From owner-freebsd-drivers@freebsd.org Sun Jun 18 03:19:44 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39F0ED87607 for ; Sun, 18 Jun 2017 03:19:44 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-13.163.com (m12-13.163.com [220.181.12.13]) by mx1.freebsd.org (Postfix) with ESMTP id 7EEBE81566 for ; Sun, 18 Jun 2017 03:19:42 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Message-ID:Date:MIME-Version; bh=SukhG lC1Its8c3ZOiS3OldqcGheqHf+HZc3vJMk5uXI=; b=jNm7U3Mwinrvs6EsYHmcB xZMdLsyv/NP9i+jyubI3mjDYqQseVeQtZN4U5LwLKciQuvL1RgYuPgc5SA4yY87e URYUl9bKbhSMSfNPAuiDc9nSigmQcEfo1+0hm0SNpuSK3fw1O7ndfhGCj31LHZUW hHb942dn60Pyhw6quntEQc= Received: from [166.111.70.13] (unknown [166.111.70.13]) by smtp9 (Coremail) with SMTP id DcCowADX3EhH8UVZhP7FLA--.55429S2; Sun, 18 Jun 2017 11:19:35 +0800 (CST) To: freebsd-drivers@freebsd.org From: Jia-Ju Bai Subject: [Bug 220094] [scsi] sys/cam/scsi/scsi_sa.c: a sleep-under-mutex bug in saioctl Message-ID: <8e0674f6-8df7-7650-4576-fad0b2f48d10@163.com> Date: Sun, 18 Jun 2017 11:19:35 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-CM-TRANSID: DcCowADX3EhH8UVZhP7FLA--.55429S2 X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjxUgPkuUUUUU X-Originating-IP: [166.111.70.13] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiGAf6elXlaIMAGgAAse X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 03:19:44 -0000 The driver may sleep under a mutex, and the function call path in file "sys/cam/scsi/scsi_sa.c" in FreeBSD 11.0 is: saioctl [line 1680: acquire the mutex] saextget [line 1683] malloc(M_WAITOK) [line 4444] --> may sleep The possible fix of this bug is to replace "M_WAITOK" in malloc with "M_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Thanks, Jia-Ju Bai From owner-freebsd-drivers@freebsd.org Sun Jun 18 04:02:51 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 69AA2D8830F for ; Sun, 18 Jun 2017 04:02:51 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by mx1.freebsd.org (Postfix) with ESMTP id C41018275F for ; Sun, 18 Jun 2017 04:02:50 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Message-ID:Date:MIME-Version; bh=9Quzx 0uz3Ye7cHcTklPopJO3xOKw9mX3mo0HdCkfaS0=; b=CgzZlImwgY+Y+EOsse0bf /arlGCu2ABtA6ixkpZG4c0TrRuA4vu+789xdxsdxTN/APTwzeeprZU3Xch1PvWdt pCU1/lETI7RedjOcZp310u2Qu57W2eolfc4TWWSDWW5gA8nW/yaqKRDkwJ7tAfeo obwAFtGb0EiFUvjt2jXOwg= Received: from [166.111.70.13] (unknown [166.111.70.13]) by smtp11 (Coremail) with SMTP id D8CowAB3LGnM90VZbO+kMQ--.19714S2; Sun, 18 Jun 2017 11:47:24 +0800 (CST) To: freebsd-drivers@freebsd.org From: Jia-Ju Bai Subject: [Bug 220096] [acpi] sys/dev/acpica/acpi_thermal.c: a sleep-under-mutex bug in acpi_tz_thread Message-ID: Date: Sun, 18 Jun 2017 11:47:24 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-CM-TRANSID: D8CowAB3LGnM90VZbO+kMQ--.19714S2 X-Coremail-Antispam: 1Uf129KBjvdXoWrWr18tryktw15Gw18WFyrXrb_yoWxXrX_WF 1kJryUJr4xZF1ftr9FyFWxZr93tr43Cr1UXrWfAF93ur1rKFWUuFn3uw15WrWxAr12krnx Cr9093y3WasFgjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IU5QF4tUUUUU== X-Originating-IP: [166.111.70.13] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiGA36elXlaINUgQAAsb X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 04:02:51 -0000 The driver may sleep under a mutex, and the code path in file "sys/dev/acpica/acpi_thermal.c" in FreeBSD 11.0 release is: acpi_tz_thread [line 992: acquire the mutex] acpi_tz_thread [line 993] acpi_tz_thread [line 1003] acpi_tz_thread [line 1004] (msleep is excuted) acpi_tz_thread [line 1008] acpi_tz_thread [line 970] acpi_tz_thread [line 971] acpi_tz_thread [line 975] malloc(M_WAITOK) [line 976] The possible fix of this bug is to replace "M_WAITOK" in malloc with "M_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Thanks, Jia-Ju Bai From owner-freebsd-drivers@freebsd.org Sun Jun 18 04:04:49 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E485D88367 for ; Sun, 18 Jun 2017 04:04:49 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from proxy90-5.mail.163.com (proxy90-5.mail.163.com [43.230.90.5]) by mx1.freebsd.org (Postfix) with ESMTP id 71F0F827A0 for ; Sun, 18 Jun 2017 04:04:48 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Message-ID:Date:MIME-Version; bh=4vjWx fpJjK67KK7+qEA+ahT9hp7BuTCVkG/ElktdjLs=; b=VqW9jcIjQN5gxOx2Ri1RU nFq6ccremDAdqt3R5LOjxe4WUBSIL0YUvIEq8+dPA4FaHjhHxqHGi6yIYWz2UyZy NPyE0qsvEGFJVh8rpUb9wWMbacRDWfLaRhxo2HFkUp7mr+1fDVyPTxsUbRahoKgy HuTyLZo3wNpfxsKQkvaL1c= Received: from [166.111.70.13] (unknown [166.111.70.13]) by smtp11 (Coremail) with SMTP id D8CowADX208++EVZMRClMQ--.749S2; Sun, 18 Jun 2017 11:49:18 +0800 (CST) To: freebsd-drivers@freebsd.org From: Jia-Ju Bai Subject: [Bug 220095] [scsi] sys/dev/dpt/dpt_scsi.c: a sleep-under-mutex bug in dpt_init Message-ID: Date: Sun, 18 Jun 2017 11:49:18 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-CM-TRANSID: D8CowADX208++EVZMRClMQ--.749S2 X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjxUgkhLUUUUU X-Originating-IP: [166.111.70.13] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiHh76elSIVp1jBQAAsx X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 04:04:49 -0000 The driver may sleep under a mutex, and the function call path in file "sys/dev/dpt/dpt_scsi.c" in FreeBSD 11.0 is: dpt_init [line 1246: acquire the mutex] dptallocsgmap [line 1282] bus_dmamap_load(BUS_DMA_WAITOK) [line 323] --> may sleep The possible fix of this bug is to set the last parameter in bus_dmamap_load to "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Thanks, Jia-Ju Bai From owner-freebsd-drivers@freebsd.org Sun Jun 18 05:31:29 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C943D89558; Sun, 18 Jun 2017 05:31:29 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-pg0-x231.google.com (mail-pg0-x231.google.com [IPv6:2607:f8b0:400e:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CB876840BD; Sun, 18 Jun 2017 05:31:28 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by mail-pg0-x231.google.com with SMTP id 132so2028439pgb.2; Sat, 17 Jun 2017 22:31:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=jpVbkf9+duGDRxNn0+O7dH8WBytsjUcZ8kcgHMyaOUQ=; b=EOrV6Ci7Rz9APjBashsYPaaoXTjMwvVq1uL1G33cvlB4x+sEnGJNcj5Zo/5xAWdiwi n9NjTaBLdbmvpWFULSxuA16szZnVXl7UO72SnQYoFGAowj5J8og0eL+Vkni4DegEKodv N9sTJ1J6/pTHkj3XEfXikRR308k10yuGsXWJF2+oN3CBX7cWI+esLvddc2YgodsMApny 4ro6vpjRqDQReoG05VNID2ARYSz9EmRmzFXzV2c6A8NO1W1ComwTLhFVdQg9GVubCWRp eAVmGxfPE7Bt80DOJ8aViEnpgVd5QYAtsEpP2ih4YBSDCyO7NGDAe5A4Piv5PYPJi4BG QNnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=jpVbkf9+duGDRxNn0+O7dH8WBytsjUcZ8kcgHMyaOUQ=; b=NQa5KLUuveZ39HiAEmiztEJXopCBxE8hBB0PAR9JbZZwyQVjTj8UWwePHUN1IC2YLX LV9WoYx7OgLOHQa7fPwZPk6NkWHXRVzXNs6VMio6xiwBHWqB4N9VuqQy03wRyR72NfGt jtIqgq7mo7FX4ml5Gwy1v02x42WTIrWvtipzkJWGZxx2wqN8vb2Wu+aTabQaPMY7DA41 KOHdH2dmOKJJajMpM/H1XmbBeiIY1hDwe58esi2BuRMRWw5enrleBtRCDOi2EzoS21o6 021wCVLgd32AtlKhMNIVMpHfaiye7n0jN+DjzhpJVnmeOtWbzFqm9nqnesNPY2/sTf02 bPdg== X-Gm-Message-State: AKS2vOy/+RaDb6ErWTTaImdZRLT0dyofw+i5u9p7sCX0xjbPh4wfZX4v ws1HaDJT221n2LBxcPgEQNRIhkgHYw== X-Received: by 10.84.225.130 with SMTP id u2mr22114218plj.255.1497763888419; Sat, 17 Jun 2017 22:31:28 -0700 (PDT) MIME-Version: 1.0 Sender: kob6558@gmail.com Received: by 10.100.140.202 with HTTP; Sat, 17 Jun 2017 22:31:27 -0700 (PDT) In-Reply-To: <7cc5abf5-f90c-c554-e54e-6f9534ef22ef@163.com> References: <7cc5abf5-f90c-c554-e54e-6f9534ef22ef@163.com> From: Kevin Oberman Date: Sat, 17 Jun 2017 22:31:27 -0700 X-Google-Sender-Auth: D0C4coGfhN1xdwQo4bPtvqfZEbA Message-ID: Subject: Re: [Bug 220032] [if_alc] sys/dev/alc/if_alc.c: sleep-under-mutex bugs To: Jia-Ju Bai Cc: freebsd-drivers@freebsd.org, "freebsd-net@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 05:31:29 -0000 On Fri, Jun 16, 2017 at 2:03 AM, Jia-Ju Bai wrote: > The alc driver may sleep under a mutex, and the function call paths in file > "sys/dev/alc/if_alc.c" in FreeBSD 11.0 is: > alc_resume [line 2648: acquire the mutex] > alc_init_locked [line 2664] > alc_init_rx_ring [line 3911] > alc_newbuf [line 4469] > bus_dmamap_load_mbuf_sg(BUS_DMA_WAITOK) [line 3472] --> may sleep > > alc_int_task [line 3330: acquire the mutex] > alc_start_locked [line 3372] > alc_encap [line 2942] > bus_dmamap_load_mbuf_sg(BUS_DMA_WAITOK) [line 2780] --> may sleep > > The possible fix of these bugs is to set the last parameter in > bus_dmamap_load_mbuf_sg to "BUS_DMA_NOWAIT". > > This bug is found by a static analysis tool written by myself, and it is > checked by my review of the FreeBSD code. > > By the way, I am a freshman in developing FreeBSD drivers, and I am > willing to > submit a patch. But I do not know how to write and submit a patch, and > where to > submit, so I am looking forward to useful advice :) > > Jia-Ju Bai > To submit a patch, use svn to download the source from a repository. Be sure the file in your source directory is the current, unmodified file. Edit the file or files as needed to correct the bug Generate the diff with the command "svn diff path-to-directory-containing-file(s) > diff-file.diff" Update the bug report attaching the patch (with a brief description) -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 From owner-freebsd-drivers@freebsd.org Sun Jun 18 07:47:54 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CBF0CD8B633; Sun, 18 Jun 2017 07:47:54 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-18.163.com (m12-18.163.com [220.181.12.18]) by mx1.freebsd.org (Postfix) with ESMTP id 22DAB34FD; Sun, 18 Jun 2017 07:47:53 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Subject:From:Message-ID:Date:MIME-Version; bh=Y9Xmg Sn220IM0qmoKQUrY5F8HBdtOf/WBvRB5w/ae2Y=; b=IJQKAyCwqIurQPoavP1k2 ymbikfZtJdm3Xexz5sMH20962+eM2MLPzeNxbN7dMSgDdI9PW6hPPZeZ6so3iKYE trJ76rZYb9Lka8SRqxo1K/1HgjnVRTbwH+OMWFAC2krJ6EmpT9XhFRxo4S15W6oS biuJsmcyU7FvX5XZWjNQlY= Received: from [166.111.70.13] (unknown [166.111.70.13]) by smtp14 (Coremail) with SMTP id EsCowAA3S7wiMEZZkndnNQ--.42905S2; Sun, 18 Jun 2017 15:47:46 +0800 (CST) Subject: Re: [Bug 220032] [if_alc] sys/dev/alc/if_alc.c: sleep-under-mutex bugs To: Kevin Oberman Cc: freebsd-drivers@freebsd.org, "freebsd-net@freebsd.org" References: <7cc5abf5-f90c-c554-e54e-6f9534ef22ef@163.com> From: Jia-Ju Bai Message-ID: Date: Sun, 18 Jun 2017 15:47:46 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-CM-TRANSID: EsCowAA3S7wiMEZZkndnNQ--.42905S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7WrWxKw47uw1DZF47Wr4DJwb_yoW8ur4rp3 yagas0yryDCrWfA3s7Ar1xAFyfX395GrZ8WF45WrZFqwn8Wry2gr1SgFWUZFyrur9xCFWI yrWUX395Zan0yaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07ja4E_UUUUU= X-Originating-IP: [166.111.70.13] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiGAL6elXlaIY1DQAAs8 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 07:47:54 -0000 Thanks a lot, your advice is very helpful :) I will submit a patch according to your advice, and update my bug report. By the way, I have found many similar possible bugs in network drivers in FreeBSD. And they are all caused by "BUS_DMA_WAITOK" in bus_dmamap_load and other dmamap-load related functions. If my reported bugs can be quickly confirmed, I will write and submit patches for them as soon as possible. I am looking forward to helpful comments and advice :) Thanks, Jia-Ju Bai On 2017/6/18 13:31, Kevin Oberman wrote: > On Fri, Jun 16, 2017 at 2:03 AM, Jia-Ju Bai > wrote: > > The alc driver may sleep under a mutex, and the function call > paths in file > "sys/dev/alc/if_alc.c" in FreeBSD 11.0 is: > alc_resume [line 2648: acquire the mutex] > alc_init_locked [line 2664] > alc_init_rx_ring [line 3911] > alc_newbuf [line 4469] > bus_dmamap_load_mbuf_sg(BUS_DMA_WAITOK) [line 3472] --> > may sleep > > alc_int_task [line 3330: acquire the mutex] > alc_start_locked [line 3372] > alc_encap [line 2942] > bus_dmamap_load_mbuf_sg(BUS_DMA_WAITOK) [line 2780] --> may > sleep > > The possible fix of these bugs is to set the last parameter in > bus_dmamap_load_mbuf_sg to "BUS_DMA_NOWAIT". > > This bug is found by a static analysis tool written by myself, and > it is > checked by my review of the FreeBSD code. > > By the way, I am a freshman in developing FreeBSD drivers, and I > am willing to > submit a patch. But I do not know how to write and submit a patch, > and where to > submit, so I am looking forward to useful advice :) > > Jia-Ju Bai > > > To submit a patch, use svn to download the source from a repository. > Be sure the file in your source directory is the current, unmodified file. > Edit the file or files as needed to correct the bug > Generate the diff with the command "svn diff > path-to-directory-containing-file(s) > diff-file.diff" > Update the bug report attaching the patch (with a brief description) > -- > Kevin Oberman, Part time kid herder and retired Network Engineer > E-mail: rkoberman@gmail.com > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 From owner-freebsd-drivers@freebsd.org Sun Jun 18 09:04:25 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB896D8C9C7; Sun, 18 Jun 2017 09:04:25 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by mx1.freebsd.org (Postfix) with ESMTP id 12B1A64FB8; Sun, 18 Jun 2017 09:04:24 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=qegnUfRz3U6eDlU+5X t9dFGsiZtZ9PmK2a2NCVwOHHs=; b=i0BxwWUSiYACzoW98ep8NMJfIxwxTKyazt 6LCYkB1AeaEma0TQZM6CGORneH/Mj2fIjnaQlY8mGsItCJwI+jUDMXTrSTpwNMWV sngd4R/sw7hKGXH4oqcxcUiMiamj5YoyvCnQL0Exh9EvWE/UuQ+N53mV8tfQoJmL UUPeTaq78= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp12 (Coremail) with SMTP id EMCowACXhEkSQkZZcCWbKQ--.61280S2; Sun, 18 Jun 2017 17:04:23 +0800 (CST) From: Jia-Ju Bai To: rkoberman@gmail.com, yongari@freebsd.org Cc: freebsd-drivers@freebsd.org, freebsd-net@freebsd.org, Jia-Ju Bai Subject: [Bug 220032][PATCH] if_alc: Fix possible sleep-under-mutex bugs Date: Sun, 18 Jun 2017 09:04:05 +0800 Message-Id: <20170618010405.40107-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: EMCowACXhEkSQkZZcCWbKQ--.61280S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7tFW7CrWDXFyrtF4rCw4rZrb_yoW8CF45pa y3WF15Ww13Aw48Aa40gF1093W8t3s3ZrWUGFW8CFZxJrn8Jr1rX3y8A3WrZrWY9rZ3CF1f JryDu3s8KFWUAFUanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRdhL5UUUUU= X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxf6elaDtdThWQAAs4 X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 09:04:26 -0000 The alc driver may sleep under a mutex, and the function call paths in file "sys/dev/alc/if_alc.c" are: alc_resume [acquire the mutex] alc_init_locked alc_init_rx_ring alc_newbuf bus_dmamap_load_mbuf_sg(BUS_DMA_WAITOK) --> may sleep alc_start [acquire the mutex] alc_start_locked alc_encap bus_dmamap_load_mbuf_sg(BUS_DMA_WAITOK) --> may sleep The possible fix of these bugs is to set the last parameter in bus_dmamap_load_mbuf_sg to "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/alc/if_alc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/dev/alc/if_alc.c b/sys/dev/alc/if_alc.c index ca7ae9d17b5..cb0f15e223b 100644 --- a/sys/dev/alc/if_alc.c +++ b/sys/dev/alc/if_alc.c @@ -2795,7 +2795,7 @@ alc_encap(struct alc_softc *sc, struct mbuf **m_head) map = txd->tx_dmamap; error = bus_dmamap_load_mbuf_sg(sc->alc_cdata.alc_tx_tag, map, - *m_head, txsegs, &nsegs, 0); + *m_head, txsegs, &nsegs, BUS_DMA_NOWAIT); if (error == EFBIG) { m = m_collapse(*m_head, M_NOWAIT, ALC_MAXTXSEGS); if (m == NULL) { @@ -2805,7 +2805,7 @@ alc_encap(struct alc_softc *sc, struct mbuf **m_head) } *m_head = m; error = bus_dmamap_load_mbuf_sg(sc->alc_cdata.alc_tx_tag, map, - *m_head, txsegs, &nsegs, 0); + *m_head, txsegs, &nsegs, BUS_DMA_NOWAIT); if (error != 0) { m_freem(*m_head); *m_head = NULL; @@ -3487,7 +3487,7 @@ alc_newbuf(struct alc_softc *sc, struct alc_rxdesc *rxd) #endif if (bus_dmamap_load_mbuf_sg(sc->alc_cdata.alc_rx_tag, - sc->alc_cdata.alc_rx_sparemap, m, segs, &nsegs, 0) != 0) { + sc->alc_cdata.alc_rx_sparemap, m, segs, &nsegs, BUS_DMA_NOWAIT) != 0) { m_freem(m); return (ENOBUFS); } -- 2.13.0 From owner-freebsd-drivers@freebsd.org Sun Jun 18 09:20:38 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0B4F7D8CDE4; Sun, 18 Jun 2017 09:20:38 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-14.163.com (m12-14.163.com [220.181.12.14]) by mx1.freebsd.org (Postfix) with ESMTP id 76F9C653E6; Sun, 18 Jun 2017 09:20:35 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=JpzRAPgRPVN/zFZn9c 5pVbrnzwwOQjEIhH14W7vwEAI=; b=I4b/qGKuCKGEGKy5IrNNRy+2lItGlBgnbZ oGjSVppCDn0uBEdu3WSyU3z7QTEMizMQHSszBLFRy6rtOEyGpbFbk1CpT9R8xNXn mnF4fUSOvMfckBqrRezChTln/Qtlm3XFjQMfPj2JRgZTsoaCGkmD/M/iJGd9fQqc ezLZumQqw= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp10 (Coremail) with SMTP id DsCowACHj1vYRUZZPiWOMQ--.59360S2; Sun, 18 Jun 2017 17:20:27 +0800 (CST) From: Jia-Ju Bai To: erj@freebsd.org, sbruno@FreeBSD.org Cc: freebsd-drivers@freebsd.org, freebsd-net@freebsd.org, Jia-Ju Bai Subject: [BUG 220033][PATCH] if_ixgb: Fix a possible sleep-under-mutex bug in ixge_get_buf Date: Sun, 18 Jun 2017 17:20:23 +0800 Message-Id: <20170618092023.40369-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DsCowACHj1vYRUZZPiWOMQ--.59360S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7GF48Kr47KFy7JF13Cr4UJwb_yoWDKFc_ua 4Iya48AwsxKrykKw4fCr4ruryIq3y3ur18ur4ft3ZxAFW7XF95Kr93JrWfXryxW3yIkrWx XrnYqrZakF1xZjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUjdHUPUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxz6elaDtdUXBwAAsa X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 09:20:38 -0000 The ixgb driver may sleep under a mutex, and the function call path is: ixgb_init [acquire the mutex] ixgb_init_locked ixgb_setup_receive_structures ixgb_allocate_receive_structures ixgb_get_buf bus_dmamap_load(BUS_DMA_WAITOK) --> may sleep The possible fix of these bugs is to set the last parameter in bus_dmamap_load to "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/ixgb/if_ixgb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/ixgb/if_ixgb.c b/sys/dev/ixgb/if_ixgb.c index 430c13c72d1..e6d02dd172e 100644 --- a/sys/dev/ixgb/if_ixgb.c +++ b/sys/dev/ixgb/if_ixgb.c @@ -1811,7 +1811,7 @@ ixgb_get_buf(int i, struct adapter * adapter, */ error = bus_dmamap_load(adapter->rxtag, rx_buffer->map, mtod(mp, void *), mp->m_len, - ixgb_dmamap_cb, &paddr, 0); + ixgb_dmamap_cb, &paddr, BUS_DMA_NOWAIT); if (error) { m_free(mp); return (error); -- 2.13.0 From owner-freebsd-drivers@freebsd.org Sun Jun 18 09:37:32 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F91AD8D165; Sun, 18 Jun 2017 09:37:32 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-12.163.com (m12-12.163.com [220.181.12.12]) by mx1.freebsd.org (Postfix) with ESMTP id 56D8D65B78; Sun, 18 Jun 2017 09:37:30 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=fknIQq1ayyu391lElL PIhlsvvS60FUnVNZuVw2T5lzk=; b=BUe9nejL98ia7565+T158cD7tpIXgza3kI bTJELYPhGPVcbeCx5LZRXHNVBQtD/IkuoQn8vDNQ2PiKSA7L/vQdsdTJlSWaIEwr TYCfoxAmv51YgJ2ybjs/++Hgw1zQTsLM/XR2zFwP8WYmTfW0FurI9QV0TPi0Iwgd 6SUHhTue0= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp8 (Coremail) with SMTP id DMCowAB3oqbPSUZZjNv3Cw--.35153S2; Sun, 18 Jun 2017 17:37:24 +0800 (CST) From: Jia-Ju Bai To: Cc: freebsd-drivers@freebsd.org, freebsd-scsi@freebsd.org, Jia-Ju Bai Subject: [Bug 220094][PATCH] scsi_sa: Fix a possible sleep-under-mutex bug in saioctl Date: Sun, 18 Jun 2017 17:37:15 +0800 Message-Id: <20170618093715.40555-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DMCowAB3oqbPSUZZjNv3Cw--.35153S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7GF45Xw4rJr43Kw18KF4kZwb_yoWDArc_WF yv9r1DtrWUKr4xtFn3AFWfuF9Fgw4rWrnYyF1YyFWfZryDXFnYka4xWrn3ZrWfX34j9345 G3s8try5Ar17AjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUUAwIPUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxT6elaDtdVKGwAAsT X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 09:37:32 -0000 The driver may sleep under a mutex, and the function call path is: saioctl [acquire the mutex] saextget malloc(M_WAITOK) --> may sleep The possible fix of this bug is to replace "M_WAITOK" in malloc with "M_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/cam/scsi/scsi_sa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/cam/scsi/scsi_sa.c b/sys/cam/scsi/scsi_sa.c index 8a8451c3bce..b884bd3d65f 100644 --- a/sys/cam/scsi/scsi_sa.c +++ b/sys/cam/scsi/scsi_sa.c @@ -4465,7 +4465,7 @@ saextget(struct cdev *dev, struct cam_periph *periph, struct sbuf *sb, if (cgd.serial_num_len > sizeof(tmpstr)) { ts2_len = cgd.serial_num_len + 1; ts2_malloc = 1; - tmpstr2 = malloc(ts2_len, M_SCSISA, M_WAITOK | M_ZERO); + tmpstr2 = malloc(ts2_len, M_SCSISA, M_NOWAIT | M_ZERO); } else { ts2_len = sizeof(tmpstr); ts2_malloc = 0; -- 2.13.0 From owner-freebsd-drivers@freebsd.org Sun Jun 18 09:46:09 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8170FD8D5AD; Sun, 18 Jun 2017 09:46:09 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by mx1.freebsd.org (Postfix) with ESMTP id B82A566158; Sun, 18 Jun 2017 09:46:08 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=xUZUkp6Ul2hnrkXRW2 3Z7WBtITssvPDJ5IYBRM7sJCA=; b=BiWw2RZoulI/pK4lGH6FCvGnYDUwzh4OQD vCY8iPuwn/59wINNhV9b4btpCWjZW6LxvL9TiDrz/H+sUUOqVEUViXUGwUUWc1CZ a04xvg0LMwdScTp8pTe94wrE4FT2qmBxlLbZhAGevZV+itvxDYh8SonRd6ZF+VYz bLmZ1FMS4= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp12 (Coremail) with SMTP id EMCowAA38i7bS0ZZ6n6dKQ--.6754S2; Sun, 18 Jun 2017 17:46:07 +0800 (CST) From: Jia-Ju Bai To: Cc: freebsd-drivers@freebsd.org, freebsd-scsi@freebsd.org, Jia-Ju Bai Subject: [Bug 220095][PATCH] dpt_scsi: Fix a possible sleep-under-mutex bug in dpt_init Date: Sun, 18 Jun 2017 17:46:01 +0800 Message-Id: <20170618094601.40636-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: EMCowAA38i7bS0ZZ6n6dKQ--.6754S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7GF45WF1UXr1xKFW8JryUtrb_yoWDXrcE93 WqyryrAw1Ik348Kr4fAF4fZr129ay5XrW8uw1rXrsxJF1UXw1rK343uryfZrZxWw4IkFyx WF90qrW5Gw12vjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUUpBT7UUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/xtbBRR-6elO-7qMI2gAAsp X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 09:46:09 -0000 The driver may sleep under a mutex, and the function call path is: dpt_init [acquire the mutex] dptallocsgmap bus_dmamap_load(BUS_DMA_WAITOK) --> may sleep The possible fix of this bug is to set the last parameter in bus_dmamap_load to "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/dpt/dpt_scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/dpt/dpt_scsi.c b/sys/dev/dpt/dpt_scsi.c index 541b58665cf..f39ebfba2a7 100644 --- a/sys/dev/dpt/dpt_scsi.c +++ b/sys/dev/dpt/dpt_scsi.c @@ -300,7 +300,7 @@ dptallocsgmap(struct dpt_softc *dpt) (void)bus_dmamap_load(dpt->sg_dmat, sg_map->sg_dmamap, sg_map->sg_vaddr, PAGE_SIZE, dptmapmem, &sg_map->sg_physaddr, - /*flags*/0); + /*flags*/BUS_DMA_NOWAIT); SLIST_INSERT_HEAD(&dpt->sg_maps, sg_map, links); -- 2.13.0 From owner-freebsd-drivers@freebsd.org Sun Jun 18 10:09:00 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 63E78D8DB80; Sun, 18 Jun 2017 10:09:00 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from mproxygzt1.163.com (mproxygzt1.163.com [113.108.225.5]) by mx1.freebsd.org (Postfix) with ESMTP id 0CE1D66844; Sun, 18 Jun 2017 10:08:28 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=nOOaVzsH9ndUjZyeP8 ZGXJLEhu5QfMlzuRl5r1fHHbk=; b=GUqMq1RsJ9xfK+z2tCSyE61B7amZ49CKj3 035k0zVCOa1L+CCaE4lryQfQS3FIVEtUQ214jOQsIbhQwCQhz62vCI1lsIFbIGEs 9HxBR34WzRSHBtFblY6seukwnMU17KbMH0QbZOeypKg5x4RnFI4zoZ4ac0+j08JM i/2/1aZuw= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp13 (Coremail) with SMTP id EcCowADn_CxwTUZZ5pDELQ--.65496S2; Sun, 18 Jun 2017 17:52:52 +0800 (CST) From: Jia-Ju Bai To: Cc: freebsd-drivers@freebsd.org, freebsd-acpi@freebsd.org, Jia-Ju Bai Subject: [Bug 220096][PATCH] acpi_thermal: Fix a possible sleep-under-mutex bug in acpi_tz_thread Date: Sun, 18 Jun 2017 17:52:45 +0800 Message-Id: <20170618095245.40693-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: EcCowADn_CxwTUZZ5pDELQ--.65496S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7JF17Kr4Utr1DKFykCF4rKrg_yoWkKFc_ZF 1kAryUWF4UZF1ftr1IyFWxZr9aqwsIgr1UZrWrJF97u34rKFWUuFs7Wr1fWrWxZrnFkrW3 ur9093y3Ww1a9jkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUUpBT7UUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiTRT6elc69sCy5wAAsX X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 10:09:00 -0000 The driver may sleep under a mutex, and the code path is: acpi_tz_thread [line 992: acquire the mutex] acpi_tz_thread [line 993] acpi_tz_thread [line 1003] acpi_tz_thread [line 1004] (msleep is excuted) acpi_tz_thread [line 1008] acpi_tz_thread [line 970] acpi_tz_thread [line 971] acpi_tz_thread [line 975] malloc(M_WAITOK) [line 976] The possible fix of this bug is to replace "M_WAITOK" in malloc with "M_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/acpica/acpi_thermal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/acpica/acpi_thermal.c b/sys/dev/acpica/acpi_thermal.c index b2b2a13aa88..fb9f44b5711 100644 --- a/sys/dev/acpica/acpi_thermal.c +++ b/sys/dev/acpica/acpi_thermal.c @@ -974,7 +974,7 @@ acpi_tz_thread(void *arg) } devclass_get_devices(acpi_tz_devclass, &devs, &devcount); sc = malloc(sizeof(struct acpi_tz_softc *) * devcount, M_TEMP, - M_WAITOK | M_ZERO); + M_NOWAIT | M_ZERO); for (i = 0; i < devcount; i++) sc[i] = device_get_softc(devs[i]); } -- 2.13.0 From owner-freebsd-drivers@freebsd.org Sun Jun 18 10:11:10 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 96D89D8DC48 for ; Sun, 18 Jun 2017 10:11:10 +0000 (UTC) (envelope-from njm@njm.me.uk) Received: from smtp002.apm-internet.net (smtp002.apm-internet.net [85.119.248.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F2E65669EE for ; Sun, 18 Jun 2017 10:11:09 +0000 (UTC) (envelope-from njm@njm.me.uk) Received: (qmail 80154 invoked from network); 18 Jun 2017 10:04:26 -0000 X-APM-Authkey: 18389/1 2 Received: from unknown (HELO meld.njm.me.uk) (90.194.167.105) by smtp002.apm-internet.net with SMTP; 18 Jun 2017 10:04:26 -0000 Received: from triton.njm.me.uk (triton.njm.me.uk [192.168.144.133]) by meld.njm.me.uk (8.15.2/8.15.2) with ESMTP id v5IA4P3c002078; Sun, 18 Jun 2017 11:04:26 +0100 (BST) (envelope-from njm@njm.me.uk) Received: from localhost (localhost [127.0.0.1]) by triton.njm.me.uk (8.15.2/8.15.2) with ESMTP id v5IA4P6b072619; Sun, 18 Jun 2017 11:04:25 +0100 (BST) (envelope-from njm@njm.me.uk) Date: Sun, 18 Jun 2017 11:04:25 +0100 From: "N.J. Mann" To: Jia-Ju Bai cc: freebsd-drivers@freebsd.org Subject: Re: [Bug 220095][PATCH] dpt_scsi: Fix a possible sleep-under-mutex bug in dpt_init Message-ID: <7D8CD40C6A8CDF922B1E15A8@triton.njm.me.uk> In-Reply-To: <20170618094601.40636-1-baijiaju1990@163.com> References: <20170618094601.40636-1-baijiaju1990@163.com> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 10:11:10 -0000 Hi, On Sunday, June 18, 2017 17:46:01 +0800 Jia-Ju Bai wrote: > The driver may sleep under a mutex, and the function call path is: > dpt_init [acquire the mutex] > dptallocsgmap > bus_dmamap_load(BUS_DMA_WAITOK) --> may sleep > > The possible fix of this bug is to set the last parameter in > bus_dmamap_load to "BUS_DMA_NOWAIT". Have you read the manual page for bus_dmamap_load() ? bus_dmamap_load(dmat, map, buf, buflen, *callback, callback_arg, flags) Creates a mapping in device visible address space of buflen bytes of buf, associated with the DMA map map. This call will always return immediately and will not block for any reason. I am not saying that your change should not be made, just that your analysis may be wrong. Cheers, Nick. -- From owner-freebsd-drivers@freebsd.org Sun Jun 18 11:33:57 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81CE6D8EBFF for ; Sun, 18 Jun 2017 11:33:57 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-12.163.com (m12-12.163.com [220.181.12.12]) by mx1.freebsd.org (Postfix) with ESMTP id EFC2368540 for ; Sun, 18 Jun 2017 11:33:56 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Subject:From:Message-ID:Date:MIME-Version; bh=yVKbV X0kyBx/B5r9c/JI9fP5MxYEKdZ/T66dNLzcNOQ=; b=Au3SWWjdh4AFifyLgmcGU 8E1ycDCXVz51uGVDdGufozrec9eominATeoZxHw9kgtM4gc3n6IWwDK4wPsfJAI/ fhbj92prq40f19TLFqkk/7ZnePe87R66dlGucnD/h3KvJ7NEqc1ByCsIovcItyUY dXiQ/7TCG3mOyw/FvRTwJI= Received: from [166.111.70.13] (unknown [166.111.70.13]) by smtp8 (Coremail) with SMTP id DMCowABXgqYjZUZZemcDDA--.35453S2; Sun, 18 Jun 2017 19:33:55 +0800 (CST) Subject: Re: [Bug 220095][PATCH] dpt_scsi: Fix a possible sleep-under-mutex bug in dpt_init To: "N.J. Mann" Cc: freebsd-drivers@freebsd.org References: <20170618094601.40636-1-baijiaju1990@163.com> <7D8CD40C6A8CDF922B1E15A8@triton.njm.me.uk> From: Jia-Ju Bai Message-ID: <2481c6e4-d748-8b6b-3ebe-cdcf256f78ef@163.com> Date: Sun, 18 Jun 2017 19:33:56 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <7D8CD40C6A8CDF922B1E15A8@triton.njm.me.uk> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-CM-TRANSID: DMCowABXgqYjZUZZemcDDA--.35453S2 X-Coremail-Antispam: 1Uf129KBjvdXoWruw4fKr43GF1xXFWkWF1kuFg_yoWfKFXE9r n8Zr92yFnFkry7KF1akr4Fkr17KFWkAry8GrykWa9xZr1rua4FgFyFkF1fXFyfX3WI9rWa gr1YvFyrCr1jvjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUntGYJUUUUU== X-Originating-IP: [166.111.70.13] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiThX6elUCydI5UAABs- X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 11:33:57 -0000 Hi, Thanks for reply. I think you are right after I read the manual page. I am sorry for my wrong report. Thanks, Jia-Ju Bai On 2017/6/18 18:04, N.J. Mann wrote: > Hi, > > > On Sunday, June 18, 2017 17:46:01 +0800 Jia-Ju Bai wrote: >> The driver may sleep under a mutex, and the function call path is: >> dpt_init [acquire the mutex] >> dptallocsgmap >> bus_dmamap_load(BUS_DMA_WAITOK) --> may sleep >> >> The possible fix of this bug is to set the last parameter in >> bus_dmamap_load to "BUS_DMA_NOWAIT". > Have you read the manual page for bus_dmamap_load() ? > > bus_dmamap_load(dmat, map, buf, buflen, *callback, callback_arg, flags) > Creates a mapping in device visible address space of buflen bytes > of buf, associated with the DMA map map. This call will always > return immediately and will not block for any reason. > > I am not saying that your change should not be made, just that your analysis > may be wrong. > > > Cheers, > Nick. From owner-freebsd-drivers@freebsd.org Sun Jun 18 11:41:21 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CA7E1D8EE3A; Sun, 18 Jun 2017 11:41:21 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-12.163.com (m12-12.163.com [220.181.12.12]) by mx1.freebsd.org (Postfix) with ESMTP id E8DC5688A8; Sun, 18 Jun 2017 11:41:20 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Subject:From:Message-ID:Date:MIME-Version; bh=DZ803 I9acetEcBgiGE6FV3e2e2nRNm5qaB6FMNtp54c=; b=Wq9DDOHkn4T5qxQsY63ws ToC8b/8XUGS1RC1xx1txEvnDlPX0rpm4+gZc1diJTw8N4LSEhMsiQXTpmHgE4MRF 2hX2c+XplNObSMz0sJ/o/I3Vu4/gt//xHb1ur7VUuIY/scLjCfSygwm1oTlWl+rx BTnzZlfAaRXhl9F1Rdnp7A= Received: from [166.111.70.13] (unknown [166.111.70.13]) by smtp8 (Coremail) with SMTP id DMCowABXg6ffZkZZQUQEDA--.35208S2; Sun, 18 Jun 2017 19:41:19 +0800 (CST) Subject: Re: [Bug 220032][PATCH] if_alc: Fix possible sleep-under-mutex bugs To: rkoberman@gmail.com, yongari@freebsd.org Cc: freebsd-drivers@freebsd.org, freebsd-net@freebsd.org References: <20170618010405.40107-1-baijiaju1990@163.com> From: Jia-Ju Bai Message-ID: <069fa517-2774-c19b-f2c5-a3b81df1a812@163.com> Date: Sun, 18 Jun 2017 19:41:20 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <20170618010405.40107-1-baijiaju1990@163.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-CM-TRANSID: DMCowABXg6ffZkZZQUQEDA--.35208S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7ZrW7XF43ArWDAr18ZF48Xrb_yoW8uw43pa y7WFy5uryYyw40va48KF40g3W8t34rZry5GrW8Cr93Grn8Gr1rW3yUAa1fZF4a9rZ7CFyf Xry5u3s8KrWUAFDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jQ0edUUUUU= X-Originating-IP: [166.111.70.13] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiTQD6elc69sIE9QAAsl X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 11:41:21 -0000 Hi, I have read the manual page of bus_dmamap_load_mbuf_sg. This call will always return immediately and will not block for any reason. Sorry for my wrong report, please ignore it. Thanks, Jia-Ju Bai On 2017/6/18 9:04, Jia-Ju Bai wrote: > The alc driver may sleep under a mutex, and the function call paths in file > "sys/dev/alc/if_alc.c" are: > alc_resume [acquire the mutex] > alc_init_locked > alc_init_rx_ring > alc_newbuf > bus_dmamap_load_mbuf_sg(BUS_DMA_WAITOK) --> may sleep > alc_start [acquire the mutex] > alc_start_locked > alc_encap > bus_dmamap_load_mbuf_sg(BUS_DMA_WAITOK) --> may sleep > > The possible fix of these bugs is to set the last parameter in > bus_dmamap_load_mbuf_sg to "BUS_DMA_NOWAIT". > > This bug is found by a static analysis tool written by myself, and it is > checked by my review of the FreeBSD code. > > Signed-off-by: Jia-Ju Bai > --- > sys/dev/alc/if_alc.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/sys/dev/alc/if_alc.c b/sys/dev/alc/if_alc.c > index ca7ae9d17b5..cb0f15e223b 100644 > --- a/sys/dev/alc/if_alc.c > +++ b/sys/dev/alc/if_alc.c > @@ -2795,7 +2795,7 @@ alc_encap(struct alc_softc *sc, struct mbuf **m_head) > map = txd->tx_dmamap; > > error = bus_dmamap_load_mbuf_sg(sc->alc_cdata.alc_tx_tag, map, > - *m_head, txsegs, &nsegs, 0); > + *m_head, txsegs, &nsegs, BUS_DMA_NOWAIT); > if (error == EFBIG) { > m = m_collapse(*m_head, M_NOWAIT, ALC_MAXTXSEGS); > if (m == NULL) { > @@ -2805,7 +2805,7 @@ alc_encap(struct alc_softc *sc, struct mbuf **m_head) > } > *m_head = m; > error = bus_dmamap_load_mbuf_sg(sc->alc_cdata.alc_tx_tag, map, > - *m_head, txsegs, &nsegs, 0); > + *m_head, txsegs, &nsegs, BUS_DMA_NOWAIT); > if (error != 0) { > m_freem(*m_head); > *m_head = NULL; > @@ -3487,7 +3487,7 @@ alc_newbuf(struct alc_softc *sc, struct alc_rxdesc *rxd) > #endif > > if (bus_dmamap_load_mbuf_sg(sc->alc_cdata.alc_rx_tag, > - sc->alc_cdata.alc_rx_sparemap, m, segs, &nsegs, 0) != 0) { > + sc->alc_cdata.alc_rx_sparemap, m, segs, &nsegs, BUS_DMA_NOWAIT) != 0) { > m_freem(m); > return (ENOBUFS); > } From owner-freebsd-drivers@freebsd.org Sun Jun 18 11:42:41 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4DA1BD8F020; Sun, 18 Jun 2017 11:42:41 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-12.163.com (m12-12.163.com [220.181.12.12]) by mx1.freebsd.org (Postfix) with ESMTP id A836E68A67; Sun, 18 Jun 2017 11:42:40 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Subject:From:Message-ID:Date:MIME-Version; bh=dTwY6 94F92qcjd4snrOZPQKu+7AwZaDvu+ivpZQ0/Vk=; b=k+VrEsmSRp/hkPBssP2O1 unzivYflR89zywrEdxXLGdgDjA6Q5uWzdzbeIhQ3dkAVyUN7Ff15pg5lhNkp6Xma uzjOF7EyHioVfyRAtdramzmSbl3lucl2xPsKTsdouxhsuSu2gZxXmiEcJBGdsCNw fkxBINv5o5md3RTNcjpSRU= Received: from [166.111.70.13] (unknown [166.111.70.13]) by smtp8 (Coremail) with SMTP id DMCowADHXp8vZ0ZZD2MEDA--.24469S2; Sun, 18 Jun 2017 19:42:39 +0800 (CST) Subject: Re: [Bug 220032] [if_alc] sys/dev/alc/if_alc.c: sleep-under-mutex bugs From: Jia-Ju Bai To: Kevin Oberman Cc: freebsd-drivers@freebsd.org, "freebsd-net@freebsd.org" References: <7cc5abf5-f90c-c554-e54e-6f9534ef22ef@163.com> Message-ID: <00aa0c88-70b6-cb34-461e-34e25029f481@163.com> Date: Sun, 18 Jun 2017 19:42:39 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-CM-TRANSID: DMCowADHXp8vZ0ZZD2MEDA--.24469S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7ur17ZryxGF15Kr4UArWxtFb_yoW8KF18p3 yagas0yryDArWfA3s7Ar4xuFyfX395GrZ8GF45urZFqw15Wr12gr1SgFWUZFyrur9xCFWI vFWUX3ykZFs0yaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jrWrZUUUUU= X-Originating-IP: [166.111.70.13] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiHg-6elSIVqMxCQAAsA Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 11:42:41 -0000 Hi, I have read the manual page ofbus_dmamap_load and other dmamap-load related functions. These calls will always return immediately and will not block for any reason. Sorry for my wrong report, please ignore it. Thanks, Jia-Ju Bai On 2017/6/18 15:47, Jia-Ju Bai wrote: > Thanks a lot, your advice is very helpful :) > I will submit a patch according to your advice, and update my bug report. > > By the way, I have found many similar possible bugs in network drivers > in FreeBSD. > And they are all caused by "BUS_DMA_WAITOK" in bus_dmamap_load and > other dmamap-load related functions. > If my reported bugs can be quickly confirmed, I will write and submit > patches for them as soon as possible. > I am looking forward to helpful comments and advice :) > > Thanks, > Jia-Ju Bai > > On 2017/6/18 13:31, Kevin Oberman wrote: >> On Fri, Jun 16, 2017 at 2:03 AM, Jia-Ju Bai > > wrote: >> >> The alc driver may sleep under a mutex, and the function call >> paths in file >> "sys/dev/alc/if_alc.c" in FreeBSD 11.0 is: >> alc_resume [line 2648: acquire the mutex] >> alc_init_locked [line 2664] >> alc_init_rx_ring [line 3911] >> alc_newbuf [line 4469] >> bus_dmamap_load_mbuf_sg(BUS_DMA_WAITOK) [line 3472] --> >> may sleep >> >> alc_int_task [line 3330: acquire the mutex] >> alc_start_locked [line 3372] >> alc_encap [line 2942] >> bus_dmamap_load_mbuf_sg(BUS_DMA_WAITOK) [line 2780] --> may >> sleep >> >> The possible fix of these bugs is to set the last parameter in >> bus_dmamap_load_mbuf_sg to "BUS_DMA_NOWAIT". >> >> This bug is found by a static analysis tool written by myself, >> and it is >> checked by my review of the FreeBSD code. >> >> By the way, I am a freshman in developing FreeBSD drivers, and I >> am willing to >> submit a patch. But I do not know how to write and submit a >> patch, and where to >> submit, so I am looking forward to useful advice :) >> >> Jia-Ju Bai >> >> >> To submit a patch, use svn to download the source from a repository. >> Be sure the file in your source directory is the current, unmodified >> file. >> Edit the file or files as needed to correct the bug >> Generate the diff with the command "svn diff >> path-to-directory-containing-file(s) > diff-file.diff" >> Update the bug report attaching the patch (with a brief description) >> -- >> Kevin Oberman, Part time kid herder and retired Network Engineer >> E-mail: rkoberman@gmail.com >> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 > From owner-freebsd-drivers@freebsd.org Sun Jun 18 14:32:09 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50425D87472; Sun, 18 Jun 2017 14:32:09 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-12.163.com (m12-12.163.com [220.181.12.12]) by mx1.freebsd.org (Postfix) with ESMTP id 79DB8717F0; Sun, 18 Jun 2017 14:32:07 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=CwzX6pUT/mutSiLy41 ILJL10WobSpTJRuyo3QsYhIL8=; b=XDBAQnRIgujLS5TuLrDsF49FAzcXnvUe2E 8cONTXC5aN/PVUG0Yyl65mbhNrEuHJ+WhuLl19rG73c3VtzzZmuUJVIh+ntMhBPR +UfC74HS4BqHqYYTpyN+Orc5MNOjgVoAXYh47yckWOf4MTwUk0ZGR0073m3mAaq7 q5+8jONeA= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp8 (Coremail) with SMTP id DMCowAC35KjhjkZZBGETDA--.35674S2; Sun, 18 Jun 2017 22:32:05 +0800 (CST) From: Jia-Ju Bai To: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org Cc: Jia-Ju Bai Subject: [PATCH] aacraid: Fix a possible sleep-under-mutex bug in aac_alloc_commands Date: Sun, 18 Jun 2017 22:31:59 +0800 Message-Id: <20170618143159.41761-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DMCowAC35KjhjkZZBGETDA--.35674S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7Jr17Zr1kXrW3KF4xAw43KFg_yoWkXrcEkF 95AryrJr1jkF42kws7CFWYvr9rt34rXryrur4fXa13try7JFyfKwsFvF1fXrW3X3WIvFW3 X34aqr4vk3ZrZjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUUHmh7UUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiHgX6elSIVqVKuAAAsG X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 14:32:09 -0000 The driver may sleep under a mutex, and the code path is: aac_alloc_commands [line 1223: acquire the mutex] aac_alloc_commands [line 1227] bus_dmamap_create(BUS_DMA_WAITOK) [line 1250] --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/aacraid/aacraid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/aacraid/aacraid.c b/sys/dev/aacraid/aacraid.c index 42a16c42039..b0a987f5903 100644 --- a/sys/dev/aacraid/aacraid.c +++ b/sys/dev/aacraid/aacraid.c @@ -1247,7 +1247,7 @@ aac_alloc_commands(struct aac_softc *sc) } cm->cm_index = sc->total_fibs; - if ((error = bus_dmamap_create(sc->aac_buffer_dmat, 0, + if ((error = bus_dmamap_create(sc->aac_buffer_dmat, BUS_DMA_NOWAIT, &cm->cm_datamap)) != 0) break; if (sc->aac_max_fibs <= 1 || sc->aac_max_fibs - sc->total_fibs > 1) -- 2.13.0 From owner-freebsd-drivers@freebsd.org Sun Jun 18 14:45:49 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98B82D87AD0; Sun, 18 Jun 2017 14:45:49 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-11.163.com (m12-11.163.com [220.181.12.11]) by mx1.freebsd.org (Postfix) with ESMTP id 7DDBD71DA4; Sun, 18 Jun 2017 14:45:48 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=w0XWpKvZQLsYj92hqm ef8ydJD6ACDvEbIOjqQwQX0tE=; b=DzHZ5F5wsFWUyvcztcDPn/QPoqLcYFojlL imDcGCAFdw7NhIMBvOXX/BFcrEcdUDW6Krn9vUGQXlg8jEGV/c1zq6QROJAL6xCE gSqqqnXYtGplknUToh2CWmcS83TxvnDYZw8p6hux51j4hbJVshHt0cnp5IKqbrLT ob4NT3CX4= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp7 (Coremail) with SMTP id C8CowADH1xMQkkZZLmM+MA--.8304S2; Sun, 18 Jun 2017 22:45:40 +0800 (CST) From: Jia-Ju Bai To: njm@njm.me.uk, freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-scsi@freebsd.org Cc: Jia-Ju Bai Subject: [PATCH] dpt_scsi: Fix a possible sleep-under-mutex bug in dpt_init (different from Bug 220095) Date: Sun, 18 Jun 2017 22:45:35 +0800 Message-Id: <20170618144535.41858-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: C8CowADH1xMQkkZZLmM+MA--.8304S2 X-Coremail-Antispam: 1Uf129KBjvdXoWruFy3Ww1rKrW7CFyrAw18Zrb_yoWfKrXE93 ZYyFn5Jr1rKw1xCrs7Ar4rCry7K3yrWr48Zr1rX3W7Aw1Ivr1FgF9a9r1fXrZ0gw1I9FWr WFyDXrW5Cw12vjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUbaL9UUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxT6elaDtdkNTgAAsN X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 14:45:49 -0000 The driver may sleep under a mutex, and the code path is: dpt_init [line 1134: acquire the mutex] bus_dma_tag_create(BUS_DMA_WAITOK) [line 1143] --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dma_tag_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/dpt/dpt_scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/dpt/dpt_scsi.c b/sys/dev/dpt/dpt_scsi.c index 541b58665cf..d69a443067a 100644 --- a/sys/dev/dpt/dpt_scsi.c +++ b/sys/dev/dpt/dpt_scsi.c @@ -1150,7 +1150,7 @@ dpt_init(struct dpt_softc *dpt) /* maxsize */ PAGE_SIZE, /* nsegments */ 1, /* maxsegsz */ BUS_SPACE_MAXSIZE_32BIT, - /* flags */ 0, + /* flags */ BUS_DMA_NOWAIT, /* lockfunc */ NULL, /* lockarg */ NULL, &dpt->sg_dmat) != 0) { -- 2.13.0 From owner-freebsd-drivers@freebsd.org Sun Jun 18 15:13:36 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D3FDDD881D8; Sun, 18 Jun 2017 15:13:36 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-13.163.com (m12-13.163.com [220.181.12.13]) by mx1.freebsd.org (Postfix) with ESMTP id 91A35728FE; Sun, 18 Jun 2017 15:13:35 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=34aDayTWt169unhpFx 3SaIJw0tUOMQyj0ngcjXEPvqY=; b=DQ8M2zG2g4Fl9ZOCPfh8SUw0H44MvCfHGH GE9vcYDL5M+f4daKBn+wKwXxHf9oLHGyrstc0aNdn3DRDUQHmSSDImRcZ6GMmyvK 3ajKK6+7XzQnvu3Idp+dXgdJs4GMeQlNIccWqjr1j9XuoqVo5KwkTddn0v8tYpiF Fq3O2w5Vg= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp9 (Coremail) with SMTP id DcCowAAnx1KamEZZIIkRLQ--.56364S2; Sun, 18 Jun 2017 23:13:33 +0800 (CST) From: Jia-Ju Bai To: erj@freebsd.org, sbruno@freebsd.org Cc: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-net@freebsd.org, Jia-Ju Bai Subject: [PATCH] if_ixgb: Fix possible sleep-under-mutex bugs (different from Bug 220033) Date: Sun, 18 Jun 2017 23:13:29 +0800 Message-Id: <20170618151329.41975-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DcCowAAnx1KamEZZIIkRLQ--.56364S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7Kr4DGw4DWr1Duw4xWr4xXrb_yoW8WryUpa 18W3W3GF1UXr4jya1vvF48WFW3Ga95uryUGry8Wa4Du3W2yr1jgw409ay0k3y5Xws7Can3 CFyqkr98AF17AFDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRPrchUUUUU= X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/xtbBRR36elO-7qb7ZwAAsg X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2017 15:13:36 -0000 The driver may sleep under a mutex, and the function call paths are: ixgb_init [acquire the mutex] ixgb_init_locked ixgb_setup_transmit_structures bus_dma_tag_create(BUS_DMA_ALLOCNOW) --> may sleep ixgb_init [acquire the mutex] ixgb_init_locked ixgb_setup_receive_structures ixgb_allocate_receive_structures bus_dma_tag_create(BUS_DMA_ALLOCNOW) --> may sleep The possible fix of these bugs is to add "BUS_DMA_NOWAIT" in bus_dma_tag_create. These bugs are found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/ixgb/if_ixgb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/ixgb/if_ixgb.c b/sys/dev/ixgb/if_ixgb.c index 430c13c72d1..4cdfe6d4c28 100644 --- a/sys/dev/ixgb/if_ixgb.c +++ b/sys/dev/ixgb/if_ixgb.c @@ -1518,7 +1518,7 @@ ixgb_setup_transmit_structures(struct adapter * adapter) MCLBYTES * IXGB_MAX_SCATTER, /* maxsize */ IXGB_MAX_SCATTER, /* nsegments */ MCLBYTES, /* maxsegsize */ - BUS_DMA_ALLOCNOW, /* flags */ + BUS_DMA_ALLOCNOW | BUS_DMA_NOWAIT, /* flags */ #if __FreeBSD_version >= 502000 NULL, /* lockfunc */ NULL, /* lockfuncarg */ @@ -1856,7 +1856,7 @@ ixgb_allocate_receive_structures(struct adapter * adapter) MCLBYTES, /* maxsize */ 1, /* nsegments */ MCLBYTES, /* maxsegsize */ - BUS_DMA_ALLOCNOW, /* flags */ + BUS_DMA_ALLOCNOW | BUS_DMA_NOWAIT, /* flags */ #if __FreeBSD_version >= 502000 NULL, /* lockfunc */ NULL, /* lockfuncarg */ -- 2.13.0 From owner-freebsd-drivers@freebsd.org Mon Jun 19 01:11:23 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E730D91BC8; Mon, 19 Jun 2017 01:11:23 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-14.163.com (m12-14.163.com [220.181.12.14]) by mx1.freebsd.org (Postfix) with ESMTP id 8943E8213B; Mon, 19 Jun 2017 01:11:22 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=TTvssAyVof/4L6Aw+e +k7pZHAyMbBYgkDcZe/XN3hQ4=; b=OhqPLKv5hEdN34CJ+orsTu29Ve27dkQ7fF +J/07y8NZn8hqAbs6GyAA+QBDv757JF6egVybRlfxVui++6vOhvU7nupCGpW5JmB NnR73kPjeEpnLWv8S1ImRtE805/0M5wJvivYjwhkA8LACTU7SG3RpCpbcXKpCqKI M8QBH1W7M= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp10 (Coremail) with SMTP id DsCowAD3k5C0JEdZ5xvxMQ--.1064S2; Mon, 19 Jun 2017 09:11:20 +0800 (CST) From: Jia-Ju Bai To: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-scsi@freebsd.org Cc: Jia-Ju Bai Subject: [PATCH] adwcam: Fix a possible sleep-under-mutex bug in adw_init Date: Mon, 19 Jun 2017 09:11:13 +0800 Message-Id: <20170619011113.43652-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DsCowAD3k5C0JEdZ5xvxMQ--.1064S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7Gr17CFyxuw43WFy8Ww4xXrb_yoWDuFcEgF 93ArWkAFs8K3Wxtr18Cr4a9r1Ig3yrZFy8Cr4S9w43Kw17JF93tF4rKr1fXF9xu3s2vrW3 ury0qrW5Aw17AjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUboqcUUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiYxj7elaDtd9JBwAAsL X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 01:11:23 -0000 The driver may sleep under a sleep, and the function call path is: adw_init [line 1098: acquire the mutex] adwallocacbs bus_dmamap_create(BUS_DMA_WAITOK) --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/advansys/adwcam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/advansys/adwcam.c b/sys/dev/advansys/adwcam.c index 02f9c49d800..6950ae49ff8 100644 --- a/sys/dev/advansys/adwcam.c +++ b/sys/dev/advansys/adwcam.c @@ -201,7 +201,7 @@ adwallocacbs(struct adw_softc *adw) for (i = 0; adw->num_acbs < adw->max_acbs && i < newcount; i++) { int error; - error = bus_dmamap_create(adw->buffer_dmat, /*flags*/0, + error = bus_dmamap_create(adw->buffer_dmat, /*flags*/BUS_DMA_NOWAIT, &next_acb->dmamap); if (error != 0) break; -- 2.13.0 From owner-freebsd-drivers@freebsd.org Mon Jun 19 01:28:25 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5025FD921E3; Mon, 19 Jun 2017 01:28:25 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-13.163.com (m12-13.163.com [220.181.12.13]) by mx1.freebsd.org (Postfix) with ESMTP id 35F8B827E8; Mon, 19 Jun 2017 01:28:23 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=CIw6Vf/V9jrdt9ZWjR iLesifxgPY60E9XLcxRzR1+Yk=; b=LsCvAXVMrLcXZZ3/7CQ9PISgCCCKz8drdA sPmB0OFYTVQ4tveMidcPr2pE6z5TelRFWICGupDYVdEYbTnO4RcpEOF2DjSxJMXr TO4yTEju0XNuxwTHXqCg0CofFmBTMABYgRp0pc3CPaSTSrRso03bvW1lQIcT71BE 8YT5uXYwg= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp9 (Coremail) with SMTP id DcCowAD3lVGmKEdZs3VPLQ--.57901S2; Mon, 19 Jun 2017 09:28:10 +0800 (CST) From: Jia-Ju Bai To: wpaul@ctr.columbia.edu Cc: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-net@freebsd.org, Jia-Ju Bai Subject: [PATCH] if_xl: Fix a possible sleep-under-mutex bug in xl_list_rx_init Date: Mon, 19 Jun 2017 09:28:04 +0800 Message-Id: <20170619012804.43725-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: DcCowAD3lVGmKEdZs3VPLQ--.57901S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7XF1xWFykXw4DJw1kZr1fZwb_yoWDArXEgF WkZr1xGr4akF1xKw1kuF4I9r12y3yfWrn3uryfXanrtr17Jrn8ta1vqrn3XF95uw4IyrWr Xayjqr48CF17CjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUboGQPUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiTQz7elc69srXqwAAst X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 01:28:25 -0000 The driver may sleep under a mutex, and the code path is: xl_resume [acquire the mutex] xl_init_locked xl_list_rx_init bus_dmamap_create(BUS_DMA_WAITOK) --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/xl/if_xl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/xl/if_xl.c b/sys/dev/xl/if_xl.c index 4c1c238981d..59b29ddc7ca 100644 --- a/sys/dev/xl/if_xl.c +++ b/sys/dev/xl/if_xl.c @@ -1726,7 +1726,7 @@ xl_list_rx_init(struct xl_softc *sc) for (i = 0; i < XL_RX_LIST_CNT; i++) { cd->xl_rx_chain[i].xl_ptr = &ld->xl_rx_list[i]; - error = bus_dmamap_create(sc->xl_mtag, 0, + error = bus_dmamap_create(sc->xl_mtag, BUS_DMA_NOWAIT, &cd->xl_rx_chain[i].xl_map); if (error) return (error); -- 2.13.0 From owner-freebsd-drivers@freebsd.org Mon Jun 19 01:44:34 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4C4AD9261B; Mon, 19 Jun 2017 01:44:34 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-17.163.com (m12-17.163.com [220.181.12.17]) by mx1.freebsd.org (Postfix) with ESMTP id B6E0E82EDB; Mon, 19 Jun 2017 01:44:33 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=+0LHRb+LMcOqQR2+F7 wijw17SuqFmnAyTMLSZxQ65XU=; b=gN17AxkJQIsjpAUscQsWNSsUfUxSdeA5s1 OOLHOanMfkGixOBeNwTF/IKjn2K76HNS+WbN93i5w/toQPFV4+21+OA4WcJ/T+xc yyAvP/VZmXPrvkF+sgeB8CExfUw8aq4bv+to5iZQq2l1Vb/rshtuVxsPZn8S1Ky0 5bi7CbTRM= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp13 (Coremail) with SMTP id EcCowACHjVF2LEdZJ2EiLg--.19880S2; Mon, 19 Jun 2017 09:44:26 +0800 (CST) From: Jia-Ju Bai To: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-hackers@freebsd.org Cc: Jia-Ju Bai Subject: [PATCH] mlx: Fix a possible sleep-under-mutex bug in mlx_alloccmd Date: Mon, 19 Jun 2017 09:44:19 +0800 Message-Id: <20170619014419.43824-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: EcCowACHjVF2LEdZJ2EiLg--.19880S2 X-Coremail-Antispam: 1Uf129KBjvdXoW7GF45ArWDCFWxWr1kKw1UGFg_yoWkJFXEgF yktr1rGr1fKr1avw1xCrWrCr9Fg3yrWrn7ur4Sg3W3Jw1xGrZ3KFs2qr43WryfWa40krW3 Wryq9r48CF12yjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUboqcUUUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiThn7elUCydyQyAAAsM X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 01:44:34 -0000 The driver may sleep under a mutex, and the function call path is: mlx_attach [line 432: acquire the mutex] mlx_enquire mlx_alloccmd bus_dmamap_create(BUS_DMA_WAITOK) --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/mlx/mlx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/dev/mlx/mlx.c b/sys/dev/mlx/mlx.c index e3b09582a36..c2e8ba3c595 100644 --- a/sys/dev/mlx/mlx.c +++ b/sys/dev/mlx/mlx.c @@ -2426,7 +2426,8 @@ mlx_alloccmd(struct mlx_softc *sc) mc = (struct mlx_command *)malloc(sizeof(*mc), M_DEVBUF, M_NOWAIT | M_ZERO); if (mc != NULL) { mc->mc_sc = sc; - error = bus_dmamap_create(sc->mlx_buffer_dmat, 0, &mc->mc_dmamap); + error = bus_dmamap_create(sc->mlx_buffer_dmat, BUS_DMA_NOWAIT, + &mc->mc_dmamap); if (error) { free(mc, M_DEVBUF); return(NULL); -- 2.13.0 From owner-freebsd-drivers@freebsd.org Mon Jun 19 01:51:28 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2893D92834; Mon, 19 Jun 2017 01:51:27 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by mx1.freebsd.org (Postfix) with ESMTP id 103A88344E; Mon, 19 Jun 2017 01:51:26 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=/qOhPLnCi6BV9fDqy6 mhlZfzFoCatAkaX6lL2GSUCVU=; b=l0z3PcDC7QxwexJXVisIFqkNOnsQfKhMED xGy+Jm9+4knD2Hd1fqQWqKHR2k1sCJOmtIqxnU5oE5aQ2AxJ0zIwzledJBruYU7S mDL6BipkoMMNqiNO/E/r21OidfRKXM4OMEyQNHJgfflWgg27DqRtguZxr13U/X6C 0HXB/wwJI= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp12 (Coremail) with SMTP id EMCowABXnfIZLkdZlmTOKQ--.63442S2; Mon, 19 Jun 2017 09:51:25 +0800 (CST) From: Jia-Ju Bai To: freebsdraid@lsi.com Cc: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, freebsd-hackers@freebsd.org, Jia-Ju Bai Subject: [PATCH] tws: Fix a possible sleep-under-mutex bug in tws_init_reqs Date: Mon, 19 Jun 2017 09:51:19 +0800 Message-Id: <20170619015119.43883-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: EMCowABXnfIZLkdZlmTOKQ--.63442S2 X-Coremail-Antispam: 1Uf129KBjvdXoWrtFy5XFyDJF43Zw1kuFy8Xwb_yoWkGrcE93 WDCF1rXFWqy3W2qa4DAr4rZry2g3yrXw1rXryfA3ZFy34xXFWrJrZ2vFyxWrn7ua4IkrW3 WryUKrW5CF1xZjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUbeyI7UUUUU== X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbiTh37elUCydy1ogAAsH X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 01:51:28 -0000 The driver may sleep under a mutex, and the code path is: tws_init_reqs [line 684: acquire the mutex] tws_init_reqs [line 685] bus_dmamap_create(BUS_DMA_WAITOK) [line 687] --> may sleep The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT". This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/tws/tws.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/dev/tws/tws.c b/sys/dev/tws/tws.c index 480f6f95489..6d21a524f18 100644 --- a/sys/dev/tws/tws.c +++ b/sys/dev/tws/tws.c @@ -684,7 +684,8 @@ tws_init_reqs(struct tws_softc *sc, u_int32_t dma_mem_size) mtx_lock(&sc->q_lock); for ( i=0; i< tws_queue_depth; i++) { - if (bus_dmamap_create(sc->data_tag, 0, &sc->reqs[i].dma_map)) { + if (bus_dmamap_create(sc->data_tag, BUS_DMA_NOWAIT, + &sc->reqs[i].dma_map)) { /* log a ENOMEM failure msg here */ mtx_unlock(&sc->q_lock); return(FAILURE); -- 2.13.0 From owner-freebsd-drivers@freebsd.org Mon Jun 19 02:12:42 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8AD85D92EB1; Mon, 19 Jun 2017 02:12:42 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by mx1.freebsd.org (Postfix) with ESMTP id BFBF183F5C; Mon, 19 Jun 2017 02:12:41 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=p3jPhEvTvaYK+QuYwo mxFiXzFxGKShivhZsAT8LODOE=; b=Ri7lGGzzEgUAiiS74ePN8spJt6SPGYkllA fD4dASJpCSagXKpNoVbdAUccIJoM3hidoyw6MwH2WPjttp70AkrPFV3Jr/DF9Erv 4LFqOVVnA3rdpP+jZX86lX9+en/DN4secB8iRDpKMwhVlzCKeU9FgVCCt5RiSUsG ZCOxoEMCM= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp12 (Coremail) with SMTP id EMCowABnrSYKM0dZl5rPKQ--.60528S2; Mon, 19 Jun 2017 10:12:29 +0800 (CST) From: Jia-Ju Bai To: freebsdraid@avagotech.com, megaraidfbsd@avagotech.com Cc: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, Jia-Ju Bai Subject: [PATCH] mrsas: Fix possible sleep-under-mutex bugs Date: Mon, 19 Jun 2017 10:12:24 +0800 Message-Id: <20170619021224.44042-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: EMCowABnrSYKM0dZl5rPKQ--.60528S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7trWfKF4UtF43trWrXryrZwb_yoW8Gw1Upa y7WF4UWwnrX3yvqF4q9F48WF4fXFZ8Gry8GFWUuwn7W3WUZ3s0gr40k398CF4xZFW7Ca9Y y3s8KF4kW3WUAFDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRKZXwUUUUU= X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbipQ37elUMFXNYkAAAse X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 02:12:42 -0000 The driver may sleep under a mutex, and the function call paths are: mrsas_reset_ctrl [line 2959: acquire the mutex] mrsas_ioc_init [line 3050] mrsas_alloc_ioc_cmd [line 2450] bus_dma_tag_create(BUS_DMA_ALLOCNOW) --> may sleep mrsas_reset_ctrl [line 2959: acquire the mutex] megasas_setup_jbod_map [line 3089] bus_dma_tag_create(BUS_DMA_ALLOCNOW) --> may sleep The possible fix of these bugs is to add "BUS_DMA_NOWAIT" in bus_dma_tag_create. These bugs are found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/mrsas/mrsas.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/mrsas/mrsas.c b/sys/dev/mrsas/mrsas.c index d5e83494284..06f26c95841 100644 --- a/sys/dev/mrsas/mrsas.c +++ b/sys/dev/mrsas/mrsas.c @@ -2087,7 +2087,7 @@ megasas_setup_jbod_map(struct mrsas_softc *sc) pd_seq_map_sz, 1, pd_seq_map_sz, - BUS_DMA_ALLOCNOW, + BUS_DMA_ALLOCNOW | BUS_DMA_NOWAIT, NULL, NULL, &sc->jbodmap_tag[i])) { device_printf(sc->mrsas_dev, @@ -2391,7 +2391,7 @@ mrsas_alloc_ioc_cmd(struct mrsas_softc *sc) ioc_init_size, 1, ioc_init_size, - BUS_DMA_ALLOCNOW, + BUS_DMA_ALLOCNOW | BUS_DMA_NOWAIT, NULL, NULL, &sc->ioc_init_tag)) { device_printf(sc->mrsas_dev, "Cannot allocate ioc init tag\n"); -- 2.13.0