-
由 Peter Hurley 提交于
The UART driver is expected to clear port->x_char after transmission while holding the port->lock. However, the serial core fails to take the port->lock before assigning port->xchar. This allows for the following race CPU 0 | CPU 1 | | serial8250_handle_irq | ... | serial8250_tx_chars | if (port->x_char) | serial_out(up, UART_TX, port->x_char) uart_send_xchar | port->x_char = ch | | port->x_char = 0 port->ops->start_tx() | | The x_char on CPU 0 will never be sent. Take the port->lock in uart_send_xchar() before assigning port->x_char. Signed-off-by: NPeter Hurley <peter@hurleysoftware.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>c235ccc1