serial_core:recognize invalid pointer from userspace

Linux Serial subsystem development
 help / color / mirror / Atom feed

* serial_core:recognize invalid pointer from userspace
@ 2016-03-09  8:02 Jiang Lu
  2016-03-09  8:02 ` Jiang Lu
  0 siblings, 1 reply; 3+ messages in thread
From: Jiang Lu @ 2016-03-09  8:02 UTC (permalink / raw)
  To: warrick.jiang, linux-kernel, linux-serial

Hi,

When running setserial, application issue a TIOCGSERIAL iotcl to get serial setting, then update 
serial setting with TIOCSSERIAL ioctl. It always failed with TIOCSSERIAL ioctl, for application
pass 0xffffffff for iomem_base in serial_struct to kernel.

On 32bit rootfs & 64bit kernel, compat_ioctl use 0xffffffff as a magic number to mark invalid pointer
for iomem_base in serial_struct when truncating a 64bit pointer into 32bit.

Serial driver need recognize this invalid pointer when parsing serial_struct from userspace.

Thanks
Jiang Lu

^ permalink raw reply	[flat|nested] 3+ messages in thread

* serial_core:recognize invalid pointer from userspace
  2016-03-09  8:02 serial_core:recognize invalid pointer from userspace Jiang Lu
@ 2016-03-09  8:02 ` Jiang Lu
  2016-03-09  8:23   ` kbuild test robot
  0 siblings, 1 reply; 3+ messages in thread
From: Jiang Lu @ 2016-03-09  8:02 UTC (permalink / raw)
  To: warrick.jiang, linux-kernel, linux-serial

compat_ioctl use 0xffffffff as a magic number to mark invalid pointer
for iomem_base in serial_struct when truncating a 64bit pointer into
32bit.

Serial driver need recognize this invalid pointer when parsing
serial_struct from userspace.

Signed-off-by: Jiang Lu <lu.jiang@windriver.com>
---
 drivers/tty/serial/serial_core.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
index a5d545e..7b9ec1b 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -745,6 +745,9 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port,
 	 * allocations, we should treat type changes the same as
 	 * IO port changes.
 	 */
+	if ((unsigned long)new_info->iomem_base == 0xffffffff)
+		new_info->iomem_base = (unsigned char *)uport->mapbase;
+
 	change_port = !(uport->flags & UPF_FIXED_PORT)
 		&& (new_port != uport->iobase ||
 		    (unsigned long)new_info->iomem_base != uport->mapbase ||
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: serial_core:recognize invalid pointer from userspace
  2016-03-09  8:02 ` Jiang Lu
@ 2016-03-09  8:23   ` kbuild test robot
  0 siblings, 0 replies; 3+ messages in thread
From: kbuild test robot @ 2016-03-09  8:23 UTC (permalink / raw)
  To: Jiang Lu; +Cc: kbuild-all, warrick.jiang, linux-kernel, linux-serial

[-- Attachment #1: Type: text/plain, Size: 2204 bytes --]

Hi Jiang,

[auto build test WARNING on tty/tty-testing]
[also build test WARNING on v4.5-rc7 next-20160309]
[if your patch is applied to the wrong git tree, please drop us a note to help improving the system]

url:    https://github.com/0day-ci/linux/commits/Jiang-Lu/serial_core-recognize-invalid-pointer-from-userspace/20160309-160641
base:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git tty-testing
config: i386-randconfig-x000-201610 (attached as .config)
reproduce:
        # save the attached .config to linux build tree
        make ARCH=i386 

All warnings (new ones prefixed by >>):

   drivers/tty/serial/serial_core.c: In function 'uart_set_info':
>> drivers/tty/serial/serial_core.c:750:26: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
      new_info->iomem_base = (unsigned char *)uport->mapbase;
                             ^

vim +750 drivers/tty/serial/serial_core.c

   734		new_info->irq = irq_canonicalize(new_info->irq);
   735		close_delay = msecs_to_jiffies(new_info->close_delay * 10);
   736		closing_wait = new_info->closing_wait == ASYNC_CLOSING_WAIT_NONE ?
   737				ASYNC_CLOSING_WAIT_NONE :
   738				msecs_to_jiffies(new_info->closing_wait * 10);
   739	
   740	
   741		change_irq  = !(uport->flags & UPF_FIXED_PORT)
   742			&& new_info->irq != uport->irq;
   743	
   744		/*
   745		 * Since changing the 'type' of the port changes its resource
   746		 * allocations, we should treat type changes the same as
   747		 * IO port changes.
   748		 */
   749		if ((unsigned long)new_info->iomem_base == 0xffffffff)
 > 750			new_info->iomem_base = (unsigned char *)uport->mapbase;
   751	
   752		change_port = !(uport->flags & UPF_FIXED_PORT)
   753			&& (new_port != uport->iobase ||
   754			    (unsigned long)new_info->iomem_base != uport->mapbase ||
   755			    new_info->hub6 != uport->hub6 ||
   756			    new_info->io_type != uport->iotype ||
   757			    new_info->iomem_reg_shift != uport->regshift ||
   758			    new_info->type != uport->type);

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 23395 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-03-09  8:23 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-09  8:02 serial_core:recognize invalid pointer from userspace Jiang Lu
2016-03-09  8:02 ` Jiang Lu
2016-03-09  8:23   ` kbuild test robot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox