• Simon Lindgren's avatar
    i2c: at91: Fix a race condition during signal handling in at91_do_twi_xfer. · 6721f28a
    Simon Lindgren authored
    There is a race condition in at91_do_twi_xfer when signals arrive.
    If a signal is recieved while waiting for a transfer to complete
    wait_for_completion_interruptible_timeout() will return -ERESTARTSYS.
    This is not handled correctly resulting in interrupts still being
    enabled and a transfer being in flight when we return.
    
    Symptoms include a range of oopses and bus lockups. Oopses can happen
    when the transfer completes because the interrupt handler will corrupt
    the stack. If a new transfer is started before the interrupt fires
    the controller will start a new transfer in the middle of the old one,
    resulting in confused slaves and a locked bus.
    
    To avoid this, use wait_for_completion_io_timeout instead so that we
    don't have to deal with gracefully shutting down the transfer and
    disabling the interrupts.
    Signed-off-by: default avatarSimon Lindgren <simon@aqwary.com>
    Acked-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
    Signed-off-by: default avatarWolfram Sang <wsa@the-dreams.de>
    Cc: stable@kernel.org
    6721f28a
i2c-at91.c 21.9 KB