140 lines
5.2 KiB
Text
140 lines
5.2 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-18:08.lazyfpu Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: LazyFPU remediation causes potential data corruption
|
|
|
|
Category: core
|
|
Module: kernel
|
|
Announced: 2018-09-12
|
|
Credits: Gleb Kurtsou
|
|
Affects: FreeBSD 10.4-STABLE, 11.1 and later.
|
|
Corrected: 2018-07-31 10:18:30 UTC (stable/11, 11.1-STABLE)
|
|
2018-09-12 05:08:49 UTC (releng/11.2, 11.2-RELEASE-p3)
|
|
2018-09-12 05:08:49 UTC (releng/11.1, 11.1-RELEASE-p14)
|
|
2018-08-03 14:12:37 UTC (stable/10, 10.4-STABLE)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
Special Note: While SA-18:07.lazyfpu has been fixed in 10.4-STABLE, it has
|
|
yet to be released for 10.4-RELEASE. As such, this EN does not apply for
|
|
that release. Once SA-18:07.lazyfpu has been updated for 10.4-RELEASE,
|
|
this EN will be incorporated at that time.
|
|
|
|
I. Background
|
|
|
|
The recent security advisory titled SA-18:07.lazyfpu resolved an issue in the
|
|
floating point unit (FPU) state handling.
|
|
|
|
II. Problem Description
|
|
|
|
As a result of fixing the issue described in SA-18:07.lazyfpu, a regression
|
|
was introduced. FPU state manipulation did not sufficiently prevent context
|
|
switches potentially allowing partially modified FPU context to be switched
|
|
out. Upon returning the thread to a running state, stale FPU context could
|
|
be reloaded.
|
|
|
|
III. Impact
|
|
|
|
The regression could potentially cause an inconsistent FPU state, leading to
|
|
data corruption.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date.
|
|
|
|
Afterward, reboot the system.
|
|
|
|
2) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
Afterward, reboot the system.
|
|
|
|
3) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 11.x]
|
|
# fetch https://security.FreeBSD.org/patches/EN-18:08/lazyfpu-11.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-18:08/lazyfpu-11.patch.asc
|
|
# gpg --verify lazyfpu-11.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile your kernel as described in
|
|
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
|
system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/10/ r337254
|
|
stable/11/ r336963
|
|
releng/11.1/ r338607
|
|
releng/11.2/ r338607
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
The security advisory that introduced the regression is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:08.lazyfpu.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAluYoL5fFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
|
5cJovBAAl+BCwCwWy57TzqtYmYYaJlsKi461suiv2KjQWOAddFFPMgmEgRzLtmdu
|
|
hj4Ix5xMMH1efyWGZCk0zs9bN/2bL59P5NMFTC38Fg18fVUHC3u9SYYILvh+eTeH
|
|
s9/mkTO5nJ0LXZi3RrS4fi12Zqkiu3JuT9lcADdg8dtqRK4L0l77NZ7HD9p/mPX0
|
|
LkLtZNTQz3Fv0LsFxwtdlljGOuJF+YYTKsC87ZHuwATDq7wTHOAmA46LVambxvxM
|
|
JQZrzUE3kDblz1sOIbMD8uW/tQ0gG4mvA3mVkuBX0yokhl7SJ4gFltjLiOEJ+n3y
|
|
7VkIcSN/5uZdjk2yWOoZuZojLLWmF0TnNrLYjIw5vacWvX25iIu+f6s9mavjZXTZ
|
|
TdtHKv+IFZfaDcaZ+mzYN87e/J7nTbe6mFwUXqG1D7ptQ3m4BP68PhtzfGrbFn/z
|
|
KXBDhaFP6MDPIMIfnP0r2HufBBlox9kcH8CKAektxVoiGAWD93+AoKVWbaR1nguQ
|
|
9k9Feo3EeS4gFQ+Jz3MQIl57nhI2FZO2SxcFowHvIqk/diXlhNhjHOy+pwSWlVH+
|
|
8vtVlxcmFyjJBa+59QCix6PzHUn74YxRvP0NDA0zZ5WV1MwEi8J+SWaEbZMVKwJo
|
|
eJxWp1KTylk86vhaxzbRCrCzreHr6jf+Ljzn2HQPQ7rC3mRUdw0=
|
|
=+nM+
|
|
-----END PGP SIGNATURE-----
|