Patch "USB: pl2303: fix device initialisation at open" has been added to the 3.4-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    USB: pl2303: fix device initialisation at open

to the 3.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     usb-pl2303-fix-device-initialisation-at-open.patch
and it can be found in the queue-3.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 0f9613bfc25a11c5ed61c2213031b209381619cc Mon Sep 17 00:00:00 2001
From: Johan Hovold <jhovold@xxxxxxxxx>
Date: Mon, 10 Jun 2013 18:29:38 +0200
Subject: USB: pl2303: fix device initialisation at open

From: Johan Hovold <jhovold@xxxxxxxxx>

commit 2d8f4447b58bba5f8cb895c07690434c02307eaf upstream.

Do not use uninitialised termios data to determine when to configure the
device at open.

This also prevents stack data from leaking to userspace in the OOM error
path.

Signed-off-by: Johan Hovold <jhovold@xxxxxxxxx>
[bwh: Backported to 3.2: tty_struct::termios is a pointer, not a struct]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Cc: Yang Yingliang <yangyingliang@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/usb/serial/pl2303.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

--- a/drivers/usb/serial/pl2303.c
+++ b/drivers/usb/serial/pl2303.c
@@ -269,7 +269,7 @@ static void pl2303_set_termios(struct tt
 	   serial settings even to the same values as before. Thus
 	   we actually need to filter in this specific case */
 
-	if (!tty_termios_hw_change(tty->termios, old_termios))
+	if (old_termios && !tty_termios_hw_change(tty->termios, old_termios))
 		return;
 
 	cflag = tty->termios->c_cflag;
@@ -278,7 +278,8 @@ static void pl2303_set_termios(struct tt
 	if (!buf) {
 		dev_err(&port->dev, "%s - out of memory.\n", __func__);
 		/* Report back no change occurred */
-		*tty->termios = *old_termios;
+		if (old_termios)
+			*tty->termios = *old_termios;
 		return;
 	}
 
@@ -416,7 +417,7 @@ static void pl2303_set_termios(struct tt
 	control = priv->line_control;
 	if ((cflag & CBAUD) == B0)
 		priv->line_control &= ~(CONTROL_DTR | CONTROL_RTS);
-	else if ((old_termios->c_cflag & CBAUD) == B0)
+	else if (old_termios && (old_termios->c_cflag & CBAUD) == B0)
 		priv->line_control |= (CONTROL_DTR | CONTROL_RTS);
 	if (control != priv->line_control) {
 		control = priv->line_control;
@@ -477,7 +478,6 @@ static void pl2303_close(struct usb_seri
 
 static int pl2303_open(struct tty_struct *tty, struct usb_serial_port *port)
 {
-	struct ktermios tmp_termios;
 	struct usb_serial *serial = port->serial;
 	struct pl2303_private *priv = usb_get_serial_port_data(port);
 	int result;
@@ -495,7 +495,7 @@ static int pl2303_open(struct tty_struct
 
 	/* Setup termios */
 	if (tty)
-		pl2303_set_termios(tty, port, &tmp_termios);
+		pl2303_set_termios(tty, port, NULL);
 
 	dbg("%s - submitting interrupt urb", __func__);
 	result = usb_submit_urb(port->interrupt_in_urb, GFP_KERNEL);


Patches currently in stable-queue which might be from jhovold@xxxxxxxxx are

queue-3.4/usb-mos7840-fix-memory-leak-in-open.patch
queue-3.4/usb-oti6858-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-io_ti-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-pl2303-fix-device-initialisation-at-open.patch
queue-3.4/usb-ch341-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-io_edgeport-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-ftdi_sio-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-ark3116-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-pl2303-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-cypress_m8-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-ssu100-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-keyspan-fix-null-deref-at-disconnect-and-release.patch
queue-3.4/usb-mct_u232-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-spcp8x5-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-adutux-fix-big-endian-device-type-reporting.patch
queue-3.4/usb-ti_usb_3410_5052-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-spcp8x5-fix-device-initialisation-at-open.patch
queue-3.4/usb-mos7840-fix-race-in-register-handling.patch
queue-3.4/usb-ftdi_sio-fixed-handling-of-unsupported-csize-setting.patch
queue-3.4/usb-mos7840-fix-broken-tiocmiwait.patch
queue-3.4/usb-serial-fix-hang-when-opening-port.patch
queue-3.4/usb-mos7840-fix-use-after-free-in-tiocmiwait.patch
queue-3.4/usb-ti_usb_3410_5052-fix-big-endian-firmware-handling.patch
queue-3.4/usb-serial-add-modem-status-change-wait-queue.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]