mutex_enter while using the automounter 1163847 automountd doesn't work with Apollo pathnames which start with // - fix automountd problems mounting remote directories that contain multiple consecutive slashes (//) 1153274 machine panics with recursive mutex_enter while using the automounter - fix system panics caused by recursive loopback automounts. (from 101329-14) 1156518 Cannot mount mvs/nfs mounts using autofs under Solaris 2.2 & 2.3.?? automountd wrongly assumed that the mounted filesystem had to start with a '/' (slash). This assumption may be invalid if the server is not a UNIX system. Such is the case of MVS, DOS and others. (from 101329-13) 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly 1155701 memory leak found in the NIS+ server code 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly A problem occurs because the entries for hosts.byaddr are returned one at a time in the order they occur in the hosts table. The fix is to merge the entries for a particular address into one entry and return that instead. We have to be careful to not merge entries for different addresses. 1155701 memory leak found in the NIS+ server code Memory leaks in the NIS+ code is using up all the system resource. (from 101329-12) 1163275 automountd sporadically dumps core with SEGV Correct problem with automountd dumping core with SEGV on xdrmem_getbytes/memcpy. (from 101329-11) 1153253 rpc.nisd with PATCH#101329-04 dumps core without any notice. rpc.nisd crashes immediately after starting up. (from 101329-10) 1160379 Major security hole in automount. Fixes Security hole in the automounter (5.3 is the only affected release). (from 101329-09) 1157062 autofs and loopback mounts in direct hieracrhical maps broken This patch allows automountd to correctly remount loopback file systems after it determines that at least one member of the hierarchy was busy and therefore could not be remounted. automountd needs to format the mount options before it passes them to /usr/lib/fs/lofs/mount. (from 101329-08) 1150491 cron dies with SIGSEGV in __nis_core_lookup Cron dumps core when the NIS+ environment is unstable. (from 101329-07) 1149774 remote users can override the way NFS filesystems are mounted to gain root acces Closes hole left by previous fix to automounter's security. Fixes options security hole in automounter when using wildcards. (from 101329-06) 1149774 remote users can override the way NFS filesystems are mounted to gain root access: security (from 101329-05) 1136034 NIS+ creates invalid hostname NIS+ does not work correctly if the hostname in /etc/hosts file is fully qualified. (from 101329-04) 1150596 patch 101329-03 disables RPC threading. The patch 101329-03 created a problem with MT RPC. When running Multi Threaded and using RPC you get the error: Assertion failed: RW_READ_HELD(&rpcaddr_cache_lock), file rpc/rpcb_clnt.c, line 127 Which means the routine check_cache() is being called without a Read Lock being held. This is because of this patch. This will be seen by anyone who tries to run a program that is MT while using RPC. (from 101329-03) nisaddcred creates LOCAL entries with the wrong group ID when invoked by a non-root user who is a member of the NIS+ group for the credential table. (from 101329-02) 1139765 Data corruption in NIS+ cache manager 1144962 rpc.nisd dumps core (while undergoing update from YP maps via nisaddent -my) 1142583 NIS+ command(s) fail to use master server 1147964 NIS+ servers start repeatedly doing FULL RESYNCS because stdio runs out of fd's These set of fixes and work arounds fix a number of problems found at a very large customer using only NIS+ for their name service. The fixes consists of a number of memory leaks discovered by Purify, a real important fix to __nis_core_lookup() (one copy in the NIS+ server and one libnsl) and a fix/workaround to a running out of open file descriptor problem causes by a combination of heavy load (shift changes at site) and the fact that stdio only allows 256 of the 1024 file descriptors to be used causing stdio opens to fail leading to the NIS+ servers constantly doing FULL resyncs. The workaround bumps up TCP connection above 256 to allow stdio to use the lower numbered file descriptors for itself. (from 101329-01) 1145573 CADDS software package fails with rpc error Servers using librpcsoc (source compatiblity) library for service creation do not respond to client requests. This is not a problem in previous releases. (from 101315-01) 1140610 autofs does not work with cachefs file system type 1145129 automountd doesn't follow NIS+ table paths This patch fixes the following problems: 1. autofs will fail to mount entries from the hosts map which specify the cachefs filesystem option, such is the case of /net when the cachefs option is specified. 2. autofs mounts which trigger hierarchical mounts will fail when automountd remounts members of a hierarchy which have previously been unmounted due to an inactive filesystem unmount request. This only occurs when using cachefs. 3. autofs wrongly assumes that the backfstype option is placed last in the list of options. 4. automountd will not follow NIS+ table paths when the auto_* tables are pathed to tables in another domain. (from 101329-16) 1149399 service should not allow concurrent resyncs 1160662 readonly child is updating the local database from the master 1158639 __log_resync() automatically resets the transaction log state to LOG_STABLE 1158638 update timestamp can be lost after checkpointing 1161525 checkpoint before all replicas are in sync can lead to full resyncs on replicas The NIS+ transation log can corrupt under heavy updates and checkpointing. (from 101329-15) 1163847 automountd doesn't work with Apollo pathnames which start with // 1153274 machine panics with recursive mutex_enter while using the automounter 1163847 automountd doesn't work with Apollo pathnames which start with // - fix automountd problems mounting remote directories that contain multiple consecutive slashes (//) 1153274 machine panics with recursive mutex_enter while using the automounter - fix system panics caused by recursive loopback automounts. (from 101329-14) 1156518 Cannot mount mvs/nfs mounts using autofs under Solaris 2.2 & 2.3.?? automountd wrongly assumed that the mounted filesystem had to start with a '/' (slash). This assumption may be invalid if the server is not a UNIX system. Such is the case of MVS, DOS and others. (from 101329-13) 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly 1155701 memory leak found in the NIS+ server code 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly A problem occurs because the entries for hosts.byaddr are returned one at a time in the order they occur in the hosts table. The fix is to merge the entries for a particular address into one entry and return that instead. We have to be careful to not merge entries for different addresses. 1155701 memory leak found in the NIS+ server code Memory leaks in the NIS+ code is using up all the system resource. (from 101329-12) 1163275 automountd sporadically dumps core with SEGV Correct problem with automountd dumping core with SEGV on xdrmem_getbytes/memcpy. (from 101329-11) 1153253 rpc.nisd with PATCH#101329-04 dumps core without any notice. rpc.nisd crashes immediately after starting up. (from 101329-10) 1160379 Major security hole in automount. Fixes Security hole in the automounter (5.3 is the only affected release). (from 101329-09) 1157062 autofs and loopback mounts in direct hieracrhical maps broken This patch allows automountd to correctly remount loopback file systems after it determines that at least one member of the hierarchy was busy and therefore could not be remounted. automountd needs to format the mount options before it passes them to /usr/lib/fs/lofs/mount. (from 101329-08) 1150491 cron dies with SIGSEGV in __nis_core_lookup Cron dumps core when the NIS+ environment is unstable. (from 101329-07) 1149774 remote users can override the way NFS filesystems are mounted to gain root acces Closes hole left by previous fix to automounter's security. Fixes options security hole in automounter when using wildcards. (from 101329-06) 1149774 remote users can override the way NFS filesystems are mounted to gain root access: security (from 101329-05) 1136034 NIS+ creates invalid hostname NIS+ does not work correctly if the hostname in /etc/hosts file is fully qualified. (from 101329-04) 1150596 patch 101329-03 disables RPC threading. The patch 101329-03 created a problem with MT RPC. When running Multi Threaded and using RPC you get the error: Assertion failed: RW_READ_HELD(&rpcaddr_cache_lock), file rpc/rpcb_clnt.c, line 127 Which means the routine check_cache() is being called without a Read Lock being held. This is because of this patch. This will be seen by anyone who tries to run a program that is MT while using RPC. (from 101329-03) nisaddcred creates LOCAL entries with the wrong group ID when invoked by a non-root user who is a member of the NIS+ group for the credential table. (from 101329-02) 1139765 Data corruption in NIS+ cache manager 1144962 rpc.nisd dumps core (while undergoing update from YP maps via nisaddent -my) 1142583 NIS+ command(s) fail to use master server 1147964 NIS+ servers start repeatedly doing FULL RESYNCS because stdio runs out of fd's These set of fixes and work arounds fix a number of problems found at a very large customer using only NIS+ for their name service. The fixes consists of a number of memory leaks discovered by Purify, a real important fix to __nis_core_lookup() (one copy in the NIS+ server and one libnsl) and a fix/workaround to a running out of open file descriptor problem causes by a combination of heavy load (shift changes at site) and the fact that stdio only allows 256 of the 1024 file descriptors to be used causing stdio opens to fail leading to the NIS+ servers constantly doing FULL resyncs. The workaround bumps up TCP connection above 256 to allow stdio to use the lower numbered file descriptors for itself. (from 101329-01) 1145573 CADDS software package fails with rpc error Servers using librpcsoc (source compatiblity) library for service creation do not respond to client requests. This is not a problem in previous releases. (from 101315-01) 1140610 autofs does not work with cachefs file system type 1145129 automountd doesn't follow NIS+ table paths This patch fixes the following problems: 1. autofs will fail to mount entries from the hosts map which specify the cachefs filesystem option, such is the case of /net when the cachefs option is specified. 2. autofs mounts which trigger hierarchical mounts will fail when automountd remounts members of a hierarchy which have previously been unmounted due to an inactive filesystem unmount request. This only occurs when using cachefs. 3. autofs wrongly assumes that the backfstype option is placed last in the list of options. 4. automountd will not follow NIS+ table paths when the auto_* tables are pathed to tables in another domain. (from 101329-16) 1149399 service should not allow concurrent resyncs 1160662 readonly child is updating the local database from the master 1158639 __log_resync() automatically resets the transaction log state to LOG_STABLE 1158638 update timestamp can be lost after checkpointing 1161525 checkpoint before all replicas are in sync can lead to full resyncs on replicas The NIS+ transation log can corrupt under heavy updates and checkpointing. (from 101329-15) 1163847 automountd doesn't work with Apollo pathnames which start with // 1153274 machine panics with recursive mutex_enter while using the automounter 1163847 automountd doesn't work with Apollo pathnames which start with // - fix automountd problems mounting remote directories that contain multiple consecutive slashes (//) 1153274 machine panics with recursive mutex_enter while using the automounter - fix system panics caused by recursive loopback automounts. (from 101329-14) 1156518 Cannot mount mvs/nfs mounts using autofs under Solaris 2.2 & 2.3.?? automountd wrongly assumed that the mounted filesystem had to start with a '/' (slash). This assumption may be invalid if the server is not a UNIX system. Such is the case of MVS, DOS and others. (from 101329-13) 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly 1155701 memory leak found in the NIS+ server code 1145421 NIS+ NIS (YP) compatibility does not handle primary host name correctly A problem occurs because the entries for hosts.byaddr are returned one at a time in the order they occur in the hosts table. The fix is to merge the entries for a particular address into one entry and return that instead. We have to be careful to not merge entries for different addresses. 1155701 memory leak found in the NIS+ server code Memory leaks in the NIS+ code is using up all the system resource. (from 101329-12) 1163275 automountd sporadically dumps core with SEGV Correct problem with automountd dumping core with SEGV on xdrmem_getbytes/memcpy. (from 101329-11) 1153253 rpc.nisd with PATCH#101329-04 dumps core without any notice. rpc.nisd crashes immediately after starting up. (from 101329-10) 1160379 Major security hole in automount. Fixes Security hole in the automounter (5.3 is the only affected release). (from 101329-09) 1157062 autofs and loopback mounts in direct hieracrhical maps broken This patch allows automountd to correctly remount loopback file systems after it determines that at least one member of the hierarchy was busy and therefore could not be remounted. automountd needs to format the mount options before it passes them to /usr/lib/fs/lofs/mount. (from 101329-08) 1150491 cron dies with SIGSEGV in __nis_core_lookup Cron dumps core when the NIS+ environment is unstable. (from 101329-07) 1149774 remote users can override the way NFS filesystems are mounted to gain root acces Closes hole left by previous fix to automounter's security. Fixes options security hole in automounter when using wildcards. (from 101329-06) 1149774 remote users can override the way NFS filesystems are mounted to gain root access: security (from 101329-05) 1136034 NIS+ creates invalid hostname NIS+ does not work correctly if the hostname in /etc/hosts file is fully qualified. (from 101329-04) 1150596 patch 101329-03 disables RPC threading. The patch 101329-03 created a problem with MT RPC. When running Multi Threaded and using RPC you get the error: Assertion failed: RW_READ_HELD(&rpcaddr_cache_lock), file rpc/rpcb_clnt.c, line 127 Which means the routine check_cache() is being called without a Read Lock being held. This is because of this patch. This will be seen by anyone who tries to run a program that is MT while using RPC. (from 101329-03) nisaddcred creates LOCAL entries with the wrong group ID when invoked by a non-root user who is a member of the NIS+ group for the credential table. (from 101329-02) 1139765 Data corruption in NIS+ cache manager 1144962 rpc.nisd dumps core (while undergoing update from YP maps via nisaddent -my) 1142583 NIS+ command(s) fail to use master server 1147964 NIS+ servers start repeatedly doing FULL RESYNCS because stdio runs out of fd's These set of fixes and work arounds fix a number of problems found at a very large customer using only NIS+ for their name service. The fixes consists of a number of memory leaks discovered by Purify, a real important fix to __nis_core_lookup() (one copy in the NIS+ server and one libnsl) and a fix/workaround to a running out of open file descriptor problem causes by a combination of heavy load (shift changes at site) and the fact that stdio only allows 256 of the 1024 file descriptors to be used causing stdio opens to fail leading to the NIS+ servers constantly doing FULL resyncs. The workaround bumps up TCP connection above 256 to allow stdio to use the lower numbered file descriptors for itself. (from 101329-01) 1145573 CADDS software package fails with rpc error Servers using librpcsoc (source compatiblity) library for service creation do not respond to client requests. This is not a problem in previous releases. (from 101315-01) 1140610 autofs does not work with cachefs file system type 1145129 automountd doesn't follow NIS+ table paths This patch fixes the following problems: 1. autofs will fail to mount entries from the hosts map which specify the cachefs filesystem option, such is the case of /net when the cachefs option is specified. 2. autofs mounts which trigger hierarchical mounts will fail when automountd remounts members of a hierarchy which have previously been unmounted due to an inactive filesystem unmount request. This only occurs when using cachefs. 3. autofs wrongly assumes that the backfstype option is placed last in the list of options. 4. automountd will not follow NIS+ table paths when the auto_* tables are pathed to tables in another domain. (from 101489-04) 1156649 lwp pool shrinks and doesn't grow regardless of calls thr_setconcurrency When a multi-threaded programe calls thr_setconcurrency() to set the number of lwps (say n) and calls another thr_setconcurrnecy() after five minutes when all aged lwps have died, the concurrency level is not the same what is requested in the second call. This problem can be explained in following steps assuming that _minlwp is level of concurrnecy given in setconcurrency call, and _nlwp is level of current concurrency. i) With first invocation of thr_setconcurrency(), _minlwps is set to the level of concurrency requested and accordingly number of lwps running on the system is equal to _minlwps. This is done only when level of concurrency present at that time (i.e. _minlwps) is less than what has been requested. ii) However after five minutes, when aged lwps are killed, the minlwps is still set to the level of concurrency requested earlier, however _nlwps (number of lwps available now) are much less. iii) With another invocation of thr_setconcurrency(), since _minlwps is equal to the level of concurrency requested, the lib thr_setconcurrency() simply returns though the number of lwps available are less than minlwps. This patch solves this problem identified in thr_setconcurrency(). (from 101489-03) 1154502 libthread panic when a SIGPOLL/SIGIO signal is received during sleep When a program linked with the threads library receives a SIGPOLL or SIGIO signal during sleep() a threads library panic occurs (from 101489-02) 1153229 libthread's version of sigprocmask() is clobbering errno libthread interposes on sigprocmask(2) to provide its own version. This version is simply a call to thr_sigsetmask(3t) thus ensuring that in a multi-threaded (MT) process, the masking operation is carried out only on the calling thread's signal mask. There is no process wide signal mask in an MT process. The bug is that libthread's version of sigprocmask() clears "errno" on success. The bug is typically seen in code such as the following : .... write_ret = write(...); sigprocmask(...); if (write_ret == -1) { printf("write() failed; errno is %d\n", errno); exit(1); } .... If the call to "write()" above fails, then the wrong value for errno will be printed out due to the bug that sigprocmask() clobbers errno. The work-around is to check "write_ret " *before* calling sigprocmask(): .... write_ret = write(...); if (write_ret == -1) { printf("write() failed; errno is %d\n", errno); exit(1); } sigprocmask(...); .... In any case, this is the correct programming style, since even if sigprocmask() were OK, the system would legitimately clobber errno if sigprocmask() were to fail, thus *legitimately* clobbering the error code returned by the failed "write()". Another problem is that libraries such as libsocket which return -1 and the error code in "errno" might also encounter this libthread bug. This results in library calls potentially returning -1 but a 0 in "errno". Hence, applications which call such libraries would run into this bug indirectly with no possibility of implementing a work-around in the application. (from 101489-01) 1146922 cond_timedwait() misses its timeout and hangs The cond_timedwait() interface doesn't reliably guarentee that a thread will wakeup even if it has specified a timeout period. Also, its possible for signals to be pending on a thread which are never delivered. (from 101859-01) 1152710 socket lib in 2.3/2.2 have problems with not clearing bad connections and errno The listening AF_UNIX socket in a server can get permanent errors should the client close the socket before the connection has been accepted. The client might do this if it takes a signal causing the connect() call to return EINTR. Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- The running automountd needs to be stopped prior to patch installation: # sh /etc/init.d/autofs stop If point patch 101869-01 is installed on your system, please run 'backoutpatch 101869-01' before installing this patch. Unless patch 101331-01 or later is installed, installation of this patch will result in the following warning: WARNING: unable to rename This warning may be ignored and kadb is successfully installed. Reboot after installation. NOTE: sendmail is no longer bundled with this patch and is now available as patch 101739. If specific older revisions of patch 101318 is installed after 101739 is installed, the result will be a downgraded sendmail with fewer fixes. Revisions in question are 101318-35 through 101318-42, and represent all kernel patches with sendmail bundled in. Instructions to install patch using "installpatch" -------------------------------------------------- 1. Become super-user. 2. Apply the patch by typing: installpatch where is the directory containing installpatch, and is the directory containing the patch itself. Example: # cd /tmp/123456-01 # ./installpatch . 3. If any errors are reported, see "Patch Installation Errors" in the Command Descriptions section below. Rebooting the system or restarting the application after a successful patch installation is usually necessary to utilize patch. NOTE: On client server machines the patch package is NOT applied to existing clients or to the client root template space. Therefore, when appropriate, ALL CLIENT MACHINES WILL NEED THE PATCH APPLIED DIRECTLY USING THIS SAME INSTALLPATCH METHOD ON THE CLIENT. See the next section for instructions for installing a patch on a client. Instructions for installing a patch on a dataless client -------------------------------------------------------------------- 1. Before applying the patch, the following command must be executed on the server to give the client read-only, root access to the exported /usr file system so that the client can execute the pkgadd command: share -F nfs -o ro,anon=0 /export/exec//usr The command: share -F nfs -o ro,root= \ /export/exec//usr accomplishes the same goal, but only gives root access to the client specified in the command. 2. Login to the client system and become super-user. 3. Continue with step 2 in the "Instructions to install patch using installpatch" section above. Instructions for installing a patch on a diskless client -------------------------------------------------------------------- ** To install a patch on a diskless client, you may either follow the instructions for installing on a dataless client (that is, you may logon to the client and install the patch), or you may use the following instructions to install the patch while on the server. 1. Find the complete path for the root directory of the diskless client. 2. Install the patch normally, but add the command option -R to the command line. should be the completely specified. Example: # cd /tmp/123456-01 # ./installpatch -R /export/root/client1 . Instructions for backing out a patch using "backoutpatch" ----------------------------------------------------------- 1. Become super-user. 2. Change directory to /var/sadm/patch: cd /var/sadm/patch 3. Backout patch by typing: /backoutpatch where is the patch number. Example: # cd /var/sadm/patch # 123456-01/backoutpatch 123456-01 4. If any errors are reported, see "Patch Backout Errors" in the Command Descriptions section below. Instructions for backing out a patch on a dataless client ---------------------------------------------------------- 1. Give the client root access to /usr as specified in the installpatch section. 2. Logon to the client and follow backoutpatch instructions as specified above. Instructions for backing out a patch on a diskless client ----------------------------------------------------------- ** To backout a patch on a diskless client, you may either follow the instructions for backout on a dataless client (that is, you may logon to the client and backout the patch), or you may use the following instructions to backout the patch while on the server. 1. Find the complete path for the root directory of the diskless client. 2. Backout the patch normally, but add the command option -R to the command line. should be the completely specified. Example: # cd /export/root/client1/var/sadm/patch # ./123456-01/backoutpatch -R /export/root/client1 123456-01 Instructions for identifying patches installed on system: ---------------------------------------------------------- Patch packets that have been installed can be identified by using the -p option. To find out which patches are installed on a diskless client, use both the -R option and the -p option, where is the fully specified path to the client's root directory. #cd /tmp/123456-01 #./installpatch -p #./installpatch -R /export/root/client1 -p Also note that the command "showrev -p" will show the patches installed on the local machine, but will not show patches installed on clients. Command Descriptions -------------------- NAME installpatch - apply patch package to Solaris 2.x system backoutpatch - remove patch package, restore previously saved files SYNOPSIS installpatch [-udpV] [-S ] backoutpatch [-fV] [-S ] DESCRIPTION These installation and backout utilities apply only to Solaris 2.x associated patches. They do not apply to Solaris 1.x associated patches. These utilities are currently only provided with each patch package and are not included with the standard Solaris 2.x release software. OPTIONS installpatch: -u unconditional install, turns off file validation. Allows the patch to be applied even if some of the files to be patched have been modified since original installation. -d Don't back up the files to be patched. This means that the patch CANNOT BE BACKED OUT. -p Print a list of the patches currently applied -V Print script version number -S Specify an alternate service (e.g. Solaris_2.3) for patch package processing references. -R Specify an alternate package installation root. Most useful for installing patches on diskless clients while logged on to the server. backoutpatch: -f force the backout regardless of whether the patch was superseded -V print version number only -S Specify an alternate service (e.g. Solaris_2.3) for patch package processing references. -R Specify an alternate package installation root. Most useful for removing patches on diskless clients while logged on to the server. DIAGNOSTICS Patch Installation Errors: -------------------------- Error message: The prepatch script exited with return code . Installpatch is terminating. Explanation and recommended action: The prepatch script supplied with the patch exited with a return code other than 0. Run a script trace of the installpatch and find out why the prepatch had a bad return code. Fix the problem and re-run installpatch. To execute a script trace: # sh -x ./installpatch . > /tmp/patchout 2>&1 The file /tmp/patchout will list all commands executed by installpatch. You should be able to determine why your prepatch script failed by looking through the /tmp/patchout file. If you still can't determine the reason for failure, contact customer service. Error message: The postpatch script exited with return code . Backing out patch. Explanation and recommended action: The postpatch script provided with the patch exited with an error code other than 0, and the patch has not previously been applied. Installpatch will execute backoutpatch to return the system to its pre-patched state. Create a script trace of the installpatch (see above) and find out why the postpatch script failed. Correct and re-execute installpatch. If you are unable to determine why the postpatch script failed, contact customer service. Error message: The postpatch script exited with return code . Not backing out patch because this is a re-installation. The system may be in an unstable state! Installpatch is terminating. Explanation and recommended action: The postpatch script provided with the patch exited with an error code other than 0. Because this is a re-installation of a patch, installpatch will not automatically backout the patch. You may backout the patch manually using the backoutpatch command, then generate a script trace of the installpatch as described above. Find out why the postpatch failed, correct the problem, and re-install the patch. If you are unable to determine why the postpatch script failed, contact customer service. Error message: Patch has already been applied. Explanation and recommended action: This patch has already been applied to the system and no additional patch packages would be added due to a re-installation. If the patch has to be reapplied for some reason, backout the patch and then reapply it. Error message: Symbolic link in package Symbolic links can't be part of a patch. Installpatch is terminating. Explanation and recommended action: The patch was incorrectly built. Contact customer service to get a new patch. Error message: This patch is obsoleted by patch which has already been applied to this system. Patch installation is aborted. Explanation and recommended action: Occasionally, a patch is replaced by a new patch which incorporates the bug fixes in the old patch and supplies additional fixes also. At this time, the earlier patch is no longer made available to users. The second patch is said to "obsolete" the first patch. However, it is possible that some users may still have the earlier patch and try to apply it to a system on which the later patch is already applied. If the obsoleted patch were allowed to be applied, the additional fixes supplied by the later patch would no longer be available, and the system would be left in an inconsistent state. This error message indicates that the user attempted to install an obsoleted patch. There is no need to apply this patch because the later patch has already supplied the fix. Error Message: None of the packages to patch are installed on this system. Explanation and recommended action: The original packages for this patch have not been installed and therefore the patch cannot be applied. The original packages need to be installed before applying the patch. Error message: This patch is not applicable to client systems. Explanation and recommended action: The patch is only applicable to servers and standalone machines. Attempting to apply this patch to a client system will have no effect on the system. Error message: The -S and -R arguments are mutually exclusive. Explanation and recommended action: You have specified both a non-native service to patch, and a package installation root. These two arguments are mutually exclusive. If patching a non-native usr partition, the -S option should be used to patch all clients using that service. If patching a client's root partition (either native or non-native), the -R option should be used. Error message: The service cannot be found on this system. Explanation and recommended action: You have specified a non- native service to patch, but the specified service is not installed on your system. Correctly specify the service when applying the patch. Error message: The Package Install Root directory cannot be found on this system. Explanation and recommended action: You have specified a directory that is either not mounted, or does not exist on your system. Specify the directory correctly when applying the patch. Error message: The /usr/sbin/pkgadd command is not executable. Explanation and recommended action: The /usr/sbin/pkgadd command cannot be executed. The most likely cause of this is that installpatch is being run on a diskless or dataless client and the /usr file system was not exported with root access to the client. See the section above on "Instructions for installing a patch on a diskless or dataless client". Error message: packages are not proper patch packages. Explanation and recommended action: The patch directory supplied as an argument to installpatch did not contain the expected package format. Verify that the argument supplied to installpatch is correct. Error message: The following validation error was found: Explanation and recommended action: Before applying the patch, the patch application script verifies that the current versions of the files to be patched have the expected fcs checksums and attributes. If a file to be patched has been modified by the user, the user is notified of this fact. The user then has the opportunity to save the file and make a similar change to the patched version. For example, if the user has modified /etc/inet/inetd.conf and /etc/inet/inetd.conf is to be replaced by the patch, the user can save the locally modified /etc/inet/inetd.conf file and make the same modification to the new file after the patch is applied. After the user has noted all validation errors and taken the appropriate action for each one, the user should re-run installpatch using the "-u" (for "unconditional") option. This time, the patch installation will ignore validation errors and install the patch anyway. Error message: Insufficient space in /var/sadm/patch to save old files. Explanation and recommended action: There is insufficient space in the /var/sadm/patch directory to save old files. The user has two options for handling this problem: (1) generate additional disk space by deleting unneeded files, or (2) override the saving of the old files by using the "-d" (do not save) option when running installpatch. However if the user elects not to save the old versions of the files to be patched, backoutpatch CANNOT be used. One way to regain space on a system is to remove the save area for previously applied patches. Once the user has decided that it is unlikely that a patch will be backed out, the user can remove the files that were saved by installpatch. The following commands should be executed to remove the saved files for patch xxxxxx-yy: cd /var/sadm/patch/xxxxxx-yy rm -r save/* rm .oldfilessaved After these commands have been executed, patch xxxxxx-yy can no longer be backed out. Error message: Save of old files failed. Explanation and recommended action: Before applying the patch, the patch installation script uses cpio to save the old versions of the files to be patched. This error message means that the cpio failed. The output of the cpio would have been preceded this message. The user should take the appropriate action to correct the cpio failure. A common reason for failure will be insufficient disk space to save the old versions of the files. The user has two options for handling insufficient disk space: (1) generate additional disk space by deleting unneeded files, or (2) override the saving of the old files by using the "-d" option when running installpatch. However if the user elects not to save the old versions of the files to be patched, the patch CANNOT be backed out. Error message: Pkgadd of package failed with error code . See /tmp/log. for reason for failure. Explanation and recommended action: The installation of one of patch packages failed. Installpatch will backout the patch to leave the system in its pre-patched state. See the log file for the reason for failure. Correct the problem and re-apply the patch. Error message: Pkgadd of package failed with error code . Will not backout patch...patch re-installation. Warning: The system may be in an unstable state! See /tmp/log. for reason for failure. Explanation and recommended action: The installation of one of the patch packages failed. Installpatch will NOT backout the patch. You may manually backout the patch using backoutpatch, then re-apply the entire patch. Look in the log file for the reason pkgadd failed. Correct the problem and re-apply the patch. Patch Installation Messages: --------------------------- Note: the messages listed below are not necessarily considered errors as indicated in the explanations given. These messages are, however, recorded in the patch installation log for diagnostic reference. Message: Package not patched: PKG=SUNxxxx Original package not installed Explanation: One of the components of the patch would have patched a package that is not installed on your system. This is not necessarily an error. A Patch may fix a related bug for several packages. Example: suppose a patch fixes a bug in both the online-backup and fddi packages. If you had online-backup installed but didn't have fddi installed, you would get the message Package not patched: PKG=SUNWbf Original package not installed This message only indicates an error if you thought the package was installed on your system. If this is the case, take the necessary action to install the package, backout the patch (if it installed other packages) and re-install the patch. Message: Package not patched: PKG=SUNxxx ARCH=xxxxxxx VERSION=xxxxxxx Architecture mismatch Explanation: One of the components of the patch would have patched a package for an architecture different from your system. This is not necessarily an error. Any patch to one of the architecture specific packages may contain one element for each of the possible architectures. For example, Assume you are running on a sun4m. If you were to install a patch to package SUNWcar, you would see the following (or similar) messages: Package not patched: PKG=SUNWcar ARCH=sparc.sun4c VERSION=11.5.0,REV=2.0.18 Architecture mismatch Package not patched: PKG=SUNWcar ARCH=sparc.sun4d VERSION=11.5.0,REV=2.0.18 Architecture mismatch Package not patched: PKG=SUNWcar ARCH=sparc.sun4e VERSION=11.5.0,REV=2.0.18 Architecture mismatch Package not patched: PKG=SUNWcar ARCH=sparc.sun4 VERSION=11.5.0,REV=2.0.18 Architecture mismatch The only time these messages indicate an error condition is if installpatch does not correctly recognize your architecture. Message: Package not patched: PKG=SUNxxxx ARCH=xxxx VERSION=xxxxxxx Version mismatch Explanation: The version of software to which the patch is applied is not installed on your system. For example, if you were running Solaris 5.3, and you tried to install a patch against Solaris 5.2, you would see the following (or similar) message: Package not patched: PKG=SUNWcsu ARCH=sparc VERSION=10.0.2 Version mismatch This message does not necessarily indicate an error. If the version mismatch was for a package you needed patched, either get the correct patch version or install the correct package version. Then backout the patch (if necessary) and re-apply. Message: Re-installing Patch. Explanation: The patch has already been applied, but there is at least one package in the patch that could be added. For example, if you applied a patch that had both Openwindows and Answerbook components, but your system did not have Answerbook installed, the Answerbook parts of the patch would not have been applied. If, at a later time, you pkgadd Answerbook, you could re-apply the patch, and the Answerbook components of the patch would be applied to the system. Message: Installpatch Interrupted. Installpatch is terminating. Explanation: Installpatch was interrupted during execution (usually through pressing ^C). Installpatch will clean up its working files and exit. Message: Installpatch Interrupted. Backing out Patch... Explanation: Installpatch was interrupted during execution (usually through pressing ^C). Installpatch will clean up its working files, backout the patch, and exit. Patch Backout Errors: --------------------- Error message: prebackout patch exited with return code . Backoutpatch exiting. Explanation and corrective action: the prebackout script supplied with the patch exited with a return code other than 0. Generate a script trace of backoutpatch to determine why the prebackout script failed. Correct the reason for failure, and re-execute backoutpatch. Error message: postbackout patch exited with return code . Backoutpatch exiting." Explanation and corrective action: the postbackout script supplied with the patch exited with a return code other than 0. Look at the postbackout script to determine why it failed. Correct the failure and, if necessary, RE-EXECUTE THE POSTBACKOUT SCRIPT ONLY. Error message: Only one service may be defined. Explanation and corrective action: You have attempted to specify more than one service from which to backout a patch. Different services must have their patches backed out with different invocations of backoutpatch. Error message: The -S and -R arguments are mutually exclusive. Explanation and recommended action: You have specified both a non-native service to backout, and a package installation root. These two arguments are mutually exclusive. If backing out a patch from a non-native usr partition, the -S option should be used. If backing out a patch from a client's root partition (either native or non-native), the -R option should be used. Error message: The service cannot be found on this system. Explanation and recommended action: You have specified a non- native service from which to backout a patch, but the specified service is not installed on your system. Correctly specify the service when backing out the patch. Error message: Only one rootdir may be defined. Explanation and recommended action: You have specified more than one package install root using the -R option. The -R option may be used only once per invocation of backoutpatch. Error message: The directory cannot be found on this system. Explanation and recommended action: You have specified a directory using the -R option which is either not mounted, or does not exist on your system. Verify the directory name and re-backout the patch. Error message: Patch has not been successfully applied to this system. Explanation and recommended action: You have attempted to backout a patch that is not applied to this system. If you must restore previous versions of patched files, you may have to restore the original files from the initial installation CD. Error message: Patch has not been successfully applied to this system. Will remove directory Explanation and recommended action: You have attempted to back out a patch that is not applied to this system. While the patch has not been applied, a residual /var/sadm/patch/ (perhaps from an unsuccessful installpatch) directory still exists. The patch cannot be backed out. If you must restore old versions of the patched files, you may have to restore them from the initial installation CD. Error message: This patch was obsoleted by patch . Patches must be backed out in the order in which they were installed. Patch backout aborted. Explanation and recommended action: You are attempting to backout patches out of order. Patches should never be backed-out out of sequence. This could undermine the integrity of the more current patch. Error message: Patch was installed without backing up the original files. It cannot be backed out. Explanation and recommended action: Either the -d option of installpatch was set when the patch was applied, or the save area of the patch was deleted to regain space. As a result, the original files are not saved and backoutpatch cannot be used. The original files can only be recovered from the original installation CD. Error message: pkgrm of package failed return code . See /var/sadm/patch//log for reason for failure. Explanation and recommended action: The removal of one of patch packages failed. See the log file for the reason for failure. Correct the problem and run the backout script again. Error message: Restore of old files failed. Explanation and recommended action: The backout script uses the cpio command to restore the previous versions of the files that were patched. The output of the cpio command should have preceded this message. The user should take the appropriate action to correct the cpio failure. KNOWN PROBLEMS: On client server machines the patch package is NOT applied to existing clients or to the client root template space. Therefore, when appropriate, ALL CLIENT MACHINES WILL NEED THE PATCH APPLIED DIRECTLY USING THIS SAME INSTALLPATCH METHOD ON THE CLIENT. See instructions above for applying patches to a client. A bug affecting a package utility (eg. pkgadd, pkgrm, pkgchk) could affect the reliability of installpatch or backoutpatch which uses package utilities to install and backout the patch package. It is recommended that any patch that fixes package utility problems be reviewed and, if necessary, applied before other patches are applied. Such existing patches are: 100901 Solaris 2.1 101122 Solaris 2.2 101331 Solaris 2.3 SEE ALSO pkgadd, pkgchk, pkgrm, pkginfo, showrev, cpio