BSDSec

deadsimple BSD Security Advisories and Announcements

FreeBSD Errata Notice FreeBSD-EN-23:03.ena

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-23:03.ena                                            Errata Notice
                                                          The FreeBSD Project

Topic:          ena driver crash after reset in 7th gen AWS instance types

Category:       core
Module:         ena
Announced:      2023-02-08
Affects:        FreeBSD 13.1
Corrected:      2022-07-26 19:30:17 UTC (stable/13, 13.2-STABLE)
                2023-02-08 16:18:27 UTC (releng/13.1, 13.1-RELEASE-p6)
                
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

The ena(4) driver is used to access the Elastic Network Adapter network
interface on recent Amazon Elastic Compute Cloud (EC2) instances.  It is
designed to make full use of the EC2 cloud architecture for optimal network
performance.

Since the 4th generation of AWS instances, there are 2 modes of operation for
the ENA device: Normal and Low Latency Queues (LLQ).  In order to leverage
EC2's optimal network capabilities on 7th generation instance-types, LLQ is
the default mode of operation.  Users who disable LLQ will experience
sub-optimal performance and hence this is not recommended.

II.  Problem Description

The ENA driver does not properly initialize LLQ when recovering from a device
reset. The improperly initialized LLQ leads to a performance degradation on
6th gen instance types and to a kernel panic on 7th gen instance types.

III. Impact

Users with FreeBSD 13.1 using 6th generation AWS instances will suffer from
performance degredation, and with 7th generation AWS instances will
experience kernel panic after a device reset.

IV.  Workaround

No workaround is available.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date and reboot.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
arm64 (on FreeBSD 13 and later) platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for erratum update"

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-23:03/ena.patch
# fetch https://security.FreeBSD.org/patches/EN-23:03/ena.patch.asc
# gpg --verify ena.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/13/                              e8253e47e1dc    stable/13-n251949
releng/13.1/                            b508850e150e  releng/13.1-n250177 
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:03.ena.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPj8BUACgkQbljekB8A
Gu+zDxAAsM4Fn6a5F0ocswNvMT8RBVxJ2YrOK9WIZdlBH9rV0ZHTOQDpTlo1Mizk
7R+vfAps18dnnjSf2F+IGKR6u/+kR3YJAw4fzIJyRgLBC/qkjsLS+3d7yEPxbIrL
wCB1vfMlJlS333gV0hMTq8CELwYVbqi6Rqb1D2h+L+qDjqhbLStVOHTo1gztAk1U
bVaApXZglaNL8VdFanHYRZg+SmM+saGwOPOCO1O4oEttfwfFfDBqkkfHVtbcaVDA
9h9qSBpV2iLueDcRzfg7Q9/9DzPE7n88pz8aCzyoaXxhXGUcgzhAfJeSpeblRL12
dq848iI/zn8jTxO+2pqGooBw5HQHwRgw0v1rjDkj9YCKSg9D5BH3Cj60RKV8D6BC
e7eQlOXfO6ubWcKHethxNj/zU3XpQN7CD2rfNtKkMYq6PVBWYIPTLlrIhRVPHmVs
/EKBD2RsHdQHID7rA67V9G0/NQjfFaq5pDzaNbP7NdkhMpgzvW2boixAnyqRtTVK
Jkxqq3MVdOIktOvRTnXHCkyxSXy67R8qmHCKwvW5omVDv7ro8oS+Vq0PvS4NN7LR
Q0r0E/iwM4hCRSWwuKF5brC7wIeeWPExKkWjpQ3i9gOcvyXAUqo9KDpwN622s3gP
Ar1mm82FHUNNcv2uo4WpsLT9p+30bROSU0XUvYcVQHEqazy2A3o+P
-----END PGP SIGNATURE-----