Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Mar 2016 23:12:07 +0000 (UTC)
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org
Subject:   svn commit: r48425 - head/share/security/advisories
Message-ID:  <201603162312.u2GNC7Zh058239@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: glebius (src committer)
Date: Wed Mar 16 23:12:06 2016
New Revision: 48425
URL: https://svnweb.freebsd.org/changeset/doc/48425

Log:
  Oops, rename ENs properly.

Added:
  head/share/security/advisories/FreeBSD-EN-16:04.hyperv.asc
     - copied unchanged from r48424, head/share/security/advisories/FreeBSD-16:04.hyperv.asc
  head/share/security/advisories/FreeBSD-EN-16:05.hv_netvsc.asc
     - copied unchanged from r48424, head/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc
Deleted:
  head/share/security/advisories/FreeBSD-16:04.hyperv.asc
  head/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc

Copied: head/share/security/advisories/FreeBSD-EN-16:04.hyperv.asc (from r48424, head/share/security/advisories/FreeBSD-16:04.hyperv.asc)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-16:04.hyperv.asc	Wed Mar 16 23:12:06 2016	(r48425, copy of r48424, head/share/security/advisories/FreeBSD-16:04.hyperv.asc)
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:04.hyperv                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Hyper-V KVP (Key-Value Pair) daemon indefinite sleep
+
+Category:       core
+Module:         hyperv
+Announced:      2016-03-16
+Credits:        Microsoft Open Source Technology Center(OSTC)
+Affects:        FreeBSD 10.x
+Corrected:      2015-12-18 14:52:12 UTC (stable/10, 10.2-STABLE)
+                2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
+                2016-03-16 22:30:56 UTC (releng/10.1, 10.1-RELEASE-p31)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+Hyper-V is a native hypervisor running on Windows operating system. It can
+run FreeBSD 10.x as guest in virtual machine.
+
+Data Exchange is an integration service, also known as a key-value pair or  
+KVP, that can be used to share information between virtual machines and the
+Hyper-V host.  For more information, see
+<URL:https://technet.microsoft.com/en-us/library/dn798287.aspx>.
+
+II.  Problem Description
+
+The KVP driver code doesn't implement the KVP device's .d_poll callback
+correctly: when there is no data available to the user-mode KVP daemon, the
+driver forgets to remember the daemon and wake up the daemon later.  As a
+result, the daemon can't be woken up in a predictable period of time, and
+the host side's KVP query can hang for an unexpected period of time and get
+timeout, and finally the host can think the VM is irresponsive or unhealthy.
+
+III. Impact
+
+When a FreeBSD 10.x virtual machine runs on Hyper-V, the host may not get the
+expected response of a KVP query. When a virtual machine runs on Azure, the
+host may try to recover the "irresponsive" virtual machine by killing it and
+starting it later, causing unnecessary virtual machine downtime.
+
+IV.  Workaround
+
+Don't run the KVP daemon on a virtual machine.  With this, the host will know
+that KVP functionality is not working at all, so the host won't try to send KVP
+query to virtual machine.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.  Reboot is required.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot is required.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:04/hyperv.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:04/hyperv.patch.asc
+# gpg --verify hyperv.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r292438
+releng/10.1/                                                      r296954
+releng/10.2/                                                      r296955
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<URL:https://technet.microsoft.com/en-us/library/dn798287.aspx>.
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:04.hyperv.asc>;
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJW6eQmAAoJEO1n7NZdz2rnq+sQAOOnGB826xMwM5xW7a2rnOKV
+SDPzC0XXkHhRltJWSaIBi+nhKusMQcuYEaZDG8P5pvugpJfBPDhv2THu9ofEhvB4
+88iT4sFOKi20iXJxrZQM5UT9tPaDoWUCQ9isr4HseotF5Hda4onplGK3/VXq3xGF
+tGjgOfnHbhQbXAf7JZwCfjUeIyYYY2VGBscSwDF/AS0Z9vUEudNKnPEZcC5V19LJ
+8vZHjknNpchklnaT0UFZwrpFEgpmSU5rtYlH6FbfWYbspqRjEk1Ia2wkasB9im2z
+v2vc+qNOqgOMATgatix0yqzXnBkOqi+5ra0MUipXG89l3Yxvekv0mvqQFYRWN7MN
+fjPOnP9i2hjoKbbPEArEmYffOFMjxrOTgzLYVxXntOTUFMgGcUXltgjlo/Ov4Fm0
+CfDIDUBlyPlDkemPYiaRinyLim4M3TOll2M6ucnonFuE//sLfU/DEnlz8pf+yJg3
+jeJ7Pi6YKe+YUrTj2kL8shoPWjg00oHCIZua9nFhdHwNURX5XuoPlf84qxeSmumL
+lbQ8Dq82zkECJmJe7fGshUyPGlXqN+ValGYtZkuQwS/vq1cxRomvO1naZQDqJuVA
+Z15SW63CnsFIYJvK0Dd0v0i3Nw0WYHRRJ5nFo18WIzHs2FZguib1wqiN6D1oRnrH
+0YgK0KZFzwWufB7YB0TG
+=4BjO
+-----END PGP SIGNATURE-----

Copied: head/share/security/advisories/FreeBSD-EN-16:05.hv_netvsc.asc (from r48424, head/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-16:05.hv_netvsc.asc	Wed Mar 16 23:12:06 2016	(r48425, copy of r48424, head/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc)
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:05.hv_netvsc                                      Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          hv_netvsc(4) incorrect TCP/IP checksums
+
+Category:       core
+Module:         hyperv
+Announced:      2016-03-16
+Credits:        Larry Baird
+Affects:        FreeBSD 10.2
+Corrected:      2015-12-18 14:56:49 UTC (stable/10, 10.2-STABLE)
+                2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+Hyper-V is a native hypervisor running on Windows operating system. It can
+run FreeBSD 10.x as guest in virtual machine.
+
+When FreeBSD guest runs on Hyper-V, to get the best network performance,
+it usually uses the Hyper-V synthetic network device.  The driver of the
+network device is called hv_netvsc(4).  Since FreeBSD 10.2-RELEASE the
+driver supports TCP segmentation and TCP/IP checksum offloading.
+
+II.  Problem Description
+
+Together with the TCP segmentation and TCP/IP checksum offloading a regression
+was introduced.  The driver checked the inbound checksum flags when deciding
+whether to process checksums or not, while it should have checked the outbound
+flags only.
+
+III. Impact
+
+If the guest running on Hyper-V is configured as a gateway, the host will
+silently drop certain packets from the guest.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.  Reboot is required.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot is required.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:05/hv_netvsc.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:05/hv_netvsc.patch.asc
+# gpg --verify hv_netvsc.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r292439
+releng/10.2/                                                      r296955
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203630>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:05.hv_netvsc.asc>;
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJW6eQyAAoJEO1n7NZdz2rnOdQQANX3NYcoY1uMJEJcOMgfKp52
+OUKUriPdJjEr94Yq/QSGaIp5WyZ5O/hu89LI45DlJMHGxQYJrpQuM1Cyf2QS770u
+yrmfTkcJpqmwJpr4pOqQuYUHuAXkUsOeOysOO/2ccP7USFWqdWbgLotbq3JAFwIz
+cnPwteAawZ3BZLaDRXgsr9Hhqn5d++YIsYC3mhyGNJJI6LlNG/ihba2Vd8lDu9hv
+UVv0WW8yfv851jEv/vhCQmhHcHcIAhzZGLn47Shi4s0833icvPeU+Xc/cpL/wifX
+vCPKA53DqdsNCsPQbbfzgCgoxV1iC3zb/4EOUAIpCInS00N4YQeQiJePH7Im56rc
+y6LsccIf1otr8xCuRuWsUVXuzrmtDBKDzE2gwMx+YHAEWl7ObhgM1VYYWoYnwBlr
+g+M2Wynjcj/rSZUpBdtUFFDNhqFlvrFSXDUEl0MbK4IzwtyOQtQfnCjy6kTqr2yB
+czWonmU9tgLtaqkN61b5pBx+jR2oEC4M8HPHuA2LmEKLJrgfePHBIAZ7cPnWaZ4O
+L4uP97MPmZEQggQeED5SLTMl3jJUe52H9XDkN8RV8/P3oA/YXBD4prhg4fYvNKQT
+VR0pWvlnJNmjaupCBWOfJfG1S8+oOfoTNV5/Fq83LVLW0DPKHVmLtQfS5Rs02745
+VnvCDT/XPOCODW1KdsSc
+=vkxR
+-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603162312.u2GNC7Zh058239>