From: Fabio Estevam <festevam@xxxxxxxxx> Sent: Friday, May 20, 2016 1:00 PM
> To: gregkh@xxxxxxxxxxxxxxxxxxx
> Cc: Fugang Duan <fugang.duan@xxxxxxx>; linux-serial@xxxxxxxxxxxxxxx; Fabio
> Estevam <fabio.estevam@xxxxxxx>
> Subject: [PATCH v2] serial: serial_core: Perform NULL checks for
> release/request_port ops
>
> From: Fabio Estevam <fabio.estevam@xxxxxxx>
>
> Doing the following UART bind/unbind sequence on a i.mx platform causes a
> kernel crash due to NULL pointer dereference:
>
> echo 21f4000.serial > /sys/bus/platform/drivers/imx-uart/bind
> echo 21f4000.serial > /sys/bus/platform/drivers/imx-uart/unbind
>
> Fix this problem by adding NULL checks prior to calling release/request_port
> ops.
>
> Reported-by: Fugang Duan <fugang.duan@xxxxxxx>
> Signed-off-by: Fabio Estevam <fabio.estevam@xxxxxxx>
> ---
> Changes since v1:
> - Add NULL checks prior to other release/request_port calls.
>
> drivers/tty/serial/serial_core.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
> index a333c59..9fc1533 100644
> --- a/drivers/tty/serial/serial_core.c
> +++ b/drivers/tty/serial/serial_core.c
> @@ -887,7 +887,7 @@ static int uart_set_info(struct tty_struct *tty, struct
> tty_port *port,
> /*
> * Free and release old regions
> */
> - if (old_type != PORT_UNKNOWN)
> + if (old_type != PORT_UNKNOWN && uport->ops->release_port)
> uport->ops->release_port(uport);
>
> uport->iobase = new_port;
> @@ -900,7 +900,7 @@ static int uart_set_info(struct tty_struct *tty, struct
> tty_port *port,
> /*
> * Claim and map the new regions
> */
> - if (uport->type != PORT_UNKNOWN) {
> + if (uport->type != PORT_UNKNOWN && uport->ops-
> >request_port) {
> retval = uport->ops->request_port(uport);
> } else {
> /* Always success - Jean II */
> @@ -1125,7 +1125,7 @@ static int uart_do_autoconfig(struct tty_struct
> *tty,struct uart_state *state)
> * If we already have a port type configured,
> * we must release its resources.
> */
> - if (uport->type != PORT_UNKNOWN)
> + if (uport->type != PORT_UNKNOWN && uport->ops-
> >release_port)
> uport->ops->release_port(uport);
>
> flags = UART_CONFIG_TYPE;
> @@ -2897,7 +2897,7 @@ int uart_remove_one_port(struct uart_driver *drv,
> struct uart_port *uport)
> /*
> * Free the port IO and memory resources, if any.
> */
> - if (uport->type != PORT_UNKNOWN)
> + if (uport->type != PORT_UNKNOWN && uport->ops->release_port)
> uport->ops->release_port(uport);
> kfree(uport->tty_groups);
>
> --
> 1.9.1
Tested on i.MX6SX sdb board.
Tested-and-acked-by: Fugang Duan <fugang.duan@xxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-serial" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
