NetBSD Problem Report #52330

From www@NetBSD.org  Sun Jun 25 08:33:16 2017
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id DA6AC7A267
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 25 Jun 2017 08:33:15 +0000 (UTC)
Message-Id: <20170625083314.BC77A7A26F@mollari.NetBSD.org>
Date: Sun, 25 Jun 2017 08:33:14 +0000 (UTC)
From: baijiaju1990@163.com
Reply-To: baijiaju1990@163.com
To: gnats-bugs@NetBSD.org
Subject: mpii driver: a sleep-in-interrupt bug in mpii_intr
X-Send-Pr-Version: www-1.0

>Number:         52330
>Category:       kern
>Synopsis:       mpii driver: a sleep-in-interrupt bug in mpii_intr
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 25 08:35:00 +0000 2017
>Closed-Date:    Sat Jun 09 21:33:25 +0000 2018
>Last-Modified:  Sat Jun 09 21:33:25 +0000 2018
>Originator:     Jia-Ju Bai
>Release:        NetBSD-7.1
>Organization:
Tsinghua University
>Environment:
i386
>Description:
The driver may sleep in interrupt, and the function call path in file "sys/dev/pci/mpii.c" in NetBSD-7.1 release is:
mpii_intr [interrupt handler function]
  mpii_event_process
    mpii_event_raid
      mpii_cache_enable
        malloc(M_WAITOK) --> may sleep

This bug is found by a static analysis tool written by myself, and it is checked by my review of the NetBSD code.
>How-To-Repeat:

>Fix:
The possible fix of this bug is to replace "M_WAITOK" in malloc with "M_NOWAIT".

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/52330 CVS commit: src/sys/dev/pci
Date: Sun, 25 Jun 2017 11:56:32 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Sun Jun 25 15:56:32 UTC 2017

 Modified Files:
 	src/sys/dev/pci: mpii.c

 Log Message:
 PR/52330: Jia-Ju Bai: mpii driver: a sleep-in-interrupt bug in mpii_intr
 Since the enclosing routime mpii_event_raid already calls malloc with
 M_NOWAIT, fix the cache routine to do the same. While there check the
 result of the cache routine and change some error prints to aprint.


 To generate a diff of this commit:
 cvs rdiff -u -r1.8 -r1.9 src/sys/dev/pci/mpii.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->pending-pullups
State-Changed-By: maya@NetBSD.org
State-Changed-When: Mon, 04 Jun 2018 10:09:56 +0000
State-Changed-Why:
pullup-8 857, pullup-7 1614


From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/52330 CVS commit: [netbsd-7] src/sys/dev/pci
Date: Wed, 6 Jun 2018 15:46:17 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Wed Jun  6 15:46:16 UTC 2018

 Modified Files:
 	src/sys/dev/pci [netbsd-7]: mpii.c

 Log Message:
 Pull up following revision(s) (requested by maya in ticket #1614):

 	sys/dev/pci/mpii.c: revision 1.9

 PR/52330: Jia-Ju Bai: mpii driver: a sleep-in-interrupt bug in mpii_intr
 Since the enclosing routime mpii_event_raid already calls malloc with
 M_NOWAIT, fix the cache routine to do the same. While there check the
 result of the cache routine and change some error prints to aprint.


 To generate a diff of this commit:
 cvs rdiff -u -r1.5 -r1.5.4.1 src/sys/dev/pci/mpii.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/52330 CVS commit: [netbsd-8] src/sys/dev/pci
Date: Sat, 9 Jun 2018 14:32:52 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Sat Jun  9 14:32:52 UTC 2018

 Modified Files:
 	src/sys/dev/pci [netbsd-8]: mpii.c

 Log Message:
 Pull up following revision(s) (requested by maya in ticket #857):

 	sys/dev/pci/mpii.c: revision 1.9

 PR/52330: Jia-Ju Bai: mpii driver: a sleep-in-interrupt bug in mpii_intr
 Since the enclosing routime mpii_event_raid already calls malloc with
 M_NOWAIT, fix the cache routine to do the same. While there check the
 result of the cache routine and change some error prints to aprint.


 To generate a diff of this commit:
 cvs rdiff -u -r1.8 -r1.8.10.1 src/sys/dev/pci/mpii.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: pending-pullups->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Sat, 09 Jun 2018 21:33:25 +0000
State-Changed-Why:
Pullups completed, thanks for the report!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.