diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-EN-18:17.vm.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-EN-18:17.vm.asc | 140 |
1 files changed, 0 insertions, 140 deletions
diff --git a/share/security/advisories/FreeBSD-EN-18:17.vm.asc b/share/security/advisories/FreeBSD-EN-18:17.vm.asc deleted file mode 100644 index 032d1e641f..0000000000 --- a/share/security/advisories/FreeBSD-EN-18:17.vm.asc +++ /dev/null @@ -1,140 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-EN-18:17.vm Errata Notice - The FreeBSD Project - -Topic: Kernel panic under load on Intel "Skylake" CPUs - -Category: core -Module: kernel -Announced: 2018-12-19 -Credits: Mark Johnston -Affects: FreeBSD 11.2 -Corrected: 2018-12-02 18:08:27 UTC (stable/11, 11.2-STABLE) - 2018-19-19 18:00:58 UTC (releng/11.2, 11.2-RELEASE-p7) - -For general information regarding FreeBSD Errata Notices and Security -Advisories, including descriptions of the fields above, security -branches, and the following sections, please visit -<URL:https://security.FreeBSD.org/>. - -I. Background - -The physical page allocator is a component of the kernel responsible for -tracking usage of the system's RAM by the kernel and by userland -applications. It maintains lists of unused memory pages which may be -returned by the allocator upon demand. It also maintains an integer -count of the number of pages stored in these lists. - -II. Problem Description - -The kernel contains handling for an Intel erratum affecting Skylake-X -CPUs. The erratum description states that a processor may hang when -performing a certain synchronization operation within a particular 4MB -region of physical memory. FreeBSD works around the erratum by using -a blacklisting mechanism to ensure that the physical page allocator -never returns pages in that region. However, this blacklisting -mechanism contained a bug such that the removal of pages in the region -was not reflected in the free page count. - -III. Impact - -The discrepancy between the free page count and the physical page -allocator's state can trigger a NULL pointer dereference when the -system is under heavy load, resulting in a panic. - -IV. Workaround - -Only systems using a Skylake-X or Skylake Server CPU are affected. - -Affected systems can work around the problem by setting the -"hw.skz63_enable" to 0 in /boot/loader.conf, causing the handling for -the Intel erratum to be disabled upon a reboot of the system. However, -this raises the possibility of being affected by the erratum if software -running on the system makes use of Intel TSX. - -V. Solution - -Perform one of the following: - -1) Upgrade your system to a supported FreeBSD stable or release / security -branch (releng) dated after the correction date and reboot the system. - -2) To update your system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install -Reboot the system - -3) To update your system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -[FreeBSD 11.2] -# fetch https://security.FreeBSD.org/patches/EN-18:17/vm.patch -# fetch https://security.FreeBSD.org/patches/EN-18:17/vm.patch.asc -# gpg --verify vm.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile your kernel as described in -<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the -system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/11/ r341401 -releng/11.2/ r342225 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231296> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:17.vm.asc> ------BEGIN PGP SIGNATURE----- - -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlwannZfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD -MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cKsAxAAkr/ufB1aKSSib0n/e6PXE1FOnjUGgpK+LiiSG+QdW/6oMv/yto+4Qbj2 -3Ht3TPyuoTqwQmHHiSzpnnnRHGDrdffiRYQsziFR89c8iyw7Qni8BYlK2YLYYw9i -TVyT6sxkorpTPZpGQZNaRBwZoWCLaxBvfKC0wVcli9gByOfb5T5J4puUNT4EXIpb -eaimCWG24vsIkWlHeC/8ulHsjEEDBatyfWWl95i8JVMqBDdHZypryJkO0jBo5Uig -PIighKIqDiEwwvjtHfGh4iAn3mFINDbMDdjXyMWYqDbgvX3J6cCv6qaY7p2eizQN -taN1rbC+7MJIFEkTFASvbJq7KOc/PcXOLU4O3964HZbbowdQNwAxQAuMGN6GNLmJ -ydHE7Atei1Py8q3gg9uMpX0TVikzfOL6iBmdzEkg2mgXIeyISLn5BTuE/k9hkVwi -6Boeec1qshtx04gF0xzsp/KPropad4nV09/E4cuo5jHuaq3WgpnDVzVhGEmFZpY7 -Z5B8vHqSc7Ng0xZoQYIcYbGCVBaWNF4WCf/1DZhU44mXkob+CRkv+kROFkfn8lY3 -2Jzjp7LWqPv9CFxIJ7q4BnDTyhxkQksm646tII1JNMcjY0hzFjQDUrVmDRb8ak/E -LsJNDKicqGdCdrHeA8jZm7RxwAmdkhyF/uumPYxJg64Y9DU23SM= -=QgI2 ------END PGP SIGNATURE----- |