[Bug 256334] [genet] Race condition in Pi4's gen_attach() can cause SIGSEGV.

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 01 Jun 2021 13:06:40 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256334

            Bug ID: 256334
           Summary: [genet] Race condition in Pi4's gen_attach() can cause
                    SIGSEGV.
           Product: Base System
           Version: CURRENT
          Hardware: arm64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: arm
          Assignee: freebsd-arm_at_FreeBSD.org
          Reporter: ghuckriede_at_blackberry.com

'genet' driver starts interrupt handlers before ifp is allocated.

Version: git main _at_ d3f7975fcb346ea28dde079a9c04cff5ef20a8d7

gen_intr() uses sc->ifp here:
https://cgit.freebsd.org/src/blame/sys/arm64/broadcom/genet/if_genet.c#n1260

gen_attach() calls bus_setup_intr() here:
https://cgit.freebsd.org/src/blame/sys/arm64/broadcom/genet/if_genet.c#n283
https://cgit.freebsd.org/src/blame/sys/arm64/broadcom/genet/if_genet.c#n290

gen_attach() calls if_alloc() here:
https://cgit.freebsd.org/src/blame/sys/arm64/broadcom/genet/if_genet.c#n298

Possible fixes:
gen_attach() could either hold GEN_LOCK() or complete the init before the
bus_setup_intr() calls.

-- 
You are receiving this mail because:
You are the assignee for the bug.
Received on Tue Jun 01 2021 - 13:06:40 UTC

Original text of this message