kern/52332: ydc driver: sleep-under-spin-mutex bugs in yds_allocmem

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/52332: ydc driver: sleep-under-spin-mutex bugs in yds_allocmem
From: baijiaju1990%163.com@localhost
Date: Sun, 25 Jun 2017 08:45:00 +0000 (UTC)

>Number:         52332
>Category:       kern
>Synopsis:       ydc driver: sleep-under-spin-mutex bugs in yds_allocmem
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 25 08:45:00 +0000 2017
>Originator:     Jia-Ju Bai
>Release:        NetBSD-7.1
>Organization:
Tsinghua University
>Environment:
i386
>Description:
The driver may sleep under spin mutex, and the function call path in file "sys/dev/pci/yds.c" in NetBSD-7.1 release is:
yds_resume [acquire the spin mutex]
  yds_init
    yds_allocate_slots
      yds_allocmem
        bus_dmamem_alloc(BUS_DMA_WAITOK) --> may sleep
        bus_dmamem_map(BUS_DMA_WAITOK) --> may sleep
        bus_dmamem_create(BUS_DMA_WAITOK) --> may sleep
        bus_dmamem_load(BUS_DMA_WAITOK) --> may sleep

These bugs are found by a static analysis tool written by myself, and they are checked by my review of the NetBSD code.
>How-To-Repeat:

>Fix:
The possible fix of this bug is to replace "BUS_DMA_WAITOK" with "BUS_DMA_NOWAIT".

Prev by Date: kern/52331: ydc driver: sleep-under-spin-mutex bugs in yds_allocmem
Next by Date: kern/52333: vte driver: sleep-in-interrupt bugs in vte_intr
Previous by Thread: kern/52331: ydc driver: sleep-under-spin-mutex bugs in yds_allocmem
Next by Thread: kern/52333: vte driver: sleep-in-interrupt bugs in vte_intr
Indexes:

Home | Main Index | Thread Index | Old Index