svn commit: r42076 - in head/share: security/advisories security/patches/EN-13:01 security/patches/EN-13:02 xml
Xin LI
delphij at FreeBSD.org
Fri Jun 28 05:58:43 UTC 2013
Author: delphij
Date: Fri Jun 28 05:58:41 2013
New Revision: 42076
URL: http://svnweb.freebsd.org/changeset/doc/42076
Log:
Add latest errata notices:
Fix a problem where dhclient(8) utility tries to initilaize an
fxp(4) forever because the driver resets the controller chip
twice upon initialization. [EN-13:01]
Fix a problem where frames sent to additional MAC addresses are
not forwarded to the vtnet(4) interface. [EN-13:02]
Added:
head/share/security/advisories/FreeBSD-EN-13:01.fxp.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-13:02.vtnet.asc (contents, props changed)
head/share/security/patches/EN-13:01/
head/share/security/patches/EN-13:01/fxp_init.patch (contents, props changed)
head/share/security/patches/EN-13:01/fxp_init.patch.asc (contents, props changed)
head/share/security/patches/EN-13:02/
head/share/security/patches/EN-13:02/vtnet.patch (contents, props changed)
head/share/security/patches/EN-13:02/vtnet.patch.asc (contents, props changed)
Modified:
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-13:01.fxp.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-13:01.fxp.asc Fri Jun 28 05:58:41 2013 (r42076)
@@ -0,0 +1,117 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-13:01.fxp Errata Notice
+ The FreeBSD Project
+
+Topic: dhclient(8) utility issue on fxp(4) network interface
+
+Category: core
+Modules: sys_dev
+Announced: 2013-06-28
+Credits: Michael L. Squires and YongHyeon PYUN
+Affects: FreeBSD 8.4
+Corrected: 2013-06-10 07:31:50 UTC (head, 10.0-CURRENT)
+ 2013-06-17 04:40:27 UTC (stable/9, 9.1-STABLE)
+ 2013-06-17 04:42:02 UTC (stable/8, 8.4-STABLE)
+ 2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p1)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I. Background
+
+The dhclient(8) utility is a Dynamic Host Configuration Protocol (DHCP)
+client, which is used for configuring network interfaces.
+
+The fxp(4) network interface driver supports Intel EtherExpress
+PRO/100 Ethernet adapters based on the Intel i82557, i82558, i82559,
+i82550, i82551, and i82562 chips.
+
+II. Problem Description
+
+When the dhclient(8) utility is used on an fxp(4) network interface,
+configuration of the interface could fail with the following warning
+messages displayed:
+
+ fxp0: link state changed to UP
+ fxp0: link state changed to DOWN
+
+The cause is that the fxp(4) network interface driver resets the controller
+chip twice upon initialization, and the dhclient(8) utility falsely
+recognizes the second reset as a link down and attempts reinitialize
+the interface. As a result, the dhclient(8) utility keeps trying to
+initialize the interface forever.
+
+III. Impact
+
+A machine which has an fxp(4) network interface does not work with
+the dhclient(8) utility.
+
+IV. Workaround
+
+There is no workaround. Note that this issue occurs only when the
+dhclient(8) utility is used with an fxp(4) interface. A static
+configuration by using the ifconfig(8) utility works.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4
+ security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 8.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch
+# fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated
+via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+
+VI. Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+head r251600
+stable/9/ r251829
+stable/8/ r251830
+releng/8.4/ r252334
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-13:01.fxp.asc
+-----BEGIN PGP SIGNATURE-----
+
+iEYEARECAAYFAlHNI3sACgkQFdaIBMps37IlNwCghqzRtILy5k7Bc4u0NsUhWLfb
+Qz8An2kbVTqnveuS+apxaAf5Wg4wp3ey
+=mArf
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-13:02.vtnet.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-13:02.vtnet.asc Fri Jun 28 05:58:41 2013 (r42076)
@@ -0,0 +1,149 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-13:02.vtnet Errata Notice
+ The FreeBSD Project
+
+Topic: vtnet(4) network interface issue on QEMU 1.4.0 and later
+
+Category: core
+Modules: sys_dev
+Announced: 2013-06-28
+Credits: Julian Stecklina and Bryan Venteicher
+Affects: FreeBSD 8.4
+Corrected: 2013-06-15 03:55:04 UTC (head, 10.0-CURRENT)
+ 2013-06-25 04:42:16 UTC (stable/9, 9.1-STABLE)
+ 2013-06-25 04:42:43 UTC (stable/8, 8.4-STABLE)
+ 2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I. Background
+
+VirtIO is a specification for para-virtualized I/O in a virtual
+machine. The vtnet(4) network interface driver supports VirtIO
+emulated Ethernet device.
+
+QEMU is a generic and open source machine emulator and virtualizer.
+It is included as a third-party package in FreeBSD Ports Collection
+(emulators/qemu).
+
+II. Problem Description
+
+The vtnet(4) network interface driver displays the following message
+upon configuration when using QEMU 1.4.0 or later:
+
+ vtnet0: error setting host MAC filter table
+
+The interface works normally when the interface has one MAC address.
+However, if it has two or more MAC addresses configured, frames to
+those additional MAC addresses are not forwarded to the vtnet(4)
+interface. Thus, only the first MAC address works.
+
+III. Impact
+
+A vtnet(4) network interface with two or more MAC addresses configured
+on it cannot receive frames to the addresses except for the first one
+when the FreeBSD kernel is running on QEMU 1.4.0 or later. For the
+first MAC address, the vtnet(4) interface works without problem even
+though the error message is displayed.
+
+The vtnet(4) driver is included in GENERIC kernel in FreeBSD
+8.4-RELEASE.
+
+IV. Workaround
+
+The additional MAC addresses can work by setting the vtnet(4) network
+interface in promiscuous mode. The following command sets vtnet0 in
+promiscuous mode:
+
+ # ifconfig vtnet0 promisc
+
+Note that this may lead to performance degradation.
+
+Or, the fixed version of the vtnet(4) driver can be installed as
+kernel module by using the Ports Collection (emulators/virtio-kmod).
+To use it on 8.4-RELEASE, the GENERIC kernel has to be recompiled by
+removing all of the virtio(4) drivers before installing
+emulators/virtio-kmod. The following lines in kernel configuration
+file disable the drivers:
+
+ nodevice virtio
+ nodevice virtio_pci
+ nodevice vtnet
+ nodevice virtio_blk
+ nodevice virtio_scsi
+ nodevice virtio_balloon
+
+After recompilation and installing the new kernel and
+emulators/virtio-kmod, add the following lines to /boot/loader.conf.
+This enables the drivers by loading kernel modules which are installed
+by emulators/virtio-kmod at boot time.
+
+ virtio_load="YES"
+ virtio_pci_load="YES"
+ virtio_blk_load="YES"
+ if_vtnet_load="YES"
+ virtio_balloon_load="YES"
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4
+ security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 8.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch
+# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated
+via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI. Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+head r251769
+stable/9/ r252193
+stable/8/ r252194
+releng/8.4/ r252334
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-13:02.vtnet.asc
+-----BEGIN PGP SIGNATURE-----
+
+iEYEARECAAYFAlHNI4MACgkQFdaIBMps37L8DACfVzTAigMRbtT38pltWZ23IFUw
+O3kAn0R36RIBdh45I+g/BPzjTimKMPza
+=8wlc
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-13:01/fxp_init.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-13:01/fxp_init.patch Fri Jun 28 05:58:41 2013 (r42076)
@@ -0,0 +1,90 @@
+Index: sys/dev/fxp/if_fxp.c
+===================================================================
+--- sys/dev/fxp/if_fxp.c (revision 251829)
++++ sys/dev/fxp/if_fxp.c (revision 251830)
+@@ -1074,7 +1074,8 @@ fxp_suspend(device_t dev)
+ pmstat |= PCIM_PSTAT_PME | PCIM_PSTAT_PMEENABLE;
+ sc->flags |= FXP_FLAG_WOL;
+ /* Reconfigure hardware to accept magic frames. */
+- fxp_init_body(sc, 1);
++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
++ fxp_init_body(sc, 0);
+ }
+ pci_write_config(sc->dev, pmc + PCIR_POWER_STATUS, pmstat, 2);
+ }
+@@ -2140,8 +2141,10 @@ fxp_tick(void *xsc)
+ */
+ if (sc->rx_idle_secs > FXP_MAX_RX_IDLE) {
+ sc->rx_idle_secs = 0;
+- if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0)
++ if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) {
++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ fxp_init_body(sc, 1);
++ }
+ return;
+ }
+ /*
+@@ -2239,6 +2242,7 @@ fxp_watchdog(struct fxp_softc *sc)
+ device_printf(sc->dev, "device timeout\n");
+ sc->ifp->if_oerrors++;
+
++ sc->ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ fxp_init_body(sc, 1);
+ }
+
+@@ -2273,6 +2277,10 @@ fxp_init_body(struct fxp_softc *sc, int setmedia)
+ int i, prm;
+
+ FXP_LOCK_ASSERT(sc, MA_OWNED);
++
++ if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0)
++ return;
++
+ /*
+ * Cancel any pending I/O
+ */
+@@ -2812,6 +2820,7 @@ fxp_miibus_statchg(device_t dev)
+ */
+ if (sc->revision == FXP_REV_82557)
+ return;
++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ fxp_init_body(sc, 0);
+ }
+
+@@ -2835,9 +2844,10 @@ fxp_ioctl(struct ifnet *ifp, u_long command, caddr
+ if (ifp->if_flags & IFF_UP) {
+ if (((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) &&
+ ((ifp->if_flags ^ sc->if_flags) &
+- (IFF_PROMISC | IFF_ALLMULTI | IFF_LINK0)) != 0)
++ (IFF_PROMISC | IFF_ALLMULTI | IFF_LINK0)) != 0) {
++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ fxp_init_body(sc, 0);
+- else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
++ } else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
+ fxp_init_body(sc, 1);
+ } else {
+ if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0)
+@@ -2850,8 +2860,10 @@ fxp_ioctl(struct ifnet *ifp, u_long command, caddr
+ case SIOCADDMULTI:
+ case SIOCDELMULTI:
+ FXP_LOCK(sc);
+- if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0)
++ if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) {
++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ fxp_init_body(sc, 0);
++ }
+ FXP_UNLOCK(sc);
+ break;
+
+@@ -2941,8 +2953,10 @@ fxp_ioctl(struct ifnet *ifp, u_long command, caddr
+ ~(IFCAP_VLAN_HWTSO | IFCAP_VLAN_HWCSUM);
+ reinit++;
+ }
+- if (reinit > 0 && ifp->if_flags & IFF_UP)
++ if (reinit > 0 && (ifp->if_drv_flags & IFF_DRV_RUNNING) != 0) {
++ ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+ fxp_init_body(sc, 0);
++ }
+ FXP_UNLOCK(sc);
+ VLAN_CAPABILITIES(ifp);
+ break;
Added: head/share/security/patches/EN-13:01/fxp_init.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-13:01/fxp_init.patch.asc Fri Jun 28 05:58:41 2013 (r42076)
@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iEYEABECAAYFAlHNIK0ACgkQFdaIBMps37LWlACgjE24YlxIPHVad66ryPEoKN9/
+t+gAn1B2wYnsKkU7BCgs4gDtOLSNSyFz
+=S5aD
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-13:02/vtnet.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-13:02/vtnet.patch Fri Jun 28 05:58:41 2013 (r42076)
@@ -0,0 +1,16 @@
+Index: sys/dev/virtio/network/if_vtnet.c
+===================================================================
+--- sys/dev/virtio/network/if_vtnet.c (revision 252193)
++++ sys/dev/virtio/network/if_vtnet.c (revision 252194)
+@@ -2470,9 +2470,9 @@ vtnet_rx_filter_mac(struct vtnet_softc *sc)
+ sglist_init(&sg, 4, segs);
+ error |= sglist_append(&sg, &hdr, sizeof(struct virtio_net_ctrl_hdr));
+ error |= sglist_append(&sg, &filter->vmf_unicast,
+- sizeof(struct vtnet_mac_table));
++ sizeof(uint32_t) + filter->vmf_unicast.nentries * ETHER_ADDR_LEN);
+ error |= sglist_append(&sg, &filter->vmf_multicast,
+- sizeof(struct vtnet_mac_table));
++ sizeof(uint32_t) + filter->vmf_multicast.nentries * ETHER_ADDR_LEN);
+ error |= sglist_append(&sg, &ack, sizeof(uint8_t));
+ KASSERT(error == 0 && sg.sg_nseg == 4,
+ ("error adding MAC filtering message to sglist"));
Added: head/share/security/patches/EN-13:02/vtnet.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-13:02/vtnet.patch.asc Fri Jun 28 05:58:41 2013 (r42076)
@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iEYEABECAAYFAlHNIKQACgkQFdaIBMps37LavgCglodGaYxXqVR5F6vBDK1IUkk2
+nQAAn3QKtIuK+/t7ggokGWRE8e/nLhaE
+=pp9d
+-----END PGP SIGNATURE-----
Modified: head/share/xml/notices.xml
==============================================================================
--- head/share/xml/notices.xml Thu Jun 27 22:21:18 2013 (r42075)
+++ head/share/xml/notices.xml Fri Jun 28 05:58:41 2013 (r42076)
@@ -5,6 +5,27 @@
</cvs:keyword>
<year>
+ <name>2013</name>
+
+ <month>
+ <name>6</name>
+
+ <day>
+ <name>28</name>
+
+ <notice>
+ <name>FreeBSD-EN-13:01.fxp</name>
+ </notice>
+
+ <notice>
+ <name>FreeBSD-EN-13:02.vtnet</name>
+ </notice>
+ </day>
+ </month>
+
+ </year>
+
+ <year>
<name>2012</name>
<month>
More information about the svn-doc-all
mailing list