[PATCH 4.4 111/146] tty: vt: Fix soft lockup in fbcon cursor blink timer.
From: Greg Kroah-Hartman
Date: Mon Jul 25 2016 - 17:29:43 EST
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Daney <david.daney@xxxxxxxxxx>
commit 1b45996d2ebf9680ccd0db875fc668aa025f40fd upstream.
We are getting somewhat random soft lockups with this signature:
[ 86.992215] [<fffffc00080935e0>] el1_irq+0xa0/0x10c
[ 86.997082] [<fffffc000841822c>] cursor_timer_handler+0x30/0x54
[ 87.002991] [<fffffc000810ec44>] call_timer_fn+0x54/0x1a8
[ 87.008378] [<fffffc000810ef88>] run_timer_softirq+0x1c4/0x2bc
[ 87.014200] [<fffffc000809077c>] __do_softirq+0x114/0x344
[ 87.019590] [<fffffc00080af45c>] irq_exit+0x74/0x98
[ 87.024458] [<fffffc00080fac20>] __handle_domain_irq+0x98/0xfc
[ 87.030278] [<fffffc000809056c>] gic_handle_irq+0x94/0x190
This is caused by the vt visual_init() function calling into
fbcon_init() with a vc_cur_blink_ms value of zero. This is a
transient condition, as it is later set to a non-zero value. But, if
the timer happens to expire while the blink rate is zero, it goes into
an endless loop, and we get soft lockup.
The fix is to initialize vc_cur_blink_ms before calling the con_init()
function.
Signed-off-by: David Daney <david.daney@xxxxxxxxxx>
Acked-by: Pavel Machek <pavel@xxxxxx>
Tested-by: Ming Lei <ming.lei@xxxxxxxxxxxxx>
Acked-by: Scot Doyle <lkml14@xxxxxxxxxxxxx>
Tested-by: Henrique de Moraes Holschuh <hmh@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/tty/vt/vt.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -750,6 +750,7 @@ static void visual_init(struct vc_data *
vc->vc_complement_mask = 0;
vc->vc_can_do_color = 0;
vc->vc_panic_force_write = false;
+ vc->vc_cur_blink_ms = DEFAULT_CURSOR_BLINK_MS;
vc->vc_sw->con_init(vc, init);
if (!vc->vc_complement_mask)
vc->vc_complement_mask = vc->vc_can_do_color ? 0x7700 : 0x0800;