2021-12-16 12:51:46

by Jiasheng Jiang

[permalink] [raw]
Subject: [PATCH v2] serial: pch_uart: potential dereference of null pointer

The return value of dma_alloc_coherent() needs to be checked.
To avoid dereference of null pointer in case of the failure of alloc.

Fixes: ab4382d27412 ("tty: move drivers/serial/ to drivers/tty/serial/")
Signed-off-by: Jiasheng Jiang <[email protected]>
---
Changelog:

v1 -> v2

*Change 1. Add the dev_err when dma_alloc_coherent failed.
---
drivers/tty/serial/pch_uart.c | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/drivers/tty/serial/pch_uart.c b/drivers/tty/serial/pch_uart.c
index f0351e6f0ef6..d19ed7da24fa 100644
--- a/drivers/tty/serial/pch_uart.c
+++ b/drivers/tty/serial/pch_uart.c
@@ -745,6 +745,14 @@ static void pch_request_dma(struct uart_port *port)
/* Get Consistent memory for DMA */
priv->rx_buf_virt = dma_alloc_coherent(port->dev, port->fifosize,
&priv->rx_buf_dma, GFP_KERNEL);
+ if (!priv->rx_buf_virt) {
+ dev_err(priv->port.dev, "%s:dma_alloc_coherent FAILS(Rx)\n",
+ __func__);
+ dma_release_channel(priv->chan_tx);
+ priv->chan_tx = NULL;
+ return;
+ }
+
priv->chan_rx = chan;
}

--
2.25.1



2021-12-16 13:15:19

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH v2] serial: pch_uart: potential dereference of null pointer

On Thu, Dec 16, 2021 at 08:51:21PM +0800, Jiasheng Jiang wrote:
> The return value of dma_alloc_coherent() needs to be checked.
> To avoid dereference of null pointer in case of the failure of alloc.
>
> Fixes: ab4382d27412 ("tty: move drivers/serial/ to drivers/tty/serial/")

That is not the commit that caused the problem :(

> Signed-off-by: Jiasheng Jiang <[email protected]>
> ---
> Changelog:
>
> v1 -> v2
>
> *Change 1. Add the dev_err when dma_alloc_coherent failed.
> ---
> drivers/tty/serial/pch_uart.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/tty/serial/pch_uart.c b/drivers/tty/serial/pch_uart.c
> index f0351e6f0ef6..d19ed7da24fa 100644
> --- a/drivers/tty/serial/pch_uart.c
> +++ b/drivers/tty/serial/pch_uart.c
> @@ -745,6 +745,14 @@ static void pch_request_dma(struct uart_port *port)
> /* Get Consistent memory for DMA */
> priv->rx_buf_virt = dma_alloc_coherent(port->dev, port->fifosize,
> &priv->rx_buf_dma, GFP_KERNEL);
> + if (!priv->rx_buf_virt) {
> + dev_err(priv->port.dev, "%s:dma_alloc_coherent FAILS(Rx)\n",
> + __func__);
> + dma_release_channel(priv->chan_tx);
> + priv->chan_tx = NULL;
> + return;

You seemed to have ignored my previous review comments on this change
for some reason :(

This is not correct.

greg k-h