133 lines
5 KiB
Text
133 lines
5 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-19:19.loader Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: UEFI Loader Memory Fragmentation
|
|
|
|
Category: core
|
|
Module: loader
|
|
Announced: 2019-11-12
|
|
Credits: Rebecca Cran
|
|
Affects: FreeBSD 12.0 and later
|
|
Corrected: 2019-09-27 05:12:28 UTC (stable/12, 12.1-STABLE)
|
|
2019-11-12 18:10:26 UTC (releng/12.1, 12.1-RELEASE-p1)
|
|
2019-11-12 18:10:26 UTC (releng/12.0, 12.0-RELEASE-p12)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
Prior to executing the kernel, the UEFI loader must obtain the final memory
|
|
map from the firmware and pass it to the kernel for consumption.
|
|
|
|
II. Problem Description
|
|
|
|
Allocating memory to retrieve the memory map may cause further fragmentation
|
|
in the memory map. This fragmentation may cause the memory map to grow
|
|
enough for the previously allocated memory to no longer be sufficient to
|
|
hold the memory map. In this case, the UEFI loader would simply fail to
|
|
boot the kernel instead of reallocating and attempting to fetch the memory
|
|
map again.
|
|
|
|
III. Impact
|
|
|
|
Some systems may intermittently fail to boot due to this fragmentation, and
|
|
require a restart.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available. Systems that are not configured to boot via the
|
|
UEFI loader are not affected, and not all systems that are configured to
|
|
boot via the UEFI loader will exhibit this behavior.
|
|
|
|
V. Solution
|
|
|
|
Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date.
|
|
|
|
Perform one of the following:
|
|
|
|
1) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
2) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 12.x]
|
|
# fetch https://security.FreeBSD.org/patches/EN-19:19/loader.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-19:19/loader.patch.asc
|
|
# gpg --verify loader.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
If the system was first installed with FreeBSD 12.0 or later a copy of the
|
|
EFI loader is installed as \EFI\freebsd\loader.efi on the EFI System
|
|
Partition (ESP). In that case mount the ESP and copy /boot/loader.efi to
|
|
\EFI\freebsd\loader.efi.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/12/ r352788
|
|
releng/12.1/ r354652
|
|
releng/12.0/ r354652
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:19.loader.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl3K+jlfFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
|
5cKo6hAAlrPVQSTQ+PGu9YtAdLG/0NZlIRdFNyjqKekkQDSEQnh35MKzVrZW4mmu
|
|
12pM2ELRU3e4HZbZEXi0B98HAqGrbSrlXHKAwosMMmhrkNBXU+fUQcjbxHfEiRoE
|
|
oXPhYNTQD+7ph3A2CO0mGi5d5aSdMeZqr6ayJvmlEzg/Btd0v/SnB5XWRw0c3xP2
|
|
bCfXqS8ne2Nc0LCMzAoC69b/HQr/hi45ukbkexON+vUH0wB8N3QzwtjtZYXNMCoD
|
|
T7w5FsW6ZnPqTFVNfQfIT9DUZCE0TJ4HD3D2GNX9rs8tvetgWpE7sXbRbRb87MIR
|
|
zt85nwyriVjovbi24oyMgmjFgIqteRqDBG96XEWWB6YhHrOPoXd76RaOStX2r4yj
|
|
q01i+lNNb5P0mqTvHQWx7XyDlhzVJsZEK6UyeFKT8WWarrFQ5FzLU3Fdr3G9pRAb
|
|
1VZJCW6GgEYlOxMBVHANtUJi3JTCWSG7vw2GNLkpwHfhpPDSV8wSKNVcpTjzHS5K
|
|
9u5iLsfNl3RtA1qD2/PPVyz12au045+WjAzlWzR8ioivRF8KwqKuwFdSUpVGcIDm
|
|
+y5YOanAgT2LxpNLf0ZbHmAZaR5kCtBDGuDFW6+z2zPHaea9opIprutgqERzc9Es
|
|
XHh3M29OeO457JiU/yTliLraObpf0rEFUG7d30TDO1wywR/ehlM=
|
|
=ayk8
|
|
-----END PGP SIGNATURE-----
|