From 44efe16da47fe49f0eb2ec5b00f8e53efb37e0e4 Mon Sep 17 00:00:00 2001 From: Qipan Li Date: Mon, 27 Jan 2014 14:23:39 +0800 Subject: serial: sirf: fix kernel panic caused by unpaired spinlock commit fb78b811422cd2d8c8605949cc4cc13618347ad5 upstream. commit 8b9ade9f74f8a279 coming from Viresh Kumar "tty: serial: sirfsoc: drop uart_port->lock before calling tty_flip_buffer_push()" broke sirfsoc uart driver by knic: [ 5.129122] BUG: spinlock already unlocked on CPU#0, ip6tables/1331 [ 5.132554] lock: sirfsoc_uart_ports+0x4/0x8a0, .magic: dead4ead, .owner: /-1, .owner_cpu: -1 [ 5.141651] CPU: 0 PID: 1331 Comm: ip6tables Tainted: G W O 3.10.16 #3 [ 5.148866] [] (unwind_backtrace+0x0/0xe0) from [] (show_stack+0x10/0x14) [ 5.157362] [] (show_stack+0x10/0x14) from [] (do_raw_spin_unlock+0x40/0xc8) [ 5.166125] [] (do_raw_spin_unlock+0x40/0xc8) from [] (_raw_spin_unlock+0x8/0x40) [ 5.175322] [] (_raw_spin_unlock+0x8/0x40) from [] (sirfsoc_uart_pio_rx_chars+0xa4/0xc0) [ 5.185120] [] (sirfsoc_uart_pio_rx_chars+0xa4/0xc0) from [] (sirfsoc_rx_tmo_process_tl+0xdc/0x1e0) [ 5.195875] [] (sirfsoc_rx_tmo_process_tl+0xdc/0x1e0) from [] (tasklet_action+0x8c/0xec) [ 5.205673] [] (tasklet_action+0x8c/0xec) from [] (__do_softirq+0xec/0x1d4) [ 5.214347] [] (__do_softirq+0xec/0x1d4) from [] (do_softirq+0x48/0x54) [ 5.222674] [] (do_softirq+0x48/0x54) from [] (irq_exit+0x74/0xc0) [ 5.230573] [] (irq_exit+0x74/0xc0) from [] (handle_IRQ+0x6c/0x90) [ 5.238465] [] (handle_IRQ+0x6c/0x90) from [] (__irq_svc+0x40/0x70) [ 5.246446] [] (__irq_svc+0x40/0x70) from [] (mark_page_accessed+0xc/0x68) [ 5.255034] [] (mark_page_accessed+0xc/0x68) from [] (unmap_single_vma+0x3bc/0x550) [ 5.264402] [] (unmap_single_vma+0x3bc/0x550) from [] (unmap_vmas+0x44/0x54) [ 5.273164] [] (unmap_vmas+0x44/0x54) from [] (exit_mmap+0xc4/0x1e0) [ 5.281233] [] (exit_mmap+0xc4/0x1e0) from [] (mmput+0x3c/0xdc) [ 5.288868] [] (mmput+0x3c/0xdc) from [] (do_exit+0x30c/0x828) [ 5.296413] [] (do_exit+0x30c/0x828) from [] (do_group_exit+0x4c/0xb0) [ 5.304653] [] (do_group_exit+0x4c/0xb0) from [] (__wake_up_parent+0x0/0x18) Root cause: the commit dropped uart_port->lock before calling tty_flip_buffer_push(), but in sirfsoc-uart, sirfsoc_uart_pio_rx_chars() can be called by sirfsoc_rx_tmo_process_tl(). here uart_port->lock has not been taken yet. so that caused unpaired lock/unlock. Solution: This patch is doing a quick fix for that, it adds spin_lock/unlock(&port->lock) protect to sirfsoc_uart_pio_rx_chars() in sirfsoc_rx_tmo_process_tl() to keep spin_lock/unlock in pair. Signed-off-by: Qipan Li Signed-off-by: Barry Song Signed-off-by: Greg Kroah-Hartman --- drivers/tty/serial/sirfsoc_uart.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'drivers/tty') diff --git a/drivers/tty/serial/sirfsoc_uart.c b/drivers/tty/serial/sirfsoc_uart.c index 61c1ad03db5b..a72c33f8e263 100644 --- a/drivers/tty/serial/sirfsoc_uart.c +++ b/drivers/tty/serial/sirfsoc_uart.c @@ -540,8 +540,10 @@ static void sirfsoc_rx_tmo_process_tl(unsigned long param) wr_regl(port, ureg->sirfsoc_rx_dma_io_ctrl, rd_regl(port, ureg->sirfsoc_rx_dma_io_ctrl) | SIRFUART_IO_MODE); - sirfsoc_uart_pio_rx_chars(port, 4 - sirfport->rx_io_count); spin_unlock_irqrestore(&sirfport->rx_lock, flags); + spin_lock(&port->lock); + sirfsoc_uart_pio_rx_chars(port, 4 - sirfport->rx_io_count); + spin_unlock(&port->lock); if (sirfport->rx_io_count == 4) { spin_lock_irqsave(&sirfport->rx_lock, flags); sirfport->rx_io_count = 0; -- cgit v1.2.3