--- /dev/null
+From 44117a1d1732c513875d5a163f10d9adbe866c08 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Date: Thu, 11 Jan 2018 18:57:26 +0100
+Subject: serial: core: mark port as initialized after successful IRQ change
+
+From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+
+commit 44117a1d1732c513875d5a163f10d9adbe866c08 upstream.
+
+setserial changes the IRQ via uart_set_info(). It invokes
+uart_shutdown() which free the current used IRQ and clear
+TTY_PORT_INITIALIZED. It will then update the IRQ number and invoke
+uart_startup() before returning to the caller leaving
+TTY_PORT_INITIALIZED cleared.
+
+The next open will crash with
+| list_add double add: new=ffffffff839fcc98, prev=ffffffff839fcc98, next=ffffffff839fcc98.
+since the close from the IOCTL won't free the IRQ (and clean the list)
+due to the TTY_PORT_INITIALIZED check in uart_shutdown().
+
+There is same pattern in uart_do_autoconfig() and I *think* it also
+needs to set TTY_PORT_INITIALIZED there.
+Is there a reason why uart_startup() does not set the flag by itself
+after the IRQ has been acquired (since it is cleared in uart_shutdown)?
+
+Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/serial_core.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/tty/serial/serial_core.c
++++ b/drivers/tty/serial/serial_core.c
+@@ -965,6 +965,8 @@ static int uart_set_info(struct tty_stru
+ }
+ } else {
+ retval = uart_startup(tty, state, 1);
++ if (retval == 0)
++ tty_port_set_initialized(port, true);
+ if (retval > 0)
+ retval = 0;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
