07 january, 2010
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1
=============================================================================
FreeBSD-EN-10:01.freebsd Errata Notice
The FreeBSD Project
Topic: Various FreeBSD 8.0-RELEASE improvements
Category: core
Module: kern
Announced: 2010-01-06
Affects: FreeBSD 8.0-RELEASE.
Corrected: 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
.
I. Background
Since FreeBSD 8.0 was released, several stability and performance problems
have been identified. This Errata Notice describes several fixes judged to
be of particular importance, but low risk, to users with specific workloads
or using specific features that trigger these problems.
Areas where problems are addressed include NFS, ZFS, Multicast networking,
SCTP as well as the rename(2) syscall.
II. Description
* Slow NFS client reconnects when using TCP
Under certain circumstances the NFS client can queue requests even though
the remote server has initiated a connection shutdown.
The deferred notice of the shutdown can cause slow reconnects against
an NFS server that drops inactive connections.
* Possible panics in ZFS
Due to inadequate checks, attempts to modify a file on a read-only ZFS
snapshot will lead to a 'dirtying snapshot' kernel panic.
The system will also panic if ZFS is combined with a MAC policy supporting
file system labeling (e.g., mac_biba(4) or mac_mls(4)).
* Multicast regression and panic
Multicast filtering may not pass incoming IGMP messages if the group
has not been joined. User space routing daemons will therefore not see
all IGMP control traffic.
Further, the system will panic under certain circumstances in the IPv4
multicast forwarding path.
* Panic when invalid SCTP message received during connection shutdown
Receiving a specially crafted SCTP shutdown message with an invalid
Transmission Sequence Number may cause the system to panic if there
has been a valid association.
* Panic caused by rename(2)
If a path argument to the rename(2) syscall ends in '/.', insufficient
checking will cause the system to panic.
III. Solution
Perform one of the following:
1) Upgrade your system to 8-STABLE, or to the RELENG_8_0 security branch
dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 8.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-10:01/nfsreconnect.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/nfsreconnect.patch.asc
# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsvaccess.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsvaccess.patch.asc
# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsmac.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsmac.patch.asc
# fetch http://security.FreeBSD.org/patches/EN-10:01/multicast.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/multicast.patch.asc
# fetch http://security.FreeBSD.org/patches/EN-10:01/mcinit.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/mcinit.patch.asc
# fetch http://security.FreeBSD.org/patches/EN-10:01/sctp.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/sctp.patch.asc
# fetch http://security.FreeBSD.org/patches/EN-10:01/rename.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/rename.patch.asc
b) Apply the patches.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
and reboot the
system.
IV. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- - -------------------------------------------------------------------------
RELENG_8_0
src/UPDATING 1.632.2.7.2.5
src/sys/conf/newvers.sh 1.83.2.6.2.5
src/sys/netinet/ip_mroute.c 1.155.2.1.2.2
src/sys/netinet/raw_ip.c 1.220.2.2.2.2
src/sys/netinet6/raw_ip6.c 1.111.2.1.2.2
src/sys/rpc/clnt_vc.c 1.8.2.2.2.2
src/sys/kern/vfs_lookup.c 1.132.2.1.2.2
src/sys/netinet/sctp_input.c 1.82.2.2.2.2
src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c
1.24.2.2.2.1
src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
1.46.2.7.2.1
src/sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h 1.3.4.1.2.1
src/sys/cddl/compat/opensolaris/sys/vnode.h 1.12.2.2.2.2
- - -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- - -------------------------------------------------------------------------
releng/8.0/ r201679
- - -------------------------------------------------------------------------
V. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-10:01.freebsd.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (FreeBSD)
iD8DBQFLRRFQFdaIBMps37IRAuq9AJ9fq1708qfDgnyzuNRWnumiQhJD2gCcDqWd
AyQA3ZdKXci6S8d9UauJFw4=
=NwGp
-----END PGP SIGNATURE-----