speakup crashes with kernel 5.4.69

John Covici covici at ccs.covici.com
Sun Nov 8 06:15:46 EST 2020 

The new patch seems to work fine, after limited testing.  Thanks.

On Tue, 03 Nov 2020 15:45:26 -0500,
Samuel Thibault wrote:
> 
> [1  <text/plain; us-ascii (7bit)>]
> John Covici, le mar. 03 nov. 2020 14:21:10 -0500, a ecrit:
> > I am sorry to  report that your patch does not work, probably because
> > it references drivers/accessibility rather than staging.  If that is
> > the case, I could change it and try again, or let me know.
> 
> Ah, yes, sorry, that should rather be staging, here is a fixed patch.
> 
> Samuel
> [2 speakup_in_nowait <text/plain; us-ascii (7bit)>]
> speakup ttyio: Do not schedule() in ttyio_in_nowait
> 
> With the ltlk and spkout drivers, the index read function, i.e.
> in_nowait, is getting called from the read_all_doc mechanism, from
> the timer softirq:
> 
> Call Trace:
>  <IRQ>
>  dump_stack+0x71/0x98
>  dequeue_task_idle+0x1f/0x28
>  __schedule+0x167/0x5d6
>  ? trace_hardirqs_on+0x2e/0x3a
>  ? usleep_range+0x7f/0x7f
>  schedule+0x8a/0xae
>  schedule_timeout+0xb1/0xea
>  ? del_timer_sync+0x31/0x31
>  do_wait_for_common+0xba/0x12b
>  ? wake_up_q+0x45/0x45
>  wait_for_common+0x37/0x50
>  ttyio_in+0x2a/0x6b
>  spk_ttyio_in_nowait+0xc/0x13
>  spk_get_index_count+0x20/0x93
>  cursor_done+0x1c6/0x4c6
>  ? read_all_doc+0xb1/0xb1
>  call_timer_fn+0x89/0x140
>  run_timer_softirq+0x164/0x1a5
>  ? read_all_doc+0xb1/0xb1
>  ? hrtimer_forward+0x7b/0x87
>  ? timerqueue_add+0x62/0x68
>  ? enqueue_hrtimer+0x95/0x9f
>  __do_softirq+0x181/0x31f
>  irq_exit+0x6a/0x86
> smp_apic_timer_interrupt+0x15e/0x183
>  apic_timer_interrupt+0xf/0x20
>  </IRQ>
> 
> We thus should not schedule() at all, even with timeout == 0, this
> crashes the kernel.  We can however use try_wait_for_completion()
> instead of wait_for_completion_timeout(0).
> 
> Cc: stable at vger.kernel.org
> Signed-off-by: Samuel Thibault <samuel.thibault at ens-lyon.org>
> Reported-by: John Covici <covici at ccs.covici.com>
> TODO Tested-by: John Covici <covici at ccs.covici.com>
> 
> ---
>  drivers/staging/speakup/spk_ttyio.c |   10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> --- a/drivers/staging/speakup/spk_ttyio.c
> +++ b/drivers/staging/speakup/spk_ttyio.c
> @@ -298,11 +298,13 @@ static unsigned char ttyio_in(int timeou
>  	struct spk_ldisc_data *ldisc_data = speakup_tty->disc_data;
>  	char rv;
>  
> -	if (wait_for_completion_timeout(&ldisc_data->completion,
> +	if (!timeout) {
> +		if (!try_wait_for_completion(&ldisc_data->completion))
> +			return 0xff;
> +	} else if (wait_for_completion_timeout(&ldisc_data->completion,
>  					usecs_to_jiffies(timeout)) == 0) {
> -		if (timeout)
> -			pr_warn("spk_ttyio: timeout (%d)  while waiting for input\n",
> -				timeout);
> +		pr_warn("spk_ttyio: timeout (%d)  while waiting for input\n",
> +			timeout);
>  		return 0xff;
>  	}
>  

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici wb2una
         covici at ccs.covici.com

More information about the Speakup mailing list