From nobody Fri Dec 01 02:03:14 2023 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ShGYZ5wk1z536hj for ; Fri, 1 Dec 2023 02:03:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ShGYZ3b6pz4ZXR; Fri, 1 Dec 2023 02:03:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701396194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xBlCwZEdbQDaeK7YdHY6EDqKtVfCLdmUes6sPSKU5FE=; b=oHYlPvAoe5tD24LK2AttC+c26RE5FlxUq86xxXybG4+b1j35KTnnxB7KlUX4vccMU4rWqW J+HW+cudrW18TDNqD+E1UAS9AS46/s21bYdF3Rb50Vf7BU2Jed9iLTScU4ZP91zcGQRVzF Awu9MzEAsIxKgjrE9hyJxyM+oziDMW8hkVNiEFQAz/74HxK5kRWppXapxKjXAHX6LKYQAZ qf1OfEgsebEOLDh3DViBUrW3RJhzAKoW1rMs1nJ1dfZtBDwdWg83/qARwKnt90iXbNv3XH /vJ0/8q46veRvcwP7yScBGDj0ykyV3ENF3QvYMlVemx0BqkjfP/34OcGSQNdiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701396194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xBlCwZEdbQDaeK7YdHY6EDqKtVfCLdmUes6sPSKU5FE=; b=tW+/x6FtIIzdoOx4sR5z8pPDSo01RQoLMTwQMaE4opLe/O8qBfL7tQ0b8ZCi2Omy70CHEQ kZZptpED+ODoHmd6Mk7r2wldx5RpAShbPXL9FBPBqgxEyH76aHXqrp2HmNzcLee2nezQa/ DoxXZHluZ7AMvV3KjTBrDLxg+EM+xpcaDqZmtoqM7HCi29IVJt3r/AdZMusDa4AHuVfMOH mQVtni/NmsUaVW3B5R9fO7jYZ+PHdAeDAFZprKavIaIBGVUp5yDPk8UxsR5aeR+Vi+70Nm FvxfzMpW7kCU2VyPUEFAyp9/NR4IpxltpUeDT2c8W7SzpH/otkASs5gz9fZyKw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1701396194; a=rsa-sha256; cv=none; b=BlRfMkc7G6ahqrXVchMvX8Lg3n0Rwu1r+4dxpt5FyZ/G9GdCK0yi0O0xlnQPQfD3XA9X8R 7JJ/7E5UE9+SlrsNA+IZQciVsOJBCwdNmLvLKm2zdNHMzk5KMXpK4QEPVkNXDhCtJcicv8 N7WKcSQyj4A3NdpExIsN5vDKFwaUmis+xVHTvoOWQ0XDCnP3TJQtjJqJlZ3r/mMBNgI4AL q5Y8aiGhaHmsZWCrRH2hsRZtd2puvhzvwtf4Uptt8IKAnV62WIqb/nA1V6bva0YQX1F258 tw/sa7cO6YQvvZxnRmiw/aOJ9UIQ21wFvh9+dSGLD+UIhBrWpJatOLAsF6FKjQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ShGYZ2fdTzSw; Fri, 1 Dec 2023 02:03:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3B123ED8007915; Fri, 1 Dec 2023 02:03:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3B123EBN007912; Fri, 1 Dec 2023 02:03:14 GMT (envelope-from git) Date: Fri, 1 Dec 2023 02:03:14 GMT Message-Id: <202312010203.3B123EBN007912@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Gordon Tetlow Subject: git: a847059f9c - main - Add EN-23:15 and EN-23:16. List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-doc-all@freebsd.org X-BeenThere: dev-commits-doc-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a847059f9ce13a81b8a0d2a46d0ad9dca6a9b335 Auto-Submitted: auto-generated The branch main has been updated by gordon: URL: https://cgit.FreeBSD.org/doc/commit/?id=a847059f9ce13a81b8a0d2a46d0ad9dca6a9b335 commit a847059f9ce13a81b8a0d2a46d0ad9dca6a9b335 Author: Gordon Tetlow AuthorDate: 2023-12-01 02:02:53 +0000 Commit: Gordon Tetlow CommitDate: 2023-12-01 02:02:53 +0000 Add EN-23:15 and EN-23:16. Approved by: so --- website/data/security/errata.toml | 8 + .../advisories/FreeBSD-EN-23:15.sanitizer.asc | 145 +++++++++++++++ .../advisories/FreeBSD-EN-23:16.openzfs.asc | 197 +++++++++++++++++++++ .../security/patches/EN-23:15/sanitizer.patch | 38 ++++ .../security/patches/EN-23:15/sanitizer.patch.asc | 16 ++ .../security/patches/EN-23:16/openzfs.12.patch | 12 ++ .../security/patches/EN-23:16/openzfs.12.patch.asc | 16 ++ .../security/patches/EN-23:16/openzfs.13.patch | 28 +++ .../security/patches/EN-23:16/openzfs.13.patch.asc | 16 ++ .../security/patches/EN-23:16/openzfs.14.patch | 101 +++++++++++ .../security/patches/EN-23:16/openzfs.14.patch.asc | 16 ++ 11 files changed, 593 insertions(+) diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index df128aa134..4966e33623 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,6 +1,14 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-23:16.openzfs" +date = "2023-12-01" + +[[notices]] +name = "FreeBSD-EN-23:15.sanitizer" +date = "2023-12-01" + [[notices]] name = "FreeBSD-EN-23:14.regcomp" date = "2023-11-08" diff --git a/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc b/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc new file mode 100644 index 0000000000..c99758ce43 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:15.sanitizer Errata Notice + The FreeBSD Project + +Topic: Clang sanitizer failure with ASLR enabled + +Category: contrib +Module: compiler-rt +Announced: 2023-12-01 +Affects: FreeBSD 14.0 +Corrected: 2023-11-25 09:05:09 UTC (stable/14, 14.0-STABLE) + 2023-12-01 00:38:35 UTC (releng/14.0, 14.0-RELEASE-p1) + 2023-11-25 09:05:14 UTC (stable/13, 13.2-STABLE) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +Compiler-RT is an implementation of various compiler runtime support routines, +provided by the LLVM project. This library also provides a number of so-called +Sanitizers, which help to catch buffer overruns, thread data races, and so on: +AddressSanitizer, ThreadSanitizer, UndefinedBehaviorSanitizer, and more. + +II. Problem Description + +Some of the Sanitizers cannot work correctly when ASLR is enabled. Therefore, at +the initialization of such Sanitizers, ASLR is detected via procctl(2). If ASLR +is enabled, it is first disabled, and then the main executable containing the +Sanitizer is re-executed, after printing an appropriate message. + +However, the Sanitizers work by intercepting various function calls, and by +mistake the already-intercepted procctl(2) function was used. This causes an +internal error, which usually results in a segfault. + +III. Impact + +Binaries linked to AddressSanitizer (using -fsanitize=address), MemorySanitizer +(using -fsanitize=memory) or ThreadSanitizer (using -fsanitize=thread) can crash +at startup with a segfault, if ASLR is enabled. Other binaries are not affected. + +IV. Workaround + +If ASLR is enabled system-wide, the problem can be worked around by running the +specific binary with proccontrol(1), to temporarily disable ASLR for only that +program. For example: + + proccontrol -m aslr -s disable /path/to/example_program + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +No reboot is necessary, but Sanitized binaries must be re-linked, because the +Sanitizer libraries are statically linked in. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +No reboot is necessary, but Sanitized binaries must be re-linked, because the +Sanitizer libraries are statically linked in. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.patch +# fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.patch.asc +# gpg --verify sanitizer.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 1e4798e9677f stable/14-n265803 +releng/14.0/ 78b4c762b20b releng/14.0-n265381 +stable/13/ 7c25a53a2cb9 stable/13-n256726 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + + + +The latest revision of this advisory is available at + + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVpPoYACgkQbljekB8A +Gu+z2A//VhWVguaPhfTkV0jRrG/tD1iu+xhM7TSRcnnGYn7IIkzWzHkO5jrP9Oy5 +aRueyAVvw048f4unEG36qBM+UO5LSCcDEj3OAhxhJzfTfXcRBYMRuvp5cC+Xjgji +s6S7JlSTeHqJakj6UV58d4elppj5QN1b2IQtwahcwuBtlue4NaOg16z6GFDDbVKo +Db8h+yOyQuwGj7uvahpuHpNB21pMfTwi4IWV2F9QOjQMO/+pcqia+leG53WOsB/A +SFW3zNHdAl+Q7NBq6lRVTqyW69Ouh1gblQ57kMCdzyTF5BSzcDhX5QwiS9t2TIU9 +gs2ulNxxIiSPmi7n/ZlDPRyH57C/+h6vSHVeXOVKZhIffrqvpqqhT0WKQfIUnNLb +0uhdmXLdXWWAAk1OvDkBAIiO6C8GxVvgZvHWFhELjnDK6+qmZD7xv3RVpJnRVk9X +//U89b+zGNKhS+JFiTvXY90oUxoE72a9PuqvONZuKMGH+ooL9aRGEJujahCL2Swl +jxymcZHduvsXbnzrmGZr8Lxl4DP+cHD688gc8KOgitb3MCupcx066KmX1Pem7PvX +2AULZrFBDTPEIgf0ZuGt5R3+zd+k/sDlPVGdkLpF1AVOOuwtfton6Vbd5CKDzDLR +0PqGdkk9CLpI0Mm8I1o+v69bopYua1ndo3G2YuKIK7V472sgrRw= +=EPbY +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:16.openzfs.asc b/website/static/security/advisories/FreeBSD-EN-23:16.openzfs.asc new file mode 100644 index 0000000000..4836b85008 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:16.openzfs.asc @@ -0,0 +1,197 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:16.openzfs Errata Notice + The FreeBSD Project + +Topic: OpenZFS data corruption + +Category: contrib +Module: OpenZFS +Announced: 2023-12-01 +Affects: All supported versions of FreeBSD. +Corrected: 2023-11-28 21:00:48 UTC (stable/14, 14.0-STABLE) + 2023-12-01 00:38:38 UTC (releng/14.0, 14.0-RELEASE-p1) + 2023-11-28 21:07:30 UTC (stable/13, 13.2-STABLE) + 2023-12-01 00:38:47 UTC (releng/13.2, 13.2-RELEASE-p6) + 2023-11-30 05:28:33 UTC (stable/12, 12.4-STABLE) + 2023-12-01 00:40:23 UTC (releng/12.4, 12.4-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +FreeBSD has included a version of the powerful and feature-rich ZFS file +system beginning with FreeBSD 7.0 released in 2008. The ZFS implementation +in FreeBSD 12 and earlier is based on the Illumos ZFS codebase. In FreeBSD +13 and later OpenZFS is used as the ZFS implementation. + +Sparse files in a file system refer to a technique that optimizes storage +space by allowing the creation of files with unallocated or unwritten gaps, +known as holes. When reading a file, holes appear as zero or NUL bytes. +Certain system calls can access hole location metadata, including lseek(2) +with SEEK_HOLE and copy_file_range(2). + +In OpenZFS a dnode is a data structure used to represent and manage metadata +about files and directories. In file systems, "dirty" refers to data or +metadata that has been modified in memory but not yet written to the storage +device. Thus, a dirty dnode is one which has uncommitted data or metadata. + +In FreeBSD 13.2 and FreeBSD 14.0 cp(1) uses copy_file_range(2) to perform the +data copying in the kernel. copy_file_range attempts to find file holes in +the source file and preserve them in the copy. In FreeBSD 12.4 cp does not +use copy_file_range. + +II. Problem Description + +A check did not test both the dnode itself and its data for dirtiness. This +provides a very small window of time while a file is being modified where the +dirtiness check can falsely report that the dnode is clean. If this happens +a hole may incorrectly be reported where data was written. + +III. Impact + +If an access occurs while a file is being modified and a hole is incorrectly +reported, the data may instead be interpreted as zero bytes. Any application +which checks for holes may be affected by this issue; if this occurs during a +file copy it will result in a corrupt copy that retains the incorrect data. +Note that the source file remains intact (a subsequent read will return the +correct data). + +IV. Workaround + +Setting the vfs.zfs.dmu_offset_next_sync sysctl to 0 disables forcing +TXG sync to find holes. This is an effective workaround that greatly +reduces the likelihood of encountering data corruption, although it does +not completely eliminate it. Note that with the workaround holes will +not be reported in recently dirtied files. See the zfs(4) man page for +more information of the impact of this sysctl setting. + +The workaround should be removed once the system is updated to include the +fix described in this notice. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting to apply OpenZFS erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +NOTE: The FreeBSD 14.0 patch includes additional bug fixes which were found +during the investigation of this issue. These bug fixes do not apply to +FreeBSD 13.2 or FreeBSD 12.4. + +[FreeBSD 14.0] +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.14.patch +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.14.patch.asc +# gpg --verify openzfs.14.patch.asc + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.13.patch +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.13.patch.asc +# gpg --verify openzfs.13.patch.asc + +[FreeBSD 12.4] +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.12.patch +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.12.patch.asc +# gpg --verify openzfs.12.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 99385ec7c296 stable/14-n265836 +releng/14.0/ 154870526943 releng/14.0-n265384 +stable/13/ 5858f93a8b66 stable/13-n256744 +releng/13.2/ 0bb76997ce58 releng/13.2-n254644 +stable/12/ r373278 +releng/12.4/ r373279 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVpPo4ACgkQbljekB8A +Gu/7rg/8DV0CgrVWVW8lvywaBry/oFOAcB1s+b49fcW1wt4g4GOnFtU0VGuRYXJh +2pT2xnCVKgWKWciaFAoFN/N29GOxCuMkcPNoYPf8laiBNAmYTGGBMK6FI4YukI2V +6GKSU8hYPgxwRSRW7ZSXfzWl2MuLI2NdrRZwY+L/2cgr/uJVq/u7b1s7y7A9CdbQ +0euotytR77yrSHecA7Ye5PVRFp1behuiK9kbIVUTdFJRB0eQkpap5e3Af9b7GeLe +t3kFI5cHKim7PnquLpljxjRxwcWKeJBMf0a8X6nhXYJ7FHxh6YfRL1t4tPQIRHLq +5A4x9oDoZP5kPRQgdxYT4J/VuoCEsq9/D83DwLK6fMY9qcY/TYrp1rOnYKwBQDUj +FMIbaipxss/j8KWEyAwc3dIwJBFCW40yRFR2cg7SCeZ0UJzZEkuDOaIvzkWIGtc3 +AqW0R+lvAQ2f+ObbP7iQCGj4HrCgIlPUCDX2SckNuAwaXQIdu5GO+HDjuKb49sw3 +8zimt4dAT+OuvZxXDacIhIz53LCJHD/cAyF2CqTdNYpwne892drfiK4FQZ1Jq75Q +4nRedE8YLD2ZwuUALqR1PqHJQKra5hlAhAoITHuTpBG1fggSx6dyj6kSkMR8p6Mb +tADR8onFzUHZgOlkEOjddKaVqAP3z4jW+lfrlk7J/9j5jgRrtLM= +=pM+u +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-23:15/sanitizer.patch b/website/static/security/patches/EN-23:15/sanitizer.patch new file mode 100644 index 0000000000..608e2450b1 --- /dev/null +++ b/website/static/security/patches/EN-23:15/sanitizer.patch @@ -0,0 +1,38 @@ +--- contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp.orig ++++ contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp +@@ -2323,7 +2323,7 @@ + "and binaries compiled with PIE\n" + "ASLR will be disabled and the program re-executed.\n"); + int aslr_ctl = PROC_ASLR_FORCE_DISABLE; +- CHECK_NE(procctl(P_PID, 0, PROC_ASLR_CTL, &aslr_ctl), -1); ++ CHECK_NE(internal_procctl(P_PID, 0, PROC_ASLR_CTL, &aslr_ctl), -1); + ReExec(); + } + # elif SANITIZER_PPC64V2 +--- contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp.orig ++++ contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp +@@ -56,6 +56,7 @@ + // that, it was never implemented. So just define it to zero. + #undef MAP_NORESERVE + #define MAP_NORESERVE 0 ++extern const Elf_Auxinfo *__elf_aux_vector; + #endif + + #if SANITIZER_NETBSD +@@ -947,11 +948,11 @@ + const char *pathname = "/proc/self/exe"; + + #if SANITIZER_FREEBSD +- char exe_path[PATH_MAX]; +- if (elf_aux_info(AT_EXECPATH, exe_path, sizeof(exe_path)) == 0) { +- char link_path[PATH_MAX]; +- if (realpath(exe_path, link_path)) +- pathname = link_path; ++ for (const auto *aux = __elf_aux_vector; aux->a_type != AT_NULL; aux++) { ++ if (aux->a_type == AT_EXECPATH) { ++ pathname = static_cast(aux->a_un.a_ptr); ++ break; ++ } + } + #elif SANITIZER_NETBSD + static const int name[] = { diff --git a/website/static/security/patches/EN-23:15/sanitizer.patch.asc b/website/static/security/patches/EN-23:15/sanitizer.patch.asc new file mode 100644 index 0000000000..12d63f9ff1 --- /dev/null +++ b/website/static/security/patches/EN-23:15/sanitizer.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVpPo0ACgkQbljekB8A +Gu/+pQ//YHZI15uVIV9EaMfrdn9XqWZNWUIn8KheUeARA6Ql+RwiGVhi10jnXjvS +RFxH/3o8HSjxIVlWFb8JlYWceDl7oVcmF1LQKyGRrhZQO6BbI1kX385FvU945qe3 +nABMUtDunu0vbqNScQm/pZAv8y08EdrPDGLItH1+NfIpjVs2HRYxcL3TROTQ6BKF ++EpwdqrrsA96wodQrtc1NXj0CGr8OEGf1AIwxdyd6JV8GkjVJru+lmON1u49eKc1 +3yflwz+3EULWU8SHYmcnVq+vJnanAhJbw8LjKdrDviqvaChdf+/FRsV5XLR6VR1E +SjXjIzxhwNwF3rZXtDGBTjDUjdW4C4rLUqmNW1oUl2P0GSoz3akXO6eq7/JtLLtR +jyC5jBmkuOunA+H1OpId2UFrXgLx+L0YsDf5iq2Xk+O6tWlalUczR/7TWtj9X6Xd +Bb5lx1y/osN9Rdl1TjFXERzS3yymniue3tE6UoGWDnMnLwiIVJg9/YjaniRRclgN +GRy9vaxLlYybkBTIS27QYduwpibJ2oMsiEcCyJ6ZI/Lkvy++3tg+KvK2YsMarHD9 +Sl8PSDDXiDr6oGwxRLZF5sdo87jh6VCd2OEstbXU+om6J9QOaU/vW/NKRLsZOdSZ +hrYH3bFAnFMZGx/aI66YRL7ioW1KVaBMcU7iWWS8dKaQ8FHXc4k= +=DmQ6 +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-23:16/openzfs.12.patch b/website/static/security/patches/EN-23:16/openzfs.12.patch new file mode 100644 index 0000000000..e80d6cbf6a --- /dev/null +++ b/website/static/security/patches/EN-23:16/openzfs.12.patch @@ -0,0 +1,12 @@ +--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu.c.orig ++++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu.c +@@ -2557,7 +2557,8 @@ + } + + for (i = 0; i < TXG_SIZE; i++) { +- if (list_link_active(&dn->dn_dirty_link[i])) { ++ if (list_link_active(&dn->dn_dirty_link[i]) || ++ !list_is_empty(&dn->dn_dirty_records[i])) { + break; + } + } diff --git a/website/static/security/patches/EN-23:16/openzfs.12.patch.asc b/website/static/security/patches/EN-23:16/openzfs.12.patch.asc new file mode 100644 index 0000000000..87e5c1d7ff --- /dev/null +++ b/website/static/security/patches/EN-23:16/openzfs.12.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVpPo8ACgkQbljekB8A +Gu9VwxAAmCLK2FkewKGLjYQeys8HMuZlocjr9gg2b5waAqLwiYdPS3rQY/vtJpLo +i/230IfXxaG783yxeSpfPOAviiyaGKjlDh1K6SQtsRspnqLB0JxZPBzvwt4sy7UI +8zjCIc4uvpKoifqQ/69DVmrsj3frgJkF4lgcbXX/JBtOulM/XZumRsEw8OX0m+Cj +ha9z+nqxGxMEXLA2pd1in4/T9hZv5miaDt7/1fuQRN0GBU+FXjTHC3hPk+z5H6/2 ++P1oo4IuDZDSkxuAwHPmvtDOqhajL/H0Ozbn0TH+M8k4iTQXOm8IhtSvX+HDuQYb +kOvTA/CPIeFNp/Y9QZg9z9fyFLNYFjjtzoHN1KNLp4NmOCKPUGHppFLHnXJsnqmh +nCVT1iYdRAOlp4yK8fuV8tPnjie9umIOOrRKURpF4LNlsUDwEVubhsFfvkTjq2uP +bEbn5ELM0QsxJO038rDlYhMCs/OVRw6sTirdDI5Y0D3XohlSLvexUcLgy0OfY0Xd +xX8wh6Yyb4D42Ug1ngMGoS+Ik0Tj2eLsm/gGlCKQyNvQQwrpC5qUDSNJ/moM1Qq5 +NmTzGP2qTmEbfJF5Od1IqbNZejUflOPl/CWvQFieS1UKvwgIXxCBV/eaOUg5Wnx5 +zt0ukYwVCeeq3Iuaa7hXc49Gs3Nt16qYLOf+XknrkSA+7jImlD8= +=fm3B +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-23:16/openzfs.13.patch b/website/static/security/patches/EN-23:16/openzfs.13.patch new file mode 100644 index 0000000000..a8947126b3 --- /dev/null +++ b/website/static/security/patches/EN-23:16/openzfs.13.patch @@ -0,0 +1,28 @@ +--- sys/contrib/openzfs/module/zfs/dnode.c.orig ++++ sys/contrib/openzfs/module/zfs/dnode.c +@@ -1773,7 +1773,14 @@ + } + + /* +- * Checks if the dnode contains any uncommitted dirty records. ++ * Checks if the dnode itself is dirty, or is carrying any uncommitted records. ++ * It is important to check both conditions, as some operations (eg appending ++ * to a file) can dirty both as a single logical unit, but they are not synced ++ * out atomically, so checking one and not the other can result in an object ++ * appearing to be clean mid-way through a commit. ++ * ++ * Do not change this lightly! If you get it wrong, dmu_offset_next() can ++ * detect a hole where there is really data, leading to silent corruption. + */ + boolean_t + dnode_is_dirty(dnode_t *dn) +@@ -1781,7 +1788,8 @@ + mutex_enter(&dn->dn_mtx); + + for (int i = 0; i < TXG_SIZE; i++) { +- if (multilist_link_active(&dn->dn_dirty_link[i])) { ++ if (multilist_link_active(&dn->dn_dirty_link[i]) || ++ !list_is_empty(&dn->dn_dirty_records[i])) { + mutex_exit(&dn->dn_mtx); + return (B_TRUE); + } diff --git a/website/static/security/patches/EN-23:16/openzfs.13.patch.asc b/website/static/security/patches/EN-23:16/openzfs.13.patch.asc new file mode 100644 index 0000000000..017633a5e6 --- /dev/null +++ b/website/static/security/patches/EN-23:16/openzfs.13.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVpPpAACgkQbljekB8A +Gu/NFA//SVX4DWrM8h62yEJtZykr6CoI5qKfCFT6sCYFsYV3d2BzNVje5t3sAndH +WmexHJ1i0IB0cJBoZ15t2v7WXv2T4CEPK29klp0nLwXmntLeaL5ap2rMrioeCIX7 +yKIrXWZL9wRQ6TkdPoTPrwx0gwLiyNQJ5fz+L9lkH3AjumV5N9yzz1+7s5Hw9fk3 +oyYIsAzVwaMWvK+4f2/3atqCXi14ULuEJvZCtipkQwKTK7G3TizAjY7KB7OaRJkI +qpTfqEg8N13WSONWuDtqlAqPxAo+la0/HQMJqVdx44JTWO480h3t95fVAs3S94Xx +lPZX1pwYv3/tY8FzesNVWmdQBpBTLBA7aWCLXElQ1Ex+krMDiDvYwF21VBsqR+qI +yh+rrXvQCPpmeiOy95XM0YRlX0/RPS8pkLW7BZicWWMNffRpPgLI1aoAxS1a7SN8 +6TXvT4HmbFIuiLClMh9cMWQlKer2PDZ03Q4xuj3SqUEeDk4P/5vi29kOvykQ0LJr +PPmKSgth2+tq4f5tF6NmhLb22C7TLr6N9t9xi6fd15OJ7tvgjIl1eii7uxsY750f +SAkz85IXa/ENu0MdRVC0LRKq0B+aCpDtFqzvZmRPBFVu+a1DYQWpMy4Otp8OHSaM +I6FSSJeGHGBTMMP/4ECD7DmWFudNbWFc8ZgLNA/Wm6fcNsRv8uo= +=be6d +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-23:16/openzfs.14.patch b/website/static/security/patches/EN-23:16/openzfs.14.patch new file mode 100644 index 0000000000..995aa0f683 --- /dev/null +++ b/website/static/security/patches/EN-23:16/openzfs.14.patch @@ -0,0 +1,101 @@ +--- sys/contrib/openzfs/module/os/freebsd/zfs/zio_crypt.c.orig ++++ sys/contrib/openzfs/module/os/freebsd/zfs/zio_crypt.c +@@ -1364,6 +1364,19 @@ + vec++; + total_len += crypt_len; + } ++ } else if (txtype == TX_CLONE_RANGE) { ++ const size_t o = offsetof(lr_clone_range_t, lr_nbps); ++ crypt_len = o - sizeof (lr_t); ++ dst_iovecs[vec].iov_base = (char *)dlrp + sizeof (lr_t); ++ dst_iovecs[vec].iov_len = crypt_len; ++ ++ /* copy the bps now since they will not be encrypted */ ++ memcpy(dlrp + o, slrp + o, lr_len - o); ++ memcpy(aadp, slrp + o, lr_len - o); ++ aadp += lr_len - o; ++ aad_len += lr_len - o; ++ vec++; ++ total_len += crypt_len; + } else { + crypt_len = lr_len - sizeof (lr_t); + dst_iovecs[vec].iov_base = (char *)dlrp + +--- sys/contrib/openzfs/module/os/linux/zfs/zio_crypt.c.orig ++++ sys/contrib/openzfs/module/os/linux/zfs/zio_crypt.c +@@ -1543,6 +1543,21 @@ + nr_iovecs++; + total_len += crypt_len; + } ++ } else if (txtype == TX_CLONE_RANGE) { ++ const size_t o = offsetof(lr_clone_range_t, lr_nbps); ++ crypt_len = o - sizeof (lr_t); ++ src_iovecs[nr_iovecs].iov_base = slrp + sizeof (lr_t); ++ src_iovecs[nr_iovecs].iov_len = crypt_len; ++ dst_iovecs[nr_iovecs].iov_base = dlrp + sizeof (lr_t); ++ dst_iovecs[nr_iovecs].iov_len = crypt_len; ++ ++ /* copy the bps now since they will not be encrypted */ ++ memcpy(dlrp + o, slrp + o, lr_len - o); ++ memcpy(aadp, slrp + o, lr_len - o); ++ aadp += lr_len - o; ++ aad_len += lr_len - o; ++ nr_iovecs++; ++ total_len += crypt_len; + } else { + crypt_len = lr_len - sizeof (lr_t); + src_iovecs[nr_iovecs].iov_base = slrp + sizeof (lr_t); +--- sys/contrib/openzfs/module/zfs/dbuf.c.orig ++++ sys/contrib/openzfs/module/zfs/dbuf.c +@@ -2700,15 +2700,23 @@ + * writes and clones into this block. + */ + mutex_enter(&db->db_mtx); ++ DBUF_VERIFY(db); + VERIFY(!dbuf_undirty(db, tx)); + ASSERT3P(dbuf_find_dirty_eq(db, tx->tx_txg), ==, NULL); + if (db->db_buf != NULL) { + arc_buf_destroy(db->db_buf, db); + db->db_buf = NULL; ++ dbuf_clear_data(db); + } ++ ++ db->db_state = DB_NOFILL; ++ DTRACE_SET_STATE(db, "allocating NOFILL buffer for clone"); ++ ++ DBUF_VERIFY(db); + mutex_exit(&db->db_mtx); + +- dmu_buf_will_not_fill(db_fake, tx); ++ dbuf_noread(db); ++ (void) dbuf_dirty(db, tx); + } + + void +--- sys/contrib/openzfs/module/zfs/dnode.c.orig ++++ sys/contrib/openzfs/module/zfs/dnode.c +@@ -1764,7 +1764,14 @@ + } + + /* +- * Checks if the dnode contains any uncommitted dirty records. ++ * Checks if the dnode itself is dirty, or is carrying any uncommitted records. ++ * It is important to check both conditions, as some operations (eg appending ++ * to a file) can dirty both as a single logical unit, but they are not synced ++ * out atomically, so checking one and not the other can result in an object ++ * appearing to be clean mid-way through a commit. ++ * ++ * Do not change this lightly! If you get it wrong, dmu_offset_next() can ++ * detect a hole where there is really data, leading to silent corruption. + */ + boolean_t + dnode_is_dirty(dnode_t *dn) +@@ -1772,7 +1779,8 @@ + mutex_enter(&dn->dn_mtx); + + for (int i = 0; i < TXG_SIZE; i++) { +- if (multilist_link_active(&dn->dn_dirty_link[i])) { ++ if (multilist_link_active(&dn->dn_dirty_link[i]) || ++ !list_is_empty(&dn->dn_dirty_records[i])) { + mutex_exit(&dn->dn_mtx); + return (B_TRUE); + } diff --git a/website/static/security/patches/EN-23:16/openzfs.14.patch.asc b/website/static/security/patches/EN-23:16/openzfs.14.patch.asc new file mode 100644 index 0000000000..49119c2e46 --- /dev/null +++ b/website/static/security/patches/EN-23:16/openzfs.14.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVpPpEACgkQbljekB8A +Gu+q9g/9G6UXTaX20ZkbdiioR11+UhnuzXfgEZ0zVJBGAPLDNeNf8SN+THABSzzH +r/E1aFexSQlIP/yI/EtAIghyPLNkvUDp37BcBPXGQdymV4xrnPV+Zn8i4zAIAxKT +qDbWrvbqh3/cv9kN58nx3QuLtjWe5Iw432YEED/PG33D2mfRKuVJAGzCpqFZk4cP +583fwNqdVRMcP4+7PmqsL8NaQy1PC0JzZ9sO01SKi2dRyMwbLpI8BuyMMXGmvnkk +GnxUGmaoAZzESQW4frGUc1bNiKjU/fTqMsvQBK/L8bENp4g4Zs3qLVzyKWovCojJ +tgEHksIdHN8dyYeXNBdxsn8C5QwyJMr3P6xs1Un7NAeMRubXSs1b/F4cbG3sKLt6 +nQ8ysz8sZeR0Hi17+gQ5MoXBLB2YlN/2+EZWNwOdY8wvj5KplK9fCyWg09EN/p6q +qpQMSkmAroNu+AwZDdZ8piL+ECy4mdR1/uBLKtJXyqgAgfAiaS9+tWfM5977z26w +2ZwJr6VjG7wnWNw1ZhZngll+p7H7inW4y2DYelT7M2QogJpMYbxJHQUTvB4lPdar +mDcubL0ZLTZbWh0mp6jsTnRV4Yh0un4NQ6E8Z3U9bqFQq9LnNdMJb1g2697rDXJC +LwrDbXOrKy4ZNQhm+WBfqy6dnlt/0xy1LYhBv7FRKEzVsufyfAg= +=y3xx +-----END PGP SIGNATURE-----