The following commit has been merged in the linux branch: commit eea7e17e0eb23729d58368420659f8e7c357d82e Author: Linus Torvalds torvalds@linux-foundation.org Date: Mon Oct 12 19:13:54 2009 +0200
tty, serial: Fix race and NULL check in uart_close()
Commit 46d57a449aa1 ("serial: use tty_port pointers in the core code") contained two bugs that causes (rare) crashes:
- the rename typoed one site
- a NULL check was missed
Reported-and-tested-by: Ingo Molnar mingo@elte.hu Cc: Greg KH gregkh@suse.de Cc: Alan Cox alan@lxorguk.ukuu.org.uk Signed-off-by: Ingo Molnar mingo@elte.hu Signed-off-by: Linus Torvalds torvalds@linux-foundation.org
diff --git a/drivers/serial/serial_core.c b/drivers/serial/serial_core.c index 1689bda..dcc7244 100644 --- a/drivers/serial/serial_core.c +++ b/drivers/serial/serial_core.c @@ -1270,6 +1270,9 @@ static void uart_close(struct tty_struct *tty, struct file *filp)
BUG_ON(!kernel_locked());
+ if (!state) + return; + uport = state->uart_port; port = &state->port;
@@ -1316,9 +1319,9 @@ static void uart_close(struct tty_struct *tty, struct file *filp) */ if (port->flags & ASYNC_INITIALIZED) { unsigned long flags; - spin_lock_irqsave(&port->lock, flags); + spin_lock_irqsave(&uport->lock, flags); uport->ops->stop_rx(uport); - spin_unlock_irqrestore(&port->lock, flags); + spin_unlock_irqrestore(&uport->lock, flags); /* * Before we drop DTR, make sure the UART transmitter * has completely drained; this is especially