kernel/linux.git/drivers/tty/rocket.c, branch v4.14.263

tty: rocket, avoid OOB access

2020-05-02T15:24:30+00:00

commit 7127d24372bf23675a36edc64d092dc7fd92ebe8 upstream. init_r_port can access pc104 array out of bounds. pc104 is a 2D array defined to have 4 members. Each member has 8 submembers. * we can have more than 4 (PCI) boards, i.e. [board] can be OOB * line is not modulo-ed by anything, so the first line on the second board can be 4, on the 3rd 12 or alike (depending on previously registered boards). It's zero only on the first line of the first board. So even [line] can be OOB, quite soon (with the 2nd registered board already). This code is broken for ages, so just avoid the OOB accesses and don't try to fix it as we would need to find out the correct line number. Use the default: RS232, if we are out. Generally, if anyone needs to set the interface types, a module parameter is past the last thing that should be used for this purpose. The parameters' description says it's for ISA cards anyway. Signed-off-by: Jiri Slaby Cc: stable Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Link: https://lore.kernel.org/r/20200417105959.15201-2-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman Signed-off-by: Greg Kroah-Hartman

tty: rocket: fix incorrect forward declaration of 'rp_init()'

2019-07-10T07:54:42+00:00

[ Upstream commit 423ea3255424b954947d167681b71ded1b8fca53 ] Make the forward declaration actually match the real function definition, something that previous versions of gcc had just ignored. This is another patch to fix new warnings from gcc-9 before I start the merge window pulls. I don't want to miss legitimate new warnings just because my system update brought a new compiler with new warnings. Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin

tty: rocket: Fix possible buffer overwrite on register_PCI

2018-09-19T20:43:40+00:00

[ Upstream commit 0419056ec8fd01ddf5460d2dba0491aad22657dd ] If number of isa and pci boards exceed NUM_BOARDS on the path rp_init()->init_PCI()->register_PCI() then buffer overwrite occurs in register_PCI() on assign rcktpt_io_addr[i]. The patch adds check on upper bound for index of registered board in register_PCI. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Anton Vasilyev Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman

tty: rocket: drop broken alt-speed support

2017-06-13T09:49:58+00:00

Setting an alt_speed using the ROCKET_SPD flags has been deprecated since v2.1.69, and has been broken since commit 6865ff222cca ("TTY: do not warn about setting speed via SPD_*") without anyone noticing. To make things worse commit 6df3526b6649 ("rocket: first pass at termios reporting") in v2.6.25 started reporting back the actual baud rate used, something which also required 38400 to again be set whenever changing a SPD flag. Drop the broken alt-speed handling altogether, and add a ratelimited warning about using TIOCCSERIAL to change speed as being deprecated. Note that the rocket driver has never supported using a custom divisor (ASYNC_SPD_CUST equivalent). Signed-off-by: Johan Hovold Reviewed-by: Andy Shevchenko Reviewed-by: Alan Cox Signed-off-by: Greg Kroah-Hartman

Annotate hardware config module parameters in drivers/tty/

2017-04-20T11:02:32+00:00

When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this includes prohibiting access to things like /dev/mem, it must also prevent access by means of configuring driver modules in such a way as to cause a device to access or modify the kernel image. To this end, annotate module_param* statements that refer to hardware configuration and indicate for future reference what type of parameter they specify. The parameter parser in the core sees this information and can skip such parameters with an error message if the kernel is locked down. The module initialisation then runs as normal, but just sees whatever the default values for those parameters is. Note that we do still need to do the module initialisation because some drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. This patch annotates drivers in drivers/tty/. Suggested-by: Alan Cox Signed-off-by: David Howells Acked-by: Greg Kroah-Hartman cc: Jiri Slaby cc: linux-serial@vger.kernel.org

tty: rocket: fix invalid user-pointer checks

2016-11-10T13:41:25+00:00

Drop invalid user-pointer checks from custom ioctl handlers. A NULL-pointer can be valid in user space and copy_to_user() takes care of sanity checking. Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman

TTY: add __init attribute

2016-04-30T16:26:55+00:00

Add __init attribute on a function that is only called from other __init functions and that is not inlined, at least with gcc version 4.8.4 on an x86 machine with allyesconfig. Currently, the function is put in the .text.unlikely segment. Declaring it as __init will cause it to be put in the .init.text and to disappear after initialization. The result of objdump -x on the function before the change is as follows: 000000000000014c l F .text.unlikely 0000000000000a2e init_r_port And after the change it is as follows: 0000000000000000 l F .init.text 0000000000000a29 init_r_port Done with the help of Coccinelle. The semantic patch checks for local static non-init functions that are called from an __init function and are not called from any other function. Signed-off-by: Julia Lawall Signed-off-by: Greg Kroah-Hartman

tty: Replace ASYNC_INITIALIZED bit and update atomically

2016-04-30T16:26:55+00:00

Replace ASYNC_INITIALIZED bit in the tty_port::flags field with TTY_PORT_INITIALIZED bit in the tty_port::iflags field. Introduce helpers tty_port_set_initialized() and tty_port_initialized() to abstract atomic bit ops. Note: the transforms for test_and_set_bit() and test_and_clear_bit() are unnecessary as the state transitions are already mutually exclusive; the tty lock prevents concurrent open/close/hangup. Signed-off-by: Peter Hurley Signed-off-by: Greg Kroah-Hartman

tty: Replace ASYNC_NORMAL_ACTIVE bit and update atomically

2016-04-30T16:26:55+00:00

Replace ASYNC_NORMAL_ACTIVE bit in the tty_port::flags field with TTY_PORT_ACTIVE bit in the tty_port::iflags field. Introduce helpers tty_port_set_active() and tty_port_active() to abstract atomic bit ops. Extract state changes from port lock sections, as this usage is broken and confused; the state transitions are protected by the tty lock (which mutually excludes parallel open/close/hangup), and no user tests the active state while holding the port lock. Signed-off-by: Peter Hurley Signed-off-by: Greg Kroah-Hartman

tty: Remove ASYNC_CLOSING

2016-01-28T22:19:12+00:00

The tty core no longer provides nor uses ASYNC_CLOSING; remove from tty_port_close_start() and tty_port_close_end() as well as tty drivers which open-code these state changes. Unfortunately, even though the bit is masked from userspace, its inclusion in a uapi header precludes removing the macro. Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: linux-s390@vger.kernel.org Cc: Mikael Starvik Cc: Jesper Nilsson Cc: linux-cris-kernel@axis.com Cc: Samuel Ortiz Cc: "David S. Miller" Signed-off-by: Peter Hurley Signed-off-by: Greg Kroah-Hartman