[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMuHMdUEvft0B9WdfZ936ccomZW4Qea8MVNSj-Q-Dyn8EKSUdA@mail.gmail.com>
Date: Wed, 24 Apr 2024 11:48:59 +0200
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: Wolfram Sang <wsa+renesas@...g-engineering.com>
Cc: linux-renesas-soc@...r.kernel.org, Dirk Behme <dirk.behme@...bosch.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Jiri Slaby <jirislaby@...nel.org>,
Geert Uytterhoeven <geert+renesas@...der.be>, Aleksandar Mitev <amitev@...teon.com>,
linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org
Subject: Re: [RFC PATCH 2/2] serial: sh-sci: always cancel hrtimer when DMA RX
is invalidated
Hi Wolfram,
On Tue, Apr 16, 2024 at 2:35 PM Wolfram Sang
<wsa+renesas@...g-engineering.com> wrote:
> Clear the timer whenever 'chan_rx' is cleared to avoid an OOPS.
> Currently, the driver only runs the timer when 'chan_rx' is set before.
> However, it is good defensive programming to make sure the hrtimer is
> always stopped before clearing the 'chan_rx' pointer.
>
> Reported-by: Dirk Behme <dirk.behme@...bosch.com>
> Closes: https://lore.kernel.org/r/ee6c9e16-9f29-450e-81da-4a8dceaa8fc7@debosch.com
> Fixes: 9ab765566086 ("serial: sh-sci: Remove timer on shutdown of port")
> Signed-off-by: Wolfram Sang <wsa+renesas@...g-engineering.com>
Thanks for your patch!
> Locking needs to be double-checked here. This patch is mainly calling
> for opinions.
I do think you need to cancel the timer: even when not restarting
the timer in sci_dma_rx_complete() due to a DMA failure, the previous
timer may still be running, and will cause a NULL pointer dereference
on s->chan_rx on timer expiry.
> --- a/drivers/tty/serial/sh-sci.c
> +++ b/drivers/tty/serial/sh-sci.c
> @@ -1262,6 +1262,7 @@ static void sci_dma_rx_chan_invalidate(struct sci_port *s)
> {
> unsigned int i;
>
> + hrtimer_cancel(&s->rx_timer);
Is it safe to do this unconditionally on shutdown (cfr. the old check
for s->chan_rx_saved)?
> s->chan_rx = NULL;
> for (i = 0; i < ARRAY_SIZE(s->cookie_rx); i++)
> s->cookie_rx[i] = -EINVAL;
> @@ -2242,14 +2243,6 @@ static void sci_shutdown(struct uart_port *port)
> scr & (SCSCR_CKE1 | SCSCR_CKE0 | s->hscif_tot));
> uart_port_unlock_irqrestore(port, flags);
>
> -#ifdef CONFIG_SERIAL_SH_SCI_DMA
> - if (s->chan_rx_saved) {
> - dev_dbg(port->dev, "%s(%d) deleting rx_timer\n", __func__,
> - port->line);
> - hrtimer_cancel(&s->rx_timer);
> - }
> -#endif
> -
> if (s->rx_trigger > 1 && s->rx_fifo_timeout > 0)
> del_timer_sync(&s->rx_fifo_timer);
> sci_free_irq(s);
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68korg
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Powered by blists - more mailing lists