From patchwork Mon Apr 2 14:31:03 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lee Jones X-Patchwork-Id: 7573 Return-Path: X-Original-To: patchwork@peony.canonical.com Delivered-To: patchwork@peony.canonical.com Received: from fiordland.canonical.com (fiordland.canonical.com [91.189.94.145]) by peony.canonical.com (Postfix) with ESMTP id 3DDC623E47 for ; Mon, 2 Apr 2012 14:31:12 +0000 (UTC) Received: from mail-iy0-f180.google.com (mail-iy0-f180.google.com [209.85.210.180]) by fiordland.canonical.com (Postfix) with ESMTP id E3675A1813C for ; Mon, 2 Apr 2012 14:31:11 +0000 (UTC) Received: by iage36 with SMTP id e36so5965059iag.11 for ; Mon, 02 Apr 2012 07:31:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-forwarded-to:x-forwarded-for:delivered-to:received-spf:from:to:cc :subject:date:message-id:x-mailer:x-gm-message-state; bh=79EJz+DFuB1Cc+LYY74x817vqqH0U+b9ztAbVyod0+I=; b=Ay5foiQ2caZcZO63KxWwOHevyLfa3Pz77fg1kmjmdiMZK34QnESsgXuRHw0BKzPQwk SvkrkXEiLiVm6X3i5UIBdVcMuMQeD8PDm/uCayiwjz0vJZooZr1s4qJqKIj8FQU1kX9r tijXQw9DXUs+bLHVCzi0sESa+OklTuk/16xEWSa+r2L8O+g8ULOLwYBn2+f5DZRWixp6 RxRk0+UZNokdo+NZDVH0tXVsImEDk1VEHPz4vhAglRoD1xk+5sKtqIGx2/rAH8ytGTPE KTGYCJrx3TNfyjUPrT4je9E8te0Pw4I938RRfvT7FdBOBSYPOkyxf9Dh3PGrO39uLi6h Cm1Q== Received: by 10.50.42.132 with SMTP id o4mr5648583igl.41.1333377071369; Mon, 02 Apr 2012 07:31:11 -0700 (PDT) X-Forwarded-To: linaro-patchwork@canonical.com X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com Delivered-To: patches@linaro.org Received: by 10.231.5.205 with SMTP id 13csp113723ibw; Mon, 2 Apr 2012 07:31:10 -0700 (PDT) Received: by 10.180.88.164 with SMTP id bh4mr25947423wib.22.1333377069265; Mon, 02 Apr 2012 07:31:09 -0700 (PDT) Received: from mail-we0-f178.google.com (mail-we0-f178.google.com [74.125.82.178]) by mx.google.com with ESMTPS id j20si18747749wed.116.2012.04.02.07.31.08 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Apr 2012 07:31:09 -0700 (PDT) Received-SPF: neutral (google.com: 74.125.82.178 is neither permitted nor denied by best guess record for domain of lee.jones@linaro.org) client-ip=74.125.82.178; Authentication-Results: mx.google.com; spf=neutral (google.com: 74.125.82.178 is neither permitted nor denied by best guess record for domain of lee.jones@linaro.org) smtp.mail=lee.jones@linaro.org Received: by wera13 with SMTP id a13so2355119wer.37 for ; Mon, 02 Apr 2012 07:31:08 -0700 (PDT) Received: by 10.180.105.69 with SMTP id gk5mr30744559wib.3.1333377068631; Mon, 02 Apr 2012 07:31:08 -0700 (PDT) Received: from localhost.localdomain (cpc1-aztw13-0-0-cust473.18-1.cable.virginmedia.com. [77.102.241.218]) by mx.google.com with ESMTPS id n8sm55846402wix.10.2012.04.02.07.31.07 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Apr 2012 07:31:07 -0700 (PDT) From: Lee Jones To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, Lee Jones Subject: [PATCH 1/2] serial: PL011: Repair NULL pointer dereference Date: Mon, 2 Apr 2012 15:31:03 +0100 Message-Id: <1333377064-8093-1-git-send-email-lee.jones@linaro.org> X-Mailer: git-send-email 1.7.5.4 X-Gm-Message-State: ALoCoQlo5NhNzZiradfwllCrl6fyHeQezSuReCnU+WoJ6/Txna01OHJCKMcydrYNNcARwccxP0AC The pl011 driver attempts to mask and clear UART interrupts at probe time, which subsequently fail with a NULL pointer dereference error. This is due to 'uap->port.membase' being used uninitialised. This patch moves the offending lines to a point of post-initialisation. Signed-off-by: Lee Jones --- drivers/tty/serial/amba-pl011.c | 9 +++++---- 1 files changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c index 0c65c9e..b5c1f0f 100644 --- a/drivers/tty/serial/amba-pl011.c +++ b/drivers/tty/serial/amba-pl011.c @@ -1946,10 +1946,6 @@ static int pl011_probe(struct amba_device *dev, const struct amba_id *id) goto unmap; } - /* Ensure interrupts from this UART are masked and cleared */ - writew(0, uap->port.membase + UART011_IMSC); - writew(0xffff, uap->port.membase + UART011_ICR); - uap->vendor = vendor; uap->lcrh_rx = vendor->lcrh_rx; uap->lcrh_tx = vendor->lcrh_tx; @@ -1965,6 +1961,11 @@ static int pl011_probe(struct amba_device *dev, const struct amba_id *id) uap->port.ops = &amba_pl011_pops; uap->port.flags = UPF_BOOT_AUTOCONF; uap->port.line = i; + + /* Ensure interrupts from this UART are masked and cleared */ + writew(0, uap->port.membase + UART011_IMSC); + writew(0xffff, uap->port.membase + UART011_ICR); + pl011_dma_probe(uap); snprintf(uap->type, sizeof(uap->type), "PL011 rev%u", amba_rev(dev));