[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: [PATCH] mlx: Fix a possible sleep-under-mutex bug in mlx_alloccmd
From: Jia-Ju Bai <baijiaju1990 () 163 ! com>
Date: 2017-06-19 1:44:19
Message-ID: 20170619014419.43824-1-baijiaju1990 () 163 ! com
[Download RAW message or body]
The driver may sleep under a mutex, and the function call path is:
mlx_attach [line 432: acquire the mutex]
mlx_enquire
mlx_alloccmd
bus_dmamap_create(BUS_DMA_WAITOK) --> may sleep
The possible fix of this bug is to replace "BUS_DMA_WAITOK" in bus_dmamap_create with "BUS_DMA_NOWAIT".
This bug is found by a static analysis tool written by myself, and it is
checked by my review of the FreeBSD code.
Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
---
sys/dev/mlx/mlx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/dev/mlx/mlx.c b/sys/dev/mlx/mlx.c
index e3b09582a36..c2e8ba3c595 100644
--- a/sys/dev/mlx/mlx.c
+++ b/sys/dev/mlx/mlx.c
@@ -2426,7 +2426,8 @@ mlx_alloccmd(struct mlx_softc *sc)
mc = (struct mlx_command *)malloc(sizeof(*mc), M_DEVBUF, M_NOWAIT | M_ZERO);
if (mc != NULL) {
mc->mc_sc = sc;
- error = bus_dmamap_create(sc->mlx_buffer_dmat, 0, &mc->mc_dmamap);
+ error = bus_dmamap_create(sc->mlx_buffer_dmat, BUS_DMA_NOWAIT,
+ &mc->mc_dmamap);
if (error) {
free(mc, M_DEVBUF);
return(NULL);
--
2.13.0
_______________________________________________
freebsd-hackers@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic