AS730
For Impact, Severity and other Firmware definitions, Please
refer to the below 'Glossary of firmware terms' url:
http://www14.software.ibm.com/webapp/set2/sas/f/power5cm/home.html#termdefs
The following Fix description table will
only contain the N (current) and N-1 (previous) levels.
The complete Firmware Fix History (including HIPER descriptions) for
this
Release Level can be
reviewed at the following url:
http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/AS-Firmware-Hist.html
|
AS730_180_093
/ FW731.80
08/29/17
|
Impact: Availability
Severity: ATT
New features and functions
- DEFERRED:
Support for concurrent replacement of the DCCA on a dual DCCA system.
- Support was added to increase the power capacity limit of
the system by 30%, up to 25,000 watts, to handle workloads for drawers
with high processor and memory utilization. Highly-active
workloads were driving the power capacity to the limit, resulting in
system throttling that reduced performance. These heavier
workloads can now run at normal performance levels.
- Support was added to the Advanced System Management
Interface (ASMI) to be able to add an IPv4 static route definition for
each ethernet interface on the service processor. Using a static
route definition, a Hardware Management Console (HMC) configured
on a private subnet that is different from the service processor subnet
is now able to connect to the service processor and manage the
CEC. A static route persists until it is deleted or until the
service processor settings are restored to manufacturing
defaults. The static route is managed with the ASMI panel
"Network Services/Network Configuration/Static Route Configuration"
IPv4 radio button. The "Add" button is used to add a static route
(only one is allowed for each ethernet interface) and the "Delete"
button is used to delete the static route.
- Support was added for a concurrent replacement of a DCCA
that restores full redundancy of the service processor for the affected
drawer. The DCCA replacement is done concurrently, with the
affected drawer powered up and running.
System firmware changes that affect all systems
- DEFERRED:
A problem was fixed for
filtering Local Network Manager Controller (LNMC) errors for a Host
Fabric Interface (HFI) that has failed and gone to a "not ready"
state. Without the fix, the failed HFI continues to log errors
(such
as "Multicast HW Internal error") and can flood the Central
Network
Manager (CNM) error log file. The HFI error conditions that can
cause
the extra message logging are a rare occurrence.
- A problem was fixed for PCI adapters locking up when
powered on. The problem is rare but frequency varies with the
specific adapter models. A system power down and power up is
required to get the adapter out of the locked state.
- A problem was fixed for a Network boot/install failure
using bootp in a network with switches using the Spanning Tree Protocol
(STP). A Network boot/install using lpar_netboot on the
management console was enhanced to allow the number of retries to be
increased. If the user is not using lpar_netboot, the number of
bootp retries can be increased using the SMS menus. If the SMS
menus are not an option, the STP in the switch can be set up to allow
packets to pass through while the switch is learning the network
configuration.
- A problem was fixed that prevented a second management
console from being added to the CEC. In some cases, network
outages caused defunct management console connection entries to remain
in the service processor connection table, making connection
slots unavailable for new management consoles A reset of the
service processor could be used to remove the defunct entries.
- A problem was fixed for NIM installs using the Host Fabric
Interface (HFI) that failed or other times appear to hang but could
complete after many hours of delay. When the NIM install
operation fails, recover by doing a retry of the operation.
This infrequent problem is triggered by hardware instructions in the
HFI Fcode not executing in the required order because of missing
synchronization instructions.
- A problem was fixed for a Host Fabric Interface (HFI)
FCode driver error that caused Red Hat Enterprise 7.3 boot failures
using the HFI interface.
The problem has been seen with certain diskless boot images. The
problem is not very frequent, but once encountered, cannot be remedied
without a rebuild of the Linux boot image. The image is gzipped
so simply rebuilding the image can cause gzip to compress the image
differently due to the new timestamp. This can be done several
times and that may correct the issue.
- A problem was fixed for the DCCA replacement procedure in
the HMC R&V (Repair and Verify) to prevent a firmware
synchronization error during the DCCA replacement. The error
would also have a connection lost between the HMC and the service
processor as the service processor is reset. The fix involved a
change to the error recovery of the ncfgMultSetup application on the
service processor to support the DCCA replacement process.
Without the fix, the connection between the HMC and the service
processor can be lost during the R&V DCCA replacement procedure,
resulting in a failure of the firmware synchronization step. With
the fix, the recovery policy of the ncfgMultSetup daemon was changed so
that it would restart itself to handle the setup timing windows for the
new DCCA configuration instead of forcing a reset of the service
processor, allowing the DCCA replacement process to complete
successfully. The error only occurred infrequently during DCCA
replacements on some systems.
- A problem was fixed for incorrect error messages from the
Advanced System Management Interface (ASMI) functions when the system
is powered on but in the "Incomplete State". For this
condition, ASMI was assuming the system was powered off because it
could not communicate to the PowerVM hypervisor. With the fix,
the ASMI error messages will indicate that ASMI functions have failed
because of the bad hypervisor connection instead of falsely stating
that the system is powered off.
System firmware changes that affect certain systems
- On systems in IPv6 networks, a problem was fixed for
a network boot/install failing with SRC B2004158 and IP address
resolution failing using neighbor solicitation to the partition
firmware client.
- For systems with an invalid P-side or T-side in the
firmware, a problem was fixed in the partition firmware Real-Time
Abstraction System (RTAS) so that system Vital Product Data (VPD) is
returned at least from the valid side instead of returning no VPD
data. This allows AIX host commands such as lsmcode, lsvpd,
and lsattr that rely on the VPD data to work to some extent even if
there is one bad code side. Without the fix, all the VPD
data is blocked from the OS until the invalid code side is recovered by
either rejecting the firmware update or attempting to update the system
firmware again.
- For systems with a IBM i load source disk attached to an
Emulex-based fibre channel adapter such as F/C #5735, a problem was
fixed that caused an IBM i load source boot to fail with SRC B2006110
logged and a message to the boot console of "SPLIT-MEM Out of
Room". This problem occurred for load source disks that needed
extra disk scans to be found, such as those attached to a port other
than the first port of a fibre channel adapter (first port requires
fewest disk scans).
- A problem was fixed for systems in networks using the
Juniper 1GBe and 10GBe switches (F/Cs #1108, #1145, and #1151) to
prevent network ping errors and boot from network (bootp)
failures. The Address Resolution Protocol (ARP) table information
on the Juniper aggregated switches is not being shared between the
switches and that causes problems for address resolution in certain
network configurations. Therefore, the CEC network stack code has
been enhanced to add three gratuitous ARPs (ARP replies sent without a
request received) before each ping and bootp request to ensure that all
the network switches have the latest network information for the system.
- On systems with a PowerVM Active Memory Sharing (AMS)
partition with AIX Level 7.2.0.0 or later with Firmware Assisted
Dump enabled, a problem was fixed for a Restart Dump operation failing
into KDB mode. If "q" is entered to exit from KDB mode, the
partition fails to start. The AIX partition must be powered off
and back on to recover. The problem can be circumvented by
disabling Firmware Assisted Dump (default is enabled in AIX 7.2).
- On systems with dedicated processor partitions, a
problem was fixed for the dedicated processor partition becoming
intermittently unresponsive. The problem can be circumvented by
changing the partition to use shared processors.
|
AS730_165_093
/ FW731.78
07/27/17
|
Impact: Availability
Severity: ATT
Changes:
- No system firmware changes. Refreshing code only to
coincide with the BPC update.
|
AS730_163_093
/ FW731.77
04/01/16
|
Impact: Security
Severity: ATT
System firmware changes that affect all systems
- A problem was fixed for logical partitions not booting
after replacement of both DCCAs and service processors in the service
drawer. If the service processors contained incorrect topology
data, it is not recalculated, causing bad route information and a hang
when booting the partitions. With the fix, the Local Network
Management Controller (LNMC) does a recalculation for the topology when
both service processors are replaced, allowing the partitions to boot
successfully.
- A problem was fixed for the Integrated Switch Network
Manager (ISNM) performance counter output having an incorrect Global
Counter timestamp value. Without the fix, the global counter
value is filled with the local GC ID.
- A security problem was fixed in the lighttpd server on the
service processor, where a remote attacker, while attempting
authentication, could insert strings into the lighttpd server log
file. Under normal operations on the service processor, this does
not impact anything because the log is disabled by default. The
Common Vulnerabilities and Exposures issue number is CVE-2015-3200.
- A problem was fixed for reporting all optical link UE
errors through the Local Network Management Controller (LNMC).
Without the fix, some of the errors are hidden from the LNMC reports
because a threshold count for the error must be exceeded before it is
reported to the LNMC. Even though some of the errors are hidden
from the LNMC, they are all visible in the service processor error log.
- On the BPC, a problem was fixed for the remote hardware
vitals (rvitals) command returning an incorrect input voltage when
there are failed Bulk Power Regulators (BPRs) on the line cord.
With the fix, the BPC reports the highest valid value from BPRs,
instead of averaging the voltages.
- On the BPC, a problem was fixed for the remote hardware
vitals (rvitals) command returning old (stale) power usage numbers for
CECs that are deactivated when the power usage should be zero.
With the fix, the deactivated CECs show zero power usage.
- A security problem was fixed in OpenSSL for a possible
service processor reset on a null pointer de-reference during RSA PPS
signature verification. The Common Vulnerabilities and Exposures issue
number is CVE-2015-3194.
|
AS730_158_093
/ FW731.76
10/25/15
|
Impact: Security
Severity: SPE |
AS730_155_093
/ FW731.75
09/15/15
|
Impact: Availability
Severity: SPE |
AS730_153_093
/ FW731.74
06/26/15
|
Impact: Security
Severity: SPE
|
AS730_142_093
/ FW731.73
10/17/14
|
Impact: Availability
Severity: ATT |
AS730_141_093
/ FW731.72
09/08/14
|
Impact: Security
Severity: SPE |
AS730_140_093
/ FW731.71
08/21/14
|
Impact: Security
Severity: HIPER
System firmware changes that affect all systems
- HIPER/Pervasive:
A security problem was fixed in the OpenSSL (Secure Socket Layer)
protocol that allowed clients and servers, via a specially crafted
handshake packet, to use weak keying material for communication.
A man-in-the-middle attacker could use this flaw to decrypt and modify
traffic between the management console and the service processor.
The Common Vulnerabilities and Exposures issue number for this problem
is CVE-2014-0224.
- HIPER/Pervasive:
A security problem was fixed in OpenSSL for a buffer overflow in the
Datagram Transport Layer Security (DTLS) when handling invalid DTLS
packet fragments. This could be used to execute arbitrary code on
the service processor. The Common Vulnerabilities and Exposures
issue number for this problem is CVE-2014-0195.
- HIPER/Pervasive:
Multiple security problems were fixed in the way that OpenSSL handled
read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was
enabled to prevent denial of service. These could cause the
service processor to reset or unexpectedly drop connections to the
management console when processing certain SSL commands. The
Common Vulnerabilities and Exposures issue numbers for these problems
are CVE-2010-5298 and CVE-2014-0198.
- HIPER/Pervasive:
A security problem was fixed in OpenSSL to prevent a denial of service
when handling certain Datagram Transport Layer Security (DTLS)
ServerHello requests. A specially crafted DTLS handshake packet could
cause the service processor to reset. The Common Vulnerabilities
and Exposures issue number for this problem is CVE-2014-0221.
- HIPER/Pervasive:
A security problem was fixed in OpenSSL to prevent a denial of service
by using an exploit of a null pointer de-reference during anonymous
Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause the service processor to
reset. The Common Vulnerabilities and Exposures issue number for
this problem is CVE-2014-3470.
|
AS730_138_093
/ FW731.70
05/09/14
|
Impact: Availability
Severity: SPE
System firmware changes that affect all systems
- DEFERRED: A problem
was fixed that caused a system checkstop during hypervisor time keeping
services. This deferred fix addresses a problem that has a very low
probability of occurrence. As such customers may wait for the
next planned service window to activate the deferred fix via a system
reboot.
- DEFERRED: A problem
was fixed that caused a system checkstop with SRC B113E504 for a
recoverable hardware fault. This deferred fix addresses a problem
that has a very low probability of occurrence. As such customers
may wait for the next planned service window to activate the deferred
fix via a system reboot.
|
AS730_130_093
/ FW731.61
10/25/13
|
Impact: Availability
Severity: SPE |
AS730_125_093
03/11/13
|
Impact: Availability
Severity: SPE
|
AS730_118_093
11/02/12
|
Impact: Function
Severity: SPE
System firmware changes that affect all systems
- DEFERRED: A problem
was fixed that could cause a live lock on the power bus resulting in a
system crash.
|
AS730_103_093
06/27/12
|
Impact: Availability
Severity: SPE |
AS730_093_093
06/13/12
|
Impact: Serviceability
Severity: SPE
System firmware changes that affect all systems
- DEFERRED: The firmware was enhanced to fix a
potential performance degradation on systems utilizing the stride-N
stream prefetch instructions dcbt (with TH=1011) or dcbtst (with
TH=1011). Typical applications executing these algorithms include
High Performance Computing, data intensive applications exploiting
streaming instruction prefetchs, and applications utilizing the
Engineering and Scientific Subroutine Library (ESSL) 5.1.
|
AS730_084_084
04/12/12
|
Impact: Function
Severity: SPE |
|
The
complete Firmware Fix History (including HIPER descriptions) for this
Release Level can be
reviewed at the following url:
http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/AS-Firmware-Hist.html |