Subject: UnixWare 7.1.0: VM Subsystem Supplement Advisory number: n/a Issue date: n/a ftp://stage.caldera.com/pub/security/sse/ptf7413j Dear SCO Customer, Support Level Supplement (SLS) ptf7413j, the UnixWare 7.1.0 VM Subsystem Supplement, provides solutions for the following problems: 1. Processes are not completing due to file hanging. This issue was originally addressed in SLS ptf7413a. 2. An HBA driver uses a maximum transfer size that is less than 128KB (for example, the IBM "ips" driver supporting the IBM ServeRAID HBA). 3. The system intermittently hangs while handling hardware-generated NMIs. 4. Syslogd misses cmn_err messages when a system panics. 5. Processes can hang in vx_delay2. 6. Too much Kernel Virtual Memory is used when using mprotect. 7. PROT_NONE PSE protection can be lost due to unshielding. 8. A panic occurs in freectty() when using DDI 8 serial driver. 9. A panic occurs when using truss to investigate a DSHM process. 10. The system hangs with MPIO in qlc1020_timeout_remove(). 11. Real Time Clock (RTC) drifts & jumps. Also, CMOS can be corrupted. 12. Panics occur in sv_signal() called from hat_asunload() on cpu 0 of 8 processor Intel Pentium III Xeon systems. Note: Issue 13 is new as of ptf7413f: 13. Possible hangs while two CPUs looping alternately in hat_load(). Note: Issue 14 is new as of ptf7413g. 14. System may suffer buf_breakup panic with fixed-blocks > 512 bytes. Note: Issue 15 is new as of ptf7413h. 15. close() is slow when CPU load is heavy. Note that this fix had incorrectly been reported as being in ptf7413f. Note: Issues 16, and 17 are new as of ptf7413i. 16. ul99-32801 and ul99-33011 erg501245 Disk corruption seen with PAE on and greater than 4GB physical memory (all of which is general purpose) whilst performing I/O on a VxVM block device. 17. ul99-15306 A security problem has been eliminated by disallowing core dumps if there is already a corefile (or any other object) of the same name in the current directory. Note: Issues 18, and 19 are new as of ptf7413j. 18. ul99-20814 (fz149299):- Address space of privileged processes was accessible by regular users. Privileged processes could then be traced opening several security holes. 19. ul99-20009 (fz140035) :- Privileged processes could core dump. Sensitive data is often located inside the core files of privileged processes. SLS ptf7413j addresses the problems listed above as follows: 1. It eliminates the file hang that is caused by a slow streams-based memory leak. 2. The buf_breakup code now honors the max_xfer transfer size set by a driver in the bcb_max_xfer field of its bcb structure. 3. A deadlock situation with cmn_err has been rectified by marking critical regions which could potentially lock cmn_err. 4. cmn_err puts messages directly into putbuf. This avoids a delay that was happening using strlog(7), which resulted in messages being lost just before the system panics. 5. It introduces a new tunable to prevent a vxfs hang occurring. 6. segpse and segdev changed to reduce overhead of the amount of Kernel Virtual Memory. 7. PSE pages are skipped in unshield. 8. It checks whether major is less than cdevcnt. 9. A temporary mapping to the page table is used. 10. It releases the queue lock before calling qlc1020_abort_command() in the watchdog routine. 11. Additional APIs now read and write bytes of CMOS RAM using locking to access it. 12. hat_asunload() now holds resourcelock across SV_SIGNAL(). 13. Changed algorithm to distribute jobs fairly across CPUs by making changes in hat_load(). 14. Modification of code to allow for tape bytes size > 512 bytes with DDI8 HBA driver. 15. During close(), only dirty pages will be counted up when deciding to yield to the processor. Files needing multiple flushes will still need time to complete the close process; however, for files which haven't been written to, the close will no longer be delayed. 16. Disk corruption seen with PAE on and greater than 4GB physical memory (all of which is general purpose) whilst performing I/O on a VxVM block device. The fix is for a kernel memory corrupting issue and is not specific to PAE or volume manager, this is simply the method required to reproduce the critical symptom observed by the customer. Note, PAE mode is enbaled by setting ENABLE_4GB_MEM=YES in /stand/boot, or by issuing this during an interactive boot. 17. A security problem has been eliminated by disallowing core dumps if there is already a corefile (or any other object) of the same name in the current directory. A security problem has been eliminated by disallowing core dumps of setgid processes (processes running with an effective group ID different from the user's real group ID). An administrator may now select old-style corefile naming, whereby the process-ID suffix normally attached to every corefile name is eliminated and every corefile is just named "core". This is intended to address situations in which it is unacceptable for a disk to fill up with corefiles. It is recommended that adminstrators stick with the current default behavior, however. The tunable that controls this behavior is named COREFILE_PIDS. 18. Address space is now not accessible to regular users. 19. Privileged processes now no longer core dump. Contents -------- /etc/conf/dtune.d/fs /etc/conf/mtune.d/fs /etc/conf/pack.d/fs/Driver_atup.o /etc/conf/pack.d/fs/Driver_mp.o /etc/conf/pack.d/fs/space.c /etc/conf/pack.d/log/Driver_atup.o /etc/conf/pack.d/log/Driver_mp.o /etc/conf/pack.d/mem/Driver_atup.o /etc/conf/pack.d/mem/Driver_mp.o /etc/conf/pack.d/osm/Driver_atup.o /etc/conf/pack.d/osm/Driver_mp.o /etc/conf/pack.d/proc/Driver_atup.o /etc/conf/pack.d/proc/Driver_mp.o /etc/conf/pack.d/proc/space.c /etc/conf/dtune.d/proc /etc/conf/mtune.d/proc /etc/conf/pack.d/segdev/Driver_atup.o /etc/conf/pack.d/segdev/Driver_mp.o /etc/conf/pack.d/segshm/Driver_atup.o /etc/conf/pack.d/segshm/Driver_mp.o /etc/conf/pack.d/specfs/Driver_atup.o /etc/conf/pack.d/specfs/Driver_mp.o /etc/conf/pack.d/svc/Driver_atup.o /etc/conf/pack.d/svc/Driver_mp.o /etc/conf/pack.d/util/Driver_atup.o /etc/conf/pack.d/util/Driver_mp.o /etc/conf/mdevice.d/cram /etc/conf/pack.d/cram/Driver_atup.o /etc/conf/pack.d/cram/Driver_mp.o /etc/conf/pack.d/psm_mc146818/Driver.o /usr/include/sys/cram.h Software Notes and Recommendations ---------------------------------- SLS ptf7413j should only be installed on: UnixWare 7.1.0 SLS ptf7413j will only install if these SLSs are already installed on the system: ptf7406b (or later) ptf7408c (or later) ptf7401h (or later) Note: If an earlier version of ptf7408 is installed on the system, then installation of ptf7413j will fail with this error message: UX:pkginstall: ERROR: unknown dependency type specifies: S SLS ptf7413j supersedes all previous versions of ptf7413; however, it is not necessary to remove those SLSs prior to installing SLS ptf7413j. SLS ptf7425a should not be installed on top of SLS ptf7413j. Installation Instructions ------------------------- 1. Download the ptf7413j.Z file to the /tmp directory on your machine. 2. As root, uncompress the file and add the SLS package to your system using these commands: $ su Password: # uncompress /tmp/ptf7413j.Z # pkgadd -d /tmp/ptf7413j # rm /tmp/ptf7413j 3. Reboot the system after installing this SLS package. The release notes displayed prior to installation can be found in: /var/sadm/pkg/ptf7413/install/ptf7413.txt Removal Instructions -------------------- 1. As root, remove the SLS package using these commands: $ su Password: # pkgrm ptf7413 2. Reboot the system after removing this SLS package. If you have questions regarding this SLS, or the product on which it is installed, please contact your software supplier.