From fdc30b3d448bf86dd45f9df3e8ac0d36a3bdd9b2 Mon Sep 17 00:00:00 2001 From: Taku Izumi Date: Mon, 23 Apr 2007 14:41:00 -0700 Subject: [PATCH] Fix possible NULL pointer access in 8250 serial driver I encountered the following kernel panic. The cause of this problem was NULL pointer access in check_modem_status() in 8250.c. I confirmed this problem is fixed by the attached patch, but I don't know this is the correct fix. sadc[4378]: NaT consumption 2216203124768 [1] Modules linked in: binfmt_misc dm_mirror dm_mod thermal processor fan container button sg e100 eepro100 mii ehci_hcd ohci_hcd Pid: 4378, CPU 0, comm: sadc psr : 00001210085a2010 ifs : 8000000000000289 ip : [] Not tainted ip is at check_modem_status+0xf1/0x360 Call Trace: [] show_stack+0x40/0xa0 [] show_regs+0x840/0x880 [] die+0x1c0/0x2c0 [] die_if_kernel+0x50/0x80 [] ia64_fault+0x11e0/0x1300 [] ia64_leave_kernel+0x0/0x280 [] check_modem_status+0xf0/0x360 [] serial8250_get_mctrl+0x20/0xa0 [] uart_read_proc+0x250/0x860 [] proc_file_read+0x1d0/0x4c0 [] vfs_read+0x1b0/0x300 [] sys_read+0x70/0xe0 [] ia64_ret_from_syscall+0x0/0x20 [] __kernel_syscall_via_break+0x0/0x20 Fix the possible NULL pointer access in check_modem_status() in 8250.c. The check_modem_status() would access 'info' member of uart_port structure, but it is not initialized before uart_open() is called. The check_modem_status() can be called through /proc/tty/driver/serial before uart_open() is called. Signed-off-by: Kenji Kaneshige Signed-off-by: Taku Izumi Cc: Russell King Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/serial/8250.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/serial/8250.c b/drivers/serial/8250.c index c129a0e8e8..c0c472ac53 100644 --- a/drivers/serial/8250.c +++ b/drivers/serial/8250.c @@ -1310,7 +1310,8 @@ static unsigned int check_modem_status(struct uart_8250_port *up) { unsigned int status = serial_in(up, UART_MSR); - if (status & UART_MSR_ANY_DELTA && up->ier & UART_IER_MSI) { + if (status & UART_MSR_ANY_DELTA && up->ier & UART_IER_MSI && + up->port.info != NULL) { if (status & UART_MSR_TERI) up->port.icount.rng++; if (status & UART_MSR_DDSR) -- 2.39.5