Preservation of system integrity requires that faults be detected before they alter the system state. Consequently, the driver must test for faults whenever data returned from the device is to be used by the system.
The ddi_check_acc_handle(9F) and ddi_check_dma_handle(9F) calls should be made at significant junctures, such as just before passing a data block to the upper layers.
Data must not be forwarded out of the driver if the device has failed.
The driver must consider other possible impacts of the failure on the integrity of the system. The driver must ensure that kernel resources, such as memory, are not permanently lost when data cannot be forwarded. Threads should not remain blocked waiting for signals that will never be generated.
The driver should limit its processing while in the failed state (for example, freeing messages in wput routines, attempting to permanently disable interrupts from a failed board, and so forth).