From nobody Fri Apr 3 07:54:14 2026 Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4A9EE393DDA for ; Mon, 9 Mar 2026 10:49:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773053353; cv=none; b=RU+kpY99sRfflJcisq45ctb8HoRhaN4znv6rrJWRFErb/EJ0JfRKXQDBJUI/4QSs+XbJ+1MZXVCVIy71ZkDPGKeLFSmJoDfGDSWaZzFXmX08CySs/iA+WiJXxAy01JJ+t3PVBnn48lDb+TWY6ESB5cNRCrEO3NnDAMOgjkzau78= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773053353; c=relaxed/simple; bh=UkVo2ow3XYtj52kaHnUOTtaizjLAa4EnSurg8GeneEs=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=RM0j/xyESTpbQfiAtz3OcGpDOMCmnrDkYeJz9thrb0/ZQpfI7xjXwAL4xDM6RycBOPmcc+DRP7sfQQ7whUnhCpLIkM60MgRLE7c6k5Q5iyFpxGxshtERLEkgcOKTG9Y1+tnHEsop6xseO+CjgnbYMKkdqPIqAecWYu/m5xWWOSg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gZEk8FD/; arc=none smtp.client-ip=209.85.214.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gZEk8FD/" Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-2ad9a9be502so75358565ad.0 for ; Mon, 09 Mar 2026 03:49:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773053346; x=1773658146; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=fV45WtRC/In7rVkjevq6uG/C9FgujKH5l1UxF/Pl+PA=; b=gZEk8FD/QFDq61lqsttaIXfRbdmwatNRGoK2axACKjWsl42TevBEWPmevdoi3j4LU0 Tj+9UllAytsRz1O6OxbpZXpA7M2WvmBzrSEb2TOmwzdREiXElEzjSBsjMXy6TuT5eXO3 EUDRklGvro4hwjj0vCz5LbYAM3ULKp7Z00DX8HA/2SIvqr24kncfX5KK084AkkrL0w47 h5PF9KA9pKgjF2uncSXQdS4Ots5sMejULUTS1TgV2lHqA/2AbQ5/nlfUOhAtAgKM1/B8 IthEiQlSwV9GIQWA+6QJvQ/zbWjYwkXzVQlNVKgYb0uCO22fOlR6TRDu9i06dabu3fe6 OodA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773053346; x=1773658146; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=fV45WtRC/In7rVkjevq6uG/C9FgujKH5l1UxF/Pl+PA=; b=JB375SjL+9P6WcPYXOGO695vDlIM+MyDbhwFX53Hd6LFXnA7WoBwcg1v7QfrRLWa1A /x0Jv+eLiGOCkISq+inIKFk801zpozq3ANHJH/ku+zyLgJK3mkOvfj8KNuQwSiy2uxSZ Slj4ZnoS++4s40uAkSXFmUa/typwLwzoF8eApbBs7xjqz3HvQ5+DIlCkJWd/oGmxhFjo iGkp6p3A5UqtJYp3HrE/1F4NaExe6hp0saGysO4O6HyePacEGNFFhT1oifJSKRUEdNez b8F/mdPDyvClunJJpD5xj5gWkPZhDcwdHygXmaWAoePf8OhiPejaHJNgty7peuob8T12 jmGg== X-Gm-Message-State: AOJu0YzfsGQ/vA7DCO6D34YuvB2z1gdsx+E0eV4O+wpGzeShGTX8rV99 ZyNQoAccdVnFwqDPALvdqIpRBJmt98f/V2+ybsZoIL3V3+kRXmyiVXe4StFNCX3z X-Gm-Gg: ATEYQzy3K+nEFyd2AC3vNaUwXtVioJr3ay4rlYsqQ0p956JDmxqDKjoxiP9DEseRSx4 YTYUrTuyxxjGiuD0gbEP8q5CgXG4Gne+PJdV0IWAAXAlZzz89QZTlYnA9U5oi9XlGXNT3idissE 1C6THq50KzjVP6EtZ0F15ZzCUZGnYxgN8xfY2Xyu9Z10Y7p7wO36vEZKmP3U+Huxr89DQyLEBeg E4XfIKp/C1Vnz6ENby4qJdwsk8t7EflOPbW3GaAy160oKt+9TZJxGUmBh5/QmV5AP5KD6cG/VBk fWUU91pefQSX751xqwMa42e27r1TGJfxQeqyGNyqZJhtpgW/JAUxZ0K2Lmbt2qYUPIoTx+6aHFP P5MjW2NnRm6TDXSieYWeWTcUPY5AKt/U2iG607L+AVjLCF1+ExSfvQIM7SeWEj26ONVy2wDpJbP s8izXb6w4OhyFnCzk1VAw1h3NlpRrgIS6R7G0qnfzrbDCoxgm4Vr/Wh6Q+x+C12FvU9KdMP/pgJ /2Yx+w= X-Received: by 2002:a17:903:40ce:b0:2ae:5163:c2a6 with SMTP id d9443c01a7336-2ae82367dc9mr100376165ad.6.1773053346330; Mon, 09 Mar 2026 03:49:06 -0700 (PDT) Received: from deepanshu-kernel-hacker.. ([2405:201:682f:389d:39a3:7ba7:82e8:ffd2]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2ae83ea08fbsm110290635ad.36.2026.03.09.03.49.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 03:49:05 -0700 (PDT) From: Deepanshu Kartikey To: abbotti@mev.co.uk, hsweeten@visionengravers.com, gregkh@linuxfoundation.org Cc: linux-kernel@vger.kernel.org, Deepanshu Kartikey , syzbot+72f94b474d6e50b71ffc@syzkaller.appspotmail.com Subject: [PATCH] comedi: dt2815: add hardware detection to prevent crash Date: Mon, 9 Mar 2026 16:18:59 +0530 Message-ID: <20260309104859.503529-1-kartikey406@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkaller or users can attach the driver to arbitrary I/O addresses via COMEDI_DEVCONFIG ioctl. When no hardware exists at the specified port, inb() operations return 0xff (floating bus), but outb() operations can trigger page faults due to undefined behavior, especially under race conditions: BUG: unable to handle page fault for address: 000000007fffff90 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page RIP: 0010:dt2815_attach+0x6e0/0x1110 Add hardware detection by reading the status register before attempting any write operations. If the read returns 0xff, assume no hardware is present and fail the attach with -ENODEV. This prevents crashes from outb() operations on non-existent hardware. Reported-by: syzbot+72f94b474d6e50b71ffc@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D72f94b474d6e50b71ffc Tested-by: syzbot+72f94b474d6e50b71ffc@syzkaller.appspotmail.com Reviewed-by: Ian Abbott Signed-off-by: Deepanshu Kartikey --- drivers/comedi/drivers/dt2815.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/comedi/drivers/dt2815.c b/drivers/comedi/drivers/dt281= 5.c index 03ba2fd18a21..7c642860f127 100644 --- a/drivers/comedi/drivers/dt2815.c +++ b/drivers/comedi/drivers/dt2815.c @@ -175,6 +175,18 @@ static int dt2815_attach(struct comedi_device *dev, st= ruct comedi_devconfig *it) ? current_range_type : voltage_range_type; } =20 + /* + * Check if hardware is present before attempting any I/O operations. + * Reading 0xff from status register typically indicates no hardware + * on the bus (floating bus reads as all 1s). + */ + if (inb(dev->iobase + DT2815_STATUS) =3D=3D 0xff) { + dev_err(dev->class_dev, + "No hardware detected at I/O base 0x%lx\n", + dev->iobase); + return -ENODEV; + } + /* Init the 2815 */ outb(0x00, dev->iobase + DT2815_STATUS); for (i =3D 0; i < 100; i++) { --=20 2.43.0