serial: core: Disable uart_start() on uart_remove_one_port()

While rebinding a uart device in a loop I noticed we may see a tx related
race on uart_remove_one_port():

uart_write from n_tty_write
n_tty_write from file_tty_write.constprop.0
file_tty_write.constprop.0 from vfs_write
vfs_write from ksys_write
ksys_write from ret_fast_syscall

Let's disallow tx on port->UPF_DEAD. This flag gets set before we start
tearing down the port in uart_remove_one_port().

Signed-off-by: Tony Lindgren <tony@atomide.com>
Link: https://lore.kernel.org/r/20230419115423.59957-1-tony@atomide.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
index 59b62fa..54e82f4 100644 (file)
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -135,7 +135,7 @@ static void __uart_start(struct tty_struct *tty)
        struct uart_state *state = tty->driver_data;
        struct uart_port *port = state->uart_port;
 
-       if (port && !uart_tx_stopped(port))
+       if (port && !(port->flags & UPF_DEAD) && !uart_tx_stopped(port))
                port->ops->start_tx(port);
 }