Patchwork [3.5.y.z,extended,stable] Patch "USB: pl2303: fix device initialisation at open" has been added to staging queue

login
register
mail settings
Submitter Luis Henriques
Date June 17, 2013, 2:46 p.m.
Message ID <1371480394-16507-1-git-send-email-luis.henriques@canonical.com>
Download mbox | patch
Permalink /patch/251867/
State New
Headers show

Comments

Luis Henriques - June 17, 2013, 2:46 p.m.
This is a note to let you know that I have just added a patch titled

    USB: pl2303: fix device initialisation at open

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

From 3f92fc5ac9220f925d29b53a599ac0cb995fac04 Mon Sep 17 00:00:00 2001
From: Johan Hovold <jhovold@gmail.com>
Date: Mon, 10 Jun 2013 18:29:38 +0200
Subject: [PATCH] USB: pl2303: fix device initialisation at open

commit 2d8f4447b58bba5f8cb895c07690434c02307eaf upstream.

Do not use uninitialised termios data to determine when to configure the
device at open.

This also prevents stack data from leaking to userspace in the OOM error
path.

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ luis: backported to 3.5:
  - adjusted context
  - termios is a pointer, not a struct ]
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 drivers/usb/serial/pl2303.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

--
1.8.1.2

Patch

diff --git a/drivers/usb/serial/pl2303.c b/drivers/usb/serial/pl2303.c
index 6fe8d0e..5150a27 100644
--- a/drivers/usb/serial/pl2303.c
+++ b/drivers/usb/serial/pl2303.c
@@ -258,7 +258,7 @@  static void pl2303_set_termios(struct tty_struct *tty,
 	   serial settings even to the same values as before. Thus
 	   we actually need to filter in this specific case */

-	if (!tty_termios_hw_change(tty->termios, old_termios))
+	if (old_termios && !tty_termios_hw_change(tty->termios, old_termios))
 		return;

 	cflag = tty->termios->c_cflag;
@@ -267,7 +267,8 @@  static void pl2303_set_termios(struct tty_struct *tty,
 	if (!buf) {
 		dev_err(&port->dev, "%s - out of memory.\n", __func__);
 		/* Report back no change occurred */
-		*tty->termios = *old_termios;
+		if (old_termios)
+			*tty->termios = *old_termios;
 		return;
 	}

@@ -407,7 +408,7 @@  static void pl2303_set_termios(struct tty_struct *tty,
 	control = priv->line_control;
 	if ((cflag & CBAUD) == B0)
 		priv->line_control &= ~(CONTROL_DTR | CONTROL_RTS);
-	else if ((old_termios->c_cflag & CBAUD) == B0)
+	else if (old_termios && (old_termios->c_cflag & CBAUD) == B0)
 		priv->line_control |= (CONTROL_DTR | CONTROL_RTS);
 	if (control != priv->line_control) {
 		control = priv->line_control;
@@ -466,7 +467,6 @@  static void pl2303_close(struct usb_serial_port *port)

 static int pl2303_open(struct tty_struct *tty, struct usb_serial_port *port)
 {
-	struct ktermios tmp_termios;
 	struct usb_serial *serial = port->serial;
 	struct pl2303_private *priv = usb_get_serial_port_data(port);
 	int result;
@@ -482,7 +482,7 @@  static int pl2303_open(struct tty_struct *tty, struct usb_serial_port *port)

 	/* Setup termios */
 	if (tty)
-		pl2303_set_termios(tty, port, &tmp_termios);
+		pl2303_set_termios(tty, port, NULL);

 	result = usb_submit_urb(port->interrupt_in_urb, GFP_KERNEL);
 	if (result) {