From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tycho Andersen Subject: Re: [PATCH] uart: Fix crash in uart_write and uart_put_char Date: Wed, 16 Jan 2019 11:40:03 -0700 Message-ID: <20190116184003.GF1642@cisco> References: <1547663287-4890-1-git-send-email-samir@embedur.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <1547663287-4890-1-git-send-email-samir@embedur.com> Sender: linux-kernel-owner@vger.kernel.org To: samir@embedur.com Cc: gregkh@linuxfoundation.org, jslaby@suse.co, linux-serial@vger.kernel.org, linux-kernel@vger.kernel.org List-Id: linux-serial@vger.kernel.org On Wed, Jan 16, 2019 at 10:28:07AM -0800, samir@embedur.com wrote: > From: Samir Virmani > > We were experiencing a crash similar to the one reported as part of > commit:a5ba1d95e46e ("uart: fix race between uart_put_char() and > uart_shutdown()") in our testbed as well. We continue to observe the same > crash after integrating the commit a5ba1d95e46e ("uart: fix race between > uart_put_char() and uart_shutdown()") > > On reviewing the change, the port lock should be taken prior to checking for > if (!circ->buf) in fn. __uart_put_char and other fns. that update the buffer > uart_state->xmit. > > Traceback: > > [11/27/2018 06:24:32.4870] Unable to handle kernel NULL pointer dereference > at virtual address 0000003b > > [11/27/2018 06:24:32.4950] PC is at memcpy+0x48/0x180 > [11/27/2018 06:24:32.4950] LR is at uart_write+0x74/0x120 > [11/27/2018 06:24:32.4950] pc : [] > lr : [] pstate: 000001c5 > [11/27/2018 06:24:32.4950] sp : ffffffc076433d30 > [11/27/2018 06:24:32.4950] x29: ffffffc076433d30 x28: 0000000000000140 > [11/27/2018 06:24:32.4950] x27: ffffffc0009b9d5e x26: ffffffc07ce36580 > [11/27/2018 06:24:32.4950] x25: 0000000000000000 x24: 0000000000000140 > [11/27/2018 06:24:32.4950] x23: ffffffc000891200 x22: ffffffc01fc34000 > [11/27/2018 06:24:32.4950] x21: 0000000000000fff x20: 0000000000000076 > [11/27/2018 06:24:32.4950] x19: 0000000000000076 x18: 0000000000000000 > [11/27/2018 06:24:32.4950] x17: 000000000047cf08 x16: ffffffc000099e68 > [11/27/2018 06:24:32.4950] x15: 0000000000000018 x14: 776d726966205948 > [11/27/2018 06:24:32.4950] x13: 50203a6c6974755f x12: 74647075205d3333 > [11/27/2018 06:24:32.4950] x11: 3a35323a36203831 x10: 30322f37322f3131 > [11/27/2018 06:24:32.4950] x9 : 5b205d303638342e x8 : 746164206f742070 > [11/27/2018 06:24:32.4950] x7 : 7520736920657261 x6 : 000000000000003b > [11/27/2018 06:24:32.4950] x5 : 000000000000817a x4 : 0000000000000008 > [11/27/2018 06:24:32.4950] x3 : 2f37322f31312a5b x2 : 000000000000006e > [11/27/2018 06:24:32.4950] x1 : ffffffc0009b9cf0 x0 : 000000000000003b > > [11/27/2018 06:24:32.4950] CPU2: stopping > [11/27/2018 06:24:32.4950] CPU: 2 PID: 0 Comm: swapper/2 Tainted: P D O 4.1.51 #3 > [11/27/2018 06:24:32.4950] Hardware name: Broadcom-v8A (DT) > [11/27/2018 06:24:32.4950] Call trace: > [11/27/2018 06:24:32.4950] [] dump_backtrace+0x0/0x150 > [11/27/2018 06:24:32.4950] [] show_stack+0x14/0x20 > [11/27/2018 06:24:32.4950] [] dump_stack+0x90/0xb0 > [11/27/2018 06:24:32.4950] [] handle_IPI+0x18c/0x1a0 > [11/27/2018 06:24:32.4950] [] gic_handle_irq+0x88/0x90 > > Fixes: a5ba1d95e46e ("uart: fix race between uart_put_char() and > uart_shutdown()") > Signed-off-by: Samir Virmani > Cc: Tycho Andersen Acked-by: Tycho Andersen Thanks, Tycho