-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-14:12.zfs Errata Notice
The FreeBSD Project
Topic: NFSv4 and ZFS cache consistency issue
Category: contrib
Module: zfs
Announced: 2014-11-04
Credits: Bart Hsiao, Marcelo Araujo, Kevin Buhr
Affects: All supported versions of FreeBSD.
Corrected: 2014-10-07 06:00:09 UTC (stable/10, 10.0-STABLE)
2014-10-15 06:31:08 UTC (releng/10.1, 10.1-RC2)
2014-11-04 23:31:17 UTC (releng/10.0, 10.0-RELEASE-p12)
2014-10-07 06:00:32 UTC (stable/9, 9.3-STABLE)
2014-11-04 23:33:46 UTC (releng/9.3, 9.3-RELEASE-p5)
2014-11-04 23:33:17 UTC (releng/9.2, 9.2-RELEASE-p15)
2014-11-04 23:32:45 UTC (releng/9.1, 9.1-RELEASE-p22)
2014-11-04 23:30:23 UTC (stable/8, 8.4-STABLE)
2014-11-04 23:32:15 UTC (releng/8.4, 8.4-RELEASE-p19)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
.
I. Background
The Network File System (NFS) allows a host to export some or all of
its file systems that can be any kind of file systems such like UFS, ZFS
etcetera, so that other hosts can access them over the network and mount
them as if they were on local disks.
II. Problem Description
In a configuration where two or more clients mount a ZFS file system over
NFSv4 from a FreeBSD server, if client1 caches a directory listing and a
file in the directory is renamed on client2, then client1 can end up in
a state where the cached but incorrect directory contents persists indefinitely
and is never updated.
III. Impact
When client2 renames a file or directory, client1 does not receive the
changed attributes and never does a READDIR to get the updated contents.
This could result in a client that has incorrect information about the
actual content of the mounted file system.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-14:12/zfs.patch
# fetch http://security.FreeBSD.org/patches/EN-14:12/zfs.patch.asc
# gpg --verify zfs.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/zfs.patch
c) Recompile your kernel as described in
and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r274108
releng/8.4/ r274111
stable/9/ r272677
releng/9.1/ r274112
releng/9.2/ r274113
releng/9.3/ r274114
stable/10/ r272676
releng/10.0/ r274110
releng/10.1/ r273122
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-14:12.zfs.asc
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJUWX5GAAoJEO1n7NZdz2rnLyIQAOj67MKsPfM1n5Ca8aMKyIXV
W/H3KDkftd7aVTcQMyPJUaC/dXURzjr5oSSsuxOSiLb0QrA+4V5NlsAn4oFd1z5l
rraH+ImqLeDxcbxKY3gfU1EYscvIemB7BCEGhXFYdrnf7h6AGSOXHgGWGwKdcsb4
kxdDO7Ia1S9f8C9ziJVK4i4L0Wg3hwS1nk2byWW66Zo+BL7eIs++eP5RsVG9Uojy
zc75SvgKt73D6/SB6lh145tKakiJkgvyQIyN2VhA1T1gHX4SHDz3gn5k1gD/JJT/
QL4fP4QTyDu1xE5dazHUU8yNBdRSAcNLsO0mdFz0jdKqKG31m0s9cosxUxj7Rdgb
nydFhG21xqLrVxnK2Bm9hW8ks97o/Ifnku+hBl8DpFthaPKGOFiGsR25GgyQ5Ajr
iVunEUlgkOiraQbbo/XTimVvERNyED7A6ZpQPkpHlZKAJp6F99WuNcBl7cgbbhgJ
pyV/RHkKYzsbXRWEmVF0Y+uXB+8YIHqBeafMMvZN4pFdA4sGNl4fJ6hbmTPC2xmG
EIl0yybXZtDkxeXTWbCxebVo6c/jsJqJenNO4tzBMGmvBZ88vQRVNnqa4OW42rOX
Em4g26i5KNgLromC/2XprIC5E1Xo7Kw0QnkBFVSx8yfVX3FdZJ3m4DvvEv9ayIq+
v7ese2T7IdbcyMnp4B7w
=tCzo
-----END PGP SIGNATURE-----