OBSOLETE Patch-ID# 117351-61


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security kernel drv pm framebuffer openboot debugging bufsize procfs wscons wcvnget vnode rwsconsvp specfs fopen unix98 i_str ioctl mutex_enter deadlock sfmmu ufs directories ufs_dirlook() dirblksiz quota ufs_log.h ufs_trans.h ufs_log panic
Synopsis: Obsoleted by: 117351-62 SunOS 5.8_x86: kernel patch
Date: Mar/09/2009


Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reconfigure reboot is performed. Unless otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reconfigure reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 8_x86

SunOS Release: 5.8_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 117350

Topic: SunOS 5.8_x86: kernel patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
110138914862021
401304314926592
402567514930544
402813714931452
422321414984179
427265914999623
427266714999626
429300515007254
431695215016684
432264515019015
432276615019091
432436115019744
433989715026405
435383215032078
436775115037141
436853515037422
438066715041660
440191715048721
440227015048863
442130515054992
442345315055672
444565615060618
452093415085284
452553315086761
452758215087358
458761715090256
458785915090344
461432915091011
462019515092379
462430915093457
463073415095188
464331215098203
464333915098214
464891715099457
465274615100282
471592715115168
472335115117044
474564815123292
475714015126720
478869215136434
479033215136874
479796715139493
480259415141226
480264615141243
480314815141426
481707915145912
482228715147612
483062815150142
483386015151143
484961015155981
485397115157227
486095515159334
486097615159342
486194515159496
486585615160631
487879515164264
487880215164268
488770015166823
488918715167344
489366615168661
489401515168762
489436115168898
489447715168939
491407915174699
492764715178425
493603015180730
494143115182057
494249215182277
494403915182649
494645915183262
494650415183271
494668615183303
494797015183671
495338215185167
495396615185349
495743415186336
495831315186607
495963715186999
495989915187075
496903815189637
497455715191123
497978715192561
498110815192867
499442215196578
499803015197647
500376015198422
500430515198574
501668415202345
501714815202495
502421715204147
502650215204845
502839815205449
503037715206043
503147015206365
503519815207603
504448615210442
505068615212126
505405215213077
505925415214309
505992015214481
506238715215149
506505115215919
507027015217454
508450315222171
508628415222750
510380515228092
510680315229092
617609615231135
619890615237834
620533715239924
620673215240467
620889615241209
621000115241610
621068115241869
621088115241951
622975415249574
625946715261586
626692115264473
627286515266763
627865015269016
628596015271802
629446415275276
629722715276353
632217915286433
632474515287308
632959315289189
633076515289578
633994215293345
634360415294827
634669815296216
635036315297903
635058715297996
635109215298215
635179315298509
635804715300846
636136015302123
638411415312170
639517815317318
640273715320941
642865815331775
643046115332445
645049415340903
645138015341346
646205315346610
646440815347703
646614915348457
647219215351262
647694515353332
648286115356069
651007515370348
652982215381452
660936015426178
666184415457229
667027115462135
668710415472020
668710515472021
668710815472024
669607215477101
674827515508380
674877215508654


Changes incorporated in this version: 6687104 6687105 6687108

Patches accumulated and obsoleted by this patch: 111268-02 111589-06 116898-01 116902-02 116951-15 116954-04 116976-05 123704-01

Patches which conflict with this patch:

Patches required with this patch: 108529-29 108994-67 110911-03 117001-05 (or greater)

Obsoleted by:

Files included with this patch:

/kernel/drv/log
/kernel/drv/ptc
/kernel/drv/wc
/kernel/fs/procfs
/kernel/fs/specfs
/kernel/fs/ufs
/kernel/genunix
/kernel/mach/pcplusmp
/kernel/misc/ufs_log
/kernel/sys/doorfs
/kernel/sys/kaio
/platform/i86pc/kadb
/platform/i86pc/kernel/mmu/mmu32
/platform/i86pc/kernel/mmu/mmu36
/platform/i86pc/kernel/unix
/usr/include/sys/aio_impl.h
/usr/include/sys/archsystm.h
/usr/include/sys/autoconf.h
/usr/include/sys/callb.h
/usr/include/sys/conf.h
/usr/include/sys/door_data.h
/usr/include/sys/epm.h
/usr/include/sys/fs/snode.h
/usr/include/sys/fs/ufs_fs.h
/usr/include/sys/fs/ufs_inode.h
/usr/include/sys/fs/ufs_log.h
/usr/include/sys/fs/ufs_trans.h
/usr/include/sys/log.h
/usr/include/sys/pit.h
/usr/include/sys/proc.h
/usr/include/sys/session.h
/usr/include/sys/stream.h
/usr/include/sys/strsubr.h
/usr/include/sys/strtty.h
/usr/include/sys/sunddi.h
/usr/include/sys/systm.h
/usr/include/sys/termios.h
/usr/include/sys/uadmin.h
/usr/include/sys/x86_archext.h
/usr/include/vm/anon.h
/usr/include/vm/hat.h
/usr/include/vm/page.h
/usr/include/vm/seg_map.h
/usr/kernel/drv/pm
/usr/kernel/drv/ptm
/usr/lib/adb/smap
/usr/lib/adb/ufsvfs
/usr/lib/fs/ufs/quota
/usr/lib/mdb/kvm/genunix.so
/usr/platform/i86pc/include/sys/clock.h
/usr/platform/i86pc/include/sys/psm_types.h
/usr/platform/i86pc/include/sys/smp_impldefs.h

Problem Description:

6687104 door servers can deadlock in handling arguments
6687105 door_call watchpoint problems
6687108 race in transfer of control from a caller to the server
 
(from 117351-60)
 
4322766 error with ptcioctl
6748275 panic in ufs_acl_access due to a race between clearing an ACL and ufs_iaccess()
 
(from 117351-59)
 
6451380 ufs_fiolfs() can race with a forcibly unmount
6748772 vulnerability in AIO syscall requests
 
(from 117351-58)
 
6609360 drain_syncq can loop in case a stream is being closed (QWCLOSE)
6670271 UFS: mount/umount loop resulted in FS inconsistency
 
(from 117351-57)
 
6482861 clock thread hung causing deadman panic
 
(from 117351-56)
 
4339897 system hangs in ufs_check_lockfs()
4889187 ufs_quiesce()/ufs_readdir()/ufs_create() in a 3-way deadlock
6430461 ufs_quiesce() involved in a 4-way deadlock
6510075 ufs_read/ufs_map/pagefault can deadlock when there is a pending ufs_quiesce
6529822 syncq gets stuck and network performance degradation occurs intermittently
6661844 panic from failed assertion in vm_machdep.c at line 735
6696072 logic error in user-level lock system call
 
(from 117351-55)
 
6450494 LWPs not in the TS scheduling class can lose signals
 
(from 117351-54)
 
6343604 specfs race: multiple "last-close" of the same device
6402737 IP spends too much time identifying bad remote host when under SYN attack
 
(from 117351-53)
 
6384114 S8 UFS: vfs_rename_lock should synchronize mkdir, rmdir as well as rename
 
(from 117351-52)
 
4822287 On Sun Ray servers, dotoprocs holds pidlock for inordinate amount of time
6428658 dotoprocs missing sanity checks leading to system panic
 
(from 117351-51)
 
6472192 panic in cv_wait when exiting a process
 
(from 117351-50)
 
6351793 sfmmu_mlist_enter recursive mutex_enter
6358047 sfmmu_mlist_enter() and hrm_init() deadlock
 
(from 117351-49)
 
4894015 TIOCSSID and realloctty() will probably panic if used
6297227 deadlock between qdrain_syncq and removeq
6322179 strfreectty() passed a stream that was not yet a ctty
6466149 long ph_mutex[] holdtimes in page_hashout() mediated by vph_mutex holds in vpn_vplist_dirty
 
(from 117351-48)
 
6351092 race for t_ctx in removectx() can lead to panic
 
(from 117351-47)
 
4322645 gettimeofday() not behaving as manpage suggests
4790332 poll does not validate arguments passed - leading to assertion failure/panic
 
(from 117351-46)
 
4624309 date stamp on /var/adm/messages is wrong
6464408 timestamp on /var/adm/messages is wrong after 248 days
 
(from 117351-45)
 
6476945 system unable to reboot properly after proftp ftp session
 
(from 117351-44)
 
        This revision was generated to maintain the same patch revision number
        as its counterpart sparc patch. No new bug fixes are included.
 
(from 117351-43)
 
4620195 potential race in umount2()
 
(from 117351-42)
 
        This revision was generated to maintain the same patch revision number
        as its counterpart sparc patch. No new bug fixes are included.
 
(from 117351-41)
 
6462053 fix for 6272865 in s8/s9 KU regresses 6329593 (dbx hang) if procfs patch not installed
 
(from 117351-40)
 
6272865 race condition between SIGKILL and /proc PCAGENT
6329593 pr_wait_die() can hang while waiting for SIGKILL to be processed
 
(from 117351-39)
 
6346698 race condition while customer is running latest Solaris 8 cpc driver
 
(from 117351-38)
 
6266921 /dev/conslog should be clonable
 
(from 117351-37)
 
4028137 serial line hangs and gets "link down" message
4527582 need Solaris DDI function to determine if thread is in proc_exit
4947970 possible clock thread deadlock
5084503 deadlock between pause_cpus() and mutex_vector_enter()
 
(from 117351-36)
 
6278650 race on siron_pending leads to hang
 
(from 117351-35)
 
4402270 CPUSTAT tool prints incorrect values for TICK register on SunBlade 1000
4401917 cpustat and cputrack print negative tick values
6395178 fix 'wx hdrchk' error for cpc_ultra.h in Solaris 8
 
(from 117351-34)
 
6229754 segspt_reclaim() panics system because pplist is NULL
 
(from 117351-33)
 
4324361 onerror=umount on shared file systems will panic system soon after error
4942492 ufs_vget() forcibly umounts check broken
4969038 system panics after forceful unmount of FS
6206732 swap thread hangs in anon_array_enter while holding p_lock
6350363 anon_array_try_enter needs to initialize sobj->sync_cv
6330765 procfs pagedata can panic machine
6324745 vmem memory leak in procfs PAGEDATA subsystem
6339942 popen(3C) still isn't MT-safe
6361360 race condition in cfork()
 
(from 117351-32)
 
6294464 machine hung with threads spinning in thread_lock() on CPU dispatch lock that never gets released
 
(from 117351-31)
 
4745648 cluster node panics because mdboot takes too much time
5031470 doors don't like being both server and client (race in door_call/door_results)
 
(from 117351-30)
 
6285960 qnextless not checked while multiplexing
 
(from 117351-29)
 
        This revision is to maintain the same patch revision number as its
        counterpart sparc architecture patch.  No new bug fixes are included.
 
(from 117351-28)
 
4715927 smd_free[] is woefully undersized, suffers from false sharing
 
(from 117351-27)
 
        This revision is to maintain the same patch revision number as its
        counterpart sparc architecture patch.  No new bug fixes are included.
 
(from 117351-26)
 
6210881 when there is memory pressure, dnlc not setting dca_dircache to DC_RET_LOW_MEM
 
(from 117351-25)
 
        This revision is to maintain the same patch revision number as its
        counterpart sparc architecture patch.  No new bug fixes are included.
 
(from 117351-24)
 
4887700 specfs snode can have reference to a deleted dip
 
(from 117351-23)
 
        This revision is to maintain the same patch revision number as its
        counterpart sparc architecture patch.  No new bug fixes are included.
 
(from 117351-22)
 
        This revision is to maintain the same patch revision number as its
        counterpart sparc architecture patch.  No new bug fixes are included.
 
(from 117351-21)
 
4946504 process receiving STREAMS messages out of sequence
5103805 cpu_dontsteal shouldn't protect migrating threads
4946686 cpu_dontsteal should only protect curthread
4979787 disp_anywork shouldn't be tempted by bound threads
 
(from 117351-20)
 
        This revision is to maintain the same patch revision number as its
        counterpart sparc architecture patch.  No new bug fixes are included.
 
(from 117351-19)
 
4994422 WARNING: Time of Day clock error: reason [Jumped by 0x79]
5062387 Virtual TOD on serengeti doesn't call tod_validate()
5065051 current fix for bugid 4850672 isn't enough
6198906 page retire can cause large pages to be lost and DR to hang
 
(from 117351-18)
 
6210001 system panics in aio_cleanup_exit routine while running ismstress with DR
 
(from 117351-17)
 
4941431 aio race condition leads to hang
5059920 idle loop not scalable on large systems
4802594 idle loop degrades IO performance on large psets
5054052 disp_getwork() is greedy and negatively impacts dispatch latency
5086284 pm scan should not be run from timeout
 
(from 117351-16)
 
4865856 race condition over q_ptr between udp module and kernel
5026502 intense UFS dir activity results in duplicated entries & rename() failures
5050686 Solaris mutexes should be made more efficient under contention
 
(from 117351-15)
 
        This revision is to maintain the same patch revision number as its
        counterpart sparc architecture patch.  No new bug fixes are included.
 
(from 117351-14)
 
4293005 spurious call to as_pageunlock()
 
(from 117351-13)
 
4643339 IP service is exclusive, causing severe performance problems
5035198 fcntl file locking does not honor sleeping writer policy
 
(from 117351-12)
 
4525533 putnext() may limit stack usage
4643312 interim performance improvements needed in fsflushd
4849610 pages with 0 translations should be freed more aggressively
4953382 creating large files in /tmp produces I/O storm to swap device
4958313 panic: pp->p_vnode == NULL    !IS_VMODSORT(pp->p_vnode)    !hat_ismod(pp)
4802646 assertion failed: (vp->v_flag & VISSWAP) == 0,  ...fsflush.c, line 248
4927647 pty loses last output before close/exit
4981108 system panics while unmounting lofs
 
(from 117351-11)
 
4830628 MP x86 platforms show load average of 0.3 or greater on idle system
4272659 non-Intel CPU features not properly detected
4272667 minor optimizations in x86 locore
4367751 psrinfo -v reports about 10% error on machine with two Pentium III 933MHz CPUs
4380667 psrinfo: improper CPU type identification and speed indication (AMD)
4421305 drv_usecwait inaccurate and inconsistent on x86
4423453 PIT incorrectly programmed virtually everywhere
4630734 drv_usecwait not accurate when CPU frequency changes
4861945 cyclics should use local APIC timers on x86
4894477 need gethrtime_unscaled that really works for x86
4853971 gettimeofday and gethrtime don't always completely agree on Intel
4953966 frequency of programmable interrupt timer (PIT) hard-coded to wrong value
4974557 fix to 4630734 causes ddivs timing test to fail on x86
5059254 panic: dispatcher invoked from high-level interrupt handler
5070270 gettimeofday can return negative tv_usec
4878802 apic_addspl() might return without enabling interrupt
 
(from 117351-10)
 
        This revision is to maintain the same patch revision number as its
        counterpart sparc architecture patch.  No new bug fixes are included.
 
(from 117351-09)
 
4025675 can't set variable that begins with underscore in /etc/system
5017148 t_lockp/t_disp_queue pointing to CPU Y when thread is TS_ONPROC on CPU X
 
(from 117351-08)
 
4944039 system panics with decr_upcount-off the end
 
(from 117351-07)
 
        This revision is to maintain the same patch revision number as its
        counterpart sparc architecture patch.  No new bug fixes are included.
 
(from 117351-06)
 
        This revision is to maintain the same patch revision number as its
        counterpart sparc architecture patch.  No new bug fixes are included.
 
(from 117351-05)
 
4946459 unable to release memory during DR operation
4959637 deadlock between devmap_ctxto thread and devmap_ctx_rele thread
 
(from 117351-04)
 
4860976 large memory causes overflow of bfreelist->b_bufsize
 
(from 117351-03)
 
4860955 page removal causes good page to be removed after DR operation
4893666 page_retire does not update retired page list in some cases
 
(from 117351-02)
 
4817079 open/close of /dev/log leaks kernel memory
4833860 unsetting of TP_STOPPING can result in hung process
 
(from 117351-01)
 
4788692 pm_power_has_changed should not take power lock
 
(from 116898-01)
 
4914079 CDE freezes with framebuffer power management if OpenBoot debugging enabled
 
(from 116902-02)
 
4941431 aio race condition leads to hang
 
(from 116902-01)
 
4520934 large file POSIX aio breaks when 32-bit app runs on 64-bit kernel
 
(from 123704-01)
 
6272865 race condition between SIGKILL and /proc PCAGENT
6329593 pr_wait_die() can hang while waiting for SIGKILL to be processed
 
(from 111589-06)
 
5030377 smark turns up as bottleneck in /dev/urandom microbenchmark
 
(from 111589-05)
 
4878795 unable to hotplug PCI SCSI card if other card is busy
 
(from 111589-04)
 
4587859 I_STR ioctl payloads improperly validated
 
(from 111589-03)
 
4614329 console output stops, which will stop other processes later
 
(from 111589-02)
 
4223214 system hangs on reboot if afb is console on MP systems
 
(from 111589-01)
 
4013043 wscons's wcvnget() may return null vnode pointer for sun4u_10000
 
(from 111268-02)
 
4445656 UNIX98: fopen() calls on unused major/minor device numbers causes panic
 
(from 111268-01)
 
1101389 open/close races for char and block devices
 
(from 116951-15)
 
4587617 system deadlocks on using snapshot of logging-enabled UFS fs
5044486 deadlock between log roll thread and snapshot taskq thread
 
(from 116951-14)
 
        This revision addresses issues caused by bugfix 6384114 which was
        introduced in rev13.
 
(from 116951-13)
 
4959899 UFS: ufs_iinactive incorrectly places inodes on idle queue
(removed) 6384114 S8 UFS: vfs_rename_lock should serialize mkdir as well as rename
 
(from 116951-12)
 
4652746 race between UFS forced umount and UFS idle thread
 
(from 116951-11)
 
4894361 UFS panics with "Deadlock: cycle in blocking chain"
 
(from 116951-10)
 
4316952 ufs_fault_v should not attempt to queue more then 1 handler for failure event
6350587 threads blocked in cv_wait_sig after "forced" unmount on error never woken up
 
(from 116951-09)
 
6208896 ufs_dirlook panics with BAD TRAP on bogus fbp->fb_addr
 
(from 116951-08)
 
4324361 onerror=umount on shared file systems will panic system soon after error
4942492 ufs_vget() forcibly umount check broken
 
(from 116951-07)
 
5106803 deadlock panic between ufs_thread_reclaim and lufs_disable
6205337 executing quotaoff on live FS panics system
 
(from 116951-06)
 
4368535 logging UFS asked to umount bad disk then panicked when unmounted
 
(from 116951-05)
 
4936030 incorrect lock-ordering in ufs_setsecattr() causes deadlock with UFS logging
 
(from 116951-04)
 
4723351 UFS: file link count is 0
4353832 fsck gives up too easily
5003760 setquota() does NOT update dquot when it is on cache list
5024217 quotactl() in quota(1M) gives up on first filesystem with no 'quotas' file
 
(from 116951-03)
 
4998030 umount doesn't complete due to infinite loop in ufs_idle_drain
5004305 UFS bmap functions may determine level of indirection incorrectly
 
(from 116951-02)
 
4648917 certain TOP-level VOP's not recognized by lockfs protocol
4757140 file pages can become unusable
 
(from 116951-01)
 
4803148 UFS has issues reading its own directories
 
(from 116954-04)
 
4587617 system deadlocks on using snapshot of logging-enabled UFS fs
5044486 deadlock between log roll thread and snapshot taskq thread
 
(from 116954-03)
 
5106803 deadlock panic between ufs_thread_reclaim and lufs_disable
 
(from 116954-02)
 
5016684 panic: free: freeing free frag, dev:0x2000000018, blk:34605, cg:26, ino:148071
4957434 UFS log logscan failed with deflog ufs/ufs_log merged module
 
(from 116954-01)
 
4797967 panic in top_begin_sync() during/after umounting
 
(from 116976-05)
 
        This revision addresses issues caused by attempt to fix CR 6384114.
 
(from 116976-04)
 
6351092 race for t_ctx in removectx() can lead to panic
 
(from 116976-03)
 
6176096 issues with IP fragment handling
6210681 null pointer in ill_frag_free_pkts
6259467 ill_frag_prune() can be invoked with negative number as second argument
 
(from 116976-02)
 
4715927 smd_free[] is woefully undersized, suffers from false sharing
 
(from 116976-01)
 
5028398 system panics on exit from OS after arriving at prom-level


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' scripts provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  To get the complete fix for bugid 4643339 (IP service is exclusive,
         causing severe performance problems), please also install the
         following patch:
 
         116966-05 (or greater)  ip/arp/tcp/udp patch
 
NOTE 2:  To get the complete fix for bugid 4028137 (serial line hangs and gets
         "link down" message), please also install the following patch:
 
         109459-04 (or greater)  ldterm patch
 
         No other serial port drivers incorporate the fix for this bug
         in this OS release.
 
NOTE 3:  To get the complete fix for bugid 6272865 (race condition between
         SIGKILL and /proc PCAGENT) and 6329593 (pr_wait_die() can hang while
         waiting for SIGKILL to be processed), please also install the
         following patch:
 
         116960-15 (or greater)  nfs and rpcmod patch
 
NOTE 4:  To get the complete fix for bugid 6351092 (race for t_ctx in
         removectx() can lead to panic), please also install the following
         patches:
 
         126126-01 (or greater)  thread patch
         126132-01 (or greater)  crash patch
 
NOTE 5:  To get the complete fix for bugids 6322179 (strfreectty() passed a
         stream that was not yet a ctty) and 4894015 (TIOCSSID and realloctty()
         will probably panic if used), please also install the following patch:
 
         109026-08 (or greater)  truss patch
 
NOTE 6:  To get the complete fix for bugid 4587617 (system deadlocks on
         using a snapshot of a logging enabled UFS fs) and 5044486 (deadlock
         between log roll thread and snapshot taskq thread), please also
         install the following patch:
 
         110405-08 (or greater)  ufssnapshots support, fssnap patch
 
NOTE 7:  To get the complete fix for bugid 5028398 (system panics on exit from
         OS after arriving at the prom-level), please also install the
         following patch:
 
         109897-19 (or greater) USB and Audio Framework patch
 
NOTE 8:  To get the complete fix for bugids 6176096 (issues with IP fragment
         handling) 6210681 (null pointer in ill_frag_free_pkts) and 6259467
         (ill_frag_prune() can be invoked with a negative number as second
         argument), please also install the following patches:
 
         116966-25 (or greater)  ip/arp/tcp/udp/tun patch
         125803-01 (or greater)  Modular Debugger patch


README -- Last modified date: Saturday, November 10, 2012