From owner-freebsd-net@freebsd.org Sun Jun 18 15:13:36 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D3FDDD881D8; Sun, 18 Jun 2017 15:13:36 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-13.163.com (m12-13.163.com [220.181.12.13]) by mx1.freebsd.org (Postfix) with ESMTP id 91A35728FE; Sun, 18 Jun 2017 15:13:35 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=34aDayTWt169unhpFx 3SaIJw0tUOMQyj0ngcjXEPvqY=; b=DQ8M2zG2g4Fl9ZOCPfh8SUw0H44MvCfHGH GE9vcYDL5M+f4daKBn+wKwXxHf9oLHGyrstc0aNdn3DRDUQHmSSDImRcZ6GMmyvK 3ajKK6+7XzQnvu3Idp+dXgdJs4GMeQlNIccWqjr1j9XuoqVo5KwkTddn0v8tYpiF Fq3O2w5Vg= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp9 (Coremail) with SMTP id DcCowAAnx1KamEZZIIkRLQ--.56364S2; Sun, 18 Jun 2017 23:13:33 +0800 (CST) From: Jia-Ju Bai To: erj@freebsd.org, sbruno@freebsd.org Cc: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-net@freebsd.org, Jia-Ju Bai Subject: [PATCH] if_ixgb: Fix possible sleep-under-mutex bugs (different from Bug 220033) Date: Sun, 18 Jun 2017 23:13:29 +0800 Message-Id: <20170618151329.41975-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DcCowAAnx1KamEZZIIkRLQ--.56364S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7Kr4DGw4DWr1Duw4xWr4xXrb_yoW8WryUpa 18W3W3GF1UXr4jya1vvF48WFW3Ga95uryUGry8Wa4Du3W2yr1jgw409ay0k3y5Xws7Can3 CFyqkr98AF17AFDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRPrchUUUUU= X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/xtbBRR36elO-7qb7ZwAAsg X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 15:13:36 -0000 The driver may sleep under a mutex, and the function call paths are: ixgb_init [acquire the mutex] ixgb_init_locked ixgb_setup_transmit_structures bus_dma_tag_create(BUS_DMA_ALLOCNOW) --> may sleep ixgb_init [acquire the mutex] ixgb_init_locked ixgb_setup_receive_structures ixgb_allocate_receive_structures bus_dma_tag_create(BUS_DMA_ALLOCNOW) --> may sleep The possible fix of these bugs is to add "BUS_DMA_NOWAIT" in bus_dma_tag_create. These bugs are found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/ixgb/if_ixgb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/ixgb/if_ixgb.c b/sys/dev/ixgb/if_ixgb.c index 430c13c72d1..4cdfe6d4c28 100644 --- a/sys/dev/ixgb/if_ixgb.c +++ b/sys/dev/ixgb/if_ixgb.c @@ -1518,7 +1518,7 @@ ixgb_setup_transmit_structures(struct adapter * adapter) MCLBYTES * IXGB_MAX_SCATTER, /* maxsize */ IXGB_MAX_SCATTER, /* nsegments */ MCLBYTES, /* maxsegsize */ - BUS_DMA_ALLOCNOW, /* flags */ + BUS_DMA_ALLOCNOW | BUS_DMA_NOWAIT, /* flags */ #if __FreeBSD_version >= 502000 NULL, /* lockfunc */ NULL, /* lockfuncarg */ @@ -1856,7 +1856,7 @@ ixgb_allocate_receive_structures(struct adapter * adapter) MCLBYTES, /* maxsize */ 1, /* nsegments */ MCLBYTES, /* maxsegsize */ - BUS_DMA_ALLOCNOW, /* flags */ + BUS_DMA_ALLOCNOW | BUS_DMA_NOWAIT, /* flags */ #if __FreeBSD_version >= 502000 NULL, /* lockfunc */ NULL, /* lockfuncarg */ -- 2.13.0