From owner-freebsd-bugs@freebsd.org Sun Jun 18 14:32:09 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50425D87472; Sun, 18 Jun 2017 14:32:09 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-12.163.com (m12-12.163.com [220.181.12.12]) by mx1.freebsd.org (Postfix) with ESMTP id 79DB8717F0; Sun, 18 Jun 2017 14:32:07 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=CwzX6pUT/mutSiLy41 ILJL10WobSpTJRuyo3QsYhIL8=; b=XDBAQnRIgujLS5TuLrDsF49FAzcXnvUe2E 8cONTXC5aN/PVUG0Yyl65mbhNrEuHJ+WhuLl19rG73c3VtzzZmuUJVIh+ntMhBPR +UfC74HS4BqHqYYTpyN+Orc5MNOjgVoAXYh47yckWOf4MTwUk0ZGR0073m3mAaq7 q5+8jONeA= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp8 (Coremail) with SMTP id DMCowAC35KjhjkZZBGETDA--.35674S2; Sun, 18 Jun 2017 22:32:05 +0800 (CST) From: Jia-Ju Bai To: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org Cc: Jia-Ju Bai Subject: [PATCH] aacraid: Fix a possible sleep-under-mutex bug in aac_alloc_commands Date: Sun, 18 Jun 2017 22:31:59 +0800 Message-Id: <20170618143159.41761-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DMCowAC35KjhjkZZBGETDA--.35674S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7Jr17Zr1kXrW3KF4xAw43KFg_yoWkXrcEkF 95AryrJr1jkF42kws7CFWYvr9rt34rXryrur4fXa13try7JFyfKwsFvF1fXrW3X3WIvFW3 X34aqr4vk3ZrZjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUUHmh7UUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiHgX6elSIVqVKuAAAsG X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 14:32:09 -0000 The driver may sleep under a mutex, and the code path is: aac_alloc_commands [line 1223: acquire the mutex] aac_alloc_commands [line 1227] bus_dmamap_create(BUS_DMA_WAITOK) [line 1250] --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/aacraid/aacraid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/aacraid/aacraid.c b/sys/dev/aacraid/aacraid.c index 42a16c42039..b0a987f5903 100644 --- a/sys/dev/aacraid/aacraid.c +++ b/sys/dev/aacraid/aacraid.c @@ -1247,7 +1247,7 @@ aac_alloc_commands(struct aac_softc *sc) } cm->cm_index = sc->total_fibs; - if ((error = bus_dmamap_create(sc->aac_buffer_dmat, 0, + if ((error = bus_dmamap_create(sc->aac_buffer_dmat, BUS_DMA_NOWAIT, &cm->cm_datamap)) != 0) break; if (sc->aac_max_fibs <= 1 || sc->aac_max_fibs - sc->total_fibs > 1) -- 2.13.0