From 115fd25cf5bc8acb561fef3aa28e771a9f786db3 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 12 Aug 2024 13:44:38 +0200 Subject: [PATCH] 5.10-stable patches added patches: serial-core-check-uartclk-for-zero-to-avoid-divide-by-zero.patch --- ...clk-for-zero-to-avoid-divide-by-zero.patch | 68 +++++++++++++++++++ queue-5.10/series | 1 + 2 files changed, 69 insertions(+) create mode 100644 queue-5.10/serial-core-check-uartclk-for-zero-to-avoid-divide-by-zero.patch diff --git a/queue-5.10/serial-core-check-uartclk-for-zero-to-avoid-divide-by-zero.patch b/queue-5.10/serial-core-check-uartclk-for-zero-to-avoid-divide-by-zero.patch new file mode 100644 index 00000000000..62203bd26d9 --- /dev/null +++ b/queue-5.10/serial-core-check-uartclk-for-zero-to-avoid-divide-by-zero.patch @@ -0,0 +1,68 @@ +From 6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 Mon Sep 17 00:00:00 2001 +From: George Kennedy +Date: Wed, 17 Jul 2024 07:24:38 -0500 +Subject: serial: core: check uartclk for zero to avoid divide by zero + +From: George Kennedy + +commit 6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 upstream. + +Calling ioctl TIOCSSERIAL with an invalid baud_base can +result in uartclk being zero, which will result in a +divide by zero error in uart_get_divisor(). The check for +uartclk being zero in uart_set_info() needs to be done +before other settings are made as subsequent calls to +ioctl TIOCSSERIAL for the same port would be impacted if +the uartclk check was done where uartclk gets set. + +Oops: divide error: 0000 PREEMPT SMP KASAN PTI +RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580) +Call Trace: + +serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576 + drivers/tty/serial/8250/8250_port.c:2589) +serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502 + drivers/tty/serial/8250/8250_port.c:2741) +serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862) +uart_change_line_settings (./include/linux/spinlock.h:376 + ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222) +uart_port_startup (drivers/tty/serial/serial_core.c:342) +uart_startup (drivers/tty/serial/serial_core.c:368) +uart_set_info (drivers/tty/serial/serial_core.c:1034) +uart_set_info_user (drivers/tty/serial/serial_core.c:1059) +tty_set_serial (drivers/tty/tty_io.c:2637) +tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791) +__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907 + fs/ioctl.c:893 fs/ioctl.c:893) +do_syscall_64 (arch/x86/entry/common.c:52 + (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) +entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) + +Reported-by: syzkaller +Cc: stable@vger.kernel.org +Signed-off-by: George Kennedy +Rule: add +Link: https://lore.kernel.org/stable/1721148848-9784-1-git-send-email-george.kennedy%40oracle.com +Link: https://lore.kernel.org/r/1721219078-3209-1-git-send-email-george.kennedy@oracle.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/serial_core.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/tty/serial/serial_core.c ++++ b/drivers/tty/serial/serial_core.c +@@ -862,6 +862,14 @@ static int uart_set_info(struct tty_stru + new_flags = (__force upf_t)new_info->flags; + old_custom_divisor = uport->custom_divisor; + ++ if (!(uport->flags & UPF_FIXED_PORT)) { ++ unsigned int uartclk = new_info->baud_base * 16; ++ /* check needs to be done here before other settings made */ ++ if (uartclk == 0) { ++ retval = -EINVAL; ++ goto exit; ++ } ++ } + if (!capable(CAP_SYS_ADMIN)) { + retval = -EPERM; + if (change_irq || change_port || diff --git a/queue-5.10/series b/queue-5.10/series index ed7b8d54689..aa9e0a8f17a 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -326,3 +326,4 @@ scsi-mpt3sas-remove-scsi_dma_map-error-messages.patch scsi-mpt3sas-avoid-iommu-page-faults-on-report-zones.patch irqchip-meson-gpio-support-more-than-8-channels-gpio.patch irqchip-meson-gpio-convert-meson_gpio_irq_controller.patch +serial-core-check-uartclk-for-zero-to-avoid-divide-by-zero.patch -- 2.47.3