There is a lock issue in sys/dev/wpi/if_wpi.c. In function wpi_run(), WPI_RXON_LOCK() is called after wpi_set_timing(), but its corresponding WPI_RXON_UNLOCK() is not executed on failure of wpi_send_rxon(), which may cause a deadlock. This code logic is similar with wpi_auth(), and in this function we do not return on failure of wpi_send_rxon(). This bug is suggested by a static analysis tool, please advise.
Upstream (OpenBSD) returns in this error path as well. I suspect that the bug is simply a missing unlock in the error path (the locking is FreeBSD-specific).
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=6d042d7c861a8fffd1784c720720c3b89c7c0883 commit 6d042d7c861a8fffd1784c720720c3b89c7c0883 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-09-10 14:03:51 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-09-10 14:03:51 +0000 wpi: Fix a lock leak in an error path in wpi_run() PR: 258243 Reported by: dinghao.liu@zju.edu.cn MFC after: 1 week sys/dev/wpi/if_wpi.c | 1 + 1 file changed, 1 insertion(+)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=476f87219f408343846254743c7189076be80c04 commit 476f87219f408343846254743c7189076be80c04 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-09-10 14:03:51 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-09-17 13:13:44 +0000 wpi: Fix a lock leak in an error path in wpi_run() PR: 258243 Reported by: dinghao.liu@zju.edu.cn (cherry picked from commit 6d042d7c861a8fffd1784c720720c3b89c7c0883) sys/dev/wpi/if_wpi.c | 1 + 1 file changed, 1 insertion(+)
Thanks for the report.