lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070807090404.11845.25399.stgit@localhost>
Date:	Tue, 07 Aug 2007 10:04:04 +0100
From:	warmcat <andy@...mcat.com>
To:	linux-kernel@...r.kernel.org
Subject: [PATCH] belkin_sa: avoid divide by zero error

From: None <None>

The belkin_sa module has a problem coping with a 0 return from tty_get_baud_rate() --
the subsequent BELKIN_SA_BAUD macro 

drivers/usb/serial/belkin_sa.h:#define BELKIN_SA_BAUD(b) (230400/b)

performs a divide with it leading to the following divide error:

usb 3-1: Belkin / Peracom / GoHubs USB Serial Adapter converter now attached to ttyUSB0
PM: Adding info for No Bus:usbdev3.3_ep81
PM: Adding info for No Bus:usbdev3.3_ep01
PM: Adding info for No Bus:usbdev3.3_ep82
divide error: 0000 [#1]
SMP
Modules linked in: vfat fat iwl3945 mac80211 cfg80211 belkin_sa usbserial usb_storage autofs4 vmnet(P) vmmon(P) aes nf_conntrack_netbios_ns ipt_REJECT nf_conntrack_ipv4 xt_state nf_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables x_tables cpufreq_ondemand acpi_cpufreq video output sbs button dock battery ac arc4 snd_hda_intel ecb blkcipher snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss sr_mod snd_mixer_oss rtc_cmos cdrom iTCO_wdt iTCO_vendor_support snd_pcm rtc_core snd_timer serio_raw b44 ssb rtc_lib parport ata_piix snd soundcore snd_page_alloc mii ata_generic sg ahci libata sd_mod scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd uhci_hcd
CPU:    1
EIP:    0060:[<f8dd1747>]    Tainted: P        VLI
EFLAGS: 00010246   (2.6.23-rc1 #1)
EIP is at belkin_sa_set_termios+0x18e/0x5b9 [belkin_sa]
eax: 00038400   ebx: 00000000   ecx: 00000000   edx: 00000000
esi: 00038400   edi: 00001cb2   ebp: de49adb0   esp: de49ad6c
ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Process minicom (pid: 7306, ti=de49a000 task=eed6c3b0 task.ti=de49a000)
Stack: d85c74f0 00000046 00000002 00000001 d85c74f0 d85c74f0 00000246 c887c658
       00000001 00000cb0 00000001 00000084 00000000 d01b58c0 f6ba10e0 de49ade8
       de49ae40 de49add0 f8e2526b d85c74b8 ca6e6dbc de49ae40 d85c746c eded72e8
Call Trace:
 [<c0405f35>] show_trace_log_lvl+0x1a/0x2f
 [<c0405fe5>] show_stack_log_lvl+0x9b/0xa3
 [<c04061a5>] show_registers+0x1b8/0x289
 [<c0406389>] die+0x113/0x246
 [<c0622f98>] do_trap+0x8a/0xa3
 [<c04068dc>] do_divide_error+0x85/0x8f
 [<c0622d6a>] error_code+0x72/0x78
 [<f8e2526b>] serial_set_termios+0x86/0x8d [usbserial]
 [<c0542d33>] set_termios+0x309/0x34c
 [<c0542ece>] n_tty_ioctl+0x158/0x4ba
 [<c054030b>] tty_ioctl+0xc78/0xcd6
 [<c048aea0>] do_ioctl+0x50/0x67
 [<c048b100>] vfs_ioctl+0x249/0x25c
 [<c048b15c>] sys_ioctl+0x49/0x61
 [<c0404ed2>] sysenter_past_esp+0x5f/0x99
 =======================
Code: 85 c0 79 14 c7 44 24 04 67 1c dd f8 c7 04 24 d4 1e dd f8 e8 96 99 65 c7 8b 46 04 be 00 84 03 00 e8 47 11 77 c7 31 d2 89 c1 89 f0 <f7> f1 66 85 c0 89 c1 b8 01 00 00 00 0f 44 c8 8b 45 d8 85 db 8b
EIP: [<f8dd1747>] belkin_sa_set_termios+0x18e/0x5b9 [belkin_sa] SS:ESP 0068:de49ad6c

The small patch below should take care of this situation.  Note that my kernel was tainted (vmware)
but the problem will occur if tty_get_baud_rate() ever returns zero and should be taken care of.

Signed-off-by: Andy Green <andy@...mcat.com>
CC: William Greathouse <wgreathouse@...a.com>
CC: Greg Kroah-Hartman <greg@...ah.com>
---

 drivers/usb/serial/belkin_sa.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/drivers/usb/serial/belkin_sa.c b/drivers/usb/serial/belkin_sa.c
index e67ce25..86724e8 100644
--- a/drivers/usb/serial/belkin_sa.c
+++ b/drivers/usb/serial/belkin_sa.c
@@ -383,6 +383,10 @@ static void belkin_sa_set_termios (struct usb_serial_port *port, struct ktermios
 	}
 
 	baud = tty_get_baud_rate(port->tty);
+	if (baud == 0) {
+		dbg("%s - tty_get_baud_rate says 0 baud", __FUNCTION__);
+		return;
+	}
 	urb_value = BELKIN_SA_BAUD(baud);
 	/* Clip to maximum speed */
 	if (urb_value == 0)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ