git: 46e96afb73 - main - Add EN-22:13.zfs.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 21 Mar 2022 19:12:37 UTC
The branch main has been updated by gordon (src committer): URL: https://cgit.FreeBSD.org/doc/commit/?id=46e96afb730c7ee5728e6c82ad750eab2311557c commit 46e96afb730c7ee5728e6c82ad750eab2311557c Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2022-03-21 19:12:23 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2022-03-21 19:12:23 +0000 Add EN-22:13.zfs. Approved by: so --- website/data/security/errata.toml | 4 + .../security/advisories/FreeBSD-EN-22:13.zfs.asc | 127 +++++++++++++++++++++ website/static/security/patches/EN-22:13/zfs.patch | 11 ++ .../static/security/patches/EN-22:13/zfs.patch.asc | 16 +++ 4 files changed, 158 insertions(+) diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index b246718740..d409a0395c 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,6 +1,10 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-22:13.zfs" +date = "2022-03-21" + [[notices]] name = "FreeBSD-EN-22:12.zfs" date = "2022-03-15" diff --git a/website/static/security/advisories/FreeBSD-EN-22:13.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:13.zfs.asc new file mode 100644 index 0000000000..8606925591 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:13.zfs.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:13.zfs Errata Notice + The FreeBSD Project + +Topic: ZFS data loss + +Category: contrib +Module: zfs +Announced: 2022-03-21 +Affects: FreeBSD 13.0-p8 +Corrected: 2022-03-20 14:10:36 UTC (releng/13.0, 13.0-RELEASE-p9) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is one of several filesystems available on FreeBSD. ZFS supports +many advanced features, including checksumming, transparent compression, +and snapshots. + +II. Problem Description + +Erratum FreeBSD-EN-22:11.zfs was addressed by a patch which modified a +ZFS kernel function that determines whether the in-memory copy of a +filesystem object is dirty with respect to its representation on stable +storage. The modification contained a bug which could cause the +function to return false negatives. + +III. Impact + +Under heavy load, files written to a ZFS filesystem may not be correctly +saved to disk. + +IV. Workaround + +No workaround is available, but systems not using ZFS are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:13/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-22:13/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +releng/13.0/ b8ae329db949 releng/13.0-n244788 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat NNNNNNNNNNNN + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNNNNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:13.zfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmI4zUQACgkQ05eS9J6n +5cJN8w//cVuY7dgMFIFsxLdMUfWQevqhWKHgT3itBo+WCYgpDixBHGvXrduYbFGO +gBB4Q9qlTKnNqVVR3AQvzmc7t2quJcjI+p6Sfq1UlmjyEEYmsSQndYOSUGeR0zli +P8UgjMx9VDXyugZWy/jGDBIXr3tKYXdeTlfSwJ0Dxkf3k0NpOCPvvpZSCAQlrCXd +dwI25I39fGOZKES8rW6TPcN8K2uSvlHu4i2v3MYfPHkRVOwdbMA33YaX/bCvTwHa +h8hg2hnwLNGUWhQZ6cwW/kPBjp7yVuDc0VIqfCyA7DqgUbo6juYm7ZD+EHUaVfAV +32FFrMY/crH6UoZ1LXYK7I/xmyec5o66VewoGYsiY+5bFb0jNC8Pv/fmtzFPOFGW +rHPxsLP/2rFpqwoNnhTX9wohqxHLOoN/DtjcTzznlL+VutOdQqNuU+U9o8wG5tea +e+8tfNbvxSV2qvEZ/gqliSkpICe70jM04/ZkBw+eFdFqRZdV/tIIfEonzutqCi3x +h/9r335b+6gJvpEkyq1VHesuydY5K21aPPnyETEOGKQAGfPMNyB67LNSd29gATHi +CjJDkylMhMMf/qaTBxViMYSEZ3mzkbTkIQE9Oph2M2YMbZoh8VwNfu0mU6kxBBfT +kSeGF1QZjnHeHWeRpd/lsKxFbNfElwVeoQc8e9evYHqNEdeyle8= +=085i +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-22:13/zfs.patch b/website/static/security/patches/EN-22:13/zfs.patch new file mode 100644 index 0000000000..a462fd9790 --- /dev/null +++ b/website/static/security/patches/EN-22:13/zfs.patch @@ -0,0 +1,11 @@ +--- sys/contrib/openzfs/module/zfs/dnode.c.orig ++++ sys/contrib/openzfs/module/zfs/dnode.c +@@ -1661,7 +1661,7 @@ + mutex_enter(&dn->dn_mtx); + + for (int i = 0; i < TXG_SIZE; i++) { +- if (list_head(&dn->dn_dirty_records[i]) != NULL) { ++ if (multilist_link_active(&dn->dn_dirty_link[i])) { + mutex_exit(&dn->dn_mtx); + return (B_TRUE); + } diff --git a/website/static/security/patches/EN-22:13/zfs.patch.asc b/website/static/security/patches/EN-22:13/zfs.patch.asc new file mode 100644 index 0000000000..e353d55554 --- /dev/null +++ b/website/static/security/patches/EN-22:13/zfs.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmI4zUYACgkQ05eS9J6n +5cJCgBAAou2XZ5FlPpUqTP+r7usj1b76Rp5Y4IVXl/r4Wf7B1JDfQxWOlEDS0R0d +HffxASWn6gJetRDTGpb3UhOAH0fDDhTUFPImubwXid+V+fdeohhUhcDshHl+Hz0u +wrVvMGP8L8oiPSyrhbWAwvw2zGZijuyJw2SR94Vk6YQOHigRGF8P9UaHKkI1Es1y +/QaoyGqScuqzAhf1N2lPWW5vZyhzkz8vvOvOKUCno6p5T/mT3Wg8xqDdXw8sUVRu +9ugAwC0ofGoVZAzDbfneF+kwytYO2LJsYHTlH0L5/esVl8dApE2Q5FEL6YtqfDa4 +1kcPIvfH7JuIzx+mJckwT7aDP8mEUICFNo2TU1/ny70gfMizBsss7czmjukrNRbU +AQNQKO7JZP7LrbIi3cC+6t6d6ZCAcUWVMBf3Oc13kezax5w49UVn8r4Khvrxexf/ +3MN6ed1gJ7/IOT3C9uyA0RYL4yLgdB6tRV3lHl5AHd1gTm2zNhsuFafvQGqmmwJf +q0Xm1dXo5MdExwAyP64pnVVodTYT7lx4e8gBei+iU+Zf7K4fwbA1ENPnBSkIDFm+ +Ggto66JSmYeY6XZYLrZfG64sakgaElZU+/keYYw2qKThJtOa4ljbVmFvibX1Vyvt ++z+iZ0umzmYTkXCGRJfIJ9wIxPLPNXcGpbHmez+KU04YKrl/dbQ= +=Mmi/ +-----END PGP SIGNATURE-----