From: Tomas Melin Date: Fri, 27 Oct 2017 12:16:30 +0000 (+0300) Subject: serial: 8250: fix potential deadlock in rs485-mode X-Git-Tag: v4.14.233~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7d0f2440978f7d5e72b6f86af01e49f6e545690;p=thirdparty%2Fkernel%2Fstable.git serial: 8250: fix potential deadlock in rs485-mode [ Upstream commit b86f86e8e7c5264bb8f5835d60f9ec840d9f5a7a ] Canceling hrtimer when holding uart spinlock can deadlock. CPU0: syscall write -> get uart port spinlock -> write uart -> start_tx_rs485 -> hrtimer_cancel -> wait for hrtimer callback to finish CPU1: hrtimer IRQ -> run hrtimer -> em485_handle_stop_tx -> get uart port spinlock CPU0 is waiting for the hrtimer callback to finish, but the hrtimer callback running on CPU1 is waiting to get the uart port spinlock. This deadlock can be avoided by not canceling the hrtimers in these paths. Setting active_timer=NULL can be done without accessing hrtimer, and that will effectively cancel operations that would otherwise have been performed by the hrtimer callback. Signed-off-by: Tomas Melin Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin --- diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 9880a50d664fc..25e8ccd6865ae 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -1527,7 +1527,6 @@ static inline void __stop_tx(struct uart_8250_port *p) return; em485->active_timer = NULL; - hrtimer_cancel(&em485->start_tx_timer); __stop_tx_rs485(p); } @@ -1591,8 +1590,6 @@ static inline void start_tx_rs485(struct uart_port *port) serial8250_stop_rx(&up->port); em485->active_timer = NULL; - if (hrtimer_is_queued(&em485->stop_tx_timer)) - hrtimer_cancel(&em485->stop_tx_timer); mcr = serial8250_in_MCR(up); if (!!(up->port.rs485.flags & SER_RS485_RTS_ON_SEND) !=