Re: [PATCH v2] serial: 8250: fix panic due to PSLVERR

[John Ogness]

On 2025-04-08, Yunhui Cui <cuiyunhui@xxxxxxxxxxxxx> wrote:
> When the PSLVERR_RESP_EN parameter is set to 1, the device generates
> an error response if an attempt is made to read an empty RBR (Receive
> Buffer Register) while the FIFO is enabled.
>
> In serial8250_do_startup(), calling serial_port_out(port, UART_LCR,
> UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes
> dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter
> function enables the FIFO via serial_out(p, UART_FCR, p->fcr).
> Execution proceeds to the dont_test_tx_en label:
> ...
> serial_port_in(port, UART_RX);
> This satisfies the PSLVERR trigger condition.
>
> Because another CPU(e.g., using printk()) is accessing the UART (UART
> is busy), the current CPU fails the check (value & ~UART_LCR_SPAR) ==
> (lcr & ~UART_LCR_SPAR), causing it to enter dw8250_force_idle().
>
> To resolve this issue, relevant serial_port_out() operations should be
> placed in a critical section, and UART_RX data should only be read
> when the UART_LSR DR bit is set.

The UART_LSR_DR check still has a race condition if the console is in
RS485 mode and !SER_RS485_RX_DURING_TX. It seems DW supports this mode
as there is code in dw8250_rs485_config() that sets DW_UART_TCR
differently for this.

In this mode, serial8250_console_write() will call the callback
->rs485_stop_tx(), which for DW is serial8250_em485_stop_tx(). And this
calls serial8250_clear_and_reinit_fifos().

To really close this race, all UART_RX reads would need to be under the
port lock. Most of them already are.

John Ogness