This is a note to let you know that I've just added the patch titled
can: can327: flush TX_work on ldisc .close()
to the 6.0-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
can-can327-flush-tx_work-on-ldisc-.close.patch
and it can be found in the queue-6.0 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From f4a4d121ebecaa6f396f21745ce97de014281ccc Mon Sep 17 00:00:00 2001
From: Max Staudt <max@xxxxxxxxx>
Date: Sat, 3 Dec 2022 01:01:48 +0900
Subject: can: can327: flush TX_work on ldisc .close()
From: Max Staudt <max@xxxxxxxxx>
commit f4a4d121ebecaa6f396f21745ce97de014281ccc upstream.
Additionally, remove it from .ndo_stop().
This ensures that the worker is not called after being freed, and that
the UART TX queue remains active to send final commands when the
netdev is stopped.
Thanks to Jiri Slaby for finding this in slcan:
https://lore.kernel.org/linux-can/20221201073426.17328-1-jirislaby@xxxxxxxxxx/
A variant of this patch for slcan, with the flush in .ndo_stop() still
present, has been tested successfully on physical hardware:
https://bugzilla.suse.com/show_bug.cgi?id=1205597
Fixes: 43da2f07622f ("can: can327: CAN/ldisc driver for ELM327 based OBD-II adapters")
Cc: "Jiri Slaby (SUSE)" <jirislaby@xxxxxxxxxx>
Cc: Max Staudt <max@xxxxxxxxx>
Cc: Wolfgang Grandegger <wg@xxxxxxxxxxxxxx>
Cc: Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx>
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
Cc: Eric Dumazet <edumazet@xxxxxxxxxx>
Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
Cc: Paolo Abeni <pabeni@xxxxxxxxxx>
Cc: linux-can@xxxxxxxxxxxxxxx
Cc: netdev@xxxxxxxxxxxxxxx
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Max Staudt <max@xxxxxxxxx>
Link: https://lore.kernel.org/all/20221202160148.282564-1-max@xxxxxxxxx
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/can/can327.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/drivers/net/can/can327.c b/drivers/net/can/can327.c
index ed3d0b8989a0..dc7192ecb001 100644
--- a/drivers/net/can/can327.c
+++ b/drivers/net/can/can327.c
@@ -796,9 +796,9 @@ static int can327_netdev_close(struct net_device *dev)
netif_stop_queue(dev);
- /* Give UART one final chance to flush. */
- clear_bit(TTY_DO_WRITE_WAKEUP, &elm->tty->flags);
- flush_work(&elm->tx_work);
+ /* We don't flush the UART TX queue here, as we want final stop
+ * commands (like the above dummy char) to be flushed out.
+ */
can_rx_offload_disable(&elm->offload);
elm->can.state = CAN_STATE_STOPPED;
@@ -1069,12 +1069,15 @@ static void can327_ldisc_close(struct tty_struct *tty)
{
struct can327 *elm = (struct can327 *)tty->disc_data;
- /* unregister_netdev() calls .ndo_stop() so we don't have to.
- * Our .ndo_stop() also flushes the TTY write wakeup handler,
- * so we can safely set elm->tty = NULL after this.
- */
+ /* unregister_netdev() calls .ndo_stop() so we don't have to. */
unregister_candev(elm->dev);
+ /* Give UART one final chance to flush.
+ * No need to clear TTY_DO_WRITE_WAKEUP since .write_wakeup() is
+ * serialised against .close() and will not be called once we return.
+ */
+ flush_work(&elm->tx_work);
+
/* Mark channel as dead */
spin_lock_bh(&elm->lock);
tty->disc_data = NULL;
--
2.38.1
Patches currently in stable-queue which might be from max@xxxxxxxxx are
queue-6.0/can-slcan-fix-freed-work-crash.patch
queue-6.0/can-can327-flush-tx_work-on-ldisc-.close.patch
