Myy Posted January 17, 2019 Posted January 17, 2019 There's a few problems with the UART driver on 5.0-rc2 kernels, since proper checks are not done correctly and lead to a Null Pointer dereference. Here's a patch to avoid this issue : From 7e43ae8446b420907f00b43308ad0b99b6fe4e51 Mon Sep 17 00:00:00 2001 From: "Miouyouyou (Myy)" <myy@miouyouyou.fr> Date: Wed, 16 Jan 2019 23:58:52 +0100 Subject: [PATCH] drivers: tty: serial: Bail out if no UART is detected Before the 5.0, serial8250_register_8250_port consisted of one BIG if(uart && uart->port.type != PORT_8250_CIR) block, which prevented NULL dereference if uart, a pointer to an "uart_8250_port" detected through "serial8250_find_match_or_unused", were to be NULL. However, a recent patch added a few bits of code just after that, and that code manipulates the "uart" pointer without checking if it's NULL or not. This patch changes the mechanism and bail out early if no UART structure pointer is provided serial8250_find_match_or_unused. A goto is used instead of returning directly, since we're inside a mutex and must release it correctly. Signed-off-by: Miouyouyou (Myy) <myy@miouyouyou.fr> --- drivers/tty/serial/8250/8250_core.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c index 189ab1212..11120c2d9 100644 --- a/drivers/tty/serial/8250/8250_core.c +++ b/drivers/tty/serial/8250/8250_core.c @@ -981,7 +981,12 @@ int serial8250_register_8250_port(struct uart_8250_port *up) mutex_lock(&serial_mutex); uart = serial8250_find_match_or_unused(&up->port); - if (uart && uart->port.type != PORT_8250_CIR) { + if (!uart) { + printk(KERN_INFO "One UART port failed to register correctly\n"); + goto no_uart; + } + + if (uart->port.type != PORT_8250_CIR) { if (uart->port.dev) uart_remove_one_port(&serial8250_reg, &uart->port); @@ -1081,6 +1086,7 @@ int serial8250_register_8250_port(struct uart_8250_port *up) uart->overrun_backoff_time_ms = 0; } +no_uart: mutex_unlock(&serial_mutex); return ret; -- 2.16.4 1
Myy Posted January 17, 2019 Author Posted January 17, 2019 I'll open a bug report on the LKML and send the patch, though...
Recommended Posts