From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Marek Roszko <mark.roszko@gmail.com>,
Leilei Zhao <leilei.zhao@atmel.com>,
Nicolas Ferre <nicolas.ferre@atmel.com>
Subject: [PATCH 3.4 19/37] tty/serial: at91: Handle shutdown more safely
Date: Tue, 4 Feb 2014 13:00:55 -0800 [thread overview]
Message-ID: <20140204210056.552522026@linuxfoundation.org> (raw)
In-Reply-To: <20140204210055.992134150@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Roszko <mark.roszko@gmail.com>
commit 0cc7c6c7916b1b6f34350ff1473b80b9f7e459c0 upstream.
Interrupts were being cleaned up late in the shutdown handler, it is possible
that an interrupt can occur and schedule a tasklet that runs after the port is
cleaned up. There is a null dereference due to this race condition with the
following stacktrace:
[<c02092b0>] (atmel_tasklet_func+0x514/0x814) from [<c001fd34>] (tasklet_action+0x70/0xa8)
[<c001fd34>] (tasklet_action+0x70/0xa8) from [<c001f60c>] (__do_softirq+0x90/0x144)
[<c001f60c>] (__do_softirq+0x90/0x144) from [<c001fa18>] (irq_exit+0x40/0x4c)
[<c001fa18>] (irq_exit+0x40/0x4c) from [<c000e298>] (handle_IRQ+0x64/0x84)
[<c000e298>] (handle_IRQ+0x64/0x84) from [<c000d6c0>] (__irq_svc+0x40/0x50)
[<c000d6c0>] (__irq_svc+0x40/0x50) from [<c0208060>] (atmel_rx_dma_release+0x88/0xb8)
[<c0208060>] (atmel_rx_dma_release+0x88/0xb8) from [<c0209740>] (atmel_shutdown+0x104/0x160)
[<c0209740>] (atmel_shutdown+0x104/0x160) from [<c0205e8c>] (uart_port_shutdown+0x2c/0x38)
Signed-off-by: Marek Roszko <mark.roszko@gmail.com>
Acked-by: Leilei Zhao <leilei.zhao@atmel.com>
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/atmel_serial.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1022,12 +1022,24 @@ static int atmel_startup(struct uart_por
static void atmel_shutdown(struct uart_port *port)
{
struct atmel_uart_port *atmel_port = to_atmel_uart_port(port);
+
+ /*
+ * Clear out any scheduled tasklets before
+ * we destroy the buffers
+ */
+ tasklet_kill(&atmel_port->tasklet);
+
/*
- * Ensure everything is stopped.
+ * Ensure everything is stopped and
+ * disable all interrupts, port and break condition.
*/
atmel_stop_rx(port);
atmel_stop_tx(port);
+ UART_PUT_CR(port, ATMEL_US_RSTSTA);
+ UART_PUT_IDR(port, -1);
+
+
/*
* Shut-down the DMA.
*/
@@ -1054,12 +1066,6 @@ static void atmel_shutdown(struct uart_p
}
/*
- * Disable all interrupts, port and break condition.
- */
- UART_PUT_CR(port, ATMEL_US_RSTSTA);
- UART_PUT_IDR(port, -1);
-
- /*
* Free the interrupt
*/
free_irq(port->irq, port);
next prev parent reply other threads:[~2014-02-04 21:00 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-04 21:00 [PATCH 3.4 00/37] 3.4.79-stable review Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 01/37] md/raid5: fix long-standing problem with bitmap handling on write failure Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 02/37] mm: hugetlbfs: fix hugetlbfs optimization Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 03/37] e752x_edac: Fix pci_dev usage count Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 04/37] x86, x32: Correct invalid use of user timespec in the kernel Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 05/37] usb: option: add new zte 3g modem pids to option driver Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 07/37] USB: cypress_m8: fix ring-indicator detection and reporting Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 08/37] USB: Nokia 502 is an unusual device Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 09/37] usb: xhci: Check for XHCI_PLAT in xhci_cleanup_msix() Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 10/37] rtlwifi: rtl8192cu: Add new device ID Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 11/37] rtlwifi: Set the link state Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 12/37] rtlwifi: rtl8192cu: Fix some code in RF handling Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 13/37] b43: Fix lockdep splat Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 14/37] b43: Fix unload oops if firmware is not available Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 15/37] b43legacy: " Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 16/37] b43: fix the wrong assignment of status.freq in b43_rx() Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 17/37] staging: r8712u: Set device type to wlan Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 18/37] staging: vt6656: [BUG] BBvUpdatePreEDThreshold Always set sensitivity on bScanning Greg Kroah-Hartman
2014-02-04 21:00 ` Greg Kroah-Hartman [this message]
2014-02-04 21:00 ` [PATCH 3.4 20/37] ARM: at91: smc: bug fix in sam9_smc_cs_read() Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 21/37] serial: add support for 200 v3 series Titan card Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 22/37] parport: parport_pc: remove double PCI ID for NetMos Greg Kroah-Hartman
2014-02-04 21:00 ` [PATCH 3.4 23/37] rtc-cmos: Add an alarm disable quirk Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 24/37] ASoC: adau1701: Fix ADAU1701_SEROCTL_WORD_LEN_16 constant Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 25/37] ALSA: rme9652: fix a missing comma in channel_map_9636_ds[] Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 26/37] ALSA: Enable CONFIG_ZONE_DMA for smaller PCI DMA masks Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 28/37] bnx2x: fix DMA unmapping of TSO split BDs Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 29/37] inet_diag: fix inet_diag_dump_icsk() timewait socket state logic Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 30/37] net: avoid reference counter overflows on fib_rules in multicast forwarding Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 31/37] net,via-rhine: Fix tx_timeout handling Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 32/37] KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 33/37] usb: core: get config and string descriptors for unauthorized devices Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 34/37] SCSI: bfa: Chinook quad port 16G FC HBA claim issue Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 35/37] target/iscsi: Fix network portal creation race Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 36/37] Btrfs: handle EAGAIN case properly in btrfs_drop_snapshot() Greg Kroah-Hartman
2014-02-04 21:01 ` [PATCH 3.4 37/37] powerpc: Make sure "cache" directory is removed when offlining cpu Greg Kroah-Hartman
2014-02-04 21:52 ` [PATCH 3.4 00/37] 3.4.79-stable review Guillaume Morin
2014-02-04 22:11 ` Greg Kroah-Hartman
2014-02-04 22:22 ` Guillaume Morin
2014-02-04 22:31 ` Greg Kroah-Hartman
2014-02-04 22:48 ` John Stultz
2014-02-04 23:35 ` Greg Kroah-Hartman
2014-02-05 6:36 ` Guenter Roeck
2014-02-05 20:38 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140204210056.552522026@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=leilei.zhao@atmel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.roszko@gmail.com \
--cc=nicolas.ferre@atmel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).