From: Greg KH <gregkh@linuxfoundation.org>
To: Yi Yang <yiyang13@huawei.com>
Cc: jirislaby@kernel.org, ilpo.jarvinen@linux.intel.com,
andy.shevchenko@gmail.com, linux-serial@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH -next] serial: 8250: fix return error code in serial8250_request_std_resource()
Date: Mon, 27 Jun 2022 14:08:43 +0200 [thread overview]
Message-ID: <Yrmdy6IJrWMkZfZg@kroah.com> (raw)
In-Reply-To: <20220620072025.172088-1-yiyang13@huawei.com>
On Mon, Jun 20, 2022 at 03:20:25PM +0800, Yi Yang wrote:
> If port->mapbase = NULL in serial8250_request_std_resource() , it need
> return a error code instead of 0. If uart_set_info() fail to request new
> regions by serial8250_request_std_resource() but the return value of
> serial8250_request_std_resource() is 0, that The system will mistakenly
> considers that port resources are successfully applied for. A null
> pointer reference is triggered when the port resource is later invoked.
>
> The problem can also be triggered with the following simple program:
> ----------
> #include <stdio.h>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <sys/ioctl.h>
> #include <unistd.h>
> #include <errno.h>
>
> struct serial_struct {
> int type;
> int line;
> unsigned int port;
> int irq;
> int flags;
> int xmit_fifo_size;
> int custom_divisor;
> int baud_base;
> unsigned short close_delay;
> char io_type;
> char reserved_char[1];
> int hub6;
> unsigned short closing_wait; /* time to wait before closing */
> unsigned short closing_wait2; /* no longer used... */
> unsigned char *iomem_base;
> unsigned short iomem_reg_shift;
> unsigned int port_high;
> unsigned long iomap_base; /* cookie passed into ioremap */
> };
>
> struct serial_struct str;
>
> int main(void)
> {
> open("/dev/ttyS0", O_RDWR);
> ioctl(fd, TIOCGSERIAL, &str);
> str.iomem_base = 0;
> ioctl(fd, TIOCSSERIAL, str);
> return 0;
> }
> ----------
>
> Signed-off-by: Yi Yang <yiyang13@huawei.com>
> ---
> drivers/tty/serial/8250/8250_port.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
> index 3e3d784aa628..e1cefa97bdeb 100644
> --- a/drivers/tty/serial/8250/8250_port.c
> +++ b/drivers/tty/serial/8250/8250_port.c
> @@ -2961,8 +2961,10 @@ static int serial8250_request_std_resource(struct uart_8250_port *up)
> case UPIO_MEM32BE:
> case UPIO_MEM16:
> case UPIO_MEM:
> - if (!port->mapbase)
> + if (!port->mapbase) {
> + ret = -EFAULT;
This not a memory fault, that only gets returned for failures when
copying to/from userspace.
Please return -EINVAL or something like that.
thanks,
greg k-h
prev parent reply other threads:[~2022-06-27 12:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-20 7:20 [PATCH -next] serial: 8250: fix return error code in serial8250_request_std_resource() Yi Yang
2022-06-20 7:53 ` Ilpo Järvinen
2022-06-20 8:27 ` yiyang (D)
2022-06-27 12:09 ` Greg Kroah-Hartman
2022-06-27 12:08 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yrmdy6IJrWMkZfZg@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=andy.shevchenko@gmail.com \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=jirislaby@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
--cc=yiyang13@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.