* [PATCH v2] USB: serial: quatech2: handle unbound ports
@ 2020-01-17 14:35 Johan Hovold
2020-01-17 15:02 ` Greg Kroah-Hartman
0 siblings, 1 reply; 2+ messages in thread
From: Johan Hovold @ 2020-01-17 14:35 UTC (permalink / raw)
To: Johan Hovold; +Cc: Greg Kroah-Hartman, linux-usb, stable
Check for NULL port data in the modem- and line-status handlers to avoid
dereferencing a NULL pointer in the unlikely case where a port device
isn't bound to a driver (e.g. after an allocation failure on port
probe).
Note that the other (stubbed) event handlers qt2_process_xmit_empty()
and qt2_process_flush() would need similar sanity checks in case they
are ever implemented.
Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver")
Cc: stable <stable@vger.kernel.org> # 3.5
Signed-off-by: Johan Hovold <johan@kernel.org>
---
v2
- move sanity checks to where the actual dereferences take place
- drop sanity checks from the stubbed event handlers
drivers/usb/serial/quatech2.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/usb/serial/quatech2.c b/drivers/usb/serial/quatech2.c
index a62981ca7a73..f93b81a297d6 100644
--- a/drivers/usb/serial/quatech2.c
+++ b/drivers/usb/serial/quatech2.c
@@ -841,7 +841,10 @@ static void qt2_update_msr(struct usb_serial_port *port, unsigned char *ch)
u8 newMSR = (u8) *ch;
unsigned long flags;
+ /* May be called from qt2_process_read_urb() for an unbound port. */
port_priv = usb_get_serial_port_data(port);
+ if (!port_priv)
+ return;
spin_lock_irqsave(&port_priv->lock, flags);
port_priv->shadowMSR = newMSR;
@@ -869,7 +872,10 @@ static void qt2_update_lsr(struct usb_serial_port *port, unsigned char *ch)
unsigned long flags;
u8 newLSR = (u8) *ch;
+ /* May be called from qt2_process_read_urb() for an unbound port. */
port_priv = usb_get_serial_port_data(port);
+ if (!port_priv)
+ return;
if (newLSR & UART_LSR_BI)
newLSR &= (u8) (UART_LSR_OE | UART_LSR_BI);
--
2.24.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] USB: serial: quatech2: handle unbound ports
2020-01-17 14:35 [PATCH v2] USB: serial: quatech2: handle unbound ports Johan Hovold
@ 2020-01-17 15:02 ` Greg Kroah-Hartman
0 siblings, 0 replies; 2+ messages in thread
From: Greg Kroah-Hartman @ 2020-01-17 15:02 UTC (permalink / raw)
To: Johan Hovold; +Cc: linux-usb, stable
On Fri, Jan 17, 2020 at 03:35:26PM +0100, Johan Hovold wrote:
> Check for NULL port data in the modem- and line-status handlers to avoid
> dereferencing a NULL pointer in the unlikely case where a port device
> isn't bound to a driver (e.g. after an allocation failure on port
> probe).
>
> Note that the other (stubbed) event handlers qt2_process_xmit_empty()
> and qt2_process_flush() would need similar sanity checks in case they
> are ever implemented.
>
> Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver")
> Cc: stable <stable@vger.kernel.org> # 3.5
> Signed-off-by: Johan Hovold <johan@kernel.org>
> ---
>
> v2
> - move sanity checks to where the actual dereferences take place
> - drop sanity checks from the stubbed event handlers
Looks good, thanks for the rewrite:
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-01-17 15:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-17 14:35 [PATCH v2] USB: serial: quatech2: handle unbound ports Johan Hovold
2020-01-17 15:02 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).