2017-09-06 13:54:03

by Zhenhua

[permalink] [raw]
Subject: [PATCH 1/1] drivers/tty: check for null pointer

The parameter "handler" is not checked, which may cause system
crash on some broken devices.

Signed-off-by: Zhenhua <[email protected]>
---
drivers/tty/vt/keyboard.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
index f4166263bb3a..f85c2d8c0b36 100644
--- a/drivers/tty/vt/keyboard.c
+++ b/drivers/tty/vt/keyboard.c
@@ -1455,6 +1455,12 @@ static void kbd_event(struct input_handle *handle, unsigned int event_type,
unsigned int event_code, int value)
{
/* We are called with interrupts disabled, just take the lock */
+
+ if (handle == NULL || handle->dev == NULL) {
+ pr_err("device handler error.");
+ return;
+ }
+
spin_lock(&kbd_event_lock);

if (event_type == EV_MSC && event_code == MSC_RAW && HW_RAW(handle->dev))
--
2.14.1



2017-09-06 13:47:05

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH 1/1] drivers/tty: check for null pointer

On Wed, Sep 06, 2017 at 09:38:11PM +0800, Zhenhua wrote:
> The parameter "handler" is not checked, which may cause system
> crash on some broken devices.

Then those broken drivers need to be fixed.

What specific in-kernel drivers have this problem?

thanks,

greg k-h

2017-09-06 14:18:58

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH 1/1] drivers/tty: check for null pointer


A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

A: No.
Q: Should I include quotations after my reply?

http://daringfireball.net/2007/07/on_top

On Wed, Sep 06, 2017 at 09:57:20PM +0800, Li, Zhenhua wrote:
> when I tried to boot linux on a system with virtual bios and vortual keyboard,
> it crashes.

What exact "virtual bios and keyboard" are you referring to here? QEMU?
Something else?

> The root cause is the bios does not initialize devices correctly.

How does the bios come into play here? It should not matter, it should
only be a kernel driver that can set this value.

> did not track what drivers called this function.

What was the full oops message? That should show the problem.

And by just rejecting the call here, you are probably just postponing
the real fix from happening, we should resolve that.

thanks,

greg k-h