Suppose the driver is registered and a UART port is added. Once an
application opens the port, owl_uart_startup is called which registers
the interrupt handler owl_uart_irq.
We could have the following race condition:
When device is removed, owl_uart_remove is called, which calls
uart_remove_one_port, which calls owl_uart_release_port, which writes
NULL to port->membase. At this point parallely, an interrupt could be
handled by owl_uart_irq which reads port->membase.
This is because it is possible to remove device without closing a port.
Thus, we need to check it and call owl_uart_shutdown in owl_uart_remove.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Saubhik Mukherjee <saubhik.mukherjee@xxxxxxxxx>
---
drivers/tty/serial/owl-uart.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/owl-uart.c b/drivers/tty/serial/owl-uart.c
index 91f1eb0058d7..ac4e3aae2719 100644
--- a/drivers/tty/serial/owl-uart.c
+++ b/drivers/tty/serial/owl-uart.c
@@ -751,8 +751,15 @@ static int owl_uart_probe(struct platform_device *pdev)
static int owl_uart_remove(struct platform_device *pdev)
{
struct owl_uart_port *owl_port = platform_get_drvdata(pdev);
+ struct uart_port *port = &owl_port->port;
- uart_remove_one_port(&owl_uart_driver, &owl_port->port);
+ /* It is possible to release device without closing a port.
+ * Thus, need to check it and call shutdown.
+ */
+ if (owl_uart_read(port, OWL_UART_CTL) & OWL_UART_CTL_EN)
+ owl_uart_shutdown(port);
+
+ uart_remove_one_port(&owl_uart_driver, port);
owl_uart_ports[pdev->id] = NULL;
clk_disable_unprepare(owl_port->clk);
--
2.30.2
