Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.1153 -- [Solaris] A Lack of Root Filesystem Space When Installing Solaris 10 Kernel Patch 137137-09/137138-09 May Render Systems Unbootable 22 December 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: zfs Publisher: Sun Microsystems Operating System: Solaris 10 Impact: Denial of Service Access: Existing Account Ref: ESB-2008.1050 Original Bulletin: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246207-1 - --------------------------BEGIN INCLUDED TEXT-------------------- Solution Type: Sun Alert Solution 246207 : A Lack of Root Filesystem Space When Installing Solaris 10 Kernel Patch 137137-09/137138-09 May Render Systems Unbootable Bug ID: 6772083 Product Solaris 10 Operating System Date of Workaround Release: 24-Nov-2008 Date of Resolved Release: 18-Dec-2008 A Lack of Root Filesystem Space When Installing Solaris 10 Kernel Patch 137137-09/137138-09 May Render Systems Unbootable 1. Impact A change in boot architecture introduced when installing Solaris 10 kernel patches 137137-09 (SPARC) and 137138-09 (x86) may cause systems to run out of space in the root filesystem and become unbootable. This may occur on SPARC systems where there is less than 550MB of free space in the root filesystem. This issue is only likely to occur on x86 systems if they were initially installed with a release of Solaris 10 prior to 1/06 and if they have less than 300MB free space in the root filesystem. Transitioning to the new boot architecture will require approximately 360MB of space in the root file system for SPARC (less for x86). In addition, the standard payload of patches 137137-09/137138-09 will require an amount of space in the root file system that is dependent on system configuration. As such, the space requirements will vary from system to system. 2. Contributing Factors This issue can occur in the following releases: SPARC Platform: * Solaris 10 with patch 137137-09 and without patch 125555-02 x86 Platform: * Solaris 10 (prior to release 1/06) with patch 137138-09 and without patch 125556-02 Notes: 1. Solaris 8 and 9 and OpenSolaris are not impacted by this issue. 2. Solaris 10 1/06 and later releases on the x86 platform are not impacted by this issue. 3. Only systems with limited space in the root filesystem are impacted by this issue. The safe limit is 550MB of free space prior to commencing installation of patch 137137-09 and 300MB of free space prior to applying patch 137138-09 to Solaris 10 releases prior to 1/06. 3. Symptoms Installing patches 137137-09/137138-09 on a system with insufficient space will result in various error messages, depending upon when insufficient space becomes an issue. The following are examples and may not be exhaustive. Example 1: Space runs out when copying the failsafe archive. Messages similar to the following will be seen during patchadd of 137137-09: Executing postpatch script... Installing boot block on /dev/rdsk/c0t0d0s0. Creating boot_archive for /var/run/.patchSafeMode/root updating /var/run/.patchSafeMode/root/platform/sun4u/boot_archive 15+0 records in 15+0 records out cp: //platform/sun4u/failsafe: No space left on device ln: cannot access //platform/sun4u/failsafe Nov 16 12:51:23 beetle ufs: NOTICE: alloc: /: file system full Example 2: Space runs out while the boot archive is updated during reboot. In this case the affected boot environment will have a corrupt boot_archive and will subsequently fail to boot. Messages similar to the following will be returned on the system console during reboot : # reboot Nov 16 12:52:41 beetle reboot: rebooted by root Creating boot_archive for /var/run/.patch_root_loopbackmnt updating /var/run/.patch_root_loopbackmnt/platform/sun4u/boot_archive 15+0 records in 15+0 records out Nov 16 12:53:03 beetle ufs: NOTICE: alloc: /: file system full cat: write error: No space left on device Nov 16 12:53:05 beetle syslogd: going down on signal 15 syncing file systems... done rebooting... Rebooting with command: boot Boot device: /pci@1c,600000/scsi@2/disk@0,0:a File and args: kernel/sparcv9/unix/ seek failed Warning: Fcode sequence resulted in a net stack depth change of 1 Evaluating: Evaluating: The file just loaded does not appear to be executable. 4. Workaround To avoid the issue of running out of space in the root filesystem, changes should be put in place to increase the amount of space available to a level appropriate for the lifetime of the system. This needs to account for future patching requirements, user needs as well as ensuring there is sufficient space for the kernel patches 137137-09/137138-09 to install correctly. It is not sufficient to just resolve this issue for the immediate need to install these kernel patches. The required space will be system and configuration specific and needs to be determined on a case by case basis. Possible courses of action may include migrating the root filesystem to a larger drive/disk slice to eliminate the problem. If Live Upgrade is to be used to clone the existing root filesystem to a larger slice/drive, the following documents provide further information on how to perform this operation and outline required patch levels: http://www.sun.com/software/solaris/howtoguides/liveupgradehowto.jsp http://sunsolve.sun.com/search/document.do?assetkey=1-9-72099-1 For systems which have experienced this issue and are unbootable as a result of installing the kernel patches 137137-09/137138-09, the following workaround can be used to restore the system to a bootable state in most cases: 1. Boot the system from the network/CD/DVD using a Solaris 10 05/08 (or later). 2. Mount the root filesystem slice to /<root-fs-mount-point> 3. rm -f /<root-fs-mount-point>/platform/`uname -m`/boot_archive 4. /<root-fs-mount-point>/sbin/bootadm -a update_all If step 4 fails, more free space needs to be made available in the root filesystem. The preferred method is to remove unnecessary user files and/or log files from the root filesystem. If the above fails to generate enough space, then in cases where the installation of patch 137137-09/137138-09 completed and generated a failsafe archive, then the last resort is to remove the failsafe archive by issuing the following commands: # rm <root-fs-mount-point>/platform/sun4[uv]/failsafe # rm <root-fs-mount-point>/platform/sun4us/failsafe 5. Resolution This issue is addressed in the following releases: SPARC Platform * Solaris 10 with patch 125555-02 or later x86 Platform * Solaris 10 with patch 125556-02 or later Note: These patches only resolve this issue if they are installed prior to the installation of kernel patches 137137-09/137138-09. This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCUAwUBSU8Ijih9+71yA2DNAQJLegP3X4lhuZk11xeHGxkL6l24kH9KC9gOaujF QaDQcBvWCgdgq+GxPDsBHXypjl7QidD1VwoB6ntT+iDc4LUKUQP+027bf3lktTPW oSYB4+09+K6OM1smvcdxAVwOelRxLRP1tY5DCBAqFHkp8YuiDsj+xUMbThEqz2iF RdmqyTuYKg== =3gKf -----END PGP SIGNATURE-----