Patchwork sunsu: Fix panic in case of nonexistent port at "console=ttySY" cmdline option

login
register
mail settings
Submitter Kirill Tkhai
Date Feb. 24, 2013, 9:01 a.m.
Message ID <115351361696475@web28d.yandex.ru>
Download mbox | patch
Permalink /patch/222763/
State Accepted
Delegated to: David Miller
Headers show

Comments

Kirill Tkhai - Feb. 24, 2013, 9:01 a.m.
If a machine has X (X < 4) sunsu ports and cmdline
option "console=ttySY" is passed, where X < Y <= 4,
than the following panic happens:

Unable to handle kernel NULL pointer dereference
TPC: <sunsu_console_setup+0x78/0xe0>
RPC: <sunsu_console_setup+0x74/0xe0>
I7: <register_console+0x378/0x3e0>
Call Trace:
 [0000000000453a38] register_console+0x378/0x3e0
 [0000000000576fa0] uart_add_one_port+0x2e0/0x340
 [000000000057af40] su_probe+0x160/0x2e0
 [00000000005b8a4c] platform_drv_probe+0xc/0x20
 [00000000005b6c2c] driver_probe_device+0x12c/0x220
 [00000000005b6da8] __driver_attach+0x88/0xa0
 [00000000005b4df4] bus_for_each_dev+0x54/0xa0
 [00000000005b5a54] bus_add_driver+0x154/0x260
 [00000000005b7190] driver_register+0x50/0x180
 [00000000006d250c] sunsu_init+0x18c/0x1e0
 [00000000006c2668] do_one_initcall+0xe8/0x160
 [00000000006c282c] kernel_init_freeable+0x12c/0x1e0
 [0000000000603764] kernel_init+0x4/0x100
 [0000000000405f64] ret_from_syscall+0x1c/0x2c
 [0000000000000000]           (null)

1)Fix the panic;
2)Increment registered port number every successful
probe.

Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
CC: David Miller <davem@davemloft.net>
---
 drivers/tty/serial/sunsu.c |   21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller - March 1, 2013, 9:35 p.m.
From: Kirill Tkhai <tkhai@yandex.ru>
Date: Sun, 24 Feb 2013 13:01:15 +0400

> If a machine has X (X < 4) sunsu ports and cmdline
> option "console=ttySY" is passed, where X < Y <= 4,
> than the following panic happens:
> 
> Unable to handle kernel NULL pointer dereference
> TPC: <sunsu_console_setup+0x78/0xe0>
> RPC: <sunsu_console_setup+0x74/0xe0>
> I7: <register_console+0x378/0x3e0>
> Call Trace:
>  [0000000000453a38] register_console+0x378/0x3e0
>  [0000000000576fa0] uart_add_one_port+0x2e0/0x340
>  [000000000057af40] su_probe+0x160/0x2e0
>  [00000000005b8a4c] platform_drv_probe+0xc/0x20
>  [00000000005b6c2c] driver_probe_device+0x12c/0x220
>  [00000000005b6da8] __driver_attach+0x88/0xa0
>  [00000000005b4df4] bus_for_each_dev+0x54/0xa0
>  [00000000005b5a54] bus_add_driver+0x154/0x260
>  [00000000005b7190] driver_register+0x50/0x180
>  [00000000006d250c] sunsu_init+0x18c/0x1e0
>  [00000000006c2668] do_one_initcall+0xe8/0x160
>  [00000000006c282c] kernel_init_freeable+0x12c/0x1e0
>  [0000000000603764] kernel_init+0x4/0x100
>  [0000000000405f64] ret_from_syscall+0x1c/0x2c
>  [0000000000000000]           (null)
> 
> 1)Fix the panic;
> 2)Increment registered port number every successful
> probe.
> 
> Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>

Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/tty/serial/sunsu.c b/drivers/tty/serial/sunsu.c
index e343d66..451687c 100644
--- a/drivers/tty/serial/sunsu.c
+++ b/drivers/tty/serial/sunsu.c
@@ -968,6 +968,7 @@  static struct uart_ops sunsu_pops = {
 #define UART_NR	4
 
 static struct uart_sunsu_port sunsu_ports[UART_NR];
+static int nr_inst; /* Number of already registered ports */
 
 #ifdef CONFIG_SERIO
 
@@ -1337,13 +1338,8 @@  static int __init sunsu_console_setup(struct console *co, char *options)
 	printk("Console: ttyS%d (SU)\n",
 	       (sunsu_reg.minor - 64) + co->index);
 
-	/*
-	 * Check whether an invalid uart number has been specified, and
-	 * if so, search for the first available port that does have
-	 * console support.
-	 */
-	if (co->index >= UART_NR)
-		co->index = 0;
+	if (co->index > nr_inst)
+		return -ENODEV;
 	port = &sunsu_ports[co->index].port;
 
 	/*
@@ -1408,7 +1404,6 @@  static enum su_type su_get_type(struct device_node *dp)
 
 static int su_probe(struct platform_device *op)
 {
-	static int inst;
 	struct device_node *dp = op->dev.of_node;
 	struct uart_sunsu_port *up;
 	struct resource *rp;
@@ -1418,16 +1413,16 @@  static int su_probe(struct platform_device *op)
 
 	type = su_get_type(dp);
 	if (type == SU_PORT_PORT) {
-		if (inst >= UART_NR)
+		if (nr_inst >= UART_NR)
 			return -EINVAL;
-		up = &sunsu_ports[inst];
+		up = &sunsu_ports[nr_inst];
 	} else {
 		up = kzalloc(sizeof(*up), GFP_KERNEL);
 		if (!up)
 			return -ENOMEM;
 	}
 
-	up->port.line = inst;
+	up->port.line = nr_inst;
 
 	spin_lock_init(&up->port.lock);
 
@@ -1461,6 +1456,8 @@  static int su_probe(struct platform_device *op)
 		}
 		dev_set_drvdata(&op->dev, up);
 
+		nr_inst++;
+
 		return 0;
 	}
 
@@ -1488,7 +1485,7 @@  static int su_probe(struct platform_device *op)
 
 	dev_set_drvdata(&op->dev, up);
 
-	inst++;
+	nr_inst++;
 
 	return 0;