git: 46e96afb73 - main - Add EN-22:13.zfs.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Gordon Tetlow <gordon_at_FreeBSD.org>
Date: Mon, 21 Mar 2022 19:12:37 UTC
The branch main has been updated by gordon (src committer):

URL: https://cgit.FreeBSD.org/doc/commit/?id=46e96afb730c7ee5728e6c82ad750eab2311557c

commit 46e96afb730c7ee5728e6c82ad750eab2311557c
Author:     Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2022-03-21 19:12:23 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2022-03-21 19:12:23 +0000

    Add EN-22:13.zfs.
    
    Approved by:    so
---
 website/data/security/errata.toml                  |   4 +
 .../security/advisories/FreeBSD-EN-22:13.zfs.asc   | 127 +++++++++++++++++++++
 website/static/security/patches/EN-22:13/zfs.patch |  11 ++
 .../static/security/patches/EN-22:13/zfs.patch.asc |  16 +++
 4 files changed, 158 insertions(+)

diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index b246718740..d409a0395c 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,10 @@
 # Sort errata notices by year, month and day
 # $FreeBSD$
 
+[[notices]]
+name = "FreeBSD-EN-22:13.zfs"
+date = "2022-03-21"
+
 [[notices]]
 name = "FreeBSD-EN-22:12.zfs"
 date = "2022-03-15"
diff --git a/website/static/security/advisories/FreeBSD-EN-22:13.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:13.zfs.asc
new file mode 100644
index 0000000000..8606925591
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:13.zfs.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:13.zfs                                      Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          ZFS data loss
+
+Category:       contrib
+Module:         zfs
+Announced:      2022-03-21
+Affects:        FreeBSD 13.0-p8
+Corrected:      2022-03-20 14:10:36 UTC (releng/13.0, 13.0-RELEASE-p9)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+ZFS is one of several filesystems available on FreeBSD.  ZFS supports
+many advanced features, including checksumming, transparent compression,
+and snapshots.
+
+II.  Problem Description
+
+Erratum FreeBSD-EN-22:11.zfs was addressed by a patch which modified a
+ZFS kernel function that determines whether the in-memory copy of a
+filesystem object is dirty with respect to its representation on stable
+storage.  The modification contained a bug which could cause the
+function to return false negatives.
+
+III. Impact
+
+Under heavy load, files written to a ZFS filesystem may not be correctly
+saved to disk.
+
+IV.  Workaround
+
+No workaround is available, but systems not using ZFS are not affected.
+
+V.   Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:13/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:13/zfs.patch.asc
+# gpg --verify zfs.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+releng/13.0/                            b8ae329db949  releng/13.0-n244788
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat NNNNNNNNNNNN
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNNNNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:13.zfs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmI4zUQACgkQ05eS9J6n
+5cJN8w//cVuY7dgMFIFsxLdMUfWQevqhWKHgT3itBo+WCYgpDixBHGvXrduYbFGO
+gBB4Q9qlTKnNqVVR3AQvzmc7t2quJcjI+p6Sfq1UlmjyEEYmsSQndYOSUGeR0zli
+P8UgjMx9VDXyugZWy/jGDBIXr3tKYXdeTlfSwJ0Dxkf3k0NpOCPvvpZSCAQlrCXd
+dwI25I39fGOZKES8rW6TPcN8K2uSvlHu4i2v3MYfPHkRVOwdbMA33YaX/bCvTwHa
+h8hg2hnwLNGUWhQZ6cwW/kPBjp7yVuDc0VIqfCyA7DqgUbo6juYm7ZD+EHUaVfAV
+32FFrMY/crH6UoZ1LXYK7I/xmyec5o66VewoGYsiY+5bFb0jNC8Pv/fmtzFPOFGW
+rHPxsLP/2rFpqwoNnhTX9wohqxHLOoN/DtjcTzznlL+VutOdQqNuU+U9o8wG5tea
+e+8tfNbvxSV2qvEZ/gqliSkpICe70jM04/ZkBw+eFdFqRZdV/tIIfEonzutqCi3x
+h/9r335b+6gJvpEkyq1VHesuydY5K21aPPnyETEOGKQAGfPMNyB67LNSd29gATHi
+CjJDkylMhMMf/qaTBxViMYSEZ3mzkbTkIQE9Oph2M2YMbZoh8VwNfu0mU6kxBBfT
+kSeGF1QZjnHeHWeRpd/lsKxFbNfElwVeoQc8e9evYHqNEdeyle8=
+=085i
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:13/zfs.patch b/website/static/security/patches/EN-22:13/zfs.patch
new file mode 100644
index 0000000000..a462fd9790
--- /dev/null
+++ b/website/static/security/patches/EN-22:13/zfs.patch
@@ -0,0 +1,11 @@
+--- sys/contrib/openzfs/module/zfs/dnode.c.orig
++++ sys/contrib/openzfs/module/zfs/dnode.c
+@@ -1661,7 +1661,7 @@
+ 	mutex_enter(&dn->dn_mtx);
+ 
+ 	for (int i = 0; i < TXG_SIZE; i++) {
+-		if (list_head(&dn->dn_dirty_records[i]) != NULL) {
++		if (multilist_link_active(&dn->dn_dirty_link[i])) {
+ 			mutex_exit(&dn->dn_mtx);
+ 			return (B_TRUE);
+ 		}
diff --git a/website/static/security/patches/EN-22:13/zfs.patch.asc b/website/static/security/patches/EN-22:13/zfs.patch.asc
new file mode 100644
index 0000000000..e353d55554
--- /dev/null
+++ b/website/static/security/patches/EN-22:13/zfs.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmI4zUYACgkQ05eS9J6n
+5cJCgBAAou2XZ5FlPpUqTP+r7usj1b76Rp5Y4IVXl/r4Wf7B1JDfQxWOlEDS0R0d
+HffxASWn6gJetRDTGpb3UhOAH0fDDhTUFPImubwXid+V+fdeohhUhcDshHl+Hz0u
+wrVvMGP8L8oiPSyrhbWAwvw2zGZijuyJw2SR94Vk6YQOHigRGF8P9UaHKkI1Es1y
+/QaoyGqScuqzAhf1N2lPWW5vZyhzkz8vvOvOKUCno6p5T/mT3Wg8xqDdXw8sUVRu
+9ugAwC0ofGoVZAzDbfneF+kwytYO2LJsYHTlH0L5/esVl8dApE2Q5FEL6YtqfDa4
+1kcPIvfH7JuIzx+mJckwT7aDP8mEUICFNo2TU1/ny70gfMizBsss7czmjukrNRbU
+AQNQKO7JZP7LrbIi3cC+6t6d6ZCAcUWVMBf3Oc13kezax5w49UVn8r4Khvrxexf/
+3MN6ed1gJ7/IOT3C9uyA0RYL4yLgdB6tRV3lHl5AHd1gTm2zNhsuFafvQGqmmwJf
+q0Xm1dXo5MdExwAyP64pnVVodTYT7lx4e8gBei+iU+Zf7K4fwbA1ENPnBSkIDFm+
+Ggto66JSmYeY6XZYLrZfG64sakgaElZU+/keYYw2qKThJtOa4ljbVmFvibX1Vyvt
++z+iZ0umzmYTkXCGRJfIJ9wIxPLPNXcGpbHmez+KU04YKrl/dbQ=
+=Mmi/
+-----END PGP SIGNATURE-----