Stable Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] USB: serial: opticon: fix control-message timeouts
@ 2020-01-13 17:22 Johan Hovold
  2020-01-13 18:25 ` Greg KH
  0 siblings, 1 reply; 3+ messages in thread
From: Johan Hovold @ 2020-01-13 17:22 UTC (permalink / raw)
  To: Johan Hovold; +Cc: linux-usb, linux-kernel, stable, Martin Jansen

The driver was issuing synchronous uninterruptible control requests
without using a timeout. This could lead to the driver hanging
on open() or tiocmset() due to a malfunctioning (or malicious) device
until the device is physically disconnected.

The USB upper limit of five seconds per request should be more than
enough.

Fixes: 309a057932ab ("USB: opticon: add rts and cts support")
Cc: stable <stable@vger.kernel.org>     # 2.6.39
Cc: Martin Jansen <martin.jansen@opticon.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
---

This was reported to me off-list to be an issue with some opticon
devices. Let's address the obvious bug while waiting for a bug report
to be sent to the list.

Johan


 drivers/usb/serial/opticon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/serial/opticon.c b/drivers/usb/serial/opticon.c
index cb7aac9cd9e7..ed2b4e6dca38 100644
--- a/drivers/usb/serial/opticon.c
+++ b/drivers/usb/serial/opticon.c
@@ -113,7 +113,7 @@ static int send_control_msg(struct usb_serial_port *port, u8 requesttype,
 	retval = usb_control_msg(serial->dev, usb_sndctrlpipe(serial->dev, 0),
 				requesttype,
 				USB_DIR_OUT|USB_TYPE_VENDOR|USB_RECIP_INTERFACE,
-				0, 0, buffer, 1, 0);
+				0, 0, buffer, 1, USB_CTRL_SET_TIMEOUT);
 	kfree(buffer);
 
 	if (retval < 0)
-- 
2.24.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] USB: serial: opticon: fix control-message timeouts
  2020-01-13 17:22 [PATCH] USB: serial: opticon: fix control-message timeouts Johan Hovold
@ 2020-01-13 18:25 ` Greg KH
  2020-01-14 11:07   ` Johan Hovold
  0 siblings, 1 reply; 3+ messages in thread
From: Greg KH @ 2020-01-13 18:25 UTC (permalink / raw)
  To: Johan Hovold; +Cc: linux-usb, linux-kernel, stable, Martin Jansen

On Mon, Jan 13, 2020 at 06:22:13PM +0100, Johan Hovold wrote:
> The driver was issuing synchronous uninterruptible control requests
> without using a timeout. This could lead to the driver hanging
> on open() or tiocmset() due to a malfunctioning (or malicious) device
> until the device is physically disconnected.
> 
> The USB upper limit of five seconds per request should be more than
> enough.
> 
> Fixes: 309a057932ab ("USB: opticon: add rts and cts support")
> Cc: stable <stable@vger.kernel.org>     # 2.6.39
> Cc: Martin Jansen <martin.jansen@opticon.com>
> Signed-off-by: Johan Hovold <johan@kernel.org>

Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] USB: serial: opticon: fix control-message timeouts
  2020-01-13 18:25 ` Greg KH
@ 2020-01-14 11:07   ` Johan Hovold
  0 siblings, 0 replies; 3+ messages in thread
From: Johan Hovold @ 2020-01-14 11:07 UTC (permalink / raw)
  To: Greg KH; +Cc: Johan Hovold, linux-usb, linux-kernel, stable, Martin Jansen

On Mon, Jan 13, 2020 at 07:25:46PM +0100, Greg Kroah-Hartman wrote:
> On Mon, Jan 13, 2020 at 06:22:13PM +0100, Johan Hovold wrote:
> > The driver was issuing synchronous uninterruptible control requests
> > without using a timeout. This could lead to the driver hanging
> > on open() or tiocmset() due to a malfunctioning (or malicious) device
> > until the device is physically disconnected.
> > 
> > The USB upper limit of five seconds per request should be more than
> > enough.
> > 
> > Fixes: 309a057932ab ("USB: opticon: add rts and cts support")
> > Cc: stable <stable@vger.kernel.org>     # 2.6.39
> > Cc: Martin Jansen <martin.jansen@opticon.com>
> > Signed-off-by: Johan Hovold <johan@kernel.org>
> 
> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Thanks for reviewing these. This one; now applied.

Johan

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-13 17:22 [PATCH] USB: serial: opticon: fix control-message timeouts Johan Hovold
2020-01-13 18:25 ` Greg KH
2020-01-14 11:07   ` Johan Hovold

Stable Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ https://lore.kernel.org/stable \
		stable@vger.kernel.org
	public-inbox-index stable

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.stable


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git