127 lines
4.5 KiB
Text
127 lines
4.5 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-20:12.iflib Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: iflib watchdog timeout resetting idle queues
|
|
|
|
Category: core
|
|
Module: kernel
|
|
Announced: 2020-06-09
|
|
Affects: FreeBSD 12.1
|
|
Corrected: 2020-01-10 18:29:05 UTC (stable/12, 12.1-STABLE)
|
|
2020-06-09 16:11:54 UTC (releng/12.1, 12.1-RELEASE-p6)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
iflib is a framework that contains common code for network drivers to use,
|
|
reducing code duplication. One function it contains is a "watchdog" that
|
|
periodically checks the driver's software Tx queues to see if they're hung.
|
|
|
|
II. Problem Description
|
|
|
|
The iflib watchdog would sometimes trigger a false positive queue hang just
|
|
after a link state change.
|
|
|
|
III. Impact
|
|
|
|
The iflib framework would print messages for the affected devices such as
|
|
|
|
"igb0: TX(2) desc avail = 1024, pidx = 0"
|
|
|
|
and would stop allowing Tx traffic to be sent.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available. Systems that do not use iflib-based interfaces
|
|
are not vulnerable.
|
|
|
|
V. Solution
|
|
|
|
Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date, and reboot.
|
|
|
|
Perform one of the following:
|
|
|
|
1) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
# shutdown -r +10min "Rebooting for errata update"
|
|
|
|
2) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
# fetch https://security.FreeBSD.org/patches/EN-20:12/iflib.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-20:12/iflib.patch.asc
|
|
# gpg --verify iflib.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile your kernel as described in
|
|
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
|
system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/12/ r356605
|
|
releng/12.1/ r361971
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239240>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:12.iflib.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl7fuQlfFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
|
5cJl3RAAhIgmZfpK3r2qBuwC0EypnqtndvjEHGTTdcUhwY0iBjrDxt6AnHPMO/i/
|
|
DEZkNJI6uCxSaybjVcnNob7lJ4p2o9rrAF+pExR4LycxJa0y8oZM5xIdqwwfY484
|
|
Tge4/N4garWeA0ALetGXCrAf62t7ZLRgyWldH4tt4m0Mu7AIGkfPGivWK6kpmB5c
|
|
O/GKv6fe4TiyPSAQroUQrNawdO9tQTDhXjGknRZ3iyu9tp/zeOkgtMAEnc3zdv0T
|
|
J3sFqGGt/Mt2dL0KoqfUNK54k5vgUU+oV22+z2pf9TGtby4yUq0FTOxl+V5qE6hk
|
|
aQHndYgklOo56AaSkA3GW1DoIOyU7VQtsA5hpbHXotiJo1P5BoNIa3IwMfLBmW45
|
|
sD7f/vpyX5Mga9KqcvYIgRxCNvYpu8Dq0nKiVQboABAdplFLorTdHPJmSqmeoomO
|
|
diEQk3cSotrav1b8xl2IfZYk8TaC5B7gm9UuU6ag6UM/vasr1kRcz5+7DxDOCP1d
|
|
2CbaKqPnpGAxyGmd+DLO7EMkOIBPiKfoCtBfgLXRypD6ypEW/xAUmGtR6yIFCtJ/
|
|
USAHRwrm0jteVOXYrpS3cvBYsXkEowcMK1n8ghIqUfDHtvebLK2m5ubhF2E1F0Gv
|
|
6Nw6i0dt1Csrhg7CyrWqzY83iB7N3tPvqN45QaFMEBRqnnsLPpQ=
|
|
=VqeW
|
|
-----END PGP SIGNATURE-----
|