This is a note to let you know that I've just added the patch titled speakup ttyio: Do not schedule() in ttyio_in_nowait to the 5.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: speakup-ttyio-do-not-schedule-in-ttyio_in_nowait.patch and it can be found in the queue-5.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 3ed1cfb2cee4355ddef49489897bfe474daeeaec Mon Sep 17 00:00:00 2001 From: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx> Date: Sun, 8 Nov 2020 14:12:33 +0100 Subject: speakup ttyio: Do not schedule() in ttyio_in_nowait From: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx> commit 3ed1cfb2cee4355ddef49489897bfe474daeeaec upstream. With the ltlk and spkout drivers, the index read function, i.e. in_nowait, is getting called from the read_all_doc mechanism, from the timer softirq: Call Trace: <IRQ> dump_stack+0x71/0x98 dequeue_task_idle+0x1f/0x28 __schedule+0x167/0x5d6 ? trace_hardirqs_on+0x2e/0x3a ? usleep_range+0x7f/0x7f schedule+0x8a/0xae schedule_timeout+0xb1/0xea ? del_timer_sync+0x31/0x31 do_wait_for_common+0xba/0x12b ? wake_up_q+0x45/0x45 wait_for_common+0x37/0x50 ttyio_in+0x2a/0x6b spk_ttyio_in_nowait+0xc/0x13 spk_get_index_count+0x20/0x93 cursor_done+0x1c6/0x4c6 ? read_all_doc+0xb1/0xb1 call_timer_fn+0x89/0x140 run_timer_softirq+0x164/0x1a5 ? read_all_doc+0xb1/0xb1 ? hrtimer_forward+0x7b/0x87 ? timerqueue_add+0x62/0x68 ? enqueue_hrtimer+0x95/0x9f __do_softirq+0x181/0x31f irq_exit+0x6a/0x86 smp_apic_timer_interrupt+0x15e/0x183 apic_timer_interrupt+0xf/0x20 </IRQ> We thus should not schedule() at all, even with timeout == 0, this crashes the kernel. We can however use try_wait_for_completion() instead of wait_for_completion_timeout(0). Cc: stable@xxxxxxxxxxxxxxx Reported-by: John Covici <covici@xxxxxxxxxxxxxx> Tested-by: John Covici <covici@xxxxxxxxxxxxxx> Signed-off-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx> Link: https://lore.kernel.org/r/20201108131233.tadycr73sxlvodgo@function Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/accessibility/speakup/spk_ttyio.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/drivers/accessibility/speakup/spk_ttyio.c +++ b/drivers/accessibility/speakup/spk_ttyio.c @@ -298,11 +298,13 @@ static unsigned char ttyio_in(int timeou struct spk_ldisc_data *ldisc_data = speakup_tty->disc_data; char rv; - if (wait_for_completion_timeout(&ldisc_data->completion, + if (!timeout) { + if (!try_wait_for_completion(&ldisc_data->completion)) + return 0xff; + } else if (wait_for_completion_timeout(&ldisc_data->completion, usecs_to_jiffies(timeout)) == 0) { - if (timeout) - pr_warn("spk_ttyio: timeout (%d) while waiting for input\n", - timeout); + pr_warn("spk_ttyio: timeout (%d) while waiting for input\n", + timeout); return 0xff; } Patches currently in stable-queue which might be from samuel.thibault@xxxxxxxxxxxx are queue-5.9/speakup-ttyio-do-not-schedule-in-ttyio_in_nowait.patch queue-5.9/speakup-fix-clearing-selection-in-safe-context.patch queue-5.9/speakup-fix-var_id_t-values-and-thus-keymap.patch