Page MenuHomeFreeBSD
Differential D46337

ena: Add completion descriptor corruption check
Needs ReviewPublic
Actions

Authored by osamaabb_amazon.com on Aug 20 2024, 8:45 AM.
Tags
None
Referenced Files
Unknown Object (File)
Jan 4 2025, 2:16 AM
Unknown Object (File)
Dec 13 2024, 2:24 PM
Unknown Object (File)
Sep 25 2024, 8:44 AM
Unknown Object (File)
Sep 25 2024, 5:01 AM
Unknown Object (File)
Sep 24 2024, 7:35 PM
Unknown Object (File)
Sep 24 2024, 3:32 PM
Unknown Object (File)
Sep 23 2024, 6:18 AM
Unknown Object (File)
Sep 22 2024, 4:25 PM
View All 18 Files
Subscribers
imp

Details

Reviewers
cperciva
Summary

Adding a check of the MBZ (Must Be Zero) fields in the
incoming tx and rx completion descriptors in order to
identify corrupted descriptors.

Approved by: cperciva
MFC after: 2 weeks
Sponsored by: Amazon, Inc.

Diff Detail

Repository
rG FreeBSD src repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 59066
Build 55953: arc lint + arc unit

Event Timeline

osamaabb_amazon.com created this revision.Aug 20 2024, 8:45 AM
Herald added a subscriber: imp. · View Herald TranscriptAug 20 2024, 8:45 AM
osamaabb_amazon.com requested review of this revision.Aug 20 2024, 8:45 AM
Harbormaster completed remote builds in B59066: Diff 142196.Aug 20 2024, 8:45 AM
cperciva added a comment.Sep 18 2024, 10:00 AM

Is returning an error the right response here? My initial reaction is that this should be a kernel panic, but maybe it's easier to track down such faults if the system keeps running?

osamaabb_amazon.com added a comment.Sep 23 2024, 10:16 AM
In D46337#1064449, @cperciva wrote:

Is returning an error the right response here? My initial reaction is that this should be a kernel panic, but maybe it's easier to track down such faults if the system keeps running?

I feel like a kernel panic is a bit of an overkill here, for these cases we currently reset the driver with ENA_REGS_RESET_RX_DESCRIPTOR_MALFORMED reset reason
We aim for recovery to maintain network availability

osamaabb_amazon.com mentioned this in D46363: ena: Trigger reset when mbuf is NULL error happens.Sep 23 2024, 12:52 PM
cperciva added a comment.Oct 6 2024, 5:53 PM
In D46337#1065887, @osamaabb_amazon.com wrote:
In D46337#1064449, @cperciva wrote:

Is returning an error the right response here? My initial reaction is that this should be a kernel panic, but maybe it's easier to track down such faults if the system keeps running?

I feel like a kernel panic is a bit of an overkill here, for these cases we currently reset the driver with ENA_REGS_RESET_RX_DESCRIPTOR_MALFORMED reset reason
We aim for recovery to maintain network availability

Ok, your call. I think there's tension here between availability and integrity -- my general position is "if we detected that one thing is corrupted, who knows how much undetected corruption has happened, so we should panic and reboot into a clean state rather than trusting anything about the currently running system". But obviously it's a tradeoff and you know the context of the system better than I do.

Revision Contents
Changeset List

PathSize
sys/
contrib/
ena-com/
14 lines
13 lines

Diff 142196

View Options

sys/contrib/ena-com/ena_eth_com.h

Loading...
View Options

sys/contrib/ena-com/ena_eth_com.c

Loading...