Patch-ID# 109210-19 Keywords: security haget scconf in.mond pmfd netfmd libscutil ioctl metadb Synopsis: Sun Cluster 2.2: Framework/Comm Patch Date: Feb/13/2004 Install Requirements: Reboot immediately after patch is installed See Special Install Instructions Solaris Release: 8 SunOS Release: 5.8 Unbundled Product: Sun Cluster Unbundled Release: 2.2 Xref: This patch available for Solaris 2.6 as patch 109208 Topic: Sun Cluster 2.2: Framework/Comm Patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: sparc BugId's fixed with this patch: 4178378 4263339 4282453 4284605 4290688 4300411 4301827 4303180 4306566 4308555 4309231 4310728 4318821 4321549 4322304 4322768 4326020 4326276 4327771 4328429 4329393 4332371 4332623 4332805 4336343 4336987 4337526 4337710 4338298 4338421 4340713 4341392 4341710 4342779 4344745 4345179 4347759 4352785 4354950 4360206 4361737 4374233 4374729 4375480 4376993 4377174 4378376 4385636 4389568 4392328 4392955 4394811 4394844 4395651 4396396 4398062 4400242 4402020 4402834 4402862 4404221 4404223 4404234 4404710 4404807 4406121 4406137 4410141 4411476 4411673 4411704 4411713 4416013 4420949 4424033 4424535 4430034 4435348 4439011 4441339 4451302 4455717 4457562 4458575 4459943 4460398 4462141 4463552 4471591 4476883 4479907 4488409 4488497 4492230 4494429 4498123 4500204 4503644 4511610 4515052 4519229 4615970 4617794 4620244 4696933 4697409 4703143 4714159 4717331 4776229 4800074 4805121 4814827 4845607 4846406 Changes incorporated in this version: 4845607 Patches accumulated and obsoleted by this patch: 109213-06 109427-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/init.d/rootreserve /etc/opt/SUNWcluster/conf/in.mond-allowed-hosts /etc/opt/SUNWcluster/conf/in.mond-denied-hosts /etc/rc0.d/K60rootreserve /etc/rc2.d/S27rootreserve /etc/rc3.d/S21sc_get_sched_class /opt/SUNWcluster/bin/ccdadm /opt/SUNWcluster/bin/ccdctl /opt/SUNWcluster/bin/ccdd /opt/SUNWcluster/bin/ccdinstall /opt/SUNWcluster/bin/ccdmatch /opt/SUNWcluster/bin/clustd /opt/SUNWcluster/bin/confccdssa /opt/SUNWcluster/bin/dbms_upgrade_methods /opt/SUNWcluster/bin/ds_install_methods /opt/SUNWcluster/bin/ds_remove_methods /opt/SUNWcluster/bin/fdl_rshstatus /opt/SUNWcluster/bin/fdl_timesecs /opt/SUNWcluster/bin/finddevices /opt/SUNWcluster/bin/get_ha_status /opt/SUNWcluster/bin/haconfig /opt/SUNWcluster/bin/hactl /opt/SUNWcluster/bin/hactl_sync /opt/SUNWcluster/bin/haget /opt/SUNWcluster/bin/halockrun /opt/SUNWcluster/bin/hareg /opt/SUNWcluster/bin/hareg_sync /opt/SUNWcluster/bin/hastat /opt/SUNWcluster/bin/hastat_client /opt/SUNWcluster/bin/hatimerun /opt/SUNWcluster/bin/haupgrd /opt/SUNWcluster/bin/librcprsh /opt/SUNWcluster/bin/loghost_sync /opt/SUNWcluster/bin/lookuphost /opt/SUNWcluster/bin/mstate_sync /opt/SUNWcluster/bin/netfmd /opt/SUNWcluster/bin/nfs_fix_sharetab /opt/SUNWcluster/bin/nlck /opt/SUNWcluster/bin/pmfadm /opt/SUNWcluster/bin/reconf_ener /opt/SUNWcluster/bin/rpc.pmfd /opt/SUNWcluster/bin/scadmin /opt/SUNWcluster/bin/scccd /opt/SUNWcluster/bin/scconf /opt/SUNWcluster/bin/scdidadm /opt/SUNWcluster/bin/scinstall /opt/SUNWcluster/bin/scnfs /opt/SUNWcluster/bin/scssa /opt/SUNWcluster/bin/smond_conf /opt/SUNWcluster/bin/smond_ctl /opt/SUNWcluster/bin/snmpd /opt/SUNWcluster/bin/sparcv7/rpc.pmfd /opt/SUNWcluster/bin/sparcv9/rpc.pmfd /opt/SUNWcluster/etc/reconf/scripts/ccdreconfig /opt/SUNWcluster/etc/reconf/scripts/loghostreconfig /opt/SUNWcluster/etc/reconf/scripts/monreconfig /opt/SUNWcluster/etc/reconf/scripts/reconf_ener.disks /opt/SUNWcluster/ha/nfs/fdl_enum_probe_disks /opt/SUNWcluster/ha/nfs/filesystem_full /opt/SUNWcluster/ha/nfs/have_maj_util /opt/SUNWcluster/ha/nfs/majmddb /opt/SUNWcluster/ha/nfs/net_diagnose_comm /opt/SUNWcluster/ha/nfs/net_rpcprobe /opt/SUNWcluster/ha/nfs/nfs_check_my_lockd_statd /opt/SUNWcluster/ha/nfs/nfs_fm_start /opt/SUNWcluster/ha/nfs/nfs_just_umount /opt/SUNWcluster/ha/nfs/nfs_mon /opt/SUNWcluster/ha/nfs/nfs_mount /opt/SUNWcluster/ha/nfs/nfs_probe_loghost /opt/SUNWcluster/ha/nfs/renamefile /opt/SUNWcluster/ha/nfs/trynetdirlookup /opt/SUNWcluster/lib/isaexec /opt/SUNWcluster/lib/libccd.so.1 /opt/SUNWcluster/lib/libhads.so /opt/SUNWcluster/lib/libhads.so.1 /opt/SUNWcluster/lib/libscutil.so /opt/SUNWcluster/lib/libscutil.so.1 /opt/SUNWcluster/lib/sparcv9/libccd.so.1 /opt/SUNWcluster/lib/sparcv9/libhads.so /opt/SUNWcluster/lib/sparcv9/libhads.so.1 /opt/SUNWcluster/lib/sparcv9/libscutil.so /opt/SUNWcluster/lib/sparcv9/libscutil.so.1 /opt/SUNWpnm/bin/pnmd /opt/SUNWpnm/bin/pnminit /opt/SUNWpnm/bin/pnmptor /opt/SUNWpnm/bin/pnmrtop /opt/SUNWpnm/bin/pnmset /opt/SUNWpnm/bin/pnmstat /opt/SUNWpnm/bin/pnmsync /opt/SUNWpnm/man/man1m/pnmd.1m /opt/SUNWsma/bin/sm_config.pci /opt/SUNWsma/bin/sm_config.sbus /opt/SUNWsma/bin/sma_configd.pci /opt/SUNWsma/bin/sma_configd.sbus /opt/SUNWsma/bin/smactl /opt/SUNWsma/bin/smad /opt/SUNWsma/man/man1m/sma_configd.1m /platform/sun4d/kernel/drv/scid /platform/sun4u/kernel/drv/scid /platform/sun4u1/kernel/drv/scid /usr/kernel/drv/ff /usr/kernel/drv/sci_s25 /usr/kernel/drv/sparcv9/ff /usr/kernel/drv/sparcv9/sci_s25 /usr/sbin/sparcv7/in.mond /usr/sbin/sparcv9/in.mond Problem Description: 4845607 Several hactl commands at the same time can lead to unmastered logical host. (from 109210-18) 4800074 processes accessing vxvm volume as raw prevents failover 4814827 SBUS SCI direct connect cannot handle poweroff of one node. Backout of 4425415. (from 109210-17) 4846406 Patch 109210-16 fails to create /var/opt/SUNWcluster/run directory (from 109210-16) 4310728 clustd receiving incorrect packets from scid 4717331 ifconfig scid hang 4776229 when setting ulimit to UNLIMITED in root's .profile cluster 2.2 can't be started 4805121 Complete fix for 4318821 (from 109210-15) 4376993 scssa dumps core with 96 disks per controller 4430034 Public net not optimal on this node 4500204 Backport of 4298204 in SC 3.0 to SC 2.2 4696933 backport fix for 4298307 to SC2.2 4697409 Backport fix for bugid 4305774 to SC_2.2 4703143 Backport fix for bugid 4304052 to SC_2.2 4714159 Clustd consuming excessive CPU time with patch 109210-13 (from 109210-14) (removed) 4425415 SCI driver dropping packets 4503644 In cluster environment rpc.pmfd does not start process with fd limits > than 1024 4519229 scadmin startnode fails with 't_bind cannot bind to requested address' 4615970 ff_lbolt not set at boot for 5.7. Causing heartbeat loss, ff_panic for drive fail 4617794 Healthy cluster members abort due to a joining node having full filesystem 4620244 Sun Cluster does not support secure NFS with "portmon=1" set, no workaround (from 109210-13) 4392328 Inter-node communications for monitoring leave open security 4404223 nfs_mon is multi-threaded and calls MT-unsafe popen() & system() 4492230 clustd is multi-threaded and calls MT-unsafe popen() 4424033 pmfadm -l displays NO PID, and nametag for service 4460398 Memory leak in netfmd 4463552 node reset failed in E4500 3-node cluster configuration 4476883 hanfs failed with ID[SUNWcluster.fm.nfs.1500] Just exceeded HA_FM_NFS_LOCALRESTA 4488409 fdl_enum_probe_disks does not work/enum_disks.probe1.$$: No such file or direct 4488497 needless startcluster prevents correct stopnode 4494429 fdl_enum_probe_disks does not work/ 4498123 SC2.2: ID[SUNWcluster.scccd.add.4001]: row already exist - LOCKNODE lnode ... 4515052 cluster reconfig step10 timed out because of delay in reconfig script. (from 109210-12) 4511610 Fix for 4396396 needs to be backed out from Framework/Comm Patch. (from 109210-11) This patch revision was generated to also accumulate and obsolete patch 109213-06. 4441339 Cached IP-addr not cleared when ping fails 4361737 ping hang causes pnmd to hang forever 4471591 system hang during haswitch or scadmin stopnode 4458575 kill clustd on LH master node, gives error message with patch 109208-11 4457562 rsh get stuck when used to execute the command scadmin startnode 4451302 hastat displays incorrect status for oracle data service 4424535 race condition in popen_safe can cause client to lose file descriptors 4411713 Improve messages around logicalhost switching in SC 2.2 4411476 Disk groups can be imported on both nodes in a cluster 4410141 SNMP trap enterprise OID 4396396 Race condition between logicalhosts during switchover causing admin f/s errors 4318821 Security issue with Sun Cluster 4303180 Startnode abort with an error getnextline: fidescriptor is nil: CCD file: 0 (from 109210-10) 4462141 Complete fix for 4402020 - scinstall 4459943 Complete fix for 4402020 - loghost_sync, lookuphost (from 109210-09) 4435348 Improve resiliency of clustd, smad, and rpc.pmfd 4420949 SC2.2:switchover failed with message"Unable to release switchover lock." 4411673 Cannot start snmpd on Solaris 8 4406137 Sun Cluster SNMP Service files write to /tmp insecurely 4404710 Extended NFS fault monitoring leaves temporary files behind. / enum_disks_err.$$ 4404234 haapi commands are unnecessarily linked with libthread & call popen() & system() 4404221 netfmd is multi-threaded and calls MT-unsafe system() 4402020 Sun Cluster Framework scripts write to /tmp insecurely 4398062 Reconfiguration didn't success after a stop A 4394811 Inter-node communications for monitoring leaves open security 4341710 kmem_free in _fini done before mod_remove could cause kmem corruption 4329393 SC2.2 hads functions are not MT-safe because they call popen() & system() 4301827 scadmin stopnode on SC2.2 cluster node causes unknown network interface messages 4290688 Add an event logging facility to the failfast driver 4439011 There needs to be a 64-bit rpc.pmfd in Sun Cluster 2.2 on Solaris 7 & 8 (from 109210-08) 4416013 With SRM patches there is still a TS process while SRM is active (from 109210-07) 4411704 Changes made to HA-Oracle for bug/rti 4338298 should be backed out (from 109210-06) 4282453 logical host failover aborts due to vxfs umount failure 4309231 large rmtab can cause unwanted logical host failover 4402834 rpc.pmfd exited abnormally causing panic while explorer running 4341392 Sun Cluster 2.2 is not aware of Solaris Resource Manager 4385636 "Fatal: 10002, check condition" is displayed on quorum reservation 4375480 When node A is halted, sometime node B is not able to reserve quorum disk 4394844 pmfd dumps core, panics node 4402862 scnfs does not give unique result using grep 4338298 SC 2.2 has to support 64 bit data services (from 109210-05) 4395651 when call II sc.stop.sh, sds_release function didn't give any info messages 4337710 S27rootreserve is unable to resolve rootdisk when encaps and mirrored with VM 4392955 symbolic link libscutil.so is not removed after removing patch T109208-05 (from 109210-04) 4327771 SUNWdidx package is missing when upgrading from OS 2.6, SC2.2 to OS 8, SC2.2 4328429 ifconfig hme1:1 0.0.0.0 down when doing "scadmin stopnode" after upgrade 4332805 failed installing SUNWsccf package during upgrade from HA1.3, OS2.6 to SC2.2 OS8 4354950 Nodelocking on E10k Platforms fails to exclude Failure Fenced Node 4374729 RFE: stop Sun Cluster using system() 4389568 cluster complains about metaset -s with patch T109208-04 installed 4374233 BASEDIR is used in pkgmap for rootreserve. (from 109210-03) 4378376 Cluster complaints metadb -s nfs_ds_1 failed after patchadd T109208-02 (from 109210-02) 4377174 Implement retries for mhioc/reserve/release ioctls in SC2.2 (from 109210-01) 4178378 haget prints out incorrect error message for missing -s flag 4263339 pnmrtop failure with exit code 0 and exit code 5 leaving defunct processes 4300411 sc2.2/solaris8 scconf ... -s generates an unexpected error msg 4306566 Failfast timeout - unit "pmfd: process m" 4308555 sc2.2/solaris8 unexplained msg appearing during reconf 4322304 in.mond can hang 4322768 RFE: stop Sun Cluster using popen() 4326276 Instant Image 2.0 on SDS based SC2.2 cluster prevents fail-over cluster 4332371 during a startnode the system panics 4336343 Backport SC3.0 pmfd "child level monitoring" features to SC2.x 4336987 netfmd should use ha_open_optimized 4337526 ns mail fault monitor keeps restarting netscape mail 4338421 libscutil is not 64 bit enabled 4340713 libscutil has a race condition in it 4345179 netfmd coredumps when there are no registered dataservices 4352785 scconf can inadvertently kill osinetd stack (from 109213-06) 4479907 Failover failed with reboot while patch T109213-05 on a SCI cluster 4455717 SC2.2 - Manual pages for pnmd & sma_configd report wrong location of log files. 4404807 cluster node doesn't take over when public network failure (from 109213-05) 4435348 Improve resiliency of clustd, smad, and rpc.pmfd 4406121 Sun Cluster Communication files write to /tmp insecurely 4400242 NAFO fails to failover if all active networks goes down at the same time 4347759 pnm/nafo binaries are unnecessarily linked with libthread and/or are MT-unsafe (from 109213-04) 4411704 Changes made to HA-Oracle for bug/rti 4338928 should be backed out (from 109213-03) 4341392 Sun Cluster 2.2 is not aware of Solaris Resource Manager (from 109213-02) 4332623 sm_config cannot be localized for Solaris 8 on SC2.2U2. (from 109213-01) 4284605 pnmd spews out too many multicast ICMP packets even when network is active (from 109427-01) 4321549 Cannot switch over logical host while database instance is running 4326020 sc2.2/sol8/vxvm -Problem with LH when the diskgroup contains striped volume(s) 4344745 respin for bug 4326020 4342779 Fix SCCS header in source file 4360206 Vxvm304 layered volumes patch 108508-04 give error message in ccd.log on SSVM2.6 Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ---------------------------------- Stop the Sun Cluster software on all nodes before applying this patch. Apply this patch to each node and reboot each node after patch installation. You also need to stop rpc.pmfd before applying this patch. Restart the cluster once the patch has been applied to all nodes to ensure consistent behavior. Please refer to the Sun Cluster 2.2 System Administration Guide for exact commands to start and stop the cluster. o login as root and stop all the nodes in the cluster o stop rpc.pmfd: # /etc/init.d/initpmf stop o apply the patch as usual o reboot the node after patch installation o restart the cluster on the node NOTE 1: The fix for bugs 4392328 and 4336343 includes updates to man pages, which can be obtained by installing patch 109431-02 or newer. NOTE 2: To get the full support for Solaris Resource Manager (4341392), one needs to install the following patches (or newer): 109426-04 Sun Cluster 2.2: HA-Oracle Patch 110655-01 Sun Cluster 2.2: Oracle Parallel Server Patch NOTE 3: To get the complete fix for files insecurely writing to /tmp, one needs to install the following patches: 109426-07 Sun Cluster 2.2: HA-Oracle Patch 109432-04 Sun Cluster 2.2: Data Service Common Patch 109434-02 Sun Cluster 2.2: HA-Apache Patch 110675-02 Sun Cluster 2.2: HA-Sybase Patch 110676-03 Sun Cluster 2.2: HA-SAP Patch 111338-01 Sun Cluster 2.2: HA-Informix Patch 111341-02 Sun Cluster 2.2: System Management Patch 111342-02 Sun Cluster 2.2: Internet Pro Patch NOTE 5: To enable coexistence with Instant Image (II) 2.0 or StorEdge Network Data Replicator (SNDR) 2.0, install the latest available revisions of the following patches: For Instant Image 2.0 109624 DS 2.0/II 2.0 Solaris_JDK_1.2.2_05a 110626 DS 2.0/II 2.0 Framework Patch 110871 DS 2.0/Sun Cluster 2.2 Patch 109970 DS 2.0/CORE 2.0 - Core 109974 FWC 2.0 109978 DS 2.0/II 2.0 - Instant Image 109986 STE 1.2 For SNDR 2.0 109624 DS 2.0/II 2.0 Solaris_JDK_1.2.2_05a 110626 DS 2.0/II 2.0 Framework Patch 110871 DS 2.0/Sun Cluster 2.2 Patch 109970 DS 2.0/CORE 2.0 - Core 109974 FWC 2.0 109982 DS 2.0/SNDR 2.0 - Network Data Replicator 109986 STE 1.2 Refer to the "Special Install Instructions" section of the README file for patch 110871-04 (or later) for usage information and special considerations. Refer to the Sun Cluster Early Notifier Page (SunSolve document #19224) for the latest information on required patches. NOTE 6: The fix for bug 4318821 changes the permission of all ccd files (both simple and shared) located in /etc/opt/SUNWcluster/conf from 0644 to 0600. Therefore, non-root users will no longer be able to access the ccd files directly. This change should have no impact on either Sun supplied or 3rd party data services as the method scripts should always run as root, and access the ccd indirectly via the ccdd daemon. However, if you have any custom scripts that access the ccd files directly, you must ensure these are run as the root user before installing the fix for this bug. On 2 node clusters with a shared ccd configured, the fix for bug 4318821 will not take full effect until the patch has been installed on both nodes, and both nodes have rejoined the cluster. Patch Backout: ------------- o Before backing out the patch, make sure the cluster software and rpc.pmfd are stopped on all nodes in the cluster: login as root on each node, then run the command: # scadmin stopnode # /etc/init.d/initpmf stop o Remove the patch from all nodes as usual. o After the patch has been removed, reboot the nodes. Restart the cluster once the patch has been removed from all nodes to ensure consistent behavior. README -- Last modified date: Friday, February 13, 2004