-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-23:18.openzfs Errata Notice
The FreeBSD Project
Topic: High CPU usage by ZFS kernel threads
Category: contrib
Module: zfs
Announced: 2023-12-05
Affects: FreeBSD 14.0
Corrected: 2023-11-22 11:43:59 UTC (stable/14, 14.0-STABLE)
2023-12-05 18:27:35 UTC (releng/14.0, 14.0-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
ZFS is an advanced and scalable file system originally developed by Sun
Microsystems for its Solaris operating system. ZFS was integrated as part of
the FreeBSD starting with FreeBSD 7.0, and it has since become a prominent
and preferred choice for storage management.
II. Problem Description
Because ZFS may consume large amounts of RAM to cache various types of
filesystem objects, it continuously monitors system RAM available to decide
whether to shrink its caches. Some caches are shrunk using a dedicated
thread, to which work is dispatched asynchronously.
In some cases, the cache shrinking logic may dispatch excessive amounts of
work to the "ARC pruning" thread, causing it to continue attempting to shrink
caches even after resource shortages are resolved.
III. Impact
The bug manifests as a kernel thread, "arc_prune", consuming 100% of a CPU
core for indefinite periods, even while the system is otherwise idle. This
behavior may impact workloads running on the system, by reducing available
CPU resources and by triggering lock contention in the kernel.
IV. Workaround
No workaround is available. Systems not using ZFS are unaffected.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date. A reboot is required
following the upgrade.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platfrom on FreeBSD 13 and earlier, can be updated via
the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-23:18/openzfs.patch
# fetch https://security.FreeBSD.org/patches/EN-23:18/openzfs.patch.asc
# gpg --verify openzfs.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ f7f5c2419ea7 stable/14-n265783
releng/14.0/ 64c5eaab835b releng/14.0-n265389
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275063>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:18.openzfs.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWEACgkQbljekB8A
Gu9bwQ//XsLmkl7ttR+LKXCYUCLCzAZF9PXYA8IQQlUWQ39SMrEaCRP5XSBOznuy
UtxdSfH/aQJaGb7P8b88IxMiOteYovRCApkdEY4RstaisdgDFie7XdXUDizzPZL/
jPDSxU9I3dsHs3diQxqJRMTVtABYkErwLizLlCOJByKGUAXe+xpOibtSf2p1RtuJ
4+EaUS6j5TDpRyocEvR/x3DsbKVZcyHevd5XCgwFl69YyX7ShmrQMJA+ytAuF6or
l3dty1KxpwY7GJq6wIF8nM1Xo08t4uDsXyxHHOtFLBkyK5710KhrzbkDzamwKl5j
7PhyOfj4r4+k4NhOiDPBM3O72DU4zoOpZak2BwPeT4iDoSeeJslR2SyU3dk1w76X
bSfPWq7I3gSPcpndkskY1jCXwKo8Zm9gzu8ROF9Fg31ve/x7dVUYF+ZItppFq5k7
+o/0klvA+pCJpRWpSuDLsVyPcdmu5E25iTLDoJMjSKUiDXwdhI+AvKac4HLmd84C
PhNmc6pVMdlFH9GdV/34wyvfyfSfhiWxxoel+ZOHZ2gjfFkwcSIFS7BNGBYvMKFi
0k/DAsLxNlQk+nv5Z8MKaYDpAyjW3CQi+14TmLudhxqmtt25cod2+dxoyJg6F7jE
Na47H6+jdAB3dBnNhSKaIE1eoOy1kz+RukHQxScm9kX+8x0A9o0=
=4CJg
-----END PGP SIGNATURE-----