Bug 220096

Summary: [acpi] sys/dev/acpica/acpi_thermal.c: a sleep-under-mutex bug in acpi_tz_thread
Product: Base System Reporter: Jia-Ju Bai <baijiaju1990>
Component: kernAssignee: freebsd-acpi (Nobody) <acpi>
Status: Closed Works As Intended    
Severity: Affects Only Me CC: acpi, hardware, jhb
Priority: ---    
Version: 11.0-RELEASE   
Hardware: Any   
OS: Any   

Description Jia-Ju Bai 2017-06-18 03:45:34 UTC 
The driver may sleep under a mutex, and the code path in file "sys/dev/acpica/acpi_thermal.c" in FreeBSD 11.0 release is:
acpi_tz_thread [line 992: acquire the mutex]
acpi_tz_thread [line 993]
acpi_tz_thread [line 1003]
acpi_tz_thread [line 1004] (msleep is excuted)
acpi_tz_thread [line 1008]
acpi_tz_thread [line 970]
acpi_tz_thread [line 971]
acpi_tz_thread [line 975]
  malloc(M_WAITOK) [line 976]

The possible fix of this bug is to replace "M_WAITOK" in malloc with "M_NOWAIT".

This bug is found by a static analysis tool written by myself, and it is checked by my review of the FreeBSD code.

Thanks,
Jia-Ju Bai
Comment 1 John Baldwin freebsd_committer freebsd_triage 2017-07-17 16:37:27 UTC 
The call to msleep() uses PDROP so the mutex is not reacquired after the thread awakens from the sleep.  You probably need to add a special case for the PDROP flag in your static analysis tool.  It is a bit of an unusual case.