From owner-freebsd-drivers@freebsd.org  Sun Jun 18 14:45:49 2017
Return-Path: <owner-freebsd-drivers@freebsd.org>
Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98B82D87AD0;
 Sun, 18 Jun 2017 14:45:49 +0000 (UTC)
 (envelope-from baijiaju1990@163.com)
Received: from m12-11.163.com (m12-11.163.com [220.181.12.11])
 by mx1.freebsd.org (Postfix) with ESMTP id 7DDBD71DA4;
 Sun, 18 Jun 2017 14:45:48 +0000 (UTC)
 (envelope-from baijiaju1990@163.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
 s=s110527; h=From:Subject:Date:Message-Id; bh=w0XWpKvZQLsYj92hqm
 ef8ydJD6ACDvEbIOjqQwQX0tE=; b=DzHZ5F5wsFWUyvcztcDPn/QPoqLcYFojlL
 imDcGCAFdw7NhIMBvOXX/BFcrEcdUDW6Krn9vUGQXlg8jEGV/c1zq6QROJAL6xCE
 gSqqqnXYtGplknUToh2CWmcS83TxvnDYZw8p6hux51j4hbJVshHt0cnp5IKqbrLT
 ob4NT3CX4=
Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9])
 by smtp7 (Coremail) with SMTP id C8CowADH1xMQkkZZLmM+MA--.8304S2;
 Sun, 18 Jun 2017 22:45:40 +0800 (CST)
From: Jia-Ju Bai <baijiaju1990@163.com>
To: njm@njm.me.uk, freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org,
 freebsd-scsi@freebsd.org
Cc: Jia-Ju Bai <baijiaju1990@163.com>
Subject: [PATCH] dpt_scsi: Fix a possible sleep-under-mutex bug in dpt_init
 (different from Bug 220095)
Date: Sun, 18 Jun 2017 22:45:35 +0800
Message-Id: <20170618144535.41858-1-baijiaju1990@163.com>
X-Mailer: git-send-email 2.13.0
X-CM-TRANSID: C8CowADH1xMQkkZZLmM+MA--.8304S2
X-Coremail-Antispam: 1Uf129KBjvdXoWruFy3Ww1rKrW7CFyrAw18Zrb_yoWfKrXE93
 ZYyFn5Jr1rKw1xCrs7Ar4rCry7K3yrWr48Zr1rX3W7Aw1Ivr1FgF9a9r1fXrZ0gw1I9FWr
 WFyDXrW5Cw12vjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUbaL9UUUUUU==
X-Originating-IP: [166.111.70.9]
X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxT6elaDtdkNTgAAsN
X-BeenThere: freebsd-drivers@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Writing device drivers for FreeBSD <freebsd-drivers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-drivers>, 
 <mailto:freebsd-drivers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-drivers/>
List-Post: <mailto:freebsd-drivers@freebsd.org>
List-Help: <mailto:freebsd-drivers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-drivers>, 
 <mailto:freebsd-drivers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jun 2017 14:45:49 -0000

The driver may sleep under a mutex, and the code path is:
dpt_init [line 1134: acquire the mutex]
  bus_dma_tag_create(BUS_DMA_WAITOK) [line 1143] --> may sleep

The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dma_tag_create with "BUS_DMA_NOWAIT".

This bug is found by a static analysis tool written by myself, and it is
checked by my review of the FreeBSD code.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
---
 sys/dev/dpt/dpt_scsi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/dev/dpt/dpt_scsi.c b/sys/dev/dpt/dpt_scsi.c
index 541b58665cf..d69a443067a 100644
--- a/sys/dev/dpt/dpt_scsi.c
+++ b/sys/dev/dpt/dpt_scsi.c
@@ -1150,7 +1150,7 @@ dpt_init(struct dpt_softc *dpt)
 				/* maxsize	*/ PAGE_SIZE,
 				/* nsegments	*/ 1,
 				/* maxsegsz	*/ BUS_SPACE_MAXSIZE_32BIT,
-				/* flags	*/ 0,
+				/* flags	*/ BUS_DMA_NOWAIT,
 				/* lockfunc	*/ NULL,
 				/* lockarg	*/ NULL,
 				&dpt->sg_dmat) != 0) {
-- 
2.13.0