2023-04-19 11:59:24

by Tony Lindgren

[permalink] [raw]
Subject: [PATCH] serial: core: Disable uart_start() on uart_remove_one_port()

While rebinding a uart device in a loop I noticed we may see a tx related
race on uart_remove_one_port():

uart_write from n_tty_write
n_tty_write from file_tty_write.constprop.0
file_tty_write.constprop.0 from vfs_write
vfs_write from ksys_write
ksys_write from ret_fast_syscall

Let's disallow tx on port->UPF_DEAD. This flag gets set before we start
tearing down the port in uart_remove_one_port().

Signed-off-by: Tony Lindgren <[email protected]>
---
drivers/tty/serial/serial_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -135,7 +135,7 @@ static void __uart_start(struct tty_struct *tty)
struct uart_state *state = tty->driver_data;
struct uart_port *port = state->uart_port;

- if (port && !uart_tx_stopped(port))
+ if (port && !(port->flags & UPF_DEAD) && !uart_tx_stopped(port))
port->ops->start_tx(port);
}

--
2.40.0