uart_port_check() can return NULL pointer. Check its return value
before dereference it.

Signed-off-by: Li Zhong <floridsleeves@gmail.com>
---
 drivers/tty/serial/serial_core.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
index 12c87cd201a7..760e177166cf 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -194,6 +194,9 @@ static int uart_port_startup(struct tty_struct *tty, struct uart_state *state,
 	unsigned long page;
 	int retval = 0;
 
+	if (!uport)
+		return -EIO;
+
 	if (uport->type == PORT_UNKNOWN)
 		return 1;
 
@@ -498,6 +501,8 @@ static void uart_change_speed(struct tty_struct *tty, struct uart_state *state,
 	struct ktermios *termios;
 	int hw_stopped;
 
+	if (!uport)
+		return;
 	/*
 	 * If we have no tty, termios, or the port does not exist,
 	 * then we can't set the parameters for this port.
@@ -1045,6 +1050,8 @@ static int uart_get_lsr_info(struct tty_struct *tty,
 	struct uart_port *uport = uart_port_check(state);
 	unsigned int result;
 
+	if (!uport)
+		return -EIO;
 	result = uport->ops->tx_empty(uport);
 
 	/*
-- 
2.25.1

On Mon, Aug 22, 2022 at 10:57:39PM -0700, lily wrote:
> uart_port_check() can return NULL pointer.

It can?  How will that happen?

> Check its return value
> before dereference it.

How do you trigger this issue, and how was this change you made tested?

thanks,

greg k-h

On Mon, Aug 22, 2022 at 11:20 PM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Mon, Aug 22, 2022 at 10:57:39PM -0700, lily wrote:
> > uart_port_check() can return NULL pointer.
>
> It can?  How will that happen?
>
When state->uart_port is NULL, uart_port_check() will return a NULL pointer.
This actually is checked in other places like
drivers/tty/serial/serial_core.c:762.
> > Check its return value before dereference it.
>
> How do you trigger this issue, and how was this change you made tested?
>
I detect this issue with a static analysis tool, therefore not dynamically
triggered.
> thanks,
>
> greg k-h

On Mon, Aug 22, 2022 at 10:57:39PM -0700, lily wrote:
> uart_port_check() can return NULL pointer. Check its return value
> before dereference it.

Also, how did you find this issue?

> 
> Signed-off-by: Li Zhong <floridsleeves@gmail.com>

Also, your From: name does not match this one, so I can't take the patch
even if it is ok :(

Please do initial kernel work in drivers/staging/ to get issues like
this fixed up before moving to other portions of the kernel so that
basic email problems do not bother other subsystem maintainers.

thanks,

greg k-h

On Mon, Aug 22, 2022 at 11:22 PM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Mon, Aug 22, 2022 at 10:57:39PM -0700, lily wrote:
> > uart_port_check() can return NULL pointer. Check its return value
> > before dereference it.
>
> Also, how did you find this issue?
>
> >
> > Signed-off-by: Li Zhong <floridsleeves@gmail.com>
>
> Also, your From: name does not match this one, so I can't take the patch
> even if it is ok :(
>
> Please do initial kernel work in drivers/staging/ to get issues like
> this fixed up before moving to other portions of the kernel so that
> basic email problems do not bother other subsystem maintainers.
>
Thanks for the suggestions! I'll correct the From: in my v2 patch.

> thanks,
>
> greg k-h
>
>