lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <3eb40848-3bec-42ca-845b-c66d4b53cedc@omp.ru>
Date: Sun, 12 Oct 2025 20:56:58 +0300
From: Sergey Shtylyov <s.shtylyov@....ru>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Jiri Slaby
	<jirislaby@...nel.org>, Matthias Brugger <matthias.bgg@...il.com>,
	AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>,
	<linux-serial@...r.kernel.org>, <linux-kernel@...r.kernel.org>
CC: <linux-arm-kernel@...ts.infradead.org>,
	<linux-mediatek@...ts.infradead.org>, <lvc-project@...uxtesting.org>, Fedor
 Pchelkin <pchelkin@...ras.ru>
Subject: [PATCH v2] serial: 8250_mtk: correct max baud rate in set_termios()
 method

Mediatek MT798x datasheets (that I was able to get my hands on) claim
the maximum supported baud rate to be 3 Mbps, while commit 81bb549fdf14
("serial: 8250_mtk: support big baud rate.") claimed it to be 4 Mbps --
however, it then passed undivided port->uartclk to uart_get_baud_rate()
for the maximum baud rate, while the datasheets do mention up to 52 MHz
as the baud clock's frequency.  This means that an integer overflow will
happen (when multiplying the baud variable by 256) if a baud rate higher
than 16777215 bps is passed via termios->c_ospeed. Pass the correct max
baud rate of 3 Mbps or port->uartclk, whichever happens to be less...

Found by Linux Verification Center (linuxtesting.org) with the Svace static
analysis tool.

Fixes: 81bb549fdf14 ("serial: 8250_mtk: support big baud rate.")
Signed-off-by: Sergey Shtylyov <s.shtylyov@....ru>

---
The patch is against the master branch of Linus Torvalds' linux.git repo
(I'm unable to use the other repos on git.kernel.org and I have to update
Linus' repo from GitHub).

Changes in version 2:
- changed the approach to the problem (and hence rewrote the description);
- removed "the" article from the subject for brevity.

 drivers/tty/serial/8250/8250_mtk.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: linux/drivers/tty/serial/8250/8250_mtk.c
===================================================================
--- linux.orig/drivers/tty/serial/8250/8250_mtk.c
+++ linux/drivers/tty/serial/8250/8250_mtk.c
@@ -358,7 +358,7 @@ mtk8250_set_termios(struct uart_port *po
 	 */
 	baud = uart_get_baud_rate(port, termios, old,
 				  port->uartclk / 16 / UART_DIV_MAX,
-				  port->uartclk);
+				  min(3000000U, port->uartclk));
 
 	if (baud < 115200) {
 		serial_port_out(port, MTK_UART_HIGHS, 0x0);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ