From owner-freebsd-drivers@freebsd.org Mon Jun 19 02:12:42 2017 Return-Path: Delivered-To: freebsd-drivers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8AD85D92EB1; Mon, 19 Jun 2017 02:12:42 +0000 (UTC) (envelope-from baijiaju1990@163.com) Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by mx1.freebsd.org (Postfix) with ESMTP id BFBF183F5C; Mon, 19 Jun 2017 02:12:41 +0000 (UTC) (envelope-from baijiaju1990@163.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=p3jPhEvTvaYK+QuYwo mxFiXzFxGKShivhZsAT8LODOE=; b=Ri7lGGzzEgUAiiS74ePN8spJt6SPGYkllA fD4dASJpCSagXKpNoVbdAUccIJoM3hidoyw6MwH2WPjttp70AkrPFV3Jr/DF9Erv 4LFqOVVnA3rdpP+jZX86lX9+en/DN4secB8iRDpKMwhVlzCKeU9FgVCCt5RiSUsG ZCOxoEMCM= Received: from bai.tsinghua.edu.cn (unknown [166.111.70.9]) by smtp12 (Coremail) with SMTP id EMCowABnrSYKM0dZl5rPKQ--.60528S2; Mon, 19 Jun 2017 10:12:29 +0800 (CST) From: Jia-Ju Bai To: freebsdraid@avagotech.com, megaraidfbsd@avagotech.com Cc: freebsd-drivers@freebsd.org, freebsd-bugs@freebsd.org, Jia-Ju Bai Subject: [PATCH] mrsas: Fix possible sleep-under-mutex bugs Date: Mon, 19 Jun 2017 10:12:24 +0800 Message-Id: <20170619021224.44042-1-baijiaju1990@163.com> X-Mailer: git-send-email 2.13.0 X-CM-TRANSID: EMCowABnrSYKM0dZl5rPKQ--.60528S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7trWfKF4UtF43trWrXryrZwb_yoW8Gw1Upa y7WF4UWwnrX3yvqF4q9F48WF4fXFZ8Gry8GFWUuwn7W3WUZ3s0gr40k398CF4xZFW7Ca9Y y3s8KF4kW3WUAFDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRKZXwUUUUU= X-Originating-IP: [166.111.70.9] X-CM-SenderInfo: xedlyx5dmximizq6il2tof0z/1tbipQ37elUMFXNYkAAAse X-BeenThere: freebsd-drivers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Writing device drivers for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2017 02:12:42 -0000 The driver may sleep under a mutex, and the function call paths are: mrsas_reset_ctrl [line 2959: acquire the mutex] mrsas_ioc_init [line 3050] mrsas_alloc_ioc_cmd [line 2450] bus_dma_tag_create(BUS_DMA_ALLOCNOW) --> may sleep mrsas_reset_ctrl [line 2959: acquire the mutex] megasas_setup_jbod_map [line 3089] bus_dma_tag_create(BUS_DMA_ALLOCNOW) --> may sleep The possible fix of these bugs is to add "BUS_DMA_NOWAIT" in bus_dma_tag_create. These bugs are found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code. Signed-off-by: Jia-Ju Bai --- sys/dev/mrsas/mrsas.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/mrsas/mrsas.c b/sys/dev/mrsas/mrsas.c index d5e83494284..06f26c95841 100644 --- a/sys/dev/mrsas/mrsas.c +++ b/sys/dev/mrsas/mrsas.c @@ -2087,7 +2087,7 @@ megasas_setup_jbod_map(struct mrsas_softc *sc) pd_seq_map_sz, 1, pd_seq_map_sz, - BUS_DMA_ALLOCNOW, + BUS_DMA_ALLOCNOW | BUS_DMA_NOWAIT, NULL, NULL, &sc->jbodmap_tag[i])) { device_printf(sc->mrsas_dev, @@ -2391,7 +2391,7 @@ mrsas_alloc_ioc_cmd(struct mrsas_softc *sc) ioc_init_size, 1, ioc_init_size, - BUS_DMA_ALLOCNOW, + BUS_DMA_ALLOCNOW | BUS_DMA_NOWAIT, NULL, NULL, &sc->ioc_init_tag)) { device_printf(sc->mrsas_dev, "Cannot allocate ioc init tag\n"); -- 2.13.0