-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-16:01.filemon                                        Errata Notice
                                                          The FreeBSD Project

Topic:          filemon and bmake meta-mode stability issues

Category:       core
Module:         filemon
Announced:      2016-01-14
Credits:        Bryan Drewery
Affects:        FreeBSD 10.2-RELEASE
Corrected:      2015-09-09 17:15:13 UTC (stable/10, 10.2-STABLE)
                2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security branches,
and the following sections, please visit
<URL:https://security.freebsd.org/>.

I.   Background

In FreeBSD 10.2, /usr/bin/make is the NetBSD bmake utility.  bmake has
a feature called meta-mode [1], which can make use of the filemon(4) kernel
module to perform reliable update builds and provide better build
dependencies.
[1]  http://www.crufty.net/sjg/blog/freebsd-meta-mode.htm

II.  Problem Description

Multiple stability and locking problems have been fixed in the filemon(4)
kernel module.  Without these fixes, using meta-mode and filemon(4) on a
FreeBSD 10.2 system may result in kernel panics.

III. Impact

For the jails and virtual machines used by the FreeBSD Jenkins Continuous
Integration builders, it is desirable to use released versions FreeBSD.
This will allow us to set up builders to test building FreeBSD-CURRENT with
meta-mode, using a FreeBSD 10.2-RELEASE-p9 build host.

IV.  Workaround

No workaround is available for the filemon stability problems.

V.   Solution

Perform one of the following:

1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

2) To update your present system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

3) To update your present system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-16:01/filemon.patch
# fetch https://security.FreeBSD.org/patches/EN-16:01/filemon.patch.asc
# gpg --verify filemon.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/10                                                         r287598
releng/10.2                                                       r293893
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

The latest revision of this Errata Notice is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:01.filemon.asc>
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWl2jlAAoJEO1n7NZdz2rnF6kQAJEgtPKwowupOd3QV2UvMJ4T
PP/UK9tvF+Tbmow+5z9vV8ghh/oHc/AUWxhbIcnOFO7YldwrYJDXAHWF5VoTgatb
Ycg+R10Kyg8loZZuAAaGsY+zS78BIXunKVduWealz6TV978sZ5mr7qVJjX03Bvdh
9s3dX6PLfA0ZtqxXuhJ3oMj1Nt7UoGyNNNg23TWhQDMzpueB1EihhjzcLEk8UCjR
OlZElMXsnI/c9zG0eaSDPqfUuQrZDasQ+kM4eWaEXxcZVHSEQtU7vJ6SjxAkeCHT
fzRcAilzQBQJzObzpdXCxrd3OmKL52Ml44Kll2k31QQM3YDHw5g+mMJ+G6BoD5HZ
hQktb7Y064s/SQ0S91aTCgdSBzlTOny7IjsE1W+T6WD4Dohc1aY5y5u2UDBIRIS9
BvovQF9k0PXIqpA3DjV1cGp3oYLpmJc5NYqHuJ9hkQWSp8FntfuQ1gKpieznyg25
mb7fsOU693Dglcodtz1uQcwwgh/0s7bEcP6o7ejzsd4bzhe9CTLgD5qp0MD8htiH
Li+i9O5hUS8nheJt03btw/mq7CPbr66JWnpVHmPe8kL8SU7qmwBwq6d3buk5Hyr1
tOmpuTyW+dq4iWweG411/j9M8Q03fD/DI4Ez2KS5OTizNAWb2wq8e+OZIk6TDE37
Aam3KrksQZjG+sqL7NVp
=INcx
-----END PGP SIGNATURE-----