| Message ID | 20200117143526.5048-1-johan@kernel.org (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 9715a43eea77e42678a1002623f2d9a78f5b81a1 |
| Headers | show |
| Series | [v2] USB: serial: quatech2: handle unbound ports | expand |
On Fri, Jan 17, 2020 at 03:35:26PM +0100, Johan Hovold wrote: > Check for NULL port data in the modem- and line-status handlers to avoid > dereferencing a NULL pointer in the unlikely case where a port device > isn't bound to a driver (e.g. after an allocation failure on port > probe). > > Note that the other (stubbed) event handlers qt2_process_xmit_empty() > and qt2_process_flush() would need similar sanity checks in case they > are ever implemented. > > Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver") > Cc: stable <stable@vger.kernel.org> # 3.5 > Signed-off-by: Johan Hovold <johan@kernel.org> > --- > > v2 > - move sanity checks to where the actual dereferences take place > - drop sanity checks from the stubbed event handlers Looks good, thanks for the rewrite: Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/usb/serial/quatech2.c b/drivers/usb/serial/quatech2.c index a62981ca7a73..f93b81a297d6 100644 --- a/drivers/usb/serial/quatech2.c +++ b/drivers/usb/serial/quatech2.c @@ -841,7 +841,10 @@ static void qt2_update_msr(struct usb_serial_port *port, unsigned char *ch) u8 newMSR = (u8) *ch; unsigned long flags; + /* May be called from qt2_process_read_urb() for an unbound port. */ port_priv = usb_get_serial_port_data(port); + if (!port_priv) + return; spin_lock_irqsave(&port_priv->lock, flags); port_priv->shadowMSR = newMSR; @@ -869,7 +872,10 @@ static void qt2_update_lsr(struct usb_serial_port *port, unsigned char *ch) unsigned long flags; u8 newLSR = (u8) *ch; + /* May be called from qt2_process_read_urb() for an unbound port. */ port_priv = usb_get_serial_port_data(port); + if (!port_priv) + return; if (newLSR & UART_LSR_BI) newLSR &= (u8) (UART_LSR_OE | UART_LSR_BI);
Check for NULL port data in the modem- and line-status handlers to avoid dereferencing a NULL pointer in the unlikely case where a port device isn't bound to a driver (e.g. after an allocation failure on port probe). Note that the other (stubbed) event handlers qt2_process_xmit_empty() and qt2_process_flush() would need similar sanity checks in case they are ever implemented. Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver") Cc: stable <stable@vger.kernel.org> # 3.5 Signed-off-by: Johan Hovold <johan@kernel.org> --- v2 - move sanity checks to where the actual dereferences take place - drop sanity checks from the stubbed event handlers drivers/usb/serial/quatech2.c | 6 ++++++ 1 file changed, 6 insertions(+)