linux/drivers/tty
Jiri Slaby 7bbe08d6b8 TTY: serial, stop accessing potential NULLs
The following commits:
* 6732c8bb86 (TTY: switch
  tty_schedule_flip)
* 2e124b4a39 (TTY: switch
  tty_flip_buffer_push)
* 05c7cd3990 (TTY: switch
  tty_insert_flip_string)
* 92a19f9cec (TTY: switch
  tty_insert_flip_char)
* 227434f898 (TTY: switch
  tty_buffer_request_room to tty_port)

introduced a potential NULL dereference to some drivers. In
particular, when the device is used as a console, incoming bytes can
kill the box. This is caused by removed checks for TTY against NULL.

It happened because it was unclear to me why the checks were there. I
assumed them superfluous because the interrupts were unbound or
otherwise stopped. But this is not the case for consoles for these
drivers, as was pointed out by David Miller.

Now, this patch re-introduces the checks (at this point we check
port->state, not the tty proper, as we do not care about tty pointers
anymore). For both of the drivers, we place the check below the
handling of break signal so that sysrq can actually work. (One needs
to issue a break and then sysrq key within the following 5 seconds.)

We do not change sc26xx, sunhv, and sunsu here because they behave the
same as before.  People having that hardware should fix the driver
eventually, however. They always could unconditionally dereference tty
in receive_chars, port->state in uart_handle_dcd_change, and
up->port.state->port.tty.

There is perhaps more to fix in all those drivers, but they are at
least in a state they were before.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Grant Likely <grant.likely@secretlab.ca>
Cc: Rob Herring <rob.herring@calxeda.com>
Cc: sparclinux@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-03-18 17:09:37 -07:00
..
hvc TTY: add tty_port_tty_wakeup helper 2013-03-18 16:19:45 -07:00
ipwireless tty: ipwireless: Remove redundant NULL check before kfree 2013-03-15 13:58:32 -07:00
serial TTY: serial, stop accessing potential NULLs 2013-03-18 17:09:37 -07:00
vt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
amiserial.c TTY: amiserial, use module_platform_driver_probe() 2013-03-15 13:55:23 -07:00
bfin_jtag_comm.c TTY: switch tty_flip_buffer_push 2013-01-15 22:30:15 -08:00
cyclades.c TTY: add tty_port_tty_hangup helper 2013-03-18 16:24:29 -07:00
ehv_bytechan.c TTY: add tty_port_tty_wakeup helper 2013-03-18 16:19:45 -07:00
goldfish.c goldfish: move to tty_port for flip buffers 2013-01-25 08:09:38 -08:00
isicom.c TTY: switch tty_flip_buffer_push 2013-01-15 22:30:15 -08:00
Kconfig tty: metag_da: Add metag DA TTY driver 2013-02-06 11:10:17 -08:00
Makefile tty: metag_da: Add metag DA TTY driver 2013-02-06 11:10:17 -08:00
metag_da.c tty: metag_da: avoid getting tty kref in dashtty_timer() 2013-02-06 11:10:17 -08:00
moxa.c TTY: add tty_port_tty_hangup helper 2013-03-18 16:24:29 -07:00
moxa.h tty: move a number of tty drivers from drivers/char/ to drivers/tty/ 2011-02-22 16:14:56 -08:00
mxser.c TTY: fix DTR not being dropped on hang up 2013-03-18 16:27:53 -07:00
mxser.h Fix common misspellings 2011-03-31 11:26:23 -03:00
n_gsm.c TTY: fix DTR not being dropped on hang up 2013-03-18 16:27:53 -07:00
n_hdlc.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
n_r3964.c tty: localise the lock 2012-08-10 12:55:47 -07:00
n_tracerouter.c n_tracerouter and n_tracesink ldisc additions. 2011-05-13 16:31:00 -07:00
n_tracesink.c n_tracerouter and n_tracesink ldisc additions. 2011-05-13 16:31:00 -07:00
n_tracesink.h n_tracerouter and n_tracesink ldisc additions. 2011-05-13 16:31:00 -07:00
n_tty.c n_tty: Fully initialize ldisc before restarting buffer work 2013-03-18 16:44:01 -07:00
nozomi.c TTY: add tty_port_tty_hangup helper 2013-03-18 16:24:29 -07:00
pty.c pty: Remove redundant itty reset 2013-03-15 13:00:48 -07:00
rocket_int.h tty: move a number of tty drivers from drivers/char/ to drivers/tty/ 2011-02-22 16:14:56 -08:00
rocket.c TTY: cleanup tty->hw_stopped uses 2013-03-18 16:24:30 -07:00
rocket.h tty: move a number of tty drivers from drivers/char/ to drivers/tty/ 2011-02-22 16:14:56 -08:00
synclink_gt.c TTY: synclink: Convert + to | for bit operations 2013-01-30 00:09:58 -05:00
synclink.c TTY: synclink, remove superfluous check 2013-03-18 16:17:20 -07:00
synclinkmp.c TTY: synclink: Convert + to | for bit operations 2013-01-30 00:09:58 -05:00
sysrq.c sysrq: fix inconstistent help message of sysrq key 2013-03-15 14:06:45 -07:00
tty_audit.c TTY: audit, stop accessing tty->icount 2012-10-22 16:50:54 -07:00
tty_buffer.c pps: Move timestamp read into PPS code proper 2013-02-13 10:13:58 -08:00
tty_io.c tty: Don't protect atomic operation with mutex 2013-03-18 16:46:31 -07:00
tty_ioctl.c tty: Fix recursive deadlock in tty_perform_flush() 2013-03-18 16:52:24 -07:00
tty_ldisc.c tty: Remove redundant tty_wait_until_sent() 2013-03-18 16:48:42 -07:00
tty_mutex.c tty: tty_mutex.c: Fixed coding style warning (using printk) 2012-10-24 11:34:51 -07:00
tty_port.c tty: Complete ownership transfer of flip buffers 2013-03-18 16:44:02 -07:00