133 lines
4.7 KiB
Text
133 lines
4.7 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-17:07.vnet Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: VNET kernel panic with asynchronous I/O
|
|
|
|
Category: core
|
|
Module: kernel
|
|
Announced: 2017-08-10
|
|
Credits: Kristof Provost
|
|
Affects: FreeBSD 11.0 and later.
|
|
Corrected: 2017-07-28 18:09:41 UTC (stable/11, 11.1-STABLE)
|
|
2017-08-10 06:59:07 UTC (releng/11.1, 11.1-RELEASE-p1)
|
|
2017-08-10 06:59:26 UTC (releng/11.0, 11.0-RELEASE-p12)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
POSIX asynchronous I/O permits applications to request asynchronous
|
|
completion of I/O requests. VNET permits systems to be configured
|
|
with multiple instances of the in-kernel network stack.
|
|
|
|
II. Problem Description
|
|
|
|
The implementation of POSIX asynchronous I/O for sockets completes I/O
|
|
requests in a pool of dedicated worker threads. The VNET feature requires
|
|
threads to explicitly select an active instance of the network stack before
|
|
performing network operations. The function used to complete asynchronous
|
|
I/O requests was not setting a network stack instance before completing I/O
|
|
requests.
|
|
|
|
III. Impact
|
|
|
|
Using POSIX asynchronous I/O with sockets in a VNET-enabled kernel will
|
|
panic.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available, but systems that do not enable VNET via a
|
|
custom kernel are not affected.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date.
|
|
|
|
Afterward, reboot the system.
|
|
|
|
2) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
Recompile any custom kernel configs using VNET.
|
|
|
|
Afterward, reboot the system.
|
|
|
|
3) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
# fetch https://security.FreeBSD.org/patches/EN-17:07/vnet.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-17:07/vnet.patch.asc
|
|
# gpg --verify vnet.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile your kernel as described in
|
|
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
|
system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/11/ r321657
|
|
releng/11.0/ r322343
|
|
releng/11.1/ r322342
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:07.vnet.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v2.1.21 (FreeBSD)
|
|
|
|
iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlmMBgEACgkQ7Wfs1l3P
|
|
audTDg//WDiH3PoHyr5YmcG4tUwgPFgodV8zUDrURGoLI2DIUwX/RPdsOhHFRIJG
|
|
K7ueneJWZDN2IGzNjzrzXAyz30emOhp2AjHwRivqsl0JJ3YWt2IWMge0+FI3RIzp
|
|
56+/gmCuTCsCOUxHxuuvN7v14d7WBVLUfouKV09E6wNWcbwiy1i+hjEEFbjbBIcR
|
|
XRJJ+iePreq4XWJAyBTRYme24NWk4MUdYZjdprfkGURDycKvlmVqTnafR7RIP9zw
|
|
2duCA5iOen50qShxtNm9z5OSlH1ORCh7DIhFmrdiNGQnNNDbAWU1pglSEWUCYtyn
|
|
8WrWLKKqfbfYhVveEWalnN4iLAuvgrlq6bTxQ8zecwtj/VYZd1zXABUpZpDOqUB5
|
|
yrNY7A/5opwkBgkv33zG/Ll141UdgCEkWWZm+eFIuX21UIdJmScKoTtGUyC/jldw
|
|
yS724uwVfpxRqHf84Th4iYOk1gegpA0vEnhO5Eh8ZSfONXhydQxNQM3D1wI7MkA2
|
|
rKH+UBucOnczPmSFT/GgO9B3iyXQl8nQR/Ff6VdmBEu56vW1sb0a1HYMOWZUfJxK
|
|
+SyZ4mMAtyrceHV1I1Z5Lqk3g8rKnS6l6/QzRCIanXZPMx2oohsSFik06taIYE62
|
|
CbuUO6RcXZdTEk6nBFGhuFVew6xjvHXgEIpZ6g3tjrZ/Qqspt/0=
|
|
=XzXx
|
|
-----END PGP SIGNATURE-----
|