FreeBSD Errata Notice FreeBSD-EN-23:03.ena
8 February, 2023 by errata-notices@freebsd.org | freebsd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-23:03.ena Errata Notice The FreeBSD Project Topic: ena driver crash after reset in 7th gen AWS instance types Category: core Module: ena Announced: 2023-02-08 Affects: FreeBSD 13.1 Corrected: 2022-07-26 19:30:17 UTC (stable/13, 13.2-STABLE) 2023-02-08 16:18:27 UTC (releng/13.1, 13.1-RELEASE-p6) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The ena(4) driver is used to access the Elastic Network Adapter network interface on recent Amazon Elastic Compute Cloud (EC2) instances. It is designed to make full use of the EC2 cloud architecture for optimal network performance. Since the 4th generation of AWS instances, there are 2 modes of operation for the ENA device: Normal and Low Latency Queues (LLQ). In order to leverage EC2's optimal network capabilities on 7th generation instance-types, LLQ is the default mode of operation. Users who disable LLQ will experience sub-optimal performance and hence this is not recommended. II. Problem Description The ENA driver does not properly initialize LLQ when recovering from a device reset. The improperly initialized LLQ leads to a performance degradation on 6th gen instance types and to a kernel panic on 7th gen instance types. III. Impact Users with FreeBSD 13.1 using 6th generation AWS instances will suffer from performance degredation, and with 7th generation AWS instances will experience kernel panic after a device reset. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or arm64 (on FreeBSD 13 and later) platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for erratum update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-23:03/ena.patch # fetch https://security.FreeBSD.org/patches/EN-23:03/ena.patch.asc # gpg --verify ena.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ e8253e47e1dc stable/13-n251949 releng/13.1/ b508850e150e releng/13.1-n250177 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:03.ena.asc> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPj8BUACgkQbljekB8A Gu+zDxAAsM4Fn6a5F0ocswNvMT8RBVxJ2YrOK9WIZdlBH9rV0ZHTOQDpTlo1Mizk 7R+vfAps18dnnjSf2F+IGKR6u/+kR3YJAw4fzIJyRgLBC/qkjsLS+3d7yEPxbIrL wCB1vfMlJlS333gV0hMTq8CELwYVbqi6Rqb1D2h+L+qDjqhbLStVOHTo1gztAk1U bVaApXZglaNL8VdFanHYRZg+SmM+saGwOPOCO1O4oEttfwfFfDBqkkfHVtbcaVDA 9h9qSBpV2iLueDcRzfg7Q9/9DzPE7n88pz8aCzyoaXxhXGUcgzhAfJeSpeblRL12 dq848iI/zn8jTxO+2pqGooBw5HQHwRgw0v1rjDkj9YCKSg9D5BH3Cj60RKV8D6BC e7eQlOXfO6ubWcKHethxNj/zU3XpQN7CD2rfNtKkMYq6PVBWYIPTLlrIhRVPHmVs /EKBD2RsHdQHID7rA67V9G0/NQjfFaq5pDzaNbP7NdkhMpgzvW2boixAnyqRtTVK Jkxqq3MVdOIktOvRTnXHCkyxSXy67R8qmHCKwvW5omVDv7ro8oS+Vq0PvS4NN7LR Q0r0E/iwM4hCRSWwuKF5brC7wIeeWPExKkWjpQ3i9gOcvyXAUqo9KDpwN622s3gP Ar1mm82FHUNNcv2uo4WpsLT9p+30bROSU0XUvYcVQHEqazy2A3o+P -----END PGP SIGNATURE-----