Date: Wed, 08 Nov 2023 17:30:13 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 274966] A possible data race in sys/dev/firewire/firewire.c Message-ID: <bug-274966-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274966 Bug ID: 274966 Summary: A possible data race in sys/dev/firewire/firewire.c Product: Base System Version: 14.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: islituo@gmail.com Hello, Our static analysis tool finds a possible data race in firewire.c. The accesses to fwdev->dst and fwdev->status are often protected by the lock FW_GLOCK(fc). Here is an example in firewire.c: 146. fw_noderesolve_nodeid() { ...... 150. FW_GLOCK(fc); 151. STAILQ_FOREACH(fwdev, &fc->devices, link) 152. if (fwdev->dst =3D=3D dst && fwdev->status !=3D FWDEVINVAL) 153. break; 154. FW_GUNLOCK(fc); ...... 157. } But they are accessed in the following calling context without holding the lock: fw_bus_probe_thread() --> Line 1737 fw_explore(fc); --> Line 1747 err =3D fw_explore_node(&dfwdev); --> Line 1723 fwdev->dst =3D node; --> Line 1630 fwdev->status =3D FWDEVINIT; --> Line 1631 And thus can cause possible data races. I am not quite sure whether these possible data races are real andhow to fix them if they are real.=20 Any feedback would be appreciated, thanks! Reported-by: BassCheck <bass@buaa.edu.cn> --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274966-227>