From nobody Fri Jan 13 16:16:47 2023
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ntml42ByBz2r5Gg
	for <bugs@mlmmj.nyi.freebsd.org>; Fri, 13 Jan 2023 16:16:48 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Ntml40CSSz4QX7
	for <bugs@FreeBSD.org>; Fri, 13 Jan 2023 16:16:48 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1673626608;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=CWUn4wie88+dCNFWeJn7Sm/VSRBFZas/J+5ZnD9vNSY=;
	b=L8RQIRYxn3sYuR5KVa4w7OOtDQkqm7PCGS5G5vkt3Rl7jyONbVRMN6wXwt3WTISPVMZr6t
	uZnrPCrJ3F5YzcSg+82ahHIg7pDK4xCAzYpF5Aaybsh24xXGAneSUyDRZFyLtG057L5uxA
	dCFFhYm90oS2ivfttHIdHX1M6T8pkcUE2B60nRijB71enEJczfaCieDs0ntN0z2b4sEhzn
	sFaWgi7eGO1xLYdBRXJCJUsmDm6JRT3cFU8HyTpkTWBWNw+DBxMYX2hpb3tXJ3XtW0dlcW
	lU/TZmyX7m4lEHFWuJfP8GBMWjf3OK+Ib7Qh/yvF0BVszRCNgkGrE3OIFB1CSA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673626608; a=rsa-sha256; cv=none;
	b=gZyeon0FeM56X4aJQaxKIGRkFZOJmGE5cJTqiHsx0pl+NBiLxCxrcroPE5tyGgKQMOWfFD
	EMYMm8Cjz5SJ56fB0VoxGArJ0+dH0CrxONFwQHASCr1Sm6+0IukQxAtYaIXI7UbhiYDJVP
	kn2bpJnR+9irK+8Y+fMK5MRAea/a9gl/Y9C7f6btLqm7J+++OWJ0JMvbWYQUweW6KzoPok
	A83uOspXM6HcF3YyAgY0seIc+DpZfHXv/MdmQ9aVpZcPFjwvAKS6IQY9e8h7kxLtOJMy8j
	Hm6jsk5eI/xYey4zC02nxY3cZc8v/3TMwcFHL1EVSd8I/NXG1Se47wfZbT9jOg==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ntml367jDzDvD
	for <bugs@FreeBSD.org>; Fri, 13 Jan 2023 16:16:47 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30DGGlNI001720
	for <bugs@FreeBSD.org>; Fri, 13 Jan 2023 16:16:47 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 30DGGlub001719
	for bugs@FreeBSD.org; Fri, 13 Jan 2023 16:16:47 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 268934] [ena] Counters are alloced after they are available for
 reading which can cause a kernel crash
Date: Fri, 13 Jan 2023 16:16:47 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ghuckriede@blackberry.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-268934-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268934

            Bug ID: 268934
           Summary: [ena] Counters are alloced after they are available
                    for reading which can cause a kernel crash
           Product: Base System
           Version: 13.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: ghuckriede@blackberry.com

Created attachment 239448
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D239448&action=
=3Dedit
Potential Fix

The kernel panics because the stats are allocated in ena_attach()
[@ena.c:3686].
However ena_get_counters() is registered by ena_setup_ifnet()[@ena.c:2402] =
in
ena_attach() [@ena.c:3663].  Once ether_ifattach() [@ena.c:2434] is done, t=
he
interface is available and can counters can be read before they are allocat=
ed.

N.B. Line numbers refer to the following version of the file.
https://cgit.freebsd.org/src/tree/sys/dev/ena/ena.c @ blob
c091091fed206a949b11eb751a4d990d66fa181f=20

A potential fix that creates the counters before calling ether_attach() has
been attached.
N.B. The EC2 instance is not setup to build, so the provided patch is not
tested.


Steps to Reproduce:=20
root@freebsd:~ # cat ./dump.sh
#!/bin/sh
while true
do
netstat -I ena0
done
root@freebsd:~ # cat ./reset.sh
#!/bin/sh
while true
do
devctl disable ena0
devctl enable ena0
done
root@freebsd:~ # ./dump.sh &
root@freebsd:~ # ./reset.sh &
<SNIP>
ena0: link is UP
ena0: Link is down
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0*  1500 <Link#1>      02:55:a9:7c:3f:bb        0     0     0        0  =
   0
    0
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Jan 13 15:50:46 freebsd dhclient[1577]: ena0: not found
Jan 13 15:50:46 ena0: detached
freebsd dhclient[1577]: exiting.
ena0: <ENA adapter>Name    Mtu Netw mem 0x80008000ork       Addres-0x8000bf=
ff
irq 37 at device 5.0 on pci0
s              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: ena_com_validate_version() [TID:100093]: ENA device version: 0.10
Name    Mtu Netwena0: ena_com_validate_version() [TID:100093]: ENA controll=
er
version: 0.0.1 implementation version 1
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
Name    Mtu Netwena0: LLQ is not supported. Fallback to host mode policy.
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: detached
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: <ENA adapter> mem 0x80008000-0x8000bfff irq 37 at device 5.0 on pci0
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: ena_com_validate_version() [TID:100093]: ENA device version: 0.10
Name    Mtu Netwena0: ena_com_validate_version() [TID:100093]: ENA controll=
er
version: 0.0.1 implementation version 1
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
ena0: LLQ is not supported. Fallback to host mode policy.
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Iena0: detached
pkts Ierrs Idrop    Opkts Oerrs  Coll
ena0: <ENA adapter>Name    Mtu Netw mem 0x80008000-0x8000bfff irq 37 at dev=
ice
5.0 on pci0
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
ena0: ena_com_validate_version() [TID:100093]: ENA device version: 0.10
Name    Mtu Netwena0: ena_com_validate_version() [TID:100093]: ENA controll=
er
version: 0.0.1 implementation version 1
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
ena0: LLQ is not supported. Fallback to host mode policy.
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: detached
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: <ENA adapter> mem 0x80008000-0x8000bfff irq 37 at device 5.0Name    M=
tu
Netw on pci0
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
ena0: ena_com_validate_version() [TID:100093]: ENA device version: 0.10
Name    Mtu Netwena0: ena_com_validate_version() [TID:100093]: ENA controll=
er
version: 0.0.1 implementation version 1
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
ena0: LLQ is not supported. Fallback to host mode policy.
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: detached
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: <ENA adapter> mem 0x80008000-0x8000bfff irq 37 at device 5.0 on pci0
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: ena_com_validate_version() [TID:100093]: ENA device version: 0.10
ena0: ena_com_validate_version() [TID:100093]: ENA controller version: 0.0.1
implementation version 1
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: LLQ is not supported. Fallback to host mode policy.
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0*  1500 <Link#1>      02:55:a9:7c:3f:bb        0     0     0        0  =
   0
    0
Name    Mtu Network       Address              Ipkts Ierrs Idropena0: Link =
is
down
    Opkts Oerrs  Coll
ena0: link is UP
ena0*  1500 <Link#1>      02:55:a9:7c:3f:bb        0     0     0        0  =
   0
    0
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0*  1500 <Link#1>      02:55:a9:7c:3f:bb        0     0     0        0  =
   0
    0
Jan 13 15:50:48 freebsd dhclient[1678]: ena0: not found
Jan 13 15:50:48 freebsd dhclient[1678]: exiting.
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: detached
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: <ENA adapter> mem 0x80008000-0x8000bfff irq 37 at device 5.0 on pci0
Name    Mtu Netwena0: ena_com_validate_version() [TID:100093]: ENA device
version: 0.10
ena0: ena_com_validate_version() [TID:100093]: ENA controller version: 0.0.1
implementation version 1
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
ena0: LLQ is not supported. Fallback to host mode policy.
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Netwena0: detached
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
ena0: <ENA adapter> mem 0x80008000-0x8000bfff irq 37 at device 5.0Name    M=
tu
Netw on pci0
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
ena0: ena_com_validate_version() [TID:100093]: ENA device version: 0.10
Name    Mtu Netwena0: ena_com_validate_version() [TID:100093]: ENA controll=
er
version: 0.0.1 implementation version 1
ork       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
ena0: LLQ is not supported. Fallback to host mode policy.
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
ena0: Link is down
 Coll
ena0: Link is down
ena0*  1500 <Linena0: Link is down
k#1>      02:55:a9:7c:3f:bb        0     0     0        0     0     0
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts O=
errs
 Coll
<SNIP>


Actual Results:
Fatal data abort:
  x0:                0
  x1:                0
  x2:               d8
  x3: ffff0000da508284
  x4: ffff0000da5081a0
  x5: ffff00009ad620d8
  x6:                0
  x7:                0
  x8:                0
  x9:                0
 x10:                0
 x11:                1
 x12: ffff000000e5a250
 x13:                3
 x14:                3
 x15:                0
 x16: ffff000001280d28
 x17: ffff00000050c088
 x18: ffff0000da508250
 x19: ffff0000da508308
 x20: ffffa0001404a000
 x21:                0
 x22:                0
 x23:               d8
 x24: ffffa00001518390
 x25:               18
 x26:               98
 x27: ffff000000e6c000
 x28: ffff00009ad62000
 x29: ffff0000da508250
  sp: ffff0000da508250
  lr: ffff0000005ed6d0
 elr: ffff00000050c0d8
spsr:         80400045
 far:                0
 esr:         96000007
panic: vm_fault failed: ffff00000050c0d8
cpuid =3D 0
time =3D 1673625050
KDB: stack backtrace:
#0 0xffff00000051646c at kdb_backtrace+0x60
#1 0xffff0000004c24c0 at vpanic+0x174
#2 0xffff0000004c2348 at panic+0x44
#3 0xffff0000007f48c0 at data_abort+0x204
#4 0xffff0000007d5010 at handle_el1h_sync+0x10
#5 0xffff0000005ed6cc at if_data_copy+0x7c
#6 0xffff0000005ed6cc at if_data_copy+0x7c
#7 0xffff000000625384 at sysctl_iflist+0xe8
#8 0xffff0000006251e0 at sysctl_rtsock+0x26c
#9 0xffff0000004d4634 at sysctl_root_handler_locked+0x118
#10 0xffff0000004d3aa4 at sysctl_root+0x218
#11 0xffff0000004d4094 at userland_sysctl+0x18c
#12 0xffff0000004d3ec8 at sys___sysctl+0x68
#13 0xffff0000007f3e90 at do_el0_sync+0x560
#14 0xffff0000007d50fc at handle_el0_sync+0x38
Uptime: 25m32s
N.B. The kenel dump was not created on the target after reboot, and therefo=
re
not included.


Build Date & Hardware:
Target is an AWS EC2 instance with an EC2 serial console connection
root@freebsd:~ # uname -a
FreeBSD freebsd 13.1-RELEASE-p2 FreeBSD 13.1-RELEASE-p2 GENERIC arm64

--=20
You are receiving this mail because:
You are the assignee for the bug.=