From owner-freebsd-drivers@freebsd.org  Sun Jun 18 04:04:49 2017
Return-Path: <owner-freebsd-drivers@freebsd.org>
Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E485D88367
 for <freebsd-drivers@mailman.ysv.freebsd.org>;
 Sun, 18 Jun 2017 04:04:49 +0000 (UTC)
 (envelope-from baijiaju1990@163.com)
Received: from proxy90-5.mail.163.com (proxy90-5.mail.163.com [43.230.90.5])
 by mx1.freebsd.org (Postfix) with ESMTP id 71F0F827A0
 for <freebsd-drivers@freebsd.org>; Sun, 18 Jun 2017 04:04:48 +0000 (UTC)
 (envelope-from baijiaju1990@163.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
 s=s110527; h=From:Subject:Message-ID:Date:MIME-Version; bh=4vjWx
 fpJjK67KK7+qEA+ahT9hp7BuTCVkG/ElktdjLs=; b=VqW9jcIjQN5gxOx2Ri1RU
 nFq6ccremDAdqt3R5LOjxe4WUBSIL0YUvIEq8+dPA4FaHjhHxqHGi6yIYWz2UyZy
 NPyE0qsvEGFJVh8rpUb9wWMbacRDWfLaRhxo2HFkUp7mr+1fDVyPTxsUbRahoKgy
 HuTyLZo3wNpfxsKQkvaL1c=
Received: from [166.111.70.13] (unknown [166.111.70.13])
 by smtp11 (Coremail) with SMTP id D8CowADX208++EVZMRClMQ--.749S2;
 Sun, 18 Jun 2017 11:49:18 +0800 (CST)
To: freebsd-drivers@freebsd.org
From: Jia-Ju Bai <baijiaju1990@163.com>
Subject: [Bug 220095] [scsi] sys/dev/dpt/dpt_scsi.c: a sleep-under-mutex bug
 in dpt_init
Message-ID: <a06eb4f7-5fc5-ef2d-2bd5-efa3d8a06e89@163.com>
Date: Sun, 18 Jun 2017 11:49:18 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-CM-TRANSID: D8CowADX208++EVZMRClMQ--.749S2
X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73
 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjxUgkhLUUUUU
X-Originating-IP: [166.111.70.13]
X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiHh76elSIVp1jBQAAsx
X-BeenThere: freebsd-drivers@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Writing device drivers for FreeBSD <freebsd-drivers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-drivers>, 
 <mailto:freebsd-drivers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-drivers/>
List-Post: <mailto:freebsd-drivers@freebsd.org>
List-Help: <mailto:freebsd-drivers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-drivers>, 
 <mailto:freebsd-drivers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jun 2017 04:04:49 -0000

The driver may sleep under a mutex, and the function call path in file 
"sys/dev/dpt/dpt_scsi.c" in FreeBSD 11.0 is:
dpt_init [line 1246: acquire the mutex]
   dptallocsgmap [line 1282]
     bus_dmamap_load(BUS_DMA_WAITOK) [line 323] --> may sleep

The possible fix of this bug is to set the last parameter in 
bus_dmamap_load to "BUS_DMA_NOWAIT".

This bug is found by a static analysis tool written by myself, and it is 
checked by my review of the FreeBSD code.

Thanks,
Jia-Ju Bai