From owner-freebsd-scsi@freebsd.org Sun Jun 18 03:15:08 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BAB79D874E6 for ; Sun, 18 Jun 2017 03:15:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A8545813AD for ; Sun, 18 Jun 2017 03:15:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v5I3F8hc038209 for ; Sun, 18 Jun 2017 03:15:08 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-scsi@FreeBSD.org Subject: [Bug 220094] [scsi] sys/cam/scsi/scsi_sa.c: a sleep-under-mutex bug in saioctl Date: Sun, 18 Jun 2017 03:15:08 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: baijiaju1990@163.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 03:15:08 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220094 Jia-Ju Bai changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |freebsd-scsi@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-scsi@freebsd.org Sun Jun 18 03:32:51 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 09064D879D9 for ; Sun, 18 Jun 2017 03:32:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EB27E81B8F for ; Sun, 18 Jun 2017 03:32:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v5I3Wo8s084011 for ; Sun, 18 Jun 2017 03:32:50 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-scsi@FreeBSD.org Subject: [Bug 220095] [scsi] sys/dev/dpt/dpt_scsi.c: a sleep-under-mutex bug in dpt_init Date: Sun, 18 Jun 2017 03:32:51 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: baijiaju1990@163.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 03:32:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220095 Jia-Ju Bai changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |freebsd-scsi@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-scsi@freebsd.org Sun Jun 18 09:37:32 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F91AD8D165; Sun, 18 Jun 2017 09:37:32 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-12.163.com (m12-12.163.com [220.181.12.12]) by mx1.freebsd.org (Postfix) with ESMTP id 56D8D65B78; Sun, 18 Jun 2017 09:37:30 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=fknIQq1ayyu391lElL PIhlsvvS60FUnVNZuVw2T5lzk=; b=BUe9nejL98ia7565+T158cD7tpIXgza3kI bTJELYPhGPVcbeCx5LZRXHNVBQtD/IkuoQn8vDNQ2PiKSA7L/vQdsdTJlSWaIEwr TYCfoxAmv51YgJ2ybjs/++Hgw1zQTsLM/XR2zFwP8WYmTfW0FurI9QV0TPi0Iwgd 6SUHhTue0= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp8 (Coremail) with SMTP id DMCowAB3oqbPSUZZjNv3Cw--.35153S2; Sun, 18 Jun 2017 17:37:24 +0800 (CST) From: Jia-Ju Bai To: Cc: freebsd-drivers@freebsd.org, freebsd-scsi@freebsd.org, Jia-Ju Bai Subject: [Bug 220094][PATCH] scsi_sa: Fix a possible sleep-under-mutex bug in saioctl Date: Sun, 18 Jun 2017 17:37:15 +0800 Message-Id: <20170618093715.40555-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DMCowAB3oqbPSUZZjNv3Cw--.35153S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7GF45Xw4rJr43Kw18KF4kZwb_yoWDArc_WF yv9r1DtrWUKr4xtFn3AFWfuF9Fgw4rWrnYyF1YyFWfZryDXFnYka4xWrn3ZrWfX34j9345 G3s8try5Ar17AjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUUAwIPUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxT6elaDtdVKGwAAsT X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 09:37:32 -0000 The driver may sleep under a mutex, and the function call path is: saioctl [acquire the mutex] saextget malloc(M_WAITOK) --> may sleep The possible fix of this bug is to replace "M_WAITOK" in malloc with "M_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/cam/scsi/scsi_sa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/cam/scsi/scsi_sa.c b/sys/cam/scsi/scsi_sa.c index 8a8451c3bce..b884bd3d65f 100644 --- a/sys/cam/scsi/scsi_sa.c +++ b/sys/cam/scsi/scsi_sa.c @@ -4465,7 +4465,7 @@ saextget(struct cdev *dev, struct cam_periph *periph, struct sbuf *sb, if (cgd.serial_num_len > sizeof(tmpstr)) { ts2_len = cgd.serial_num_len + 1; ts2_malloc = 1; - tmpstr2 = malloc(ts2_len, M_SCSISA, M_WAITOK | M_ZERO); + tmpstr2 = malloc(ts2_len, M_SCSISA, M_NOWAIT | M_ZERO); } else { ts2_len = sizeof(tmpstr); ts2_malloc = 0; -- 2.13.0 From owner-freebsd-scsi@freebsd.org Sun Jun 18 09:46:09 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8170FD8D5AD; Sun, 18 Jun 2017 09:46:09 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by mx1.freebsd.org (Postfix) with ESMTP id B82A566158; Sun, 18 Jun 2017 09:46:08 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=xUZUkp6Ul2hnrkXRW2 3Z7WBtITssvPDJ5IYBRM7sJCA=; b=BiWw2RZoulI/pK4lGH6FCvGnYDUwzh4OQD vCY8iPuwn/59wINNhV9b4btpCWjZW6LxvL9TiDrz/H+sUUOqVEUViXUGwUUWc1CZ a04xvg0LMwdScTp8pTe94wrE4FT2qmBxlLbZhAGevZV+itvxDYh8SonRd6ZF+VYz bLmZ1FMS4= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp12 (Coremail) with SMTP id EMCowAA38i7bS0ZZ6n6dKQ--.6754S2; Sun, 18 Jun 2017 17:46:07 +0800 (CST) From: Jia-Ju Bai To: Cc: freebsd-drivers@freebsd.org, freebsd-scsi@freebsd.org, Jia-Ju Bai Subject: [Bug 220095][PATCH] dpt_scsi: Fix a possible sleep-under-mutex bug in dpt_init Date: Sun, 18 Jun 2017 17:46:01 +0800 Message-Id: <20170618094601.40636-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: EMCowAA38i7bS0ZZ6n6dKQ--.6754S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7GF45WF1UXr1xKFW8JryUtrb_yoWDXrcE93 WqyryrAw1Ik348Kr4fAF4fZr129ay5XrW8uw1rXrsxJF1UXw1rK343uryfZrZxWw4IkFyx WF90qrW5Gw12vjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUUpBT7UUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/xtbBRR-6elO-7qMI2gAAsp X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 09:46:09 -0000 The driver may sleep under a mutex, and the function call path is: dpt_init [acquire the mutex] dptallocsgmap bus_dmamap_load(BUS_DMA_WAITOK) --> may sleep The possible fix of this bug is to set the last parameter in bus_dmamap_load to "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/dpt/dpt_scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/dpt/dpt_scsi.c b/sys/dev/dpt/dpt_scsi.c index 541b58665cf..f39ebfba2a7 100644 --- a/sys/dev/dpt/dpt_scsi.c +++ b/sys/dev/dpt/dpt_scsi.c @@ -300,7 +300,7 @@ dptallocsgmap(struct dpt_softc *dpt) (void)bus_dmamap_load(dpt->sg_dmat, sg_map->sg_dmamap, sg_map->sg_vaddr, PAGE_SIZE, dptmapmem, &sg_map->sg_physaddr, - /*flags*/0); + /*flags*/BUS_DMA_NOWAIT); SLIST_INSERT_HEAD(&dpt->sg_maps, sg_map, links); -- 2.13.0 From owner-freebsd-scsi@freebsd.org Sun Jun 18 11:53:19 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81517D8F638 for ; Sun, 18 Jun 2017 11:53:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6EA976A534 for ; Sun, 18 Jun 2017 11:53:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v5IBrJpX068144 for ; Sun, 18 Jun 2017 11:53:19 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-scsi@FreeBSD.org Subject: [Bug 220095] [scsi] sys/dev/dpt/dpt_scsi.c: a sleep-under-mutex bug in dpt_init Date: Sun, 18 Jun 2017 11:53:19 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: baijiaju1990@163.com X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Not A Bug X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 11:53:19 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220095 Jia-Ju Bai changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed Resolution|--- |Not A Bug --- Comment #1 from Jia-Ju Bai --- I have read the manual page of bus_dmamap_load. This call will always return immediately and will not block for any reason. Sorry for my wrong report, please ignore it. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-scsi@freebsd.org Sun Jun 18 14:45:49 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98B82D87AD0; Sun, 18 Jun 2017 14:45:49 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-11.163.com (m12-11.163.com [220.181.12.11]) by mx1.freebsd.org (Postfix) with ESMTP id 7DDBD71DA4; Sun, 18 Jun 2017 14:45:48 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=w0XWpKvZQLsYj92hqm ef8ydJD6ACDvEbIOjqQwQX0tE=; b=DzHZ5F5wsFWUyvcztcDPn/QPoqLcYFojlL imDcGCAFdw7NhIMBvOXX/BFcrEcdUDW6Krn9vUGQXlg8jEGV/c1zq6QROJAL6xCE gSqqqnXYtGplknUToh2CWmcS83TxvnDYZw8p6hux51j4hbJVshHt0cnp5IKqbrLT ob4NT3CX4= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp7 (Coremail) with SMTP id C8CowADH1xMQkkZZLmM+MA--.8304S2; Sun, 18 Jun 2017 22:45:40 +0800 (CST) From: Jia-Ju Bai To: njm@njm.me.uk, freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-scsi@freebsd.org Cc: Jia-Ju Bai Subject: [PATCH] dpt_scsi: Fix a possible sleep-under-mutex bug in dpt_init (different from Bug 220095) Date: Sun, 18 Jun 2017 22:45:35 +0800 Message-Id: <20170618144535.41858-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: C8CowADH1xMQkkZZLmM+MA--.8304S2 X-Coremail-Antispam: 1Uf129KBjvdXoWruFy3Ww1rKrW7CFyrAw18Zrb_yoWfKrXE93 ZYyFn5Jr1rKw1xCrs7Ar4rCry7K3yrWr48Zr1rX3W7Aw1Ivr1FgF9a9r1fXrZ0gw1I9FWr WFyDXrW5Cw12vjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUbaL9UUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxT6elaDtdkNTgAAsN X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 14:45:49 -0000 The driver may sleep under a mutex, and the code path is: dpt_init [line 1134: acquire the mutex] bus_dma_tag_create(BUS_DMA_WAITOK) [line 1143] --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dma_tag_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/dpt/dpt_scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/dpt/dpt_scsi.c b/sys/dev/dpt/dpt_scsi.c index 541b58665cf..d69a443067a 100644 --- a/sys/dev/dpt/dpt_scsi.c +++ b/sys/dev/dpt/dpt_scsi.c @@ -1150,7 +1150,7 @@ dpt_init(struct dpt_softc *dpt) /* maxsize */ PAGE_SIZE, /* nsegments */ 1, /* maxsegsz */ BUS_SPACE_MAXSIZE_32BIT, - /* flags */ 0, + /* flags */ BUS_DMA_NOWAIT, /* lockfunc */ NULL, /* lockarg */ NULL, &dpt->sg_dmat) != 0) { -- 2.13.0 From owner-freebsd-scsi@freebsd.org Sun Jun 18 17:06:53 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E94CD8A086 for ; Sun, 18 Jun 2017 17:06:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8B14B754CC for ; Sun, 18 Jun 2017 17:06:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v5IH6rZC053233 for ; Sun, 18 Jun 2017 17:06:53 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-scsi@FreeBSD.org Subject: [Bug 220094] [scsi] sys/cam/scsi/scsi_sa.c: a sleep-under-mutex bug in saioctl Date: Sun, 18 Jun 2017 17:06:53 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-scsi@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 17:06:53 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220094 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-scsi@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-scsi@freebsd.org Mon Jun 19 01:11:23 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E730D91BC8; Mon, 19 Jun 2017 01:11:23 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-14.163.com (m12-14.163.com [220.181.12.14]) by mx1.freebsd.org (Postfix) with ESMTP id 8943E8213B; Mon, 19 Jun 2017 01:11:22 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=TTvssAyVof/4L6Aw+e +k7pZHAyMbBYgkDcZe/XN3hQ4=; b=OhqPLKv5hEdN34CJ+orsTu29Ve27dkQ7fF +J/07y8NZn8hqAbs6GyAA+QBDv757JF6egVybRlfxVui++6vOhvU7nupCGpW5JmB NnR73kPjeEpnLWv8S1ImRtE805/0M5wJvivYjwhkA8LACTU7SG3RpCpbcXKpCqKI M8QBH1W7M= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp10 (Coremail) with SMTP id DsCowAD3k5C0JEdZ5xvxMQ--.1064S2; Mon, 19 Jun 2017 09:11:20 +0800 (CST) From: Jia-Ju Bai To: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-scsi@freebsd.org Cc: Jia-Ju Bai Subject: [PATCH] adwcam: Fix a possible sleep-under-mutex bug in adw_init Date: Mon, 19 Jun 2017 09:11:13 +0800 Message-Id: <20170619011113.43652-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DsCowAD3k5C0JEdZ5xvxMQ--.1064S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7Gr17CFyxuw43WFy8Ww4xXrb_yoWDuFcEgF 93ArWkAFs8K3Wxtr18Cr4a9r1Ig3yrZFy8Cr4S9w43Kw17JF93tF4rKr1fXF9xu3s2vrW3 ury0qrW5Aw17AjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUboqcUUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxj7elaDtd9JBwAAsL X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 01:11:23 -0000 The driver may sleep under a sleep, and the function call path is: adw_init [line 1098: acquire the mutex] adwallocacbs bus_dmamap_create(BUS_DMA_WAITOK) --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/advansys/adwcam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/advansys/adwcam.c b/sys/dev/advansys/adwcam.c index 02f9c49d800..6950ae49ff8 100644 --- a/sys/dev/advansys/adwcam.c +++ b/sys/dev/advansys/adwcam.c @@ -201,7 +201,7 @@ adwallocacbs(struct adw_softc *adw) for (i = 0; adw->num_acbs < adw->max_acbs && i < newcount; i++) { int error; - error = bus_dmamap_create(adw->buffer_dmat, /*flags*/0, + error = bus_dmamap_create(adw->buffer_dmat, /*flags*/BUS_DMA_NOWAIT, &next_acb->dmamap); if (error != 0) break; -- 2.13.0 From owner-freebsd-scsi@freebsd.org Mon Jun 19 14:34:51 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0BC6FD9DCBE for ; Mon, 19 Jun 2017 14:34:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EDC1D7666B for ; Mon, 19 Jun 2017 14:34:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v5JEYn1a063580 for ; Mon, 19 Jun 2017 14:34:50 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-scsi@FreeBSD.org Subject: [Bug 220094] [scsi] sys/cam/scsi/scsi_sa.c: a sleep-under-mutex bug in saioctl Date: Mon, 19 Jun 2017 14:34:50 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ken@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ken@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 14:34:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220094 Kenneth D. Merry changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-scsi@FreeBSD.org |ken@FreeBSD.org CC| |ken@FreeBSD.org --- Comment #1 from Kenneth D. Merry --- Thanks for the report, I'll take care of it. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-scsi@freebsd.org Mon Jun 19 20:49:01 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D7CBDA443D for ; Mon, 19 Jun 2017 20:49:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2B5208367F for ; Mon, 19 Jun 2017 20:49:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v5JKn00g069694 for ; Mon, 19 Jun 2017 20:49:01 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-scsi@FreeBSD.org Subject: [Bug 220094] [scsi] sys/cam/scsi/scsi_sa.c: a sleep-under-mutex bug in saioctl Date: Mon, 19 Jun 2017 20:49:00 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ken@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 20:49:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220094 --- Comment #2 from commit-hook@freebsd.org --- A commit references this bug: Author: ken Date: Mon Jun 19 20:48:01 UTC 2017 New revision: 320123 URL: https://svnweb.freebsd.org/changeset/base/320123 Log: Fix a potential sleep while holding a mutex in the sa(4) driver. If the user issues a MTIOCEXTGET ioctl, and the tape drive in question has a serial number that is longer than 80 characters, we malloc a buffer in saextget() to hold the output of cam_strvis(). Since a mutex is held in that codepath, doing a M_WAITOK malloc could lead to sleeping while holding a mutex. Change it to a M_NOWAIT malloc and ba= il out if we fail to allocate the memory. Devices with serial numbers longer than 80 bytes are very rare (I don't recall seeing one), so this should be a very unusual case to hit. But it is a bug that should be fix= ed. sys/cam/scsi/scsi_sa.c: In saextget(), if we need to malloc a buffer to hold the output of cam_strvis(), don't wait for the memory. Fail and return an error if we can't allocate the memory immediately. PR: kern/220094 Submitted by: Jia-Ju Bai MFC after: 3 days Sponsored by: Spectra Logic Changes: head/sys/cam/scsi/scsi_sa.c --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-scsi@freebsd.org Wed Jun 21 15:25:11 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7BEA1D92407 for ; Wed, 21 Jun 2017 15:25:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6AA8F70FBA for ; Wed, 21 Jun 2017 15:25:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v5LFPBTC054619 for ; Wed, 21 Jun 2017 15:25:11 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-scsi@FreeBSD.org Subject: [Bug 220175] [iscsi] ctld often gets stuck in a "D" state Date: Wed, 21 Jun 2017 15:25:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-scsi@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2017 15:25:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220175 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-scsi@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-scsi@freebsd.org Sat Jun 24 03:10:28 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4405AD93C1E for ; Sat, 24 Jun 2017 03:10:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 328BE7F233 for ; Sat, 24 Jun 2017 03:10:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v5O3ASDm081464 for ; Sat, 24 Jun 2017 03:10:28 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-scsi@FreeBSD.org Subject: [Bug 220236] sys/dev/dpt/dpt_scsi.c: A possible sleep-under-mutex bug in dpt_init (different from Bug 220095) Date: Sat, 24 Jun 2017 03:10:28 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: baijiaju1990@163.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jun 2017 03:10:28 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220236 Jia-Ju Bai changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |freebsd-scsi@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug.=