Patch-ID# 103641-24 Keywords: security y2000 kernel ISM klmmod threads ufs nfs tlimod rpcmod NFS Synopsis: SunOS 5.5.1_x86: kernel patch Date: Oct/26/98 Solaris Release: 2.5.1_x86 SunOS Release: 5.5.1_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 103640 Xref: This patch available for PPC as patch 103642 Topic: SunOS 5.5.1_x86: kernel patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. BugId's fixed with this patch: 1168376 1182705 1196541 1199624 1215792 1223900 1225324 1227376 1227580 1232825 1233049 1233088 1233514 1234450 1234968 1237009 1237898 1238241 1238582 1239385 1240234 1241118 1241816 1242188 1242408 1244088 1244958 1245291 1245602 1246045 1247172 1247572 1248161 1248930 1250351 1250620 1250937 1251000 1251423 1251430 1251879 1253366 1253810 1255272 1256610 1258151 1258191 1258802 1259392 1259984 1260766 1260769 1260873 1260959 1260982 1262082 1262694 1262979 1263059 1263251 1263924 1264333 1264646 1265000 1265170 1265396 1265447 1265970 1266278 1266767 1267447 4004147 4004575 4005615 4007542 4007937 4009069 4010606 4011866 4015176 4015191 4015367 4015497 4015891 4016316 4016961 4017705 4017750 4017770 4019380 4022354 4022849 4024599 4024647 4025548 4026118 4026339 4026411 4026740 4026789 BugId's fixed with this patch: 4027360 4027442 4027493 4028339 4028676 4030151 4032761 4032974 4034003 4034585 4035012 4035167 4035202 4035845 4036063 4036589 4037755 4038653 4038854 4039365 4040036 4041518 4041542 4042883 4043953 4044980 4051082 4051590 4051899 4052812 4054308 4055201 4056222 4057135 4058892 4058904 4059736 4060416 4060451 4061967 4062572 4063668 4063932 4064495 4067569 4067641 4069641 4070968 4073684 4077343 4079241 4079302 4082436 4083720 4086905 4089644 4092407 4096789 4097082 4099656 4100047 4102420 4110026 4110785 4122408 4129188 4137387 4139462 4141709 4145354 4149227 Changes incorporated in this version: 4061967 4141709 Relevant Architectures: i386 Patches accumulated and obsoleted by this patch: 103592-09 103659-02 103921-05 103601-18 103610-02 Patches which conflict with this patch: iss_x86-01 (or newer) Patches required with this patch: Obsoleted by: Files included with this patch: /kernel/drv/mm /kernel/drv/sad /kernel/fs/nfs /kernel/fs/ufs /kernel/genunix /kernel/misc/klmmod /kernel/misc/klmops /kernel/misc/tlimod /kernel/strmod/rpcmod /kernel/sys/doorfs /kernel/sys/nfs /platform/i86pc/kernel/unix /usr/include/sys/class.h /usr/include/sys/conf.h /usr/include/sys/disp.h /usr/include/sys/fs/ufs_inode.h /usr/include/sys/fs/ufs_quota.h /usr/include/sys/fs/ufs_trans.h /usr/include/sys/proc.h /usr/include/sys/shareIIstubs.h /usr/lib/adb/mntinfo /usr/lib/adb/rnode /usr/lib/adb/ufsq /usr/lib/fs/ufs/fsck /usr/lib/libthread.so.1 /usr/lib/libthread_db.so.0 /usr/lib/libthread_db.so.1 Problem Description: 4141709 libthread deadlock between SIGALRM and SIGLWP 4061967 assertion failure in _disp() for cancellation test. (from 103641-23) 4149227 103612-41 causes ldd to throw out unresolved references in libdl.so.1 4102420 segv's and libthread panics when numerous pthread_cancel()'s are run 4028339 du and quotacheck are not in sync 4060416 write(2) i_contents race can show stale data via mmap()'ed file 1238241 data fault when calling ufs_acl_setattr with ufs_acl 0 in inode 4129188 UFS should do more file type checking for reads, writes, and mounts 4139462 system clock thread went to sleep trying to grab a process lock (from 103641-22) 4145354 Ultra 1 panic in -- segkp_fault: accessing redzone 4137387 entryoffsetinblock in ufs_dirlook is not initialized, can cause alignment panic 4110785 nfs/dnlc problems with nfs3lookup & unlink (from 103641-21) 4122408 Backup performance with Netbackup 3.0 is far below expectations. 4110026 Solaris 2.5.1, sigwait() returns '-1' by SIGLWP when compile/link with '-lthread' 4096789 quota -v gives NOT STARTED output for time left column. 4092407 release of i_contents lock in ufs_si_load can lead to race 4086905 Interrupt flurry can cause a double fault 4063932 orphan lock problem caused by sigalrm/sigintr & large packet loss 4052812 Jumpstart finish script cannot unmount filesystems 4037755 getting portmap RPC for every NLM RPC 4035012 Panic: thread blocked on reader's lock in both nodes of a PDB cluster 1262979 inode cache consumes too much memory; system hangs 4026789 deadlock between i_contents lock and page_lock 4051899 ufs idle queue has no hysteresis control (from 103641-20) 4099656 httpd process hangs and can't be killed 1244958 soft hangs on Ultra2 when running combo test (from 103641-19) 4100047 fork1() never returns in a multithreaded application causing process to hang 4097082 _lwp_sigredirect() if called from a non-mt process panics kernel. 4067569 sol 2.5.1, ODS 4.x, ino_new and ufs_inode_cache grows under logging device 4041542 kRPC/COTS client thinks that it is getting large records 4034003 NFSv3 access() caching can kill performance 4010606 shared memory tests panic on s297_19 on sunfire 1251879 System deadlocks when in.telnetd blocks while holding muxifier mutex. 1237009 users umask modifies ACL's of new files under default ACL's 4073684 "mkdir -p dir" and "mkdir dir" work differently in the presence of default ACLs (from 103641-18) 1251879 System deadlocks when in.telnetd blocks while holding muxifier mutex. 1234968 System Panic, ufs_ifree: freeing free inode, mode= %o, ino = %d, fs = %s (from 103641-17) 4089644 getting "recursive mutex_enter" panic from lwpchan_lock 4083720 Mirrored volumes resync on reboot, even when shut down properly. 4079302 under 2.5.1 sigtimedwait() is not working properly 4070968 A synch object that spans pages can cause deadlock 1263924 fsck can sometimes lose a directory corruption fix 1168376 NIS+ servers should be allowed to be in the domain they serve. (from 103641-16) 4082436 fsck doesn't repair bad magic number cg 4079241 fsck got SIGSEGV trying fix a corrupted ufs filesystem. 4077343 sun4u systems incorrectly report "sync - giving up" while halting 4062572 syncing page gives up during shutdown (from 103641-15) 4070968 A synch object that spans pages can cause deadlock (from 103641-14) 4069641 panic in background(): mutex not owned by thread 4035202 system hangs with sched in an infinite loop 4026740 assert failure in segnf_gettype: seg->s_base == addr 4058892 as_getprot() needs to report real size of ISM segments 4058904 accessing addresses in ISM segments between "real" end and "segment" end loop 4059736 as_memory() does not dump ISM segments 4016961 Panic on cachefs over nfs backfstype on 2.6 beta. 1239385 threaded fp programs compiled with -fnonstd don't have fsr.ns bit set (from 103641-13) 4067641 Changing acl's on a UFS fs mounted readonly causes machine to panic 4044980 software trap #6 (ST_FIX_ALIGN) does not work in a threaded application 4043953 kernel randomly paniced with assertion failure in callout.c, line 345 4042883 setuid application generates core file 4040036 chmod g+w does not work when the object has a non-minimal ACL 4038653 nfs mount fails with fully qualified hostname > 32 char's 4030151 CE_WARN messages get wrapped sooner than 128 characters (from 103641-12) 4064495 data corruption workaround needed for some x86 MP machines 4057135 dumping kernel core can write beyond swap partition, corrupting disk data 4055201 mp: scdk: panic sync and/or dump hangs/succeeds with multi/single cpu 1225324 unknown: x86 hangs after fs sync on init0 and halt command (from 103641-11) 4060451 fix a limitation with resource quotas 4054308 failures in dispinit aren't reported or handled gracefully 4056222 sema_p_sig is broken 1263251 a data race exists in pthread_create 4041518 RFE: fix for sys hard hang during kernel coredumping, either intended or forced (from 103641-10) 4051590 ioctl I_NREAD returns wrong value when patch 103640-08 is applied 4027360 system hangs during shutdown 4026339 /usr/ucb/ps hangs while trying to get anonmap serial_lock in segvn_fault() 4017705 per uid process count not managed correctly w/fork(2) fails 4015367 Solaris 2.5 cannot handle crash dump bigger than 2GB 1233514 savecore does not save unix.0 on large memory (8GB) sunfire machines 4015176 crash dumping on small swap device is broken 4025548 estimate and print the size needed for full crash dump (from 103641-09) 4039365 x86 systems fail to sync file systems. 4038854 ALR Quad SMP P6 systems doesn't boot with 2GB RAM installed. 4036589 mt application hangs if last pthread_create is allowed to exit 4036063 security problem with writing core files 4028676 SS1000 crashes in flk_delete_active_lock 4027493 posix timer elapsed signals are not queued correctly 4022354 kill -9 can not kill application thread in cv_wait called from getandset() 1238582 privileged ifconfig ioctls by normal user succeed on sockets created as root (from 103641-08) 4035167 Need a new, private interface between JVM and libthread to get a thread's TOS 4034585 system fails "boot net" with bus error 4032974 system hangs when lbolt wraps around. 4026411 free_vp_pages() causes recursive mutex problem in 2.5.1. 1262082 2.5.1 sun4d hangs w/kernelmap fragmentation (from 103641-07) 4022849 2.5.1 kadb kernel panics with kernel heap corruption; appl hang; sys unusable 4016316 On 2.5.1 and 2.5.1 SHWP system goes into a state of soft hang. 4015891 user app and driver sharing kmem alloc memory get inconsistent mappings 4015497 Locking bug in I_NREAD ioctl handler. 4011866 panic: recursive mutex enter from thread intense application 4004575 High mutex hits, slow performance when c2auditing enabled 4004147 panics in segkp_load when the file command is run 1245291 Bug in libthread.so(cond_timedwait()) and libposix4.so(sigtimedwait) in 2.4,2.5 1239385 threaded fp programs compiled with -fnonstd don't have fsr.ns bit set 1182705 Signals may orphan locks on clients (from 103641-06) 1265970 2.5.1 server lockd backward compatibility problem with NLM V1lock requests When running locking programs with a 2.5/2.5.1 NFS server over a network, the process doing the lock on the client can hang indefinitely waiting for the lock to be granted on the server. 1265447 SYSTEM HANG, CLOCK THREAD IN MUTEX_ENTER WAITING FOR ANOTHER LOCK Multithreaded application may hang due to race condition during fork(). (from 103641-05) 1265396 Ctrl-C typed to dbx is sent to child debugee (not to dbx) when app uses sigwait 1233088 ioctl(PIOCPSINFO) is 100 times too slow on multi-threaded processes 1259392 System crash due to interrupt thread in cpu structure 4009069 2.5 TCP generates wrong checksum and never recovers from error (from 103641-04) 4007542 fix to the build problem where build generates strsubr.c compiler warning 1266767 F_GETLK returns incorrect value on 2.x if a lock is pending 1227580 cannot support high TCP connection rates: noncaput errors reported by the driver 1223900 alarm(2) doesn't work properly with large arguments (from 103641-03) 1264333 _lwp_suspend()/continue() interrupts blocking system calls 1262694 Solaris hangs due to memory leak in kmem_alloc-8, kmem_alloc_24 and kmem_alloc-40 1260766 Solaris 2.5.1 cannot handle kernel dumps bigger than 2GB 1247572 lkmgr ran into a BAD TRAP while running tpcb workload from 2 nodes 1199624 queuerun indirectly causes fork() call to hang (from 103641-02) 1260982 rwnext & infonext fix (waiting to enter inner perimeter) rwnext returns EGAIN which is causing a big applications to hang. 1260959 Streams information delayed 50-100 ms until dbri driver schedules it 1256610 strwrite fails to call queuerun on error path (a performance hit) (from 103641-01) 1251423 panic - recursive mutex_enter on lwplock 1248161 system crashes while doing oracle database build with use_ism on 1248930 a process that uses shared memory could leave behind stale pde entries (from 103659-02) This patch-rev now includes /kernel/misc/klmops, a module that was inadvertently dropped from the previous rev. (from 103659-01) 1251430 Solaris 2.5 system panicked with message "lm_get_sysid: too many lm_sysid's" (from 103921-05) 1258191 msgrcv was not interrupted by thr_suspend(SIGLWP). (from 103921-04) 1260769 MT application is dropping signal events when run on multi-processor systems (from 103921-03) 1247172 Threads losing signals when preempted (from 103921-02) 1241118 libthread panic in thr_join, handling of zombie threads seems to be broken (from 103921-01) 1255272 MT version of sigsetjmp() on x86 does not preserve %ebx, the GOT pointer 1263059 Child of a fork1() from an MT program may hang in fork1() due to LDT locking 1253366 threads deadlock occurs in delivering SIGIO (from 103592-09) 4051082 Short duration machine hangs after installation of ufs patch 1265170 .../cmd/fs.d/ufs/fsck/utilities.c will not handle 2000AD and beyond YY formats (from 103592-08) 1196541 ufs: root filesystem superblock not flushed on x86 (from 103592-07) 1265000 "panic: kernel heap corruption detected" while running TStrans (high/long) (from 103592-06) 1259984 Sun4d hangs during shutdown or halt (from 103592-05) 4017750 acl(..., SETACL, ...) panics when attempting to set default ACL on directory System panics when a default ACL is set for a directory without regular ACL entries. (from 103592-04) 1267447 deadlock when running quotactl on heavily loaded system (from 103592-03) 1215792 delayed availability of freed diskspace when UFS logging with ODS 4.0/3.0 1245602 Logging UFS is slower than UFS for local writes 1266278 freeing free xxx panic; indirtrunc tries to free the same block twice (from 103592-02) 1233049 System hangs when user stops thread writing to ODS logging device (from 103592-01) 1251000 missing brelse in 'freeing free *' fix-on-panic triggers, leaves bp locked 1250351 fsck mounted fs uses block rather than raw name, so error-lock state isn't fixed 1250620 fix-on-panic hard-locks trans. devices, when only error-lock is necessary 1244088 SS2000 is completely hanging under heavy I/O - Solaris 2.4 + 101945-36 1242188 hang waiting for rwlock with holdcnt of -1 but no owner 1227376 panic "Deadlock condition detected: cycle in blocking chain" (from 103601-18) 4063668 install_mu ld.so.1 error causes broken/incomplete install (from 103601-17) 4032761 nfs errors cause streams_msg_2648 to grow (from 103601-16) 1242408 nfs write error on invoking OW on diskless clients on Sol 2.5 (from 103601-15) 4035845 do_unmount can hang while an NFS server is down 4026118 do_unmount hold vfslist mutex and then hangs on NFS GETATTR call 4007937 Processes hang accessing files over NFS in clnt_tli_kcreate() (from 103601-14) 4024599 NFS problems on /vol with error message: (RPC: Can't encode arguments) (from 103601-13) 4005615 mounting from HP3000 takes too long because of repeated NFS_ACL retransmits (from 103601-12) 4032974 system hangs when lbolt wraps around. (from 103601-11) 4024647 chgrp does not work on NFS mounted filesystems (from 103601-10) 1258802 nfs v3 client gets confused about what cwd is after directory rename 1264646 directory caching incorrect for moving a directory 1246045 NFS/TCP client loops forever trying to bind an in use reserved port 4017770 The fix to bugid 1225408 doesn't work (1225408 sundiag hangs due to dead child process) (from 103601-09) 4027442 Complete the fix for 1234450 2.5 and 2.5.1 (from 103601-08) 4019380 other access to directory hangs while HSM on server restores file (from 103601-07) 4015191 nfs client leaves .nfs files on the server 1250937 NFS server can crash NFS client by sending bogus stat() data (from 103601-06) 1253810 rpcmod's mir_close() routine should not block waiting for flow control (from 103601-05) 1258151 nfs -o noac option does not work properly with novell nfs server (from 103601-04) 1260873 Kernel memory gets corrupted when sharing and unsharing secure NFS. (from 103601-03) 1234450 NFS (VOP_WRITE &c) returns EINTR when "intr" is not specified on the mount. (from 103601-02) 1241816 vi will fail with Stale NFS file handle if option nocto is set (from 103601-01) 1237898 nfs transfer hangs when transferring file > 8k from apollo (from 103610-02) 1240234 NFS server does not accept lock requests from a fujitsu client (from 103610-01) 1232825 RPC: Unable to send/receive Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- Reboot the system after patch installation. NOTE 1: TO GET THE COMPLETE FIX FOR 4032974 (system hangs when lbolt wraps around), ONE NEEDS TO INSTALL 104737-01 (or newer) usr/bin/csh patch FAILURE TO INSTALL ALL THIS PATCH WILL CAUSE THE SYSTEM TO HANG AFTER 248 DAYS. NOTE 2: TO GET THE COMPLETE FIX FOR 4027360 (system hangs during shutdown), ONE NEEDS TO INSTALL THE NAMEFS PATCH (103694-02 or newer). NOTE 3: THE FOLLOWING PATCHES FIX A LIMITATION WITH RESOURCE QUOTAS: 103613-30 (or newer) libc/libucb patch 104737-03 (or newer) usr/bin/csh patch 105045-01 (or newer) usr/bin/renice patch 104260-04 (or newer) kernel/fs/tmpfs patch NOTE 4: TO GET THE COMPLETE FIX FOR 4042883 (setuid application generates core file), ONE NEEDS TO INSTALL THE PROCFS PATCH (104284-02 or newer). NOTE 5: TO GET THE COMPLETE FIX FOR 4024599 (NFS problems on /vol with error message: (RPC: Can't encode arguments), ONE NEEDS TO INSTALL 104842-01 (or newer) usr/bin/vold patch NOTE 6: TO GET THE COMPLETE FIX FOR 4035845 (do_unmount can hang while an NFS server is down) and 4026118 (do_unmount hold vfslist mutex and then hangs on NFS GETATTR call), ONE NEEDS TO INSTALL 104056-02 (or newer) kernel/fs/autofs patch 104848-01 (or newer) kernel/fs/cachefs patch NOTE 7: Due to bugfixes 4026740, 4058892, 4058904 and 4059736 in 103641-14, it is recommended that one installs the following patches: 104284-03 (or newer) kernel/fs/procfs patch 105345-01 (or newer) usr/bin/gcore patch 105353-01 (or newer) kernel/exec/elfexec patch NOTE 8: To get the complete fix for 1237009 (users umask modifies ACL's of new files under default ACL's) and 4073684 (mkdir -p dir" and "mkdir dir" work differently in the presence of default ACLs), one should install 106039-01 (/usr/bin/\ mkdir patch) or newer. As a result of this change, the setfacl man page. Please refer to the following paragraph for details. ************************************************************ A directory may contain default ACL entries. If a file is created in a directory that contains default ACL entries, the newly created file will have permissions generated according to the intersection of the default ACL entries, and the permissions requested at creation time. The umask(1) will not be applied if the directory contains default ACL entries. if a default ACL is specified for a specific user (or users), the file will have a regular ACL created; otherwise, only the mode bits will be initialized according to the intersection described above. The default ACL should be thought of as the maximum discretionary access permissions that may be granted. ************************************************************* NOTE 9: TO GET THE COMPLETE FIX FOR BUGID FOR 4149227 (Synopsis: 103612-41 causes ldd to throw out unresolved references in libdl.so.1), ONE ALSO NEEDS TO INSTALL THE FOLLOWING PATCHES: 103664-14 (or newer) libresolv patch 103613-44 (or newer) libc/libnsl patch 105733-02 (or newer) libxfn patch 103628-05 (or newer) linker patch NOTE 10:To get the complete fix for bugid 4102420 (segv's and libthread panics when numerous pthread_cancel()'s are run), one also need to install 103613-44 (KU/ libthread patch), or newer.