-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:05.ufs Errata Notice
The FreeBSD Project
Topic: Deadlock on reboot with UFS tuned with SU+J
Category: core
Module: ufs
Announced: 2015-05-13
Credits: Konstantin Belousov
Affects: FreeBSD 10.1
Corrected: 2015-04-10 02:23:44 UTC (stable/10, 10.1-STABLE)
2015-05-13 22:52:35 UTC (releng/10.1, 10.1-RELEASE-p10)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The Unix File System (UFS) is one of several filesystems available on
FreeBSD. UFS supports several optimization features, such as soft updates
and journaling, both of which keep track of filesystem metadata to ensure
a consistent state in the event of a crash or power failure.
II. Problem Description
When the root filesystem is configured with soft updates and journaling
both enabled, which is the default for FreeBSD 10.1-RELEASE installations,
the system may deadlock after a source-based or binary upgrade when the
init(8) binary is replaced. The deadlock occurs when issuing reboot(8)
or shutdown(8), after which the system becomes unresponsive when syncing
the filesystem.
III. Impact
When the deadlock occurs, a hard system reset or power cycle may be
required.
IV. Workaround
Systems that do not have soft updates and journaling enabled on a UFS root
filesystem are unaffected.
It is possible to work around the issue by waiting before issuing reboot(8)
or shutdown(8) after upgrading the userland. It has been observed that
deferring the reboot(8) for a period of 60 seconds to be sufficient. It is
encouraged to issue several sync(8) commands during this period, to help
ensure the filesystem writes have completed.
Additionally, disabling soft update journaling on the root filesystem can
also work around the issue.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:05/ufs.patch
# fetch https://security.FreeBSD.org/patches/EN-15:05/ufs.patch.asc
# gpg --verify ufs.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r281350
releng/10.1/ r282873
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://bugs.freebsd.org/195458>
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:05.ufs.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.2 (FreeBSD)
iQIcBAEBCgAGBQJVU9dbAAoJEO1n7NZdz2rn3JYP/2HeyHsGEAwl+1NCVLu/Eimj
wl/jK7Pl2SMWCEAkynkP8Cs5ibCbtzA4SV1RP8OPCF42yQJmk/kzR0Rmuq+LboFC
QGmus/0Q/JCXqabDEzNx7/tHibeJInveGDf4a4/rg38Q+zO7MYZFmGsWoFEC2RKn
lEWb/kh5AxMagaj5lns4WHmo0TFlyOUFaJijGxXhHu3IFZwuZB60a5cXJ8OjBulk
FO7uIcZ7OTP43y4VvvBsFV6bxeFyoMNF8tgB+dsBzatNQhl7yAxWMMEiDUNBEaqV
mfjKZxHRkB+GGjQwv2Cq4463kNQvwknN9vms536fS7HuecFMITbyD37ySR3pSRoi
KVGopfpDr0NWjn1/N7UyAsY+6CAYqpsilYvq2slBu2J/Aj6jCyDhPUTnjHKz1m91
rdyBjkHod9XkLYqwCkJlWjIxnLxCDlv8vwUjOe2/TjCUFO6FIO6lgvCVkgekIlwG
rPxx+bqfKSarQQSL6a4MWFFYwt79c292A3nodS0sLIL4YRNwQnFvuYVB/qxIWD1x
ecKJmbL0bm3S1T/qWa89Xh55NWFKs0bxVmjQCWu84re/20+oWcaXFg8Oeqnq+xFV
ke4EzbxhoU4KWzvsFbc+U+EZhTVLVlnjbAW073Z6QyykfBs2RhudUGB51T/3XB3I
jAU8LNkMBjZhe7khLFLD
=BTx0
-----END PGP SIGNATURE-----