On Thu, Mar 10, 2016 at 11:17:23AM +0800, Jiang Lu wrote: > compat_ioctl use 0xffffffff as a magic number to mark invalid pointer > for iomem_base in serial_struct when truncating a 64bit pointer into > 32bit. > > Serial driver need recognize this invalid pointer when parsing > serial_struct from userspace. > > Signed-off-by: Jiang Lu <lu.jiang@xxxxxxxxxxxxx> > --- > drivers/tty/serial/serial_core.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c > index a5d545e..d293536 100644 > --- a/drivers/tty/serial/serial_core.c > +++ b/drivers/tty/serial/serial_core.c > @@ -745,6 +745,9 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, > * allocations, we should treat type changes the same as > * IO port changes. > */ > + if ((unsigned long)new_info->iomem_base == 0xffffffff) > + new_info->iomem_base = (void *)(unsigned long)uport->mapbase; This looks really odd to me, why do we care about userspace issues here? Shouldn't the compat ioctl code have handled this already all for us? And why set it to mapbase? Just to keep it from being changed? this worries me... greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-serial" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
