Patch Name: PHKL_23933

Patch Description: s700_800 11.00 elf cumulative patch

Creation Date: 01/04/13

Post Date:  01/04/23

Hardware Platforms - OS Releases:
	s700: 11.00
	s800: 11.00

Products: N/A

Filesets:
	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP
	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP

Automatic Reboot?: Yes

Status: General Release

Critical:
	Yes
	PHKL_23933: PANIC
	PHKL_18111: PANIC

Category Tags:
	defect_repair general_release critical panic

Path Name: /hp-ux_patches/s700_800/11.X/PHKL_23933

Symptoms:
	PHKL_23933:
	( SR: 8606178778 DTS: JAGad48003)
	Corrupted binary executable files could lead to a data page
	fault panic in kmalloc().

	The following stack trace can be observed from this panic:
	Data Page Fault panic in kmalloc

	panic+0x14
	report_trap_or_int_and_panic+0x80
	trap+0xdb8
	nokgdb+0x8
	kmalloc+0x20c
	read_elf64_phdr_tbl+0x5cc
	read_elf64_object+0xdc
	read_elf_object+0x1c
	get_aout_info+0x1c0

	PHKL_22071:
	( SR: 8606144411 DTS: JAGad13751 )
	when applying chatr +pd L the superpage size does not
	take effect when the executable is loaded

	PHKL_18111:
	The system panics in do_deltransc when running an ELF64
	executable with a negative BSS size.  This problem can only
	be seen on a 64-bit OS.

	Installing this patch will have no effect on a 32-bit
	kernel.

Defect Description:
	PHKL_23933:
	( SR: 8606178778 DTS: JAGad48003)
	When loading an executable which has a corrupted p_filesz
	field in its header, procedure read_elf64_phdr_tbl() can
	pass, without checking, an illegal value (greater than
	max_alloc_size) to kmalloc().

	Resolution:
	Procedure read_elf64_phdr_tbl() now validates the parameters
	it provides to procedure kmalloc().

	PHKL_22071:
	( SR: 8606144411 DTS: JAGad13751 )

	When chatr +pd L is applied to the executable, it is
	expected that the kernel use the largest superpage
	size available on the system. For 11.00, this means
	64MB.  Unfortunately, due to a misread and a truncation,
	this flag is lost when we read the elf header from the
	executable and the user ends up with a 16k page size.

	Resolution:
	modified pm_elf.c to recognize the +L option on the
	executable.

	PHKL_18111:
	The system sanity checks made for executable size did not
	include BSS size.

	Resolution:
	This patch adds a check on BSS size for ELF64 executables
	only.

SR:
	1653296392 8606144411 8606178778

Patch Files:
	
	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP:
	/usr/conf/lib/libhp-ux.a(pm_elf.o)

	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP:
	/usr/conf/lib/libhp-ux.a(pm_elf.o)

what(1) Output:
	
	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP:
	/usr/conf/lib/libhp-ux.a(pm_elf.o):
		pm_elf.c $Date: 2001/04/13 14:00:22 $Revision: r11ro
			s/6 PATCH_11.00 (PHKL_23933)

	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP:
	/usr/conf/lib/libhp-ux.a(pm_elf.o):
		pm_elf.c $Date: 2001/04/13 14:00:22 $Revision: r11ro
			s/6 PATCH_11.00 (PHKL_23933)

cksum(1) Output:
	
	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP:
	2762678343 8948 /usr/conf/lib/libhp-ux.a(pm_elf.o)

	OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP:
	2792891869 17928 /usr/conf/lib/libhp-ux.a(pm_elf.o)

Patch Conflicts: None

Patch Dependencies: None

Hardware Dependencies: None

Other Dependencies: None

Supersedes:
	PHKL_22071 PHKL_18111

Equivalent Patches: None

Patch Package Size: 50 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHKL_23933

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHKL_23933.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHKL_23933.  If you do not wish to retain a
	copy of the original software, include the patch_save_files
	option in the swinstall command above:

		-x patch_save_files=false

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHKL_23933.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHKL_23933.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHKL_23933.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions: None