[Bug 252165] mii bus media status race condition

Mon Mar 1 17:25:22 UTC 2021

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252165

--- Comment #13 from Ali Abdallah <ali.abdallah at suse.com> ---
I had a better look at the code, and I think I have an explanation of what is
the root cause of the issue. 

The function uether_rxflush releases the lock, causing a mess up with
lock/unlock orders.

void
uether_rxflush(struct usb_ether *ue)
{
        ...       
        UE_LOCK_ASSERT(ue, MA_OWNED);

        n = mbufq_flush(&ue->ue_rxq);
        UE_UNLOCK(ue);
        NET_EPOCH_ENTER(et);
        ...
        NET_EPOCH_EXIT(et);
        UE_LOCK(ue);
}   

I've dtraced the calls

2  64153           ure_ifmedia_sts:return      155646206056
0  64153           ure_ifmedia_sts:return      155647214955
0  64152            ure_ifmedia_sts:entry      155647476515
2  64153           ure_ifmedia_sts:return      155648459628
2  64152            ure_ifmedia_sts:entry      155648490676
1  64220             uether_rxflush:entry      155649463422  <-
0  64153           ure_ifmedia_sts:return      155649466344  <-
1  64221            uether_rxflush:return      155649488201

When uether_rxflush:entry is called, it has the lock, but then it is releasing
it and re-acquiring it later, causing the mess with ure_ifmedia_sts IMHO.

-- 
You are receiving this mail because:
You are the assignee for the bug.