Google Git
Sign in
cos / third_party / kernel / 284e5f6bf04a781679f867cd2d1ef81630be6e9e
commit284e5f6bf04a781679f867cd2d1ef81630be6e9e[log] [tgz]
authorGeorge Kennedy <[email protected]>Wed Jul 17 07:24:38 2024 -0500
committerOleksandr Tymoshenko <[email protected]>Fri Sep 13 22:33:16 2024 +0000
tree16891ac99a11324725469e4e67c2df832f5ec610
parent15e005cc4bb60bd0feef6bb24e150956c673ed40 [diff]
serial: core: check uartclk for zero to avoid divide by zero

commit 6eabce6608d6f3440f4c03aa3d3ef50a47a3d193 upstream.

Calling ioctl TIOCSSERIAL with an invalid baud_base can
result in uartclk being zero, which will result in a
divide by zero error in uart_get_divisor(). The check for
uartclk being zero in uart_set_info() needs to be done
before other settings are made as subsequent calls to
ioctl TIOCSSERIAL for the same port would be impacted if
the uartclk check was done where uartclk gets set.

Oops: divide error: 0000  PREEMPT SMP KASAN PTI
RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)
Call Trace:
 <TASK>
serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576
    drivers/tty/serial/8250/8250_port.c:2589)
serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502
    drivers/tty/serial/8250/8250_port.c:2741)
serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)
uart_change_line_settings (./include/linux/spinlock.h:376
    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)
uart_port_startup (drivers/tty/serial/serial_core.c:342)
uart_startup (drivers/tty/serial/serial_core.c:368)
uart_set_info (drivers/tty/serial/serial_core.c:1034)
uart_set_info_user (drivers/tty/serial/serial_core.c:1059)
tty_set_serial (drivers/tty/tty_io.c:2637)
tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)
__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907
    fs/ioctl.c:893 fs/ioctl.c:893)
do_syscall_64 (arch/x86/entry/common.c:52
    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)

BUG=b/365947139
TEST=presubmit
RELEASE_NOTE=Fixes CVE-2024-43893 in the Linux kernel

cos-patch: security-moderate
Reported-by: syzkaller <[email protected]>
Cc: [email protected]
Change-Id: Ie58b4349495642717a05381984221a81027cbfb5
Signed-off-by: George Kennedy <[email protected]>
Rule: add
Link: https://lore.kernel.org/stable/1721148848-9784-1-git-send-email-george.kennedy%40oracle.com
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Kernel CVE Triage Automation <[email protected]>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/80781
Tested-by: Cusky Presubmit Bot <[email protected]>
Reviewed-by: Kevin Berry <[email protected]>
Reviewed-by: Oleksandr Tymoshenko <[email protected]>
1 file changed
tree: 16891ac99a11324725469e4e67c2df832f5ec610
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. google/
  9. include/
  10. init/
  11. io_uring/
  12. ipc/
  13. kernel/
  14. lib/
  15. LICENSES/
  16. mm/
  17. net/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .cocciconfig
  27. .get_maintainer.ignore
  28. .gitattributes
  29. .gitignore
  30. .mailmap
  31. COPYING
  32. CREDITS
  33. Kbuild
  34. Kconfig
  35. MAINTAINERS
  36. Makefile
  37. PRESUBMIT.cfg
  38. README