Fix another NULL-pointer dereference at open should a malicious device
lack an interrupt-in endpoint.
Note that the driver has a broken check for an interrupt-in endpoint
which means that an interrupt URB has never even been submitted.
Fixes: 3f5429746d ("USB: Moschip 7840 USB-Serial Driver")
Cc: stable <stable@vger.kernel.org> # v2.6.19: 5c75633ef7
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Do not report ASYNC_SKIP_TEST or ASYNC_AUTO_IRQ as being set in
TIOCGSERIAL handlers as these flags are not supported and do not really
make any sense for USB serial devices in the first place.
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Make sure to detect short transfers when reading a device register.
The modem-status handling had sufficient error checks in place, but move
handling of short transfers into the register accessor function itself
for consistency.
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
The interrupt URB is killed at final port close since commit
0de9a7024e ("USB: overhaul of mos7840 driver").
Fixes: 0de9a7024e ("USB: overhaul of mos7840 driver")
Signed-off-by: Johan Hovold <johan@kernel.org>
Fix NULL-pointer dereference in open() should the device lack the
expected endpoints:
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at mos7840_open+0x88/0x8dc [mos7840]
Note that we continue to treat the interrupt-in endpoint as optional for
now.
Fixes: 3f5429746d ("USB: Moschip 7840 USB-Serial Driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Drop invalid user-pointer checks from ioctl handlers.
A NULL-pointer can be valid in user space and copy_to_user() takes care
of sanity checking.
Signed-off-by: Johan Hovold <johan@kernel.org>
There is an allocation with GFP_KERNEL flag in mos7840_write(),
while it may be called from interrupt context.
Follow-up for commit 1912528376 ("USB: kobil_sct: fix non-atomic
allocation in write path")
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Here is the big USB patchset for 4.6-rc1.
The normal mess is here, gadget and xhci fixes and updates, and lots of
other driver updates and cleanups as well. Full details are in the
shortlog.
All have been in linux-next for a while with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEABECAAYFAlbp8/EACgkQMUfUDdst+ylsyQCgnVK6ZIFVPV9VijJvBIjxS3F+
fTMAoIMQwNrRMHQOq/lhxX00AgN0B9Ch
=2EQp
-----END PGP SIGNATURE-----
Merge tag 'usb-4.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB updates from Greg KH:
"Here is the big USB patchset for 4.6-rc1.
The normal mess is here, gadget and xhci fixes and updates, and lots
of other driver updates and cleanups as well. Full details are in the
shortlog.
All have been in linux-next for a while with no reported issues"
* tag 'usb-4.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (266 commits)
USB: core: let USB device know device node
usb: devio: Add ioctl to disallow detaching kernel USB drivers.
usb: gadget: f_acm: Fix configfs attr name
usb: udc: lpc32xx: remove USB PLL and USB OTG clock management
usb: udc: lpc32xx: remove direct access to clock controller registers
usb: udc: lpc32xx: switch to clock prepare/unprepare model
usb: renesas_usbhs: gadget: fix giveback status code in usbhsg_pipe_disable()
usb: gadget: renesas_usb3: Use ARCH_RENESAS
usb: dwc2: Fix issues in dwc2_complete_non_isoc_xfer_ddma()
usb: dwc2: Add support for Lantiq ARX and XRX SoCs
usb: phy: generic: Handle late registration of gadget
usb: gadget: bdc_udc: fix race condition in bdc_udc_exit()
usb: musb: core: added missing const qualifier to musb_hdrc_platform_data::config
usb: dwc2: Move host-specific core functions into hcd.c
usb: dwc2: Move register save and restore functions
usb: dwc2: Use kmem_cache_free()
usb: dwc2: host: If using uframe scheduler, end splits better
usb: dwc2: host: Totally redo the microframe scheduler
usb: dwc2: host: Properly set even/odd frame
usb: dwc2: host: Add dwc2_hcd_get_future_frame_number() call
...
Bool initializations should use true and false. Bool tests don't need
comparisons.
Also, use IS_ENABLED instead of ifdef.
Generated by: scripts/coccinelle/misc/boolinit.cocci
Signed-off-by: Mathieu OTHACEHE <m.othacehe@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Expressions of the form "tty->termios.c_*flag & FLAG"
are more clearly expressed with the termios flags macros,
I_FLAG(), C_FLAG(), O_FLAG(), and L_FLAG().
Convert treewide.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Acked-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch removes redundant condition.
(length && length > 5) can be reduced to a single evaluation.
Tested by compilation only.
Caught by cppcheck.
Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Use the timer API function setup_timer instead of structure field
assignments to initialize a timer.
A simplified version of the Coccinelle semantic patch that performs
this transformation is as follows:
@change@
expression e1, e2, e3, e4, a, b;
@@
-init_timer(&e1);
+setup_timer(&e1, a, b);
... when != a = e2
when != b = e3
-e1.function = a;
... when != b = e4
-e1.data = b;
Signed-off-by: Vaishali Thakkar <vthakkar1994@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
There is old, unused code that is #defined out by the use of NOTMOS7840
and NOTMCS7840 - these are not defined anywhere.
If NOTMOS7840 is defined then the code will break on null pointer
dereferences on mos7840_port. So the code is currently unused, and
broken anyway, so why not just remove it.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Use GFP_KERNEL instead of GFP_ATOMIC for allocations in set_termios and
port-setting helper which both may and do sleep.
Signed-off-by: Johan Hovold <johan@kernel.org>
Add missing newlines to dev_<level> messages.
Also make some messages less verbose where appropriate.
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
None of these files are actually using any __init type directives
and hence don't need to include <linux/init.h>. Most are just a
left over from __devinit and __cpuinit removal, or simply due to
code getting copied from one driver to the next.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove redundant error messages on allocation failures, which have
already been logged.
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove redundant ioctl debugging from subdrivers. The ioctl request code
has already been logged by usb-serial core.
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch removes an erroneous check of CSIZE, which made it impossible to set
CS5.
Compiles clean, but couldn't test against hardware.
Signed-off-by: Colin Leitner <colin.leitner@gmail.com>
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make sure to return errors from tiocmget rather than rely on
uninitialised stack data.
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix bug in device-type detection on big-endian machines originally
introduced by commit 0eafe4de ("USB: serial: mos7840: add support for
MCS7810 devices") which always matched on little-endian product ids.
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Silence compiler warnings on 64-bit systems introduced by commit
05cf0dec ("USB: mos7840: fix race in led handling") which uses the
usb-serial data pointer to temporarily store the device type during
probe but failed to add the required casts.
[gregkh - change uintptr_t to unsigned long]
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix race in LED handling introduced by commit 0eafe4de ("USB: serial:
mos7840: add support for MCS7810 devices") which reused the port control
urb for manipulating the LED without making sure that the urb is not
already in use. This could lead to the control urb being manipulated
while in flight.
Fix by adding a dedicated LED urb and ctrlrequest along with a LED-busy
flag to handle concurrency.
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix race in device-type detection introduced by commit 0eafe4de ("USB:
serial: mos7840: add support for MCS7810 devices") which used a static
variable to hold the device type.
Move type detection to probe and use serial data to store the device
type.
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix race in mos7840_get_reg which unconditionally manipulated the
control urb (which may already be in use) by adding a control-urb busy
flag.
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Allocated urbs and buffers were never freed on errors in open.
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove broken "chase" implementation which was supposed to be used to
drain the write buffers at break.
The chase implementation slept on a wait queue which was never woken up
(i.e. no hardware buffers were queried), and thus amounted to nothing
more than polling chars_in_buffer, something which has already been
taken care of by the tty layer.
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This moves the allocation of minor device numbers from a static array to
be dynamic, using the idr interface. This means that you could
potentially get "gaps" in a minor number range for a single USB serial
device with multiple ports, but all should still work properly.
We remove the 'minor' field from the usb_serial structure, as it no
longer makes any sense for it (use the field in the usb_serial_port
structure if you really want to know this number), and take the fact
that we were overloading a number in this field to determine if we had
initialized the minor numbers or not, and just use a flag variable
instead.
Note, we still have the limitation of 255 USB to serial devices in the
system, as that is all we are registering with the TTY layer at this
point in time.
Tested-by: Tobias Winter <tobias@linuxdingsda.de>
Reviewed-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The usb_serial_port structure had the number field, which was the minor
number for the port, which almost no one really cared about. They
really wanted the number of the port within the device, which you had to
subtract from the minor of the parent usb_serial_device structure. To
clean this up, provide the real minor number of the port, and the number
of the port within the serial device separately, as these numbers might
not be related in the future.
Bonus is that this cleans up a lot of logic in the drivers, and saves
lines overall.
Tested-by: Tobias Winter <tobias@linuxdingsda.de>
Reviewed-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
--
drivers/staging/serqt_usb2/serqt_usb2.c | 21 +++--------
drivers/usb/serial/ark3116.c | 2 -
drivers/usb/serial/bus.c | 6 +--
drivers/usb/serial/console.c | 2 -
drivers/usb/serial/cp210x.c | 2 -
drivers/usb/serial/cypress_m8.c | 4 +-
drivers/usb/serial/digi_acceleport.c | 6 ---
drivers/usb/serial/f81232.c | 5 +-
drivers/usb/serial/garmin_gps.c | 6 +--
drivers/usb/serial/io_edgeport.c | 58 ++++++++++++--------------------
drivers/usb/serial/io_ti.c | 21 ++++-------
drivers/usb/serial/keyspan.c | 29 +++++++---------
drivers/usb/serial/metro-usb.c | 4 +-
drivers/usb/serial/mos7720.c | 37 +++++++++-----------
drivers/usb/serial/mos7840.c | 52 +++++++++-------------------
drivers/usb/serial/opticon.c | 2 -
drivers/usb/serial/pl2303.c | 2 -
drivers/usb/serial/quatech2.c | 7 +--
drivers/usb/serial/sierra.c | 2 -
drivers/usb/serial/ti_usb_3410_5052.c | 10 ++---
drivers/usb/serial/usb-serial.c | 7 ++-
drivers/usb/serial/usb_wwan.c | 2 -
drivers/usb/serial/whiteheat.c | 20 +++++------
include/linux/usb/serial.h | 6 ++-
24 files changed, 133 insertions(+), 180 deletions(-)
Fix regression introduced by commit 0eafe4de1a ("USB: serial: mos7840:
add support for MCS7810 devices") which used stack-allocated buffers for
control messages.
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Here's the big USB pull request for 3.10-rc1.
Lots of USB patches here, the majority being USB gadget changes and
USB-serial driver cleanups, the rest being ARM build fixes / cleanups,
and individual driver updates. We also finally got some chipidea fixes,
which have been delayed for a number of kernel releases, as the
maintainer has now reappeared.
All of these have been in linux-next for a while.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEABECAAYFAlF+md4ACgkQMUfUDdst+ymkSgCfZWIiCtiX/li0yJqSiRB4yYJx
Ex0AoNemOOf6ywvSOHPbILTbJ1G+c/PX
=JmvB
-----END PGP SIGNATURE-----
Merge tag 'usb-3.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB patches from Greg Kroah-Hartman:
"Here's the big USB pull request for 3.10-rc1.
Lots of USB patches here, the majority being USB gadget changes and
USB-serial driver cleanups, the rest being ARM build fixes / cleanups,
and individual driver updates. We also finally got some chipidea
fixes, which have been delayed for a number of kernel releases, as the
maintainer has now reappeared.
All of these have been in linux-next for a while"
* tag 'usb-3.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (568 commits)
USB: ehci-msm: USB_MSM_OTG needs USB_PHY
USB: OHCI: avoid conflicting platform drivers
USB: OMAP: ISP1301 needs USB_PHY
USB: lpc32xx: ISP1301 needs USB_PHY
USB: ftdi_sio: enable two UART ports on ST Microconnect Lite
usb: phy: tegra: don't call into tegra-ehci directly
usb: phy: phy core cannot yet be a module
USB: Fix initconst in ehci driver
usb-storage: CY7C68300A chips do not support Cypress ATACB
USB: serial: option: Added support Olivetti Olicard 145
USB: ftdi_sio: correct ST Micro Connect Lite PIDs
ARM: mxs_defconfig: add CONFIG_USB_PHY
ARM: imx_v6_v7_defconfig: add CONFIG_USB_PHY
usb: phy: remove exported function from __init section
usb: gadget: zero: put function instances on unbind
usb: gadget: f_sourcesink.c: correct a copy-paste misnomer
usb: gadget: cdc2: fix error return code in cdc_do_config()
usb: gadget: multi: fix error return code in rndis_do_config()
usb: gadget: f_obex: fix error return code in obex_bind()
USB: storage: convert to use module_usb_driver()
...
Switch to the generic TIOCMIWAIT implementation.
This also fixes the issue with processes waiting for
modem-status-changes not being woken up at disconnect.
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Switch to the generic get_icount implementation.
Note that the interrupt counters will no longer be reset at open which
is in accordance with which how the other drivers work.
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove SMP memory barriers from icount handling and rely on the barriers
implied by wait_event, sleep and locks, while using the port lock to
guarantee atomicity.
This is a step in moving over to the generic icount implementations.
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove bogus (and unnecessary) test for serial->dev being NULL in close.
The device is never cleared, and close is never called after a completed
disconnect anyway.
Simplify urb killing, and remove some related debug and dead code while
at it.
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use the port wait queue and make sure to check the serial disconnected
flag before accessing private port data after waking up.
This is is needed as the private port data (including the wait queue
itself) can be gone when waking up after a disconnect.
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make sure waiting processes are woken on modem-status changes.
Currently processes are only woken on termios changes regardless of
whether the modem status has changed.
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
It allows for cleaning up on a considerable amount of places. They did
port_get, wakeup, kref_put. Now the only thing needed is to call
tty_port_tty_wakeup which does exactly that.
One exception is ifx6x60 where tty_wakeup was open-coded. We now call
tty_wakeup properly there.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Now, we start converting tty buffer functions to actually use
tty_port. This will allow us to get rid of the need of tty in many
call sites. Only tty_port will needed and hence no more
tty_port_tty_get in those paths.
Now, the one where most of tty_port_tty_get gets removed:
tty_flip_buffer_push.
IOW we also closed all the races in drivers not using tty_port_tty_get
at all yet.
Also we move tty_flip_buffer_push declaration from include/linux/tty.h
to include/linux/tty_flip.h to all others while we are changing it
anyway.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Now, we start converting tty buffer functions to actually use
tty_port. This will allow us to get rid of the need of tty in many
call sites. Only tty_port will needed and hence no more
tty_port_tty_get in those paths.
tty_insert_flip_string this time.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove all MODULE_VERSION macros and driver-version information (except
for garmin_gps which uses it in a status reply).
It is the kernel version that matters and not some private version
scheme which rarely even gets updated.
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove temporary do-while(0) loop used to keep changes minimal.
Fixup indentation, remove some line breaks, and replace break with goto
to maintain flow.
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>