Patch-ID# 103640-28 Keywords: security y2000 kernel klmmod threads ufs RPC NFS libc NIS+ libnsl ACL Synopsis: SunOS 5.5.1: kernel, nisopaccess, & libthread patch Date: Aug/09/99 Solaris Release: 2.5.1 SunOS Release: 5.5.1 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 103641 Xref: This patch available for PPC as patch 103642 Topic: SunOS 5.5.1: kernel, nisopacces, & libthread patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. BugId's fixed with this patch: 1159865 1168376 1171284 1182705 1185691 1189481 1196541 1199624 1202807 1206421 1208460 1212953 1212974 1213016 1215792 1219671 1221809 1223323 1223326 1223900 1224425 1225430 1227376 1227580 1230570 1231167 1232758 1232825 1233049 1233088 1233514 1234450 1234630 1234968 1235867 1237009 1237898 1238241 1238559 1238582 1239385 1240234 1241118 1241816 1242188 1242395 1242408 1243441 1244088 1244822 1244872 1244917 1244958 1245291 1245451 1245602 1246045 1246630 1246864 1247052 1247172 1247572 1248090 1248925 1249250 1249373 1249903 1249985 1250351 1250620 1250848 1250937 1251000 1251421 1251423 1251430 1251466 1251879 1253366 1253528 1253810 1255623 1256153 1256610 1257003 1257803 1258151 1258191 1258802 1258916 1259200 1259585 1259984 1260766 1260769 1260873 1260959 1260982 1261511 1261609 BugId's fixed with this patch: 1262082 1262462 1262503 1262666 1262678 1262694 1262979 1262995 1263251 1263924 1264333 1264646 1264708 1264890 1265000 1265170 1265396 1265447 1265578 1265705 1265722 1265785 1265970 1266113 1266278 1266371 1266767 1267447 1267506 4004147 4004575 4005261 4005483 4005615 4005653 4005686 4006674 4006846 4007477 4007542 4007808 4007937 4008234 4008921 4009069 4009567 4010116 4010606 4011031 4011225 4011495 4011866 4011948 4013727 4013751 4015176 4015191 4015367 4015497 4015891 4016316 4016724 4016961 4017121 4017513 4017705 4017750 4017770 4018004 4018801 4018883 4018887 4019380 4022240 4022299 4022354 4022682 4022849 4024106 4024288 4024599 4024647 4025548 4025665 4026118 4026339 4026411 4026740 4026789 4026833 4027360 4027442 4027493 4027736 4028339 4028618 4028676 4029971 4030045 4030151 BugId's fixed with this patch: 4031186 4032123 4032761 4032974 4034003 4034585 4034675 4035012 4035167 4035202 4035403 4035845 4036063 4036589 4037755 4037821 4038653 4040036 4040423 4041518 4041542 4042372 4042883 4043953 4044079 4044980 4045229 4045268 4047729 4049222 4050818 4050892 4051082 4051257 4051271 4051392 4051590 4051899 4052568 4052812 4052879 4054308 4054742 4055257 4055704 4055715 4055724 4055727 4056222 4057122 4057606 4058892 4058904 4059632 4059736 4060416 4060451 4060465 4061967 4062430 4062572 4062815 4062999 4063668 4063932 4065248 4067374 4067569 4067641 4069641 4070968 4072815 4073684 4075462 4077343 4079028 4079241 4079302 4080160 4080264 4082436 4083720 4085394 4087112 4089644 4091822 4092407 4092838 4096789 4097082 4098645 4098943 4099656 4100047 4102420 4104625 4105997 4107724 4107794 4110026 BugId's fixed with this patch: 4110785 4113382 4115951 4118037 4119745 4120985 4122408 4127499 4127727 4128660 4129064 4129188 4129957 4131439 4132290 4134299 4135388 4136059 4136726 4137387 4139126 4139462 4140617 4141709 4141788 4145354 4146445 4149227 4149597 4150947 4151266 4152975 4153452 4155392 4157559 4157739 4165597 4169614 4170410 4173285 4175350 4175558 4178386 4179269 4181592 4182028 4182861 4184623 4188005 4189981 4190117 4190645 4192195 4194505 4196986 4205959 4207409 4209710 4209713 4242270 BugId's fixed with this patch: 1240946 4028250 4031802 4038775 4042415 4044674 4051582 4052382 4053468 4053490 4053494 4063448 4064256 4064893 4065560 4070324 4080609 4084222 4084225 4088220 4090750 4099466 4108259 4109198 4110996 4111714 4116141 4116878 4120185 4128833 4129429 4131387 4134432 4134487 4135621 4136544 4139218 4139521 4149344 4166392 4166725 4169694 4169916 4171279 4173946 4196459 4207064 4213437 4225351 4227197 4234249 4243305 4247010 4209833 Changes incorporated in this version: 1259585 4005653 4055704 4055715 4055724 4055727 4087112 4120985 4136726 4157739 4169614 4182028 4189981 4192195 4194505 4205959 4207409 4209710 4209713 4242270 Changes incorporated in this version: 4227197 4234249 4243305 4247010 4209833 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: 103591-09 103658-02 103920-05 103600-18 103609-02 104317-01 106623-01 103612-51 103615-04 103654-01 104915-10 Patches which conflict with this patch: iss_sparc-01 (or newer) Patches required with this patch: Obsoleted by: Files included with this patch: /kernel/drv/mm /kernel/drv/sad /kernel/fs/nfs /kernel/fs/ufs /kernel/genunix /kernel/misc/klmmod /kernel/misc/klmops /kernel/misc/tlimod /kernel/strmod/rpcmod /kernel/sys/doorfs /kernel/sys/nfs /kernel/sys/shmsys /platform/sun4c/kernel/unix /platform/sun4c/ufsboot /platform/sun4d/kernel/unix /platform/sun4d/ufsboot /platform/sun4m/kernel/unix /platform/sun4m/ufsboot /platform/sun4u/kadb /platform/sun4u/kernel/genunix /platform/sun4u/kernel/unix /platform/sun4u/ufsboot /usr/bin/nismkdir /usr/bin/nistest /usr/include/sys/class.h /usr/include/sys/conf.h /usr/include/sys/disp.h /usr/include/sys/fs/ufs_inode.h /usr/include/sys/fs/ufs_quota.h /usr/include/sys/fs/ufs_trans.h /usr/include/sys/proc.h /usr/include/sys/shareIIstubs.h /usr/include/sys/vnode.h /usr/include/thread.h /usr/include/v9/sys/machpcb.h /usr/lib/adb/mntinfo /usr/lib/adb/rnode /usr/lib/adb/ufsq /usr/lib/fn/fn_ctx_onc_fn_nisplus_root.so.1 /usr/lib/fs/ufs/fsck /usr/lib/libc.a /usr/lib/libc.so.1 /usr/lib/libnsl.a /usr/lib/libnsl.so.1 /usr/lib/libp/libc.a /usr/lib/libsec.a /usr/lib/libsec.so.1 /usr/lib/libthread.so.1 /usr/lib/libthread_db.so.0 /usr/lib/libthread_db.so.1 /usr/lib/nfs/nfsd /usr/lib/nis/nisclient /usr/lib/nis/nisopaccess /usr/lib/nis/nisping /usr/lib/nis/nisupdkeys /usr/lib/pics/libc_pic.a /usr/platform/sun4c/lib/fs/nfs/inetboot /usr/platform/sun4d/lib/fs/nfs/inetboot /usr/platform/sun4m/lib/fs/nfs/inetboot /usr/platform/sun4u/lib/fs/nfs/inetboot /usr/platform/sun4u/lib/libc_psr.so.1 /usr/sbin/mountall /usr/sbin/nis_cachemgr /usr/sbin/nisinit /usr/sbin/rpc.nisd /usr/sbin/static/rcp /usr/ucblib/libucb.a /usr/ucblib/libucb.so.1 /platform/sun4u1/kadb /platform/sun4u1/kernel/drv/dr /platform/sun4u1/kernel/genunix /platform/sun4u1/kernel/misc/hswp /platform/sun4u1/kernel/unix /platform/sun4u1/ufsboot /usr/platform/sun4u1/lib/fs/nfs/inetboot /usr/platform/sun4u1/lib/libc_psr.so.1 Problem Description: 4242270 2.5.1 -28 patch: ontest causes the system to hang 4205959 mountall will sometimes crash the system when doing the fsck portion of command 4194505 trap type=0x31 in disp_lowpri_cpu running HSM 3.1.1 migsweepihand 4192195 ftime() does not update contents of struct timeb timezone and dstflag members 4157739 Thread suspension/resumption interferes pathologically with mutex acquisition 4169614 Doug Lea's program results in thread library panic 4207409 JTG libthread break dbx 4.0 due to incompatible argument order of signal handler 4189981 thr_getstate returns incorrect pc (_restorefsr) but sp is correct 4209710 libthread panic (SEGV) in _onproc_deq 4209713 debug version of libthread fails assertion 4182028 _sc_list is corrupted by exiting lwp in child of a fork() 4136726 nfs_access_purge_rp: entry not in hash queue panic after installing patch 105720 4120985 panic in free_page on multiprocessor machines with fix bug 4026411 4087112 panic in putq due to null q_last value 4005653 full table scans can overload NIS+ servers 4055704 NIS_CALLBACK not authenticated 4055715 NIS_PING not authenticated 4055724 NIS_CHECKPOINT not authenticated 4055727 NIS_CPTIME not authenticated 1259585 svc_run thread stack size should be tunable 4209833 patch 104915-10 breaks DR of A5000 & SSA 4227197 2.6 OS with 105181-13 KU patch took hostreset dump running drstress 4234249 dr drains lead to too little swap space left 4243305 spitfire_cache_flushall_tl1 now uses output registers 4247010 Enabling the DR cage can sometimes cause unnecessary context switching (from 103640-27) 4190117 networked application cause a hard hang 4175350 longjmp see NULL value with jmp_buf causes csh dump core on SS20 hyperSPARC MP 4151266 400 mhz cpu with 8 meg cache fails to boot - panic bad mutex 4146445 ufs_lockfs_begin_getpage() assumes it's backing segvn 4181592 wrong instruction/data processing on sun4u MP when share memory severely used 4062430 libthread creates threads before calling _ld_concurrency 4052568 libthread/libpthread is not fork1-safe (as documented) 4054742 libthread use of file desc. causes problems for daemons, _alloc_chunk() 4119745 realitexpire() algorithm is too slow when system time is changed 4131387 the test "lwp03" from mixstress test suite panics on domain xf3 with 2.6hw3 4134487 system hung - cage grow blocked by shared locked pages 4196459 page locks causing DR drain and detach ioctl failures 4207064 System board detach failed with mistaken low free memory condition. 4213437 System Panic'd when page_sub hit upon a null page 4225351 dr driver's page_reloc_map needs to be initialized (from 103640-26) 4010116 SVVS write test on S2.6 with DiskSuite 4.0 deadlocks 1171284 user-allocated thread stacks must be zeroed or process hangs 4153452 EOF being reported when comparing a 2gb file on vxfs and ufs 4178386 A5000 boot -v ,level 14 interrupt,fast data access protection,SEVM or veritas2.6 4173285 Sleep(3T) is in error by less than 1 sec. 4182861 deadlock when running quotas on system with heavy I/O activity 4107724 implement workarounds for spitfire errata 32 and 54 1212953 unlink() returns EBUSY when 2 threads unlink hardlinks to same inode 4132290 can't dump core when deadman drops into debugger 4196986 deadlock caused by fix for bug 4060416 in patch 103640-24 (from 103640-25) 4179269 giant core images cause filesystem corruption 4170410 rename is not atomic over nfs 4152975 nfs services go to "sleep" on large, heavily loaded servers 4134299 ufs_check_lockfs() does not work for error locked filesystems 4131439 deadlock_panic from pi_willto 4070968 A synch object that spans pages can cause deadlock 4065248 UFS Caching can adversely effect application performance 4051392 prmapin doesn't lock mapping but prmapout unlocks it in case of device memory 4042372 Directories with SGID bit set and default ACL do not behave as documented 4091822 ACL - with ls -l the mask is shown not the effective group rights 4072815 *ls* doesn't always report a +" for files with ACLs. 4166392 The execution time of the program is uneven on starfire. 4169916 Excessive ECC errors (from 103640-24) 4141709 libthread deadlock between SIGALRM and SIGLWP 4061967 assertion failure in _disp() for cancellation test. 4166725 E10000 had panic with "send_mondo: timeout" under Solaris 2.5.1 (from 103640-23) 4149227 103612-41 causes ldd to throw out unresolved references in libdl.so.1 4141788 System hangs due to pagefault loop in shared memory. 4129957 Fast data mmu miss jumpstarting E3000 with 336mhz cpu's 4127499 SunFire should not be as verbose in printing CE ECC messages 4107724 implement workarounds for spitfire errata 32 and 54 4102420 segv's and libthread panics when numerous pthread_cancel()'s are run 4060416 write(2) i_contents race can show stale data via mmap()'ed file 4028339 du and quotacheck are not in sync 1238241 data fault when calling ufs_acl_setattr with ufs_acl 0 in inode 4129188 UFS should do more file type checking for reads, writes, and mounts 4139462 system clock thread went to sleep trying to grab a process lock 4149344 hostint and sigbcmd fail with SSP3.1 software (from 103640-22) 4145354 Ultra 1 panic in -- segkp_fault: accessing redzone 4137387 entryoffsetinblock in ufs_dirlook is not initialized, can cause alignment panic 4115951 Diskless Ultra-1s unable to perform system crash dump across network 4113382 system paniced invalid tte? 4110785 nfs/dnlc problems with nfs3lookup & unlink 4107794 UE4000's hang with dozens of threads waiting in get_arg_base() 4011031 Admintool Serial tty SS1000E Watchdog Reset 4134432 Caged kernel doesn't grow when requesting large amounts of memory 4139218 panic[cpu9]/thread=0x713a4360: page_unlock: page 1086c780 is not locked (from 103640-21) 4122408 Backup performance with Netbackup 3.0 is far below expectations. 4110026 Solaris 2.5.1, sigwait() returns '-1' by SIGLWP when compile/link with '-lthread' 4096789 quota -v gives NOT STARTED output for time left column. 4092407 release of i_contents lock in ufs_si_load can lead to race 4080160 tickint_clnt_add miscalculates interval between handler calls 4063932 orphan lock problem caused by sigalrm/sigintr & large packet loss 4052812 Jumpstart finish script cannot unmount filesystems 4037755 getting portmap RPC for every NLM RPC 4035012 Panic: thread blocked on reader's lock in both nodes of a PDB cluster 1262979 inode cache consumes too much memory; system hangs 4026789 deadlock between i_contents lock and page_lock 4051899 ufs idle queue has no hysteresis control 4116878 dis_err_panic1 destroys status information from ASFR trap reg. (from 103640-20) 4104625 UE4000's 2.5.1 panic: xc_attention() timeout, recv_cpuset 0x0, xc_cpuset 0x1 4099656 httpd process hangs and can't be killed 4098645 setcontext() uses >25% of the stack & segkp_fault: accessing redzone panic. 4092838 kadb cannot reliably set breakpoints in loadable modules 4011225 KADB does not always set breakpoints as expected 4034675 kadb can't store to kernel memory on sun4u 1267506 kadb breakpoints don't work 4024106 kadb :c often causes panics 4037821 E3000 panics in the middle of System Test 1244958 soft hangs on Ultra2 when running combo test 4110996 oninit informix processes hang 1240946 Inetboot does not flush I-cache after modifying text and jumping to it 4136544 getting "flusher thread" hang during dr drain (from 103640-19) 4100047 fork1() never returns in a multithreaded application causing process to hang 4097082 _lwp_sigredirect() if called from a non-mt process panics kernel. 4067569 sol 2.5.1, ODS 4.x, ino_new and ufs_inode_cache grows under logging device 4041542 kRPC/COTS client thinks that it is getting large records 4034003 NFSv3 access() caching can kill performance 4010606 shared memory tests panic on s297_19 on sunfire 1266113 due to memory corruption in the OS, Xsun crashes randomly on IPX 1251879 System deadlocks when in.telnetd blocks while holding muxifier mutex. 1237009 users umask modifies ACL's of new files under default ACL's 4073684 "mkdir -p dir" and "mkdir dir" work differently in the presence of default ACLs 4063448 Panic during DR deatch while 'vxvol' processes are running 4108259 single thread not bound to processor degrades performance!! 4109198 pcf_acquire_all argument error in page_reclaim (Starfire only) (from 103640-18) 4017121 zs device driver of Ultra-1 loses incoming data 1251879 System deadlocks when in.telnetd blocks while holding muxifier mutex. 1234968 System Panic, ufs_ifree: freeing free inode, mode= %o, ino = %d, fs = %s (from 103640-17) 4089644 getting "recursive mutex_enter" panic from lwpchan_lock 4083720 Mirrored volumes resync on reboot, even when shut down properly. 4079302 under 2.5.1 sigtimedwait() is not working properly 4070968 A synch object that spans pages can cause deadlock 1263924 fsck can sometimes lose a directory corruption fix 1168376 NIS+ servers should be allowed to be in the domain they serve. 4088220 Missing synchronization between F_SOFTLOCK requests on ISM pages and DR (from 103640-16) 4082436 fsck doesn't repair bad magic number cg 4079241 fsck got SIGSEGV trying fix a corrupted ufs filesystem. 4077343 sun4u systems incorrectly report "sync - giving up" while halting 4062572 syncing page gives up during shutdown 4009567 permanent cache can grow very large leaving the system hungry for kmem 1231167 Ultra Enterprise 3000 panics after lots of kpreempt (from 103640-15) 4079028 ECC and other errors not handled correctly on new hardware due to chip spec change 4070968 A synch object that spans pages can cause deadlock 4057122 race condition in the handling of "dirty" v8 instructions 4080609 UE10000 panics with Volume Manager running 3000 threads (from 103640-14) 4069641 panic in background(): mutex not owned by thread 4059632 Kernel watchdog resets with misaligned stack 4035202 system hangs with sched in an infinite loop 4026740 assert failure in segnf_gettype: seg->s_base == addr 4058892 as_getprot() needs to report real size of ISM segments 4058904 accessing addresses in ISM segments between "real" end and "segment" end loop 4059736 as_memory() does not dump ISM segments 4016961 Panic on cachefs over nfs backfstype on 2.6 beta. 4065560 DR for Starfire (2.5.1) did correctly port support for ddi_dev_is_needed4083498 panic on xf3 with 103640-14 and 104915-04 running dr_stress (from 103640-13) 4067641 Changing acl's on a UFS fs mounted readonly causes machine to panic 4052879 data fault panic in fpeok: realsigprof corrupts top kernel stack frame 4051257 watchdog reset occurs in sys_rtt when running threaded application 4049222 excessive xcalls when processes with very large shared memory segment exit 4047729 E4000 panics on oracle startup: segspt_shmfault F_INVAL 4044980 software trap #6 (ST_FIX_ALIGN) does not work in a threaded application 4043953 kernel randomly paniced with assertion failure in callout.c, line 345 4042883 setuid application generates core file 4040036 chmod g+w does not work when the object has a non-minimal ACL 4038653 nfs mount fails with fully qualified hostname > 32 char's 4030151 CE_WARN messages get wrapped sooner than 128 characters 1185691 boot runs out of memory if memory-update is called too many times 4044674 During completion of DR Detach, system encountered arbstop (from 103640-12) 4062815 System panics while running DB2 This revision backs out the fixes for 4044980 and 4055995 which were introduced in 103640-10. (from 103640-11) 4060451 fix a limitation with resource quotas 4054308 failures in dispinit aren't reported or handled gracefully 4056222 sema_p_sig is broken 1263251 a data race exists in pthread_create 4051271 patch 103640-08 does not contain complete fix for bug 1257803 4044079 counter/timer support change for new hardware 4041518 RFE: fix for sys hard hang during kernel coredumping, either intended or forced 1251466 Ultra 1 hangs after running out of hmeblks with ddivs tests 1244822 sun4u needs a bigger segkp for large sunfire (from 103640-10) *4055995 trap 6 (FIX_ALIGN) trap corrupts registers 4051590 ioctl I_NREAD returns wrong value when patch 103640-08 is applied 4050892 init_swift_idle_cpu() should not search OBP for property 4044980 software trap #6 (ST_FIX_ALIGN) does not work in a threaded application 4031186 boot program gets hung on sun4m by level-14 clock interrupt 4027360 system hangs during shutdown 4026339 /usr/ucb/ps hangs while trying to get anonmap serial_lock in segvn_fault() 4017705 per uid process count not managed correctly w/fork(2) fails 4017513 sybase is getting segv on failed logins on ss10's and ss20's 4015367 Solaris 2.5 cannot handle crash dump bigger than 2GB 1233514 savecore does not save unix.0 on large memory (8GB) sunfire machines 4015176 crash dumping on small swap device is broken 4025548 estimate and print the size needed for full crash dump 4007477 sun4u floating point exception handler gives wrong address to fpu simulator 4006846 BAD TRAP data fault panic in sun4m locked_pgcopy() routine 4053490 dr-max-mem set higher then system mem can cause system unbootable. 4053468 dr_mem_flush_pages() needs to check for kvp pages. (from 103640-09) 4036589 mt application hangs if last pthread_create is allowed to exit 4036063 security problem with writing core files 4032123 Panic (segkp_fault: accessing redzone) occurred on the Solaris2.5 system. 4028676 SS1000 crashes in flk_delete_active_lock 4028618 *ksh*: ksh works different with rsh from sh or csh on 2.5.1 4027493 posix timer elapsed signals are not queued correctly 4022354 kill -9 can not kill application thread in cv_wait called from getandset() 1265722 threads should save/restore the %g2-%g4 global registers on context switches 1262995 dbx produces error "Cannot open "/dev/zero" in child" after a call 1250848 SC2000 with 85 mzh CPU routinely panic/watchdog in srmmu_tlbflush( 1248925 le: 2.6 debug kernel panics on sun4c 1238582 privileged ifconfig ioctls by normal user succeed on sockets created as root 4038775 shmat of ism segment causes assertion failed: se_assert(&pp->p_selock) (from 103640-08) 4035167 Need a new, private interface between JVM and libthread to get a thread's TOS 4034585 system fails "boot net" with bus error 4032974 system hangs when lbolt wraps around. 4026411 free_vp_pages() causes recursive mutex problem in 2.5.1. 4008921 ST_CLEAN_WINDOWS trap is different between sun4m and sun4u 1264890 Sun4d running 2.5.1 panics bp_map: read_hwmap failed 1262082 2.5.1 sun4d hangs w/kernelmap fragmentation 1261609 Offset and Size swapped CPU ECC error message 1265578 a correctable memory error caused 200Mhz pulsar to panic. 4007808 Incorrect AFAR printed if both hi/lo ECC occur 4024288 Intermittent CE errors can be reported even though they are persistent 1224425 promif changes to support >4GB root disks (from 103640-07) 4027736 sbrk remains limited to 2 GB in 2.5.1 4022849 2.5.1 kadb kernel panics with kernel heap corruption; appl hang; sys unusable 4016316 On 2.5.1 and 2.5.1 SHWP system goes into a state of soft hang. 4015891 user app and driver sharing kmem alloc memory get inconsistent mappings 4015497 Locking bug in I_NREAD ioctl handler. 4013727 recursive i_ddi_walk_devs() blows kernel stack, replace with iterative 4013751 sunddi.c:ddi_remove_minor_node() removes incorrect alias node. 1262678 sun4u system panics running shared memory tests 1262503 pulsar watchdog resets on restore PC=edd000d4 4011866 panic: recursive mutex enter from thread intense application 4005261 System with two OEM-supplied SBUS frame buffers will not boot under Sol. 2.5.1 4004575 High mutex hits, slow performance when c2auditing enabled 4004147 panics in segkp_load when the file command is run 1245291 Bug in libthread.so(cond_timedwait()) and libposix4.so(sigtimedwait) in 2.4,2.5 1239385 threaded fp programs compiled with -fnonstd don't have fsr.ns bit set 1182705 Signals may orphan locks on clients (from 103640-06) 4018004 lbolt stops cause system to hang There's an elapsed time between the next_tick read and the current_tick so that next_tick < current_tick when setting tick_compare reg. User may notice the system clock hangs and all processes that rely on the passage of time hang. 4008234 writes to TICK_COMPARE can fail on blackbird cpus Writes to the TICK_COMPARE register fail under certain conditions. 1265970 2.5.1 server lockd backward compatibility problem with NLM V1lock requests When running locking programs with a 2.5/2.5.1 NFS server over a network, the process doing the lock on the client can hang indefinitely waiting for the lock to be granted on the server. 1265447 SYSTEM HANG, CLOCK THREAD IN MUTEX_ENTER WAITING FOR ANOTHER LOCK Multithreaded application may hang due to race condition during fork(). (from 103640-05) 4009069 2.5 TCP generates wrong checksum and never recovers from error 1249985 "deadman" doesn't work correctly on MP systems. 1265396 Ctrl-C typed to dbx is sent to child debugee (not to dbx) when app uses sigwait 1233088 ioctl(PIOCPSINFO) is 100 times too slow on multi-threaded processes (from 103640-04) 4007542 fix to the build problem where build generates strsubr.c compiler warning 1266767 F_GETLK returns incorrect value on 2.x if a lock is pending 1266371 clock activity and all processes that rely on the passage of time stop System clock hangs and all processes that rely on the passage of time hang. They can be killed but time itself is frozen. hrtime is never incremented. date does not show the passage of time. 1257803 watchdog reset encountered on a PDB 1.2 system under load 1257003 Threaded program doesn't scale well unless memory is pre-initialized 1227580 cannot support high TCP connection rates: noncaput errors reported by the driver 1223900 alarm(2) doesn't work properly with large arguments (from 103640-03) 1265705 Add hyperSPARC Colorado-4 support to S2.5 and later kernels 1264333 _lwp_suspend()/continue() interrupts blocking system calls 1262694 Solaris hangs due to memory leak in kmem_alloc-8, kmem_alloc_24 and kmem_alloc-40 1261511 alloc_hunk() bug causes panic with 1MB CPU cache 1260766 Solaris 2.5.1 cannot handle kernel dumps bigger than 2GB 1247572 lkmgr ran into a BAD TRAP while running tpcb workload from 2 nodes 1238559 sun4m user process can arbitrarily dump core with kadb 1256153 watchdog after continuing from kadb 1199624 queuerun indirectly causes fork() call to hang (from 103640-02) 1260982 rwnext & infonext fix (waiting to enter inner perimeter) rwnext returns EGAIN which is causing a big applications to hang. 1260959 Streams information delayed 50-100 ms until dbri driver schedules it 1257803 watchdog reset encountered on a PDB 1.2 system under load 1256610 strwrite fails to call queuerun on error path: bug performance hit 1253528 The problem is associated with the bug found in the SE5 kernel. (from 103640-01) 1251423 panic - recursive mutex_enter on lwplock 1251421 Files may be corrupted after a power failure 1249250 SIGSEGV handler gets truncated fault address (from 103658-02) This patch-rev now includes /kernel/misc/klmops, a module that was inadvertently dropped from the previous rev. (from 103658-01) 1251430 Solaris 2.5 system panicked with message "lm_get_sysid: too many lm_sysid's" (from 103920-05) 1258191 msgrcv was not interrupted by thr_suspend(SIGLWP). (from 103920-04) 1260769 MT application is dropping signal events when run on multi-processor systems (from 103920-03) 1247172 Threads losing signals when preempted (from 103920-02) 1241118 libthread panic in thr_join, handling of zombie threads seems to be broken (from 103920-01) 1253366 threads deadlock occurs in delivering SIGIO (from 103591-09) 4051082 Short duration machine hangs after installation of ufs patch 1265170 .../cmd/fs.d/ufs/fsck/utilities.c will not handle 2000AD and beyond YY formats (from 103591-08) 1196541 ufs: root filesystem superblock not flushed on x86 (from 103591-07) 1265000 "panic: kernel heap corruption detected" while running TStrans (high/long) (from 103591-06) 1259984 Sun4d hangs during shutdown or halt (from 103591-05) 4017750 acl(..., SETACL, ...) panics when attempting to set default ACL on directory System panics when a default ACL is set for a directory without regular ACL entries. (from 103591-04) 1267447 deadlock when running quotactl on heavily loaded system (from 103591-03) 1215792 delayed availability of freed diskspace when UFS logging with ODS 4.0/3.0 1245602 Logging UFS is slower than UFS for local writes 1266278 freeing free xxx panic; indirtrunc tries to free the same block twice (from 103591-02) 1233049 System hangs when user stops thread writing to ODS logging device (from 103591-01) 1251000 missing brelse in 'freeing free *' fix-on-panic triggers, leaves bp locked 1250351 fsck mounted fs uses block rather than raw name, so error-lock state isn't fixed 1250620 fix-on-panic hard-locks trans. devices, when only error-lock is necessary 1244088 SS2000 is completely hanging under heavy I/O - Solaris 2.4 + 101945-36 1242188 hang waiting for rwlock with holdcnt of -1 but no owner 1227376 panic "Deadlock condition detected: cycle in blocking chain" (from 103600-18) 4063668 install_mu ld.so.1 error causes broken/incomplete install (from 103600-17) 4032761 nfs errors cause streams_msg_2648 to grow (from 103600-16) 1242408 nfs write error on invoking OW on diskless clients (from 103600-15) 4035845 do_unmount can hang while an NFS server is down 4026118 do_unmount hold vfslist mutex and then hangs on NFS GETATTR call 4007937 Processes hang accessing files over NFS in clnt_tli_kcreate() (from 103600-14) 4024599 NFS problems on /vol with error message: (RPC: Can't encode arguments) (from 103600-13) 4005615 mounting from HP3000 takes too long because of repeated NFS_ACL retransmits (from 103600-12) 4032974 system hangs when lbolt wraps around. (from 103600-11) 4024647 chgrp does not work on NFS mounted filesystems (from 103600-10) 1258802 nfs v3 client gets confused about what cwd is after directory rename 1264646 directory caching incorrect for moving a directory 1246045 NFS/TCP client loops forever trying to bind an in use reserved port 4017770 The fix to bugid 1225408 doesn't work (1225408 sundiag hangs due to dead child process) (from 103600-09) 4027442 Complete the fix for 1234450 2.5 and 2.5.1 (from 103600-08) 4019380 other access to directory hangs while HSM on server restores file (from 103600-07) 4015191 nfs client leaves .nfs files on the server 1250937 NFS server can crash NFS client by sending bogus stat() data (from 103600-06) 1253810 rpcmod's mir_close() routine should not block waiting for flow control (from 103600-05) 1258151 nfs -o noac option does not work properly with novell nfs server (from 103600-04) 1260873 Kernel memory gets corrupted when sharing and unsharing secure NFS. (from 103600-03) 1234450 NFS (VOP_WRITE &c) returns EINTR when "intr" is not specified on the mount. (from 103600-02) 1241816 vi will fail with Stale NFS file handle if option nocto is set (from 103600-01) 1237898 nfs transfer hangs when transferring file > 8k from apollo (from 103609-02) 1240234 NFS server does not accept lock requests from a fujitsu client (from 103609-01) 1232825 RPC: Unable to send/receive (from 104317-01) 1208460 nfsd(1M) should have a way to set a larger listen backlog (from 106623-01) 4149597 *cpio* Cpio -P with ACL give "segmentation core dumped", if user doesn't exist (from 103612-51) 4184623 broken date in GMT timezone, displays as BST with TZ=GB-Eire 4175558 TZ=GMT0BST-1,M3.5.0/2:00,M10.5.0/2:00 breaks 6 times from now to 2037 4190645 Y2000 Problem in libc in function posixgetdst - Backport of 4152473 4155392 timezone change gives wrong alternate timezone 4136059 utc changes from 2.5.1 to 2.6 cause problems when including OS patches 4188005 mktime() can return wrong time if using multiple TZ's (from 103612-50) 4150947 stubs versions of thr_keycreate(), etc., should return meaningful values NOTE: this revision takes out the changes for 4150947. (from 103612-49) 4157559 automountd won't retry the Null call to nfsd in pingnfs() (from 103612-48) 4150947 Stubs versions of thr_keycreate(), etc., should return meaningful values (from 103612-47) 4129064 NIS+ client processes fail with 'xdr_array: out of memory' errors (from 103612-46) 1202807 Expansion of NIS+ name incorrect/inconsistent (from 103612-45) 4165597 getdate should allow dates before 1970 - Backport of 4050856 & 4036732 (from 103612-44) 4149227 103612-41 causes ldd to throw out unresolved references in libdl.so.1 4140617 serving list hosed by nis+ object with non-trailing-dot group owner name 4102420 segv's and libthread panics when numerous pthread_cancel()'s are run (from 103612-43) 4139126 libnsl buffer overflows (from 103612-42) 4067374 localtime(0) error (from 103612-41) 4135388 rpc.nisd buffer overflow 4018801 ypmatch causes console message after patch T103187-16 (from 103612-40) 4127727 getgrgid_r() can corrupt stack / buffers if buffer is too small. 4128660 An application using getnam_r core dumps with the latest libc patch 4118037 getgrent_r() hangs if nis is not up and libthread is linked in. (from 103612-39) 4105997 Y2000 tm_test01 fails with current S2.5.1 strptime() 4098943 'yp_match' function not working in compatibility mode 4085394 TCP connections to rpcbind remain established if client is halted. 4062999 "Error in RPC subsystem" error from nisstat,nisupdkeys with +10 NIS+ sub-domains (from 103612-38) 1243441 abort() function does not work correct in threaded application (from 103612-37) 4045229 strptime and getdate year calculation does not count century; strptime range checks 4050818 getdate %C (century) should use current year offset if year offset not given 1189481 automountd caches old ip address of nfs server and never refreshes (from 103612-36) 4075462 nisd is not closing file descriptors. 1168376 NIS+ servers should be allowed to be in the domain they serve. (from 103612-35) 4080264 ypbind.pid file not created for diskless clients (from 103612-34) 4022240 Informix processes hang with corrupt TLI endpoint state (from 103612-33) 4055257 realloc failure does not leave orignal region "intact" (from 103612-32) 1225430 ypbind can get requests before it is ready for them (from 103612-31) 4045268 nis_cachemgr does not verify authenticity of objects 4057606 Out of domain NIS+ lookups don't work after applying fix for 4045268 (from 103612-30) 4060465 setpriority only understands TS and IA 4035403 RPC app breaks in MT mode with "signal fault in critical section" (from 103612-29) 4011948 cuserid() gets incorrect username is due to application running onto CDE (from 103612-28) 4022299 syslogd.pid file deadlock prevents syslogd from starting (from 103612-27) 4045229 strptime and getdate year calculation not count century; strptime range checks 4030045 strxfrm with LC_CTYPE == "de and LC_COLLATE == "de" causes bus error 4022682 nscd dumping core 1262462 create, delete, recreate of user account in NIS+ disruptive to NIS+ server 1206421 NIS+ credential update from client fails due to wrong connection type (from 103612-26) 4040423 ss4000 with hme interface unable to boot with nsswitch setting using dns (from 103612-25) 4011495 'zoneinfo' summertime/wintertime (Southern hemisphere) switchover anomaly Various geographic regions in the Southern hemisphere report a daylight savings time switchover problem in conjunction with the 'zoneinfo' database feeding 'localtime(3)'. (from 103612-24) 4026833 niscat hangs the rpc.nisd in getmsg when adding a third interface in Solaris 2.5.1 1159865 select small timeouts should round up (from 103612-23) 4025665 nisping -Ca broken by fix to bugid#4005483 This patch is generated to workaround bug 4010430 -- installpatch should ignore a required patch when not applicable to a target system. The workaround is to include an empty root sparse patch package. This will allow patch dependency requirement to be met in a server/client configuration. (from 103612-22) 4029971 getopt security problem The fix for 4029971 requires the static version of rcp to be included in the patch. (from 103612-21) 4029971 getopt security problem (from 103612-20) 4018883 getgrnam_r() & getpwnam_r() can overrun buffers. 4018887 gethostbyname_r() can overrun buffer. 1223323 No bounds checking on NIS_GROUP environment variable (from 103612-19) 1247052 nis_dumplog_r translates all failures into NIS_RPCERROR nis_dumplog_r() frequently fais because it attempts to reuse a connection that had been closed on the server side, but couldn't handle the resulting error. Consequently, the dumplog request gets aborted and the NIS+ replica would remain out of sync with the master until the next update for the NIS+ directory in question. (from 103612-18) 1212974 Bogus bootparam packet makes rpcbind stop working (from 103612-17) 4016724 nis_cptime failure in nisd causes unreliable update propagation (from 103612-16) 4005483 replica doing full resync too frequently (from 103612-15) 4006674 rpc.nisd crash because of simple user program The rpc.nisd can free the same memory twice during modify or add operations. Since part of the cleanup work is to zero out pointers, the second free can stomp on memory that's been re-used, or an administrative information used by the malloc library. The latter scenario leads to a core dump. 4005686 strncmp() accesses memory locations beyond what it is supposed to 1249373 Application file descriptors are being closed without applications knowledge 1232758 finddirectory call fails when there are too many replicas 1223326 possible memory leak in "rpc.nisd" rpc.nisd can leak memory if a nis_list with search criteria is done with callbacks. The leak will be equal to 8*(number of matched entries) bytes. The reason for the leak is that memory is being freed in the child process but not in the parent rpc.nisd. (from 103612-14) 1230570 nisplus strips leading spaces before doing lookup. (from 103612-13) 1259200 no more syslog from rpc.nisd after the fix for 1244917 was integrated The fix for bug 1244917 prevents syslog from working. This fix is to call closelog() so that forking and subsequent closing of all field descriptors does not prevent syslog from working. (from 103612-12) 1248090 getwd very slow over nfs to 4.1.3 server The fix for bug 1220400 ("lofs becomes confused about where the present working directory "." is") introduced a new problem -- where getcwd() would erroneously believe that it was passing a mount point, and start lstat()ing every directory in the current directory. With lots of subdirectories, and especially over NFS, these unnecessary lstat() calls could result in very noticeable delays (on the order of minutes with ten+ thousand subdirectories, and/or a slow network). (from 103612-11) 1249903 rpc.nisd hung in nis_list_svc on getmsg in _rcv_conn_con (from 103612-10) 1221809 absence of user public key caching makes NIS+ inter-domain lookups unreliable (from 103612-09) 1245451 syslogd failing to log messages every 12-48 hours of operation (from 103612-08) 1264708 get segmt fault on malloc with getcwd, chdir and opendir over PATH_MAX (from 103612-07) 1265785 fwrite regression from 2.4 to 2.5, 2.5.1 (from 103612-06) 1262666 nscd client backend, getxby_door, has buffer overflows (from 103612-05) 1244917 syslog(3) does not correctly cache the file descriptor that it writes on (from 103612-04) 1255623 getdate() fails on 1st of month with julian date (from 103612-03) 1246864 Multithreaded C++ program using strptime() causes bus error when 'new' used. (from 103612-02) 1219671 Memory is given free which was never allocated before. (from 103612-01) 1235867 line buffered stdio loses data and/or hangs in 2.5 (from 103615-04) 1258916 nis_cachemgr causing other many processes to hang in semop (from 103615-03) 1213016 User looses access to secondary groups if nisplus root master is not up (from 103615-02) 1234630 Client side RPC handle caching and server side fd leaks needs a general solution (from 103615-01) 1244872 nis_cachemgr can deadlock when servers are unavailable 1242395 NIS+ TTLs for objects not correct on 2.4 slave replicas and 2.3 slave/clients. (from 103654-01) 1246630 nisd can potentially hang if it gets a SIGCHLD/SIGHUP on an established callback (from 104915-10) 4191053 dr attach does not see soc if soc+ is present on same board (from 104915-09) 4028250 DR memory detaches can cause system to hang waiting waiting for memory 4111714 drain gets to ~97% complete and then hangs 4128833 getting a hang on the drain process running drstress 4129429 system resources exhausted during board detach causing paniu 4135621 dr-detaches take between 6 minutes and 2,5 hours 4139521 Resource panic during complete_attach on domain xf3 running drstress 4169694 Unable to get memory drain info - stop drain 4171279 recursive mutex lock panic on the 103640-23 KU patch 4173946 patch to 2.5.1 dynamic reconfiguration needed for gem card (from 104915-08) 4090750 DR panics during detach when dr-max-mem set high (from 104915-07) 4120185 domain hangs by repeated DR detach on insufficient memory (from 104915-06) 4099466 "DR: driver (vge) not known to support DDI_DETACH" while trying to detach 4116141 DR panics machine with BAD TRAP (from 104915-05) 4084222 QFE driver "qfe" should be added to dr driver detach 4084225 QFE driver "qfe" should be added to hswp driver (from 104915-04) 4070324 Port Sunfire cpr driver fix of bugid 4066457 to Starfire hswp (from 104915-03) 4064256 DHPG UE10000 DR driver needs Photon support 4064893 Photon drivers (socal/sf/ses) must be added to DR safe lists (from 104915-02) 4031802 DR driver will panic if there is a mem-unit node but no memory on a board. (from 104915-01) 4053494 Extraneous cpu_pause call in the DR post memory attach logic. 4042415 DR detach of system board with tape device fails with I/O Error 4052382 Detach of a board with memory interleaving results into an Arbstop. 4051582 BAD TRAP Panic occurs when a board is attached. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- If possible, perform patch installation in single user mode. If this can not be done, we recommend having the system in as quiet a state as possible: no users logged on, no user jobs running. Reboot the system after patch installation. The bugfix to 4005653 introduced a new command described in the following manpages: nisopaccess(1) The following note refers to performance benefits relevant to the bugfix in 4005653 and the SUNWnisu package change: NOTE 1: In order to realize the performance benefits of the fix for bug 4005653 in this patch, the NIS+ server(s) must be running either Solaris 2.5.1 with patch 103785-02 (103786-02 for i386) or later, or must run Solaris 2.6 or later. Also, the new nisopaccess(1) command has been added to the SUNWnisu package. Please consult the man page MANPAGE_NISOPACCESS in this patch for more details. The bugfix to 4042372 introduced some changes in the following manpages: acltomode(3), aclfrommode(3) and setfacl(1) Files named MANPAGE_ACLTMODE, MANPAGE_ACLFROMMODE and MANPAGE_SETFACL shipped with this patch contain the deltas. NOTE 1: TO GET THE COMPLETE FIX FOR 4032974, ONE NEEDS TO INSTALL THE FOLLOWING PATCHES: 103934-04 (or newer) kernel/drv/isp patch 104735-01 (or newer) platform/sun4m/kernel/drv/sx patch (for sun4m machines only) 104736-01 (or newer) usr/bin/csh patch FAILURE TO INSTALL ALL THESE PATCHES WILL CAUSE THE SYSTEM TO HANG AFTER 248 DAYS. NOTE 2: TO GET THE COMPLETE FIX FOR 4027360 (system hangs during shutdown), ONE NEEDS TO INSTALL THE NAMEFS PATCH (103693-02). NOTE 3: THE FOLLOWING PATCHES FIX A LIMITATION WITH RESOURCE QUOTAS: 104736-03 (or newer) usr/bin/csh patch 105044-01 (or newer) usr/bin/renice patch 104259-04 (or newer) kernel/fs/tmpfs patch NOTE 4: TO GET THE COMPLETE FIX FOR 4042883 (setuid application generates core file), ONE NEEDS TO INSTALL THE PROCFS PATCH (104283-02). NOTE 5: For sun4m systems (ex. ss4/ss5/ss10/ss20) with more than five 32MB SIMMs, it is recommended to have 5 or less 32MB SIMMs prior to installing Solaris 2.5.1. After the Solaris installation, install this patch and then add back the rest of the 32MB SIMMs. This would prevent a fully configured sun4m system from having boot problems. NOTE 6: TO GET THE COMPLETE FIX FOR 4024599 (NFS problems on /vol with error message: (RPC: Can't encode arguments), ONE NEEDS TO INSTALL 104841-01 (or newer) usr/bin/vold patch NOTE 7: TO GET THE COMPLETE FIX FOR 4035845 (do_unmount can hang while an NFS server is down) and 4026118 (do_unmount hold vfslist mutex and then hangs on NFS GETATTR call), ONE NEEDS TO INSTALL 104055-02 (or newer) kernel/fs/autofs patch 104849-01 (or newer) kernel/fs/cachefs patch NOTE 8: Due to bugfixes 4026740, 4058892, 4058904 and 4059736 in 103640-14, it is recommended that one installs the following patches: 104283-03 (or newer) kernel/fs/procfs patch 105344-01 (or newer) usr/bin/gcore patch 105352-01 (or newer) kernel/exec/elfexec patch NOTE 9: To get the complete fix for 1237009 (users umask modifies ACL's of new files under default ACL's) and 4073684 (mkdir -p dir" and "mkdir dir" work differently in the presence of default ACLs), one should install 106038-01 (/usr/bin/\ mkdir patch) or newer. As a result of this change, the setfacl man page. Please refer to the following paragraph for details. ************************************************************ A directory may contain default ACL entries. If a file is created in a directory that contains default ACL entries, the newly created file will have permissions generated according to the intersection of the default ACL entries, and the permissions requested at creation time. The umask(1) will not be applied if the directory contains default ACL entries. if a default ACL is specified for a specific user (or users), the file will have a regular ACL created; otherwise, only the mode bits will be initialized according to the intersection described above. The default ACL should be thought of as the maximum discretionary access permissions that may be granted. ************************************************************* NOTE 10:To get the complete fix for bugid 4149227 (103612-41 causes ldd to throw out unresolved references in libdl.so.1), one also need to install the following patches: 103663-14 (or newer) libresolv patch 105732-02 (or newer) libxfn patch 103627-05 (or newer) linker patch NOTE 11: TO GET THE COMPLETE FIX FOR BUGID 4040423 (SS4000 WITH HME INTERFACE UNABLE TO BOOT WITH NSSWITCH SETTING USING DNS), ONE NEEDS TO INSTALL PATCH 103630-07 (OR NEWER). NOTE 12: TO GET THE COMPLETE FIX FOR BUGID FOR 1225430 (YPBIND CAN GET REQUESTS BEFORE IT IS READY FOR THEM), ONE ALSO NEEDS TO INSTALL THE YPBIND PATCH (105165-01 or newer). NOTE 13: TO GET THE COMPLETE FIX FOR BUGID FOR 4080264 (YPBIND.PID FILE NOT CREATED FOR DISKLESS CLIENTS), ONE ALSO NEEDS TO INSTALL THE YPBIND PATCH (105165-02 or newer). NOTE 14: If you are installing this patch to fix the "non-root NIS+ server not living in domain it serves" problem, you will also need to install the chkey/keylogin patch (104968-02 or newer). Instructions on how to set up the non-root NIS+ server to live in the domain it serves: Setting up an existing non-root NIS+ server: 1. Install this patch on the non-root NIS+ server. 2. Change the /etc/defaultdomain on the server to the domain it serves. 3. Reboot the server. Setting up a new non-root NIS+ server: 1. Set up the server as described in the NIS+ docs. 2. Install this patch on this new NIS+ server. 3. Change the /etc/defaultdomain on the server to the domain it serves. 4. Reboot the server. NOTE 15: TO GET THE COMPLETE FIX FOR BUGID FOR 4085394 (TCP connections to rpcbind remain established if client is halted), ONE ALSO NEEDS TO INSTALL THE RPCBIND PATCH (104331-07 or newer).