Re: [External] Re: [PATCH v2] serial: 8250: fix panic due to PSLVERR

[yunhui cui]

Hi John,

On Tue, Apr 8, 2025 at 8:28 PM John Ogness <john.ogness@xxxxxxxxxxxxx> wrote:
>
> On 2025-04-08, Yunhui Cui <cuiyunhui@xxxxxxxxxxxxx> wrote:
> > When the PSLVERR_RESP_EN parameter is set to 1, the device generates
> > an error response if an attempt is made to read an empty RBR (Receive
> > Buffer Register) while the FIFO is enabled.
> >
> > In serial8250_do_startup(), calling serial_port_out(port, UART_LCR,
> > UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes
> > dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter
> > function enables the FIFO via serial_out(p, UART_FCR, p->fcr).
> > Execution proceeds to the dont_test_tx_en label:
> > ...
> > serial_port_in(port, UART_RX);
> > This satisfies the PSLVERR trigger condition.
> >
> > Because another CPU(e.g., using printk()) is accessing the UART (UART
> > is busy), the current CPU fails the check (value & ~UART_LCR_SPAR) ==
> > (lcr & ~UART_LCR_SPAR), causing it to enter dw8250_force_idle().
> >
> > To resolve this issue, relevant serial_port_out() operations should be
> > placed in a critical section, and UART_RX data should only be read
> > when the UART_LSR DR bit is set.
>
> The UART_LSR_DR check still has a race condition if the console is in
> RS485 mode and !SER_RS485_RX_DURING_TX. It seems DW supports this mode
> as there is code in dw8250_rs485_config() that sets DW_UART_TCR
> differently for this.
>
> In this mode, serial8250_console_write() will call the callback
> ->rs485_stop_tx(), which for DW is serial8250_em485_stop_tx(). And this
> calls serial8250_clear_and_reinit_fifos().
>
> To really close this race, all UART_RX reads would need to be under the
> port lock. Most of them already are.

Oh, yes. If there is another reader, there will be a problem. I'll
update it to version 3 to fix this issue.

>
> John Ogness

Thanks,
Yunhui