Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, July 12, 2018
 
 

spliceadm (8)

Name

spliceadm - administer splice state

Synopsis

spliceadm status  [-c] [[-p]-o <field1>,...] [all|<id>]
spliceadm freeze [-qnN] [<id>]
spliceadm unfreeze [-qnN]
spliceadm sync [-L]
spliceadm apply  [-vL] <kid>
spliceadm reverse [-vL] <kid>
spliceadm clear
spliceadm log [-vDp]

Description

The spliceadm utility is used to query and administer system splice state. Splices are fixes for specific bugs that can be applied on a live system.

Sub Commands

status [–c] [[–p]–o <field1>,...] [all|<id>]

Shows the current state of all the installed splices or an individual splice.

Associated CVE and BUGID information is displayed by status. "NA" is displayed if such information is not available.

# spliceadm status
ID	STATE		CVE	        BUGID
1000     applied	    CVE-1111-1234   12345689
1001     applied	    NA		 43219865
1003     faulted    	CVE-1111-4321   56894321
1004     not-applied	CVE-1111-4321   43215689

When the spliceadm status subcommand is invoked with the –c option, the system configuration is displayed. The system configuration includes the value of the version lock, that is, the value set by spliceadm freeze or spliceadm unfreeze subcommand. It also displays the state of the svc:/system/splice:default service.

# spliceadm status -c
PROPERTY        VALUE
version_lock    off
service_state   online

The –p option produces machine parsable output in both the cases. The –o option allows to select what field(s) to be printed out. When parsable output (–p) is requested, the –o option is mandatory.

It is recommended for scripts to use the –p option. The –p option will retry in a loop if the kernel resource is unavailable. Without the –p switch, status immediately returns a failure which is more useful in the interactive case.

# spliceadm status -p -o id,state,cve,bugid
1000:applied:CVE-1111-1234:12345689
1001:applied:NA:43219865
1003:faulted:CVE-1111-4321:56894321
1004:not-applied:CVE-1111-4321:43215689

# spliceadm status -cp -o property,value
version_lock:off
service_state:online

A splice can be in any one of the following states:

applied

The splice is applied.

not-applied

The splice is not applied, but delivered on disk.

excluded

The splice is not applied because it has an <id> larger than the version lock set on the system.

faulted

The splice is not applied because it has an <id> larger than the largest <id> that can be safely applied on the system.

evaluating

The splice is applied beyond the largest <id> that can be safely applied on the system. A splice is in this state after it is applied and before the timeout expires.

pending-removal

The splice is applied beyond the version lock. This can happen when version lock is set to a lower level by using spliceadm freeze with the "-N" switch.

freeze [–qnN] [<id>]

Locks and brings the system to a specific splice version. When invoked with the –N option, the version lock is set, but the system is left at the current splice level. When the –n option is specified, the command is run but no operations are actually performed.

# spliceadm status
ID	STATE		CVE	        BUGID
1000    applied     	CVE-1111-1234   12345689
1001    applied     	NA		 43219865
1003    excluded	    CVE-1111-4321   56894321

# spliceadm freeze 1000
List of splices that will be reversed
ID      CVE     	BUGID
1001    NA		43219865
	
# spliceadm status
ID	STATE		CVE	        BUGID
1000    applied	     CVE-1111-1234   12345689
1001    excluded	    NA		 43219865
1003    excluded	    CVE-1111-4321   56894321

The freeze subcommand supports the following keywords:

current

Locks the system at the current splice level.

next

Locks the system at the next splice level and applies the next splice.

latest

Locks the system at the latest delivered splice on disk and applies all the splices including the latest splice in order.

# spliceadm status
ID	STATE		CVE	        BUGID
1000    applied	     CVE-1111-1234   12345689
1001    not-applied	 NA		 43219865
1003    not-applied	 CVE-1111-4321   56894321

# spliceadm freeze current

# spliceadm status
ID	STATE		CVE	        BUGID
1000    applied	     CVE-1111-1234   12345689
1001    excluded	    NA		 43219865
1003    excluded	    CVE-1111-4321   56894321

# spliceadm freeze next
List of splices that will be applied
ID      CVE     	BUGID
1001    NA		43219865
	
# spliceadm status
ID	STATE		CVE	        BUGID
1000    applied            CVE-1111-1234   12345689
1001    applied 	     NA		 43219865
1003    excluded           CVE-1111-4321   56894321

# spliceadm freeze latest
List of splices that will be applied
ID      CVE     	BUGID
1003    CVE-1111-4321   56894321
	
# spliceadm status
ID	STATE		CVE	        BUGID
1000    applied	     CVE-1111-1234   12345689
1001    applied	     NA		 43219865
1003    applied	     CVE-1111-4321   56894321

The –n switch runs the command but not does perform any actual operations. In other words, it can be used to perform a preview.

The –N switch helps in case of a splice that misbehaves on reverse. By skipping the reverse step, it is possible to lock the version and reboot without having to actually reverse the splice.

Note that –N does not prevent further unrelated operations to act on the configuration itself, but disables the reverse/apply steps involved with the current invocation of spliceadm freeze subcommand.

The –q switch may be used to suppress the output.

unfreeze [–qnN]

Unlocks the system from a specific splice version. All splices installed on the system are applied, unless –n or –N is specified, and further splice installations will automatically update the system. For example:

# spliceadm status
ID	STATE        CVE	        BUGID
1000    applied      CVE-1111-1234     12345689
1001    applied      NA		   43219865
1003    excluded     CVE-1111-4321     56894321

# spliceadm unfreeze
List of splices that will be applied
ID      CVE     	BUGID
1003    CVE-1111-4321 56894321

# spliceadm status
ID	STATE		CVE	        BUGID
1000    applied	     CVE-1111-1234    12345689
1001    applied	     NA		  43219865
1003    applied	     CVE-1111-4321    56894321

The –n switch runs the command but not does perform any actual operations. In other words, it can be used to perform a preview.

The –N switch helps in the case where the user wants all the splices to be applied on reboot. By skipping the reverse step, it is possible to lock the version and reboot without having to actually apply the splice.

The –q switch may be used to suppress the output.

sync [–L]

Brings the system to the splice level identified by the intersection of:

  • the list of splices currently installed on the system

  • the list of splices currently applied to the system

  • the upper limit imposed by the system configuration, for example, any imposed version lock through spliceadm freeze

This subcommand is primarily and solely consumed by the splice system service and by default prints the operation log to stderr, so that it gets captured by the service log.

The –L option prevents printing the kernel splice transaction log to stderr.

apply [–vL] <kid>

Applies a specific splice, as identified by <kid>. Version locks are honored when manually applying splices. Splices must be applied in increasing order.

If the <kid> of the splice being applied is higher than the splice level, then the system is locked and the splice is deemed to be excluded. Use the spliceadm unfreeze command to unlock the splice level and apply the splice. For example:

# spliceadm apply 1003
Failed to apply splice 1003.
Use spliceadm unfreeze to allow this splice to be applied.

If the <kid> of the splice being applied is higher than the largest <kid> that can safely run on the system, then the splice is deemed to be faulted. To apply the splice, use spliceadm clear command after fixing the problem with the splice. For example:

# spliceadm apply 1003
Failed to apply splice 1003.
This splice caused a fault in a previous apply attempt and is blocked
from being applied.
If the problem has been fixed, use spliceadm clear to allow this splice
to be applied.

Note that the apply subcommand is intended for debugging and testing purposes. Users should use the unfreeze and freeze subcommands for applying and reversing splices.

The –L option prevents printing the kernel splice transaction log to stderr.

The –v option prints verbose log to stderr.

reverse [–vL] <kid>

Reverses a specific splice, as identified by <kid>. Splices must be reversed in decreasing order, from the one with the highest <kid> to the one with the lowest.

Note that the reverse subcommand is intended for debugging and testing purposes. Users should use the unfreeze and freeze subcommands for applying and reversing splices.

The –L option prevents printing the kernel splice transaction log to stderr.

The –v option prints verbose log to stderr.

log [–vDp]

Retrieves and prints the summary from the previous splice operation. The –v option prints verbose log from the previous splice operation to stderr. The –D option prints the entire framework log to stderr. The –p option produces a list of patched functions in machine parsable format after a successful splice application. The –p option can be used only after a successful splice operation and cannot be used with other options.

clear

Clears splice application errors and tries to bring the system up to the configured splice level. spliceadm clear should be used by an administrator after fixing problems with an unsuccessful splice application.

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/ksplice
Interface Stability
Committed

See Also

pkg (7)

Notes

If the running system kernel is being examined through the use of mdb(1), then the commands to apply, reverse, or sync splices will hang until the mdb session has been terminated.

If the svc:/system/splice:default is in the degraded state, there are splice(s) available on disk which have not been applied yet. Splices can be constrained either by the splice version lock or by the splice safety threshold. If constrained by the version lock, use the spliceadm unfreeze command, and if constrained by the safety threshold, use the spliceadm clear command.