bug report: serial: 8250: Rate limit serial port rx interrupts during input overruns
From: Colin Ian King
Date: Sat Dec 22 2018 - 13:31:11 EST
Hi,
Static analysis with CoverityScan found a potential null pointer
deference issue with a null uart with recent commit
6d7f677a2afa1c82d7fc7af7f9159cbffd5dc010 ("serial: 8250: Rate limit
serial port rx interrupts during input overruns").
Coverity Analysis is below:
983 uart = serial8250_find_match_or_unused(&up->port);
2. Condition uart, taking false branch.
3. var_compare_op: Comparing uart to null implies that uart might be
null.
984 if (uart && uart->port.type != PORT_8250_CIR) {
985 if (uart->port.dev)
...
...
1075 /* Initialise interrupt backoff work if required */
4. Condition up->overrun_backoff_time_ms > 0, taking false branch.
1076 if (up->overrun_backoff_time_ms > 0) {
CID 1475967 (#1 of 2): Dereference after null check (FORWARD_NULL)
1077 uart->overrun_backoff_time_ms =
up->overrun_backoff_time_ms;
1078 INIT_DELAYED_WORK(&uart->overrun_backoff,
1079 serial_8250_overrun_backoff_work);
1080 } else {
CID 1475967 (#2 of 2): Dereference after null check (FORWARD_NULL)5.
var_deref_op: Dereferencing null pointer uart.
1081 uart->overrun_backoff_time_ms = 0;
1082 }
The implication is that uart could be null, so the code block between
lines 1076 and 1082 should be guarded with a sanity null check on uart too.
Colin