From owner-freebsd-announce@freebsd.org Wed Aug 10 11:58:23 2016 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B797BB5269 for ; Wed, 10 Aug 2016 11:58:23 +0000 (UTC) (envelope-from matthew@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0404A1542 for ; Wed, 10 Aug 2016 11:58:22 +0000 (UTC) (envelope-from matthew@infracaninophile.co.uk) Received: from lucid-nonsense.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.infracaninophile.co.uk (Postfix) with ESMTPS id B8A96CFA1 for ; Wed, 10 Aug 2016 11:58:18 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=freebsd.org Authentication-Results: smtp.infracaninophile.co.uk/B8A96CFA1; dkim=none; dkim-atps=neutral Received: from lucid-nonsense.infracaninophile.co.uk (localhost [127.0.0.1]) by lucid-nonsense.infracaninophile.co.uk (8.15.2/8.15.2) with ESMTPS id u7ABwIlg086734 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 10 Aug 2016 12:58:18 +0100 (BST) (envelope-from matthew@lucid-nonsense.infracaninophile.co.uk) Received: (from matthew@localhost) by lucid-nonsense.infracaninophile.co.uk (8.15.2/8.15.2/Submit) id u7ABwDOJ086733 for freebsd-announce@freebsd.org; Wed, 10 Aug 2016 12:58:13 +0100 (BST) (envelope-from matthew) Date: Wed, 10 Aug 2016 12:58:13 +0100 From: core-secretary@freebsd.org To: freebsd-announce@freebsd.org Message-ID: <20160810115813.GA86720@smtp.infracaninophile.co.uk> Reply-To: core@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw" Content-Disposition: inline User-Agent: Mutt/1.6.1 (2016-04-27) X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on smtp.infracaninophile.co.uk X-Mailman-Approved-At: Wed, 10 Aug 2016 12:54:26 +0000 Subject: [FreeBSD-Announce] FreeBSD Core statement on recent freebsd-update and related vulnerabilities X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Aug 2016 11:58:23 -0000 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Dear FreeBSD Community: The FreeBSD Core team and FreeBSD Security team would like to update the community on the reports of security vulnerabilities in freebsd-update, portsnap, libarchive, and bspatch. We understand the severity of this issue, and are actively working to resolve the issues and improve the security of FreeBSD. A recent post[1] to the freebsd-security@ list raised a number of questions[2] and we would like to address those. 1. Since there are known vulnerabilities in freebsd-update and portsnap, why has there been no notification to the community from secteam@? As a general rule, the FreeBSD Security Officer does not announce vulnerabilities for which there is no released patch. We are reviewing this policy for cases where a proof-of-concept or working exploit is already public. 2. Why was there no mention of the fact that running freebsd-update to install the fix for the bspatch advisory [SA-16:25] may actually expose users to the vulnerability? To be exposed, a user would need to be under an active Man-In-The-Middle attack when fetching patches. The Security Advisory did not contain information on the theoretical implications of the vulnerability. A more explicit paragraph in the 'Impact' statement may have been warranted. As always, instructions on how to compile the patched bspatch manually rather than using freebsd-update were provided as part of the advisory. 3. The patch included in SA-16:25 is incomplete, and may still permit heap corruption. The patch included in the document dump is more complete. Why only a partial fix? After discussion with the author of bspatch (Colin Percival, a former FreeBSD Security Officer himself), The FreeBSD Security Team found that the proposed patch added restrictions that may break (legitimate) functionality in bspatch, possibly preventing some valid patch files from being accepted. While a full fix is being developed, the shorter patch which resolves the main vulnerability was immediately released. This resolves the most critical issue in the report. This smaller patch is safe, in that it does not risk breaking bspatch while still resolving the attack vector of the provided exploit code. The larger patch is still under development and will be released once all of the issues have been addressed. Automated fuzz testing is underway to search for any additional memory corruption bugs. Great care must be taken when updating the binary upgrade utility, as it becomes much more difficult to fix after the fact, as the updater is then broken. There are delicate interactions between the components that must be thoroughly tested before the patch is released. As of yet, patches for the libarchive vulnerabilities have not been released upstream to be pulled into FreeBSD. In the meantime, HardenedBSD has created patches for some of the libarchive vulnerabilities, the first[3] is being considered for inclusion in FreeBSD, at least until a complete fix is committed upstream, however the second[4] is considered too brute-force and will not be committed as-is. Once the patches are in FreeBSD and updated binaries are available, a Security Advisory will be issued. The Security team is working on redesigning freebsd-update and portsnap to do signature verification on all downloaded files before they are processed by libarchive/tar, bspatch, or any other utilities. However, this change requires modifying the metadata format used in the utilities, and care must be taken to preserve compatibility with the existing clients, so the existing clients can be used to install the future updates. Users will of course have the option to build/apply the patches themselves if they do not feel comfortable using freebsd-update to do so. The security team is working diligently to resolve the issues and provide timely, correct fixes for all known issues. Please subscribe to the freebsd-security-notifications@ mailing-list to receive notifications of any future Security Advisories. [1]https://lists.freebsd.org/pipermail/freebsd-security/2016-July/009016.html [2]https://lists.freebsd.org/pipermail/freebsd-security/2016-July/009019.html [3]https://github.com/HardenedBSD/hardenedBSD/commit/acc5eaecbe4970cfb96d9549fe7dc8ceb4676557 [4]https://github.com/HardenedBSD/hardenedBSD/commit/6a6ac73ae630927b2dd996df3cd85c8c612c459c --wac7ysb48OaltWcw Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXqxbVXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMDdCRjVFMzEwQUU2NEJGNjEyMEIwRjYz NkE3QzA1RkUxRUNGOUJCAAoJEDanwF/h7Pm7TGkP/1U4BoTyKZtz9dykKYkYztYV f5tCz+s6ie77TAeDHtQG2ChWYa22DHh7yNGYt7cMptQwm3lOc1UA0xellmQx8Hl+ vpvLGGfzOdKAaXgBufs7PffW+wxWIAa4gCT9Ot2r6QKCP93hMa1JRMXKsJsn9UxJ cTa2w/W3j/TG+LEVS/2T1iFPFggDyMQO1yjA8C7ISjDyDcGnMTNOPSibwyB4eyao VnBeynD6FNLyNzWkY6g5nSfZzfBDzdtOlk0QNZut0N8OmGQ1TUwrFf1MM+ipMpuR YjDNcoxfKcfzvhElsQsBLePoShf6ioEi068gfOSupAC1TUCCPOU6OoA/tvgVGqy2 FfeZlaLwhpGjKLZ341qUwA6tgwchJGVPpB2yzTacQMZU1mQE8Eo+1qc4D+yEGkIS tfFQvpJQ47jM9UiAlTxLsfZ3ZIPM2hvVyJu1YlVKivpB2DQOutw4nnDXz5PZkidR mIcUPRRdOzQomk9Vo3mpl+Fzxb8YH0iMR6J1WECcPSpMhS9njqsvWyXr9MlHvxmQ hYo1MadG3ZsVF4eNNbxUEcDtCAgkoq/E99gHE18TImPmxoq3mnp9+A/hw1rvTDU9 G0e6G4fzYh8s7FrV5yZSk8oAw/Qgw3bK9hsv001QEEVJyoSDQuKhfLKhdcvNY+ei ApNtFgx61ItjvHXalO8C =FlnN -----END PGP SIGNATURE----- --wac7ysb48OaltWcw-- From owner-freebsd-announce@freebsd.org Fri Aug 12 04:09:15 2016 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AEFB8BB7198 for ; Fri, 12 Aug 2016 04:09:15 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 93BFE1F26; Fri, 12 Aug 2016 04:09:15 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id 926451EF0; Fri, 12 Aug 2016 04:09:15 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20160812040915.926451EF0@freefall.freebsd.org> Date: Fri, 12 Aug 2016 04:09:15 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-16:10.dhclient X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.22 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2016 04:09:15 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-16:10.dhclient Errata Notice The FreeBSD Project Topic: Better handle unknown options received from a DHCP server Category: core Module: dhclient Announced: 2016-08-12 Credits: Microsoft OSTC Affects: FreeBSD 10.3 Corrected: 2016-05-06 05:44:12 UTC (stable/10, 10.3-STABLE) 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The dhclient(8) utility is used to request an IP address from a DHCP server. Some implemenations of DHCP servers can use "options" to pass extra information to dhclient. II. Problem Description In Azure, the DHCP server adds a private option (id 0xf5), which contains binary form of an IPv4 address. Once this option is converted to string form, it could contain '$', for example: IPv4 address: 100.72.36.54 binary form: 0x64 0x48 0x24 0x36 string form: "dH$6" In this case, dhclient(8) exits upon "illegal" options as shown above, thus the an Azure virtual machine will fail to obtain an IP address, and fail to start. III. Impact The virtual machine in Azure may not set IP address properly and becomes inaccessible. IV. Workaround No workaround is available, however it is presumed this issue only affects FreeBSD running in Azure. V. Solution 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterward, reboot the system or restart dhclient(8). 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterward, reboot the system or restart dhclient(8). 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-16:10/dhclient.patch # fetch https://security.FreeBSD.org/patches/EN-16:10/dhclient.patch.asc # gpg --verify dhclient.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r299156 releng/10.3/ r303984 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXrUsbAAoJEO1n7NZdz2rnXk4P/jrIiXpu7f2ueB9qZNGE8I31 OYFLJcv7xnSy9FRm1t7FxJJ+rJLG8dSCVtvMuyOExgQ+ZuWKg8kgumRG5/MW081O r0IXmvyFZgYnmRu34m13ZcH7b0qE+i8HhYqd22yoSnceOEodRMJG1X1urbcFRywO UfJz64pqndFYGT0I7lG0Bvt5FwAN3oo8WefaD+eq7kIwnZGLujJHx5cIaG91xLBo chfjPkjVgbF2/IC+rcJd2asKsXRxsBLloTh4NvTMLPSvmgItsUImU5H3YWlL5yDm GbCA2GLY0C50OEMDnMS2GjKUVzMK76TWgtN3fWBAGRRQYyiZh2be9BOR9ypbG6W3 dHGSCiVILKgIoFRUMqT3KkR4oE7cxcSj6yD8xo8Nws4cV3nuC4ityBm6Gn5awzkG PriRg7SYF3mr7cSGa+L7LG7bvL34E/cKL8gkY/LbTa4ZKLFuprMyx3cOs+8Q6ezp u3d51NNPmmprxsFFWKqVIw0yNA6PN6c07v9pFGjUpsPk91+CD6Pgc+UumKI/tsIu BxEhEw3Iucf8YB/qfEJReDdDM7NgjXXeYASq6PI7Ag4uBx+6lNqYomZsmwcGO+6w JtQAxid2fg3srMjA2ZdryJ0DskQn2B+ff1Z7Zf4h58zGmL16CUfA7qhLweAy//GV GBduTyY36OwgkBs5i7wh =y0LS -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Fri Aug 12 04:09:55 2016 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EBCB0BB722F for ; Fri, 12 Aug 2016 04:09:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id D23E61304; Fri, 12 Aug 2016 04:09:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id D10A01FA8; Fri, 12 Aug 2016 04:09:55 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20160812040955.D10A01FA8@freefall.freebsd.org> Date: Fri, 12 Aug 2016 04:09:55 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-16:11.vmbus X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.22 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2016 04:09:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-16:11.vmbus Errata Notice The FreeBSD Project Topic: Avoid using spin locks for channel message locks Category: core Module: vmbus Announced: 2016-08-12 Credits: Microsoft OSTC Affects: FreeBSD 10.3 Corrected: 2016-06-15 09:52:01 UTC (stable/10, 10.3-STABLE) 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The vmbus driver has a global lock hv_vmbus_g_connection.channel_msg_lock, whose type is MTX_SPIN. The lock is used to protect concurrent access to the global pending message list hv_vmbus_g_connection.channel_msg_anchor. II. Problem Description In some cases, sema_post() is invoked when the spin mutex is held. III. Impact Using sema_post() with a held spin mutex may trigger a system panic. IV. Workaround No workaround is available, however FreeBSD virtual machines not running in Hyper-V or Azure are unaffected. V. Solution 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. After which, reboot the system. 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install After which, reboot the system. 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-16:11/vmbus.patch # fetch https://security.FreeBSD.org/patches/EN-16:11/vmbus.patch.asc # gpg --verify vmbus.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r301925 releng/10.3/ r303984 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXrUsfAAoJEO1n7NZdz2rnyAgP/3ZQ6JLhVWjdHHQz13XyT32r NjhZ5VWdL8ZOd4psbLTmqMh79KT4u/bMZ4RackAcpX2agnpPx8sDQL5kaRNypQuj OC+rTyRy4J/TZTeX6OPA+TSwOS/yczdGFhgexk0AuxoqWN3j8yZ/P+DyTC7y5CmD 8Fc9lcTAyFP/OEwybprWesRsC6wS1hKKhzz32e+i2EONzU5Xk8V3rondLZ2cSC9h UaeUqJHCbdIogWt7h0zD3WKbcYEwdTmE6MNFJenjWLaIJQkFxqYUfncK9nePm+v7 W/QfVhEMuClKJRQRI6hHC+XJU2BxoXVB7uuJxk4rfLYO+TynvJ8w2iAMpf6liQLM ChvBsczIDHtha7z1uqMRHouywHgSc/YWXodMrRRbOjDfFFHzsTIE/ZVdAncGqxwQ /b7VmBS4kZRG5KP0ip/SHRUR+Ououp79gOkIphsT8ikpQKyHQVfG9FL8desSpE8f nTyAWwlbBuIid7PqLcFwlIZuqbx52eMWG3//bZNKnxrx2b9RILNRDbOOrwbD2VHq n9mO2EKdEPQg+Fz4omwCcmK2kMhknvotQ9oWUOGFK6i/BqZ6q5PffH4lxTyTS+Jr oDxHZ3jmSVFb7bcjCqYwqpvxloOXY3ChgfYvnq3OI8Ry5Y7rnI8sGmKFwgqWcSqE KS1LNBSGT1A7/mpgzld7 =GPUS -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Fri Aug 12 04:10:01 2016 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D77FDBB7283 for ; Fri, 12 Aug 2016 04:10:01 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id BDE9F136D; Fri, 12 Aug 2016 04:10:01 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id BCFFD1FC8; Fri, 12 Aug 2016 04:10:01 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20160812041001.BCFFD1FC8@freefall.freebsd.org> Date: Fri, 12 Aug 2016 04:10:01 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-16:12.hv_storvsc X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.22 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2016 04:10:02 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-16:12.hv_storvsc Errata Notice The FreeBSD Project Topic: Enable INQUIRY result check only on Windows 10 host systems Category: core Module: hv_storvsc Announced: 2016-08-12 Credits: Microsoft OSTC Affects: FreeBSD 10.3 Corrected: 2016-05-25 06:15:26 UTC (stable/10, 10.3-STABLE) 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background A FreeBSD virtual machine running on Hyper-V uses hv_storvsc(4) to discover, access, and control block devices. The SCSI INQUIRY command is used to scan the disks attached to the virtual machine, and hv_storvsc(4) checks if the response from the host is valid. II. Problem Description On Windows 8 and earlier systems, the response to the INQUIRY command may return invalid results. III. Impact When a SCSI disk hotplug occurs, some disks may not be visible to the guest virtual machine despite being present. IV. Workaround No workaround is available however guest machines not running on Hyper-V on Windows 8 and earlier are unaffected. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. After which, reboot the system. 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install After which, reboot the system. 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-16:12/hv_storvsc.patch # fetch https://security.FreeBSD.org/patches/EN-16:12/hv_storvsc.patch.asc # gpg --verify hv_storvsc.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r300656 releng/10.3/ r303984 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXrUsgAAoJEO1n7NZdz2rns+wP/icFVWd1JaWRxcyRsv/fXIKM +W2juTwxptg7HaXCUf885pe4ku7KHaAHViaE/Ma7QBK3DYbYMFhFRB+Vz3n45DWg Cc9lQfLm1sGOHA1YZml4O9dOnjxkybPhUShiBq06rREOTawdEIb1F5+xUkMo8fx4 L3pwFBwSgBTJogcld4Ukj8w6iFLoN5SAPaGpOwmXguheja8OhP/K0UHk7SkTWaxj AXKyVD9z8GusqST33JOhY+PQEQU4LKZue5Xrxlrblb0eFZn6LiykYAQX0zrufFPi W4sg2rCogo2RIUZxmZAX0V1zcVoClKfFu1/o4dPLY4mWSIGvMde2SXanS3E6T1Mz PBa3+ugTgwE9+kGuY5T5jeslHcac9i6kOKU8UDMlAYxzdd2r7h9UVznms6laCIx2 o4Z1morcFhzInuXepGl7ZeV5KEDzlgmtdLzzgZ+sc4D9IYDwig4tjw8O9uRFBDeG wU1pInC4M2cfs2h322IyYIg5wo9thoMrRitidLACZfB/xo6x3dEaCtj8NtxQXoYK /TwVdT8ltL1RlZun8I/8sdijGG5+eJAU31JOlortHnEDMzyWuSbQcaDqo8dK9fGb WmV0Qk+ATMA1NdxKTMHfxQUfZ6EvplTRHBNdghYWJWTvLXDyb6sKjHzo/Eexn0SD nh2mSHOlq8xjlCyop+I1 =FUf1 -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Fri Aug 12 04:10:07 2016 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C84C9BB72D4 for ; Fri, 12 Aug 2016 04:10:07 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id AEF431446; Fri, 12 Aug 2016 04:10:07 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id ADE041051; Fri, 12 Aug 2016 04:10:07 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20160812041007.ADE041051@freefall.freebsd.org> Date: Fri, 12 Aug 2016 04:10:07 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-16:13.vmbus X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.22 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2016 04:10:07 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-16:13.vmbus Errata Notice The FreeBSD Project Topic: Register time counter early enough for TSC freq calibration Category: core Module: vmbus Announced: 2016-08-12 Credits: Microsoft OSTC Affects: FreeBSD 10.3 Corrected: 2016-06-16 01:57:16 UTC (stable/10, 10.3-STABLE) 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD uses i8254 PIT (Programmable Interval Timer) to calibrate the frequency of the CPU TSC (Time Stamp Counter). II. Problem Description The Hyper-V i8254 emulation does not correctly calibrate the TSC frequency, and is not available for Generation 2 Hyper-V virtual machines. III. Impact FreeBSD virtual machines running on Hyper-V will see warnings logged to syslog(8) and the system console resembling: calcru: runtime went backwards from 18 usec to 9 usec for pid 0 (kernel) IV. Workaround No workaround is available, however FreeBSD virtual machines not running in Hyper-V or Azure are unaffected. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. After which, reboot the system. 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install After which, reboot the system. 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-16:13/vmbus.patch # fetch https://security.FreeBSD.org/patches/EN-16:13/vmbus.patch.asc # gpg --verify vmbus.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r301942 releng/10.3/ r303984 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXrUshAAoJEO1n7NZdz2rnZncQALG1iAvkhT+SZZ+MP7bEqlJP HP2NsmalVF35PnoGRj+MwG61rbrtZzAB/OHXVx4iotzAW6NCOACJuCnuJqgqFK6N pggtIzgE6xXsHlKIL7V9ucIURIUbdAcDoaTnJ4aE373DwmtPn/hKVaWtbspcpZ3F QxiFIhbR4kqDjk1fVmM4xAn8E4Q6+eUFb88LUnWh/Cd86uCSQ5cKY8qFQyhoEyeI L6iChVTdE7zn3bjavzlJdQn2Rh6N7lmnhBcpm+e1eyDdxDYUPCXAeGqmNrQBShq9 SwIJKOs6ll0tzDGTI0tmKV5OoEw6InyZ6xRDR7k6j7yOo/IHVNrFAYQ+CRI+IDCv q+MXYOUDTIo1KxjYHzRan+f3m7DXUuSXUDye+0sAglK37FJGvUZ206dkNZVFzp2F wKpvzT2Pbfzl5AMGJav04YpC7MiXCxD/wsUs+jz9P+9G5UuMcjwYhuLXFecrX7BP zhqEtRTShuFviNIsCJxG+pmF/srESTADMckYWLez7Y2qHbO2ZxMRpKOB9XPNQEoK PQIWdsmdiUKCjCgKp7Siy/bb42zUVcCXjSFXGP7Eb0+i49SAFZWAO53jbe3qvtQT NGf47PReOLpxmLVi84lemS5jl+/GhREWZNQ+b3jdHs8ghKjfkvDPWzihVAMzcfQN LNnMDZJlpCUhiGp6yoHG =s9XX -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Fri Aug 12 04:10:12 2016 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E6FCBB7309 for ; Fri, 12 Aug 2016 04:10:12 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 24D0814D0; Fri, 12 Aug 2016 04:10:12 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id 23BE9107B; Fri, 12 Aug 2016 04:10:12 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20160812041012.23BE9107B@freefall.freebsd.org> Date: Fri, 12 Aug 2016 04:10:12 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-16:14.hv_storvsc X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.22 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2016 04:10:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-16:14.hv_storvsc Errata Notice The FreeBSD Project Topic: Disable incorrect callout in hv_storvsc(4) Category: core Module: hv_storvsc Announced: 2016-08-12 Credits: Microsoft OSTC Affects: FreeBSD 10.3 Corrected: 2016-05-06 05:16:42 UTC (stable/10, 10.3-STABLE) 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The Hyper-V storage driver, hv_storvsc(4), always sets up a timeout(9) timer when sending an I/O request to the host. When the I/O is completed by the host and the host notifies the virtual machine, callout_drain() is used in another thread. II. Problem Description The hv_storvsc(4) driver does not correctly set up the timer, and callout_drain() does not remove the callout as expected. When the callout is later used again, it is unexpectedly reinitialized, which can cause undetermined behavior in the kernel callout(9) system. III. Impact Unexpected behavior in the kernel callout(9) system can occur, such as inability to halt the system with 'shutdown -h now'. IV. Workaround No workaround is available, however FreeBSD virtual machines not running in Hyper-V or Azure are unaffected. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. After which, reboot the system. 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install After which, reboot the system. 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-16:14/hv_storvsc.patch # fetch https://security.FreeBSD.org/patches/EN-16:14/hv_storvsc.patch.asc # gpg --verify hv_storvsc.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r299153 releng/10.3/ r303984 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXrUsiAAoJEO1n7NZdz2rn5qAP/0OmatunIP/2a1U7SPNav55G wa0/q9MOYb/+vRfGGynlGLt79E6gxYopwMXnVtm/Z1Hhqt7NEfT6h4Fjb6rjdIiz Anwm6kNuesDjZGBSJ1POMP8DCXm16uqxZXQvGvzaVrdj/30gyFFrmUGPetJWnjZk CawfOfDS+EynvXoXDuBUu9EeisUGFbcnb3zRTqXYq3adsxW9AwlstvCPnzKzvwom KZKQz7AVB4XgD3B65UMpGrK7vi8u8PwXfn5sffhnt3KMchbpMA4HJXubrm9QmxxJ KFQm4VOMxiqjSYMtTSW6q8uIArPG2y/Cs4agHUiSehRksMSUs6TCGdmSKN/OMn0D Sby2MlcZCBuQDVmRdrotuTGkFvLAs/JagOojIAaz0wNcSWQv3F7DxuKx76C6jjlO 7mgEPrctDmQJMLIIAIqvzvG94DeleMEwLIV+5omr5hhy0FANfUksgUqPH5z2n6wZ c4VJf8d1Jv6kpp8/uq1tcMrhmTtRwP1v7LYUBaHgy++C8azbrrS7BEMyqIB8Upal CWlI9ZHZYoMWkpqATtlBs3rFmWNLxtCmf8a7Xa+Ox/hep6wrFD+TFmq2wzukTypq BNGPIeHTxe7KdVcMbI87//SGWNEx/+W9iEcF4eGhE8JgGz+E0TvMR/JlK2479KXG hsjMFVQWevI7sgvSKkBS =XI3q -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Fri Aug 12 04:10:16 2016 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 54A63BB733B for ; Fri, 12 Aug 2016 04:10:16 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 48BD51597; Fri, 12 Aug 2016 04:10:16 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id 47CC110C7; Fri, 12 Aug 2016 04:10:16 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20160812041016.47CC110C7@freefall.freebsd.org> Date: Fri, 12 Aug 2016 04:10:16 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-16:15.vmbus X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.22 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2016 04:10:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-16:15.vmbus Errata Notice The FreeBSD Project Topic: Better handle the GPADL setup failure in Hyper-V Category: core Module: vmbus Announced: 2016-08-12 Credits: Microsoft OSTC Affects: FreeBSD 10.3 Corrected: 2016-06-15 09:39:41 UTC (stable/10, 10.3-STABLE) 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD guests on Hyper-V call hv_vmbus_post_message(), which uses hypercalls to post various types of VMBus messages to the Hyper-V host. One kind of the messages is to setup GPADL (Guest Physical Addrss Description List), which describes shared memory buffers between the host and the guest. II. Problem Description Most often, hv_vmbus_post_message() does not fail. However, it could fail intermittently when GPADLs of large shared memory is to be established with the host, such as on the hn(4) attach path, a GPADL of 15MB sendbuf is created, for which lots of messages will be flooded to the host. The host side tries to throttle the message rate by returning HV_STATUS_INSUFFICIENT_BUFFERS. Before this errata notice, several retries for failed messages would be attempted, but the delay between each retry is too low, causing sporadic message posting failure. A larger delay (>=1ms) is now used between each retry to fix the message posting failure. III. Impact Failures when Hyper-V network device driver are loaded and the device cannot work would occur. IV. Workaround No workaround is available, however FreeBSD virtual machines not running in Hyper-V or Azure are unaffected. V. Solution 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterward, reboot the system. 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-16:15/vmbus.patch # fetch https://security.FreeBSD.org/patches/EN-16:15/vmbus.patch.asc # gpg --verify vmbus.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r301924 releng/10.3/ r303984 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXrUskAAoJEO1n7NZdz2rnpSYQAOcdxWeTfHk3Pksvy8tZl1sE 1HzD7d4LUEd8TJZq6JA8JEmAA3MN6p0FoGDj0NlMviiy1slCo4BuEyriixhkKUqh be1+2pVY3d6gMixHFNPVKA0JB5amDvfxF8jY/lMZ1CsfD1tE0bTSRwPYhFFxJI8g QK2dbjbGPQF32fAh4953wLV/HO1n6JiQS8dtyJBc4BdGRNCcuZpl69lDeJJWH5Li IYtbQQlMIQZA5le7CjGXP+6eFus+U7CoqxuCq50CJwsgt0Rw+klApX85dodImlCR qn6FCB0OdM2W3KgrnOLEXjvmajUO1fWAkiwlS6ZlkqST5KSRUHC3pzzZcYrvLBtA qOslsoOp7v7uOvjKIt6As8KmX7OjFgNsiH4oxCL8H8HXNlN3uQRayMG8kglWqKWo QFjF5cPL1YnDn5cBSThGQY0QBnDFEPiyviJZZ8XInKAESNysOW5rpx4bLKRqz33L tZ0ebi+3PpA3M6wK9ag3zARJvqfTgHZ6KoVBF3HKmIB+LnyFQybHBaG5eG1sveWC 11KobiLoA1Te9v9KunJRBvmPMsV2zjrGJ5MYFw7UH/gYhjO2CGnRlJUCAHDFr7u+ f/AJYb9qSS6exSFGhl7tBAxEAQAizy2eCSde/rXqbNH8QPz4SM/J436GPdxcaTRD Lj+bkbcEPY6QqPPodDHn =JVB9 -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Fri Aug 12 04:10:21 2016 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D7B73BB7362 for ; Fri, 12 Aug 2016 04:10:21 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id BCF2716A5; Fri, 12 Aug 2016 04:10:21 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id BC2171170; Fri, 12 Aug 2016 04:10:21 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20160812041021.BC2171170@freefall.freebsd.org> Date: Fri, 12 Aug 2016 04:10:21 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-16:16.hv_storvsc X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.22 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2016 04:10:22 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-16:16.hv_storvsc Errata Notice The FreeBSD Project Topic: Fix SCSI INQUIRY checks and error handling Category: core Module: hv_storvsc Announced: 2016-08-12 Credits: Microsoft OSTC Affects: FreeBSD 10.3 Corrected: 2016-07-15 02:29:10 UTC (stable/10, 10.2-STABLE) 2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The Hyper-V storage driver, hv_storsvc(4), uses the SCSI INQUIRY command to detect the presence of SCSI LUNs. II. Problem Description The hv_storsvc(4) driver assumes 36-byte responses to the INQUIRY command, which is not always the case. When a shorter response is received, it can lead to unexpected behavior. If the host changes the virtual disk capacity, responses from the host to the virtual machine guest next command (such as READ CAPACITY or INQUIRY) return an error with sense data supplied. The hv_storsvc(4) driver does not check the error status properly, so the upper SCSI layer treats the command as being successfully executed, resulting in unexpected behavior. III. Impact There are several manifestations of the impact, such as disk hotplug not working reliably, SMART checks on the disk with 'smartctl -i /dev/da0' can cause the disk to detach and crash the machine, and online resizing not working reliably. IV. Workaround No workaround is available, however FreeBSD virtual machines not running in Hyper-V or Azure are unaffected. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. After which, reboot the system. 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install After which, reboot the system. 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-16:16/hv_storvsc.patch # fetch https://security.FreeBSD.org/patches/EN-16:16/hv_storvsc.patch.asc # gpg --verify hv_storvsc.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r302863 releng/10.3/ r303984 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXrUslAAoJEO1n7NZdz2rnoeUP/0dlvrBv/wocTjPu+6K5OjIA +GAvrrI+pESdnBQwYcIBfxq/YJIsgzVBAlqnrR1/s2fVOtkvhdcvzJAQSEVlvaYa sJI2wn3lcT8KcH/JfNTxm/TgdDS25kPFl9SG1EdxE6ZSQHC4A0mjoEO9z4S7cq9i FYS3VjY7AqZDJx6lCvQjW0Th4S/tvW1YZ62Tlnq3IT0JVpvVlxxPP9Qau7Z4DX8I Pr+EqmBGdKINfzDXlrJ3TtLJ094mZw2CrhF1exmpdPAiuCUcKlt7xa6jGtm939iX Pur9bIxl8pB/+uPB+vRq5wjzmg7s3ld8BWBV/NJjeLXSFb0hRxWcdbuvqcpiolQu nIFsyaZ5h3QSxZG4NydB2Cr/A5lPG0aVGs76V9OnRbMy53NUrkyWZtGq0Qoyu9Zj XaMDGeiFZcuR7VynrClGtJ9L+oeewQvScPsB5D2cwS+xsey7bTlOrpfT55Zouew2 4gsuW8kmoxq8zE3pqLn41td+ERrH0mFp1/0Zk4NdB5ylJA/o2DFeMIiJpHZ0OtWE T0KJ05Hz2UkjaPx1UUUC1D3GTunETXMHu62XhgsJi9tJltKiHZskWZYS9u2zDP57 67nDjaORLbPIXUvMcQoOw/o7wFB4JWcnu/NUJdCHHHcSlec49fT+tfDzZvcfycrk lTEHTA0GabtHC2G7vc+v =3gBz -----END PGP SIGNATURE-----