diff options
| author | Marek Roszko <mark.roszko@gmail.com> | 2014-01-07 05:45:06 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-01-07 20:10:24 -0500 |
| commit | 0cc7c6c7916b1b6f34350ff1473b80b9f7e459c0 (patch) | |
| tree | 4f991a5b7e2edc12ffb93796cd4de7474c877735 | |
| parent | df8d4aa0d84995bf7fb8d8a978a0d67fff6ca53a (diff) | |
tty/serial: at91: Handle shutdown more safely
Interrupts were being cleaned up late in the shutdown handler, it is possible
that an interrupt can occur and schedule a tasklet that runs after the port is
cleaned up. There is a null dereference due to this race condition with the
following stacktrace:
[<c02092b0>] (atmel_tasklet_func+0x514/0x814) from [<c001fd34>] (tasklet_action+0x70/0xa8)
[<c001fd34>] (tasklet_action+0x70/0xa8) from [<c001f60c>] (__do_softirq+0x90/0x144)
[<c001f60c>] (__do_softirq+0x90/0x144) from [<c001fa18>] (irq_exit+0x40/0x4c)
[<c001fa18>] (irq_exit+0x40/0x4c) from [<c000e298>] (handle_IRQ+0x64/0x84)
[<c000e298>] (handle_IRQ+0x64/0x84) from [<c000d6c0>] (__irq_svc+0x40/0x50)
[<c000d6c0>] (__irq_svc+0x40/0x50) from [<c0208060>] (atmel_rx_dma_release+0x88/0xb8)
[<c0208060>] (atmel_rx_dma_release+0x88/0xb8) from [<c0209740>] (atmel_shutdown+0x104/0x160)
[<c0209740>] (atmel_shutdown+0x104/0x160) from [<c0205e8c>] (uart_port_shutdown+0x2c/0x38)
Signed-off-by: Marek Roszko <mark.roszko@gmail.com>
Acked-by: Leilei Zhao <leilei.zhao@atmel.com>
Cc: <stable@vger.kernel.org> # v3.12
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | drivers/tty/serial/atmel_serial.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c index c7d99af46a96..48ea47a32d5f 100644 --- a/drivers/tty/serial/atmel_serial.c +++ b/drivers/tty/serial/atmel_serial.c | |||
| @@ -1650,12 +1650,24 @@ static int atmel_startup(struct uart_port *port) | |||
| 1650 | static void atmel_shutdown(struct uart_port *port) | 1650 | static void atmel_shutdown(struct uart_port *port) |
| 1651 | { | 1651 | { |
| 1652 | struct atmel_uart_port *atmel_port = to_atmel_uart_port(port); | 1652 | struct atmel_uart_port *atmel_port = to_atmel_uart_port(port); |
| 1653 | |||
| 1653 | /* | 1654 | /* |
| 1654 | * Ensure everything is stopped. | 1655 | * Clear out any scheduled tasklets before |
| 1656 | * we destroy the buffers | ||
| 1657 | */ | ||
| 1658 | tasklet_kill(&atmel_port->tasklet); | ||
| 1659 | |||
| 1660 | /* | ||
| 1661 | * Ensure everything is stopped and | ||
| 1662 | * disable all interrupts, port and break condition. | ||
| 1655 | */ | 1663 | */ |
| 1656 | atmel_stop_rx(port); | 1664 | atmel_stop_rx(port); |
| 1657 | atmel_stop_tx(port); | 1665 | atmel_stop_tx(port); |
| 1658 | 1666 | ||
| 1667 | UART_PUT_CR(port, ATMEL_US_RSTSTA); | ||
| 1668 | UART_PUT_IDR(port, -1); | ||
| 1669 | |||
| 1670 | |||
| 1659 | /* | 1671 | /* |
| 1660 | * Shut-down the DMA. | 1672 | * Shut-down the DMA. |
| 1661 | */ | 1673 | */ |
| @@ -1665,12 +1677,6 @@ static void atmel_shutdown(struct uart_port *port) | |||
| 1665 | atmel_port->release_tx(port); | 1677 | atmel_port->release_tx(port); |
| 1666 | 1678 | ||
| 1667 | /* | 1679 | /* |
| 1668 | * Disable all interrupts, port and break condition. | ||
| 1669 | */ | ||
| 1670 | UART_PUT_CR(port, ATMEL_US_RSTSTA); | ||
| 1671 | UART_PUT_IDR(port, -1); | ||
| 1672 | |||
| 1673 | /* | ||
| 1674 | * Free the interrupt | 1680 | * Free the interrupt |
| 1675 | */ | 1681 | */ |
| 1676 | free_irq(port->irq, port); | 1682 | free_irq(port->irq, port); |