os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add two new erratas.

Browse source
This commit is contained in:
Xin LI 2015-06-09 22:27:13 +00:00
parent 040c730358
commit 729febe05e
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=46795
11 changed files with 250569 additions and 0 deletions

175
share/security/advisories/FreeBSD-EN-15:06.file.asc Normal file
View file

@ -0,0 +1,175 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:06.file Errata Notice
The FreeBSD Project
Topic: Version and security update of file(1) and libmagic(3)
Category: contrib
Module: file
Announced: 2015-06-09
Affects: All supported versions of FreeBSD.
Corrected: 2015-01-23 18:48:59 UTC (stable/10, 10.1-STABLE)
2015-06-09 22:13:25 UTC (releng/10.1, 10.1-RELEASE-p11)
2015-01-23 18:50:36 UTC (stable/9, 9.3-STABLE)
2015-06-09 22:13:53 UTC (releng/9.3, 9.3-RELEASE-p15)
2015-05-09 23:53:25 UTC (stable/8, 8.4-STABLE)
2015-06-09 22:13:53 UTC (releng/8.4, 8.4-RELEASE-p29)
CVE Name: CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487, CVE-2014-3538, CVE-2014-3587, CVE-2014-9620,
CVE-2014-9621, CVE-2014-9653
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The file(1) utility attempts to classify file system objects based on
filesystem, magic number and language tests.
The libmagic(3) library provides most of the functionality of file(1)
and may be used by other applications.
II. Problem Description
There are a number of denial of service issues when handling complex
files, for instance Portable Executable (PE) files and ELF files parsing
code with libmagic(3) and in turn file(1).
III. Impact
An attacker who can cause file(1) or any other applications using the
libmagic(3) library to be run on a maliciously constructed input can
cause the application to crash or consume excessive CPU resources,
resulting in a denial-of-service.
IV. Workaround
System administrators who run file(1) and libmagic(3) against untrusted
files, for instance when running with a mail server's mail scanner, are
advised to configure the scanner in a way so that they do not call file(1)
or libmagic(3) to conduct deep inspection of input files. Most of these
scanners does not really need the in-depth analysis and the file type
determined by libmagic is already sufficient.
V. Solution
This errata replaces the base system file(1) and libmagic(3) with the
version 5.22.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 10.1]
# fetch https://security.FreeBSD.org/patches/EN-15:06/file-10.1.patch
# fetch https://security.FreeBSD.org/patches/EN-15:06/file-10.1.patch.asc
# gpg --verify file-10.1.patch.asc
[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/EN-15:06/file-9.3.patch
# fetch https://security.FreeBSD.org/patches/EN-15:06/file-9.3.patch.asc
# gpg --verify file-9.3.patch.asc
[FreeBSD 8.4]
# fetch https://security.FreeBSD.org/patches/EN-15:06/file-8.4.patch
# fetch https://security.FreeBSD.org/patches/EN-15:06/file-8.4.patch.asc
# gpg --verify file-8.4.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r283135
releng/8.4/ r284194
stable/9/ r277593
releng/9.3/ r284194
stable/10/ r277592
releng/10.1/ r284193
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:06.file.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.4 (FreeBSD)
iQIcBAEBCgAGBQJVd2aEAAoJEO1n7NZdz2rnEVQP/2OPfepmvG2/vYrH3bKDHPRi
12QFfE3Ylr8ctoDQRCBazdxhzLEMxdP3g9icJ0ZbnDWVmFtM9BwDfCrkcYmI6uCt
0E1usrqHs6qthm4i1UAwRu4v71LM2yllHCaLt/XWxWDXsbI/vA5wkZgfgZK8kZWW
PAiBUuI1bM4pegi+yymgMRoHquoyB0x2jNBKywnb9KT7m8Br9uYnJrCajI6G9HUy
/eQKtefOVQat0trIoOwXS7cIZhLWJlVAKUinBjb2IGHxkWOrUhgXlPCpB4efS0pG
IqEv2gvHpxllgmf+4leqNXYT8R1EUu+3OE6SbN7jV+RwgPc0TNUxC4Bkb6r1LoSH
BRf5FMuVDYAlDKDz4j8NY0v84PpD9d37w7SSBZPiR+Fwn5xs0F4PjsU2c+tPEnVD
Sn1vYkafvC+KXsuJtmd4sqb1zLRdpOGDxruA0VtOKATA1sDa1QZIBTB7w7iZ03f5
umCpU8p5mo7a9AroavUEZkcpu4w5BptAsgYoBdOeKHhStBtPlXiGpML8zLhj1qnL
hGF6RY2QrhD35C7OIer1ji0F2pEKkFfaeAqkvIXmYJaH+KQeIrEdt+ki2GStW1m9
OdL79RMreVGE1DuX/2puBxKcMsQR+fas4L4uGi46MDXXMeV0LKJHiAT2twJlDOL/
mc3UcOeMcAfOkINcpGuD
=8/lF
-----END PGP SIGNATURE-----

139
share/security/advisories/FreeBSD-EN-15:07.zfs.asc Normal file
View file

@ -0,0 +1,139 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:07.zfs Errata Notice
The FreeBSD Project
Topic: ZFS Reliability Improvements
Category: contrib
Module: zfs
Announced: 2015-06-09
Affects: FreeBSD 10.1 and later
Corrected: 2014-12-05 00:32:33 UTC (stable/10, 10.1-STABLE)
2015-06-09 22:13:25 UTC (releng/10.1, 10.1-RELEASE-p11)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
ZFS is one of several filesystems available on FreeBSD.
ZFS on FreeBSD supports TRIM/UNMAP which helps flash based storage medium to
maintain peek performance.
ZFS uses different layers of disk cache to speed up read and write
operations, and supports second level ARC (L2ARC) which can be used as a
second layer cache, which provides storage for less frequently accessed
data that would not fit into RAM but still accessed often, providing
optimal cost for performance.
ZFS supports compression in L2ARC data which optimizes its space efficiency.
II. Problem Description
When the ZFS filesystem on a file backed pool is used with TRIM support
enabled, which is the default, ZIO_TYPE_FREE requests where incorrectly
processed as a write request.
When the ZFS filesystem is using L2ARC and when L2ARC compression is used,
the compression buffer are not properly released sometimes.
III. Impact
The first problem will panic the system when it happens.
The second problem will exhibit as a memory leak, which would lead to
performance degradation and eventually a memory overflow, which would
lead to a panic.
IV. Workaround
The first issue can be mitigated by disabling TRIM for ZFS using
the loader option vfs.zfs.trim.enabled=0.
The second issue can be mitigated by disabling L2ARC.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:07/zfs.patch
# fetch https://security.FreeBSD.org/patches/EN-15:07/zfs.patch.asc
# gpg --verify 15:07.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r275492
releng/10.1/ r284193
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:07.zfs.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.4 (FreeBSD)
iQIcBAEBCgAGBQJVd2aYAAoJEO1n7NZdz2rn3ZAP/jqu2sz0LU20D1zdb3bpz8ui
QsFeKs2gk5e00T0qqWio9RxXpSxzV1XNEw8jVz2JDsgCQf4V6UwHklgf9E+Pg9DA
/9HNnrCuNsnlodOOqCPEETPkEWCKiPoiHXv29YzNVZDtlTXE9ysxnQgpD6IfI1AU
HpyH//OKN+z03eNR/vSdCbvZhemn/+An4AxX8nFegeGXBjxUBE1Hf6Aek2AYKz2Q
69nwvK56AN05FvVN+oegFdLaG9Lcv5kPnNFLoMDMGazGd/3VBfYE7ACQT2AETc/7
DuVCrP3ewG3uftNKBEomJkPWTeKLBGZLP3pHZK1BlGlXUlHvpEbEzy0BjJevt4Zt
6MxHT2xya8H5q8k6nfVnRB2+XhJ82nJMnZIN0cLiqdAgbRdFCS5QlOwLpXpak0tA
EOTcjsFBTCXQiuO6JLAHn0oprBrA6mMoHxHZGErG6yFGf4PNotG70s8hOH9hxvoG
bjdtvcbCewPqaUz54vwkp1walgK7i61waDTWNMeLdt9OPncdBO/1N5+jNAV87bLm
iqxqp6bcHFIoVaHLhE5xxRrmiJg4J/8z2PUjuyfxnWyslMkm4s7siiQ3HIacFdE6
7GeTDnU28Ui0JTbGx8c6QGRKhOEp0FdvmHmXXHtKBvo/yjdMy2yMg82RHMNxIQKd
z4HmBIQGnSf4ysgAunpN
=fmGr
-----END PGP SIGNATURE-----

6603
share/security/patches/EN-15:06/file-10.1.patch Normal file
View file

File diff suppressed because it is too large Load diff

17
share/security/patches/EN-15:06/file-10.1.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.4 (FreeBSD)
iQIcBAABCgAGBQJVd2auAAoJEO1n7NZdz2rnbVMP/Rhu0aMiouWcMe5I8V0bonqZ
nMirYQ5/sQ2r2Zed9fpAYqpVHqh9G/qNX8EBNCGWq/baAyEtWJt9y7aIgyeox2pF
5M+5qZ3l+QLtVNyMwpVsB0MX4evQ3hfIAhtu9M8NGyJh89qnsfzFmw9jNJn7d+Yf
G0bIJ0JnYOQrQvCIEzGe3nKetX632ilbVU1UTfS/rSk2fziBDj+IQwbObEa0Gfqs
37JoEc+4qcY8QMt+ltqvZdP8510swi7iV3ZgA42xetALcFSjmYPPPLe5czTATyQb
wFfSYJyfOzg1wGKciAB+7X4TBlK3gsFLyVbvJpVJ1/tn/GdXKza0OUK/RVEiq425
VYM+vhbRa1uLytCx/N8s3S7s3tNyk0GGNA6yYkf7dg2niz8ULr+kNpMyYIJmQV5G
gmYuqALLerzaULG+eNHm9R8ZOB2FujirrlHxCWV01aeAaK/bY7/jt0EoPyswhhh8
EClulKAU/X4ZNTKXeQ/ba405QeE+jiQcV8a0BZOpuSlTs7I//J+jZDBX4QAUpuOd
iEc+cFbS89Pk0BLARWQQa9tivqLJnL9Dac+ECCC43f4ZvEZe8XdIo5IjSqG+7SNM
hdAziROTYdYC+mFQdgfro9u7v8FfmGTWn2DhooRdwXaZ0Vca7k4q75sntX65Tg32
ufpiS0PhrjcpOfATRYvn
=oSWx
-----END PGP SIGNATURE-----

137023
share/security/patches/EN-15:06/file-8.4.patch Normal file
View file

File diff suppressed because it is too large Load diff

17
share/security/patches/EN-15:06/file-8.4.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.4 (FreeBSD)
iQIcBAABCgAGBQJVd2auAAoJEO1n7NZdz2rnR18P/1ff+W1b3WdcvPXkPQmES5QK
iWhygFNF6J61Rm582O0q6hK/7fONIgvwVSjsB+YI80BoPGnGf6lwdNaYlRV9Qdz8
S17nf8JTUrRcb8RtX+ptQC5ih36PlOGqNT8fBRb4qLTrZ0rS4dZqKcAorZzQ8O/N
SkQ8Ki+OuUKaCpEpQ4x6XDT7tJMCupXOcYAV8+rndDAFTbZwAe+TtBWiwomwtjqr
EMM9YxndUsttcgoHqMh3aSHczq7u3+7HU4WI36VlchSnpPdg1EQUhRq2mXGLZ6zq
Wtdlp+TS4guBRV8itLWZzZoG/s3TzXfWP2NjdvR4QHLV5yVjYfgQMLuYoOZYuPLU
yTGGXHPWaeVzAa8ewoDSmSoBfeNGPdta8lduxQE0ulR9HTsoZIUVNwuRKwQFQ6cJ
muS/Gb4hi/nV4epIOOZ3/uW4XjeaYGPeUMobaxR3aO4OChseqS++C2pUNV8WYpxA
aR6QR33hIFIowR0auKEcqlYUYgySRAuAs3qQb/FPD6UYZAnzaHeaALUZmKIkkh7R
6wm54PEXOPs7nSLu3uVaykbqTy+fIlVfeZnhTgK0G2bIFzQaEpZFx6iFVs83khRb
JBKq73Yyrs8CSiWrkxY1yOx1UUTAgfxRXuWZXiDY9jnUcXx/Helao+t/PtdJcnfW
VoddBbwEpZHe5IAkwB71
=akxu
-----END PGP SIGNATURE-----

106289
share/security/patches/EN-15:06/file-9.3.patch Normal file
View file

File diff suppressed because it is too large Load diff

17
share/security/patches/EN-15:06/file-9.3.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.4 (FreeBSD)
iQIcBAABCgAGBQJVd2avAAoJEO1n7NZdz2rnFAEQALsdbT08cO6jbfheVmdXIhEr
gYi4HJl/eEZ6OLPr0edrFD+YwTJZmmhOgOaj0LC6QF8tmAGs6/7K6POrlM91u8TM
9WyPS+p+Y5XUquSW6wIwPGzVBuwDonI3Eocz/L2B2nqDqwdQeG0R0Ai0hFBgCOt5
j94Iqw4mZQ/sF+iYlPVc7ssfoS6KhKBt8ZWUj54vOhBcNtYF7E1G3HCiaYPECh4q
NLNhBHI3RqX1/ndeRNtvzpU2jW8itqFl8Spv16zWCVeO+zCC7MfearLrZRjmQ2CE
RRMU4oAFanVOkmV02lp3cByLS0d9PU+j2yvblxjNf2QHEDuasckTPV0KDCissSbT
eV4UB9YsFeckLPrJThtdarEZuaKvtX5zIPlAhaxAQ1vGVd6C98uRj0BnR0q4emjl
QSohAbGvA/tApUx/FZnItNEU1oHcDwk8V0jhRi143Iac6pUJFFHwlKk8Zsd91xuD
0JUOZ6zrO3rIam0JCHdEb/rSdrrg5li8cqdKQ6sx6E9CpjgSlHGVevZ9RwiYa2P4
+cGedlD3O3aA0gtaJjERoUPLlWAyNHqdigjtQkukF5HU6bfSIy8ope6UQAY0ZYFg
hjeEV3JOgPKw1DzH1y5Pq+MdpnnXbaAJ50+UqNJ48w9uN/AJ6IpPmq7d7xgZo8Wl
EmgY8HN274y5EQZRCpXc
=bv/q
-----END PGP SIGNATURE-----

256
share/security/patches/EN-15:07/zfs.patch Normal file
View file

@ -0,0 +1,256 @@
Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c
===================================================================
--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c (revision 284174)
+++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c (working copy)
@@ -344,6 +344,7 @@ typedef struct arc_stats {
kstat_named_t arcstat_l2_evict_lock_retry;
kstat_named_t arcstat_l2_evict_reading;
kstat_named_t arcstat_l2_free_on_write;
+ kstat_named_t arcstat_l2_cdata_free_on_write;
kstat_named_t arcstat_l2_abort_lowmem;
kstat_named_t arcstat_l2_cksum_bad;
kstat_named_t arcstat_l2_io_error;
@@ -421,6 +422,7 @@ static arc_stats_t arc_stats = {
{ "l2_evict_lock_retry", KSTAT_DATA_UINT64 },
{ "l2_evict_reading", KSTAT_DATA_UINT64 },
{ "l2_free_on_write", KSTAT_DATA_UINT64 },
+ { "l2_cdata_free_on_write", KSTAT_DATA_UINT64 },
{ "l2_abort_lowmem", KSTAT_DATA_UINT64 },
{ "l2_cksum_bad", KSTAT_DATA_UINT64 },
{ "l2_io_error", KSTAT_DATA_UINT64 },
@@ -1629,6 +1631,21 @@ arc_buf_add_ref(arc_buf_t *buf, void* tag)
data, metadata, hits);
}
+static void
+arc_buf_free_on_write(void *data, size_t size,
+ void (*free_func)(void *, size_t))
+{
+ l2arc_data_free_t *df;
+
+ df = kmem_alloc(sizeof (l2arc_data_free_t), KM_SLEEP);
+ df->l2df_data = data;
+ df->l2df_size = size;
+ df->l2df_func = free_func;
+ mutex_enter(&l2arc_free_on_write_mtx);
+ list_insert_head(l2arc_free_on_write, df);
+ mutex_exit(&l2arc_free_on_write_mtx);
+}
+
/*
* Free the arc data buffer. If it is an l2arc write in progress,
* the buffer is placed on l2arc_free_on_write to be freed later.
@@ -1639,14 +1656,7 @@ arc_buf_data_free(arc_buf_t *buf, void (*free_func
arc_buf_hdr_t *hdr = buf->b_hdr;
if (HDR_L2_WRITING(hdr)) {
- l2arc_data_free_t *df;
- df = kmem_alloc(sizeof (l2arc_data_free_t), KM_SLEEP);
- df->l2df_data = buf->b_data;
- df->l2df_size = hdr->b_size;
- df->l2df_func = free_func;
- mutex_enter(&l2arc_free_on_write_mtx);
- list_insert_head(l2arc_free_on_write, df);
- mutex_exit(&l2arc_free_on_write_mtx);
+ arc_buf_free_on_write(buf->b_data, hdr->b_size, free_func);
ARCSTAT_BUMP(arcstat_l2_free_on_write);
} else {
free_func(buf->b_data, hdr->b_size);
@@ -1658,6 +1668,23 @@ arc_buf_data_free(arc_buf_t *buf, void (*free_func
* arc_buf_t off of the the arc_buf_hdr_t's list and free it.
*/
static void
+arc_buf_l2_cdata_free(arc_buf_hdr_t *hdr)
+{
+ l2arc_buf_hdr_t *l2hdr = hdr->b_l2hdr;
+
+ ASSERT(MUTEX_HELD(&l2arc_buflist_mtx));
+
+ if (l2hdr->b_tmp_cdata == NULL)
+ return;
+
+ ASSERT(HDR_L2_WRITING(hdr));
+ arc_buf_free_on_write(l2hdr->b_tmp_cdata, hdr->b_size,
+ zio_data_buf_free);
+ ARCSTAT_BUMP(arcstat_l2_cdata_free_on_write);
+ l2hdr->b_tmp_cdata = NULL;
+}
+
+static void
arc_buf_destroy(arc_buf_t *buf, boolean_t recycle, boolean_t remove)
{
arc_buf_t **bufp;
@@ -1756,6 +1783,7 @@ arc_hdr_destroy(arc_buf_hdr_t *hdr)
trim_map_free(l2hdr->b_dev->l2ad_vdev, l2hdr->b_daddr,
hdr->b_size, 0);
list_remove(l2hdr->b_dev->l2ad_buflist, hdr);
+ arc_buf_l2_cdata_free(hdr);
ARCSTAT_INCR(arcstat_l2_size, -hdr->b_size);
ARCSTAT_INCR(arcstat_l2_asize, -l2hdr->b_asize);
vdev_space_update(l2hdr->b_dev->l2ad_vdev,
@@ -3605,6 +3633,7 @@ arc_release(arc_buf_t *buf, void *tag)
l2hdr = hdr->b_l2hdr;
if (l2hdr) {
mutex_enter(&l2arc_buflist_mtx);
+ arc_buf_l2_cdata_free(hdr);
hdr->b_l2hdr = NULL;
list_remove(l2hdr->b_dev->l2ad_buflist, hdr);
}
@@ -4895,6 +4924,11 @@ top:
ARCSTAT_INCR(arcstat_l2_asize, -abl2->b_asize);
bytes_evicted += abl2->b_asize;
ab->b_l2hdr = NULL;
+ /*
+ * We are destroying l2hdr, so ensure that
+ * its compressed buffer, if any, is not leaked.
+ */
+ ASSERT(abl2->b_tmp_cdata == NULL);
kmem_free(abl2, sizeof (l2arc_buf_hdr_t));
ARCSTAT_INCR(arcstat_l2_size, -ab->b_size);
}
@@ -5133,6 +5167,14 @@ l2arc_write_buffers(spa_t *spa, l2arc_dev_t *dev,
buf_data = l2hdr->b_tmp_cdata;
buf_sz = l2hdr->b_asize;
+ /*
+ * If the data has not been compressed, then clear b_tmp_cdata
+ * to make sure that it points only to a temporary compression
+ * buffer.
+ */
+ if (!L2ARC_IS_VALID_COMPRESS(l2hdr->b_compress))
+ l2hdr->b_tmp_cdata = NULL;
+
/* Compression may have squashed the buffer to zero length. */
if (buf_sz != 0) {
uint64_t buf_p_sz;
@@ -5323,7 +5365,8 @@ l2arc_release_cdata_buf(arc_buf_hdr_t *ab)
{
l2arc_buf_hdr_t *l2hdr = ab->b_l2hdr;
- if (l2hdr->b_compress == ZIO_COMPRESS_LZ4) {
+ ASSERT(L2ARC_IS_VALID_COMPRESS(l2hdr->b_compress));
+ if (l2hdr->b_compress != ZIO_COMPRESS_EMPTY) {
/*
* If the data was compressed, then we've allocated a
* temporary buffer for it, so now we need to release it.
@@ -5330,8 +5373,10 @@ l2arc_release_cdata_buf(arc_buf_hdr_t *ab)
*/
ASSERT(l2hdr->b_tmp_cdata != NULL);
zio_data_buf_free(l2hdr->b_tmp_cdata, ab->b_size);
+ l2hdr->b_tmp_cdata = NULL;
+ } else {
+ ASSERT(l2hdr->b_tmp_cdata == NULL);
}
- l2hdr->b_tmp_cdata = NULL;
}
/*
Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/trim_map.c
===================================================================
--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/trim_map.c (revision 284174)
+++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/trim_map.c (working copy)
@@ -155,11 +155,9 @@ trim_map_create(vdev_t *vd)
{
trim_map_t *tm;
- ASSERT(vd->vdev_ops->vdev_op_leaf);
+ ASSERT(zfs_trim_enabled && !vd->vdev_notrim &&
+ vd->vdev_ops->vdev_op_leaf);
- if (!zfs_trim_enabled)
- return;
-
tm = kmem_zalloc(sizeof (*tm), KM_SLEEP);
mutex_init(&tm->tm_lock, NULL, MUTEX_DEFAULT, NULL);
list_create(&tm->tm_head, sizeof (trim_seg_t),
Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c
===================================================================
--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c (revision 284174)
+++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c (working copy)
@@ -1214,6 +1214,7 @@ vdev_open(vdev_t *vd)
vd->vdev_stat.vs_aux = VDEV_AUX_NONE;
vd->vdev_cant_read = B_FALSE;
vd->vdev_cant_write = B_FALSE;
+ vd->vdev_notrim = B_FALSE;
vd->vdev_min_asize = vdev_get_min_asize(vd);
/*
@@ -1283,10 +1284,8 @@ vdev_open(vdev_t *vd)
if (vd->vdev_ishole || vd->vdev_ops == &vdev_missing_ops)
return (0);
- if (vd->vdev_ops->vdev_op_leaf) {
- vd->vdev_notrim = B_FALSE;
+ if (zfs_trim_enabled && !vd->vdev_notrim && vd->vdev_ops->vdev_op_leaf)
trim_map_create(vd);
- }
for (int c = 0; c < vd->vdev_children; c++) {
if (vd->vdev_child[c]->vdev_state != VDEV_STATE_HEALTHY) {
Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_disk.c
===================================================================
--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_disk.c (revision 284174)
+++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_disk.c (working copy)
@@ -796,6 +796,8 @@ vdev_disk_io_start(zio_t *zio)
return (ZIO_PIPELINE_STOP);
}
+ ASSERT(zio->io_type == ZIO_TYPE_READ || zio->io_type == ZIO_TYPE_WRITE);
+
vb = kmem_alloc(sizeof (vdev_buf_t), KM_SLEEP);
vb->vb_io = zio;
Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_file.c
===================================================================
--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_file.c (revision 284174)
+++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_file.c (working copy)
@@ -129,6 +129,8 @@ skip_open:
return (error);
}
+ vd->vdev_notrim = B_TRUE;
+
*max_psize = *psize = vattr.va_size;
*logical_ashift = SPA_MINBLOCKSHIFT;
*physical_ashift = SPA_MINBLOCKSHIFT;
@@ -185,6 +187,8 @@ vdev_file_io_start(zio_t *zio)
return (ZIO_PIPELINE_STOP);
}
+ ASSERT(zio->io_type == ZIO_TYPE_READ || zio->io_type == ZIO_TYPE_WRITE);
+
zio->io_error = vn_rdwr(zio->io_type == ZIO_TYPE_READ ?
UIO_READ : UIO_WRITE, vp, zio->io_data, zio->io_size,
zio->io_offset, UIO_SYSSPACE, 0, RLIM64_INFINITY, kcred, &resid);
Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
===================================================================
--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c (revision 284174)
+++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c (working copy)
@@ -832,6 +832,11 @@ vdev_geom_io_start(zio_t *zio)
return (ZIO_PIPELINE_STOP);
}
sendreq:
+ ASSERT(zio->io_type == ZIO_TYPE_READ ||
+ zio->io_type == ZIO_TYPE_WRITE ||
+ zio->io_type == ZIO_TYPE_FREE ||
+ zio->io_type == ZIO_TYPE_IOCTL);
+
cp = vd->vdev_tsd;
if (cp == NULL) {
zio->io_error = SET_ERROR(ENXIO);
Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_label.c
===================================================================
--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_label.c (revision 284174)
+++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_label.c (working copy)
@@ -713,8 +713,9 @@ vdev_label_init(vdev_t *vd, uint64_t crtxg, vdev_l
* Don't TRIM if removing so that we don't interfere with zpool
* disaster recovery.
*/
- if (zfs_trim_enabled && vdev_trim_on_init && (reason == VDEV_LABEL_CREATE ||
- reason == VDEV_LABEL_SPARE || reason == VDEV_LABEL_L2CACHE))
+ if (zfs_trim_enabled && vdev_trim_on_init && !vd->vdev_notrim &&
+ (reason == VDEV_LABEL_CREATE || reason == VDEV_LABEL_SPARE ||
+ reason == VDEV_LABEL_L2CACHE))
zio_wait(zio_trim(NULL, spa, vd, 0, vd->vdev_psize));
/*

17
share/security/patches/EN-15:07/zfs.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.4 (FreeBSD)
iQIcBAABCgAGBQJVd2avAAoJEO1n7NZdz2rng2sP/0Jhm+uBZZ+5RVKj6G1Hcksa
9BjZuQzUfboLvZ8wSRGjn3babC5GN96h4JmrAnmaa9YB9/AtQsbJFXPQmfmwC6v8
fOQmYZOi5AduBB+Hf5LRUwb32/9g/8w3TuHiyZJxEIA9ItXf1OciAjAkyKFa0ixB
7P3P6Xpz2wkTEkc6l32IrAYHhMreKX7EgHOMHAZpJM40Vn3lkCFw0W+Bc9kJPBNJ
5GBUTNUc/Ad3+62eABgMXT9mOhAdt0/M7qDHAYbJqAv8b/LqH6thgyixYA+6vJzv
twkJwkEtbjX2aeiF9VV0RbyaiUVEmVkfr7e0vAQweRfJQAshNxGuwBJbZcvJRwwr
AnHNksSsx1l6C1JzT9SjUufszuDvEyM9vgIrC9EjSHcdZF8jRpJrJdtLN0Yx1tyA
lOFbjkRN/dq4iwPjP7PHbWwDu11tCXl1zqiSe2FpJHph/xc7uljuUclZcqN8kD3z
69TJw+MEmd01LnEVi0z573rxz3QjfPosJw+cCGSbD1tL6EUf+7GSXx7hs7qZBqGO
OAgBjDOUeO7Wy2W6JTeq4L+6/cltIGtjchWZUhftWUYvss4JCll+UNgG17PhX5nB
+njJA8xJg6CJEXyTk7RffSuLMkJJvZeL4EK2jpb5QQbGRL2a1ZXjuFJ1AIGw6ulZ
pOpGQQGusBDHi+jlIZSo
=nDOc
-----END PGP SIGNATURE-----

16
share/xml/notices.xml
View file

@ -7,6 +7,22 @@
<year>
<name>2015</name>
<month>
<name>6</name>
<day>
<name>9</name>
<notice>
<name>FreeBSD-EN-15:07.zfs</name>
</notice>
<notice>
<name>FreeBSD-EN-15:06.file</name>
</notice>
</day>
</month>
<month>
<name>5</name>