Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serialdriver

[Kenji Kaneshige]

> I'd imagine that other serial drivers might get upset having their
> ->get_mcrtl() called prior to being opened.  Perhaps we should be fixing
> this in uart_read_proc()?
> 

I looked at other serial drivers and I could not find any other
drivers which accesses port->info in their ->get_mctrl(). This 
is why we fix this problem in 8250 driver. But if there is a
possibility that other drivers accesses port->info in their
->get_mctrl(), we should be fixing this in uart_read_proc(), as
you said.

How about the following patch? We've also confirmed the problem
is fixed by it.

Thanks,
Kenji Kaneshige


This patch fixes the problem that uninitialized (NULL) 'info' member
of uart_port structure can be accessed if serial driver is accessed
through /proc filesystem before uart_open(), which initializes the
'info' member', is called.

Signed-off-by: Kenji Kaneshige <kaneshige.kenji@xxxxxxxxxxxxxx>
Signed-off-by: Taku Izumi <izumi2005@xxxxxxxxxxxxxxxx>

---
 drivers/serial/serial_core.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: linux-2.6.21-rc5/drivers/serial/serial_core.c
===================================================================
--- linux-2.6.21-rc5.orig/drivers/serial/serial_core.c
+++ linux-2.6.21-rc5/drivers/serial/serial_core.c
@@ -1665,7 +1665,7 @@ static int uart_line_info(char *buf, str
 	unsigned int status;
 	int mmio, ret;
 
-	if (!port)
+	if (!port || !port->info)
 		return 0;
 
 	mmio = port->iotype >= UPIO_MEM;



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/