Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serialdriver

From: Andrew Morton
Date: Wed Apr 18 2007 - 12:17:03 EST

Next message: Tejun Heo: "Re: [PATCH RFD] alternative kobject release wait mechanism"
Previous message: Corey Minyard: "Re: [PATCH] Provide better abstraction for the serial drivers toxmit buf and tty"
In reply to: Kenji Kaneshige: "Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serialdriver"
Next in thread: Russell King: "Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serial driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Wed, 18 Apr 2007 17:21:53 +0900 Kenji Kaneshige <kaneshige.kenji@xxxxxxxxxxxxxx> wrote:
> > I'd imagine that other serial drivers might get upset having their
> > ->get_mcrtl() called prior to being opened. Perhaps we should be fixing
> > this in uart_read_proc()?
> >
>
> I looked at other serial drivers and I could not find any other
> drivers which accesses port->info in their ->get_mctrl(). This
> is why we fix this problem in 8250 driver. But if there is a
> possibility that other drivers accesses port->info in their
> ->get_mctrl(), we should be fixing this in uart_read_proc(), as
> you said.

OK. But port->info might not be the only state which is initialised
in open() which is used in get_mctrl().

> How about the following patch? We've also confirmed the problem
> is fixed by it.
>

Thanks. Or we could just avoid calling into ->get_mctrl() if the port isn't
opened. Russell? Any preferences?

>
>
> This patch fixes the problem that uninitialized (NULL) 'info' member
> of uart_port structure can be accessed if serial driver is accessed
> through /proc filesystem before uart_open(), which initializes the
> 'info' member', is called.
>
> Signed-off-by: Kenji Kaneshige <kaneshige.kenji@xxxxxxxxxxxxxx>
> Signed-off-by: Taku Izumi <izumi2005@xxxxxxxxxxxxxxxx>
>
> ---
> drivers/serial/serial_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Index: linux-2.6.21-rc5/drivers/serial/serial_core.c
> ===================================================================
> --- linux-2.6.21-rc5.orig/drivers/serial/serial_core.c
> +++ linux-2.6.21-rc5/drivers/serial/serial_core.c
> @@ -1665,7 +1665,7 @@ static int uart_line_info(char *buf, str
> unsigned int status;
> int mmio, ret;
>
> - if (!port)
> + if (!port || !port->info)
> return 0;
>
> mmio = port->iotype >= UPIO_MEM;
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "Re: [PATCH RFD] alternative kobject release wait mechanism"
Previous message: Corey Minyard: "Re: [PATCH] Provide better abstraction for the serial drivers toxmit buf and tty"
In reply to: Kenji Kaneshige: "Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serialdriver"
Next in thread: Russell King: "Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serial driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]