From owner-freebsd-hackers@freebsd.org Mon Jun 19 01:51:28 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2893D92834; Mon, 19 Jun 2017 01:51:27 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by mx1.freebsd.org (Postfix) with ESMTP id 103A88344E; Mon, 19 Jun 2017 01:51:26 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=/qOhPLnCi6BV9fDqy6 mhlZfzFoCatAkaX6lL2GSUCVU=; b=l0z3PcDC7QxwexJXVisIFqkNOnsQfKhMED xGy+Jm9+4knD2Hd1fqQWqKHR2k1sCJOmtIqxnU5oE5aQ2AxJ0zIwzledJBruYU7S mDL6BipkoMMNqiNO/E/r21OidfRKXM4OMEyQNHJgfflWgg27DqRtguZxr13U/X6C 0HXB/wwJI= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp12 (Coremail) with SMTP id EMCowABXnfIZLkdZlmTOKQ--.63442S2; Mon, 19 Jun 2017 09:51:25 +0800 (CST) From: Jia-Ju Bai To: freebsdraid@lsi.com Cc: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-hackers@freebsd.org, Jia-Ju Bai Subject: [PATCH] tws: Fix a possible sleep-under-mutex bug in tws_init_reqs Date: Mon, 19 Jun 2017 09:51:19 +0800 Message-Id: <20170619015119.43883-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: EMCowABXnfIZLkdZlmTOKQ--.63442S2 X-Coremail-Antispam: 1Uf129KBjvdXoWrtFy5XFyDJF43Zw1kuFy8Xwb_yoWkGrcE93 WDCF1rXFWqy3W2qa4DAr4rZry2g3yrXw1rXryfA3ZFy34xXFWrJrZ2vFyxWrn7ua4IkrW3 WryUKrW5CF1xZjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUbeyI7UUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiTh37elUCydy1ogAAsH X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 01:51:28 -0000 The driver may sleep under a mutex, and the code path is: tws_init_reqs [line 684: acquire the mutex] tws_init_reqs [line 685] bus_dmamap_create(BUS_DMA_WAITOK) [line 687] --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/tws/tws.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/dev/tws/tws.c b/sys/dev/tws/tws.c index 480f6f95489..6d21a524f18 100644 --- a/sys/dev/tws/tws.c +++ b/sys/dev/tws/tws.c @@ -684,7 +684,8 @@ tws_init_reqs(struct tws_softc *sc, u_int32_t dma_mem_size) mtx_lock(&sc->q_lock); for ( i=0; i< tws_queue_depth; i++) { - if (bus_dmamap_create(sc->data_tag, 0, &sc->reqs[i].dma_map)) { + if (bus_dmamap_create(sc->data_tag, BUS_DMA_NOWAIT, + &sc->reqs[i].dma_map)) { /* log a ENOMEM failure msg here */ mtx_unlock(&sc->q_lock); return(FAILURE); -- 2.13.0