Attachment 215307 Details for Bug 246647 – errata notice

errata notice

en.txt (text/plain), 4.68 KB, created by Anatoli on 2020-06-07 03:03:33 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Anatoli

Created: 2020-06-07 03:03:33 UTC

Size: 4.68 KB

patch

obsolete

>=============================================================================
>FreeBSD-EN-ERRATA_TEMPLATE                                      Errata Notice
>                                                          The FreeBSD Project
>
>Topic:
>
>Category:       core
>Module:         bhyve
>Announced:      2020-XX-XX
>Credits:        Peter Grehan
>Affects:        All supported versions of FreeBSD.
>Corrected:      2020-XX-XX XX:XX:XX UTC (stable/12, 12.1-STABLE)
>                2020-XX-XX XX:XX:XX UTC (releng/12.1, 12.1-RELEASE-pXX)
>                2020-XX-XX XX:XX:XX UTC (stable/11, 11.3-STABLE)
>                2020-XX-XX XX:XX:XX UTC (releng/11.3, 11.3-RELEASE-pXX)
>
>For general information regarding FreeBSD Errata Notices and Security
>Advisories, including descriptions of the fields above, security
>branches, and the following sections, please visit
><URL:https://security.FreeBSD.org/>.
>
>I.   Background
>
>bhyve(8) is a hypervisor that supports running a variety of guest
>operating systems in virtual machines.  bhyve(8) includes support for
>PCI devices passthru (a technique to pass host PCI devices to a virtual
>machine for its exclusive control and use).
>
>II.  Problem Description
>
>When an attempt is made to pass through a PCI device to a bhyve(8) VM
>(causing initialisation of IOMMU) on certain Intel chipsets using VT-d
>the PCI bus stops working entirely resulting in a host crash. This issue
>occurs at least on the Intel Skylake series processors and those
>released later.
>
>A device passed through to a guest VM running OpenBSD at least since
>version 6.4 on both AMD and Intel processors works only in outgoing
>direction, no incoming data reaches the guest OS as OpenBSD issues
>4-byte PCI configuration-space register reads/writes to consecutive
>2-byte fields. This triggered 2 bugs in bhyve(8) in the PCI emulation.
>
>III. Impact
>
>The problems do NOT cause a security impact, though they prevent using
>bhyve in production environments.
>
>IV.  Workaround
>
>No workaround is available, however systems not using bhyve(8) for
>virtualization with PCI passthru are not affected.
>
>V.   Solution
>
>Upgrade your system to a supported FreeBSD stable or release / security
>branch (releng) dated after the correction date.
>[XX Needs reboot? Mention please]
>
>Perform one of the following:
>
>1) To update your system via a binary patch:
>
>Systems running a RELEASE version of FreeBSD on the i386 or amd64
>platforms can be updated via the freebsd-update(8) utility:
>
># freebsd-update fetch
># freebsd-update install
>
>The first problem requires reboot as the affected part is the kernel.
>
>The second problem doesn't require reboot as the affected part is the
>bhyve userland executable.
>
>2) To update your system via a source code patch:
>
>The following patches have been verified to apply to the applicable
>FreeBSD release branches.
>
>a) Download the relevant patch from the location below, and verify the
>detached PGP signature using your PGP utility.
>
>[FreeBSD 11.3]
># fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch
># fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch.asc
># gpg --verify XXXX.patch.asc
>
>b) Apply the patch.  Execute the following commands as root:
>
># cd /usr/src
># patch < /path/to/patch
>
>c) Recompile the operating system using buildworld and installworld as
>described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
>
>d) Recompile your kernel as described in
><URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
>system.
>
>VI.  Correction details
>
>The following list contains the correction revision numbers for each
>affected branch.
>
>Branch/path                                                      Revision
>-------------------------------------------------------------------------
>stable/12/                                                        r349184
>stable/12/                                                        r361686
>releng/12.1/                                                      rXXXXXX
>stable/11/                                                        rXXXXXX
>releng/11.3/                                                      rXXXXXX
>-------------------------------------------------------------------------
>
>To see which files were modified by a particular revision, run the
>following command, replacing NNNNNN with the revision number, on a
>machine with Subversion installed:
>
># svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
>
>Or visit the following URL, replacing NNNNNN with the revision number:
>
><URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
>
>VII. References
>
><other info on the problem>
>
><URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=XXXXXX>
>
>The latest revision of this advisory is available at
><URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-XX:XX.XXXXX.asc>

Actions: View

Attachments on bug 246647: 215307