Patch Name: PHNE_15863 Patch Description: s700 10.20 NFS Kernel General Release & Performance Patch Creation Date: 98/11/03 Post Date: 98/11/09 Warning: 98/11/16 - This Critical Warning has been issued by HP. - PHNE_15863 introduces a problem on NFS clients that can result in a system panic. When the NFS client encounters a Stale File Handle, it can corrupt the buffer cache lists. The final result is a Data Page Fault, potentially in a different subsystem, during the allocation or release of a buffer cache entry. - HP recommends removing PHNE_15863 from all NFS clients and software depots that contain the patch. - The superseded patch, PHNE_15041, does not exhibit this problem and is being rereleased until a replacment patch is available. Hardware Platforms - OS Releases: s700: 10.20 Products: N/A Filesets: OS-Core.CORE-KRN Automatic Reboot?: Yes Status: General Superseded With Warnings Critical: Yes PHNE_15863: PANIC HANG CORRUPTION Hang encountered in nfs_fsync() Panic with m_free(), sbdrop(), and clntkudp_callit() Panic with truncated file Panic with nfs_purge_caches(), binvalfree(), bwrite(), nfs_strategy(), do_bio(), and nfswrite() recursion Hang encountered with autofs (this applies only to systems that have the ACE 2 software bundle installed) Hang encountered because of rfs_readdirplus3() memory leak (this applies only to systems that have the ACE 2 software bundle installed) Hang encountered with cachefs (this applies only to systems that have the ACE 2 software bundle installed) Panic with rfs3_readlink_free() (this applies only to systems that have the ACE 2 software bundle installed) Corruption encountered with reads (this applies only to systems that have the ACE 2 software bundle installed) PHNE_15041: PANIC Panic encountered with autofs (this applies only to systems that have the ACE 2 software bundle installed) PHNE_14071: PANIC HANG Panic encountered in ku_sendto_mbuf() Panic encountered in ckuwakeup() Panic encountered in vn_rele() Hang encountered in nfs_fsync() PHNE_13823: HANG PANIC Hang encountered in nfs_fsync() Panic encountered in clnt_kudpinit() PHNE_13668: HANG Hang encountered in Instant Ignition PHNE_13235: PANIC CORRUPTION Panic encountered in nfs_prealloc() Corruption encountered with retransmissions PHNE_12427: HANG Hang encountered with exportfs command PHNE_11386: HANG Hang encountered in NFS IO PHNE_11008: CORRUPTION PANIC Overwritten rnode error in do_bio() Rename of jfs file system from PCNFS causes panic Data page fault in ckuwakeup() PHKL_8544: HANG Path Name: /hp-ux_patches/s700/10.X/PHNE_15863 Symptoms: PHNE_15863: 1. Processes may hang when trying to access files across NFS. 2. The system may panic with a data page fault when an NFS operation is interrupted on a uniprocessor system. 3. The system may panic with a data page fault when reading a file that has been truncated. 4. The system may panic with a kernel stack overflow. 5. Syslog shows the message: vxfs: mesg 016: vx_ilisterr 6. Quotas are not honored on a diskless client in the same way that they are honored on its server under certain circumstances. 7. The setting of NFS file/directory modification and access time stamps is inconsistent. 8. An HP NFS server does not permit NFS file/directory time stamps to be set from a non-HP NFS client. 9. Autofs hangs when remounting hierarchical autofs mount points (this applies only to systems that have the ACE 2 software bundle installed). 10. Autofs hangs when running Netscape (this applies only to systems that have the ACE 2 software bundle installed). 11. System hangs when using NFS PV3 as a server (this applies only to systems that have the ACE 2 software bundle installed). 12. Cachefs hangs (this applies only to systems that have the ACE 2 software bundle installed). 13. When an archive library is in an NFS PV3 mounted directory, nm gives the "bad magic" error string after listing all symbols (the symbols list is fine). This problem does not occur with NFS PV2 (this applies only to systems that have the ACE 2 software bundle installed). 14. The system may panic with a data page fault on an NFS PV3 server and shows rfs3_readlink_free() in the panic stack trace (this applies only to systems that have the ACE 2 software bundle installed). 15. A read() after an lseek() past EOF is successful (this applies only to systems that have the ACE 2 software bundle installed). 16. A cp over an NFS PV3 mount encounters an error: Value too large to be stored in data type NFS PV2 does not encounter the error (this applies only to systems that have the ACE 2 software bundle installed). NOTE: Patch PHNE_15863 installs a patch for the networking ACE 2 software bundle (PHNE_13833) only if that bundle has been installed on the system. Otherwise, patch PHNE_15863 installs a patch for the standard release and its patches (represented by PHNE_13823). PHNE_15041: 1. Poor NFS performance over 100BT. 2. System panics with data page fault (this applies only to systems that have the ACE 2 software bundle installed). 3. Application fails (this applies only to systems that have the ACE 2 software bundle installed). 4. Application fails (this applies only to systems that have the ACE 2 software bundle installed). NOTE: Patch PHNE_15041 installs a patch for the networking ACE 2 software bundle (PHNE_13833) only if that bundle has been installed on the system. Otherwise, patch PHNE_15041 installs a patch for the standard release and its patches (represented by PHNE_13823). PHNE_14071: 1. The system may panic with a data memory protection fault. 2. Processes may hang when trying to access files across NFS. 3. The system may panic with a data page fault. 4. The system may panic with a vn_rele. NOTE: Patch PHNE_14071 installs a patch for the networking ACE 2 software bundle (PHNE_13833) only if that bundle has been installed on the system. Otherwise, patch PHNE_14071 installs a patch for the standard release and its patches (represented by PHNE_13823). PHNE_13833: This patch is part of the 10.20 ACE 2 bundle which adds networking enhancements to 10.20. New networking features supported in ACE 2 include NFS Version 3.0, AutoFS, and CacheFS. PHNE_13823: 1. Processes may hang when trying to access files across NFS. 2. The system may panic with a spinlock deadlock. PHNE_13668: Client IO from root is denied across an NFS mount point, causing hang in instant ignition and NFS clients. PHNE_13235: 1. JFS Servers with NFS clients may see poor performance when doing large file transfers across NFS 2. When using swap across an NFS mount, and the mounted disk becomes full, the system may panic. 3. Data corruption may occur when a transmission errors on a crowded network force retransmissions. PHNE_12427: The exportfs -u command hangs. PHNE_11386: Hang when doing IO across an NFS mount PHNE_11008: 1. Some instances of NFS writes (such as cp from an NFS client) may complete successfully even when errors occur. 2. Renaming a VxFS file to another VxFS from a PCNFS client causes a panic. 3. Disabling anonymous access is not recognized by PCNFS clients, allowing them to run as a priviledged user. 4. Data page faults caused in the client 5. Directories in an NFS mounted file system are created with 000 permissions value. PHKL_9155: 1. Add write-gathering support for NFS servers. 2. The length of a timeout for an NFS request may become extremely long (on the order of minutes). PHKL_8544: 1. Data page fault in an MP environment due to synchronization problems with the client's biod's. 2. A panic within kernel RPC (in svc_getreqset) in an MP environment is generated due to another synchronization problem. 3. System hangs caused in large systems. Defect Description: PHNE_15863: 1. An access of a kernel variable on an NFS client was not protected by a spinlock and thus conflicted with other accesses of the same variable causing the integrity of that variable to be compromised and leading to a case where a sleep could not be woken up. 2. An interrupt performing an operation on a socket on which NFS is attempting a socket buffer data drop (sbdrop) causes the socket operation to access a bad socket buffer address. 3. A read of a file that was truncated during the read operation causes an access of non-existent data. 4. With no biods running, a write of a stale file in which the writes are less than 8K bytes in length causes a recursive call stack that can get very large. 5. Before reading the entries of a directory, no check is performed to determine if the entity being read is a directory, which leads to the given syslog message. 6. The file open credentials are used by NFS and not the thread credentials. This can lead to a quota problem when the user that opened a file is not the user accessing the file. 7. When a utime() operation with a NULL timestamp is performed on an NFS file/directory, the NFS client uses the system time of the client to set file/directory modification and access times with SETATTR operations. However, WRITE operations use the system time of the server to set file/directory modification and access times. This causes inconsistencies when the client and server systems are in different time zones. 8. A SUN NFS client attempting to perform a utime() operation with a NULL timestamp on an HP NFS server file/directory is rejected due to a permissions error even though the process has write permissions but is not the file/directory owner. 9. When hierarchical maps are used, a umount of the mount points causes the autofs daemon to hang (this applies only to systems that have the ACE 2 software bundle installed). 10. Running Netscape from automounter paths causes hangs (this applies only to systems that have the ACE 2 software bundle installed). 11. A slow memory leak in rfs_readdirplus3() eventually starves the server of free memory (this applies only to systems that have the ACE 2 software bundle installed). 12. The calls from cachefs to do attribute lookups hang when trying to make a cachefs node (this applies only to systems that have the ACE 2 software bundle installed). 13. The nm tool is given incorrect file length data and reports a standard HPPA error (this applies only to systems that have the ACE 2 software bundle installed). 14. The system panics with data page fault on the NFS PV3 server when trying to remove a symbolic link (this applies only to systems that have the ACE 2 software bundle installed). 15. An application can lseek to EOF and then read past EOF without having an error status returned (this applies only to systems that have the ACE 2 software bundle installed). 16. The maximum file size field in the NFS PV3 protocol has been initialized incorrectly (this applies only to systems that have the ACE 2 software bundle installed). NOTE: Patch PHNE_15863 installs a patch for the networking ACE 2 software bundle (PHNE_13833) only if that bundle has been installed on the system. Otherwise, patch PHNE_15863 installs a patch for the standard release and its patches (represented by PHNE_13823). PHNE_15041: 1. NFS performance over 100BT is poor. 2. Autofs panics system with data page fault (this applies only to systems that have the ACE 2 software bundle installed). 3. Autofs fails to work with 9.X archived directory path libraries (this applies only to systems that have the ACE 2 software bundle installed). 4. Autofs causes swlist to fail (this applies only to systems that have the ACE 2 software bundle installed). NOTE: Patch PHNE_15041 installs a patch for the networking ACE 2 software bundle (PHNE_13833) only if that bundle has been installed on the system. Otherwise, patch PHNE_15041 installs a patch for the standard release and its patches (represented by PHNE_13823). PHNE_14071: 1. An uninitialized kernel variable on an NFS server causes an address to be decremented by one and thus leaves it not pointing to a word-aligned area. 2. An access of a kernel variable on an NFS client was not protected by a spinlock and thus conflicted with other accesses of the same variable causing the integrity of that variable to be compromised and leading to a case where a loop cannot be terminated. 3. A lack of synchronization within the RPC kernel layer causes an access of a kernel variable after its memory has already been freed. 4. The NFS server allows access of a previously released vnode when a file lock is unblocked. NOTE: Patch PHNE_14071 installs a patch for the networking ACE 2 software bundle (PHNE_13833) only if that bundle has been installed on the system. Otherwise, patch PHNE_14071 installs a patch for the standard release and its patches (represented by PHNE_13823). PHNE_13833: New functionality to support networking features in 10.20. PHNE_13823: 1. Processes within the RPC kernel layer are not releasing a lock which is needed by other NFS client processes to synchronize IO requests (which requires a flush of all outstanding client to server IO). 2. A spinlock is held by a kernel RPC process when it tries to acquire a beta semaphore. PHNE_13668: The NFS client prevents root from opening a file on the server. It will allow file creation, but not IO to an existing file. PHNE_13235: 1. NFS Clients may send serial IO requests out of order, causing performance problems for JFS on the Server. 2. NFS writes to a full disk used as a swap device will return an error which results in a call to panic() from nfs_prealloc(). 3. When retransmitting, the XID may not be properly reinitialized, allowing data corruption in the form of null-valued blocks of 8192 bytes (or less). PHNE_12427: The reference count of the exported entry is not managed correctly, and may remain greater than 0 when unused. PHNE_11386: Hang in clnt_kudp.o PHNE_11008: 1. Error codes kept in the rnode for an NFS client's file may get overwritten, and therefore not reported back to the caller when the file is closed. 2. The NFS server renaming procedures do not check for differing VxFS file systems when asking for a rename, which will cause a panic down in VxFS. 3. The server authorization program does not properly check for anonymous access when user IDs of -2 are used. 4. The netisr callout function did not protect against a race condition. 5. The system does not initialize the vnode attributes when it sees a file size which is too large for the 10.20 file system, and returns an error. The server is making the directory anyway, with uninitialized (000) attributes. PHKL_9155: 1. NFS write performance can be improved by doing gather writes at the server. This patch implements the NFS portion of gather writes. 2. The maximum timeout values defined in RPC were very long, and neither RPC nor NFS values matched that of SUN. PHKL_8544: 1. The kernel's biod support code did not sufficently protect against MP race conditions. 2. The RPC processor affinity implementation used by nfsd's was not sufficently protected against MP race conditions. 3. Incorrect usage of the dnlc purge functions. SR: 5003433078 5003429753 5003428292 5003427963 5003425116 5003423590 5003423368 5003423111 5003419325 5003418962 5003417329 5003417071 5003406660 5003404616 5003402743 5003402677 5003398826 5003394056 5003368050 5003352534 5003344226 5003343277 5003340042 5003330894 5003327338 5003326090 5003324657 5003322370 5003321513 5003319665 5003319145 5003279927 5003279091 4701400903 4701378117 4701351577 4701341669 4701314302 4701306837 4701306829 1653275974 1653275800 1653272385 1653266577 1653249268 1653197632 1653192294 1653150599 1653146886 1653146308 1653134924 1653101337 Patch Files: /usr/conf/lib/libnfs.a /usr/conf/lib/libnfs.a.ace /usr/conf/lib/libhp-ux.a(cachefs.o) /usr/conf/lib/libhp-ux.a(nfs.o) /usr/conf/lib/onc_debug.o /usr/conf/master.d/nfs what(1) Output: /usr/conf/lib/libnfs.a: svc.c $Date: 98/09/02 10:00:57 $ $Revision: 1.8.112 .15 $ PATCH_10.20 PHNE_15863 clnt_kudp.c $Date: 98/09/02 09:50:53 $ $Revision: 1 .9.112.20 $ PATCH_10.20 PHNE_15863 nfs_vnops.c $Date: 98/10/31 23:17:03 $ $Revision: 1 .3.112.36 $ PATCH_10.20 PHNE_15863 nfs_subr.c $Date: 98/09/02 10:06:53 $ $Revision: 1. 1.112.24 $ PATCH_10.20 PHNE_15863 nfs_server.c $Date: 98/10/09 15:42:12 $ $Revision: 1.3.112.28 $ PATCH_10.20 PHNE_15863 nfs_fcntl.c $Date: 98/09/02 10:10:11 $ $Revision: 1 .1.112.16 $ PATCH_10.20 PHNE_15863 /usr/conf/lib/libnfs.a.ace: svc.c $Date: 98/09/02 10:00:57 $ $Revision: 1.8.112 .15 $ PATCH_10.20 PHNE_15863 clnt_kudp.c $Date: 98/09/02 09:50:53 $ $Revision: 1 .9.112.20 $ PATCH_10.20 PHNE_15863 auto_vnops.c $Date 98/09/29 $Revision: 1.1.113.16 $ PATCH_10.20 PHNE_863 hpnfs_cv_stub.c $Revision: 1.1.113.2 $ X.10SAC.25 cachefs_vnops.c $Date: 98/02/09 13:39:22 $ $Revisio n: 1.1.113.11 $ PATCH_10.20 PHNE_13833 hpnfs_vnops.c $Date: 98/11/02 17:30:17 $ $Revision: 1.1.113.21 $ PATCH_10.20 PHNE_15863/4 700/8 00 nfs_vfsops3.c $Date: 98/10/08 23:24:03 $ $Revision: 1.1.113.12 $ PATCH_10.20 PHNE_15863/4 700/8 00 nfs_vnops3.c $Date: 98/11/03 13:24:16 $ $Revision: 1.1.113.16 $ PATCH_10.20 PHNE_15863/4 700/80 0 nfs_subr3.c $Date: 98/10/08 23:23:59 $ $Revision: 1 .1.113.16 $ PATCH_10.20 PHNE_15863/4 700/800 nfs_server3.c $Date: 98/10/29 22:21:35 $ $Revision: 1.1.113.15 $ PATCH_10.20 PHNE_15863/4 700/8 00 nfs_export3.c $Date: 98/10/08 23:23:42 $ $Revision: 1.1.113.4 $ PATCH_10.20 PHNE_15863/4 700/80 0 klm_lckmgr.c $Revision: 1.1.113.2 $ klm_kprot.c $Revision: 1.1.113.1 $ nfs_vnops.c $Date: 98/11/02 17:32:36 $ $Revision: 1 .1.113.11 $ PATCH_10.20 PHNE_11008 nfs_subr.c $Date: 98/10/18 00:14:43 $ $Revision: 1. 1.113.10 $ PATCH_10.20 PHNE_14071 nfs_server.c $Date: 98/10/16 23:22:14 $ $Revision: 1.1.113.10 $ PATCH_10.20 PHNE_15863/4 700/80 0 nfs_fcntl.c $Revision: 1.1.113.3 $ /usr/conf/lib/libhp-ux.a(cachefs.o): None /usr/conf/lib/libhp-ux.a(nfs.o): None /usr/conf/lib/onc_debug.o: None /usr/conf/master.d/nfs: $Revision: 1.2.113.3 $ cksum(1) Output: 3040396704 214508 /usr/conf/lib/libnfs.a 2350371765 631930 /usr/conf/lib/libnfs.a.ace 566132716 191044 /usr/conf/lib/libhp-ux.a(cachefs.o) 3631930508 166548 /usr/conf/lib/libhp-ux.a(nfs.o) 566132716 191044 /usr/conf/lib/onc_debug.o 1421096347 4241 /usr/conf/master.d/nfs Patch Conflicts: None Patch Dependencies: s700: 10.20: PHKL_16750 PHNE_16237 Hardware Dependencies: None Other Dependencies: None Supersedes: PHKL_8544 PHKL_9155 PHNE_11008 PHNE_11386 PHNE_12427 PHNE_13235 PHNE_13668 PHNE_13823 PHNE_13833 PHNE_14071 PHNE_15041 Equivalent Patches: PHNE_15864: s800: 10.20 Patch Package Size: 1440 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_15863 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_15863.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_15863.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_15863. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_15863.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_15863.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Patch PHNE_15863 installs a patch for the networking ACE 2 software bundle (PHNE_13833) only if that bundle has been installed on the system. Otherwise, patch PHNE_15863 installs a patch for the standard release and its patches (represented by PHNE_13823). In order to take advantage of avoiding what we call the "read-before-write" behavior, the system manager must turn on a system flag with adb: echo "nfs_no_read_before_write/W 1" | \ adb -k -w /stand/vmunix /dev/mem The following is a useful process for applying more than one patch while only requiring a single reboot after the final patch installation: 1) Get the individual depots over into /tmp. 2) Make a new directory to contain the set of patches: mkdir /tmp/DEPOT # For example 3) For each patch "PHKL_xxxx": swcopy -s /tmp/PHKL_xxxx.depot \* @ /tmp/DEPOT 4) swinstall -x match_target=true -x autoreboot=true \ -s /tmp/DEPOT