This is a note to let you know that I've just added the patch titled USB: serial: ark3116: fix open error handling to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: usb-serial-ark3116-fix-open-error-handling.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From b631433b175f1002a31020e09bbfc2e5caecf290 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan@xxxxxxxxxx> Date: Thu, 12 Jan 2017 14:56:10 +0100 Subject: USB: serial: ark3116: fix open error handling From: Johan Hovold <johan@xxxxxxxxxx> commit b631433b175f1002a31020e09bbfc2e5caecf290 upstream. Fix open error handling which failed to detect errors when reading the MSR and LSR registers, something which could lead to the shadow registers being initialised from errnos. Note that calling the generic close implementation is sufficient in the error paths as the interrupt urb has not yet been submitted and the register updates have not been made. Fixes: f4c1e8d597d1 ("USB: ark3116: Make existing functions 16450-aware and add close and release functions.") Reviewed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Johan Hovold <johan@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/usb/serial/ark3116.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) --- a/drivers/usb/serial/ark3116.c +++ b/drivers/usb/serial/ark3116.c @@ -373,23 +373,29 @@ static int ark3116_open(struct tty_struc dev_dbg(&port->dev, "%s - usb_serial_generic_open failed: %d\n", __func__, result); - goto err_out; + goto err_free; } /* remove any data still left: also clears error state */ ark3116_read_reg(serial, UART_RX, buf); /* read modem status */ - priv->msr = ark3116_read_reg(serial, UART_MSR, buf); + result = ark3116_read_reg(serial, UART_MSR, buf); + if (result < 0) + goto err_close; + priv->msr = *buf; + /* read line status */ - priv->lsr = ark3116_read_reg(serial, UART_LSR, buf); + result = ark3116_read_reg(serial, UART_LSR, buf); + if (result < 0) + goto err_close; + priv->lsr = *buf; result = usb_submit_urb(port->interrupt_in_urb, GFP_KERNEL); if (result) { dev_err(&port->dev, "submit irq_in urb failed %d\n", result); - ark3116_close(port); - goto err_out; + goto err_close; } /* activate interrupts */ @@ -402,8 +408,15 @@ static int ark3116_open(struct tty_struc if (tty) ark3116_set_termios(tty, port, NULL); -err_out: kfree(buf); + + return 0; + +err_close: + usb_serial_generic_close(port); +err_free: + kfree(buf); + return result; } Patches currently in stable-queue which might be from johan@xxxxxxxxxx are queue-4.4/usb-serial-mct_u232-fix-modem-status-error-handling.patch queue-4.4/usb-serial-ark3116-fix-open-error-handling.patch queue-4.4/usb-serial-io_edgeport-fix-epic-descriptor-handling.patch queue-4.4/usb-serial-ti_usb_3410_5052-fix-control-message-error-handling.patch queue-4.4/usb-serial-keyspan_pda-fix-receive-sanity-checks.patch queue-4.4/usb-serial-sierra-fix-bogus-alternate-setting-assumption.patch queue-4.4/usb-serial-ssu100-fix-control-message-error-handling.patch queue-4.4/usb-serial-digi_acceleport-fix-incomplete-rx-sanity-check.patch queue-4.4/usb-serial-io_edgeport-fix-descriptor-error-handling.patch queue-4.4/usb-serial-quatech2-fix-control-message-error-handling.patch queue-4.4/usb-serial-ftdi_sio-fix-latency-timer-error-handling.patch