Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serial driver

> On Wed, 18 Apr 2007 17:21:53 +0900 Kenji Kaneshige <[email protected]> wrote:
> > I'd imagine that other serial drivers might get upset having their
> > ->get_mcrtl() called prior to being opened.  Perhaps we should be fixing
> > this in uart_read_proc()?
> > 
> 
> I looked at other serial drivers and I could not find any other
> drivers which accesses port->info in their ->get_mctrl(). This 
> is why we fix this problem in 8250 driver. But if there is a
> possibility that other drivers accesses port->info in their
> ->get_mctrl(), we should be fixing this in uart_read_proc(), as
> you said.

OK.  But port->info might not be the only state which is initialised
in open() which is used in get_mctrl().

> How about the following patch? We've also confirmed the problem
> is fixed by it.
> 

Thanks.  Or we could just avoid calling into ->get_mctrl() if the port isn't
opened.  Russell?  Any preferences?

> 
> 
> This patch fixes the problem that uninitialized (NULL) 'info' member
> of uart_port structure can be accessed if serial driver is accessed
> through /proc filesystem before uart_open(), which initializes the
> 'info' member', is called.
> 
> Signed-off-by: Kenji Kaneshige <[email protected]>
> Signed-off-by: Taku Izumi <[email protected]>
> 
> ---
>  drivers/serial/serial_core.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Index: linux-2.6.21-rc5/drivers/serial/serial_core.c
> ===================================================================
> --- linux-2.6.21-rc5.orig/drivers/serial/serial_core.c
> +++ linux-2.6.21-rc5/drivers/serial/serial_core.c
> @@ -1665,7 +1665,7 @@ static int uart_line_info(char *buf, str
>  	unsigned int status;
>  	int mmio, ret;
>  
> -	if (!port)
> +	if (!port || !port->info)
>  		return 0;
>  
>  	mmio = port->iotype >= UPIO_MEM;
> 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- [PATCH][BUG] Fix possible NULL pointer access in 8250 serial driver
  - From: izumi <[email protected]>
- Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serial driver
  - From: Andrew Morton <[email protected]>
- Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serial driver
  - From: Kenji Kaneshige <[email protected]>

Prev by Date: Re: [PATCH] Provide better abstraction for the serial drivers to xmit buf and tty
Next by Date: Re: [PATCH RFD] alternative kobject release wait mechanism
Previous by thread: Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serial driver
Next by thread: Re: [PATCH][BUG] Fix possible NULL pointer access in 8250 serial driver
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]