deadsimple BSD Security Advisories and Announcements

FreeBSD Errata Notice FreeBSD-EN-23:03.ena

Hash: SHA512

FreeBSD-EN-23:03.ena                                            Errata Notice
                                                          The FreeBSD Project

Topic:          ena driver crash after reset in 7th gen AWS instance types

Category:       core
Module:         ena
Announced:      2023-02-08
Affects:        FreeBSD 13.1
Corrected:      2022-07-26 19:30:17 UTC (stable/13, 13.2-STABLE)
                2023-02-08 16:18:27 UTC (releng/13.1, 13.1-RELEASE-p6)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit

I.   Background

The ena(4) driver is used to access the Elastic Network Adapter network
interface on recent Amazon Elastic Compute Cloud (EC2) instances.  It is
designed to make full use of the EC2 cloud architecture for optimal network

Since the 4th generation of AWS instances, there are 2 modes of operation for
the ENA device: Normal and Low Latency Queues (LLQ).  In order to leverage
EC2's optimal network capabilities on 7th generation instance-types, LLQ is
the default mode of operation.  Users who disable LLQ will experience
sub-optimal performance and hence this is not recommended.

II.  Problem Description

The ENA driver does not properly initialize LLQ when recovering from a device
reset. The improperly initialized LLQ leads to a performance degradation on
6th gen instance types and to a kernel panic on 7th gen instance types.

III. Impact

Users with FreeBSD 13.1 using 6th generation AWS instances will suffer from
performance degredation, and with 7th generation AWS instances will
experience kernel panic after a device reset.

IV.  Workaround

No workaround is available.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date and reboot.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
arm64 (on FreeBSD 13 and later) platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for erratum update"

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch
# fetch
# gpg --verify ena.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:> and reboot the

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/13/                              e8253e47e1dc    stable/13-n251949
releng/13.1/                            b508850e150e  releng/13.1-n250177 
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:


To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

The latest revision of this advisory is available at