-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

============================================================================= FreeBSD-EN-23:16.openzfs Errata Notice
The FreeBSD Project

Topic: OpenZFS data corruption

Category: contrib
Module: OpenZFS
Announced: 2023-12-01
Affects: All supported versions of FreeBSD.
Corrected: 2023-11-28 21:00:48 UTC (stable/14, 14.0-STABLE)
2023-12-01 00:38:38 UTC (releng/14.0, 14.0-RELEASE-p1)
2023-11-28 21:07:30 UTC (stable/13, 13.2-STABLE)
2023-12-01 00:38:47 UTC (releng/13.2, 13.2-RELEASE-p6)
2023-11-30 05:28:33 UTC (stable/12, 12.4-STABLE)
2023-12-01 00:40:23 UTC (releng/12.4, 12.4-RELEASE-p8)

For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>.

I. Background

FreeBSD has included a version of the powerful and feature-rich ZFS file
system beginning with FreeBSD 7.0 released in 2008. The ZFS implementation
in FreeBSD 12 and earlier is based on the Illumos ZFS codebase. In FreeBSD
13 and later OpenZFS is used as the ZFS implementation.

Sparse files in a file system refer to a technique that optimizes storage
space by allowing the creation of files with unallocated or unwritten gaps, known as holes. When reading a file, holes appear as zero or NUL bytes. Certain system calls can access hole location metadata, including lseek(2)
with SEEK_HOLE and copy_file_range(2).

In OpenZFS a dnode is a data structure used to represent and manage metadata about files and directories. In file systems, "dirty" refers to data or metadata that has been modified in memory but not yet written to the storage device. Thus, a dirty dnode is one which has uncommitted data or metadata.

In FreeBSD 13.2 and FreeBSD 14.0 cp(1) uses copy_file_range(2) to perform the data copying in the kernel. copy_file_range attempts to find file holes in
the source file and preserve them in the copy. In FreeBSD 12.4 cp does not
use copy_file_range.

II. Problem Description

A check did not test both the dnode itself and its data for dirtiness. This provides a very small window of time while a file is being modified where the dirtiness check can falsely report that the dnode is clean. If this happens
a hole may incorrectly be reported where data was written.

III. Impact

If an access occurs while a file is being modified and a hole is incorrectly reported, the data may instead be interpreted as zero bytes. Any application which checks for holes may be affected by this issue; if this occurs during a file copy it will result in a corrupt copy that retains the incorrect data. Note that the source file remains intact (a subsequent read will return the correct data).

IV. Workaround

Setting the vfs.zfs.dmu_offset_next_sync sysctl to 0 disables forcing
TXG sync to find holes. This is an effective workaround that greatly
reduces the likelihood of encountering data corruption, although it does
not completely eliminate it. Note that with the workaround holes will
not be reported in recently dirtied files. See the zfs(4) man page for
more information of the impact of this sysctl setting.

The workaround should be removed once the system is updated to include the
fix described in this notice.

V. Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platfrom on FreeBSD 13 and earlier, can be updated via
the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting to apply OpenZFS erratum update"

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

NOTE: The FreeBSD 14.0 patch includes additional bug fixes which were found during the investigation of this issue. These bug fixes do not apply to FreeBSD 13.2 or FreeBSD 12.4.

[FreeBSD 14.0]
# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.14.patch
# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.14.patch.asc
# gpg --verify openzfs.14.patch.asc

[FreeBSD 13.2]
# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.13.patch
# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.13.patch.asc
# gpg --verify openzfs.13.patch.asc

[FreeBSD 12.4]
# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.12.patch
# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.12.patch.asc
# gpg --verify openzfs.12.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in <URL:https://docs.freebsd.org/en/books/handbook/kernelconfig/> and reboot the system.

VI. Correction details

This issue is corrected as of the corresponding Git commit hash or Subversion revision number in the following stable and release branches:

Branch/path Hash Revision
- ------------------------------------------------------------------------- stable/14/ 99385ec7c296 stable/14-n265836 releng/14.0/ 154870526943 releng/14.0-n265384 stable/13/ 5858f93a8b66 stable/13-n256744 releng/13.2/ 0bb76997ce58 releng/13.2-n254644 stable/12/ r373278 releng/12.4/ r373279
- -------------------------------------------------------------------------

For FreeBSD 13 and later:

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

For FreeBSD 12 and earlier:

Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

<URL:https://bugs.freebsd.org/275308> <URL:https://github.com/openzfs/zfs/issues/11900> <URL:https://github.com/openzfs/zfs/issues/15526> <URL:https://github.com/openzfs/zfs/pull/15566> <URL:https://github.com/openzfs/zfs/pull/15571>

The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:16.openzfs.asc> -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVpPo4ACgkQbljekB8A Gu/7rg/8DV0CgrVWVW8lvywaBry/oFOAcB1s+b49fcW1wt4g4GOnFtU0VGuRYXJh 2pT2xnCVKgWKWciaFAoFN/N29GOxCuMkcPNoYPf8laiBNAmYTGGBMK6FI4YukI2V 6GKSU8hYPgxwRSRW7ZSXfzWl2MuLI2NdrRZwY+L/2cgr/uJVq/u7b1s7y7A9CdbQ 0euotytR77yrSHecA7Ye5PVRFp1behuiK9kbIVUTdFJRB0eQkpap5e3Af9b7GeLe t3kFI5cHKim7PnquLpljxjRxwcWKeJBMf0a8X6nhXYJ7FHxh6YfRL1t4tPQIRHLq 5A4x9oDoZP5kPRQgdxYT4J/VuoCEsq9/D83DwLK6fMY9qcY/TYrp1rOnYKwBQDUj FMIbaipxss/j8KWEyAwc3dIwJBFCW40yRFR2cg7SCeZ0UJzZEkuDOaIvzkWIGtc3 AqW0R+lvAQ2f+ObbP7iQCGj4HrCgIlPUCDX2SckNuAwaXQIdu5GO+HDjuKb49sw3 8zimt4dAT+OuvZxXDacIhIz53LCJHD/cAyF2CqTdNYpwne892drfiK4FQZ1Jq75Q 4nRedE8YLD2ZwuUALqR1PqHJQKra5hlAhAoITHuTpBG1fggSx6dyj6kSkMR8p6Mb tADR8onFzUHZgOlkEOjddKaVqAP3z4jW+lfrlk7J/9j5jgRrtLM=
=pM+u
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)