From owner-freebsd-bugs@freebsd.org Mon Jun 19 01:11:23 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E730D91BC8; Mon, 19 Jun 2017 01:11:23 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-14.163.com (m12-14.163.com [220.181.12.14]) by mx1.freebsd.org (Postfix) with ESMTP id 8943E8213B; Mon, 19 Jun 2017 01:11:22 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=TTvssAyVof/4L6Aw+e +k7pZHAyMbBYgkDcZe/XN3hQ4=; b=OhqPLKv5hEdN34CJ+orsTu29Ve27dkQ7fF +J/07y8NZn8hqAbs6GyAA+QBDv757JF6egVybRlfxVui++6vOhvU7nupCGpW5JmB NnR73kPjeEpnLWv8S1ImRtE805/0M5wJvivYjwhkA8LACTU7SG3RpCpbcXKpCqKI M8QBH1W7M= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp10 (Coremail) with SMTP id DsCowAD3k5C0JEdZ5xvxMQ--.1064S2; Mon, 19 Jun 2017 09:11:20 +0800 (CST) From: Jia-Ju Bai To: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-scsi@freebsd.org Cc: Jia-Ju Bai Subject: [PATCH] adwcam: Fix a possible sleep-under-mutex bug in adw_init Date: Mon, 19 Jun 2017 09:11:13 +0800 Message-Id: <20170619011113.43652-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DsCowAD3k5C0JEdZ5xvxMQ--.1064S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7Gr17CFyxuw43WFy8Ww4xXrb_yoWDuFcEgF 93ArWkAFs8K3Wxtr18Cr4a9r1Ig3yrZFy8Cr4S9w43Kw17JF93tF4rKr1fXF9xu3s2vrW3 ury0qrW5Aw17AjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUboqcUUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxj7elaDtd9JBwAAsL X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 01:11:23 -0000 The driver may sleep under a sleep, and the function call path is: adw_init [line 1098: acquire the mutex] adwallocacbs bus_dmamap_create(BUS_DMA_WAITOK) --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/advansys/adwcam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/advansys/adwcam.c b/sys/dev/advansys/adwcam.c index 02f9c49d800..6950ae49ff8 100644 --- a/sys/dev/advansys/adwcam.c +++ b/sys/dev/advansys/adwcam.c @@ -201,7 +201,7 @@ adwallocacbs(struct adw_softc *adw) for (i = 0; adw->num_acbs < adw->max_acbs && i < newcount; i++) { int error; - error = bus_dmamap_create(adw->buffer_dmat, /*flags*/0, + error = bus_dmamap_create(adw->buffer_dmat, /*flags*/BUS_DMA_NOWAIT, &next_acb->dmamap); if (error != 0) break; -- 2.13.0