From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Richard Genoud <richard.genoud@gmail.com>,
Rob Herring <robh@kernel.org>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Subject: [PATCH 4.17 26/45] tty/serial: atmel: use port->name as name in request_irq()
Date: Thu, 14 Jun 2018 16:04:17 +0200 [thread overview]
Message-ID: <20180614132128.205026604@linuxfoundation.org> (raw)
In-Reply-To: <20180614132126.797006529@linuxfoundation.org>
4.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
commit 9594b5be7ec110ed11acec58fa94f3f293668c85 upstream.
I was puzzled while looking at /proc/interrupts and random things showed
up between reboots. This occurred more often but I realised it later. The
"correct" output should be:
|38: 11861 atmel-aic5 2 Level ttyS0
but I saw sometimes
|38: 6426 atmel-aic5 2 Level tty1
and accounted it wrongly as correct. This is use after free and the
former example randomly got the "old" pointer which pointed to the same
content. With SLAB_FREELIST_RANDOM and HARDENED I even got
|38: 7067 atmel-aic5 2 Level E=Started User Manager for UID 0
or other nonsense.
As it turns out the tty, pointer that is accessed in atmel_startup(), is
freed() before atmel_shutdown(). It seems to happen quite often that the
tty for ttyS0 is allocated and freed while ->shutdown is not invoked. I
don't do anything special - just a systemd boot :)
Use dev_name(&pdev->dev) as the IRQ name for request_irq(). This exists
as long as the driver is loaded so no use-after-free here.
Cc: stable@vger.kernel.org
Fixes: 761ed4a94582 ("tty: serial_core: convert uart_close to use tty_port_close")
Acked-by: Richard Genoud <richard.genoud@gmail.com>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/atmel_serial.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1757,7 +1757,6 @@ static int atmel_startup(struct uart_por
{
struct platform_device *pdev = to_platform_device(port->dev);
struct atmel_uart_port *atmel_port = to_atmel_uart_port(port);
- struct tty_struct *tty = port->state->port.tty;
int retval;
/*
@@ -1772,8 +1771,8 @@ static int atmel_startup(struct uart_por
* Allocate the IRQ
*/
retval = request_irq(port->irq, atmel_interrupt,
- IRQF_SHARED | IRQF_COND_SUSPEND,
- tty ? tty->name : "atmel_serial", port);
+ IRQF_SHARED | IRQF_COND_SUSPEND,
+ dev_name(&pdev->dev), port);
if (retval) {
dev_err(port->dev, "atmel_startup - Can't get irq\n");
return retval;
next prev parent reply other threads:[~2018-06-14 14:50 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-14 14:03 [PATCH 4.17 00/45] 4.17.2-stable review Greg Kroah-Hartman
2018-06-14 14:03 ` [PATCH 4.17 01/45] crypto: chelsio - request to HW should wrap Greg Kroah-Hartman
2018-06-14 14:03 ` [PATCH 4.17 02/45] blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers Greg Kroah-Hartman
2018-06-14 14:03 ` [PATCH 4.17 04/45] KVM: x86: introduce linear_{read,write}_system Greg Kroah-Hartman
2018-06-14 14:03 ` [PATCH 4.17 05/45] kvm: fix typo in flag name Greg Kroah-Hartman
2018-06-14 14:03 ` [PATCH 4.17 06/45] kvm: nVMX: Enforce cpl=0 for VMX instructions Greg Kroah-Hartman
2018-06-14 14:03 ` [PATCH 4.17 07/45] KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system Greg Kroah-Hartman
2018-06-14 14:03 ` [PATCH 4.17 08/45] kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 09/45] staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 10/45] NFC: pn533: dont send USB data off of the stack Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 11/45] usbip: vhci_sysfs: fix potential Spectre v1 Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 12/45] usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 13/45] usb-storage: Add compatibility quirk flags for G-Technologies G-Drive Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 14/45] Input: xpad - add GPD Win 2 Controller USB IDs Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 15/45] phy: qcom-qusb2: Fix crash if nvmem cell not specified Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 16/45] usb: core: message: remove extra endianness conversion in usb_set_isoch_delay Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 17/45] usb: typec: wcove: Remove dependency on HW FSM Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 18/45] usb: gadget: function: printer: avoid wrong list handling in printer_write() Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 19/45] usb: gadget: udc: renesas_usb3: fix double phy_put() Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 20/45] usb: gadget: udc: renesas_usb3: should remove debugfs Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 21/45] usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() before add udc Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 22/45] usb: gadget: udc: renesas_usb3: should call devm_phy_get() " Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 23/45] usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns error Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 24/45] usb: gadget: udc: renesas_usb3: disable the controllers irqs for reconnecting Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 25/45] serial: sh-sci: Stop using printk format %pCr Greg Kroah-Hartman
2018-06-14 14:04 ` Greg Kroah-Hartman
2018-06-14 14:04 ` Greg Kroah-Hartman
2018-06-14 14:04 ` Greg Kroah-Hartman [this message]
2018-06-14 14:04 ` [PATCH 4.17 27/45] serial: samsung: fix maxburst parameter for DMA transactions Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 28/45] serial: 8250: omap: Fix idling of clocks for unused uarts Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 29/45] vmw_balloon: fixing double free when batching mode is off Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 30/45] doc: fix sysfs ABI documentation Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 31/45] arm64: defconfig: Enable CONFIG_PINCTRL_MT7622 by default Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 32/45] tty: pl011: Avoid spuriously stuck-off interrupts Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 33/45] crypto: ccree - correct host regs offset Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 34/45] Input: goodix - add new ACPI id for GPD Win 2 touch screen Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 35/45] Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 41/45] crypto: cavium - Fix fallout from CONFIG_VMAP_STACK Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 42/45] crypto: cavium - Limit result reading attempts Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 43/45] crypto: vmx - Remove overly verbose printk from AES init routines Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 44/45] crypto: vmx - Remove overly verbose printk from AES XTS init Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.17 45/45] crypto: omap-sham - fix memleak Greg Kroah-Hartman
2018-06-14 22:31 ` [PATCH 4.17 00/45] 4.17.2-stable review Shuah Khan
2018-06-15 4:57 ` Greg Kroah-Hartman
2018-06-15 0:45 ` [LTP] " Naresh Kamboju
2018-06-15 0:45 ` Naresh Kamboju
2018-06-15 5:11 ` [LTP] " Greg Kroah-Hartman
2018-06-15 5:11 ` Greg Kroah-Hartman
2018-06-15 15:20 ` Guenter Roeck
2018-06-15 16:19 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180614132128.205026604@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bigeasy@linutronix.de \
--cc=linux-kernel@vger.kernel.org \
--cc=richard.genoud@gmail.com \
--cc=robh@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.