AL740
For Impact, Severity and other Firmware definitions, Please
refer to the below 'Glossary of firmware terms' url:
http://www14.software.ibm.com/webapp/set2/sas/f/power5cm/home.html#termdefs
The complete Firmware Fix History for this
Release Level can be
reviewed at the following url:
http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/AL-IOC-Firmware-Hist.html
|
AL740_165_042 / FW740.C1
02/06/18 |
Impact: Security
Severity: SPE
Response for Recent Security Vulnerabilities
- In response to recently reported security vulnerabilities,
this firmware update is being released to address Common
Vulnerabilities and Exposures issue number CVE-2017-5715. In addition,
Operating System updates are available to mitigate the CVE-2017-5753
and CVE-2017-5754 security issues.
|
AL740_163_042 / FW740.C0
08/09/17 |
Impact: Availability
Severity: ATT
New features and functions
- Support for the Advanced System Management Interface (ASMI)
was changed to allow the special characters of "I", "O", and "Q" to be
entered for the serial number of the I/O Enclosure under the Configure
I/O Enclosure option. These characters have only been found in an
IBM serial number rarely, so typing in these characters will normally
be an incorrect action. However, the special character entry is
not blocked by ASMI anymore so it is able to support the exception
case. Without the enhancement, the typing of one of the special
characters causes message "Invalid serial number" to be displayed.
System firmware changes that affect all systems
- A problem was fixed
for incorrect error messages from the Advanced System Management
Interface (ASMI) functions when the system is powered on but in
the "Incomplete State". For this condition, ASMI was
assuming the system was powered off because it could not communicate to
the PowerVM hypervisor. With the fix, the ASMI error messages
will indicate that ASMI functions have failed because of the bad
hypervisor connection instead of falsely stating that the system is
powered off.
- A problem was fixed for a latency time of about 2 seconds
being added to a target Live Partition Mobility (LPM) migration system
when there is a latency time check failure. With the fix, in the
case of a latency time check failure, a much smaller default latency is
used instead of two seconds. This error would not be noticed if
the customer system is using a Network Time Protocol (NTP) server to
maintain the time.
- A rare problem was fixed for a system hang that can occur
when dynamically moving "uncapped" partitions to a different shared
processor pool. To prevent a system hang, the "uncapped"
partitions should be changed to "capped" before doing the move.
- A problem was fixed for an SRC BA090006 serviceable event
log occurring whenever an attempt was made to boot from an ALUA
(Asymmetric Logical Unit Access) drive. These drives are always
busy by design and cannot be used for a partition boot, but no service
action is required if a user inadvertently tries to do that.
Therefore, the SRC was changed to be an informational log.
- A problem was fixed for a partition boot fail or hang
from a Fibre Channel device having fabric faults. Some of the
fabric errors returned by the VIOS are not interpreted correctly by the
Open Firmware VFC drive, causing the hang instead of generating helpful
error logs.
- A problem was fixed for Live Partition Mobility (LPM)
migrations from FW860.10 or FW860.11 to older levels of firmware.
Subsequent DLPAR of Virtual Adapters will fail with HMC error
message HSCL294C, which contains text similar to the following:
"0931-007 You have specified an invalid drc_name." This issue affects
partitions installed with AIX 7.2 TL 1 and later. Not affected by this
issue are partitions installed with VIOS, IBM i, or earlier levels of
AIX.
System firmware changes that affect certain systems
- On systems with IBM i partitions, a problem was fixed for
frequent logging of informational B7005120 errors due to communications
path closed conditions during messaging from HMCs to IBM i
partitions. In the majority of cases, these errors are due to
normal operating conditions and not due to errors that require service
or attention. The logging of informational errors due to this
specific communications path closed condition that are the result of
normal operating conditions has been removed.
|
AL740_161_042 / FW740.B0
08/17/16 |
Impact: Availability
Severity: SPE
New features and functions
- Support was added to the Advanced System Management
Interface (ASMI) to be able to add a IPv4 static route definition for
each ethernet interface on the service processor. Using a static
route definition, a Hardware Management Console (HMC) configured
on a private subnet that is different from the service processor subnet
is now able to connect to the service processor and manage the
CEC. A static route persists until it is deleted or until the
service processor settings are restored to manufacturing
defaults. The static route is managed with the ASMI panel
"Network Services/Network Configuration/Static Route Configuration"
IPv4 radio button. The "Add" button is used to add a static route
(only one is allowed for each ethernet interface) and the "Delete"
button is used to delete the static route.
- Support was added for the Stevens6+ option of the internal
tray loading DVD-ROM drive with F/C #EU13. This is an 8X/24X(max)
Slimline SATA DVD-ROM Drive. The Stevens6+ option is a FRU
hardware replacement for the Stevens3+. MTM 7226-1U3
(Oliver) FC 5757/5762/5763 attaches to IBM Power Systems and
lists Stevens6+ as optional for Stevens3+. If the Stevens6+
DVD drive is installed on the system without the required firmware
support, the boot of an AIX partition will fail when the DVD is used as
the load source. Also, an IBM i partition cannot consistently
boot from the DVD drive using D-mode IPL. A SRC C2004130 may be
logged for the load source not found error.
System firmware changes that affect all systems
- A problem was fixed
for an incorrect call home for SRC B1818A0F. There was no problem
to be resolved so this call home should have been ignored.
- A problem was fixed for the Advanced System Management
Interface (ASMI) "Network Services/Network Configuration" "Reset
Network Configuration" button that was not resetting the static routes
to the default factory setting. The manufacturing default is to
have no static routes defined so the fix clears any static routes that
had been added. A circumvention to the problem is to use the ASMI
"Network Services/Network Configuration/Static Route Configuration"
"Delete" button before resetting the network configuration.
- A problem was fixed for PCI adapters locking up when
powered on. The problem is rare but frequency varies with the
specific adapter models. A system power down and power up is
required to get the adapter out of the locked state.
- A security problem was fixed in the lighttpd server on the
service processor OpenSSL where a remote attacker, while attempting
authentication, could insert strings into the lighttpd server log
file. Under normal operations on the service processor, this does
not impact anything because the log is disabled by default. The
Common Vulnerabilities and Exposures issue number is CVE-2015-3200.
- A security problem was fixed in OpenSSL for a possible
service processor reset on a null pointer de-reference during RSA PPS
signature verification. The Common Vulnerabilities and Exposures issue
number is CVE-2015-3194.
- A problem was fixed for a Hardware Management Console (HMC)
Incomplete state that occurred rarely during partition related
operations such as partition creations. The problem was more
likely to occur if there were multiple errors being logged on the
service processor at the same time as a partition operation was trying
to update and close the HMC save area file. To recover from the
HMC Incomplete state, a soft reset of the service processor can be done
from the Advanced System Mangement Interface (ASMI). If the HMC
Incomplete state persists after the soft reset, the managed system
should be rebuilt from the HMC. For more information on HMC
recovery steps, refer to this IBM Knowledge Center link: https://www.ibm.com/support/knowledgecenter/en/POWER7/p7eav/aremanagedsystemstate_incomplete.htm.
- A problem was fixed for a Live Partition Mobility migration
that resulted in the source managed system going to the Hardware
Management Console (HMC) Incomplete state after the migration to the
target system was completed. This problem is very rare and has
only been detected once.. The problem trigger is that the source
partition does not halt execution after the migration to the target
system. The HMC went to the Incomplete state for the source
managed system when it failed to delete the source partition because
the partition would not stop running. When this problem occurred,
the customer network was running very slowly and this may have
contributed to the failure. The recovery action is to re-IPL the
source system but that will need to be done without the assistance of
the HMC. For each partition that has a OS running on the source
system, shut down each partition from the OS. Then from the
Advanced System Management Interface (ASMI), power off the
managed system. Alternatively, the system power button may also
be used to do the power off. If the HMC Incomplete state persists
after the power off, the managed system should be rebuilt from the
HMC. For more information on HMC recovery steps, refer to this
IBM Knowledge Center link: https://www.ibm.com/support/knowledgecenter/en/POWER7/p7eav/aremanagedsystemstate_incomplete.htm.
- A problem was fixed for a Network boot/install failure
using bootp in a network with switches using the Spanning Tree Protocol
(STP). A Network boot/install using lpar_netboot on the
management console was enhanced to allow the number of retries to be
increased. If the user is not using lpar_netboot, the number of
bootp retries can be increased using the SMS menus. If the SMS
menus are not an option, the STP in the switch can be set up to allow
packets to pass through while the switch is learning the network
configuration.
- A problem was fixed for a sequence of two or more Live
Partition Mobility migrations that caused a partition to crash with a
SRC BA330000 logged (Memory allocation error in partition
firmware). The sequence of LPM migrations that can trigger the
partition crash are as follows:
The original source partition level can be any FW760.xx, FW763.xx,
FW770.xx, FW773.xx, FW780.xx, or FW783.xx P7 level or any FW810.xx,
FW820.xx, FW830.xx, or FW840.xx P8 level. It is migrated first to
a system running one of the following levels:
1) FW730.70 or later 730 firmware or
2) FW740.60 or later 740 firmware
And then a second migration is needed to a system running one of the
following levels:
1) FW760.00 - FW760.20 or
2) FW770.00 - FW770.10
The twice-migrated system partition is now susceptible to the BA330000
partition crash during normal operations until the partition is
rebooted. If an additional LPM migration is done to any firmware
level, the thrice-migrated partition is also susceptible to the
partition crash until it is rebooted.
With the fix applied, the susceptible partitions may still log multiple
BA330000 errors but there will be no partition crash. A reboot of
the partition will stop the logging of the BA330000 SRC.
System firmware changes that affect certain systems
- On systems with a PowerVM Active Memory Sharing (AMS)
partition with AIX Level 7.2.0.0 or later with Firmware Assisted
Dump enabled, a problem was fixed for a Restart Dump operation failing
into KDB mode. If "q" is entered to exit from KDB mode, the
partition fails to start. The AIX partition must be powered off
and back on to recover. The problem can be circumvented by
disabling Firmware Assisted Dump (default is enabled in AIX 7.2).
- On systems with dedicated processor partitions, a problem
was fixed for the dedicated processor partition becoming intermittently
unresponsive. The problem can be circumvented by changing the partition
to use shared processors.
- For systems with an invalid P-side or T-side in the
firmware, a problem was fixed in the partition firmware Real-Time
Abstraction System (RTAS) so that system Vital Product Data (VPD) is
returned at least from the valid side instead of returning no VPD
data. This allows AIX host commands such as lsmcode, lsvpd,
and lsattr that rely on the VPD data to work to some extent even if
there is one bad code side. Without the fix, all the VPD
data is blocked from the OS until the invalid code side is recovered by
either rejecting the firmware update or attempting to update the system
firmware again.
- For non-HMC managed systems in Manufacturing Default
Configuration (MDC) mode with a single host partition, a problem was
fixed for missing dumps of type SYSDUMP. FSPDUMP. LOGDUMP, and RSCDUMP
that were not off-loaded to the host OS. This is an infrequent
error caused by a timing error that causes the dump notification signal
to the host OS to be lost. The missing/pending dumps can be
retrieved by rebooting the host OS partition. The rebooted host
OS will receive new notifications of the dumps that have to be
off-loaded.
|
AL740_159_042 / FW740.A0
08/04/15 |
Impact: Security
Severity: SPE
System firmware changes that affect all systems
- A problem was fixed
that prevented a second management console from being added to the
CEC. In some cases, network outages caused defunct management
console connection entries to remain in the service processor
connection table, making connection slots unavailable for new
management consoles A reset of the service processor could be
used to remove the defunct entries and allow the second management
console to connect.
- A problem was fixed in the Advanced System Management
Interface (ASMI) to reword a confusing message for systems with no
deconfigured resources. The "System Service Aids/Deconfiguration
Records" message text for this situation was changed from
"Deconfiguration data is currently not available." to "No deconfigured
resources found in the system.
- A problem was fixed with the fspremote service tool to make
it support TLSv1.2 connections to the service processor to be
compatible with systems that had been fixed for the OpenSSL Padding
Oracle On Dowgraded Legacy Encryption (POODLE) vulnerabilities.
After the POODLE fix is installed, by default the system only allows
secured connections from clients using the TLSv1.2 protocol.
- A problem was fixed for a partition deletion error on the
management console with error code 0x4000E002 and message
"...insufficient memory for PHYP". The partition delete operation
has been adjusted to accommodate the temporary increase in memory usage
caused by memory fragmentation, allowing the delete operation to be
successful.
- A security problem was fixed in OpenSSL where the service
processor would, under certain conditions, accept Diffie-Hellman client
certificates without the use of a private key, allowing a user to
falsely authenticate . The Common Vulnerabilities and Exposures
issue number is CVE-2015-0205.
- A security problem was fixed in OpenSSL for it's BigNumber
Squaring implementation to prevent a failure of cryptographic
protection mechanisms. The Common Vulnerabilities and Exposures
issue number is CVE-2014-3570.
- A security problem was fixed in OpenSSL to fix multiple
flaws in the parsing of X.509 certificates. These flaws could be
used to modify an X.509 certificate to produce a certificate with a
different fingerprint without invalidating its signature, and possibly
bypass fingerprint-based blacklisting. The Common Vulnerabilities
and Exposures issue number is CVE-2014-8275.
- A security vulnerability, commonly referred to as GHOST,
was fixed in the service processor glibc functions getbyhostname() and
getbyhostname2() that allowed remote users of the functions to cause a
buffer overflow and execute arbitrary code with the permissions of the
server application. There is no way to exploit this vulnerability
on the service processor but it has been fixed to remove the
vulnerability from the firmware. The Common Vulnerabilities and
Exposures issue number is CVE-2015-0235.
- A security problem was fixed in OpenSSL where a remote
attacker could crash the service processor with a specially crafted
X.509 certificate that causes an invalid pointer or an out-of-bounds
write. The Common Vulnerabilities and Exposures issue numbers are
CVE-2015-0286 and CVE-2015-0287.
- A problem was fixed for some service processor error logs
not getting reported to the OS partitions as needed. The service
processor was not checking for a successful completion code on the
error log message send, so it was not doing retries of the send to the
OS when that was needed to ensure that the OS received the message.
- A security problem was fixed for an OpenSSL specially
crafted X.509 certificate that could cause the service processor to
reset in a denial-of-service (DOS) attack. The Common
Vulnerabilities and Exposures issue number is CVE-2015-1789.
System firmware changes that affect certain systems
- For a partition that has been migrated with Live Partition
Mobility (LPM) from FW730 to FW740 or later, a problem was fixed for a
Main Storage Dump (MSD) IPL failing with SRC B2006008. The MSD
IPL can happen after a system failure and is used to collect failure
data. If the partition is rebooted anytime after the migration,
the problem cannot happen. The potential for the problem existed
between the active migration and a partition reboot.
|
AL740_156_042 / FW740.90
01/28/15 |
Impact: Security
Severity: SPE
System firmware changes that affect all systems
- A problem was fixed
that caused a "code accept" during a concurrent firmware installation
from the management console to fail with SRC E302F85C.
- A power supply fan speed problem was fixed that slowed the
power supply fans down to a very low level for a minute about once
every hour, with possible thermal shutdown of the power supply.
- A security problem was fixed for the Lighttpd web
server that allowed arbitrary SQL commands to be run on the service
processor. The Common Vulnerabilities and Exposures issue number
is CVE-2014-2323.
- A security problem was fixed for the Lighttpd web server
where improperly-structured URLs could be used to view arbitrary files
on the service processor. The Common Vulnerabilities and
Exposures issue number is CVE-2014-2324.
- A security problem was fixed for the Network Time Protocol
(NTP) client that allowed remote attackers to execute arbitrary code
via a crafted packet containing an extension field. The Common
Vulnerabilities and Exposures issue number is CVE-2009-1252.
- A security problem was fixed for the Network Time Protocol
(NTP) client for a buffer overflow that allowed remote NTP servers to
execute arbitrary code via a crafted response. The Common
Vulnerabilities and Exposures issue number is CVE-2009-0159.
- A security problem was fixed in the service processor
TCP/IP stack to discard illegal TCP/IP packets that have the SYN and
FIN flags set at the same time. An explicit packet discard was
needed to prevent further processing of the packet that could result in
an bypass of the iptables firewall rules.
- A security problem was fixed in the OpenSSL (Secure Socket
Layer) protocol that allowed a man-in -the middle attacker, via a
specially crafted fragmented handshake packet, to force a TLS/SSL
server to use TLS 1.0, even if both the client and server supported
newer protocol versions. The Common Vulnerabilities and Exposures issue
number for this problem is CVE-2014-3511.
- A security problem was fixed in OpenSSL for formatting
fields of security certificates without null-terminating the output
strings. This could be used to disclose portions of the program
memory on the service processor. The Common Vulnerabilities and
Exposures issue number for this problem is CVE-2014-3508.
- Multiple security problems were fixed in the way that
OpenSSL handled Datagram Transport Layer Security (DLTS) packets.
A specially crafted DTLS handshake packet could cause the service
processor to reset. The Common Vulnerabilities and Exposures
issue numbers for these problems are CVE-2014-3505, CVE-2014-3506 and
CVE-2014-3507.
- A security problem was fixed in OpenSSL to prevent a denial
of service when handling certain Datagram Transport Layer Security
(DTLS) ServerHello requests. A specially crafted DTLS handshake
packet with an included Supported EC Point Format extension could cause
the service processor to reset. The Common Vulnerabilities and
Exposures issue number for this problem is CVE-2014-3509.
- A security problem was fixed in OpenSSL to prevent a denial
of service by using an exploit of a null pointer de-reference during
anonymous Diffie Hellman (DH) key exchange. A specially crafted
handshake packet could cause the service processor to reset. The
Common Vulnerabilities and Exposures issue number for this problem is
CVE-2014-3510.
- A security problem in GNU Bash was fixed to prevent
arbitrary commands hidden in environment variables from being run
during the start of a Bash shell. Although GNU Bash is not
actively used on the service processor, it does exist in a library so
it has been fixed. This is IBM Product Security Incident Response
Team (PSIRT) issue #2211. The Common Vulnerabilities and
Exposures issue numbers for this problem are CVE-2014-6271,
CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187.
- A security problem was fixed in the Advanced System
Management Interface (ASMI) to block click-jacking attempts. This
prevents framing of the original ASMI page with a top layer on it with
dummy buttons that could trick the user into clicking on a link.
- A security problem was fixed in OpenSSL for padding-oracle
attacks known as Padding Oracle On Dowgraded Legacy Encryption
(POODLE). This attack allows a man-in-the-middle attacker to
obtain a plain text version of the encrypted session data. The Common
Vulnerabilities and Exposures issue number is CVE-2014-3566. The
service processor POODLE fix is based on a selective disablement of
SSLv3 using the Advanced System Management Interface (ASMI) "System
Configuration/Security Configuration" menu options. The Security
Configuration options of "Disabled", "Default", and "Enabled" for SSLv3
determines the level of protection from POODLE. The management
console also requires a POODLE fix for APAR MB03867(Fix for
CVE-2014-3566 for HMC V7 R7.7.0 SP4 with PTF MH01489) to eliminate all
vulnerability to POODLE and allow use of option 1 "Disabled" as shown
below:
-1) Disabled: This highest level of security protection does not
allow service processor clients to connect using SSLv3, thereby
eliminating any possibility of a POODLE attack. All clients must
be capable of using TLS to make the secured connections to the service
processor to use this option. This requires the management
console be at a minimum level of HMC V7 R7.7.0 SP4 with POODLE PTF
MH01489.
-2) Default: This medium level of security protection disables
SSLv3 for the web browser sessions to ASMI and for the CIM clients and
assures them of POODLE-free connections. But the legacy
management consoles are allowed to use SSLv3 to connect to the service
processor. This is intended to allow non-POODLE compliant HMC
levels to be able to connect to the CEC servers until they can be
planned and upgraded to the POODLE compliant HMC levels. Running
a non-POODLE compliant HMC to a service processor in "Default"
mode will prevent the ASMI-proxy sessions from the HMC from connecting
as these proxy sessions require SSLv3 support in ASMI.
-3) Enabled: This basic level of security protection enables
SSLv3 for all service processor client connection. It relies on
all clients being at POODLE fix compliant levels to provide full POODLE
protection using the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV) to prevent fallback to vulnerable SSLv3
connections. This option is intended for customer sites on
protected internal networks that have a large investment in legacy
hardware that need SSLv3 to make browser and HMC connection to the
service processor. The level of POODLE protection actually
achieved in "Enabled" mode is determined by the percentage of clients
that are at the POODLE fix compliant levels.
- A problem was fixed for a Live Partition Mobility (LPM)
suspend and transfer of a partition that caused the time of day to skip
ahead to an incorrect value on the target system. The problem
only occurred when a suspended partition was migrated to a target CEC
that had a hypervisor time that was later than the source CEC.
- A problem was fixed for I/O drawer MTMS updates where a
hypervisor memory leak would cause reconfiguration operations to fail
or cause resources to no longer show up for user configuration.
- A problem was fixed that could result in latency or timeout
issues with I/O devices.
- A problem was fixed to prevent a hypervisor task failure if
multiple resource dumps running concurrently run out of dump buffer
space. The failed hypervisor task could prevent basic logical
partition operations from working.
- A problem was fixed for I/O adapters so that BA400002
errors were changed to informational for memory boundary adjustments
made to the size of DMA map-in requests. These DMA size
adjustments were marked as UE previously for a condition that is normal.
- A security problem was fixed in OpenSSL for memory leaks
that allowed remote attackers to cause a denial of service (out of
memory on the service processor). The Common Vulnerabilities and
Exposures issue numbers are CVE-2014-3513 and CVE-2014-3567.
- A problem was fixed for the Advanced System Manager
Interface (ASMI) that allowed possible cross-site request forgery
(CSRF) exploitation of the ASMI user session to do unwanted tasks on
the service processor.
- A problem was fixed for the iptables process consuming all
available memory, causing an out of memory dump and reset/reload of the
service processor.
- A problem was fixed for intermittent B181EF88 SRCs and
netsSlp core dumps during network configurations on the service
processor. This error caused call home activity for the SRC and
dumps but otherwise had no impact to the CEC functionality.
System firmware changes that affect certain systems
- A problem was fixed for DASD backplane 5V or 1.2V regulator
pgood power faults (SRC 11002634 and SRC 1100262F) so that the call out
specified the location code for the part as Un-P3 instead of
Un-P2. This fix pertains only to Power 710 8231-E1C and Power 730
8231-E2C systems.
- On systems that have Active Memory Sharing (AMS)
partitions, a problem was fixed for Dynamic Logical Partitioning
(DLPAR) for a memory remove that leaves a logical memory block (LMB) in
an unusable state until partition reboot.
- On systems that have Active Memory Sharing (AMS) partitions
and deduplication enabled, a problem was fixed for not being able to
resume a hibernated AMS partition. Previously, resuming a
hibernated AMS partition could give checksum errors with SRC B7000202
logged and the partition would remain in the hibernated state.
- On systems with a F/C 5802 or 5877 I/O drawer installed, a
problem was fixed for a hypervisor hang at progress code C7004091
during the IPL or hangs during serviceability tasks to the I/O drawer.
- On systems using the Virtual I/O Server (VIOS) to share
physical I/O resources among client logical partitions, a problem was
fixed for memory relocation errors during page migrations for the
virtual control blocks. These errors caused a CEC termination
with SRC B700F103. The memory relocation could be part of the
processing for the Dynamic Platform Optimizer (DPO), Active Memory
Sharing (AMS) between partitions, mirrored memory defragmentation, or a
concurrent FRU repair.
- A problem was fixed that could result in unpredictable
behavior if a memory UE is encountered while relocating the contents of
a logical memory block during one of these operations:
- Reducing the size of an Active Memory Sharing (AMS) pool.
- On systems using mirrored memory, using the memory mirroring
optimization tool.
- A problem was fixed for systems in networks using the
Juniper 1GBe and 10GBe switches (F/Cs #1108, #1145, and #1151) to
prevent network ping errors and boot from network (bootp)
failures. The Address Resolution Protocol (ARP) table information
on the Juniper aggregated switches is not being shared between the
switches and that causes problems for address resolution in certain
network configurations. Therefore, the CEC network stack code has
been enhanced to add three gratuitous ARPs (ARP replies sent without a
request received) before each ping and bootp request to ensure that all
the network switches have the latest network information for the system.
- On systems in IPv6 networks, a problem was fixed for
a network boot/install failing with SRC B2004158 and IP address
resolution failing using neighbor solicitation to the partition
firmware client.
- For systems with a IBM i load source disk attached to an
Emulex-based fibre channel adapter such as F/C #5735, a problem was
fixed that caused an IBM i load source boot to fail with SRC B2006110
logged and a message to the boot console of "SPLIT-MEM Out of
Room". This problem occurred for load source disks that needed
extra disk scans to be found, such as those attached to a port other
than the first port of a fibre channel adapter (first port requires
fewest disk scans).
- On systems with a partition that has a 256MB Real Memory
Offset (RMO) region size that has been migrated from a Power8 system to
Power7 or Power6 using Live Partition Mobility (LPM), a problem was
fixed that caused a failure on the next boot of the partition with a
BA210000 log with a CA000091 checkpoint just prior to the
BA210000. The fix dynamically adjusts the memory footprint of the
partition to fit on the earlier Power systems.
|
AL740_152_042 / FW740.81
06/24/14 |
Impact: Security
Severity: HIPER
System firmware changes that affect all systems
- HIPER/Pervasive:
A security problem was fixed in the OpenSSL (Secure Socket Layer)
protocol that allowed clients and servers, via a specially crafted
handshake packet, to use weak keying material for communication.
A man-in-the-middle attacker could use this flaw to decrypt and modify
traffic between the management console and the service processor.
The Common Vulnerabilities and Exposures issue number for this problem
is CVE-2014-0224.
- HIPER/Pervasive:
A security problem was fixed in OpenSSL for a buffer overflow in the
Datagram Transport Layer Security (DTLS) when handling invalid DTLS
packet fragments. This could be used to execute arbitrary code on
the service processor. The Common Vulnerabilities and Exposures
issue number for this problem is CVE-2014-0195.
- HIPER/Pervasive:
Multiple security problems were fixed in the way that OpenSSL handled
read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was
enabled to prevent denial of service. These could cause the
service processor to reset or unexpectedly drop connections to the
management console when processing certain SSL commands. The
Common Vulnerabilities and Exposures issue numbers for these problems
are CVE-2010-5298 and CVE-2014-0198.
- HIPER/Pervasive:
A security problem was fixed in OpenSSL to prevent a denial of service
when handling certain Datagram Transport Layer Security (DTLS)
ServerHello requests. A specially crafted DTLS handshake packet could
cause the service processor to reset. The Common Vulnerabilities
and Exposures issue number for this problem is CVE-2014-0221.
- HIPER/Pervasive:
A security problem was fixed in OpenSSL to prevent a denial of service
by using an exploit of a null pointer de-reference during anonymous
Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause the service processor to
reset. The Common Vulnerabilities and Exposures issue number for
this problem is CVE-2014-3470.
- Multiple security problems were fixed in OpenSSL to
improve signature verification, ensure private key protection,
and to block plain-text recovery. The Common Vulnerabilities and
Exposures issue numbers for these problems are CVE-2013-0169,
CVE-2013-0166 and CVE-2011-4354.
|
AL740_126_042 / FW740.80
04/03/14 |
Impact: Availability
Severity: SPE
New features and functions
- Support was added in Advanced System Management Interface
(ASMI) to facilitate capture and reporting of debug data for system
performance problems. The "System Service Aids/Performance
Dump" menu was added to ASMI to perform this function.
System firmware changes that affect all systems
- A problem was fixed
that caused an intermittent loss of TTY serial port access to the
Advanced System Management Interface (ASMI) after a power off of the
system.
- Help text for the Advanced System Management Interface
(ASMI) "System Configuration/Hardware Deconfiguration/Clear All
Deconfiguration Errors" menu option was enhanced to clarify that when
selecting "Hardware Resources" value of "All hardware resources", the
service processor deconfiguration data is not cleared. The
"Service processor" must be explicitly selected for that to be cleared.
- A problem was fixed that prevented guard error logs from
being reported for FRUs that were guarded during the system power
on. This could happen if the same FRU had been previously
reported as guarded on a different power on of the system. The
requirement is now met that guarded FRUs are logged on every power on
of the system.
- A problem was fixed that caused the slot index to be
missing for virtual slot number 0 for the dynamic reconfiguration
connector (DRC) name for virtual devices. This error was visible
from the management console when using commands such as "lshwres -r
virtualio --rsubtype slot -m machine" to show the hardware resources
for virtual devices.
- A problem was fixed that caused unneeded resets of ethernet
adapters during logical partition (LPAR) power off or reboots.
The extra resets of the ethernet adapters could cause the network
switch to disable the ethernet links if the threshold for maximum
number of ethernet adapter resets per minute is exceeded.
System firmware changes that affect certain systems
- On systems with a F/C 5802 or 5877 I/O drawer installed, a
problem was fixed that occurred during Offline Converter Assembly (OCA)
replacement operations. The fix prevents a false Voltage
Regulator Module (VRM) fault and the logging of SRCs 10001511 or
10001521 from occurring. This resulted in the OCA LED
getting stuck in an on or "fault" state and the OCA not powering on.
- On a system with partitions with redundant Virtual
Asynchronous Services Interface (VASI) streams, a problem was
fixed that caused the system to terminate with SRC B170E540. The
affected partitions include Active Memory Sharing (AMS), encapsulated
state partitions, and hibernation-capable partitions. The problem
is triggered when the management console attempts to change the active
VASI stream in a redundant configuration. This may occur due to a
stream reconfiguration caused by Live Partition Mobility (LPM);
reconfiguring from a redundant Paging Service Partition (PSP) to a
single-PSP configuration; or conversion of a partition from AMS to
dedicated memory.
- On a system with a disk device with multiple boot
partitions, a problem was fixed that caused System Management Services
(SMS) to list only one boot partition. Even though only one boot
partition was listed in SMS, the AIX bootlist command could still be
used to boot from any boot partition.
|
AL740_121_042 / FW740.70
11/14/13 |
Impact: Availability
Severity: SPE
New features and functions
- Support was added in Advanced System Management Interface
(ASMI) for saving and restoring network settings using a USB flash
drive.
- Support was dropped for Secured Socket Layer (SSL) Version
2 and SSL weak and medium cipher suites in the service processor web
server (Ligthttpd). Unsupported web browser connections to the
Advanced System Management Interface (ASMI) secured port 443 (using
https://) will now be rejected if those browsers do not support SSL
version 3. Supported web browsers for Power7 ASMI are Netscape
(version 9.0.0.4), Microsoft Internet Explorer (version 7.0), Mozilla
Firefox (version 2.0.0.11), and Opera (version 9.24).
System firmware changes that affect all systems
- A problem was fixed
that caused a service processor dump to be generated with SRC B18187DA
"NETC_RECV_ER" logged.
- A problem was fixed that caused a L2 cache error to not
guard out the faulty processor, allowing the system to checkstop again
on an error to the same faulty processor.
- A problem was fixed that caused a HMC code update failure
for the FSP on the accept operation with SRC B1811402 or FSP is unable
to boot on the updated side.
- A problem was fixed that caused a 1000911E platform event
log (PEL) to be marked as not call home. The PEL is now a call
home to allow for correction. This PEL is logged when the
hypervisor has changed the Machine Type Model Serial Number (MTMS) of
an external enclosure to UTMP.xxx.xxxx because it cannot read the vital
product data (VPD), or the VPD has invalid characters, or if the MTMS
is a duplicate to another enclosure.
- A problem was fixed that caused a built-in self test (BIST)
for GX slots to create corrupt error log values that core dumped the
service processor with a B18187DA. The corruption was caused by a
failure to initialize the BIST array to 0 before starting the tests.
- A problem was fixed that caused the system attention LED to
be lit without a corresponding SRC and error log for the event.
This problem typically occurs when an operating system on a partition
terminates abnormally.
- DEFERRED: A problem
was fixed that caused a system checkstop during hypervisor time keeping
services. This deferred fix addresses a problem that has a very
low probability of occurrence. As such customers may wait for the
next planned service window to activate the deferred fix via a system
reboot.
- DEFERRED: A problem
was fixed that caused a system checkstop with SRC B113E504 for a
recoverable hardware fault. This deferred fix addresses a problem
that has a very low probability of occurrence. As such customers
may wait for the next planned service window to activate the deferred
fix via a system reboot.
System firmware changes that affect certain systems
- On systems in manufacturing default configuration (MDC), a
problem was fixed that caused the system to change from MDC to Hardware
Management Console (HMC)-managed mode even though the HMC was unable to
authenticate to the service processor. A system must be
successfully discovered by a HMC as a prerequisite to becoming
HMC-managed.
- On systems with a F/C 5802 or 5877 I/O drawer installed,
the firmware was enhanced to guarantee that an SRC will be generated
when there is a power supply voltage fault. If no SRC is
generated, a loss of power redundancy may not be detected, which can
lead to a drawer crash if the other power supply goes down. This
also fixes a problem that causes an 8 GB Fiber channel adapter in
the drawer to fail if the 12V level fails in one Offline Converter
Assembly (OCA).
- On systems managed by an HMC with a F/C 5802 or 5877 I/O
drawer installed, a problem was fixed that caused the hardware topology
on the management console for the managed system to show "null" instead
of "operational" for the affected I/O drawers.
- On systems with a ethernet PCI-Express adapter under a PLX
switch, an extended error handling (EEH) problem was fixed in run-time
abstraction services (RTAS) that caused fundamental resets of the
adapter to fail during error recovery, leaving the adapter in a
non-pingable state and off the network. Besides failure to ping,
the other symptom is that an AIX OS command of "enstat -d entX" where X
is the adapter number will fail with the following message:
"enstat -0909-004, Unable to get statistics on device entX, errno=11".
- A problem was fixed in the run-time abstraction services
(RTAS) extended error handling (EEH) for fundamental reset that caused
partitions to crash during adapter updates. The fundamental reset
of adapters now returns a valid return code. The adapter drivers
using fundamental reset affected by this fix are the following:
o QLogic PCIe Fibre Channel adapters (combo card)
o IBM PCIe Obsidian
o Emulex BE3-based ethernet adapters
o Broadcom-based PCIe2 4-port 1Gb ethernet
o Broadcom-based FlexSystem EN2024 4-port 1Gb ethernet for compute nodes
- On systems with a F/C 5802 or 5877 I/O drawer installed, a
problem
was fixed that where a Offline Converter Assembly (OCA)
fault would appear to persist after a OCA micro-reset or OCA
replacement. The fault bit reported to the OS may not be cleared,
indicating a fault still exists in the I/O drawer after it has been
repaired.
- On systems involved in a series of consecutive Live
Partition Mobility (LPM) operations, a memory leak problem was fixed
in the run time abstraction service (RTAS) that caused a partition run
time AIX crash with SRC 0c20. Other possible symptoms include
error logs with SRC BA330002 (RTAS memory allocation failure).
|
AL740_112_042 / FW740.61
07/26/13 |
Impact: Availability
Severity: SPE
System firmware changes that affect all systems
- A problem was
fixed that caused a migrated partition to reboot during transfer to a
VIOS 2.2.2.0, and later, target system. A manual reboot would be
required if transferred to a target system running an earlier VIOS
release. Migration recovery may also be necessary.
- A problem was fixed that can cause Anchor (VPD) card
corruption and A70047xx SRCs to be logged. Note: If a
serviceable event with SRC A7004715 is present or was logged
previously, damage to the VPD card may have occurred. After the fix is
applied, replacement of the Anchor VPD card is recommended in
order to restored full redundancy.
|
AL740_110_042 / FW740.60
04/30/13 |
Impact: Serviceability
Severity: ATT
New features and functions
- Support for booting an IBM i partition from a USB flash
drive.
System firmware changes that affect all systems
- A problem was
fixed that prevented the system attention indicator from being turned
off when a service processor reset occurred.
- A problem was fixed that caused SRC B1813221, which
indicates a failure of the battery on the service processor, to be
erroneously logged after a service processor reset or power cycle.
- A problem was fixed that caused the Advanced System
Management Interface (ASMI) to produce a service processor dump when
changing the admin user password.
- A problem was fixed that caused various SRCs to be
erroneously logged at boot time including B181E6C7 and B1818A14.
- A problem was fixed that caused a card (and its children)
that was removed after the system was booted to continue to be listed
in the guard menus in the Advanced System Management Interface (ASMI).
- A problem was fixed that caused the service processor to
crash when it boots from the new level during a concurrent firmware
installation.
- A problem was fixed that caused the management console to
display incorrect data for a virtual Ethernet adapter's transactions
statistics.
- A problem was fixed that caused a hibernation resume
operation to hang if the connection to the paging space is lost near
the end of the resume processing. This is more likely on a
partition that supports remote restart.
- A problem was fixed that caused the system to terminate
with a bad address checkstop during mirroring defragmentation.
- A problem was fixed that caused the hibernation validation
of a remote restart partition operation to fail with an "NvRam size
error". This also affects the capability to migrate the partition.
- The Power Hypervisor was enhanced to insure better
synchronization of vSCSI and NPIV I/O interrupts to partitions.
- On systems managed by a management console, a problem was
fixed that was caused by an attempt to modify a virtual adapter from
the management console command line when the command specifies it is an
Ethernet adapter, but the virtual ID specified is for an adapter type
other than Ethernet. The managed system has to be rebooted to
restore communications with the management console when this problem
occurs; SRC B7000602 is also logged.
- A problem was fixed that caused an error log generated by
the
partition firmware to show conflicting firmware levels. This
problem occurs after a firmware update or a Live Partition Mobility
(LPM) operation on the system.
System firmware changes that affect certain systems
- On systems with I/O towers attached, a problem was fixed
that caused SRC 10009135, followed by SRC 10009139, to be logged,
indicating that SPCN loop mode was being broken, then reestablished.
- On systems with I/O towers attached, a problem was fixed
that caused multiple service processor reset/reloads if the tower was
continuously sending invalid System Power Control Network (SPCN) status
data.
- On 8202-E4C and 8205-E6C systems with the PCIe expansion
card feature code (F/C) 5610 or F/C 5685 installed, a problem was fixed
that caused the wrong FRU part number (74Y8565 instead of 74Y5221) to
be called out when the fan on the expansion card failed.
- On partitions with the virtual Trusted Platform Module
(vTPM) enabled, a problem was fixed that caused a memory leak, and
failure, when vTPM was disabled, a vTPM-enabled partition was migrated,
or a vTPM-enabled partition was deleted.
- On systems running multiple IBM i partitions that are
configured to communicate with each other via virtual Opticonnect, and
Active Memory Sharing (AMS), AMS operations may time-out. When
this problem occurs, a platform reboot may be required to recover.
- On systems running Active Memory Sharing (AMS) partitions,
a problem was fixed that may arise due to the incorrect handling of a
return code in an error path during the Live Partition Mobility
(LPM) of an AMS partition.
- On systems using IPv6 addresses, the firmware was enhanced
to reduce the time it take to install an operating system using the
Network Installation Manager (NIM).
- On systems with F/C EU07, the RDX SATA internal docking
station for removable disk cartridge, a problem was fixed that caused
SRCs BA210000 and BA210003 to be logged, and the System Management
Services (SMS) menu firmware to drop into the ok> prompt, when the
default boot list was built.
- A problem was fixed that caused SRC BA330000 to be logged
after the successful migration of a partition running Ax740_xxx
firmware to a system running Ax760, or a later release, or
firmware. This problem can also cause SRCs BA330002, BA330003,
and BA330004 to be erroneously logged over time when a partition is
migrated from a system running Ax760, or a later release, to a system
running Ax740_xxx firmware.
- On system running an IBM i partition, the partition boot
may succeed after a long delay, or may fail, if a mode D boot attempt
is made, there is more than one USB device attached, and the IBM i
operating system (OS) image is on the second USB device.
- On system running an IBM i partition, a problem was fixed
that caused a number of informational SRC BA09000F to be logged when a
mode D partition boot is done. This SRC is logged if a device
that supports removable media is installed and the media is not present.
- On systems running Active Memory Sharing (AMS) partitions,
a timing problem was fixed that may occur if the system is undergoing
AMS pool size changes.
|
AL740_100_042
12/05/12 |
Impact: Serviceability
Severity: ATT
System firmware changes that affect all systems
- A problem was
fixed that can cause fans in the server to run at maximum speed and
generate a serviceable event during system boot (B130B8AF, a predictive
error with hardware callout) as a result of an incorrect calibration of
a particular thermal sensor.
|
AL740_098_042
11/28/12 |
Impact: Availability
Severity: SPE
System firmware changes that affect all systems
- HIPER/Non-Pervasive: DEFERRED: A problem was fixed
that caused a system crash with SRC B170E540.
- HIPER/Non-Pervasive:
A
related problem was also fixed that could cause a live lock on the
power bus resulting in a system crash.
- To address poor placement of partitions following a reboot
of a server with unlicensed cores, the firmware was enhanced to run the
affinity manager when the initialize configuration operation is done
from the HMC. A problem was also fixed that caused the hypervisor
to be left in an inconsistent state after a partition create operation
failed.
|
AL740_095_042
09/19/12 |
Impact: Availability
Severity: SPE
New features and functions
- Support for booting the IBM i operating system from a USB
tape drive.
System firmware changes that affect all systems
- The firmware was
enhanced to correctly diagnose the failing FRU when SRC B1xxE504 with
error signature "MCFIR[14] - Hang timer detector" was logged.
- A problem was fixed that caused the system to crash after a
recoverable error was logged on an I/O hub.
- A problem was fixed that caused a "code accept" during a
concurrent firmware installation from the HMC to fail with SRC E302F85C.
- The firmware was enhanced to continue booting when SRC
B181C803 with description "WIRE_PROC_CST_HW_FAIL" is logged during boot.
- A problem was fixed that caused the suspension of a
partition to fail if a large amount of data has to be stored to resume
the partition.
- A problem was fixed that caused a system crash with
unrecoverable SRC B7000103 and "ErFlightRecorder" in the failing stack.
- A problem was fixed that caused an external interrupt to
get stuck for some period of time before being presented to the
operating system in certain scenarios in which there is a high rate of
interrupts.
- On 8231-E1C and 8231-E2C systems, the firmware was enhanced
to improve the service actions for SRC 11002691.
- A problem was fixed that caused DIMMs to be deconfigured,
and SRC B123E504 to be erroneously logged, when additional DIMMs of
larger capacity than the DIMMs already in the system were added.
System firmware changes that affect certain systems
- On systems that are managed by a Hardware Management
Console (HMC), and on which Internet Explorer (IE) is used to access
the Advanced System Management Interface (ASMI) on the HMC, a problem
was fixed that caused IE to hang for about 10 minutes after saving
changes to network parameters on the ASMI.
- A problem was fixed that caused a network installation of
IBM i to fail when the client was on the same subnet as the server.
- On systems with a 5796 or 5797 I/O drawer attached, a
problem was fixed that could cause a system hang.
- On systems with I/O drawers feature code (F/C) 5802 or 5877
attached, and running the Active Energy Manager, a problem was fixed
that caused SRC B7000602 to be erroneously logged.
|
AL740_088_042
05/25/12 |
Impact: Availability
Severity: SPE
New features and functions
- Support for IBM i Live Partition Mobility (LPM)
- Support for the EXP30 Ultra SSD I/O Drawer, feature code
(F/C) 5888.
- Support for the 8246-L2C and 8246-L2S systems.
- Support for the 8246-L1C systems.
- Support for the 8246-L1S systems.
System firmware changes that affect all systems
- A problem was
fixed that prevented the user from changing the boot mode or keylock
setting after a remote restart-capable partition is created, even after
the partition's paging device is on-line.
- A problem was fixed that caused a partition with dedicated
processors to hang with SRC BA33xxxx when rebooted, after it was
migrated using a Live Partition Mobility (LPM) operation from a system
running Ax730 to a system running Ax740, or vice-versa.
- A problem was fixed that caused the service processor's
eth0 or eth1 IP addresses to change to "IPv6 NA" when viewed on
the control (operator) panel when a laptop was connected to the service
processor.
- A problem was fixed that caused booting from a virtual
fibre channel tape device to fail with SRC B2008105.
- The firmware was enhanced to increase the threshold of soft
NVRAM errors on the service processor to 32 before SRC B15xF109 is
logged. (Replacement of the service processor is recommended if
more than one B15xF109 is logged per week.)
- A problem was fixed that caused informational SRC A70047FF,
which may indicate that the Anchor (VPD) card should be replaced, to be
erroneously logged again after the Anchor card was replaced.
- On system managed by an HMC, a problem was fixed that
caused the lsstat command on the HMC to display an erroneously high
number of packets transmitted and received on a vlan interface.
- A problem was fixed that caused a partition that owned a
powered-off slot to hang when being shutdown after a DLPAR operation
was performed on it.
System firmware changes that affect certain systems
- The firmware resolves undetected N-mode stability problems
and improves error reporting on the feature code (F/C) 5802 and 5877
I/O drawer power subsystem.
- On systems on which the service processor is using IPv6
Ethernet addresses, a problem was fixed that caused a service processor
dump to be taken with SRC B181EF88.
- On systems running the virtual Trusted Platform Module
(vTPM), a
problem was fixed that caused the system to crash when the vTPM adjunct
was reset.
- On 8231-E1C, 8231-E2C, 8202-E4C and 8205-E6C systems
running IBM i partitions, a problem was fixed that prevented slots on
the same PCI bus from being assigned to different partitions.
This can result in SRC B600690B being logged when a partition is booted.
- The Advanced System Management Interface (ASMI) menus were
enhanced to more clearly indicate which processor cores were
deconfigured by the Field Core Override option (F/C 2319).
- A problem was fixed that caused various operations to hang,
such as running lsvpd from a partition, or a concurrent firmware
installation.
|
AL740_077_042
03/06/12 |
Impact: Availability
Severity: HIPER - High Impact/PERvasive, Should be installed as soon as
possible.
System firmware changes that affect all systems
- The firmware was
enhanced to log SRC B7006A72 as informational instead of
predictive. This will prevent unnecessary service actions on PCIe
adapters and the associated I/O planars.
System firmware changes that affect certain systems
On systems
running system firmware level AL740_075 and managed by a Hardware
Management Console (HMC), a problem was fixed that prevented HMC
authentication to a managed system in the "Pending
Authentication" state, and prevented the Advanced System Management
Interface (ASMI) admin user's password from being changed. |