serial: core: Flush ldisc after dropping port mutex in uart_close()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The tty buffers (and any line discipline buffers) must be flushed after
the UART hardware has shutdown; otherwise, a racing open on the same
tty may receive data from the previous session, which is a security
hazard. However, holding the port mutex while flushing the line
discipline buffers creates a lock inversion if the set_termios()
handler takes the port mutex (as it does in the followup patch,
'serial: Fix locking for uart driver set_termios method'.

Flush the ldisc buffers after dropping the port mutex; the tty lock
is still held which prevents a concurrent open() from advancing while
flushing. Since no new rx data is possible after uart_shutdown() until
a new open reinitializes the port, the later flush has no impact on
what data is being discarded.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Peter Hurley and committed by

Greg Kroah-Hartman 11 years ago 2e758910 479e9b94

+2 -3

1 changed file

expand all

drivers

tty

serial

serial_core.c

+2 -3

drivers/tty/serial/serial_core.c

··· 1361 1361 1362 1362 mutex_lock(&port->mutex); 1363 1363 uart_shutdown(tty, state); 1364 - 1365 - tty_ldisc_flush(tty); 1366 - 1367 1364 tty_port_tty_set(port, NULL); 1368 1365 tty->closing = 0; 1369 1366 spin_lock_irqsave(&port->lock, flags); ··· 1387 1390 wake_up_interruptible(&port->close_wait); 1388 1391 1389 1392 mutex_unlock(&port->mutex); 1393 + 1394 + tty_ldisc_flush(tty); 1390 1395 } 1391 1396 1392 1397 static void uart_wait_until_sent(struct tty_struct *tty, int timeout)