From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by befuddled.reisers.ca (Postfix, from userid 65534) id 76EAA1EFB33; Mon, 28 Aug 2017 17:48:41 -0400 (EDT) Received: from mail-wr0-x242.google.com (mail-wr0-x242.google.com [IPv6:2a00:1450:400c:c0c::242]) by befuddled.reisers.ca (Postfix) with ESMTPS id 934FB1EFB20 for ; Mon, 28 Aug 2017 17:48:39 -0400 (EDT) Received: by mail-wr0-x242.google.com with SMTP id n37so1121671wrf.4 for ; Mon, 28 Aug 2017 14:48:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :in-reply-to:user-agent; bh=KEfI57VGP1VwZA2+rgbv4MG0VwJnH1SRGetggySxPok=; b=ZYAokdgUqkvt02gTnU1wD79xMq0dtjF9iUlH5xf9F5VJQto94uxl6eof1MvG2aRUwZ d7nEvmif1t40oKQu83UlQo04DuSvk5BOJWzCHdT/BdgZbcTQkZ3Suss/ZKOHg5IUh8ds z5fK1gO4vo3CMJS0pSGuZLPuCFYjZWPO0gO/PkHEDBYe2rP4eR1NY4I38Ktqw6RZclUM 3AlrVA7htZDrRKyxir4Yf7AVG16I0JrDKwbtQ8+dybB/FPPAmhcL7kuTOamZDzH5cuu6 MpT2XZ3P7QbQgICEXwNcv7B2/A1C6FGM2fb0/+ys48OhT48nTinvyVOmH5t5YlHxMQS/ Q0Pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:in-reply-to:user-agent; bh=KEfI57VGP1VwZA2+rgbv4MG0VwJnH1SRGetggySxPok=; b=RdSgQtvAupRl8CmW6IYhSZeteb/J2EspiKQ68esDLR9r5yZ3NwrjzcIW+8YFHIBJNe 4ZFSTskfi1v7Wfx6nZiqfHJ/2I3mog2P/wMaU1VeYq22eA06PXQ/8iG8kmwPKrTF92lV VXEMyVjyOKffpAjmmQ4jTnuAFu4a/23HrKyrPlJsfl4EnCZOqxvbQpsJqNXMDiEKppYO iOR/5Q3GbN8sGN5f75SCSVePIXEZAWdOG60p65i674WrRLhvkFen6Vt0G2vLTpHDqjKx PdYZD9bO3Daigwn/QQXwi6KCF789WfX3MVP/tvU6dS7UBh/Zw/cFgt+4pC4EHHPjJYkv O9xg== X-Gm-Message-State: AHYfb5gUxAeMC7heIQ3lzO8J8RwSdmsCFyen48qs2gXlhF6X4TJvfqxn k0eaHkcE5RnhaQ== X-Received: by 10.223.172.54 with SMTP id v51mr1436160wrc.145.1503956914450; Mon, 28 Aug 2017 14:48:34 -0700 (PDT) Received: from sanghar ([2a00:23c4:7320:5900:224:d6ff:fe76:7136]) by smtp.gmail.com with ESMTPSA id g51sm2748578wrg.49.2017.08.28.14.48.33 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 28 Aug 2017 14:48:33 -0700 (PDT) Date: Mon, 28 Aug 2017 22:48:31 +0100 From: Okash Khawaja To: Samuel Thibault Cc: Christopher Brannon , John Covici , "Speakup is a screen review system for Linux." Subject: [patch v2] staging: speakup: fix speakup-r empty line lockup Message-ID: <20170828214831.GA1764@sanghar> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170828201723.psjxmbm2ahzi5c5d@var.youpi.perso.aquilenet.fr> User-Agent: Mutt/1.8.3 (2017-05-23) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 X-BeenThere: speakup@linux-speakup.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2017 21:48:41 -0000 When cursor is at beginning of an empty or whitespace-only line and speakup-r typed, kernel locks up. This happens because deadlock of in input_event function over dev->event_lock, as demonstrated by lockdep logs. The reason for that is speakup simulates a down arrow - because cursor is at an empty line - while inside key press notifier handler which is ultimately triggered from input_event function. The simulated key press leads to input_event being called again, this time under its own context. So the spinlock is dev->event_lock is acquired while still being held. This patch ensures that key press is not simulated from inside key press notifier handler. Instead it delegates to cursor_timer. It starts the timer and passes RA_DOWN_ARROW as argument. When timer handler runs and sees RA_DOWN_ARROW, it will then call kbd_fakekey2(RA_DOWN_ARROW) which will correctly simulate the keypress inside timer context. When not inside key press notifier callback, the behaviour will remain the same as before this patch. Signed-off-by: Okash Khawaja --- drivers/staging/speakup/main.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) --- a/drivers/staging/speakup/main.c +++ b/drivers/staging/speakup/main.c @@ -1376,6 +1376,8 @@ static void reset_highlight_buffers(stru static int read_all_key; +static int in_keyboard_notifier = 0; + static void start_read_all_timer(struct vc_data *vc, int command); enum { @@ -1408,7 +1410,15 @@ static void read_all_doc(struct vc_data cursor_track = read_all_mode; spk_reset_index_count(0); if (get_sentence_buf(vc, 0) == -1) { - kbd_fakekey2(vc, RA_DOWN_ARROW); + del_timer(&cursor_timer); + if (!in_keyboard_notifier) + speakup_fake_down_arrow(); + else { + pr_warn(">>> read_all_doc: in_interrupt()=%ld\n", + in_interrupt()); + dump_stack(); + } + start_read_all_timer(vc, RA_DOWN_ARROW); } else { say_sentence_num(0, 0); synth_insert_next_index(0); @@ -2212,8 +2222,10 @@ static int keyboard_notifier_call(struct int ret = NOTIFY_OK; static int keycode; /* to hold the current keycode */ + in_keyboard_notifier = 1; + if (vc->vc_mode == KD_GRAPHICS) - return ret; + goto out; /* * First, determine whether we are handling a fake keypress on @@ -2225,7 +2237,7 @@ static int keyboard_notifier_call(struct */ if (speakup_fake_key_pressed()) - return ret; + goto out; switch (code) { case KBD_KEYCODE: @@ -2266,6 +2278,8 @@ static int keyboard_notifier_call(struct break; } } +out: + in_keyboard_notifier = 0; return ret; }