-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-14:07.pmap Errata Notice
The FreeBSD Project
Topic: Bug with PCID implementation
Category: core
Module: kernel
Announced: 2014-06-24
Credits: Henrik Gulbrandsen
Affects: FreeBSD 10.0-RELEASE
Corrected: 2014-03-04 21:51:09 UTC (stable/10, 10.0-STABLE)
2014-06-24 19:05:08 UTC (releng/10.0, 10.0-RELEASE-p6)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
.
I. Background
Process-context identifiers (PCIDs) are a facility in modern x86
processors, which tags TLB entries with the Id of the address space
and allows to avoid TLB invalidation on the context switch.
II. Problem Description
Due to bug in the handling of the mask of the CPU set where the given
address space could have cached TLB entries, stale mappings could be
seen by multithreaded programs.
III. Impact
Applications, most notably Java, which makes heavy use of threads may
randomly crash due to the inconcistency.
IV. Workaround
Systems that do not run have a CPU that supports the Process-Context
Identifiers feature are not affected.
The system administrator can add the following to /boot/loader.conf
which disables Process-Context Identifiers to workaround this problem:
vm.pmap.pcid_enabled="0"
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 10.0]
# fetch http://security.FreeBSD.org/patches/EN-14:07/pmap.patch
# fetch http://security.FreeBSD.org/patches/EN-14:07/pmap.patch.asc
# gpg --verify pmap.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
and reboot the
system.
3) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r262753
releng/10.0/ r267829
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-14:07.pmap.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJTqc+KAAoJEO1n7NZdz2rnAbYP/iZKU3SSwHwWPzYa03ZwgW4u
54MigJuV/wyOfJj2ZZuOXTaYZP1miRgFr7mn9OWkA6slWHLAVkmN9fWrUU8tRPjJ
UDVhnbToVYIcmW2tEH5lZ5y1Stt178NZTeMo26jgkWhj74RZ10OIFdSuNlNUQGSr
djanCdgpnGL+odml+rQcGAAKKH97PchQ6r9IivNgE6mnGhGvzOjQOSdxioBLew14
w5Ua3k4nn/4hYi4RMPJ/vAlPdJHVsnZb8kRWhf4Ncj19IkvJ8EO6PmnHCbdGmV1I
cvqVFxXPGGA/A+O9E+1S+54SWotivpgjSujuQFFmvuzBbPhlt/Hmtn6YwljNG4+e
V6MsMRPMHVoIhOCBv9xfCHgyajA7jgbRGqQkMWxwKPVLjmk2NWOsbGBjHMFHnqYn
87Sh7crbFffNGwqGJgn+vXSXeNZ/95EWSBE0/B4KfqPeX6XCJI/C/sMRl0ATKa7C
k227J0olXKKUInLEq7tS1nLS0IKlWLF5WiRFx7DOa4DKLBcLZkYKTu3ATJySQ4V3
hDNDpubB3/94ug1slRNWDYGxzaZq0ctUTubxsHW7a0iYQi/PkssCT/8jVAdsx8hq
S1DjGZiFAKLOiJUSvPfONdwodORyEyMB+z37EfgeHKKqnjJXgSEtmnmI+7sT8hlR
FhXX1XQOBUtPxF+MY4bT
=vNzu
-----END PGP SIGNATURE-----