From nobody Mon Apr 27 01:53:16 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4FD4C43334 for ; Mon, 20 Jun 2022 07:22:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239247AbiFTHWo (ORCPT ); Mon, 20 Jun 2022 03:22:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58128 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235073AbiFTHWl (ORCPT ); Mon, 20 Jun 2022 03:22:41 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C10C6EE0E; Mon, 20 Jun 2022 00:22:39 -0700 (PDT) Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4LRLfL5zXDzkWS2; Mon, 20 Jun 2022 15:20:58 +0800 (CST) Received: from kwepemm600014.china.huawei.com (7.193.23.54) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 20 Jun 2022 15:22:34 +0800 Received: from ubuntu1804.huawei.com (10.67.175.28) by kwepemm600014.china.huawei.com (7.193.23.54) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 20 Jun 2022 15:22:34 +0800 From: Yi Yang To: , , , CC: , Subject: [PATCH -next] serial: 8250: fix return error code in serial8250_request_std_resource() Date: Mon, 20 Jun 2022 15:20:25 +0800 Message-ID: <20220620072025.172088-1-yiyang13@huawei.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 X-Originating-IP: [10.67.175.28] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To kwepemm600014.china.huawei.com (7.193.23.54) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If port->mapbase =3D NULL in serial8250_request_std_resource() , it need return a error code instead of 0. If uart_set_info() fail to request new regions by serial8250_request_std_resource() but the return value of serial8250_request_std_resource() is 0, that The system will mistakenly considers that port resources are successfully applied for. A null pointer reference is triggered when the port resource is later invoked. The problem can also be triggered with the following simple program: ---------- #include #include #include #include #include #include #include struct serial_struct { int type; int line; unsigned int port; int irq; int flags; int xmit_fifo_size; int custom_divisor; int baud_base; unsigned short close_delay; char io_type; char reserved_char[1]; int hub6; unsigned short closing_wait; /* time to wait before closing */ unsigned short closing_wait2; /* no longer used... */ unsigned char *iomem_base; unsigned short iomem_reg_shift; unsigned int port_high; unsigned long iomap_base; /* cookie passed into ioremap */ }; struct serial_struct str; int main(void) { open("/dev/ttyS0", O_RDWR); ioctl(fd, TIOCGSERIAL, &str); str.iomem_base =3D 0; ioctl(fd, TIOCSSERIAL, str); return 0; } ---------- Signed-off-by: Yi Yang --- drivers/tty/serial/8250/8250_port.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/= 8250_port.c index 3e3d784aa628..e1cefa97bdeb 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -2961,8 +2961,10 @@ static int serial8250_request_std_resource(struct ua= rt_8250_port *up) case UPIO_MEM32BE: case UPIO_MEM16: case UPIO_MEM: - if (!port->mapbase) + if (!port->mapbase) { + ret =3D -EFAULT; break; + } =20 if (!request_mem_region(port->mapbase, size, "serial")) { ret =3D -EBUSY; --=20 2.17.1