Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp675014pxj; Thu, 13 May 2021 14:16:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2yVGmPL4RcLyBWwzo6sNBPk/xSosYR1WKjOyXCeU5jNLQzj6KDiOhK9omue9iCYNJ/Sj8 X-Received: by 2002:a05:6402:1807:: with SMTP id g7mr51772241edy.335.1620940567490; Thu, 13 May 2021 14:16:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620940567; cv=none; d=google.com; s=arc-20160816; b=rYgmrIK70voh4Tfn6kPymcPYMgyp1fgzqNJdZtWM68xiAfVNDQGzYxFXxX6EaYhkrx DkbtODo/SI257Lb/t/lHWbozMIor1iyNkwnt1LSyEdeC4Rw8Hv1j95Y286Ifa/aEcm41 i8CwAihjJ/byRuN3fRsw/czE0uGFkhel5qbJnt6gAmQpnA29CSh3OQ6QxifERZbkimtr bwlP6bP37yFyi9pEiIiA5rPAlSduULRJLzGSENWtorED/6m5BDYvy48lF2JV1ka+GYXB xSJeNmvG3hOWlq169n//VTrOx+6t6sJKeVFViVla3UJZ1FUcKY6APxAxg4tc5bihZQrL S3wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=MHFmffqffP4w+oW18V88Nb04adBmMsSSFbv5Cx20f+o=; b=BggOGM7JI0BYdIwOhm+58Fa8xLu6VThhUWliXcCfjSI0YN/N+JqG4G6szW3gQ/TASk WjorTxky040FdEKfkg930r/Nj6xIZseJ7h0dTTYlLmhb6eAk8+ArxVuWI4JFuAcUA8zi GNlys51TbCF6voSNuivMDQJLmMSFyrP+/jyp0ZT7CfMXXgIYpvMEHC9XhGZDqxDUQehf yPjK8NLQXNXlII/xAJytofOwCy4rzW28zxLsBNF4RDF98Et5Oq3VtNqaq/e/enDJJDdV u7fx6E8Xh+AwrYzNhOSzTGSZa63u4py9oOxJU59OcegQ/1kbgCkMloVZW11fEUWCV2vC 8Lpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=rdaFDuw5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t21si4681252edi.443.2021.05.13.14.15.43; Thu, 13 May 2021 14:16:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=rdaFDuw5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234351AbhEMOZ2 (ORCPT + 99 others); Thu, 13 May 2021 10:25:28 -0400 Received: from mail.kernel.org ([198.145.29.99]:53470 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234405AbhEMOZY (ORCPT ); Thu, 13 May 2021 10:25:24 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 18B9461438; Thu, 13 May 2021 14:24:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620915854; bh=SW1ymyNTu4aCXy6HP1+WjOhWh+LV/joCZ43Hn91qvsk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=rdaFDuw5r7zBesVjHO6elOHNpi1MmXhJ3Gcr5Cq9jEkBU+rMEN2q4zhklkQbYs1Gf +XToyDC9n+hMObzZKgrqzjNNORFzh6Ni9EiUXW3ppEnhzgZLcbp3GOGmViVUaXAUBB m4YY+dfinalmO3jLTqj3kylgXmQlXRtQmLg5EpEI= Date: Thu, 13 May 2021 16:24:12 +0200 From: Greg Kroah-Hartman To: Vegard Nossum Cc: linux-serial@vger.kernel.org, syzbot+4c7f1a69dfe24c6b3aeb@syzkaller.appspotmail.com, syzbot+92f32d4e21fb246d31a2@syzkaller.appspotmail.com, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, Peter Hurley , Caleb Connolly Subject: Re: [PATCH] serial: 8250: fix NULL pointer dereference in serial8250_do_startup() Message-ID: References: <00000000000044a65205994a7e13@google.com> <20210426161433.20829-1-vegard.nossum@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 26, 2021 at 06:33:01PM +0200, Vegard Nossum wrote: > On 2021-04-26 18:17, Greg Kroah-Hartman wrote: > > On Mon, Apr 26, 2021 at 06:14:33PM +0200, Vegard Nossum wrote: > > > static void set_io_from_upio(struct uart_port *p) > > > { > > > struct uart_8250_port *up = up_to_u8250p(p); > > > @@ -2151,6 +2178,11 @@ int serial8250_do_startup(struct uart_port *port) > > > unsigned char lsr, iir; > > > int retval; > > > + if (WARN_ON_ONCE(needs_membase(port->iotype) && !port->membase)) > > > + return -ENODEV; > > > + if (WARN_ON_ONCE(needs_iobase(port->iotype) && !port->iobase)) > > > + return -ENODEV; > > > > These WARN_ON() will still trigger syzbot. Are you sure you tested this > > and had syzbot verify it? > > I tested it locally and the WARN_ON()s don't trigger -- presumably > because serial8250_verify_port() is called from uart_set_info() before > we get to serial8250_do_startup(): > > /* > * Ask the low level driver to verify the settings. > */ > if (uport->ops->verify_port) > retval = uport->ops->verify_port(uport, new_info); > > [...] > > retval = uart_startup(tty, state, 1); > > At least, this was my intention. Although now that I look at it again, > it looks like this check may be skipped in some cases; is that what > you're referring to? > > I didn't have syzbot verify it -- I thought it would do that when > submitting my patch. Looks like I need to push somewhere and ask syzbot > to test it using this? > > #syz test: git://repo/address.git commit-hash > > (I assume I can send this privately as long as I use the right > syzbot+...@ To-address?) > Dropping this now until you get this tested properly... thanks, greg k-h