Bug #15034
closedFreeBSD-EN-23:16.openzfs: Potential ZFS file corruption
100%
Description
From reading the ZFS issue tracker there seem to be quite a few problems with the new ZFS 2.2.0 version and I was wondering which version exactly pfSense 23.09 and 2.7.1 are using, if they are affected and if so, how.
Updated by Jim Pingle 12 months ago
- Status changed from New to Closed
pfSense 23.09 and 2.7.1 are both using code that is close to 2.2.0:
: zfs version zfs-2.2.0-FreeBSD_g009d3288 zfs-kmod-2.2.0-FreeBSD_g009d3288
However we are aware of the upstream issues and have been tracking them and so far haven't seen any sign that it has affected pfSense thus far.
If you are concerned you can apply the temporary workaround suggested upstream and set a tunable for vfs.zfs.dmu_offset_next_sync=0
.
Updated by Jim Pingle 12 months ago
name name wrote in #note-2:
Could you please tell me if an update is planned for 23.09/2.7.1 once an upstream fix has been merged and when that might be?
It's too early to say for sure if an update is necessary as it's still not clear if pfSense is affected. The issue is more prominent with block cloning and/or encrypted volumes. We disabled block cloning by default in 23.09 and 2.7.1 (vfs.zfs.bclone_enabled=0
), and there are not many users with encrypted volumes. Also seems to happen more on Linux than FreeBSD, and with things like zfs send and receive which are not used much to/from pfSense.
But that said, if we determine it is necessary, then we may issue a patch release as soon as it's feasible to do so after upstream confirms the issue is fully resolved.
Updated by Jim Pingle 12 months ago
- Subject changed from ZFS 2.2.0 - Issues with the new version, including data and pool corruption to Potential ZFS file corruption
- Status changed from Closed to Resolved
- Assignee set to Mateusz Guzik
- Priority changed from Normal to Urgent
- Target version set to 2.7.2
- % Done changed from 0 to 100
- Plus Target Version set to 23.09.1
We imported a patch for this from upstream and we're planning on making patch releases with this and some other fixes for both Plus and CE, so rather than making a new issue I'll reuse this one to ensure it gets in the release notes.
See also:
Updated by Marcos M 12 months ago
Two data corruption bugs were recently reported against ZFS, including the version provided with pfSense. The upstream fixes for these bugs have been included in 23.09.1 / 2.7.2. Since block cloning is disabled by default on pfSense, one of the bugs would not affect pfSense users. The other bug was present for years and was difficult to trigger. Given past data corruption problems around hole reporting in files, a preventive measure has been implemented to forego it altogether. This comes at a disadvantage of possibly increased space usage. To disable the preventative measure, set vfs.zfs.dmu_report_holes=1
.
Updated by Jim Pingle 12 months ago
- Subject changed from Potential ZFS file corruption to FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption
FreeBSD released their errata notice for this: https://www.freebsd.org/security/advisories/FreeBSD-EN-23:16.openzfs.asc