From nobody Thu Nov 3 07:50:27 2022 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N2wsn2y8Tz4hGYn for ; Thu, 3 Nov 2022 07:50:37 +0000 (UTC) (envelope-from zlei@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N2wsn2WZ3z417C; Thu, 3 Nov 2022 07:50:37 +0000 (UTC) (envelope-from zlei@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667461837; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=l3g6lBhIQu9eEMK+ADFHwGZy2QLau1Ov8D7y3r2aBqI=; b=AuAj8hY5F4XrQ2/LamPbjmTdrL+39+WcIwLw8bJFsH4wLDaLcM/+pg0qkilQKwyn3BXsAi XzE7oXU1BeIg4anU8ZFAtEGYFJv1wf7swy/GnpOpBS6k+Zwg4YbSNVLWENbp/vIybfMxMh /QOwWEGoKJ4pGpzMq9CaKSHpWlXQjDK9Vnc2XvGEuGdhlk36Ft0nqPvxid/JjHdEO9NSJr KZ03jztBZc6jwtTmzuUWrFfw6cEknjjXj/sK7f42cNKz/77/sOr3eWZu7zqlZspQmvv6G3 13RiSAVSA8DWz4eCYT90AYnyTPjBT3ANJYwxXxazmT4J2iz+846wX70vQ663iQ== Received: from [192.168.10.252] (unknown [112.66.188.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: zlei/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4N2wsl6Vyrzh27; Thu, 3 Nov 2022 07:50:35 +0000 (UTC) (envelope-from zlei@FreeBSD.org) From: Zhenlei Huang Message-Id: <48265C2A-9D68-489A-8EFD-663D48B3F0A9@FreeBSD.org> Content-Type: multipart/signed; boundary="Apple-Mail=_763D795E-DD0C-47B7-AF9A-72CD113BE0A4"; protocol="application/pgp-signature"; micalg=pgp-sha512 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\)) Subject: Re: FreeBSD Errata Notice FreeBSD-EN-22:25.tcp Date: Thu, 3 Nov 2022 15:50:27 +0800 In-Reply-To: <20221101222105.267AA3A06@freefall.freebsd.org> Cc: FreeBSD Errata Notices To: freebsd-stable@freebsd.org References: <20221101222105.267AA3A06@freefall.freebsd.org> X-Mailer: Apple Mail (2.3608.120.23.2.7) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667461837; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=l3g6lBhIQu9eEMK+ADFHwGZy2QLau1Ov8D7y3r2aBqI=; b=TS34nKsgKZ941KSE7qCG3v4Tl/IlMCs0y+UYMxmR3VLPQ2MIkdoxu1PidzI8pnVwZKUPeQ stSQwhz8IN04rpgzmm00608Qm8R8sf7yV28izPXumVIZY+8WfNaOTnpy+GzH1V9dnnE0Aa TkORRngE5YU+kxzpEKf5NA3IGgKqFgpwA87r2GS2VA9Aq0ye8Utt0GXW6r0hmOqN99kZ15 mDpXYblCa0pJJ5vAlPfcGCNXr4WwvvKk0940BkhJ1vtwHXyHEyJNun0XcgCTIXsjiEeXrz Q53RJP5nLa7n+KCpymsTtUk0BR3wdRghRGpj8QOc1dHq56+D6zyvcoG4xtYcwg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1667461837; a=rsa-sha256; cv=none; b=xosKi8BtfBkfPRKGlnEds36h++bn9c4AxwE4e548bNG038jPRz9xXnSB0UU5CSOvP2NN+P sCRYiMwm1aY7HEXXz8FxNvWYmkC/osDJpek+xApsfgFEk64A4kE1G2sRHs4z8hXLQtpksp slsG41+k25DuOUHJeDIAKymOFyZ6v7/GmzF3N4TaWeZWHNCGDarPN6YuRB2IX98BE1bNDr BtPmHtm6fqurP2OKRlKQEh0n7ngUo6kXn+M4YaNbIaV8VPrPO3V3v18XOQKXOWcFoS1ylJ 6k3R4yMXHlEBcMqF9x2IYEtWi1qV6MWYBCyuLRonKhnsGnIZmJSr4O1W9NPvjQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N --Apple-Mail=_763D795E-DD0C-47B7-AF9A-72CD113BE0A4 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi, This fix an annoying issue I encountered when I updated one of my build = box from 12.3 to 13.1. When remote copying large files from the build box to my local laptop = (MBP), sometimes the pipe broke and end up with 'lost connection'. ``` zlei@Zhenleis-MacBook-Pro:/tmp % scp xx.xx.xx.xx:~/stable12/kernel.txz = ./ Enter passphrase for key '/Users/zlei/.ssh/id_rsa': kernel.txz = = 38% 17MB 2.0MB/s 00:13 ETA ssh_dispatch_run_fatal: Connection to xx.xx.xx.xx port 22: message = authentication code incorrect lost connection ``` Sometimes the ssh session to the build box interrupts, commonly when = there're a lot of output from terminal. make buildkernel e.g. Thanks for the fix! Best regards, Zhenlei > On Nov 2, 2022, at 6:21 AM, FreeBSD Errata Notices = wrote: >=20 > Signed PGP part > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D > FreeBSD-EN-22:25.tcp Errata = Notice > The FreeBSD = Project >=20 > Topic: Possible data corruption with TCP SACK retransmissions >=20 > Category: core > Module: tcp > Announced: 2022-08-28 > Credits: Richard Scheffenegger > Affects: FreeBSD 13.1 > Corrected: 2022-09-14 01:28:03 UTC (stable/13, 13.1-STABLE) > 2022-11-01 13:28:11 UTC (releng/13.1, 13.1-RELEASE-p3) >=20 > For general information regarding FreeBSD Errata Notices and Security > Advisories, including descriptions of the fields above, security > branches, and the following sections, please visit > . >=20 > I. Background >=20 > TCP supports an enhancement that allows faster recovery and = retransmission of > data when loss is discovered called Selected Acknowledgements (SACK). >=20 > SACK allows a TCP sender to communicate more information about which = segments > are lost. During a SACK episode a TCP sender will reduce its rate to = avoid > causing congestion on the network. >=20 > II. Problem Description >=20 > A change made to make TCP more resilient and effective when handling = loss > recovery by SACK, could lead to connection interruption when incoming = ACKs > suddenly no longer contain SACK blocks. >=20 > III. Impact >=20 > This can lead to correct data being placed at the wrong offset in the > stream in a non-deterministic manner. This can result in termination = of > the TCP connection by the application or in the worst case silent data > corruption. >=20 > IV. Workaround >=20 > Disable SACK globally by setting the net.inet.tcp.sack.enable sysctl = to 0: >=20 > # sysctl net.inet.tcp.sack.enable=3D0 >=20 > Note that this will only affect new connections. Thus, either persist = the > setting in /etc/sysctl.conf and reboot, or ensure that any critical = connections > are restarted after modifying the sysctl setting. >=20 > V. Solution >=20 > Upgrade your system to a supported FreeBSD stable or release / = security > branch (releng) dated after the correction date. >=20 > A reboot is required for these changes to be applied. >=20 > Perform one of the following: >=20 > 1) To update your system via a binary patch: >=20 > Systems running a RELEASE version of FreeBSD on the amd64, i386, or > (on FreeBSD 13 and later) arm64 platforms can be updated via the > freebsd-update(8) utility: >=20 > # freebsd-update fetch > # freebsd-update install >=20 > A reboot is required for these changes to be applied. >=20 > 2) To update your system via a source code patch: >=20 > The following patches have been verified to apply to the applicable > FreeBSD release branches. >=20 > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. >=20 > # fetch https://security.FreeBSD.org/patches/EN-22:25/tcp.patch > # fetch https://security.FreeBSD.org/patches/EN-22:25/tcp.patch.asc > # gpg --verify tcp.patch.asc >=20 > b) Apply the patch. Execute the following commands as root: >=20 > # cd /usr/src > # patch < /path/to/patch >=20 > c) Recompile your kernel as described in > and reboot = the > system. >=20 > VI. Correction details >=20 > This issue is corrected by the corresponding Git commit hash or = Subversion > revision number in the following stable and release branches: >=20 > Branch/path Hash = Revision > = ------------------------------------------------------------------------- > stable/13/ 2b8ee332b938 = stable/13-n252399 > releng/13.1/ dd35207e2025 = releng/13.1-n250162 > = ------------------------------------------------------------------------- >=20 > Run the following command to see which files were modified by a > particular commit: >=20 > # git show --stat >=20 > Or visit the following URL, replacing NNNNNN with the hash: >=20 > >=20 > To determine the commit count in a working tree (for comparison = against > nNNNNNN in the table above), run: >=20 > # git rev-list --count --first-parent HEAD >=20 > VII. References >=20 > The latest revision of this advisory is available at > >=20 >=20 --Apple-Mail=_763D795E-DD0C-47B7-AF9A-72CD113BE0A4 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iNUEARYKAH0WIQRj28YmNowGX1isJg7GJJ6Jgbd0XwUCY2Nyw18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjNE QkM2MjYzNjhDMDY1RjU4QUMyNjBFQzYyNDlFODk4MUI3NzQ1RgAKCRDGJJ6Jgbd0 X5D7AP4z7emTox2zO4Q6Qpld18h59kRTI+NssbXlFNpBeRlN2AD/Zte1outjUokC D0v2fi9X02/hETib6Rpa6BYQP5EVEwg= =Dkjc -----END PGP SIGNATURE----- --Apple-Mail=_763D795E-DD0C-47B7-AF9A-72CD113BE0A4--