This is a note to let you know that I've just added the patch titled
tty/serial: at91: Handle shutdown more safely
to the 3.12-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
tty-serial-at91-handle-shutdown-more-safely.patch
and it can be found in the queue-3.12 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 0cc7c6c7916b1b6f34350ff1473b80b9f7e459c0 Mon Sep 17 00:00:00 2001
From: Marek Roszko <[email protected]>
Date: Tue, 7 Jan 2014 11:45:06 +0100
Subject: tty/serial: at91: Handle shutdown more safely
From: Marek Roszko <[email protected]>
commit 0cc7c6c7916b1b6f34350ff1473b80b9f7e459c0 upstream.
Interrupts were being cleaned up late in the shutdown handler, it is possible
that an interrupt can occur and schedule a tasklet that runs after the port is
cleaned up. There is a null dereference due to this race condition with the
following stacktrace:
[<c02092b0>] (atmel_tasklet_func+0x514/0x814) from [<c001fd34>]
(tasklet_action+0x70/0xa8)
[<c001fd34>] (tasklet_action+0x70/0xa8) from [<c001f60c>]
(__do_softirq+0x90/0x144)
[<c001f60c>] (__do_softirq+0x90/0x144) from [<c001fa18>] (irq_exit+0x40/0x4c)
[<c001fa18>] (irq_exit+0x40/0x4c) from [<c000e298>] (handle_IRQ+0x64/0x84)
[<c000e298>] (handle_IRQ+0x64/0x84) from [<c000d6c0>] (__irq_svc+0x40/0x50)
[<c000d6c0>] (__irq_svc+0x40/0x50) from [<c0208060>]
(atmel_rx_dma_release+0x88/0xb8)
[<c0208060>] (atmel_rx_dma_release+0x88/0xb8) from [<c0209740>]
(atmel_shutdown+0x104/0x160)
[<c0209740>] (atmel_shutdown+0x104/0x160) from [<c0205e8c>]
(uart_port_shutdown+0x2c/0x38)
Signed-off-by: Marek Roszko <[email protected]>
Acked-by: Leilei Zhao <[email protected]>
Signed-off-by: Nicolas Ferre <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/tty/serial/atmel_serial.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1633,12 +1633,24 @@ static int atmel_startup(struct uart_por
static void atmel_shutdown(struct uart_port *port)
{
struct atmel_uart_port *atmel_port = to_atmel_uart_port(port);
+
+ /*
+ * Clear out any scheduled tasklets before
+ * we destroy the buffers
+ */
+ tasklet_kill(&atmel_port->tasklet);
+
/*
- * Ensure everything is stopped.
+ * Ensure everything is stopped and
+ * disable all interrupts, port and break condition.
*/
atmel_stop_rx(port);
atmel_stop_tx(port);
+ UART_PUT_CR(port, ATMEL_US_RSTSTA);
+ UART_PUT_IDR(port, -1);
+
+
/*
* Shut-down the DMA.
*/
@@ -1648,12 +1660,6 @@ static void atmel_shutdown(struct uart_p
atmel_port->release_tx(port);
/*
- * Disable all interrupts, port and break condition.
- */
- UART_PUT_CR(port, ATMEL_US_RSTSTA);
- UART_PUT_IDR(port, -1);
-
- /*
* Free the interrupt
*/
free_irq(port->irq, port);
Patches currently in stable-queue which might be from [email protected] are
queue-3.12/tty-serial-at91-disable-uart-timer-at-start-of-shutdown.patch
queue-3.12/tty-serial-at91-fix-race-condition-in-atmel_serial_remove.patch
queue-3.12/tty-serial-at91-handle-shutdown-more-safely.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
