Patch-ID# 101798-01
Keywords: hung, diskless clients
Synopsis: Trusted Solaris 1.1: Diskless clients hang due to invalid label in contool
Date: Nov/07/94

Solaris Release: Trusted_Solaris_1.1

SunOS Release: 

Unbundled Product: 

Unbundled Release: 

Relevant Architectures: sparc
    NOTE: sun4 sun4c sun4m

BugId's fixed with this patch: 1160296

Changes incorporated in this version: 

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

   README
   sun4m/OBJ/cons.o
   sun4c/OBJ/cons.o
   sun4/OBJ/cons.o

Problem Description: 

   After user logs out from a diskless client and leaves the diskless
   client idle overnight, when user logs in next morning, the following
   tools do not display: the contool and mailtool.  (Sometimes the
   clock does not display.) One can still ping and rlogin to the client
   from the server.

   After about half an hour, the client screen repeatedly gets the
   message "NFS server not responding" and at this point, the client
   hangs.  The client does not respond to ping and one cannot rlogin to
   the client.


Patch Installation Instructions: 

NOTE: This patch does not apply to SunOS 4.1.1, 4.1.2, 4.1.3, 
      or to SunOS CMW 1.0 systems.

CAUTION: Do all the steps in single-user mode.

NOTE:  For more about reconfiguring the kernel, refer to the System and
       Network Administration Manual for SunOS 4.1, Chapter 9,
       "Reconfiguring the System Kernel."

1.    These instructions assume you have copied the patch files to a
      temporary directory, such as /tmp. Because customers obtain patches
      from different sources, these instructions do not attempt to cover
      all possibilities. To give one example, if this patch is on a tar
      tape inserted in st0, you would do this:

   	# cd /tmp
   	# tar xvf /dev/rst0 
 
2.    Check the labels on each of the object files to ensure that they
      are at SYSTEM_LOW[SYSTEM_LOW]. If not, use getlabel to change the
      label.  For example,

	# cd /tmp/sun4[c|m]/OBJ
	# getlabel cons.o

      And, if necessary:

	# setlabel SYSTEM_LOW[SYSTEM_LOW] cons.o
   
3.    Halt the diskless client server:

   	# /etc/halt

4.    Go to the OBJ directory for the server's architecture:

  	 # cd /usr/kvm/sys/`arch -k`/OBJ

5.    Save the existing version of cons.o. For example:

   	# cp cons.o cons.o.orig

6.    Copy the new object module into the OBJ directory from the temporary
      directory using the object with the correct architecture.  For example:

 	  # cp /tmp/sun4m/OBJ/cons.o .

7.    Build and install the new kernel, carefully following substeps 7a
      through 7d:

7a.   Choose a name for your configuration of the system; for example, 
      PATCHED.

7b.   Create the configuration file by making a copy of GENERIC
      or of an already-customized configuration file and change the
      mode.

      	# cp GENERIC PATCHED; chmod +w PATCHED

7c.   Run config on the new file:
        
	# /etc/config PATCHED
        
      (The directory ../PATCHED will be made if it doesn't exist, and
      a "make depend" will be done unless you specify a "-n" flag.)

7d.   Make the new system:
    
	# cd ../PATCHED
        # make

8.    Save the original kernel, install the new one in /vmunix, and
      try it out:
    
	# mv /vmunix /vmunix.orig
        # cp vmunix /vmunix
    	# /etc/halt
        ok  boot 

      If it works, go to step 9.

9.    If the system does not work, halt the server, reboot from the
      original kernel, restore the original kernel, and then rebuild
      the new kernel:

        # /etc/halt
        ok  boot vmunix.orig -s
        #  mv /vmunix.orig /vmunix
	ok boot 

      Start again with step 1 above to rebuild the kernel.

10.    Return the server to single-user mode, and remake the 
      trusted networking token database:

        # /etc/halt
        ok  boot -s
   	# mkdb /etc/security/TNETDB 4096 80

11.   Synchronize the server's tcb_dynamic database:

   	# sync_ctab /etc/security/tcb_dynamic -o /etc/security/TNETDB

12.   Configure the diskless clients.

      For diskless clients with the same architecture as the
      server, go to step 13.
 
      When any diskless clients do not have the same architecture as the
      server, do step 14.

13.   For each client with the same kernel architecture as the server, copy
      the new /vmunix into the /export/root/<clientname> directory
      following substeps 13a through 13e.

13a.  Go to the client's root directory:

    	# cd /export/root/<clientname>
  
13b.  Back up the current vmunix file:

    	# cp vmunix vmunix.orig

13c.  Copy the server's /vmunix to the current directory:

    	# cp /vmunix vmunix

13d.  Reinitialize the client's trusted networking token database:

   	# mkdb /export/root/<clientname>/etc/security/TNETDB 4096 80

13e.  Synchronize the client's tcb_dynamic database:
  
   	# sync_ctab /etc/security/tcb_dynamic -c <clientname> -o /etc/security/TNETDB

14.   For any diskless clients that do not have the same architecture
      as the server, before you build the new kernel for each
      architecture, make a copy of the cons.o object file and copy the
      patched file into the appropriate OBJ directory for that
      architecture, under:

    /export/exec/kvm/sun[4,4c,4m].trusted_solaris.1.1/sys/sun[4,4c,4m]/OBJ
     
      as described in substeps 14a through 14g.

14a.  Go to the appropriate OBJ directory and make a copy of the object file.
      For example, for a sun4c:

	# cd /export/exec/kvm/sun4c.trusted_solaris.1.1/sys/sun4c/OBJ
	# cp cons.o cons.o.orig

14b.  Copy the patched cons.o object file from the temporary directory
      into the appropriate OBJ directory.  For example:
 
        # cp /tmp/sun4c/OBJ/cons.o . 

14c.  Follow Method 2 on page 244 of the SunOS 4.1 System and Network
      Administration Manual, in the section titled "Procedure for
      Reconfiguring the Kernel," to create a new kernel for the
      appropriate architecture.

14d.  Copy the new kernel to all clients with the same architecture.

14e.  Reinitialize each client's trusted networking token database:

   	# mkdb /export/root/<clientname>/etc/security/TNETDB 4096 80

14f.  Synchronize each client's tcb_dynamic database:
  
   	# sync_ctab /etc/security/tcb_dynamic -c <clientname> -o /etc/security/TNETDB

14g.  Repeat steps 14a through 14f for each architecture.

