[PATCH 3.4 077/134] USB: pl2303: fix device initialisation at open

From: Greg Kroah-Hartman
Date: Thu Apr 10 2014 - 00:03:11 EST


3.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: Johan Hovold <jhovold@xxxxxxxxx>

commit 2d8f4447b58bba5f8cb895c07690434c02307eaf upstream.

Do not use uninitialised termios data to determine when to configure the
device at open.

This also prevents stack data from leaking to userspace in the OOM error
path.

Signed-off-by: Johan Hovold <jhovold@xxxxxxxxx>
[bwh: Backported to 3.2: tty_struct::termios is a pointer, not a struct]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Cc: Yang Yingliang <yangyingliang@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/usb/serial/pl2303.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

--- a/drivers/usb/serial/pl2303.c
+++ b/drivers/usb/serial/pl2303.c
@@ -269,7 +269,7 @@ static void pl2303_set_termios(struct tt
serial settings even to the same values as before. Thus
we actually need to filter in this specific case */

- if (!tty_termios_hw_change(tty->termios, old_termios))
+ if (old_termios && !tty_termios_hw_change(tty->termios, old_termios))
return;

cflag = tty->termios->c_cflag;
@@ -278,7 +278,8 @@ static void pl2303_set_termios(struct tt
if (!buf) {
dev_err(&port->dev, "%s - out of memory.\n", __func__);
/* Report back no change occurred */
- *tty->termios = *old_termios;
+ if (old_termios)
+ *tty->termios = *old_termios;
return;
}

@@ -416,7 +417,7 @@ static void pl2303_set_termios(struct tt
control = priv->line_control;
if ((cflag & CBAUD) == B0)
priv->line_control &= ~(CONTROL_DTR | CONTROL_RTS);
- else if ((old_termios->c_cflag & CBAUD) == B0)
+ else if (old_termios && (old_termios->c_cflag & CBAUD) == B0)
priv->line_control |= (CONTROL_DTR | CONTROL_RTS);
if (control != priv->line_control) {
control = priv->line_control;
@@ -477,7 +478,6 @@ static void pl2303_close(struct usb_seri

static int pl2303_open(struct tty_struct *tty, struct usb_serial_port *port)
{
- struct ktermios tmp_termios;
struct usb_serial *serial = port->serial;
struct pl2303_private *priv = usb_get_serial_port_data(port);
int result;
@@ -495,7 +495,7 @@ static int pl2303_open(struct tty_struct

/* Setup termios */
if (tty)
- pl2303_set_termios(tty, port, &tmp_termios);
+ pl2303_set_termios(tty, port, NULL);

dbg("%s - submitting interrupt urb", __func__);
result = usb_submit_urb(port->interrupt_in_urb, GFP_KERNEL);


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/