Commit Graph

456 Commits

Author SHA1 Message Date
Geliang Tang
64b9533ec1 usb: cdc-wdm: use memdup_user
Use memdup_user() helper instead of open-coding to simplify the code.

Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 12:20:53 +02:00
Bjørn Mork
1944581699 USB: Revert "cdc-wdm: fix "out-of-sync" due to missing notifications"
This reverts commit 833415a3e7 ("cdc-wdm: fix "out-of-sync" due to
missing notifications")

There have been several reports of wdm_read returning unexpected EIO
errors with QMI devices using the qmi_wwan driver. The reporters
confirm that reverting prevents these errors. I have been unable to
reproduce the bug myself, and have no explanation to offer either. But
reverting is the safe choice here, given that the commit was an
attempt to work around a firmware problem.  Living with a firmware
problem is still better than adding driver bugs.

Reported-by: Kasper Holtze <kasper@holtze.dk>
Reported-by: Aleksander Morgado <aleksander@aleksander.es>
Reported-by: Daniele Palmas <dnlplm@gmail.com>
Cc: <stable@vger.kernel.org> # v4.9+
Fixes: 833415a3e7 ("cdc-wdm: fix "out-of-sync" due to missing notifications")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-25 20:04:28 +02:00
Mauro Carvalho Chehab
21470e32ca usb: fix some references for /proc/bus/usb
Since when we got rid of usbfs, the /proc/bus/usb is now
elsewhere. Fix references for it.

Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-18 16:54:19 +02:00
Tobias Herzog
d30eed1cd2 cdc-acm: remove unused element of struct acm
write_used was introduced with commit 884b600f63 ("[PATCH] USB: fix acm
trouble with terminals") but never used since.

Signed-off-by: Tobias Herzog <t-herzog@gmx.de>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-01 11:05:03 +02:00
Tobias Herzog
2d6dfd17ae cdc-acm: log message for serial state notification
Adds a similar log message to USB_CDC_NOTIFY_SERIAL_STATE as it is
already done with USB_CDC_NOTIFY_NETWORK_CONNECTION.

Signed-off-by: Tobias Herzog <t-herzog@gmx.de>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-01 11:05:03 +02:00
Tobias Herzog
ea2583529c cdc-acm: reassemble fragmented notifications
USB devices may have very limited endpoint packet sizes, so that
notifications can not be transferred within one single usb packet.
Reassembling of multiple packages may be necessary.

Signed-off-by: Tobias Herzog <t-herzog@gmx.de>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-01 11:05:03 +02:00
Tobias Herzog
1bb9914e17 cdc-acm: fix possible invalid access when processing notification
Notifications may only be 8 bytes long. Accessing the 9th and
10th byte of unimplemented/unknown notifications may be insecure.
Also check the length of known notifications before accessing anything
behind the 8th byte.

Signed-off-by: Tobias Herzog <t-herzog@gmx.de>
Acked-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-01 11:05:03 +02:00
Johan Hovold
041370cce8 USB: usbtmc: refactor endpoint retrieval
Use the new endpoint helpers to lookup the required bulk-in and bulk-out
endpoints, and the optional interrupt-in endpoint.

Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-29 11:53:15 +02:00
Greg Kroah-Hartman
e47ff590cc Merge 4.11-rc4 into usb-next
This resolves a merge issue in the gadget code, and we want the USB
fixes in here as well.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-27 09:19:32 +02:00
Johan Hovold
5370860a1f USB: usblp: refactor endpoint retrieval
Use the new endpoint helpers to lookup the required bulk-out endpoint
and the depending on protocol likewise required bulk-in endpoint.

Cc: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-23 13:54:08 +01:00
Johan Hovold
f8d8464bfc USB: cdc-acm: refactor endpoint retrieval
Use the new endpoint helpers to lookup the required bulk-in, bulk-out
and interrupt-in endpoints for collapsed interfaces.

Note that there is already a check verifying that there are exactly
three endpoints so we'd still be bailing out if there's an unexpected
endpoint type.

Cc: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-23 13:54:08 +01:00
Johan Hovold
2e47c53503 USB: usbtmc: fix probe error path
Make sure to initialise the return value to avoid having allocation
failures going unnoticed when allocating interrupt-endpoint resources.

This prevents use-after-free or worse when the device is later unbound.

Fixes: dbf3e7f654 ("Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation.")
Cc: stable <stable@vger.kernel.org>     # 4.6
Cc: Dave Penkler <dpenkler@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-17 13:22:58 +09:00
Johan Hovold
687e0687f7 USB: usbtmc: add missing endpoint sanity check
USBTMC devices are required to have a bulk-in and a bulk-out endpoint,
but the driver failed to verify this, something which could lead to the
endpoint addresses being taken from uninitialised memory.

Make sure to zero all private data as part of allocation, and add the
missing endpoint sanity check.

Note that this also addresses a more recently introduced issue, where
the interrupt-in-presence flag would also be uninitialised whenever the
optional interrupt-in endpoint is not present. This in turn could lead
to an interrupt urb being allocated, initialised and submitted based on
uninitialised values.

Fixes: dbf3e7f654 ("Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation.")
Fixes: 5b775f672c ("USB: add USB test and measurement class driver")
Cc: stable <stable@vger.kernel.org>     # 2.6.28
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-17 13:22:58 +09:00
Ingo Molnar
174cd4b1e5 sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
Fix up affected files that include this signal functionality via sched.h.

Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-03-02 08:42:32 +01:00
Gustavo A. R. Silva
53b7f7b53d usb: cdc-wdm: remove logically dead code
Remove logically dead code.
'cntr' is always equal to zero when the following line of code is executed:
rv = cntr ? cntr : -EAGAIN;

Addresses-Coverity-ID: 113227
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Reviewed-by: Peter Senna Tschudin <peter.senna@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-02-15 10:35:15 -08:00
Johan Hovold
4ddecf76b5 USB: cdc-acm: fix TIOCGSERIAL flags
The driver reports that it always uses a low-latency mode by returning
the ASYNC_LOW_LATENCY flag through TIOCGSERIAL.

Even if this behaviour could not be changed, this may have made some
sense prior to 7a9a65ced1 ("cdc-acm: Fix long standing abuse of
tty->low_latency") which removed the unconditional setting of the
corresponding tty low_latency flag (something which had always been
broken in itself).

Since the driver does not have a low-latency mode, let's drop the flag.

Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-01-26 18:51:15 +01:00
Nathaniel Quillin
301216044e USB: cdc-acm: add device id for GW Instek AFG-125
Add device-id entry for GW Instek AFG-125, which has a byte swapped
bInterfaceSubClass (0x20).

Signed-off-by: Nathaniel Quillin <ndq@google.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-12-05 16:32:51 +01:00
Ladislav Michl
1aba579f3c cdc-acm: handle read pipe errors
Read urbs are submitted back only on success, causing read pipe
running out of urbs after few errors. No more characters can
be read from tty device then until it is reopened and no errors
are reported.
Fix that by always submitting urbs back and clearing stall on
-EPIPE.

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-21 11:36:16 +01:00
Ladislav Michl
d305394ee8 cdc-acm: remove is_int_ep from acm structure
is_int_ep is used only in acm_probe, no need to store it in device data.

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-21 11:36:15 +01:00
Ladislav Michl
74bccc9b71 cdc-acm: store in and out pipes in acm structure
Clearing stall needs pipe descriptor, store it in acm structure.

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-21 11:36:15 +01:00
Ladislav Michl
ba8c931ded cdc-acm: refactor killing urbs
Move urb killing code into separate function and use it
instead of copying that code pattern over.

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-21 11:36:15 +01:00
Ladislav Michl
e46146069b cdc-acm: avoid interface_to_usbdev call
Pointer to usb_device is already stored in acm structure.

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-21 11:36:15 +01:00
Ladislav Michl
90744af8b0 cdc-acm: reindent log messages
Use only one tab to indent dev_{(v)dbg,err} parameters.

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-21 11:36:15 +01:00
Greg Kroah-Hartman
8a0a8e1c42 Merge 4.9-rc5 into usb-next
We want/need the USB fixes in here as well, for testing and merge
issues.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-14 08:11:29 +01:00
Johan Hovold
bb2d387c4d USB: cdc-acm: use get_icount tty operation
Use the tty get_icount operation instead of implementing TIOCGICOUNT
directly.

Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-10 13:16:57 +01:00
Johan Hovold
04cbf3832b USB: cdc-acm: fix invalid user-pointer check
Drop invalid user-pointer check from TIOCGSERIAL handler.

A NULL-pointer can be valid in user space and copy_to_user() takes care
of sanity checking.

Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-10 13:16:57 +01:00
Johan Hovold
18266403f3 USB: cdc-acm: fix TIOCMIWAIT
The TIOCMIWAIT implementation would return -EINVAL if any of the three
supported signals were included in the mask.

Instead of returning an error in case TIOCM_CTS is included, simply
drop the mask check completely, which is in accordance with how other
drivers implement this ioctl.

Fixes: 5a6a62bdb9 ("cdc-acm: add TIOCMIWAIT")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-10 13:12:59 +01:00
Oliver Neukum
7309aa847e cdc-acm: fix uninitialized variable
variable struct usb_cdc_parsed_header h may be used
uninitialized in acm_probe.

In kernel 4.8.

    /* handle quirks deadly to normal probing*/
    if (quirks == NO_UNION_NORMAL)

        ...

        goto skip_normal_probe;
    }

we bypass call to

    cdc_parse_cdc_header(&h, intf, buffer, buflen);

but later use h in

    if (h.usb_cdc_country_functional_desc) { /* export the country data */

Signed-off-by: Oliver Neukum <oneukum@suse.com>
CC: stable@vger.kernel.org
Reported-by: Victor Sologoubov <victor0@rambler.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-07 10:15:22 +01:00
Dave Penkler
88aecde40b usbtmc: Add, clarify and fix comments
Add information regarding lifespan of kref protection:
   Clarify comment on kref_get for interrupt in urb in usbtmc_probe()
   Add comment on kref_get in usbtmc_open()

Fix endpoint reference in documentation for send_request_dev_dep_msg_in()

Signed-off-by: Dave Penkler <dpenkler@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-10-24 14:36:25 +02:00
Greg Kroah-Hartman
ab21b63e8a Revert "usbtmc: convert to devm_kzalloc"
This reverts commit e6c7efdcb7.

Turns out it was totally wrong.  The memory is supposed to be bound to
the kref, as the original code was doing correctly, not the
device/driver binding as the devm_kzalloc() would cause.

This fixes an oops when read would be called after the device was
unbound from the driver.

Reported-by: Ladislav Michl <ladis@linux-mips.org>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable <stable@vger.kernel.org>  # 3.12+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-28 11:51:30 +02:00
Oliver Neukum
2ad9d544f2 cdc-acm: hardening against malicious devices
This should fix the last holes against malicious devices
still open in cdc-acm. It cannot go into stable due to
the introduction of the common parser.
The fix for stable already merged also covers the problems this patch
fixes.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-21 09:48:27 +02:00
Oliver Neukum
efbe27b3cf cdc-acm: cleaning up debug in data submission path
Further cleanup making the debug messages more precise, useful
and removing mere trace points.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-13 17:24:24 +02:00
Oliver Neukum
46e75075ba cdc-acm: cleanup debugging in submission path
Actually make it retutn useful information.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-13 17:24:24 +02:00
Oliver Neukum
ab57f86198 cdc-acm: delete obsolete debug messages
Some debug messages merely provide a function trace without
additional debug data. They predate ftrace and can be replaced
by it. Drop them without replacement.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-09 14:13:24 +02:00
Oliver Neukum
ce8bb344df cdc-wdm: add terminating newline
Debug messages should be properly terminated.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-09-09 14:13:24 +02:00
Wolfram Sang
f6b6f8a09f usb: class: usbtmc: don't print on ENOMEM
All kmalloc-based functions print enough information on failures.

Signed-off-by: Wolfram Sang <wsa-dev@sang-engineering.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-30 19:17:36 +02:00
Greg Kroah-Hartman
1aaaa9acae Merge 4.8-rc3 into usb-next
We want the USB fixes in here as well.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-21 21:33:17 -04:00
Gavin Li
add125054b cdc-acm: fix wrong pipe type on rx interrupt xfers
This fixes the "BOGUS urb xfer" warning logged by usb_submit_urb().

Signed-off-by: Gavin Li <git@thegavinli.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-15 16:30:56 +02:00
Oliver Neukum
13a88bf5e0 cdc-wdm: cleanup debug messages
Dynamic debugging will already add the function (and the line number)
to a debug message if one requests that. It makes no sense to add
them unconditionally in a driver.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-15 16:25:58 +02:00
Wolfram Sang
c3014d33f5 usb: class: usbtmc: don't print error when allocating urb fails
kmalloc will print enough information in case of failure.

Signed-off-by: Wolfram Sang <wsa-dev@sang-engineering.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-15 15:54:25 +02:00
Robert Foss
c1da59dad0 cdc-wdm: Clear read pipeline in case of error
Implemented queued response handling. This queue is processed every time the
WDM_READ flag is cleared.

In case of a read error, userspace may not actually read the data, since the
driver returns an error through wdm_poll. After this, the underlying device may
attempt to send us more data, but the queue is not processed. While userspace is
also blocked, because the read error is never cleared.

After this patch, we proactively process the queue on a read error. If there was
an outstanding response to handle, that will clear the error (or go through the
same logic again, if another read error occurs). If there was no outstanding
response, this will bring the queue size back to 0, unblocking a future response
from the underlying device.

Signed-off-by: Robert Foss <robert.foss@collabora.com>
Tested-by: Robert Foss <robert.foss@collabora.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-10 10:15:30 +02:00
Bjørn Mork
833415a3e7 cdc-wdm: fix "out-of-sync" due to missing notifications
The driver enforces a strict one-to-one relationship between the
received RESPONSE_AVAILABLE notifications and messages read from
the device. At the same time, it will cancel the interrupt URB
when there is no client holding the character device open.

Many devices do not cope well with this behaviour.  They maintain
a FIFO queue of messages, and send notifications on a best effort
basis.  Messages are queued regardless of whether the notification
is successful or not. So if the driver loses a single notification,
which can easily happen when the interrupt URB is cancelled, then
the device and driver becomes out-of-sync. New messages end up
at the end of the queue, while the associated notification makes
the driver read only the first message from the queue.

This state is permanent from a user point of view. There is no
no way to flush the device queue without resetting the device or
using another driver.

The problem is easy to hit with current QMI and MBIM command line
tools, which typically close the character device after seeing
the reply they expect. Any pending unsolicited messages from the
device will then trigger the driver bug.

Fix by always reading all queued messages from the device when
the notification URB is first submitted.  This is expected to
end with an -EPIPE status when there are no more pending
messages, so demote the printk associated with -EPIPE to debug
level.

The workaround has been tested on a large number of different MBIM
and QMI devices, as well as the Ericsson F5521gw and H5321gw modems
with real Device Management functions.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-08-09 15:50:17 +02:00
Oliver Neukum
cb42b63d89 cdc-acm: beautify probe()
This removes some overly long lines by renaming variables and giving
them local scope.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-07-18 08:46:57 -07:00
Oliver Neukum
7fae7bfb9a cdc-wdm: use the common CDC parser
Now that the common parser resides in USB core, it can
be used for CDC-WDM.

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-07-18 08:46:57 -07:00
Oliver Neukum
6dd3587f51 cdc-acm: cleanup error handling
A small update to unify error handling during probe().

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-07-18 08:46:57 -07:00
Oliver Neukum
eccf2a4e6b cdc-acm: use the common parser
This introduces the common parser for extra CDC headers now that it no longer
depends on usbnet.

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-07-18 08:46:57 -07:00
Sandhya Bankar
a092a16b14 usb: cdc-acm: Space prohibited before close parenthesis ')'.
Space prohibited before close parenthesis ')'.

Signed-off-by: Sandhya Bankar <bankarsandhya512@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-06-07 22:18:39 -07:00
Peter Hurley
d41861ca19 tty: Replace ASYNC_INITIALIZED bit and update atomically
Replace ASYNC_INITIALIZED bit in the tty_port::flags field with
TTY_PORT_INITIALIZED bit in the tty_port::iflags field. Introduce helpers
tty_port_set_initialized() and tty_port_initialized() to abstract
atomic bit ops.

Note: the transforms for test_and_set_bit() and test_and_clear_bit()
are unnecessary as the state transitions are already mutually exclusive;
the tty lock prevents concurrent open/close/hangup.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-04-30 09:26:55 -07:00
Oliver Neukum
2a14759a03 cdc-acm: fix crash if flushed with nothing buffered
Under some circumstances acm_tty_flush_chars() is called
with no buffer to flush. We simply need to do nothing.

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
Reported-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-04-13 11:53:07 -07:00
Oliver Neukum
8835ba4a39 USB: cdc-acm: more sanity checking
An attack has become available which pretends to be a quirky
device circumventing normal sanity checks and crashes the kernel
by an insufficient number of interfaces. This patch adds a check
to the code path for quirky devices.

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
CC: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-03-18 09:19:02 -07:00