spliceadm - administer splice state
spliceadm status [-c] [[-p]-o <field1>,...] [all|<id>] spliceadm freeze [-qnN] [<id>] spliceadm unfreeze [-qnN] spliceadm sync [-L] spliceadm apply [-vL] <kid> spliceadm reverse [-vL] <kid> spliceadm clear spliceadm log [-vDp]
The spliceadm utility is used to query and administer system splice state. Splices are fixes for specific bugs that can be applied on a live system.
Shows the current state of all the installed splices or an individual splice.
Associated CVE and BUGID information is displayed by status. "NA" is displayed if such information is not available.
# spliceadm status ID STATE CVE BUGID 1000 applied CVE-1111-1234 12345689 1001 applied NA 43219865 1003 faulted CVE-1111-4321 56894321 1004 not-applied CVE-1111-4321 43215689
When the spliceadm status subcommand is invoked with the –c option, the system configuration is displayed. The system configuration includes the value of the version lock, that is, the value set by spliceadm freeze or spliceadm unfreeze subcommand. It also displays the state of the svc:/system/splice:default service.
# spliceadm status -c PROPERTY VALUE version_lock off service_state online
The –p option produces machine parsable output in both the cases. The –o option allows to select what field(s) to be printed out. When parsable output (–p) is requested, the –o option is mandatory.
It is recommended for scripts to use the –p option. The –p option will retry in a loop if the kernel resource is unavailable. Without the –p switch, status immediately returns a failure which is more useful in the interactive case.
# spliceadm status -p -o id,state,cve,bugid 1000:applied:CVE-1111-1234:12345689 1001:applied:NA:43219865 1003:faulted:CVE-1111-4321:56894321 1004:not-applied:CVE-1111-4321:43215689 # spliceadm status -cp -o property,value version_lock:off service_state:online
A splice can be in any one of the following states:
The splice is applied.
The splice is not applied, but delivered on disk.
The splice is not applied because it has an <id> larger than the version lock set on the system.
The splice is not applied because it has an <id> larger than the largest <id> that can be safely applied on the system.
The splice is applied beyond the largest <id> that can be safely applied on the system. A splice is in this state after it is applied and before the timeout expires.
The splice is applied beyond the version lock. This can happen when version lock is set to a lower level by using spliceadm freeze with the "-N" switch.
Locks and brings the system to a specific splice version. When invoked with the –N option, the version lock is set, but the system is left at the current splice level. When the –n option is specified, the command is run but no operations are actually performed.
# spliceadm status ID STATE CVE BUGID 1000 applied CVE-1111-1234 12345689 1001 applied NA 43219865 1003 excluded CVE-1111-4321 56894321 # spliceadm freeze 1000 List of splices that will be reversed ID CVE BUGID 1001 NA 43219865 # spliceadm status ID STATE CVE BUGID 1000 applied CVE-1111-1234 12345689 1001 excluded NA 43219865 1003 excluded CVE-1111-4321 56894321
The freeze subcommand supports the following keywords:
Locks the system at the current splice level.
Locks the system at the next splice level and applies the next splice.
Locks the system at the latest delivered splice on disk and applies all the splices including the latest splice in order.
# spliceadm status ID STATE CVE BUGID 1000 applied CVE-1111-1234 12345689 1001 not-applied NA 43219865 1003 not-applied CVE-1111-4321 56894321 # spliceadm freeze current # spliceadm status ID STATE CVE BUGID 1000 applied CVE-1111-1234 12345689 1001 excluded NA 43219865 1003 excluded CVE-1111-4321 56894321 # spliceadm freeze next List of splices that will be applied ID CVE BUGID 1001 NA 43219865 # spliceadm status ID STATE CVE BUGID 1000 applied CVE-1111-1234 12345689 1001 applied NA 43219865 1003 excluded CVE-1111-4321 56894321 # spliceadm freeze latest List of splices that will be applied ID CVE BUGID 1003 CVE-1111-4321 56894321 # spliceadm status ID STATE CVE BUGID 1000 applied CVE-1111-1234 12345689 1001 applied NA 43219865 1003 applied CVE-1111-4321 56894321
The –n switch runs the command but not does perform any actual operations. In other words, it can be used to perform a preview.
The –N switch helps in case of a splice that misbehaves on reverse. By skipping the reverse step, it is possible to lock the version and reboot without having to actually reverse the splice.
Note that –N does not prevent further unrelated operations to act on the configuration itself, but disables the reverse/apply steps involved with the current invocation of spliceadm freeze subcommand.
The –q switch may be used to suppress the output.
Unlocks the system from a specific splice version. All splices installed on the system are applied, unless –n or –N is specified, and further splice installations will automatically update the system. For example:
# spliceadm status ID STATE CVE BUGID 1000 applied CVE-1111-1234 12345689 1001 applied NA 43219865 1003 excluded CVE-1111-4321 56894321 # spliceadm unfreeze List of splices that will be applied ID CVE BUGID 1003 CVE-1111-4321 56894321 # spliceadm status ID STATE CVE BUGID 1000 applied CVE-1111-1234 12345689 1001 applied NA 43219865 1003 applied CVE-1111-4321 56894321
The –n switch runs the command but not does perform any actual operations. In other words, it can be used to perform a preview.
The –N switch helps in the case where the user wants all the splices to be applied on reboot. By skipping the reverse step, it is possible to lock the version and reboot without having to actually apply the splice.
The –q switch may be used to suppress the output.
Brings the system to the splice level identified by the intersection of:
the list of splices currently installed on the system
the list of splices currently applied to the system
the upper limit imposed by the system configuration, for example, any imposed version lock through spliceadm freeze
This subcommand is primarily and solely consumed by the splice system service and by default prints the operation log to stderr, so that it gets captured by the service log.
The –L option prevents printing the kernel splice transaction log to stderr.
Applies a specific splice, as identified by <kid>. Version locks are honored when manually applying splices. Splices must be applied in increasing order.
If the <kid> of the splice being applied is higher than the splice level, then the system is locked and the splice is deemed to be excluded. Use the spliceadm unfreeze command to unlock the splice level and apply the splice. For example:
# spliceadm apply 1003 Failed to apply splice 1003. Use spliceadm unfreeze to allow this splice to be applied.
If the <kid> of the splice being applied is higher than the largest <kid> that can safely run on the system, then the splice is deemed to be faulted. To apply the splice, use spliceadm clear command after fixing the problem with the splice. For example:
# spliceadm apply 1003 Failed to apply splice 1003. This splice caused a fault in a previous apply attempt and is blocked from being applied. If the problem has been fixed, use spliceadm clear to allow this splice to be applied.
Note that the apply subcommand is intended for debugging and testing purposes. Users should use the unfreeze and freeze subcommands for applying and reversing splices.
The –L option prevents printing the kernel splice transaction log to stderr.
The –v option prints verbose log to stderr.
Reverses a specific splice, as identified by <kid>. Splices must be reversed in decreasing order, from the one with the highest <kid> to the one with the lowest.
Note that the reverse subcommand is intended for debugging and testing purposes. Users should use the unfreeze and freeze subcommands for applying and reversing splices.
The –L option prevents printing the kernel splice transaction log to stderr.
The –v option prints verbose log to stderr.
Retrieves and prints the summary from the previous splice operation. The –v option prints verbose log from the previous splice operation to stderr. The –D option prints the entire framework log to stderr. The –p option produces a list of patched functions in machine parsable format after a successful splice application. The –p option can be used only after a successful splice operation and cannot be used with other options.
Clears splice application errors and tries to bring the system up to the configured splice level. spliceadm clear should be used by an administrator after fixing problems with an unsuccessful splice application.
See attributes(7) for descriptions of the following attributes:
|
pkg (7)
If the running system kernel is being examined through the use of mdb(1), then the commands to apply, reverse, or sync splices will hang until the mdb session has been terminated.
If the svc:/system/splice:default is in the degraded state, there are splice(s) available on disk which have not been applied yet. Splices can be constrained either by the splice version lock or by the splice safety threshold. If constrained by the version lock, use the spliceadm unfreeze command, and if constrained by the safety threshold, use the spliceadm clear command.