FreeBSD Errata Notice FreeBSD-EN-23:18.openzfs
5 December, 2023 by errata-notices@freebsd.org | freebsd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-23:18.openzfs Errata Notice The FreeBSD Project Topic: High CPU usage by ZFS kernel threads Category: contrib Module: zfs Announced: 2023-12-05 Affects: FreeBSD 14.0 Corrected: 2023-11-22 11:43:59 UTC (stable/14, 14.0-STABLE) 2023-12-05 18:27:35 UTC (releng/14.0, 14.0-RELEASE-p2) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background ZFS is an advanced and scalable file system originally developed by Sun Microsystems for its Solaris operating system. ZFS was integrated as part of the FreeBSD starting with FreeBSD 7.0, and it has since become a prominent and preferred choice for storage management. II. Problem Description Because ZFS may consume large amounts of RAM to cache various types of filesystem objects, it continuously monitors system RAM available to decide whether to shrink its caches. Some caches are shrunk using a dedicated thread, to which work is dispatched asynchronously. In some cases, the cache shrinking logic may dispatch excessive amounts of work to the "ARC pruning" thread, causing it to continue attempting to shrink caches even after resource shortages are resolved. III. Impact The bug manifests as a kernel thread, "arc_prune", consuming 100% of a CPU core for indefinite periods, even while the system is otherwise idle. This behavior may impact workloads running on the system, by reducing available CPU resources and by triggering lock contention in the kernel. IV. Workaround No workaround is available. Systems not using ZFS are unaffected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. A reboot is required following the upgrade. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platfrom on FreeBSD 13 and earlier, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-23:18/openzfs.patch # fetch https://security.FreeBSD.org/patches/EN-23:18/openzfs.patch.asc # gpg --verify openzfs.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ f7f5c2419ea7 stable/14-n265783 releng/14.0/ 64c5eaab835b releng/14.0-n265389 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id'5063> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:18.openzfs.asc> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWEACgkQbljekB8A Gu9bwQ//XsLmkl7ttR+LKXCYUCLCzAZF9PXYA8IQQlUWQ39SMrEaCRP5XSBOznuy UtxdSfH/aQJaGb7P8b88IxMiOteYovRCApkdEY4RstaisdgDFie7XdXUDizzPZL/ jPDSxU9I3dsHs3diQxqJRMTVtABYkErwLizLlCOJByKGUAXe+xpOibtSf2p1RtuJ 4+EaUS6j5TDpRyocEvR/x3DsbKVZcyHevd5XCgwFl69YyX7ShmrQMJA+ytAuF6or l3dty1KxpwY7GJq6wIF8nM1Xo08t4uDsXyxHHOtFLBkyK5710KhrzbkDzamwKl5j 7PhyOfj4r4+k4NhOiDPBM3O72DU4zoOpZak2BwPeT4iDoSeeJslR2SyU3dk1w76X bSfPWq7I3gSPcpndkskY1jCXwKo8Zm9gzu8ROF9Fg31ve/x7dVUYF+ZItppFq5k7 +o/0klvA+pCJpRWpSuDLsVyPcdmu5E25iTLDoJMjSKUiDXwdhI+AvKac4HLmd84C PhNmc6pVMdlFH9GdV/34wyvfyfSfhiWxxoel+ZOHZ2gjfFkwcSIFS7BNGBYvMKFi 0k/DAsLxNlQk+nv5Z8MKaYDpAyjW3CQi+14TmLudhxqmtt25cod2+dxoyJg6F7jE Na47H6+jdAB3dBnNhSKaIE1eoOy1kz+RukHQxScm9kX+8x0A9o0LJg -----END PGP SIGNATURE-----