linux/drivers/tty/serial
Rob Herring d0f4bce2bc tty: serial_core: fix NULL struct tty pointer access in uart_write_wakeup
Since commit 761ed4a945 ("tty: serial_core: convert uart_close to
use tty_port_close"), the serial console is broken on various systems
and typing "reboot" splats the following on the serial console:

INIT: Sending p[  427.863916] BUG: unable to handle kernel NULL pointer dereference at 00000000000001e0
[  427.885156] IP: [] tty_wakeup+0xc/0x70
[  427.898337] PGD 0 [  427.902051]
[  427.907498] Oops: 0000 [#1] PREEMPT SMP
[  427.917635] Modules linked in: nfsv3 nfs_acl nfs fscache lockd
sunrpc grace edd af_packet cpufreq_conservative cpufreq_userspace
cpufreq_powersave fuse loop md_mod dm_mod joydev hid_generic usbhid
ipmi_ssif ohci_pci ohci_hcd ehci_pci ehci_hcd e1000e ptp firewire_ohci
edac_core pps_core tpm_infineon sp5100_tco firewire_core acpi_cpufreq
serio_raw pcspkr fjes usbcore shpchp edac_mce_amd tpm_tis ipmi_si
tpm_tis_core i2c_piix4 k10temp sg ipmi_msghandler tpm sr_mod button
cdrom kvm_amd kvm irqbypass crc_itu_t ast ttm drm_kms_helper drm
fb_sys_fops sysimgblt sysfillrect syscopyarea i2c_algo_bit scsi_dh_rdac
scsi_dh_alua scsi_dh_emc scsi_dh_hp_sw ata_generic pata_atiixp
[  428.054179] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.0-rc1-1.g73e3f23-default #1
[  428.072868] Hardware name: System manufacturer System Product Name/KGP(M)E-D16, BIOS 0902    12/03/2010
[  428.094755] task: ffffffffa2c0d500 task.stack: ffffffffa2c00000
[  428.109717] RIP: 0010:[]  [] tty_wakeup+0xc/0x70
[  428.128407] RSP: 0018:ffff9a1a5fc03df8  EFLAGS: 00010086
[  428.142184] RAX: ffff9a1857258000 RBX: ffffffffa3050ea0 RCX: 0000000000000000
[  428.159649] RDX: 000000000000001b RSI: 0000000000000000 RDI: 0000000000000000
[  428.177109] RBP: ffff9a1a5fc03e08 R08: 0000000000000000 R09: 0000000000000000
[  428.194547] R10: 0000000000021c77 R11: 0000000000000000 R12: ffff9a1857258000
[  428.212002] R13: 0000000000000000 R14: 0000000000000020 R15: 0000000000000020
[  428.229481] FS:  0000000000000000(0000) GS:ffff9a1a5fc00000(0000) knlGS:0000000000000000
[  428.248938] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  428.263726] CR2: 00000000000001e0 CR3: 0000000390c06000 CR4: 00000000000006f0
[  428.281331] Stack:
[  428.288696]  ffffffffa3050ea0 ffff9a1857258000 ffff9a1a5fc03e18 ffffffffa24e0ab1
[  428.307064]  ffff9a1a5fc03e40 ffffffffa24e8865 ffffffffa3050ea0 00000000000000c2
[  428.325456]  0000000000000046 ffff9a1a5fc03e78 ffffffffa24e8a5f ffffffffa3050ea0
[  428.343905] Call Trace:
[  428.352319]   [  428.356216]  [] uart_write_wakeup+0x21/0x30

The problem is for console ports, the serial port is not shutdown and
interrupts may fire after the struct tty is gone. Simply calling the
tty_port helper tty_port_tty_wakeup instead of tty_wakeup directly will
ensure there is a valid struct tty.

Fixes: 761ed4a945 ("tty: serial_core: convert uart_close to use tty_port_close")
Reported-by: Borislav Petkov <bp@alien8.de>
Reported-by: Mike Galbraith <mgalbraith@suse.de>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-serial@vger.kernel.org
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-10-28 08:13:07 -04:00
..
8250 tty: serial: 8250: 8250_core: NXP SC16C2552 workaround 2016-10-27 16:41:56 +02:00
cpm_uart tty: serial: cpm_uart: Fix module autoload for OF platform driver 2015-10-04 19:09:21 +01:00
jsm tty: serial: jsm_tty: constify uart_ops structures 2016-09-02 15:01:16 +02:00
21285.c
Kconfig serial: SERIAL_STM32 should depend on HAS_DMA 2016-10-27 16:00:31 +02:00
Makefile TTY and Serial driver update for 4.7-rc1 2016-05-20 20:57:27 -07:00
altera_jtaguart.c serial: altera: constify uart_ops structures 2016-09-02 15:01:16 +02:00
altera_uart.c serial: altera: constify uart_ops structures 2016-09-02 15:01:16 +02:00
amba-pl010.c
amba-pl011.c Revert "serial: pl011: add console matching function" 2016-09-30 07:46:35 +02:00
amba-pl011.h tty: amba-pl011: clean up LCR register offsets 2015-12-13 19:59:48 -08:00
apbuart.c tty: serial: apbuart: Fix module autoload for OF platform driver 2015-10-04 19:09:21 +01:00
apbuart.h
ar933x_uart.c tree-wide: replace config_enabled() with IS_ENABLED() 2016-08-04 08:50:07 -04:00
arc_uart.c serial/arc: constify uart_ops structures 2016-09-01 21:05:41 +02:00
atmel_serial.c tty/serial: at91: fix hardware handshake on Atmel platforms 2016-10-28 08:10:48 -04:00
bcm63xx_uart.c serial/bcm63xx_uart: constify uart_ops structures 2016-09-02 15:01:16 +02:00
bfin_sport_uart.c
bfin_sport_uart.h
bfin_uart.c serial:bfin-uart:Remove 'struct timeval' 2015-12-13 19:59:48 -08:00
clps711x.c serial: clps711x: Changing the compatibility string to match with the smallest supported chip 2016-07-06 17:38:16 +02:00
crisv10.c tty: Replace ASYNC_INITIALIZED bit and update atomically 2016-04-30 09:26:55 -07:00
crisv10.h
digicolor-usart.c tty/serial: digicolor: Fix bad usage of IS_ERR_VALUE 2016-02-14 17:39:36 -08:00
dz.c
dz.h
earlycon-arm-semihost.c tty/serial: mark __init early_smh_setup() static 2016-09-02 15:03:35 +02:00
earlycon.c ACPI: parse SPCR and enable matching console 2016-09-28 17:46:46 +02:00
efm32-uart.c
etraxfs-uart.c serial: etraxfs-uart: Fix crash 2015-11-20 16:19:54 -08:00
fsl_lpuart.c tty: serial: fsl_lpuart: Fix Tx DMA edge case 2016-10-27 16:41:56 +02:00
icom.c tty: Remove unused SERIAL_DO_RESTART define 2015-12-13 19:59:48 -08:00
icom.h
ifx6x60.c TTY: serial/ifx6x60, initialize more 2016-04-30 09:26:55 -07:00
ifx6x60.h
imx.c serial: imx: Fix DCD reading 2016-09-27 12:55:27 +02:00
ioc3_serial.c
ioc4_serial.c
ip22zilog.c
ip22zilog.h
kgdb_nmi.c
kgdboc.c
lantiq.c drivers/tty: make serial/lantic.c driver explicitly non-modular 2015-07-23 18:27:41 -07:00
lpc32xx_hs.c tty: serial: lpc32xx_hs: fix handling platform_get_irq result 2015-10-04 19:09:21 +01:00
m32r_sio.c serial: m32r_sio: make it explicitly non-modular 2016-06-25 14:00:06 -07:00
m32r_sio_reg.h
max310x.c serial: max310x: Set IRQF_TRIGGER_FALLING flag when dev.of_node is not NULL 2016-09-15 12:35:49 +02:00
max3100.c tty: serial: constify uart_ops structures 2016-09-02 15:01:16 +02:00
mcf.c
men_z135_uart.c tty: serial: constify uart_ops structures 2016-09-02 15:01:16 +02:00
meson_uart.c tty: serial: meson: Implement earlycon support 2016-04-30 09:26:55 -07:00
mpc52xx_uart.c tty: serial: constify psc_ops structs 2016-02-06 22:31:47 -08:00
mps2-uart.c serial: mps2-uart: make driver explicitly non-modular 2016-06-25 14:01:57 -07:00
mpsc.c TTY: serial/mpsc, remove unused fields 2016-02-06 22:16:21 -08:00
msm_serial.c tty: serial: msm: fix definition of msm_stop_dma 2016-06-25 10:23:54 -07:00
mux.c parisc: serial/mux: Convert to uart_console_device instead of open-coded 2015-10-22 15:44:28 +02:00
mvebu-uart.c serial: mvebu-uart: free the IRQ in ->shutdown() 2016-06-25 14:00:06 -07:00
mxs-auart.c serial: mxs-auart: Fix missing clk_disable_unprepare() on error in mxs_get_clks() 2016-09-22 11:45:08 +02:00
netx-serial.c
omap-serial.c Merge 4.5-rc4 into tty-next 2016-02-14 14:36:04 -08:00
pch_uart.c serial: pch_uart: add terminate entry for dmi_system_id tables 2016-10-27 16:01:31 +02:00
pic32_uart.c serial: pic32_uart: Fix double free of 'sport->irq_fault_name'. 2016-06-25 13:50:53 -07:00
pic32_uart.h serial: pic32_uart: Add PIC32 UART driver 2016-05-13 14:01:56 +02:00
pmac_zilog.c TTY: serial, handle platform_get_irq retval properly 2016-06-25 09:01:52 -07:00
pmac_zilog.h
pnx8xxx_uart.c
pxa.c serial: pxa: make it explicitly non-modular 2016-06-25 14:00:06 -07:00
rp2.c
sa1100.c
samsung.c serial: samsung: Register cpufreq notifier only on S3C24xx 2016-08-31 15:39:58 +02:00
samsung.h serial: samsung: Register cpufreq notifier only on S3C24xx 2016-08-31 15:39:58 +02:00
sb1250-duart.c
sc16is7xx.c sc16is7xx: always write state when configuring GPIO as an output 2016-10-27 16:42:31 +02:00
sccnxp.c
serial-tegra.c TTY: serial, handle platform_get_irq retval properly 2016-06-25 09:01:52 -07:00
serial_core.c tty: serial_core: fix NULL struct tty pointer access in uart_write_wakeup 2016-10-28 08:13:07 -04:00
serial_ks8695.c serial: Fix ASYNC_* => UPF_* flags misuse 2016-01-28 14:17:42 -08:00
serial_mctrl_gpio.c serial: mctrl_gpio: enable API usage only for initialized mctrl_gpios struct 2016-06-25 14:30:42 -07:00
serial_mctrl_gpio.h serial: mctrl_gpio: add modem control read routine 2016-06-25 14:30:42 -07:00
serial_txx9.c
sh-sci.c tty: serial: constify uart_ops structures 2016-09-02 15:01:16 +02:00
sh-sci.h serial: sh-sci: Clear (H)SCIF timeout and overrun during reset 2016-06-25 09:09:53 -07:00
sirfsoc_uart.c serial: sirf: Use generic uart-has-rtscts DT property 2016-04-30 09:26:55 -07:00
sirfsoc_uart.h serial: sirf: make fifo functions static 2016-06-25 14:01:57 -07:00
sn_console.c drivers/tty: make serial/sn_console.c driver explicitly non-modular 2015-07-23 18:27:41 -07:00
sprd_serial.c remove lots of IS_ERR_VALUE abuses 2016-05-27 15:26:11 -07:00
st-asc.c serial: st-asc: constify uart_ops structures 2016-09-02 15:01:16 +02:00
stm32-usart.c serial: stm32: mark symbols static where possible 2016-09-27 12:55:27 +02:00
stm32-usart.h serial: stm32: Fix comparisons with undefined register 2016-10-27 16:00:31 +02:00
suncore.c drivers/tty: make serial/suncore.c driver explicitly non-modular 2015-07-23 18:27:41 -07:00
sunhv.c sparc: serial: sunhv: fix a double lock bug 2016-07-27 22:54:52 -07:00
sunsab.c
sunsab.h
sunsu.c serial/sunsu: Deinline wait_for_xmitr, save 165 bytes 2015-12-13 19:59:48 -08:00
sunzilog.c
sunzilog.h
tilegx.c
timbuart.c tty: serial: constify uart_ops structures 2016-09-02 15:01:16 +02:00
timbuart.h
uartlite.c serial-uartlite: constify uart_ops structures 2016-09-02 15:01:16 +02:00
ucc_uart.c QE-UART: add "fsl,t1040-ucc-uart" to of_device_id 2016-05-01 13:55:12 -07:00
vr41xx_siu.c
vt8500_serial.c serial: vt8500_serial: Fix a parameter of find_first_zero_bit. 2016-08-31 15:42:28 +02:00
xilinx_uartps.c serial: xuartps: Add new compatible string for ZynqMP 2016-10-27 16:00:32 +02:00
zs.c serial: zs: Fix a transmit lockup in console output 2016-02-06 23:13:30 -08:00
zs.h