[PATCH 1/3] serial: 8250: Fix __stop_tx() & DMA Tx restart races

From: Ilpo Järvinen
Date: Wed Jun 15 2022 - 05:08:09 EST

Next message: Ilpo Järvinen: "[PATCH 2/3] serial: 8250_dw: Take port lock while accessing LSR"
Previous message: Naresh Solanki: "[PATCH v2 0/2] regulator: userspace consumer DT support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Commit e8ffbb71f783 ("serial: 8250: use THRE & __stop_tx also with
DMA") changed __dma_tx_complete() to enable THRI that is cleared in
__stop_tx() once THRE is asserted as UART runs out bits to transmit. It
is possible, however, that more data arrives in between in which case
serial8250_tx_dma() resumes Tx. THRI is not supposed to be on during
DMA Tx because DMA is based on completion handler, therefore THRI must
be cleared unconditionally in serial8250_tx_dma().

When Tx is about to start, another race window exists with
serial8250_handle_irq() leading to a call into __stop_tx() while the
Tx has already been resumed:

__tx_complete():
-> spin_lock(port->lock)
-> dma->tx_running = 0
-> serial8250_set_THRI()
-> spin_unlock(port->lock)

uart_start():
serial8250_handle_irq():
-> spin_lock(port->lock)
-> serial8250_tx_dma():
-> dma->tx_running = 1
-> spin_unlock(port->lock)
-> spin_lock(port->lock)
-> __stop_tx()

Close this race by checking !dma->tx_running before calling into
__stop_tx().

Fixes: e8ffbb71f783 ("serial: 8250: use THRE & __stop_tx also with DMA")
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx>
---
drivers/tty/serial/8250/8250_dma.c | 6 +++---
drivers/tty/serial/8250/8250_port.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/tty/serial/8250/8250_dma.c b/drivers/tty/serial/8250/8250_dma.c
index 7133fceed35e..a8dba4a0a8fb 100644
--- a/drivers/tty/serial/8250/8250_dma.c
+++ b/drivers/tty/serial/8250/8250_dma.c
@@ -106,10 +106,10 @@ int serial8250_tx_dma(struct uart_8250_port *p)
UART_XMIT_SIZE, DMA_TO_DEVICE);

dma_async_issue_pending(dma->txchan);
- if (dma->tx_err) {
+ serial8250_clear_THRI(p);
+ if (dma->tx_err)
dma->tx_err = 0;
- serial8250_clear_THRI(p);
- }
+
return 0;
err:
dma->tx_err = 1;
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index 953b0fadfd4c..684a1f1fd686 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -1936,7 +1936,7 @@ int serial8250_handle_irq(struct uart_port *port, unsigned int iir)
if ((status & UART_LSR_THRE) && (up->ier & UART_IER_THRI)) {
if (!up->dma || up->dma->tx_err)
serial8250_tx_chars(up);
- else
+ else if (!up->dma->tx_running)
__stop_tx(up);
}

--
2.30.2

Next message: Ilpo Järvinen: "[PATCH 2/3] serial: 8250_dw: Take port lock while accessing LSR"
Previous message: Naresh Solanki: "[PATCH v2 0/2] regulator: userspace consumer DT support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]