From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by befuddled.reisers.ca (Postfix, from userid 65534) id 88FF31EFAEE; Sat, 26 Aug 2017 13:15:22 -0400 (EDT) Received: from mail-wr0-x241.google.com (mail-wr0-x241.google.com [IPv6:2a00:1450:400c:c0c::241]) by befuddled.reisers.ca (Postfix) with ESMTPS id 03B9F1EFA5D for ; Sat, 26 Aug 2017 13:15:20 -0400 (EDT) Received: by mail-wr0-x241.google.com with SMTP id p8so1633428wrf.3 for ; Sat, 26 Aug 2017 10:15:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=JbQyh5xX58A/V0POM5DyOVLvId2GaefOmHT8sdpXcoo=; b=G4C0Meji7WvNQeHu9wnOca3GjvXBtkQ/HLSqhnKTzqnLn4RSYSlQWnL17W9eJtzL+e CS2LPtx7QK2Wqw57c+C4THNsUF/ZaMaAGn3itt8W0ZxJOBVAZbVpwWvBfAV/rAIsJFgp 3fJCkVDhGjVRsbfNGIRvQCDm0aPeJwU68J+x/fc6J83UJVeASirQZdO1a75wYg0xaq6d 15q7SOsKKFvOAhfohKrbZhTv0iYQdO6735OdzcBaqZwItnYa3pMEKrjkoqTnwFFWUdtA cxy6T/+3W1zjSZ2AAfIUnRVqAtks68XIQht9Q7SZINWSqlG0tjTk5q0f+67bbuyVNIUG R7Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=JbQyh5xX58A/V0POM5DyOVLvId2GaefOmHT8sdpXcoo=; b=bzG9gWxxw76nGdqWiaJbBlgjUouS/ZogVF0JF937ZGzVb20d4wfKGUUsu10qxCcI6x A9YdLD/n/JhLKkslJbNE08na5Vwoc5LBFtNnMeMV9ju+GJDtEOcXvUkLWPLfZmS/I687 yJLdQF72uOsHkkCPe3JOMAdKcPmHoep7JVPEpTfThR21U5PvG/pzd8ZgyQauinaynJCg gzt3tEzHwMBPCfiCFbMxd8e5Ee9IkPJOgQENHGE9u57fHulR6UDAsqVjTOanJN9J8D2J 0dEYMK3gVtUhINBz3CycuYTU+qdkp4yifYkNegNFH5oUoe/jDSaaxhLe0sO0kggtyswH BzoQ== X-Gm-Message-State: AHYfb5i1uP6xK5QVsVkRNkpBpIe0hjGI9ypjSXlE0OEgZzaRADvMM+FT zLtNntmyxcuUJw== X-Received: by 10.223.164.10 with SMTP id d10mr1181526wra.303.1503767716868; Sat, 26 Aug 2017 10:15:16 -0700 (PDT) Received: from sanghar ([2a00:23c4:7320:5900:224:d6ff:fe76:7136]) by smtp.gmail.com with ESMTPSA id 40sm10002136wrz.8.2017.08.26.10.15.15 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 26 Aug 2017 10:15:15 -0700 (PDT) Date: Sat, 26 Aug 2017 18:15:13 +0100 From: Okash Khawaja To: Samuel Thibault , Christopher Brannon Cc: John Covici , "Speakup is a screen review system for Linux." Subject: [patch] staging: speakup: fix speakup-r empty line lockup Message-ID: <20170826171513.GA644@sanghar> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.8.3 (2017-05-23) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 X-BeenThere: speakup@linux-speakup.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Aug 2017 17:15:22 -0000 When cursor is at beginning of an empty or whitespace-only line and speakup-r typed, kernel locks up. This happens because deadlock of in input_event function over dev->event_lock, as demonstrated by lockdep logs. The reason for that is speakup simulates a down arrow - because cursor is at an empty line - while inside key press notifier handler which is ultimately triggered from input_event function. The simulated key press leads to input_event being called again, this time under its own context. So the spinlock is dev->event_lock is acquired while still being held. This patch ensures that key press is not simulated from inside key press notifier handler. Instead it delegates to cursor_timer. It starts the timer and passes RA_DOWN_ARROW as argument. When timer handler runs and sees RA_DOWN_ARROW, it will then call kbd_fakekey2(RA_DOWN_ARROW) which will correctly simulate the keypress inside timer context. When not inside key press notifier callback, the behaviour will remain the same as before this patch. Signed-off-by: Okash Khawaja --- drivers/staging/speakup/main.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) --- a/drivers/staging/speakup/main.c +++ b/drivers/staging/speakup/main.c @@ -1376,6 +1376,8 @@ static void reset_highlight_buffers(stru static int read_all_key; +static volatile int in_keyboard_notifier = 0; + static void start_read_all_timer(struct vc_data *vc, int command); enum { @@ -1408,7 +1410,10 @@ static void read_all_doc(struct vc_data cursor_track = read_all_mode; spk_reset_index_count(0); if (get_sentence_buf(vc, 0) == -1) { - kbd_fakekey2(vc, RA_DOWN_ARROW); + del_timer(&cursor_timer); + if (!in_keyboard_notifier) + speakup_fake_down_arrow(); + start_read_all_timer(vc, RA_DOWN_ARROW); } else { say_sentence_num(0, 0); synth_insert_next_index(0); @@ -2212,8 +2217,10 @@ static int keyboard_notifier_call(struct int ret = NOTIFY_OK; static int keycode; /* to hold the current keycode */ + in_keyboard_notifier = 1; + if (vc->vc_mode == KD_GRAPHICS) - return ret; + goto out; /* * First, determine whether we are handling a fake keypress on @@ -2225,7 +2232,7 @@ static int keyboard_notifier_call(struct */ if (speakup_fake_key_pressed()) - return ret; + goto out; switch (code) { case KBD_KEYCODE: @@ -2266,6 +2273,8 @@ static int keyboard_notifier_call(struct break; } } +out: + in_keyboard_notifier = 0; return ret; }