-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-EN-10:01.freebsd                                        Errata Notice
                                                          The FreeBSD Project

Topic:          Various FreeBSD 8.0-RELEASE improvements

Category:       core
Module:         kern
Announced:      2010-01-06
Affects:        FreeBSD 8.0-RELEASE.
Corrected:      2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.FreeBSD.org/>.

I.      Background

Since FreeBSD 8.0 was released, several stability and performance problems
have been identified.  This Errata Notice describes several fixes judged to
be of particular importance, but low risk, to users with specific workloads
or using specific features that trigger these problems.

Areas where problems are addressed include NFS, ZFS, Multicast networking,
SCTP as well as the rename(2) syscall.

II.     Description

* Slow NFS client reconnects when using TCP

Under certain circumstances the NFS client can queue requests even though
the remote server has initiated a connection shutdown.
The deferred notice of the shutdown can cause slow reconnects against
an NFS server that drops inactive connections.

* Possible panics in ZFS

Due to inadequate checks, attempts to modify a file on a read-only ZFS
snapshot will lead to a 'dirtying snapshot' kernel panic.

The system will also panic if ZFS is combined with a MAC policy supporting
file system labeling (e.g., mac_biba(4) or mac_mls(4)).

* Multicast regression and panic

Multicast filtering may not pass incoming IGMP messages if the group
has not been joined.  User space routing daemons will therefore not see
all IGMP control traffic.

Further, the system will panic under certain circumstances in the IPv4
multicast forwarding path.

* Panic when invalid SCTP message received during connection shutdown

Receiving a specially crafted SCTP shutdown message with an invalid
Transmission Sequence Number may cause the system to panic if there
has been a valid association.

* Panic caused by rename(2)

If a path argument to the rename(2) syscall ends in '/.', insufficient
checking will cause the system to panic.

III.    Solution

Perform one of the following:

1) Upgrade your system to 8-STABLE, or to the RELENG_8_0 security branch
dated after the correction date.

2) To patch your present system:

The following patches have been verified to apply to FreeBSD 8.0 systems.

a) Download the relevant patch from the location below, and verify the
   detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/EN-10:01/nfsreconnect.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/nfsreconnect.patch.asc

# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsvaccess.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsvaccess.patch.asc

# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsmac.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsmac.patch.asc

# fetch http://security.FreeBSD.org/patches/EN-10:01/multicast.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/multicast.patch.asc

# fetch http://security.FreeBSD.org/patches/EN-10:01/mcinit.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/mcinit.patch.asc

# fetch http://security.FreeBSD.org/patches/EN-10:01/sctp.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/sctp.patch.asc

# fetch http://security.FreeBSD.org/patches/EN-10:01/rename.patch
# fetch http://security.FreeBSD.org/patches/EN-10:01/rename.patch.asc

b) Apply the patches.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

IV.     Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

CVS:

Branch                                                           Revision
  Path
- - -------------------------------------------------------------------------
RELENG_8_0
  src/UPDATING                                              1.632.2.7.2.5
  src/sys/conf/newvers.sh                                    1.83.2.6.2.5
  src/sys/netinet/ip_mroute.c                               1.155.2.1.2.2
  src/sys/netinet/raw_ip.c                                  1.220.2.2.2.2
  src/sys/netinet6/raw_ip6.c                                1.111.2.1.2.2
  src/sys/rpc/clnt_vc.c                                       1.8.2.2.2.2
  src/sys/kern/vfs_lookup.c                                 1.132.2.1.2.2
  src/sys/netinet/sctp_input.c                               1.82.2.2.2.2
  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c
                                                             1.24.2.2.2.1
  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
                                                             1.46.2.7.2.1
  src/sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h     1.3.4.1.2.1
  src/sys/cddl/compat/opensolaris/sys/vnode.h                1.12.2.2.2.2
- - -------------------------------------------------------------------------

Subversion:

Branch/path                                                      Revision
- - -------------------------------------------------------------------------
releng/8.0/                                                       r201679
- - -------------------------------------------------------------------------

V.      References

The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-10:01.freebsd.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (FreeBSD)

iD8DBQFLRRFQFdaIBMps37IRAuq9AJ9fq1708qfDgnyzuNRWnumiQhJD2gCcDqWd
AyQA3ZdKXci6S8d9UauJFw4=
=NwGp
-----END PGP SIGNATURE-----