Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.1153 -- [Solaris]
A Lack of Root Filesystem Space When Installing Solaris 10 Kernel Patch
137137-09/137138-09 May Render Systems Unbootable
22 December 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: zfs
Publisher: Sun Microsystems
Operating System: Solaris 10
Impact: Denial of Service
Access: Existing Account
Ref: ESB-2008.1050
Original Bulletin:
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246207-1
- --------------------------BEGIN INCLUDED TEXT--------------------
Solution Type: Sun Alert
Solution 246207 : A Lack of Root Filesystem Space When Installing
Solaris 10 Kernel Patch 137137-09/137138-09 May Render Systems
Unbootable
Bug ID: 6772083
Product
Solaris 10 Operating System
Date of Workaround Release: 24-Nov-2008
Date of Resolved Release: 18-Dec-2008
A Lack of Root Filesystem Space When Installing Solaris 10 Kernel Patch
137137-09/137138-09 May Render Systems Unbootable
1. Impact
A change in boot architecture introduced when installing Solaris 10
kernel patches 137137-09 (SPARC) and 137138-09 (x86) may cause
systems to run out of space in the root filesystem and become
unbootable. This may occur on SPARC systems where there is less than
550MB of free space in the root filesystem. This issue is only likely
to occur on x86 systems if they were initially installed with a
release of Solaris 10 prior to 1/06 and if they have less than 300MB
free space in the root filesystem.
Transitioning to the new boot architecture will require approximately
360MB of space in the root file system for SPARC (less for x86). In
addition, the standard payload of patches 137137-09/137138-09
will require an amount of space in the root file system that is
dependent on system configuration. As such, the space requirements
will vary from system to system.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform:
* Solaris 10 with patch 137137-09 and without patch 125555-02
x86 Platform:
* Solaris 10 (prior to release 1/06) with patch 137138-09 and
without patch 125556-02
Notes:
1. Solaris 8 and 9 and OpenSolaris are not impacted by this issue.
2. Solaris 10 1/06 and later releases on the x86 platform are not
impacted by this issue.
3. Only systems with limited space in the root filesystem are impacted
by this issue. The safe limit is 550MB of free space prior to
commencing installation of patch 137137-09 and 300MB of free space
prior to applying patch 137138-09 to Solaris 10 releases prior to
1/06.
3. Symptoms
Installing patches 137137-09/137138-09 on a system with
insufficient space will result in various error messages, depending
upon when insufficient space becomes an issue. The following are
examples and may not be exhaustive.
Example 1: Space runs out when copying the failsafe archive.
Messages similar to the following will be seen during patchadd of
137137-09:
Executing postpatch script...
Installing boot block on /dev/rdsk/c0t0d0s0.
Creating boot_archive for /var/run/.patchSafeMode/root
updating /var/run/.patchSafeMode/root/platform/sun4u/boot_archive
15+0 records in
15+0 records out
cp: //platform/sun4u/failsafe: No space left on device
ln: cannot access //platform/sun4u/failsafe
Nov 16 12:51:23 beetle ufs: NOTICE: alloc: /: file system full
Example 2: Space runs out while the boot archive is updated during
reboot.
In this case the affected boot environment will have a corrupt
boot_archive and will subsequently fail to boot.
Messages similar to the following will be returned on the system
console during reboot :
# reboot
Nov 16 12:52:41 beetle reboot: rebooted by root
Creating boot_archive for /var/run/.patch_root_loopbackmnt
updating /var/run/.patch_root_loopbackmnt/platform/sun4u/boot_archive
15+0 records in 15+0 records out
Nov 16 12:53:03 beetle ufs: NOTICE: alloc: /: file system full
cat: write error: No space left on device
Nov 16 12:53:05 beetle syslogd: going down on signal 15
syncing file systems... done
rebooting...
Rebooting with command: boot
Boot device: /pci@1c,600000/scsi@2/disk@0,0:a File and args:
kernel/sparcv9/unix/
seek failed
Warning: Fcode sequence resulted in a net stack depth change of 1
Evaluating:
Evaluating:
The file just loaded does not appear to be executable.
4. Workaround
To avoid the issue of running out of space in the root filesystem,
changes should be put in place to increase the amount of space
available to a level appropriate for the lifetime of the system. This
needs to account for future patching requirements, user needs as well
as ensuring there is sufficient space for the kernel patches
137137-09/137138-09 to install correctly. It is not sufficient
to just resolve this issue for the immediate need to install these
kernel patches. The required space will be system and configuration
specific and needs to be determined on a case by case basis.
Possible courses of action may include migrating the root filesystem
to a larger drive/disk slice to eliminate the problem. If Live Upgrade
is to be used to clone the existing root filesystem to a larger
slice/drive, the following documents provide further information on
how to perform this operation and outline required patch levels:
http://www.sun.com/software/solaris/howtoguides/liveupgradehowto.jsp
http://sunsolve.sun.com/search/document.do?assetkey=1-9-72099-1
For systems which have experienced this issue and are unbootable as a
result of installing the kernel patches 137137-09/137138-09,
the following workaround can be used to restore the system to a
bootable state in most cases:
1. Boot the system from the network/CD/DVD using a Solaris 10 05/08
(or later).
2. Mount the root filesystem slice to /<root-fs-mount-point>
3. rm -f /<root-fs-mount-point>/platform/`uname -m`/boot_archive
4. /<root-fs-mount-point>/sbin/bootadm -a update_all
If step 4 fails, more free space needs to be made available in the
root filesystem. The preferred method is to remove unnecessary user
files and/or log files from the root filesystem.
If the above fails to generate enough space, then in cases where the
installation of patch 137137-09/137138-09 completed and
generated a failsafe archive, then the last resort is to remove the
failsafe archive by issuing the following commands:
# rm <root-fs-mount-point>/platform/sun4[uv]/failsafe
# rm <root-fs-mount-point>/platform/sun4us/failsafe
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Solaris 10 with patch 125555-02 or later
x86 Platform
* Solaris 10 with patch 125556-02 or later
Note: These patches only resolve this issue if they are installed
prior to the installation of kernel patches 137137-09/137138-09.
This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCUAwUBSU8Ijih9+71yA2DNAQJLegP3X4lhuZk11xeHGxkL6l24kH9KC9gOaujF
QaDQcBvWCgdgq+GxPDsBHXypjl7QidD1VwoB6ntT+iDc4LUKUQP+027bf3lktTPW
oSYB4+09+K6OM1smvcdxAVwOelRxLRP1tY5DCBAqFHkp8YuiDsj+xUMbThEqz2iF
RdmqyTuYKg==
=3gKf
-----END PGP SIGNATURE-----