Re: [PATCH] tty: serial: owl: Fix data race in owl_uart_remove

[Saubhik Mukherjee]

On 6/23/21 12:46 PM, Johan Hovold wrote:
> On Wed, Jun 23, 2021 at 11:06:53AM +0530, Saubhik Mukherjee wrote:
> > On 6/17/21 4:52 PM, Greg KH wrote:
> > > On Thu, Jun 17, 2021 at 04:34:43PM +0530, Saubhik Mukherjee wrote:
> > > > Suppose the driver is registered and a UART port is added. Once an
> > > > application opens the port, owl_uart_startup is called which registers
> > > > the interrupt handler owl_uart_irq.
> > > >
> > > > We could have the following race condition:
> > > >
> > > > When device is removed, owl_uart_remove is called, which calls
> > > > uart_remove_one_port, which calls owl_uart_release_port, which writes
> > > > NULL to port->membase. At this point parallely, an interrupt could be
> > > > handled by owl_uart_irq which reads port->membase.
> > > >
> > > > This is because it is possible to remove device without closing a port.
> > > > Thus, we need to check it and call owl_uart_shutdown in owl_uart_remove.
>
> No, this makes no sense at all. The port is deregistered and hung up by
> uart_remove_one_port() (and the interrupt line is consequently disabled
> by the driver) before it is released so this can never happen.

Thanks for the reply. I am not sure I understand. I could not find any 
interrupt disabling in owl_uart_remove. Could you point out where/how is 
the interrupt line is disabled before releasing the port?

A related question question was asked in 
https://lore.kernel.org/linux-serial/YMcpBXd1vtipueQi@xxxxxxxxx/.

> > > > Found by Linux Driver Verification project (linuxtesting.org).
>
> And you clearly did not test this, which you should mention.

This race warning was found by a static analysis tool. The code changes 
are untested.