Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp146177ybh; Tue, 21 Jul 2020 19:04:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzsmiu4p2q8Tzr0/myo2LdrPmtosXOhzvBQlJOnpUPAKzDTtZX0YVfVrdAlupoHfUgGEcnc X-Received: by 2002:a17:906:c096:: with SMTP id f22mr26964072ejz.159.1595383447329; Tue, 21 Jul 2020 19:04:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595383447; cv=none; d=google.com; s=arc-20160816; b=RDt7Jg9rPso5cqLBAWnPZX1xApzNaTWmfHzAkJhD5A1hgk7hyVj1gR11hWJ7JlbIvQ Ia6nI+KuSRyXpa5+Y2kEbwm5RZiFMCaUfJf1rv4st38bCP+igM2hr9ILIRXF5XaSFwlc Iv2tS3OYJcuL9oW+qvKCoyLkedznkxs/uRXGpASGoDLbSKPEt26R1fhsC/Epuuir6zc1 X5XuMHWuN4/hfIEseRP6RWHY4b5TXbFSBPk4hwGDy20O1Gdw1sJt2/iCePeoRP/7rFGi 54gP8Vs3HsxyZcqftfjdS3XJCNX9Z0T+RKEQ0VyKSR9/uYOEsa5dR99TkQ6ZkeANDc+8 jJug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject; bh=k2WDljYXl8h3gPIwBKKVnpk6FyYX/rrMd8U9SrUHoYw=; b=Lh4dGzjiopfETqVzruS59UHIyUMbO7GYpZgsvSKUS2U/sb6A4SAWtbXkmClVaIroMd dVgByMT4UVE8GUTG45xYx29eblhUmEw0bZFG1i6ywuyPeSktMwSU7dn0o3pks9IIkanA QEfUuX9lafZ81xOMLH9L84OB/6FPWIXUEcztVcbHARbf1Lk6m7+P02KPCwMzlqRMpCZm Mj81EyB5tKlptiPUB+Kub60EWqHJzrFhP7hfqfPGYYZnSxAq/CNphhDCOnQ5x7953vJo YQRaSmpGI9PxRazX1d9//sDYzBi7Q8pzb03NouN5asGJEPmL71WJNkscVNeA+vnVEZtI Y2qg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h20si13430644ejk.652.2020.07.21.19.03.44; Tue, 21 Jul 2020 19:04:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731654AbgGVCD1 (ORCPT + 99 others); Tue, 21 Jul 2020 22:03:27 -0400 Received: from szxga06-in.huawei.com ([45.249.212.32]:38092 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1731614AbgGVCD1 (ORCPT ); Tue, 21 Jul 2020 22:03:27 -0400 Received: from DGGEMS410-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id 9E13415924246FF15238; Wed, 22 Jul 2020 09:56:45 +0800 (CST) Received: from [10.174.178.63] (10.174.178.63) by DGGEMS410-HUB.china.huawei.com (10.3.19.210) with Microsoft SMTP Server id 14.3.487.0; Wed, 22 Jul 2020 09:56:39 +0800 Subject: Re: [PATCH] serial: 8250: fix null-ptr-deref in serial8250_start_tx() To: Yang Yingliang , CC: , LKML , References: <20200721143852.4058352-1-yangyingliang@huawei.com> From: "liwei (GF)" Message-ID: Date: Wed, 22 Jul 2020 09:56:38 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.0 MIME-Version: 1.0 In-Reply-To: <20200721143852.4058352-1-yangyingliang@huawei.com> Content-Type: text/plain; charset="gbk" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.178.63] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Yingliang, On 2020/7/21 22:38, Yang Yingliang wrote: (SNIP) > > SERIAL_PORT_DFNS is not defined on each arch, if it's not defined, > serial8250_set_defaults() won't be called in serial8250_isa_init_ports(), > so the p->serial_in pointer won't be initialized, and it leads a null-ptr-deref. > Fix this problem by calling serial8250_set_defaults() after init uart port. > > Signed-off-by: Yang Yingliang > --- > drivers/tty/serial/8250/8250_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c > index fc118f649887..cae61d1ebec5 100644 > --- a/drivers/tty/serial/8250/8250_core.c > +++ b/drivers/tty/serial/8250/8250_core.c > @@ -524,6 +524,7 @@ static void __init serial8250_isa_init_ports(void) > */ > up->mcr_mask = ~ALPHA_KLUDGE_MCR; > up->mcr_force = ALPHA_KLUDGE_MCR; > + serial8250_set_defaults(up); That is really a good catch, but this modification looks not good to me. First, serial8250_set_defaults()'s parameter 'up' updated in the loop below is used to lead to different branch in this function. So that the logic is broken. Second, up->port.iobase and up->port.iotype are both initialized to 0, so the 'serial_in' and 'serial_out' will be assigned to the ops for IO space with port 0 here, i don't think that is correct. > } > > /* chain base port ops to support Remote Supervisor Adapter */ > @@ -547,7 +548,6 @@ static void __init serial8250_isa_init_ports(void) > port->membase = old_serial_port[i].iomem_base; > port->iotype = old_serial_port[i].io_type; > port->regshift = old_serial_port[i].iomem_reg_shift; > - serial8250_set_defaults(up); > > port->irqflags |= irqflag; > if (serial8250_isa_config != NULL) > Thanks, Wei