https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289120
--- Comment #4 from Qiu-ji Chen <[email protected]> --- (In reply to Ahmad Khalifa from comment #3) Hi Ahmad, Thanks for looking into this. I believe there might be a misunderstanding regarding the lock. The priv->mtx lock is part of the gpioc_cdevpriv struct, which is defined within /source/sys/dev/gpio/gpioc.c. The generic kqueue framework in /sys/kern/kern_event.c calls gpioc_kqread() via a function pointer but has no knowledge of this driver-private structure or its lock, and therefore cannot hold it. This creates a potential race condition, as the unprotected reads can run concurrently with functions that modify the event queue, such as gpioc_read() and gpioc_interrupt_handler(). We found this issue using a custom static analysis tool that has identified numerous confirmed bugs in both Linux and FreeBSD. While we have built PoCs for many of the Linux bugs, we are still getting familiar with the FreeBSD environment but will attempt to create a PoC for this one. Thanks, Qiu-ji Chen -- You are receiving this mail because: You are the assignee for the bug.
