* * * READ ME * * * * * * Veritas Cluster Server 5.1 SP1 PR2 RP2 * * * * * * P-patch 1 * * * Patch Date: 2012-04-02 This document provides the following information: * PATCH NAME * PACKAGES AFFECTED BY THE PATCH * BASE PRODUCT VERSIONS FOR THE PATCH * OPERATING SYSTEMS SUPPORTED BY THE PATCH * INCIDENTS FIXED BY THE PATCH * INSTALLATION PRE-REQUISITES * INSTALLING THE PATCH * REMOVING THE PATCH PATCH NAME ---------- Veritas Cluster Server 5.1 SP1 PR2 RP2 P-patch 1 PACKAGES AFFECTED BY THE PATCH ------------------------------ VRTSvxfen BASE PRODUCT VERSIONS FOR THE PATCH ----------------------------------- * Veritas Cluster Server 5.1 SP1 PR2 * Veritas Storage Foundation for Oracle RAC 5.1 SP1 PR2 * Veritas Storage Foundation Cluster File System 5.1 SP1 PR2 * Veritas Storage Foundation High Availability 5.1 SP1 PR2 * Veritas Storage Foundation Cluster File System for Oracle RAC 5.1 SP1 PR2 * Symantec VirtualStore 5.1 SP1 PR2 OPERATING SYSTEMS SUPPORTED BY THE PATCH ---------------------------------------- RHEL6 x86-64 INCIDENTS FIXED BY THE PATCH ---------------------------- This patch fixes the following Symantec incidents: Patch ID: 5.1.132.100 * 2708638 (Tracking ID: 2708619) SYMPTOM: If you set the scsi3_disk_policy attribute to dmp, you cannot enable the Veritas fencing module (VxFEN). DESCRIPTION: When you set the scsi3_disk_policy attribute to dmp, the VxFEN module tries to use the dmp device path to access the coordination disks. The dmp device path refers to a disk partition. A recent kernel security fix prohibits the SCSI ioctl system call to disk partitions. As a result the VxFEN configuration fails. The recent kernel security fix that prohibits system calls to disk partitions is: 752375 - CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl RESOLUTION: Symantec has updated the VxFEN source code to pick up the dmp device path that contains the full disk name instead of a partition/slice. INSTALLING THE PATCH -------------------- Perform the following steps on each cluster node, one node at a time: 1. Stop VCS: # hastop -local 2. Stop vxfen: # /etc/init.d/vxfen stop 3. Apply the patch: # rpm -Uvh VRTSvxfen-5.1.132.100-SP1RP2P1_RHEL6.x86_64.rpm Verify that proper VRTSvxfen is installed: # rpm -qi VRTSvxfen Name : VRTSvxfen Relocations: (not relocatable) Version : 5.1.132.100 Vendor: Symantec Corporation Release : SP1RP2P1_RHEL6 Build Date: Thu 22 Mar 2012 12:34:14 AM PDT Install Date: (not installed) Build Host: vcsbuildrhel6x8664 Group : Applications/System Source RPM: VRTSvxfen-5.1.132.100-SP1RP2P1_RHEL6.src.rpm Size : 5221323 License: Symantec Proprietary Signature : (none) Packager : support@veritas.com URL : http://www.support.veritas.com Summary : Veritas I/O Fencing by Symantec Description : Supported kernel(s): 2.6.32-71.el6.x86_64 Build Stamp : Veritas-5.1.132.100-SP1RP2P1-2012-03-21_03.31.28 4. Start vxfen: # /etc/init.d/vxfen start 5. Start VCS: # hastart REMOVING THE PATCH ------------------ Perform the following steps on each cluster node, one node at a time: 1. Stop VCS: # hastop -local 2. Stop vxfen: # /etc/init.d/vxfen stop 3. Uninstall VRTSvxfen package: # rpm -ev VRTSvxfen 4. Install previous version of VRTSvxfen package. 5. Start vxfen: # /etc/init.d/vxfen start 6. Start VCS: # hastart SPECIAL INSTRUCTIONS -------------------- NONE OTHERS ------ NONE