FreeBSD Bugzilla – Attachment 249416 Details for
Bug 264115
net/wireguard-kmod: Panics ARM64 (RockPro64) on FreeBSD 14-CURRENT (716fd348e01): panic: vm_fault failed: 0 error 1
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
Proposed EN template
en-wg.txt (text/plain), 4.15 KB, created by
Kyle Evans
on 2024-03-22 19:05:57 UTC
(
hide
)
Description:
Proposed EN template
Filename:
MIME Type:
Creator:
Kyle Evans
Created:
2024-03-22 19:05:57 UTC
Size:
4.15 KB
patch
obsolete
>============================================================================= >FreeBSD-EN-ERRATA_TEMPLATE Errata Notice > The FreeBSD Project > >Topic: insufficient barriers in if_wg(4) > >Category: core >Module: if_wg >Announced: 2024-XX-XX >Affects: All supported versions of FreeBSD. >Corrected: 2024-03-22 15:21:39 UTC (stable/14, 14.0-STABLE) > 2024-XX-XX XX:XX:XX UTC (releng/14.0, 14.0-RELEASE-pXX) > 2024-03-22 15:21:42 UTC (stable/13, 13.2-STABLE) > 2024-XX-XX XX:XX:XX UTC (releng/13.2, 13.2-RELEASE-pXX) > >For general information regarding FreeBSD Errata Notices and Security >Advisories, including descriptions of the fields above, security >branches, and the following sections, please visit ><URL:https://security.FreeBSD.org/>. > >I. Background > >if_wg is the kernel module that implements WireGuard tunnels between two >endpoints. When packets arrive from the tunnel or are sent over the tunnel, >they are decrypted or encrypted in a separate thread from the one that delivers >the packet to its final destination. > >II. Problem Description > >Insufficient barriers between the encrypt/decrypt threads and the delivery >threads may result in the wrong part of an mbuf chain being read and sent along >through the network stack on architectures with a weaker memory model, e.g., >aarch64, under certain workloads. > >III. Impact > >The part of the mbuf chain being sent along may contain some invalid state that >causes a later fault and panic. > >IV. Workaround > >No workaround is available, but i386 and amd64 are not affected. > >V. Solution > >Upgrade your system to a supported FreeBSD stable or release / security >branch (releng) dated after the correction date and reboot or reload the >if_wg kernel module. > >Perform one of the following: > >1) To update your system via a binary patch: > >Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, >or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) >utility: > ># freebsd-update fetch ># freebsd-update install > >After the updates have installed, you will need to reboot the system or reload >the if_wg kernel module. > >2) To update your system via a source code patch: > >The following patches have been verified to apply to the applicable >FreeBSD release branches. > >a) Download the relevant patch from the location below, and verify the >detached PGP signature using your PGP utility. > >[FreeBSD 13.2] ># fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch ># fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch.asc ># gpg --verify XXXX.patch.asc > >b) Apply the patch. Execute the following commands as root: > ># cd /usr/src ># patch < /path/to/patch > >c) Recompile your kernel as described in ><URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the >system or reload the if_wg kernel module. > >VI. Correction details > >This issue is corrected as of the corresponding Git commit hash or Subversion >revision number in the following stable and release branches: > >Branch/path Hash Revision >------------------------------------------------------------------------- >stable/14/ 590e02d3c088 stable/14-2576116 >releng/14.0/ XXXXXXXXXXXX releng/14.0-nXXXXXX >stable/13/ 806e51f81dba stable/13-n257611 >releng/13.2/ XXXXXXXXXXXX releng/13.2-nXXXXXX >------------------------------------------------------------------------- > >Run the following command to see which files were modified by a >particular commit: > ># git show --stat <commit hash> > >Or visit the following URL, replacing NNNNNN with the hash: > ><URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> > >To determine the commit count in a working tree (for comparison against >nNNNNNN in the table above), run: > ># git rev-list --count --first-parent HEAD > >VII. References > ><URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264115> > >The latest revision of this advisory is available at ><URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-XX:XX.XXXXX.asc>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=249416">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 264115
:
249037
| 249416