From owner-freebsd-net@freebsd.org Sun Jun 18 09:20:38 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0B4F7D8CDE4; Sun, 18 Jun 2017 09:20:38 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-14.163.com (m12-14.163.com [220.181.12.14]) by mx1.freebsd.org (Postfix) with ESMTP id 76F9C653E6; Sun, 18 Jun 2017 09:20:35 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=JpzRAPgRPVN/zFZn9c 5pVbrnzwwOQjEIhH14W7vwEAI=; b=I4b/qGKuCKGEGKy5IrNNRy+2lItGlBgnbZ oGjSVppCDn0uBEdu3WSyU3z7QTEMizMQHSszBLFRy6rtOEyGpbFbk1CpT9R8xNXn mnF4fUSOvMfckBqrRezChTln/Qtlm3XFjQMfPj2JRgZTsoaCGkmD/M/iJGd9fQqc ezLZumQqw= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp10 (Coremail) with SMTP id DsCowACHj1vYRUZZPiWOMQ--.59360S2; Sun, 18 Jun 2017 17:20:27 +0800 (CST) From: Jia-Ju Bai To: erj@freebsd.org, sbruno@FreeBSD.org Cc: freebsd-drivers@freebsd.org, freebsd-net@freebsd.org, Jia-Ju Bai Subject: [BUG 220033][PATCH] if_ixgb: Fix a possible sleep-under-mutex bug in ixge_get_buf Date: Sun, 18 Jun 2017 17:20:23 +0800 Message-Id: <20170618092023.40369-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DsCowACHj1vYRUZZPiWOMQ--.59360S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7GF48Kr47KFy7JF13Cr4UJwb_yoWDKFc_ua 4Iya48AwsxKrykKw4fCr4ruryIq3y3ur18ur4ft3ZxAFW7XF95Kr93JrWfXryxW3yIkrWx XrnYqrZakF1xZjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUjdHUPUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxz6elaDtdUXBwAAsa X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 09:20:38 -0000 The ixgb driver may sleep under a mutex, and the function call path is: ixgb_init [acquire the mutex] ixgb_init_locked ixgb_setup_receive_structures ixgb_allocate_receive_structures ixgb_get_buf bus_dmamap_load(BUS_DMA_WAITOK) --> may sleep The possible fix of these bugs is to set the last parameter in bus_dmamap_load to "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/ixgb/if_ixgb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/ixgb/if_ixgb.c b/sys/dev/ixgb/if_ixgb.c index 430c13c72d1..e6d02dd172e 100644 --- a/sys/dev/ixgb/if_ixgb.c +++ b/sys/dev/ixgb/if_ixgb.c @@ -1811,7 +1811,7 @@ ixgb_get_buf(int i, struct adapter * adapter, */ error = bus_dmamap_load(adapter->rxtag, rx_buffer->map, mtod(mp, void *), mp->m_len, - ixgb_dmamap_cb, &paddr, 0); + ixgb_dmamap_cb, &paddr, BUS_DMA_NOWAIT); if (error) { m_free(mp); return (error); -- 2.13.0