From owner-freebsd-drivers@freebsd.org  Sun Jun 18 09:46:09 2017
Return-Path: <owner-freebsd-drivers@freebsd.org>
Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8170FD8D5AD;
 Sun, 18 Jun 2017 09:46:09 +0000 (UTC)
 (envelope-from baijiaju1990@163.com)
Received: from m12-16.163.com (m12-16.163.com [220.181.12.16])
 by mx1.freebsd.org (Postfix) with ESMTP id B82A566158;
 Sun, 18 Jun 2017 09:46:08 +0000 (UTC)
 (envelope-from baijiaju1990@163.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
 s=s110527; h=From:Subject:Date:Message-Id; bh=xUZUkp6Ul2hnrkXRW2
 3Z7WBtITssvPDJ5IYBRM7sJCA=; b=BiWw2RZoulI/pK4lGH6FCvGnYDUwzh4OQD
 vCY8iPuwn/59wINNhV9b4btpCWjZW6LxvL9TiDrz/H+sUUOqVEUViXUGwUUWc1CZ
 a04xvg0LMwdScTp8pTe94wrE4FT2qmBxlLbZhAGevZV+itvxDYh8SonRd6ZF+VYz
 bLmZ1FMS4=
Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9])
 by smtp12 (Coremail) with SMTP id EMCowAA38i7bS0ZZ6n6dKQ--.6754S2;
 Sun, 18 Jun 2017 17:46:07 +0800 (CST)
From: Jia-Ju Bai <baijiaju1990@163.com>
To: 
Cc: freebsd-drivers@freebsd.org, freebsd-scsi@freebsd.org,
 Jia-Ju Bai <baijiaju1990@163.com>
Subject: [Bug 220095][PATCH] dpt_scsi: Fix a possible sleep-under-mutex bug in
 dpt_init
Date: Sun, 18 Jun 2017 17:46:01 +0800
Message-Id: <20170618094601.40636-1-baijiaju1990@163.com>
X-Mailer: git-send-email 2.13.0
X-CM-TRANSID: EMCowAA38i7bS0ZZ6n6dKQ--.6754S2
X-Coremail-Antispam: 1Uf129KBjvdXoW7GF45WF1UXr1xKFW8JryUtrb_yoWDXrcE93
 WqyryrAw1Ik348Kr4fAF4fZr129ay5XrW8uw1rXrsxJF1UXw1rK343uryfZrZxWw4IkFyx
 WF90qrW5Gw12vjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUUpBT7UUUUU==
X-Originating-IP: [166.111.70.9]
X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/xtbBRR-6elO-7qMI2gAAsp
X-BeenThere: freebsd-drivers@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Writing device drivers for FreeBSD <freebsd-drivers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-drivers>, 
 <mailto:freebsd-drivers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-drivers/>
List-Post: <mailto:freebsd-drivers@freebsd.org>
List-Help: <mailto:freebsd-drivers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-drivers>, 
 <mailto:freebsd-drivers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jun 2017 09:46:09 -0000

The driver may sleep under a mutex, and the function call path is:
dpt_init [acquire the mutex]
   dptallocsgmap
     bus_dmamap_load(BUS_DMA_WAITOK) --> may sleep

The possible fix of this bug is to set the last parameter in 
bus_dmamap_load to "BUS_DMA_NOWAIT".

This bug is found by a static analysis tool written by myself, and it is 
checked by my review of the FreeBSD code.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
---
 sys/dev/dpt/dpt_scsi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/dev/dpt/dpt_scsi.c b/sys/dev/dpt/dpt_scsi.c
index 541b58665cf..f39ebfba2a7 100644
--- a/sys/dev/dpt/dpt_scsi.c
+++ b/sys/dev/dpt/dpt_scsi.c
@@ -300,7 +300,7 @@ dptallocsgmap(struct dpt_softc *dpt)
 
 	(void)bus_dmamap_load(dpt->sg_dmat, sg_map->sg_dmamap, sg_map->sg_vaddr,
 			      PAGE_SIZE, dptmapmem, &sg_map->sg_physaddr,
-			      /*flags*/0);
+			      /*flags*/BUS_DMA_NOWAIT);
 
 	SLIST_INSERT_HEAD(&dpt->sg_maps, sg_map, links);
 
-- 
2.13.0