diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index 50d0a89e3a..702576a943 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,951 +1,955 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-24:09.zfs" +date = "2024-04-24" + [[notices]] name = "FreeBSD-EN-24:08.kerberos" date = "2024-03-28" [[notices]] name = "FreeBSD-EN-24:07.clang" date = "2024-03-28" [[notices]] name = "FreeBSD-EN-24:06.wireguard" date = "2024-03-28" [[notices]] name = "FreeBSD-EN-24:05.tty" date = "2024-03-28" [[notices]] name = "FreeBSD-EN-24:04.ip" date = "2024-02-14" [[notices]] name = "FreeBSD-EN-24:03.kqueue" date = "2024-02-14" [[notices]] name = "FreeBSD-EN-24:02.libutil" date = "2024-02-14" [[notices]] name = "FreeBSD-EN-24:01.tzdata" date = "2024-02-14" [[notices]] name = "FreeBSD-EN-23:22.vfs" date = "2023-12-05" [[notices]] name = "FreeBSD-EN-23:21.tty" date = "2023-12-05" [[notices]] name = "FreeBSD-EN-23:20.vm" date = "2023-12-05" [[notices]] name = "FreeBSD-EN-23:19.pkgbase" date = "2023-12-05" [[notices]] name = "FreeBSD-EN-23:18.openzfs" date = "2023-12-05" [[notices]] name = "FreeBSD-EN-23:17.ossl" date = "2023-12-05" [[notices]] name = "FreeBSD-EN-23:16.openzfs" date = "2023-12-01" [[notices]] name = "FreeBSD-EN-23:15.sanitizer" date = "2023-12-01" [[notices]] name = "FreeBSD-EN-23:14.regcomp" date = "2023-11-08" [[notices]] name = "FreeBSD-EN-23:13.freebsd-update" date = "2023-11-08" [[notices]] name = "FreeBSD-EN-23:12.freebsd-update" date = "2023-10-03" [[notices]] name = "FreeBSD-EN-23:11.caroot" date = "2023-09-06" [[notices]] name = "FreeBSD-EN-23:10.pci" date = "2023-09-06" [[notices]] name = "FreeBSD-EN-23:09.freebsd-update" date = "2023-09-06" [[notices]] name = "FreeBSD-EN-23:08.vnet" date = "2023-08-01" [[notices]] name = "FreeBSD-EN-23:07.mpr" date = "2023-06-21" [[notices]] name = "FreeBSD-EN-23:06.loader" date = "2023-06-21" [[notices]] name = "FreeBSD-EN-23:05.tzdata" date = "2023-06-21" [[notices]] name = "FreeBSD-EN-23:04.ixgbe" date = "2023-02-08" [[notices]] name = "FreeBSD-EN-23:03.ena" date = "2023-02-08" [[notices]] name = "FreeBSD-EN-23:02.sdhci" date = "2023-02-08" [[notices]] name = "FreeBSD-EN-23:01.tzdata" date = "2023-02-08" [[notices]] name = "FreeBSD-EN-22:28.heimdal" date = "2022-11-29" [[notices]] name = "FreeBSD-EN-22:27.loader" date = "2022-11-01" [[notices]] name = "FreeBSD-EN-22:26.cam" date = "2022-11-01" [[notices]] name = "FreeBSD-EN-22:25.tcp" date = "2022-11-01" [[notices]] name = "FreeBSD-EN-22:24.zfs" date = "2022-11-01" [[notices]] name = "FreeBSD-EN-22:23.vm" date = "2022-11-01" [[notices]] name = "FreeBSD-EN-22:22.tzdata" date = "2022-11-01" [[notices]] name = "FreeBSD-EN-22:21.zfs" date = "2022-11-01" [[notices]] name = "FreeBSD-EN-22:20.tzdata" date = "2022-08-30" [[notices]] name = "FreeBSD-EN-22:19.pam_exec" date = "2022-08-09" [[notices]] name = "FreeBSD-EN-22:18.wifi" date = "2022-08-09" [[notices]] name = "FreeBSD-EN-22:17.cam" date = "2022-08-09" [[notices]] name = "FreeBSD-EN-22:16.kqueue" date = "2022-08-09" [[notices]] name = "FreeBSD-EN-22:15.pf" date = "2022-04-06" [[notices]] name = "FreeBSD-EN-22:14.tzdata" date = "2022-03-22" [[notices]] name = "FreeBSD-EN-22:13.zfs" date = "2022-03-21" [[notices]] name = "FreeBSD-EN-22:12.zfs" date = "2022-03-15" [[notices]] name = "FreeBSD-EN-22:11.zfs" date = "2022-03-15" [[notices]] name = "FreeBSD-EN-22:10.zfs" date = "2022-03-15" [[notices]] name = "FreeBSD-EN-22:09.freebsd-update" date = "2022-03-15" [[notices]] name = "FreeBSD-EN-22:08.i386" date = "2022-02-01" [[notices]] name = "FreeBSD-EN-22:07.la57" date = "2022-02-01" [[notices]] name = "FreeBSD-EN-22:06.libalias" date = "2022-01-11" [[notices]] name = "FreeBSD-EN-22:05.tail" date = "2022-01-11" [[notices]] name = "FreeBSD-EN-22:04.pcid" date = "2022-01-11" [[notices]] name = "FreeBSD-EN-22:03.hyperv" date = "2022-01-11" [[notices]] name = "FreeBSD-EN-22:02.xsave" date = "2022-01-11" [[notices]] name = "FreeBSD-EN-22:01.fsck_ffs" date = "2022-01-11" [[notices]] name = "FreeBSD-EN-21:29.tzdata" date = "2021-11-03" [[notices]] name = "FreeBSD-EN-21:28.vmci" date = "2021-11-03" [[notices]] name = "FreeBSD-EN-21:27.caroot" date = "2021-11-03" [[notices]] name = "FreeBSD-EN-21:26.libevent" date = "2021-11-03" [[notices]] name = "FreeBSD-EN-21:25.bhyve" date = "2021-08-24" [[notices]] name = "FreeBSD-EN-21:24.libcrypto" date = "2021-08-24" [[notices]] name = "FreeBSD-EN-21:23.virtio_blk" date = "2021-08-24" [[notices]] name = "FreeBSD-EN-21:22.linux_futex" date = "2021-06-29" [[notices]] name = "FreeBSD-EN-21:21.ipfw" date = "2021-06-29" [[notices]] name = "FreeBSD-EN-21:20.vlan" date = "2021-06-29" [[notices]] name = "FreeBSD-EN-21:19.libcasper" date = "2021-06-29" [[notices]] name = "FreeBSD-EN-21:18.libc++" date = "2021-06-29" [[notices]] name = "FreeBSD-EN-21:17.libradius" date = "2021-06-01" [[notices]] name = "FreeBSD-EN-21:16.bc" date = "2021-05-26" [[notices]] name = "FreeBSD-EN-21:15.virtio" date = "2021-05-26" [[notices]] name = "FreeBSD-EN-21:14.pms" date = "2021-05-26" [[notices]] name = "FreeBSD-EN-21:13.mpt" date = "2021-05-26" [[notices]] name = "FreeBSD-EN-21:12.divert" date = "2021-05-26" [[notices]] name = "FreeBSD-EN-21:11.aesni" date = "2021-05-26" [[notices]] name = "FreeBSD-EN-21:10.lldb" date = "2021-04-06" [[notices]] name = "FreeBSD-EN-21:09.pf" date = "2021-04-06" [[notices]] name = "FreeBSD-EN-21:08.freebsd-update" date = "2021-02-24" [[notices]] name = "FreeBSD-EN-21:07.caroot" date = "2021-02-24" [[notices]] name = "FreeBSD-EN-21:06.microcode" date = "2021-02-24" [[notices]] name = "FreeBSD-EN-21:05.libatomic" date = "2021-01-29" [[notices]] name = "FreeBSD-EN-21:04.zfs" date = "2021-01-29" [[notices]] name = "FreeBSD-EN-21:03.vnet" date = "2021-01-29" [[notices]] name = "FreeBSD-EN-21:02.extattr" date = "2021-01-29" [[notices]] name = "FreeBSD-EN-21:01.tzdata" date = "2021-01-29" [[notices]] name = "FreeBSD-EN-20:22.callout" date = "2020-12-01" [[notices]] name = "FreeBSD-EN-20:21.ipfw" date = "2020-12-01" [[notices]] name = "FreeBSD-EN-20:20.tzdata" date = "2020-12-01" [[notices]] name = "FreeBSD-EN-20:19.audit" date = "2020-12-01" [[notices]] name = "FreeBSD-EN-20:18.getfsstat" date = "2020-09-02" [[notices]] name = "FreeBSD-EN-20:17.linuxthread" date = "2020-09-02" [[notices]] name = "FreeBSD-EN-20:16.vmx" date = "2020-08-05" [[notices]] name = "FreeBSD-EN-20:15.mps" date = "2020-07-08" [[notices]] name = "FreeBSD-EN-20:14.linuxkpi" date = "2020-07-08" [[notices]] name = "FreeBSD-EN-20:13.bhyve" date = "2020-07-08" [[notices]] name = "FreeBSD-EN-20:12.iflib" date = "2020-06-09" [[notices]] name = "FreeBSD-EN-20:11.ena" date = "2020-06-09" [[notices]] name = "FreeBSD-EN-20:10.build" date = "2020-05-12" [[notices]] name = "FreeBSD-EN-20:09.igb" date = "2020-05-12" [[notices]] name = "FreeBSD-EN-20:08.tzdata" date = "2020-05-12" [[notices]] name = "FreeBSD-EN-20:07.quotad" date = "2020-04-21" [[notices]] name = "FreeBSD-EN-20:06.ipv6" date = "2020-03-19" [[notices]] name = "FreeBSD-EN-20:05.mlx5en" date = "2020-03-19" [[notices]] name = "FreeBSD-EN-20:04.pfctl" date = "2020-03-19" [[notices]] name = "FreeBSD-EN-20:03.sshd" date = "2020-03-19" [[notices]] name = "FreeBSD-EN-20:02.nmount" date = "2020-01-28" [[notices]] name = "FreeBSD-EN-20:01.ssp" date = "2020-01-28" [[notices]] name = "FreeBSD-EN-19:19.loader" date = "2019-11-12" [[notices]] name = "FreeBSD-EN-19:18.tzdata" date = "2019-10-23" [[notices]] name = "FreeBSD-EN-19:17.ipfw" date = "2019-08-20" [[notices]] name = "FreeBSD-EN-19:16.bhyve" date = "2019-08-20" [[notices]] name = "FreeBSD-EN-19:15.libunwind" date = "2019-08-06" [[notices]] name = "FreeBSD-EN-19:14.epoch" date = "2019-08-06" [[notices]] name = "FreeBSD-EN-19:13.mds" date = "2019-07-24" [[notices]] name = "FreeBSD-EN-19:12.tzdata" date = "2019-07-02" [[notices]] name = "FreeBSD-EN-19:11.net" date = "2019-06-19" [[notices]] name = "FreeBSD-EN-19:10.scp" date = "2019-05-14" [[notices]] name = "FreeBSD-EN-19:09.xinstall" date = "2019-05-14" [[notices]] name = "FreeBSD-EN-19:08.tzdata" date = "2019-05-14" [[notices]] name = "FreeBSD-EN-19:07.lle" date = "2019-02-05" [[notices]] name = "FreeBSD-EN-19:06.dtrace" date = "2019-02-05" [[notices]] name = "FreeBSD-EN-19:05.kqueue" date = "2019-01-09" [[notices]] name = "FreeBSD-EN-19:04.tzdata" date = "2019-01-09" [[notices]] name = "FreeBSD-EN-19:03.sqlite" date = "2019-01-09" [[notices]] name = "FreeBSD-EN-19:02.tcp" date = "2019-01-09" [[notices]] name = "FreeBSD-EN-19:01.cc_cubic" date = "2019-01-09" [[notices]] name = "FreeBSD-EN-18:18.zfs" date = "2018-12-19" [[notices]] name = "FreeBSD-EN-18:17.vm" date = "2018-12-19" [[notices]] name = "FreeBSD-EN-18:16.ptrace" date = "2018-12-19" [[notices]] name = "FreeBSD-EN-18:15.loader" date = "2018-11-27" [[notices]] name = "FreeBSD-EN-18:14.tzdata" date = "2018-11-27" [[notices]] name = "FreeBSD-EN-18:13.icmp" date = "2018-11-27" [[notices]] name = "FreeBSD-EN-18:12.mem" date = "2018-09-27" [[notices]] name = "FreeBSD-EN-18:11.listen" date = "2018-09-27" [[notices]] name = "FreeBSD-EN-18:10.syscall" date = "2018-09-27" [[notices]] name = "FreeBSD-EN-18:09.ip" date = "2018-09-27" [[notices]] name = "FreeBSD-EN-18:08.lazyfpu" date = "2018-09-12" [[notices]] name = "FreeBSD-EN-18:07.pmap" date = "2018-06-21" [[notices]] name = "FreeBSD-EN-18:06.tzdata" date = "2018-05-08" [[notices]] name = "FreeBSD-EN-18:05.mem" date = "2018-05-08" [[notices]] name = "FreeBSD-EN-18:04.mem" date = "2018-04-04" [[notices]] name = "FreeBSD-EN-18:03.tzdata" date = "2018-04-04" [[notices]] name = "FreeBSD-EN-18:02.file" date = "2018-03-07" [[notices]] name = "FreeBSD-EN-18:01.tzdata" date = "2018-03-07" [[notices]] name = "FreeBSD-EN-17:09.tzdata" date = "2017-11-02" [[notices]] name = "FreeBSD-EN-17:08.pf" date = "2017-08-10" [[notices]] name = "FreeBSD-EN-17:07.vnet" date = "2017-08-10" [[notices]] name = "FreeBSD-EN-17:06.hyperv" date = "2017-07-12" [[notices]] name = "FreeBSD-EN-17:05.xen" date = "2017-04-12" [[notices]] name = "FreeBSD-EN-17:04.mandoc" date = "2017-02-23" [[notices]] name = "FreeBSD-EN-17:03.hyperv" date = "2017-02-23" [[notices]] name = "FreeBSD-EN-17:02.yp" date = "2017-02-23" [[notices]] name = "FreeBSD-EN-17:01.pcie" date = "2017-02-23" [[notices]] name = "FreeBSD-EN-16:21.localedef" date = "2016-12-06" [[notices]] name = "FreeBSD-EN-16:20.tzdata" date = "2016-12-06" [[notices]] name = "FreeBSD-EN-16:19.tzcode" date = "2016-12-06" [[notices]] name = "FreeBSD-EN-16:18.loader" date = "2016-10-25" [[notices]] name = "FreeBSD-EN-16:17.vm" date = "2016-10-25" [[notices]] name = "FreeBSD-EN-16:16.hv_storvsc" date = "2016-08-12" [[notices]] name = "FreeBSD-EN-16:15.vmbus" date = "2016-08-12" [[notices]] name = "FreeBSD-EN-16:14.hv_storvsc" date = "2016-08-12" [[notices]] name = "FreeBSD-EN-16:13.vmbus" date = "2016-08-12" [[notices]] name = "FreeBSD-EN-16:12.hv_storvsc" date = "2016-08-12" [[notices]] name = "FreeBSD-EN-16:11.vmbus" date = "2016-08-12" [[notices]] name = "FreeBSD-EN-16:10.dhclient" date = "2016-08-12" [[notices]] name = "FreeBSD-EN-16:09.freebsd-update" date = "2016-07-25" [[notices]] name = "FreeBSD-EN-16:08.zfs" date = "2016-05-04" [[notices]] name = "FreeBSD-EN-16:07.ipi" date = "2016-05-04" [[notices]] name = "FreeBSD-EN-16:06.libc" date = "2016-05-04" [[notices]] name = "FreeBSD-EN-16:05.hv_netvsc" date = "2016-03-16" [[notices]] name = "FreeBSD-EN-16:04.hyperv" date = "2016-03-16" [[notices]] name = "FreeBSD-EN-16:03.yplib" date = "2016-01-14" [[notices]] name = "FreeBSD-EN-16:02.pf" date = "2016-01-14" [[notices]] name = "FreeBSD-EN-16:01.filemon" date = "2016-01-14" [[notices]] name = "FreeBSD-EN-15:20.vm" date = "2015-11-04" [[notices]] name = "FreeBSD-EN-15:19.kqueue" date = "2015-11-04" [[notices]] name = "FreeBSD-EN-15:18.pkg" date = "2015-09-16" [[notices]] name = "FreeBSD-EN-15:17.libc" date = "2015-09-16" [[notices]] name = "FreeBSD-EN-15:16.pw" date = "2015-09-16" [[notices]] name = "FreeBSD-EN-15:15.pkg" date = "2015-08-25" [[notices]] name = "FreeBSD-EN-15:14.ixgbe" date = "2015-08-25" [[notices]] name = "FreeBSD-EN-15:13.vidcontrol" date = "2015-08-18" [[notices]] name = "FreeBSD-EN-15:12.netstat" date = "2015-08-18" [[notices]] name = "FreeBSD-EN-15:11.toolchain" date = "2015-08-18" [[notices]] name = "FreeBSD-EN-15:10.iconv" date = "2015-06-30" [[notices]] name = "FreeBSD-EN-15:09.xlocale" date = "2015-06-30" [[notices]] name = "FreeBSD-EN-15:08.sendmail" date = "2015-06-18" [[notices]] name = "FreeBSD-EN-15:07.zfs" date = "2015-06-09" [[notices]] name = "FreeBSD-EN-15:06.file" date = "2015-06-09" [[notices]] name = "FreeBSD-EN-15:05.ufs" date = "2015-05-13" [[notices]] name = "FreeBSD-EN-15:04.freebsd-update" date = "2015-05-13" [[notices]] name = "FreeBSD-EN-15:03.freebsd-update" date = "2015-02-25" [[notices]] name = "FreeBSD-EN-15:02.openssl" date = "2015-02-25" [[notices]] name = "FreeBSD-EN-15:01.vt" date = "2015-02-25" [[notices]] name = "FreeBSD-EN-14:13.freebsd-update" date = "2014-12-23" [[notices]] name = "FreeBSD-EN-14:12.zfs" date = "2014-11-04" [[notices]] name = "FreeBSD-EN-14:11.crypt" date = "2014-10-22" [[notices]] name = "FreeBSD-EN-14:10.tzdata" date = "2014-10-22" [[notices]] name = "FreeBSD-EN-14:09.jail" date = "2014-07-08" [[notices]] name = "FreeBSD-EN-14:08.heimdal" date = "2014-06-24" [[notices]] name = "FreeBSD-EN-14:07.pmap" date = "2014-06-24" [[notices]] name = "FreeBSD-EN-14:06.exec" date = "2014-06-03" [[notices]] name = "FreeBSD-EN-14:05.ciss" date = "2014-05-13" [[notices]] name = "FreeBSD-EN-14:04.kldxref" date = "2014-05-13" [[notices]] name = "FreeBSD-EN-14:03.pkg" date = "2014-05-13" [[notices]] name = "FreeBSD-EN-14:02.mmap" date = "2014-01-14" [[notices]] name = "FreeBSD-EN-14:01.random" date = "2014-01-14" [[notices]] name = "FreeBSD-EN-13:05.freebsd-update" date = "2013-11-28" [[notices]] name = "FreeBSD-EN-13:04.freebsd-update" date = "2013-10-26" [[notices]] name = "FreeBSD-EN-13:03.mfi" date = "2013-08-22" [[notices]] name = "FreeBSD-EN-13:01.fxp" date = "2013-06-28" [[notices]] name = "FreeBSD-EN-13:02.vtnet" date = "2013-06-28" [[notices]] name = "FreeBSD-EN-12:02.ipv6refcount" date = "2012-06-12" [[notices]] name = "FreeBSD-EN-12:01.freebsd-update" date = "2012-01-04" [[notices]] name = "FreeBSD-EN-10:02.sched_ule" date = "2010-02-27" [[notices]] name = "FreeBSD-EN-10:01.freebsd" date = "2010-01-06" [[notices]] name = "FreeBSD-EN-09:05.null" date = "2009-10-02" [[notices]] name = "FreeBSD-EN-09:04.fork" date = "2009-06-24" [[notices]] name = "FreeBSD-EN-09:03.fxp" date = "2009-06-24" [[notices]] name = "FreeBSD-EN-09:02.bce" date = "2009-06-24" [[notices]] name = "FreeBSD-EN-09:01.kenv" date = "2009-03-23" [[notices]] name = "FreeBSD-EN-08:02.tcp" date = "2008-06-19" [[notices]] name = "FreeBSD-EN-08:01.libpthread" date = "2008-04-17" [[notices]] name = "FreeBSD-EN-07:05.freebsd-update" date = "2007-03-15" [[notices]] name = "FreeBSD-EN-07:04.zoneinfo" date = "2007-02-28" [[notices]] name = "FreeBSD-EN-07:03.rc.d_jail" date = "2007-02-28" [[notices]] name = "FreeBSD-EN-07:02.net" date = "2007-02-28" [[notices]] name = "FreeBSD-EN-07:01.nfs" date = "2007-02-14" [[notices]] name = "FreeBSD-EN-06:02.net" date = "2006-08-28" [[notices]] name = "FreeBSD-EN-06:01.jail" date = "2006-07-07" [[notices]] name = "FreeBSD-EN-05:04.nfs" date = "2005-12-19" [[notices]] name = "FreeBSD-EN-05:03.ipi" date = "2005-01-16" [[notices]] name = "FreeBSD-EN-05:02.sk" date = "2005-01-06" [[notices]] name = "FreeBSD-EN-05:01.nfs" date = "2005-01-05" [[notices]] name = "FreeBSD-EN-04:01.twe" date = "2004-06-28" diff --git a/website/static/security/advisories/FreeBSD-EN-24:09.zfs.asc b/website/static/security/advisories/FreeBSD-EN-24:09.zfs.asc new file mode 100644 index 0000000000..3a3b203d3a --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:09.zfs.asc @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:09.zfs Errata Notice + The FreeBSD Project + +Topic: High CPU usage by kernel threads related to ZFS + +Category: contrib +Module: zfs +Announced: 2024-04-24 +Affects: FreeBSD 13.3 +Corrected: 2024-04-12 13:00:11 UTC (stable/13, 13-STABLE) + 2024-04-24 20:21:10 UTC (releng/13.3, 13.3-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +ZFS is an advanced and scalable file system originally developed by Sun +Microsystems for its Solaris operating system. ZFS was integrated as part of +the FreeBSD starting with FreeBSD 7.0, and it has since become a prominent +and preferred choice for storage management. + +II. Problem Description + +Because ZFS may consume large amounts of RAM to cache various types of +filesystem objects, it continuously monitors system RAM available to decide +whether to shrink its caches. Some caches are shrunk using a dedicated +thread, to which work is dispatched asynchronously. + +In some cases, the cache shrinking logic may dispatch excessive amounts of +work to the "ARC pruning" thread, causing it to continue attempting to shrink +caches even after resource shortages are resolved. + +III. Impact + +The bug manifests as a kernel thread, "arc_prune", consuming 100% of a CPU core +for indefinite periods, even while the system is otherwise idle. This behavior +also impacts workloads running on the system, by reducing available CPU +resources and by triggering lock contention in the kernel, in particular with +the "vnlru" process whose function is to recycle vnodes (structures representing +files, whether opened or cached), a mechanism frequently triggered by intensive +filesystem workloads. + +IV. Workaround + +No workaround is available. Systems not using ZFS are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security branch +(releng) dated after the correction date. A reboot is required following the +upgrade. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# reboot + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:09/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-24:09/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 330954bdb822 stable/13-n257698 +releng/13.3/ 266b3bd3f26d releng/13.3-n257432 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat + +Or visit the following URL, replacing NNNNNN with the hash: + + + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +See problem reports + and +. + +See also the previous, similar errata notice issued for FreeBSD 14.0: +. + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYpapQACgkQbljekB8A +Gu8gBxAAiuUNqeGaKNQ1XbV0kSucwnae5uOrQmthHQBY98PJJKUZpm1RTt/FnBB7 +qPxEY5vFRcGgZ43GVlnmfmH/EmqOg6WPpsgKfdq1XTy/ERU815JOsD+wKUWa/9Ia +g67pnl8HPMSF5eZ1FreWfzNsWmxakiDLg2VXtFx7x3+qocifD/WwGvDTjdDBzzyK ++cIrBqvTlbOCRdHzl49wmNLz46ha5bmxTb7MzXB3jIQ1v+PZ71biyQxBZTrZgR6S +La8oVe4Kj2lJTJw5S2xvsoyo5PzqmPCyD1m22fzgKTyaAUCXiioUUQDuFTxu9rhW +I3lSvqdIRw28yRFjGslxlq9x1vShQTw3ILcH31ucxKUNow7hlDz4Ow2NzqXhSjxN +RMGamxLTA5BcNCR4/DexAjfeh6OKnCG7n0ntlhxI0LWGr4ceT3/ySck7xhCNCSm1 +Ze/Gf9/j4+zR2jyauRANkITPkVHUV79/Sgjn1IlcMDLpzegH+QfQsX6CosG5uSWS +UlpK2hhCv2g3lE7XuBItz7E/8i5Nx9RZgnh047Nj3ZB/6dCauAeUYKnY5X3xJa5X +OKJWIGyJAyrCoFIg+LdBS47ggg8wswyyb1XBF2rZgZNqVmzZrJd7lBV/sjDaEC1H +13lHhIIwtpTagDAT1Nbji++IT+2DatjhLZnMQwvALno0tIE19mg= +=IgLQ +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-24:09/zfs.patch b/website/static/security/patches/EN-24:09/zfs.patch new file mode 100644 index 0000000000..48e3e06a44 --- /dev/null +++ b/website/static/security/patches/EN-24:09/zfs.patch @@ -0,0 +1,316 @@ +--- sys/contrib/openzfs/include/os/linux/zfs/sys/zpl.h.orig ++++ sys/contrib/openzfs/include/os/linux/zfs/sys/zpl.h +@@ -52,7 +52,7 @@ + extern const struct file_operations zpl_dir_file_operations; + + /* zpl_super.c */ +-extern void zpl_prune_sb(int64_t nr_to_scan, void *arg); ++extern void zpl_prune_sb(uint64_t nr_to_scan, void *arg); + + extern const struct super_operations zpl_super_operations; + extern const struct export_operations zpl_export_operations; +--- sys/contrib/openzfs/include/sys/arc.h.orig ++++ sys/contrib/openzfs/include/sys/arc.h +@@ -81,7 +81,7 @@ + typedef void arc_read_done_func_t(zio_t *zio, const zbookmark_phys_t *zb, + const blkptr_t *bp, arc_buf_t *buf, void *priv); + typedef void arc_write_done_func_t(zio_t *zio, arc_buf_t *buf, void *priv); +-typedef void arc_prune_func_t(int64_t bytes, void *priv); ++typedef void arc_prune_func_t(uint64_t bytes, void *priv); + + /* Shared module parameters */ + extern int zfs_arc_average_blocksize; +--- sys/contrib/openzfs/include/sys/arc_impl.h.orig ++++ sys/contrib/openzfs/include/sys/arc_impl.h +@@ -994,7 +994,6 @@ + + extern void arc_lowmem_init(void); + extern void arc_lowmem_fini(void); +-extern void arc_prune_async(int64_t); + extern int arc_memory_throttle(spa_t *spa, uint64_t reserve, uint64_t txg); + extern uint64_t arc_free_memory(void); + extern int64_t arc_available_memory(void); +--- sys/contrib/openzfs/module/os/freebsd/zfs/arc_os.c.orig ++++ sys/contrib/openzfs/module/os/freebsd/zfs/arc_os.c +@@ -51,11 +51,6 @@ + #include + #include + +-#if __FreeBSD_version >= 1300139 +-static struct sx arc_vnlru_lock; +-static struct vnode *arc_vnlru_marker; +-#endif +- + extern struct vfsops zfs_vfsops; + + uint_t zfs_arc_free_target = 0; +@@ -151,53 +146,6 @@ + return (MAX(allmem * 5 / 8, size)); + } + +-/* +- * Helper function for arc_prune_async() it is responsible for safely +- * handling the execution of a registered arc_prune_func_t. +- */ +-static void +-arc_prune_task(void *arg) +-{ +- int64_t nr_scan = (intptr_t)arg; +- +-#ifndef __ILP32__ +- if (nr_scan > INT_MAX) +- nr_scan = INT_MAX; +-#endif +- +-#if __FreeBSD_version >= 1300139 +- sx_xlock(&arc_vnlru_lock); +- vnlru_free_vfsops(nr_scan, &zfs_vfsops, arc_vnlru_marker); +- sx_xunlock(&arc_vnlru_lock); +-#else +- vnlru_free(nr_scan, &zfs_vfsops); +-#endif +-} +- +-/* +- * Notify registered consumers they must drop holds on a portion of the ARC +- * buffered they reference. This provides a mechanism to ensure the ARC can +- * honor the arc_meta_limit and reclaim otherwise pinned ARC buffers. This +- * is analogous to dnlc_reduce_cache() but more generic. +- * +- * This operation is performed asynchronously so it may be safely called +- * in the context of the arc_reclaim_thread(). A reference is taken here +- * for each registered arc_prune_t and the arc_prune_task() is responsible +- * for releasing it once the registered arc_prune_func_t has completed. +- */ +-void +-arc_prune_async(int64_t adjust) +-{ +- +-#ifndef __LP64__ +- if (adjust > INTPTR_MAX) +- adjust = INTPTR_MAX; +-#endif +- taskq_dispatch(arc_prune_taskq, arc_prune_task, +- (void *)(intptr_t)adjust, TQ_SLEEP); +- ARCSTAT_BUMP(arcstat_prune); +-} +- + uint64_t + arc_all_memory(void) + { +@@ -248,10 +196,6 @@ + { + arc_event_lowmem = EVENTHANDLER_REGISTER(vm_lowmem, arc_lowmem, NULL, + EVENTHANDLER_PRI_FIRST); +-#if __FreeBSD_version >= 1300139 +- arc_vnlru_marker = vnlru_alloc_marker(); +- sx_init(&arc_vnlru_lock, "arc vnlru lock"); +-#endif + } + + void +@@ -259,12 +203,6 @@ + { + if (arc_event_lowmem != NULL) + EVENTHANDLER_DEREGISTER(vm_lowmem, arc_event_lowmem); +-#if __FreeBSD_version >= 1300139 +- if (arc_vnlru_marker != NULL) { +- vnlru_free_marker(arc_vnlru_marker); +- sx_destroy(&arc_vnlru_lock); +- } +-#endif + } + + void +--- sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vfsops.c.orig ++++ sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vfsops.c +@@ -2097,6 +2097,26 @@ + #endif + } + ++#if __FreeBSD_version >= 1300139 ++static struct sx zfs_vnlru_lock; ++static struct vnode *zfs_vnlru_marker; ++#endif ++static arc_prune_t *zfs_prune; ++ ++static void ++zfs_prune_task(uint64_t nr_to_scan, void *arg __unused) ++{ ++ if (nr_to_scan > INT_MAX) ++ nr_to_scan = INT_MAX; ++#if __FreeBSD_version >= 1300139 ++ sx_xlock(&zfs_vnlru_lock); ++ vnlru_free_vfsops(nr_to_scan, &zfs_vfsops, zfs_vnlru_marker); ++ sx_xunlock(&zfs_vnlru_lock); ++#else ++ vnlru_free(nr_to_scan, &zfs_vfsops); ++#endif ++} ++ + void + zfs_init(void) + { +@@ -2123,11 +2143,23 @@ + dmu_objset_register_type(DMU_OST_ZFS, zpl_get_file_info); + + zfsvfs_taskq = taskq_create("zfsvfs", 1, minclsyspri, 0, 0, 0); ++ ++#if __FreeBSD_version >= 1300139 ++ zfs_vnlru_marker = vnlru_alloc_marker(); ++ sx_init(&zfs_vnlru_lock, "zfs vnlru lock"); ++#endif ++ zfs_prune = arc_add_prune_callback(zfs_prune_task, NULL); + } + + void + zfs_fini(void) + { ++ arc_remove_prune_callback(zfs_prune); ++#if __FreeBSD_version >= 1300139 ++ vnlru_free_marker(zfs_vnlru_marker); ++ sx_destroy(&zfs_vnlru_lock); ++#endif ++ + taskq_destroy(zfsvfs_taskq); + zfsctl_fini(); + zfs_znode_fini(); +--- sys/contrib/openzfs/module/os/linux/zfs/arc_os.c.orig ++++ sys/contrib/openzfs/module/os/linux/zfs/arc_os.c +@@ -491,57 +491,6 @@ + } + #endif /* _KERNEL */ + +-/* +- * Helper function for arc_prune_async() it is responsible for safely +- * handling the execution of a registered arc_prune_func_t. +- */ +-static void +-arc_prune_task(void *ptr) +-{ +- arc_prune_t *ap = (arc_prune_t *)ptr; +- arc_prune_func_t *func = ap->p_pfunc; +- +- if (func != NULL) +- func(ap->p_adjust, ap->p_private); +- +- zfs_refcount_remove(&ap->p_refcnt, func); +-} +- +-/* +- * Notify registered consumers they must drop holds on a portion of the ARC +- * buffered they reference. This provides a mechanism to ensure the ARC can +- * honor the arc_meta_limit and reclaim otherwise pinned ARC buffers. This +- * is analogous to dnlc_reduce_cache() but more generic. +- * +- * This operation is performed asynchronously so it may be safely called +- * in the context of the arc_reclaim_thread(). A reference is taken here +- * for each registered arc_prune_t and the arc_prune_task() is responsible +- * for releasing it once the registered arc_prune_func_t has completed. +- */ +-void +-arc_prune_async(int64_t adjust) +-{ +- arc_prune_t *ap; +- +- mutex_enter(&arc_prune_mtx); +- for (ap = list_head(&arc_prune_list); ap != NULL; +- ap = list_next(&arc_prune_list, ap)) { +- +- if (zfs_refcount_count(&ap->p_refcnt) >= 2) +- continue; +- +- zfs_refcount_add(&ap->p_refcnt, ap->p_pfunc); +- ap->p_adjust = adjust; +- if (taskq_dispatch(arc_prune_taskq, arc_prune_task, +- ap, TQ_SLEEP) == TASKQID_INVALID) { +- zfs_refcount_remove(&ap->p_refcnt, ap->p_pfunc); +- continue; +- } +- ARCSTAT_BUMP(arcstat_prune); +- } +- mutex_exit(&arc_prune_mtx); +-} +- + /* BEGIN CSTYLED */ + ZFS_MODULE_PARAM(zfs_arc, zfs_arc_, shrinker_limit, INT, ZMOD_RW, + "Limit on number of pages that ARC shrinker can reclaim at once"); +--- sys/contrib/openzfs/module/os/linux/zfs/zpl_super.c.orig ++++ sys/contrib/openzfs/module/os/linux/zfs/zpl_super.c +@@ -334,7 +334,7 @@ + } + + void +-zpl_prune_sb(int64_t nr_to_scan, void *arg) ++zpl_prune_sb(uint64_t nr_to_scan, void *arg) + { + struct super_block *sb = (struct super_block *)arg; + int objects = 0; +--- sys/contrib/openzfs/module/zfs/arc.c.orig ++++ sys/contrib/openzfs/module/zfs/arc.c +@@ -868,6 +868,8 @@ + static void l2arc_hdr_arcstats_update(arc_buf_hdr_t *hdr, boolean_t incr, + boolean_t state_only); + ++static void arc_prune_async(uint64_t adjust); ++ + #define l2arc_hdr_arcstats_increment(hdr) \ + l2arc_hdr_arcstats_update((hdr), B_TRUE, B_FALSE) + #define l2arc_hdr_arcstats_decrement(hdr) \ +@@ -6521,6 +6523,56 @@ + kmem_free(p, sizeof (*p)); + } + ++/* ++ * Helper function for arc_prune_async() it is responsible for safely ++ * handling the execution of a registered arc_prune_func_t. ++ */ ++static void ++arc_prune_task(void *ptr) ++{ ++ arc_prune_t *ap = (arc_prune_t *)ptr; ++ arc_prune_func_t *func = ap->p_pfunc; ++ ++ if (func != NULL) ++ func(ap->p_adjust, ap->p_private); ++ ++ zfs_refcount_remove(&ap->p_refcnt, func); ++} ++ ++/* ++ * Notify registered consumers they must drop holds on a portion of the ARC ++ * buffers they reference. This provides a mechanism to ensure the ARC can ++ * honor the metadata limit and reclaim otherwise pinned ARC buffers. ++ * ++ * This operation is performed asynchronously so it may be safely called ++ * in the context of the arc_reclaim_thread(). A reference is taken here ++ * for each registered arc_prune_t and the arc_prune_task() is responsible ++ * for releasing it once the registered arc_prune_func_t has completed. ++ */ ++static void ++arc_prune_async(uint64_t adjust) ++{ ++ arc_prune_t *ap; ++ ++ mutex_enter(&arc_prune_mtx); ++ for (ap = list_head(&arc_prune_list); ap != NULL; ++ ap = list_next(&arc_prune_list, ap)) { ++ ++ if (zfs_refcount_count(&ap->p_refcnt) >= 2) ++ continue; ++ ++ zfs_refcount_add(&ap->p_refcnt, ap->p_pfunc); ++ ap->p_adjust = adjust; ++ if (taskq_dispatch(arc_prune_taskq, arc_prune_task, ++ ap, TQ_SLEEP) == TASKQID_INVALID) { ++ zfs_refcount_remove(&ap->p_refcnt, ap->p_pfunc); ++ continue; ++ } ++ ARCSTAT_BUMP(arcstat_prune); ++ } ++ mutex_exit(&arc_prune_mtx); ++} ++ + /* + * Notify the arc that a block was freed, and thus will never be used again. + */ diff --git a/website/static/security/patches/EN-24:09/zfs.patch.asc b/website/static/security/patches/EN-24:09/zfs.patch.asc new file mode 100644 index 0000000000..52cdb325ff --- /dev/null +++ b/website/static/security/patches/EN-24:09/zfs.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYpapUACgkQbljekB8A +Gu+L3BAA1EBD3O+tAqKg9W8MvPihcNkHCVX5gDvY9p/xiN6nmo7JQsdNmoycZVjF +R07XpgAtuQ0mfw4fy/FvgAy4EK1q/SjQC/ON3zu78Hph610F2wabGW5p6qbotYl2 +P/msYGFPDqUgtw1SjVzXHKYRYjQnhQqbr2SIpH7ekOej65TiWuQSsRcl0YIQrjia +RfeH6faIXUyjNnDrlu2L71GY9XxiWR3FGXTfnXWbguz17kuWctCxT8UMfVGRoLa+ +yxzPX1cVgEW86lDtlvlnPbymR4rohGPrGlmLdHJdwY0H855ff0kQrreQzcfNYf7Y +xu/yxj51CF+ima7o8auDGPxGFzy3zkD5GQsLw2QoXG+Ad4EY4ZiaKYryqK7zug6Q +V8Im3PPx2CXHXXs3FmVYA+RVMHJo79zlDEwE450bRfTaj/NzRUlO62v6jqpUjayr +2pFVYwIyECm/qNddKY/4j/hMCjp11/H1co5uqFvXDWUfyVQB3iXHl5wjjyTdO8xw +DS9dRtNAUiCxgOHgz6k0U9C6gi6Xh8NNLE9QSU3CWpFWuTgrzIwAXYoCryg/c7J+ +17M6DnK0NN9z3ScehrVT4QgPPzxp5ziLhY84ZJ8qpCPsYV7ZR/rU9Yc/+mT5N3SE +QcJehAsEQUJjHL7EhkML61emj8i/avXau95AkCrcmHI5eLy1F+g= +=Q5E+ +-----END PGP SIGNATURE-----