-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-19:14.epoch                                          Errata Notice
                                                          The FreeBSD Project

Topic:          Incorrect locking in epoch(9)

Category:       core
Module:         kernel
Announced:      2019-08-06
Credits:        Mark Johnston
Affects:        FreeBSD 12.0
Corrected:      2019-07-27 16:11:04 UTC (stable/12, 12.0-STABLE)
                2019-08-06 17:07:43 UTC (releng/12.0, 12.0-RELEASE-p9)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

Some parts of the kernel use a new synchronization primitive, epoch(9),
which can be used to implement safe memory reclamation.  In this usage,
threads can use the epoch(9) KPI to ensure that no other threads hold
a reference to a given object in memory.

II.  Problem Description

In the case where epoch(9) must wait for a thread that is blocked on
a lock, it will use the turnstile(9) KPI to propagate the current
thread's priority to the lock holder.  However, in the case where the
lock has no designated owner - for example, it is a reader-writer lock
owned by one or more readers - a bug in the interaction with the
turnstile meant that pair of spin locks were left locked when they
should have been unlocked.

III. Impact

In rare cases and under heavy load, the kernel may panic or lock up.

IV.  Workaround

No workaround is available.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot.

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for errata update"

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-19:14/epoch.patch
# fetch https://security.FreeBSD.org/patches/EN-19:14/epoch.patch.asc
# gpg --verify epoch.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/12/                                                        r350373
releng/12.0/                                                      r350641
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:14.epoch.asc>
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1JtztfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cJgXA//Wbh6Nv6OL+Aer7oZ8uiZEhDTj+a+IMG617uCyeD+x4/8Hj73J7Pg6vaT
CGqGAslxy8GMmvrO8Jmn0RFDyfJb+mW1M9FqQS4u9DNm1r7nNuOBWj9UcAC9TQOY
rIEoqe/wD6a+EKQ01tgsWm2TYA2hX/WwtKJiYuPJOyuTzm9d3PhQ2SPmU0NaqyfU
+0YT3QHRYUEYHU/tZwAV3axcihYP7NfrgEWmE3LY7fBX1ShxFOYZVlexY4604wyc
SLxCMVnfqFiB8vH5X8R4J9OlsK00j1W2B+PJodocDzNjvHgnRb3RSHeo+EC+3y7k
/P3qRCxtgPzb/VHCCRry0LAmeijxQDWVf4vydjaMVDQEv/zQ+Y5ujAucRAtvtjRm
gYLRTOHnXVTpZk/c8h2Gch9g3sB9aqrsMYtPUqSfRRUFDYJjN3NVmVLo4ciAhjwY
EvGr7HloO3O4n+zYWOagvSvu05TjOA1SGGURAkslthjTXRpmiqDSS6yawW23v7Jw
gC7pvVUnmGSGzlwGPojE6LBSX3CWlgwJV/6g2s0wizPGv3K/IQMMQn7NaaLl09xw
X6TND7mVGqk2w3do1k9ZSkvqI+jr4MkJbGh5Vl8q1J/oW9KPTVO3+mQEi91SvgU+
YEyzryregBP69ta7gqT0Pgb2+LR9733qPLSh3Hgn/4zRI/seSkU=
=pBEN
-----END PGP SIGNATURE-----