From 38fcaaaf9ea3449594274788a81e2b908f4352b7 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 1 Jul 2013 11:45:57 -0700 Subject: [PATCH] 3.4-stable patches added patches: pch_uart-fix-a-deadlock-when-pch_uart-as-console.patch --- ...ength-check-in-l2cap_information_rsp.patch | 48 ----------- ...-a-deadlock-when-pch_uart-as-console.patch | 81 +++++++++++++++++++ queue-3.4/series | 2 +- 3 files changed, 82 insertions(+), 49 deletions(-) delete mode 100644 queue-3.4/bluetooth-fix-invalid-length-check-in-l2cap_information_rsp.patch create mode 100644 queue-3.4/pch_uart-fix-a-deadlock-when-pch_uart-as-console.patch diff --git a/queue-3.4/bluetooth-fix-invalid-length-check-in-l2cap_information_rsp.patch b/queue-3.4/bluetooth-fix-invalid-length-check-in-l2cap_information_rsp.patch deleted file mode 100644 index d43822e90fc..00000000000 --- a/queue-3.4/bluetooth-fix-invalid-length-check-in-l2cap_information_rsp.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 3f6fa3d489e127ca5a5b298eabac3ff5dbe0e112 Mon Sep 17 00:00:00 2001 -From: Jaganath Kanakkassery -Date: Fri, 21 Jun 2013 19:55:11 +0530 -Subject: Bluetooth: Fix invalid length check in l2cap_information_rsp() - -From: Jaganath Kanakkassery - -commit 3f6fa3d489e127ca5a5b298eabac3ff5dbe0e112 upstream. - -The length check is invalid since the length varies with type of -info response. - -This was introduced by the commit cb3b3152b2f5939d67005cff841a1ca748b19888 - -Because of this, l2cap info rsp is not handled and command reject is sent. - -> ACL data: handle 11 flags 0x02 dlen 16 - L2CAP(s): Info rsp: type 2 result 0 - Extended feature mask 0x00b8 - Enhanced Retransmission mode - Streaming mode - FCS Option - Fixed Channels -< ACL data: handle 11 flags 0x00 dlen 10 - L2CAP(s): Command rej: reason 0 - Command not understood - -Signed-off-by: Jaganath Kanakkassery -Signed-off-by: Chan-Yeol Park -Acked-by: Johan Hedberg -Signed-off-by: Gustavo Padovan -Signed-off-by: Greg Kroah-Hartman - ---- - net/bluetooth/l2cap_core.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/net/bluetooth/l2cap_core.c -+++ b/net/bluetooth/l2cap_core.c -@@ -3399,7 +3399,7 @@ static inline int l2cap_move_channel_con - struct l2cap_move_chan_cfm_rsp *rsp = data; - u16 icid; - -- if (cmd_len != sizeof(*rsp)) -+ if (cmd_len < sizeof(*rsp)) - return -EPROTO; - - icid = le16_to_cpu(rsp->icid); diff --git a/queue-3.4/pch_uart-fix-a-deadlock-when-pch_uart-as-console.patch b/queue-3.4/pch_uart-fix-a-deadlock-when-pch_uart-as-console.patch new file mode 100644 index 00000000000..eccaeb14a3a --- /dev/null +++ b/queue-3.4/pch_uart-fix-a-deadlock-when-pch_uart-as-console.patch @@ -0,0 +1,81 @@ +From 384e301e3519599b000c1a2ecd938b533fc15d85 Mon Sep 17 00:00:00 2001 +From: Liang Li +Date: Sat, 19 Jan 2013 17:52:10 +0800 +Subject: pch_uart: fix a deadlock when pch_uart as console + +From: Liang Li + +commit 384e301e3519599b000c1a2ecd938b533fc15d85 upstream. + +When we use pch_uart as system console like 'console=ttyPCH0,115200', +then 'send break' to it. We'll encounter the deadlock on a cpu/core, +with interrupts disabled on the core. When we happen to have all irqs +affinity to cpu0 then the deadlock on cpu0 actually deadlock whole +system. + +In pch_uart_interrupt, we have spin_lock_irqsave(&priv->lock, flags) +then call pch_uart_err_ir when break is received. Then the call to +dev_err would actually call to pch_console_write then we'll run into +another spin_lock(&priv->lock), with interrupts disabled. + +So in the call sequence lead by pch_uart_interrupt, we should be +carefully to call functions that will 'print message to console' only +in case the uart port is not being used as serial console. + +Signed-off-by: Liang Li +Cc: Yijing Wang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/pch_uart.c | 33 ++++++++++++++++++++++++--------- + 1 file changed, 24 insertions(+), 9 deletions(-) + +--- a/drivers/tty/serial/pch_uart.c ++++ b/drivers/tty/serial/pch_uart.c +@@ -1034,22 +1034,37 @@ static unsigned int dma_handle_tx(struct + static void pch_uart_err_ir(struct eg20t_port *priv, unsigned int lsr) + { + u8 fcr = ioread8(priv->membase + UART_FCR); ++ struct uart_port *port = &priv->port; ++ struct tty_struct *tty = tty_port_tty_get(&port->state->port); ++ char *error_msg[5] = {}; ++ int i = 0; + + /* Reset FIFO */ + fcr |= UART_FCR_CLEAR_RCVR; + iowrite8(fcr, priv->membase + UART_FCR); + + if (lsr & PCH_UART_LSR_ERR) +- dev_err(&priv->pdev->dev, "Error data in FIFO\n"); ++ error_msg[i++] = "Error data in FIFO\n"; + +- if (lsr & UART_LSR_FE) +- dev_err(&priv->pdev->dev, "Framing Error\n"); +- +- if (lsr & UART_LSR_PE) +- dev_err(&priv->pdev->dev, "Parity Error\n"); +- +- if (lsr & UART_LSR_OE) +- dev_err(&priv->pdev->dev, "Overrun Error\n"); ++ if (lsr & UART_LSR_FE) { ++ port->icount.frame++; ++ error_msg[i++] = " Framing Error\n"; ++ } ++ ++ if (lsr & UART_LSR_PE) { ++ port->icount.parity++; ++ error_msg[i++] = " Parity Error\n"; ++ } ++ ++ if (lsr & UART_LSR_OE) { ++ port->icount.overrun++; ++ error_msg[i++] = " Overrun Error\n"; ++ } ++ ++ if (tty == NULL) { ++ for (i = 0; error_msg[i] != NULL; i++) ++ dev_err(&priv->pdev->dev, error_msg[i]); ++ } + } + + static irqreturn_t pch_uart_interrupt(int irq, void *dev_id) diff --git a/queue-3.4/series b/queue-3.4/series index 977b2228ccf..bb75ddc3df4 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -1,7 +1,6 @@ arm-7755-1-handle-user-space-mapped-pages-in-flush_kernel_dcache_page.patch arm-7772-1-fix-missing-flush_kernel_dcache_page-for-nommu.patch bluetooth-fix-crash-in-l2cap_build_cmd-with-small-mtu.patch -bluetooth-fix-invalid-length-check-in-l2cap_information_rsp.patch hw_breakpoint-use-cpu_possible_mask-in-reserve-release-_bp_slot.patch dlci-acquire-rtnl_lock-before-calling-__dev_get_by_name.patch dlci-validate-the-net-device-in-dlci_del.patch @@ -9,3 +8,4 @@ net-tg3-avoid-delay-during-mmio-access.patch perf-disable-monitoring-on-setuid-processes-for-regular-users.patch ubifs-prepare-to-fix-a-horrid-bug.patch ubifs-fix-a-horrid-bug.patch +pch_uart-fix-a-deadlock-when-pch_uart-as-console.patch -- 2.47.3