[Bug 220094] [scsi] sys/cam/scsi/scsi_sa.c: a sleep-under-mutex bug in saioctl

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jun 19 20:49:01 UTC 2017


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220094

--- Comment #2 from commit-hook at freebsd.org ---
A commit references this bug:

Author: ken
Date: Mon Jun 19 20:48:01 UTC 2017
New revision: 320123
URL: https://svnweb.freebsd.org/changeset/base/320123

Log:
  Fix a potential sleep while holding a mutex in the sa(4) driver.

  If the user issues a MTIOCEXTGET ioctl, and the tape drive in question has
  a serial number that is longer than 80 characters, we malloc a buffer in
  saextget() to hold the output of cam_strvis().

  Since a mutex is held in that codepath, doing a M_WAITOK malloc could lead
  to sleeping while holding a mutex.  Change it to a M_NOWAIT malloc and bail
  out if we fail to allocate the memory.  Devices with serial numbers longer
  than 80 bytes are very rare (I don't recall seeing one), so this
  should be a very unusual case to hit.  But it is a bug that should be fixed.

  sys/cam/scsi/scsi_sa.c:
        In saextget(), if we need to malloc a buffer to hold the output of
        cam_strvis(), don't wait for the memory.  Fail and return an error
        if we can't allocate the memory immediately.

  PR:           kern/220094
  Submitted by: Jia-Ju Bai <baijiaju1990 at 163.com>
  MFC after:    3 days
  Sponsored by: Spectra Logic

Changes:
  head/sys/cam/scsi/scsi_sa.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the freebsd-scsi mailing list