tty: serial: qcom_geni_serial: Allocate port->rx_fifo buffer in probe

To fix the RX cancel command failure, rx_fifo buffer needs to be
flushed in stop_rx() by calling handle_rx().In handle_rx() the data
in rx_fifo buffer is read and then dropped, not sent to upper layers.

If set_termios is called before startup, by this time memory is not
allocated to port->rx_fifo buffer, which leads to a NULL pointer
dereference.

To avoid this NULL pointer dereference allocate memory to port->rx_fifo
in probe itself.

Signed-off-by: satya priya <skakit@codeaurora.org>
Reported-by: Stephen Boyd <swboyd@chromium.org>
Link: https://lore.kernel.org/r/1583477228-32231-2-git-send-email-skakit@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c
index 272bae0eebc7ecffd7da14ad8d14f47da9279a18..1a61c970f7d6fd51842d3a1f036e38f0e58d01af 100644 (file)
--- a/drivers/tty/serial/qcom_geni_serial.c
+++ b/drivers/tty/serial/qcom_geni_serial.c
@@ -120,7 +120,7 @@ struct qcom_geni_serial_port {
        unsigned int baud;
        unsigned int tx_bytes_pw;
        unsigned int rx_bytes_pw;
-       u32 *rx_fifo;
+       void *rx_fifo;
        u32 loopback;
        bool brk;
 
@@ -514,7 +514,6 @@ static int handle_rx_console(struct uart_port *uport, u32 bytes, bool drop)
 
 static int handle_rx_uart(struct uart_port *uport, u32 bytes, bool drop)
 {
-       unsigned char *buf;
        struct tty_port *tport;
        struct qcom_geni_serial_port *port = to_dev_port(uport, uport);
        u32 num_bytes_pw = port->tx_fifo_width / BITS_PER_BYTE;
@@ -526,8 +525,7 @@ static int handle_rx_uart(struct uart_port *uport, u32 bytes, bool drop)
        if (drop)
                return 0;
 
-       buf = (unsigned char *)port->rx_fifo;
-       ret = tty_insert_flip_string(tport, buf, bytes);
+       ret = tty_insert_flip_string(tport, port->rx_fifo, bytes);
        if (ret != bytes) {
                dev_err(uport->dev, "%s:Unable to push data ret %d_bytes %d\n",
                                __func__, ret, bytes);
@@ -892,12 +890,6 @@ static int qcom_geni_serial_port_setup(struct uart_port *uport)
                                                false, false, true);
        geni_se_init(&port->se, UART_RX_WM, port->rx_fifo_depth - 2);
        geni_se_select_mode(&port->se, GENI_SE_FIFO);
-       if (!uart_console(uport)) {
-               port->rx_fifo = devm_kcalloc(uport->dev,
-                       port->rx_fifo_depth, sizeof(u32), GFP_KERNEL);
-               if (!port->rx_fifo)
-                       return -ENOMEM;
-       }
        port->setup = true;
 
        return 0;
@@ -1308,6 +1300,13 @@ static int qcom_geni_serial_probe(struct platform_device *pdev)
        port->rx_fifo_depth = DEF_FIFO_DEPTH_WORDS;
        port->tx_fifo_width = DEF_FIFO_WIDTH_BITS;
 
+       if (!console) {
+               port->rx_fifo = devm_kcalloc(uport->dev,
+                       port->rx_fifo_depth, sizeof(u32), GFP_KERNEL);
+               if (!port->rx_fifo)
+                       return -ENOMEM;
+       }
+
        port->name = devm_kasprintf(uport->dev, GFP_KERNEL,
                        "qcom_geni_serial_%s%d",
                        uart_console(uport) ? "console" : "uart", uport->line);