[PATCH] serial: pch_uart: potential dereference of null pointer

Jiasheng Jiang posted 1 patch 4 years, 6 months ago
drivers/tty/serial/pch_uart.c | 6 ++++++
1 file changed, 6 insertions(+)
[PATCH] serial: pch_uart: potential dereference of null pointer
Posted by Jiasheng Jiang 4 years, 6 months ago
The return value of dma_alloc_coherent() needs to be checked.
To avoid dereference of null pointer in case of the failure of alloc.

Fixes: ab4382d27412 ("tty: move drivers/serial/ to drivers/tty/serial/")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
---
 drivers/tty/serial/pch_uart.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/tty/serial/pch_uart.c b/drivers/tty/serial/pch_uart.c
index f0351e6f0ef6..2ee1c4d6f177 100644
--- a/drivers/tty/serial/pch_uart.c
+++ b/drivers/tty/serial/pch_uart.c
@@ -745,6 +745,12 @@ static void pch_request_dma(struct uart_port *port)
 	/* Get Consistent memory for DMA */
 	priv->rx_buf_virt = dma_alloc_coherent(port->dev, port->fifosize,
 				    &priv->rx_buf_dma, GFP_KERNEL);
+	if (!priv->rx_buf_virt) {
+		dma_release_channel(priv->chan_tx);
+		priv->chan_tx = NULL;
+		return;
+	}
+
 	priv->chan_rx = chan;
 }
 
-- 
2.25.1

Re: [PATCH] serial: pch_uart: potential dereference of null pointer
Posted by Greg KH 4 years, 6 months ago
On Thu, Dec 16, 2021 at 05:44:08PM +0800, Jiasheng Jiang wrote:
> The return value of dma_alloc_coherent() needs to be checked.
> To avoid dereference of null pointer in case of the failure of alloc.
> 
> Fixes: ab4382d27412 ("tty: move drivers/serial/ to drivers/tty/serial/")
> Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> ---
>  drivers/tty/serial/pch_uart.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/tty/serial/pch_uart.c b/drivers/tty/serial/pch_uart.c
> index f0351e6f0ef6..2ee1c4d6f177 100644
> --- a/drivers/tty/serial/pch_uart.c
> +++ b/drivers/tty/serial/pch_uart.c
> @@ -745,6 +745,12 @@ static void pch_request_dma(struct uart_port *port)
>  	/* Get Consistent memory for DMA */
>  	priv->rx_buf_virt = dma_alloc_coherent(port->dev, port->fifosize,
>  				    &priv->rx_buf_dma, GFP_KERNEL);
> +	if (!priv->rx_buf_virt) {
> +		dma_release_channel(priv->chan_tx);
> +		priv->chan_tx = NULL;
> +		return;

You are not returning an error, what happens when this buffer is later
attempted to be used?

How did you test this change?

thanks,

greg k-h