serial: tegra: Handle another RX race condition
Commit853a699739
("serial: tegra: handle race condition on uart rx side") attempted to fix a race condition between the RX end of transmission interrupt and RX DMA completion callback. Despite this fix there is still another case where these two paths can race and result in duplicated data. The race condition is as follows: 1. DMA completion interrupt occurs and schedules tasklet to call DMA callback. 2. DMA callback for the UART driver starts to execute. This will copy the data from the DMA buffer and restart the DMA. This is done under uart port spinlock. 3. During the callback, UART interrupt is raised for end of receive. The UART ISR runs and waits to acquire port spinlock held by the DMA callback. 4. DMA callback gives up spinlock after copying the data, but before restarting DMA. 5. UART ISR acquires the spin lock and reads the same DMA buffer because DMA has not been restarted yet. The release of the spinlock during the DMA callback was introduced by commit9b88748b36
("tty: serial: tegra: drop uart_port->lock before calling tty_flip_buffer_push()") to fix a spinlock lock-up issue when calling tty_flip_buffer_push(). However, since then commita9c3f68f3c
("tty: Fix low_latency BUG") migrated tty_flip_buffer_push() to always use a workqueue, allowing tty_flip_buffer_push() to be called from within atomic sections. Therefore, we can remove the unlocking of the spinlock from the DMA callback and UART ISR and this will ensure that the race condition no longer occurs. Reported-by: Christopher Freeman <cfreeman@nvidia.com> Signed-off-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
0abcc6df07
commit
2a24bb28a3
1 changed files with 2 additions and 8 deletions
|
@ -607,9 +607,7 @@ static void tegra_uart_rx_dma_complete(void *args)
|
|||
|
||||
tegra_uart_handle_rx_pio(tup, port);
|
||||
if (tty) {
|
||||
spin_unlock_irqrestore(&u->lock, flags);
|
||||
tty_flip_buffer_push(port);
|
||||
spin_lock_irqsave(&u->lock, flags);
|
||||
tty_kref_put(tty);
|
||||
}
|
||||
tegra_uart_start_rx_dma(tup);
|
||||
|
@ -622,13 +620,11 @@ static void tegra_uart_rx_dma_complete(void *args)
|
|||
spin_unlock_irqrestore(&u->lock, flags);
|
||||
}
|
||||
|
||||
static void tegra_uart_handle_rx_dma(struct tegra_uart_port *tup,
|
||||
unsigned long *flags)
|
||||
static void tegra_uart_handle_rx_dma(struct tegra_uart_port *tup)
|
||||
{
|
||||
struct dma_tx_state state;
|
||||
struct tty_struct *tty = tty_port_tty_get(&tup->uport.state->port);
|
||||
struct tty_port *port = &tup->uport.state->port;
|
||||
struct uart_port *u = &tup->uport;
|
||||
unsigned int count;
|
||||
|
||||
/* Deactivate flow control to stop sender */
|
||||
|
@ -645,9 +641,7 @@ static void tegra_uart_handle_rx_dma(struct tegra_uart_port *tup,
|
|||
|
||||
tegra_uart_handle_rx_pio(tup, port);
|
||||
if (tty) {
|
||||
spin_unlock_irqrestore(&u->lock, *flags);
|
||||
tty_flip_buffer_push(port);
|
||||
spin_lock_irqsave(&u->lock, *flags);
|
||||
tty_kref_put(tty);
|
||||
}
|
||||
tegra_uart_start_rx_dma(tup);
|
||||
|
@ -714,7 +708,7 @@ static irqreturn_t tegra_uart_isr(int irq, void *data)
|
|||
iir = tegra_uart_read(tup, UART_IIR);
|
||||
if (iir & UART_IIR_NO_INT) {
|
||||
if (is_rx_int) {
|
||||
tegra_uart_handle_rx_dma(tup, &flags);
|
||||
tegra_uart_handle_rx_dma(tup);
|
||||
if (tup->rx_in_progress) {
|
||||
ier = tup->ier_shadow;
|
||||
ier |= (UART_IER_RLSI | UART_IER_RTOIE |
|
||||
|
|
Loading…
Reference in a new issue