2024-04-16 12:36:23

by Wolfram Sang

[permalink] [raw]
Subject: [RFC PATCH 1/2] serial: sh-sci: start hrtimer after setting up DMA

In the RX DMA completion handler, the hrtimer was restarted before DMA
was set up. If DMA failed, for some reason, it would clean up and the
hrtimer would run into a NULL-pointer. Restart the timer after DMA was
successfully set up.

Reported-by: Dirk Behme <[email protected]>
Closes: https://lore.kernel.org/r/[email protected]
Fixes: 67f462b069e9 ("serial: sh-sci: Get rid of the workqueue to handle receive DMA requests")
Signed-off-by: Wolfram Sang <[email protected]>
---
drivers/tty/serial/sh-sci.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
index e512eaa57ed5..1e3c26c11c49 100644
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -1325,8 +1325,6 @@ static void sci_dma_rx_complete(void *arg)
if (active >= 0)
count = sci_dma_rx_push(s, s->rx_buf[active], s->buf_len_rx);

- start_hrtimer_us(&s->rx_timer, s->rx_timeout);
-
if (count)
tty_flip_buffer_push(&port->state->port);

@@ -1346,6 +1344,8 @@ static void sci_dma_rx_complete(void *arg)

dma_async_issue_pending(chan);

+ start_hrtimer_us(&s->rx_timer, s->rx_timeout);
+
uart_port_unlock_irqrestore(port, flags);
dev_dbg(port->dev, "%s: cookie %d #%d, new active cookie %d\n",
__func__, s->cookie_rx[active], active, s->active_rx);
--
2.43.0



2024-04-24 09:41:31

by Geert Uytterhoeven

[permalink] [raw]
Subject: Re: [RFC PATCH 1/2] serial: sh-sci: start hrtimer after setting up DMA

Hi Wolfram,

Thanks for your patch!

On Tue, Apr 16, 2024 at 2:35 PM Wolfram Sang
<[email protected]> wrote:
> In the RX DMA completion handler, the hrtimer was restarted before DMA
> was set up. If DMA failed, for some reason, it would clean up and the
> hrtimer would run into a NULL-pointer. Restart the timer after DMA was

.. into a NULL-pointer dereference of s->chan_rx.

> successfully set up.
>
> Reported-by: Dirk Behme <[email protected]>
> Closes: https://lore.kernel.org/r/[email protected]
> Fixes: 67f462b069e9 ("serial: sh-sci: Get rid of the workqueue to handle receive DMA requests")
> Signed-off-by: Wolfram Sang <[email protected]>

This is definitely a step in the right direction, so
Reviewed-by: Geert Uytterhoeven <[email protected]>

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68korg

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds