linux

History

Taku Izumi fdc30b3d44 Fix possible NULL pointer access in 8250 serial driver I encountered the following kernel panic. The cause of this problem was NULL pointer access in check_modem_status() in 8250.c. I confirmed this problem is fixed by the attached patch, but I don't know this is the correct fix. sadc[4378]: NaT consumption 2216203124768 [1] Modules linked in: binfmt_misc dm_mirror dm_mod thermal processor fan container button sg e100 eepro100 mii ehci_hcd ohci_hcd Pid: 4378, CPU 0, comm: sadc psr : 00001210085a2010 ifs : 8000000000000289 ip : [<a000000100482071>] Not tainted ip is at check_modem_status+0xf1/0x360 Call Trace: [<a000000100013940>] show_stack+0x40/0xa0 [<a0000001000145a0>] show_regs+0x840/0x880 [<a0000001000368e0>] die+0x1c0/0x2c0 [<a000000100036a30>] die_if_kernel+0x50/0x80 [<a000000100037c40>] ia64_fault+0x11e0/0x1300 [<a00000010000bdc0>] ia64_leave_kernel+0x0/0x280 [<a000000100482070>] check_modem_status+0xf0/0x360 [<a000000100482300>] serial8250_get_mctrl+0x20/0xa0 [<a000000100478170>] uart_read_proc+0x250/0x860 [<a0000001001c16d0>] proc_file_read+0x1d0/0x4c0 [<a0000001001394b0>] vfs_read+0x1b0/0x300 [<a000000100139cd0>] sys_read+0x70/0xe0 [<a00000010000bc20>] ia64_ret_from_syscall+0x0/0x20 [<a000000000010620>] __kernel_syscall_via_break+0x0/0x20 Fix the possible NULL pointer access in check_modem_status() in 8250.c. The check_modem_status() would access 'info' member of uart_port structure, but it is not initialized before uart_open() is called. The check_modem_status() can be called through /proc/tty/driver/serial before uart_open() is called. Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com> Signed-off-by: Taku Izumi <izumi2005@soft.fujitsu.com> Cc: Russell King <rmk@arm.linux.org.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>		2007-04-24 08:23:07 -07:00
..
acorn	[ARM] Acorn: move the i2c bus driver into drivers/i2c	2007-03-04 20:40:50 +00:00
acpi	Revert "ACPI: parse 2nd MADT by default"	2007-03-30 14:16:10 -04:00
amba
ata	pata_sis: Fix oops on boot	2007-04-19 19:20:52 -04:00
atm	[PATCH] zatm __init abuse	2007-03-14 15:27:49 -07:00
auxdisplay
base	[PATCH] PM: use kobject_name() to access kobject names	2007-04-11 15:39:39 -07:00
block	[PATCH] cciss: unregister from SCSI before tearing down device resources	2007-04-12 15:31:42 -07:00
bluetooth	[Bluetooth] Make use of MODULE_FIRMWARE	2007-02-26 11:42:42 -08:00
cdrom	[PATCH] Fix soft lockup with iSeries viocd driver	2007-03-05 07:57:51 -08:00
char	fix bogon in /dev/mem mmap'ing on nommu	2007-04-17 16:36:27 -07:00
clocksource	[PATCH] correct slow acpi_pm rating	2007-03-27 09:05:15 -07:00
connector	[CONNECTOR]: Bugfix for cn_call_callback()	2007-03-07 16:08:08 -08:00
cpufreq	[PATCH] Fix maxcpus=1 trigerring BUG() in cpufreq	2007-03-27 08:55:56 -07:00
crypto	[PATCH] geode-aes: use unsigned long for spin_lock_irqsave	2007-03-06 09:30:25 -08:00
dio
dma	[PATCH] rm pointless dmaengine exports	2007-03-16 19:25:03 -07:00
edac
eisa	[PATCH] drivers/eisa/pci_eisa.c:pci_eisa_init() should be init	2007-03-27 09:05:15 -07:00
fc4
firmware
hid	HID: Do not discard truncated input reports	2007-04-05 16:06:30 +02:00
hwmon	hwmon/w83627ehf: Fix the fan5 clock divider write	2007-04-17 16:36:27 -07:00
i2c	Minor bug fixes to i2c-pasemi	2007-04-17 16:36:28 -07:00
ide	ide/Kconfig: add missing range check for IDE_MAX_HWIFS	2007-04-20 22:16:58 +02:00
ieee1394	ieee1394: change deprecation status of dv1394	2007-04-09 18:52:27 +02:00
infiniband	IB/mthca: Fix data corruption after FMR unmap on Sinai	2007-04-16 14:10:55 -07:00
input	[PATCH] Input: ucb1400 - set up driver's name to show in sysfs	2007-04-10 17:26:33 -07:00
isdn	[PATCH] drivers/isdn/gigaset: mark some static data as const (v2)	2007-03-29 08:22:25 -07:00
kvm	KVM: Fix off-by-one when writing to a nonpae guest pde	2007-04-19 18:39:26 +03:00
leds
macintosh	drivers/macintosh/smu.c: fix locking snafu	2007-04-17 16:36:27 -07:00
mca
md	[PATCH] md: fix calculation for size of filemap_attr array in md/bitmap	2007-04-12 15:31:42 -07:00
media	DVB: dvb-usb-remote - fix oops when changing keymap	2007-04-13 18:35:39 -07:00
message	Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6	2007-03-27 10:06:30 -07:00
mfd	[PATCH] drivers/mfd/sm501.c: fix an off-by-one	2007-04-02 10:06:08 -07:00
misc	asus-laptop: make code static	2007-03-09 21:06:40 -05:00
mmc	[ARM] 4256/1: i.MX/MX1 SDHC fix/workaround of SD card recognition problems	2007-03-12 16:49:37 +00:00
mtd	[MTD] [OneNAND] Classify the page data and oob buffer	2007-03-09 08:08:09 +00:00
net	Add missing USRobotics Wireless Adapter (Model 5423) id into zd1211rw	2007-04-23 11:20:00 -07:00
nubus
oprofile	[PATCH] oprofile: fix potential deadlock on oprofilefs_lock	2007-03-28 13:58:02 -07:00
parisc	Merge master.kernel.org:/pub/scm/linux/kernel/git/kyle/parisc-2.6	2007-02-26 12:48:06 -08:00
parport
pci	[PATCH] msi: synchronously mask and unmask msi-x irqs.	2007-04-03 14:02:49 -07:00
pcmcia	[PATCH] omap_cf: oops-on-suspend fix	2007-04-08 19:47:55 -07:00
pnp	[PATCH] Correctly report PnP 64bit resources	2007-04-02 10:06:08 -07:00
ps3	[PATCH] C99 initializers, proper use of const in drivers/ps3	2007-03-14 15:27:50 -07:00
rapidio
rtc	[PATCH] rtc-cmos lockdep fix, irq updates	2007-04-02 10:06:09 -07:00
s390	[S390] cio: Fix handling of interrupt for csch().	2007-04-04 14:37:39 +02:00
sbus	[SBUS] vfc_dev.c: kzalloc	2007-04-21 15:29:17 -07:00
scsi	Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6	2007-04-14 21:41:12 -07:00
serial	Fix possible NULL pointer access in 8250 serial driver	2007-04-24 08:23:07 -07:00
sh
sn
spi	spi: fix use of set_cs in spi_s3c24xx driver	2007-04-17 16:36:27 -07:00
tc	[PATCH] Fix build error on zs serial driver	2007-04-04 21:12:47 -07:00
telephony
usb	USB: Nikon D80 unusual device patch	2007-04-11 10:44:15 -07:00
video	[VIDEO]: Fix section mismatch in cg3.c	2007-03-28 12:50:56 -07:00
w1
zorro
Kconfig
Makefile