From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by befuddled.reisers.ca (Postfix, from userid 65534) id CB6271EFAE7; Mon, 28 Aug 2017 18:13:18 -0400 (EDT) Received: from mail-wm0-x241.google.com (mail-wm0-x241.google.com [IPv6:2a00:1450:400c:c09::241]) by befuddled.reisers.ca (Postfix) with ESMTPS id 0EF571EF0A9 for ; Mon, 28 Aug 2017 18:13:17 -0400 (EDT) Received: by mail-wm0-x241.google.com with SMTP id u26so1897809wma.5 for ; Mon, 28 Aug 2017 15:13:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :in-reply-to:user-agent; bh=8ofoqPgze/O1BlicTXPeQzxiGay1WXmZutYBivuohZU=; b=phlOdbbL++IY7lZG58gr1oXCeqB4xQa2yhWr5Ot3f+y7tylun1PEq7DrzGEv3oVwoQ 0Vped6Rx+58wAVaRFurnVKbs8dYaMC5urQh1gafR0TU5mfpJ7GwylQsXZh92FvC8GSSj 2+oMNq9j9X7QJDqEREn9AbK1k3wLRtbQ5p+BkIeXvODqYi/pQwu10Pd1YKQjDemqQ2NJ kSrxutWrNkXunLxNNG4a7wJosc0ULG+AhTmnAdTy6c+LnW1DOz+YjMJk64S2crwHvtee igqScRaaC+LcbsOsiMyo5uTYY8mTzSPPbLmxMmGvja4A8YSAHZtmval3j6gDstSs7K8o EenQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:in-reply-to:user-agent; bh=8ofoqPgze/O1BlicTXPeQzxiGay1WXmZutYBivuohZU=; b=BEJRanr/2CjxGEJS6l8igxBedh3ktbVbRFOi5kx+NAlESJ0Hy4uaUHZpiyGezlC/Yj bWhEOCQqDS0/k05bd3aZs3MsZ62k1G6mA63KTvFzNpnguZnV7/wbQvn+bUH3c0UgbjKj hSamiqhP6pC5HAPvylA8bgZ1wIJ+SsLdqu0I7gJGgFAOaOzTcU25DSPafb2Z2w2jjS9i nMQIoJ87zFyr8DoSKH8+1AJDeEehCcxOsvJFBGvsTPsX+EsGWb/eT3cPrWTPyJ01HpUe m/UX6H0hCH0udplGI4PBx2z0AwOr+i3kk3gAyBe/RyBk2WkglBOAX6JvgcnkISuJH7Pt OkpA== X-Gm-Message-State: AHYfb5gSMzVWuh3ei8JIcuLHaVEAEJ19K146Syjp7zgN5eIM7m2TrXwo KMD695Se+9ZnWA== X-Received: by 10.28.211.149 with SMTP id k143mr1261724wmg.126.1503958395855; Mon, 28 Aug 2017 15:13:15 -0700 (PDT) Received: from sanghar ([2a00:23c4:7320:5900:224:d6ff:fe76:7136]) by smtp.gmail.com with ESMTPSA id y2sm1004678wmy.25.2017.08.28.15.13.14 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 28 Aug 2017 15:13:15 -0700 (PDT) Date: Mon, 28 Aug 2017 23:13:13 +0100 From: Okash Khawaja To: Samuel Thibault Cc: Christopher Brannon , John Covici , "Speakup is a screen review system for Linux." Subject: [patch v3] staging: speakup: fix speakup-r empty line lockup Message-ID: <20170828221313.GA645@sanghar> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170828214831.GA1764@sanghar> User-Agent: Mutt/1.8.3 (2017-05-23) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 X-BeenThere: speakup@linux-speakup.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2017 22:13:18 -0000 (Please ignore patch v2 last sent) When cursor is at beginning of an empty or whitespace-only line and speakup-r typed, kernel locks up. This happens because deadlock of in input_event function over dev->event_lock, as demonstrated by lockdep logs. The reason for that is speakup simulates a down arrow - because cursor is at an empty line - while inside key press notifier handler which is ultimately triggered from input_event function. The simulated key press leads to input_event being called again, this time under its own context. So the spinlock is dev->event_lock is acquired while still being held. This patch ensures that key press is not simulated from inside key press notifier handler. Instead it delegates to cursor_timer. It starts the timer and passes RA_DOWN_ARROW as argument. When timer handler runs and sees RA_DOWN_ARROW, it will then call kbd_fakekey2(RA_DOWN_ARROW) which will correctly simulate the keypress inside timer context. When not inside key press notifier callback, the behaviour will remain the same as before this patch. Signed-off-by: Okash Khawaja --- drivers/staging/speakup/main.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) --- a/drivers/staging/speakup/main.c +++ b/drivers/staging/speakup/main.c @@ -1376,6 +1376,8 @@ static void reset_highlight_buffers(stru static int read_all_key; +static int in_keyboard_notifier = 0; + static void start_read_all_timer(struct vc_data *vc, int command); enum { @@ -1408,7 +1410,10 @@ static void read_all_doc(struct vc_data cursor_track = read_all_mode; spk_reset_index_count(0); if (get_sentence_buf(vc, 0) == -1) { - kbd_fakekey2(vc, RA_DOWN_ARROW); + del_timer(&cursor_timer); + if (!in_keyboard_notifier) + speakup_fake_down_arrow(); + start_read_all_timer(vc, RA_DOWN_ARROW); } else { say_sentence_num(0, 0); synth_insert_next_index(0); @@ -2212,8 +2217,10 @@ static int keyboard_notifier_call(struct int ret = NOTIFY_OK; static int keycode; /* to hold the current keycode */ + in_keyboard_notifier = 1; + if (vc->vc_mode == KD_GRAPHICS) - return ret; + goto out; /* * First, determine whether we are handling a fake keypress on @@ -2225,7 +2232,7 @@ static int keyboard_notifier_call(struct */ if (speakup_fake_key_pressed()) - return ret; + goto out; switch (code) { case KBD_KEYCODE: @@ -2266,6 +2273,8 @@ static int keyboard_notifier_call(struct break; } } +out: + in_keyboard_notifier = 0; return ret; }