Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-77-1020386.1
Update Date:2011-06-08
Keywords:
Solution Type  Sun Alert Sure

Solution  1020386.1 :   A Security Vulnerability in Certain System Board Firmware Revisions of Sun Fire V215 Servers with XVR-100 Graphic Cards may Allow an Unprivileged User to Panic the System  

Related Items 
    

  • Sun Fire V215 Server
    •  
Related Categories 
    

  • GCS>Sun Microsystems>Sun Alert>Criteria Category>Security
    •  
  • GCS>Sun Microsystems>Sun Alert>Release Phase>Resolved
    •  

PreviouslyPublishedAs
257329 


Bug Id

<SUNBUG: 6691343>


Product
Sun Fire V215 Server

Date of Resolved Release
13-Jul-2009


A security vulnerability in certain system board firmware revisions of Sun Fire V215 servers with XVR-100 graphic cards may allow an unprivileged user to panic the system:


1. Impact



On Sun Fire V215 servers with XVR-100 graphic cards and certain system board revisions, a security vulnerability in the system board firmware may allow a local or remote unprivileged user to panic the system and thereby cause a Denial of Service (DoS).



2. Contributing Factors



This issue can occur on the following platform:


    

  •  Sun Fire V215 Server with an XVR-100 graphics card without patch 142186-01
    • 


This issue only affects Sun Fire V215 servers which are equipped with system boards 375-3463 dash level -04 or later AND XVR-100 graphic cards. Sun Fire V215 system boards 375-3463 with dash level -03 or lower, and
all 375-3464-xx boards, are not affected by this issue.



To determine the installed system board part number and dash level, the
Solaris prtfru(1M) command can be used:


    $ prtfru -x
    ...
    <UNIX_Timestamp32 value="Thu Dec 20 02:21:59 EST 2007"/>
    <Fru_Description value="ASSY,MBD,2X1.5GHZ,0MB,SEATTLE"/>  <<--- System Board
    <Manufacture_Loc value="Shunde,China"/>
    <Sun_Part_No value="3753463"/>    <<--- System board part number
    <Sun_Serial_No value="3J00SM"/>
    <Vendor_Name value="Mitac International"/>
    <Initial_HW_Dash_Level value="07"/>  <<--- Dash level
    <Initial_HW_Rev_Level value="50"/>
    <Fru_Shortname value="MB"/>




To determine if an XVR-100 graphic card is present, the following command can be used:
    # prtdiag | grep XVR-100
    pci  188 +ISER-LEFT/PCI1  SUNW,XVR-100 (display)  SUNW,375-3290
    okay  /pci@1e,600000/pci@0/pci@9/pci@0/pci@8/SUNW,XVR-100@1
To determine if a -04 board has already received the fix from patch 142186-01, do the following:

From the OBP prompt:
  1. ok begin-select /pci@1e,600000/pci@0
  2. ok my-address my-space 200.0010 or 1000 " map-in" $call-parent
  3. ok value reg : plx@ reg + l@ lbflip ;
  4. ok h# c00 plx@ .
* Returned value should be 0x7fff3743

3. Symptoms



If the described issue occurs, the system may experience a PCIe related
panic similar to the following:


    panic[cpu1]/thread=30001bd89a0: px#0: Fatal PCIe Fabric Error has occurred...
    px:px_err_fabric_intr+ec (300000ade00, 31, 300000d5618, 300000a...
    px:px_msiq_intr+1c0 (300003f1e08, 300003e0d30, 12bd2d4, 0, 3000



4. Workaround



There is no workaround for this issue.  Please see the Resolution section below.




5. Resolution



This issue is addressed in the following release:
  • Sun Fire V215 Server with patch 142186-01 or later
Note: New Sun Fire V215 servers with the affected system boards 375-3463 dash level -04 or later, or replacement system boards 375-3463 dash level -04 or later shipped by Sun will need this patch applied if they are being installed in a V215 configuration with an XVR-100 graphics card. This is because this patch is only to be applied to Sun Fire V215 servers with an XVR-100 graphics card. Therefore, this cannot be pre-applied in the factory.


For more information
on Security Sun Alerts, see <Document: 1009886.1>.

Modification History:
06-Aug-2009: Updated Contributing Factors section.

14-Aug-2009: Updated Resolution section.




Sun Fire V215 servers are no longer available to order. It is superseded by the next

generation Sun SPARC Enterprise M3000 Server. Thus the silicon is not being redesigned

at this time to resolve this issue. The resolution above is the final resolution for this issue.



Please open a collaboration task to the TSC Volume Server Products backline group for

assistance with confirming that a system is experiencing this issue, to obtain the binary

fix, and to help track affected systems: GL-TSC-SYS-COLLAB-VSP (IBIS),SYS-TSC-VSP (Radiance).



System board 375-3463-04 implemented the PEX8532 BB silicon for the PCI-E switch, which

included changes to the internal credit handler register values in order to resolve another

issue. The panic cause here is attributed to the change in these register values, although

the exact reason is unknown.



Please send technical questions to the following email:

[email protected]

and CC the following persons:

Internal Contributor/Submitter

Internal Eng Responsible Engineer

Internal Contributor/submitter

[email protected]

Internal Eng Responsible Engineer

[email protected]

Internal Services Knowledge Analyst

[email protected]

Internal Eng Business Unit Group

SSG WGS (Workgroup Systems)

Internal Resolution Patches - 142186-01



References

SUNPATCH:142186-01



Attachments

This solution has no attachment


















       

Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.

 Feedback