From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Marek Roszko <mark.roszko@gmail.com>,
Leilei Zhao <leilei.zhao@atmel.com>,
Nicolas Ferre <nicolas.ferre@atmel.com>
Subject: [PATCH 3.4 19/37] tty/serial: at91: Handle shutdown more safely
Date: Tue, 4 Feb 2014 13:00:55 -0800 [thread overview]
Message-ID: <20140204210056.552522026@linuxfoundation.org> (raw)
In-Reply-To: <20140204210055.992134150@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Roszko <mark.roszko@gmail.com>
commit 0cc7c6c7916b1b6f34350ff1473b80b9f7e459c0 upstream.
Interrupts were being cleaned up late in the shutdown handler, it is possible
that an interrupt can occur and schedule a tasklet that runs after the port is
cleaned up. There is a null dereference due to this race condition with the
following stacktrace:
[<c02092b0>] (atmel_tasklet_func+0x514/0x814) from [<c001fd34>] (tasklet_action+0x70/0xa8)
[<c001fd34>] (tasklet_action+0x70/0xa8) from [<c001f60c>] (__do_softirq+0x90/0x144)
[<c001f60c>] (__do_softirq+0x90/0x144) from [<c001fa18>] (irq_exit+0x40/0x4c)
[<c001fa18>] (irq_exit+0x40/0x4c) from [<c000e298>] (handle_IRQ+0x64/0x84)
[<c000e298>] (handle_IRQ+0x64/0x84) from [<c000d6c0>] (__irq_svc+0x40/0x50)
[<c000d6c0>] (__irq_svc+0x40/0x50) from [<c0208060>] (atmel_rx_dma_release+0x88/0xb8)
[<c0208060>] (atmel_rx_dma_release+0x88/0xb8) from [<c0209740>] (atmel_shutdown+0x104/0x160)
[<c0209740>] (atmel_shutdown+0x104/0x160) from [<c0205e8c>] (uart_port_shutdown+0x2c/0x38)
Signed-off-by: Marek Roszko <mark.roszko@gmail.com>
Acked-by: Leilei Zhao <leilei.zhao@atmel.com>
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/atmel_serial.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1022,12 +1022,24 @@ static int atmel_startup(struct uart_por
static void atmel_shutdown(struct uart_port *port)
{
struct atmel_uart_port *atmel_port = to_atmel_uart_port(port);
+
+ /*
+ * Clear out any scheduled tasklets before
+ * we destroy the buffers
+ */
+ tasklet_kill(&atmel_port->tasklet);
+
/*
- * Ensure everything is stopped.
+ * Ensure everything is stopped and
+ * disable all interrupts, port and break condition.
*/
atmel_stop_rx(port);
atmel_stop_tx(port);
+ UART_PUT_CR(port, ATMEL_US_RSTSTA);
+ UART_PUT_IDR(port, -1);
+
+
/*
* Shut-down the DMA.
*/
@@ -1054,12 +1066,6 @@ static void atmel_shutdown(struct uart_p
}
/*
- * Disable all interrupts, port and break condition.
- */
- UART_PUT_CR(port, ATMEL_US_RSTSTA);
- UART_PUT_IDR(port, -1);
-
- /*
* Free the interrupt
*/
free_irq(port->irq, port);
next prev parent reply other threads:[~2014-02-04 21:00 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-04 21:00 [PATCH 3.4 00/37] 3.4.79-stable review Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 01/37] md/raid5: fix long-standing problem with bitmap handling on write failure Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 02/37] mm: hugetlbfs: fix hugetlbfs optimization Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 03/37] e752x_edac: Fix pci_dev usage count Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 04/37] x86, x32: Correct invalid use of user timespec in the kernel Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 05/37] usb: option: add new zte 3g modem pids to option driver Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 07/37] USB: cypress_m8: fix ring-indicator detection and reporting Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 08/37] USB: Nokia 502 is an unusual device Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 09/37] usb: xhci: Check for XHCI_PLAT in xhci_cleanup_msix() Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 10/37] rtlwifi: rtl8192cu: Add new device ID Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 11/37] rtlwifi: Set the link state Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 12/37] rtlwifi: rtl8192cu: Fix some code in RF handling Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 13/37] b43: Fix lockdep splat Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 14/37] b43: Fix unload oops if firmware is not available Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 15/37] b43legacy: " Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 16/37] b43: fix the wrong assignment of status.freq in b43_rx() Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 17/37] staging: r8712u: Set device type to wlan Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 18/37] staging: vt6656: [BUG] BBvUpdatePreEDThreshold Always set sensitivity on bScanning Greg Kroah-Hartman
2014-02-04 21:00 ` Greg Kroah-Hartman [this message]
2014-02-04 21:00 ` [PATCH 3.4 20/37] ARM: at91: smc: bug fix in sam9_smc_cs_read() Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 21/37] serial: add support for 200 v3 series Titan card Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 22/37] parport: parport_pc: remove double PCI ID for NetMos Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 23/37] rtc-cmos: Add an alarm disable quirk Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 24/37] ASoC: adau1701: Fix ADAU1701_SEROCTL_WORD_LEN_16 constant Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 25/37] ALSA: rme9652: fix a missing comma in channel_map_9636_ds[] Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 26/37] ALSA: Enable CONFIG_ZONE_DMA for smaller PCI DMA masks Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 28/37] bnx2x: fix DMA unmapping of TSO split BDs Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 29/37] inet_diag: fix inet_diag_dump_icsk() timewait socket state logic Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 30/37] net: avoid reference counter overflows on fib_rules in multicast forwarding Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 31/37] net,via-rhine: Fix tx_timeout handling Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 32/37] KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 33/37] usb: core: get config and string descriptors for unauthorized devices Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 34/37] SCSI: bfa: Chinook quad port 16G FC HBA claim issue Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 35/37] target/iscsi: Fix network portal creation race Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 36/37] Btrfs: handle EAGAIN case properly in btrfs_drop_snapshot() Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 37/37] powerpc: Make sure "cache" directory is removed when offlining cpu Greg Kroah-Hartman
2014-02-04 21:52 ` [PATCH 3.4 00/37] 3.4.79-stable review Guillaume Morin
2014-02-04 22:11 ` Greg Kroah-Hartman
2014-02-04 22:22 ` Guillaume Morin
2014-02-04 22:31 ` Greg Kroah-Hartman
2014-02-04 22:48 ` John Stultz
2014-02-04 23:35 ` Greg Kroah-Hartman
2014-02-05 6:36 ` Guenter Roeck
2014-02-05 20:38 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140204210056.552522026@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=leilei.zhao@atmel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.roszko@gmail.com \
--cc=nicolas.ferre@atmel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.