Date: Mon, 19 Jun 2017 09:28:04 +0800 From: Jia-Ju Bai <baijiaju1990@163.com> To: wpaul@ctr.columbia.edu Cc: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-net@freebsd.org, Jia-Ju Bai <baijiaju1990@163.com> Subject: [PATCH] if_xl: Fix a possible sleep-under-mutex bug in xl_list_rx_init Message-ID: <20170619012804.43725-1-baijiaju1990@163.com>
next in thread | raw e-mail | index | archive | help
The driver may sleep under a mutex, and the code path is:
xl_resume [acquire the mutex]
xl_init_locked
xl_list_rx_init
bus_dmamap_create(BUS_DMA_WAITOK) --> may sleep
The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT".
This bug is found by a static analysis tool written by myself, and it is
checked by my review of the FreeBSD code.
Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
---
sys/dev/xl/if_xl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/dev/xl/if_xl.c b/sys/dev/xl/if_xl.c
index 4c1c238981d..59b29ddc7ca 100644
--- a/sys/dev/xl/if_xl.c
+++ b/sys/dev/xl/if_xl.c
@@ -1726,7 +1726,7 @@ xl_list_rx_init(struct xl_softc *sc)
for (i = 0; i < XL_RX_LIST_CNT; i++) {
cd->xl_rx_chain[i].xl_ptr = &ld->xl_rx_list[i];
- error = bus_dmamap_create(sc->xl_mtag, 0,
+ error = bus_dmamap_create(sc->xl_mtag, BUS_DMA_NOWAIT,
&cd->xl_rx_chain[i].xl_map);
if (error)
return (error);
--
2.13.0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170619012804.43725-1-baijiaju1990>