1. Patchew
  2. linux
  3. [PATCH v3 0/8] serial: exar: add Connect Tech serial cards to Exar driver
  4. View patch

[PATCH v3 8/8] serial: exar: fix: fix crash during shutdown if setup fails

Parker Newman posted 8 patches 1 year, 10 months ago
There is a newer version of this series
[PATCH v3 8/8] serial: exar: fix: fix crash during shutdown if setup fails
Posted by Parker Newman 1 year, 10 months ago 
From: Parker Newman <pnewman@connecttech.com>

If a port fails to register with serial8250_register_8250_port() the
kernel can crash when shutting down or module removal.

This is because "priv->line[i]" will be set to a negative error code
and in the exar_pci_remove() function serial8250_unregister_port() is
called without checking if the "priv->line[i]" value is valid.

Signed-off-by: Parker Newman <pnewman@connecttech.com>
---
 drivers/tty/serial/8250/8250_exar.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/tty/serial/8250/8250_exar.c b/drivers/tty/serial/8250/8250_exar.c
index 501b9f3e9c89..f5a395ed69d1 100644
--- a/drivers/tty/serial/8250/8250_exar.c
+++ b/drivers/tty/serial/8250/8250_exar.c
@@ -1671,7 +1671,8 @@ static void exar_pci_remove(struct pci_dev *pcidev)
 	unsigned int i;

 	for (i = 0; i < priv->nr; i++)
-		serial8250_unregister_port(priv->line[i]);
+		if (priv->line[i] >= 0)
+			serial8250_unregister_port(priv->line[i]);

 	/* Ensure that every init quirk is properly torn down */
 	if (priv->board->exit)
--
2.43.2
Re: [PATCH v3 8/8] serial: exar: fix: fix crash during shutdown if setup fails
Posted by Greg Kroah-Hartman 1 year, 9 months ago 
On Tue, Apr 16, 2024 at 08:55:35AM -0400, Parker Newman wrote:
> From: Parker Newman <pnewman@connecttech.com>
> 
> If a port fails to register with serial8250_register_8250_port() the
> kernel can crash when shutting down or module removal.
> 
> This is because "priv->line[i]" will be set to a negative error code
> and in the exar_pci_remove() function serial8250_unregister_port() is
> called without checking if the "priv->line[i]" value is valid.
> 
> Signed-off-by: Parker Newman <pnewman@connecttech.com>
> ---
>  drivers/tty/serial/8250/8250_exar.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/tty/serial/8250/8250_exar.c b/drivers/tty/serial/8250/8250_exar.c
> index 501b9f3e9c89..f5a395ed69d1 100644
> --- a/drivers/tty/serial/8250/8250_exar.c
> +++ b/drivers/tty/serial/8250/8250_exar.c
> @@ -1671,7 +1671,8 @@ static void exar_pci_remove(struct pci_dev *pcidev)
>  	unsigned int i;
> 
>  	for (i = 0; i < priv->nr; i++)
> -		serial8250_unregister_port(priv->line[i]);
> +		if (priv->line[i] >= 0)
> +			serial8250_unregister_port(priv->line[i]);

Is this a bug in the current driver?  If so, can you resend it on its
own so we can get it merged now?

thanks,

greg k-h
Re: [PATCH v3 8/8] serial: exar: fix: fix crash during shutdown if setup fails
Posted by Parker Newman 1 year, 9 months ago 
On Wed, 17 Apr 2024 13:19:07 +0200
Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:

> On Tue, Apr 16, 2024 at 08:55:35AM -0400, Parker Newman wrote:
> > From: Parker Newman <pnewman@connecttech.com>
> >
> > If a port fails to register with serial8250_register_8250_port() the
> > kernel can crash when shutting down or module removal.
> >
> > This is because "priv->line[i]" will be set to a negative error code
> > and in the exar_pci_remove() function serial8250_unregister_port() is
> > called without checking if the "priv->line[i]" value is valid.
> >
> > Signed-off-by: Parker Newman <pnewman@connecttech.com>
> > ---
> >  drivers/tty/serial/8250/8250_exar.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/tty/serial/8250/8250_exar.c b/drivers/tty/serial/8250/8250_exar.c
> > index 501b9f3e9c89..f5a395ed69d1 100644
> > --- a/drivers/tty/serial/8250/8250_exar.c
> > +++ b/drivers/tty/serial/8250/8250_exar.c
> > @@ -1671,7 +1671,8 @@ static void exar_pci_remove(struct pci_dev *pcidev)
> >  	unsigned int i;
> >
> >  	for (i = 0; i < priv->nr; i++)
> > -		serial8250_unregister_port(priv->line[i]);
> > +		if (priv->line[i] >= 0)
> > +			serial8250_unregister_port(priv->line[i]);
>
> Is this a bug in the current driver?  If so, can you resend it on its
> own so we can get it merged now?
>

Yes it is, I can split this one out and send it on its own.
Thanks,
Parker

> thanks,
>
> greg k-h
Re: [PATCH v3 8/8] serial: exar: fix: fix crash during shutdown if setup fails
Posted by Greg Kroah-Hartman 1 year, 9 months ago 
On Wed, Apr 17, 2024 at 08:24:13AM -0400, Parker Newman wrote:
> On Wed, 17 Apr 2024 13:19:07 +0200
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> 
> > On Tue, Apr 16, 2024 at 08:55:35AM -0400, Parker Newman wrote:
> > > From: Parker Newman <pnewman@connecttech.com>
> > >
> > > If a port fails to register with serial8250_register_8250_port() the
> > > kernel can crash when shutting down or module removal.
> > >
> > > This is because "priv->line[i]" will be set to a negative error code
> > > and in the exar_pci_remove() function serial8250_unregister_port() is
> > > called without checking if the "priv->line[i]" value is valid.
> > >
> > > Signed-off-by: Parker Newman <pnewman@connecttech.com>
> > > ---
> > >  drivers/tty/serial/8250/8250_exar.c | 3 ++-
> > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/tty/serial/8250/8250_exar.c b/drivers/tty/serial/8250/8250_exar.c
> > > index 501b9f3e9c89..f5a395ed69d1 100644
> > > --- a/drivers/tty/serial/8250/8250_exar.c
> > > +++ b/drivers/tty/serial/8250/8250_exar.c
> > > @@ -1671,7 +1671,8 @@ static void exar_pci_remove(struct pci_dev *pcidev)
> > >  	unsigned int i;
> > >
> > >  	for (i = 0; i < priv->nr; i++)
> > > -		serial8250_unregister_port(priv->line[i]);
> > > +		if (priv->line[i] >= 0)
> > > +			serial8250_unregister_port(priv->line[i]);
> >
> > Is this a bug in the current driver?  If so, can you resend it on its
> > own so we can get it merged now?
> >
> 
> Yes it is, I can split this one out and send it on its own.

Great!  Bonus points if you can find the commit id it fixes and add a
"Fixes:" tag to the signed-off-by area.  If not, I can guess :)

thanks,

greg k-h
Re: [PATCH v3 8/8] serial: exar: fix: fix crash during shutdown if setup fails
Posted by Parker Newman 1 year, 9 months ago 
On Wed, 17 Apr 2024 15:30:56 +0200
Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:

> On Wed, Apr 17, 2024 at 08:24:13AM -0400, Parker Newman wrote:
> > On Wed, 17 Apr 2024 13:19:07 +0200
> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> >
> > > On Tue, Apr 16, 2024 at 08:55:35AM -0400, Parker Newman wrote:
> > > > From: Parker Newman <pnewman@connecttech.com>
> > > >
> > > > If a port fails to register with serial8250_register_8250_port() the
> > > > kernel can crash when shutting down or module removal.
> > > >
> > > > This is because "priv->line[i]" will be set to a negative error code
> > > > and in the exar_pci_remove() function serial8250_unregister_port() is
> > > > called without checking if the "priv->line[i]" value is valid.
> > > >
> > > > Signed-off-by: Parker Newman <pnewman@connecttech.com>
> > > > ---
> > > >  drivers/tty/serial/8250/8250_exar.c | 3 ++-
> > > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/tty/serial/8250/8250_exar.c b/drivers/tty/serial/8250/8250_exar.c
> > > > index 501b9f3e9c89..f5a395ed69d1 100644
> > > > --- a/drivers/tty/serial/8250/8250_exar.c
> > > > +++ b/drivers/tty/serial/8250/8250_exar.c
> > > > @@ -1671,7 +1671,8 @@ static void exar_pci_remove(struct pci_dev *pcidev)
> > > >  	unsigned int i;
> > > >
> > > >  	for (i = 0; i < priv->nr; i++)
> > > > -		serial8250_unregister_port(priv->line[i]);
> > > > +		if (priv->line[i] >= 0)
> > > > +			serial8250_unregister_port(priv->line[i]);
> > >
> > > Is this a bug in the current driver?  If so, can you resend it on its
> > > own so we can get it merged now?
> > >
> >
> > Yes it is, I can split this one out and send it on its own.
>
> Great!  Bonus points if you can find the commit id it fixes and add a
> "Fixes:" tag to the signed-off-by area.  If not, I can guess :)
>
> thanks,
>
> greg k-h

After looking at this again and doing some testing this bug does not actually
happen with the driver in its current state. During my development I had it
happen but that would have been due to me messing around.

When "priv->line[i]" < 0 it breaks out of the for loop and priv->nr is set to "i".
so only the successfully registered ports will be unregistered in exar_pci_remove().

...
        for (i = 0; i < nr_ports && i < maxnr; i++) {
                rc = board->setup(priv, pcidev, &uart, i);
                if (rc) {
                        dev_err(&pcidev->dev, "Failed to setup port %u\n", i);
                        break;
                }

                dev_dbg(&pcidev->dev, "Setup PCI port: port %lx, irq %d, type %d\n",
                        uart.port.iobase, uart.port.irq, uart.port.iotype);

                priv->line[i] = serial8250_register_8250_port(&uart);
                if (priv->line[i] < 0) {
                        dev_err(&pcidev->dev,
                                "Couldn't register serial port %lx, irq %d, type %d, error %d\n",
                                uart.port.iobase, uart.port.irq,
                                uart.port.iotype, priv->line[i]);
                        break;
                }
        }
        priv->nr = i;
...

Thanks,
Parker

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.