[Bug 274966] A possible data race in sys/dev/firewire/firewire.c

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 08 Nov 2023 17:30:13 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274966

            Bug ID: 274966
           Summary: A possible data race in sys/dev/firewire/firewire.c
           Product: Base System
           Version: 14.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: islituo@gmail.com

Hello,
Our static analysis tool finds a possible data race in firewire.c.
The accesses to fwdev->dst and fwdev->status are often protected by the lock
FW_GLOCK(fc). Here is an example in firewire.c:

  146. fw_noderesolve_nodeid() {
         ......
  150.   FW_GLOCK(fc);
  151.   STAILQ_FOREACH(fwdev, &fc->devices, link)
  152.   if (fwdev->dst == dst && fwdev->status != FWDEVINVAL)
  153.     break;
  154.   FW_GUNLOCK(fc);
         ......
  157. }

But they are accessed in the following calling context without holding the
lock:

  fw_bus_probe_thread()  --> Line 1737
    fw_explore(fc);  --> Line 1747
      err = fw_explore_node(&dfwdev);  --> Line 1723
        fwdev->dst = node;  --> Line 1630
        fwdev->status = FWDEVINIT;  --> Line 1631

And thus can cause possible data races.

I am not quite sure whether these possible data races are real andhow to fix
them if they are real. 

Any feedback would be appreciated, thanks!

Reported-by: BassCheck <bass@buaa.edu.cn>

-- 
You are receiving this mail because:
You are the assignee for the bug.