From: Peter Hurley Date: Thu, 16 Oct 2014 20:54:19 +0000 (-0400) Subject: serial: core: Flush ldisc after dropping port mutex in uart_close() X-Git-Tag: firefly_0821_release~176^2~2678^2~166 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=2e758910832dce99761a29688b33fd77dcbf6f6c;p=firefly-linux-kernel-4.4.55.git serial: core: Flush ldisc after dropping port mutex in uart_close() The tty buffers (and any line discipline buffers) must be flushed after the UART hardware has shutdown; otherwise, a racing open on the same tty may receive data from the previous session, which is a security hazard. However, holding the port mutex while flushing the line discipline buffers creates a lock inversion if the set_termios() handler takes the port mutex (as it does in the followup patch, 'serial: Fix locking for uart driver set_termios method'. Flush the ldisc buffers after dropping the port mutex; the tty lock is still held which prevents a concurrent open() from advancing while flushing. Since no new rx data is possible after uart_shutdown() until a new open reinitializes the port, the later flush has no impact on what data is being discarded. Signed-off-by: Peter Hurley Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 787d67f74bd9..9d142972ee2d 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1361,9 +1361,6 @@ static void uart_close(struct tty_struct *tty, struct file *filp) mutex_lock(&port->mutex); uart_shutdown(tty, state); - - tty_ldisc_flush(tty); - tty_port_tty_set(port, NULL); tty->closing = 0; spin_lock_irqsave(&port->lock, flags); @@ -1390,6 +1387,8 @@ static void uart_close(struct tty_struct *tty, struct file *filp) wake_up_interruptible(&port->close_wait); mutex_unlock(&port->mutex); + + tty_ldisc_flush(tty); } static void uart_wait_until_sent(struct tty_struct *tty, int timeout)