Re: [PATCH 2.6.13-rc3-git9] pl2303: pl2303_update_line_status data length fix

On Mon, 08 Aug 2005, Greg KH wrote:
> On Thu, Jul 28, 2005 at 03:32:20PM +0200, Horst Schirmeier wrote:
> > Minimum data length must be UART_STATE + 1, as data[UART_STATE] is being
> > accessed for the new line_state. Although PL-2303 hardware is not
> > expected to send data with exactly UART_STATE length, this keeps it on
> > the safe side.
> > 
> > Signed-off-by: Horst Schirmeier <[email protected]>
> > ---
> > 
> > --- linux-2.6.13-rc3-git9/drivers/usb/serial/pl2303.c.orig	2005-07-28 14:42:58.000000000 +0200
> > +++ linux-2.6.13-rc3-git9/drivers/usb/serial/pl2303.c	2005-07-28 14:43:16.000000000 +0200
> > @@ -826,7 +826,7 @@ static void pl2303_update_line_status(st
> >  	struct pl2303_private *priv = usb_get_serial_port_data(port);
> >  	unsigned long flags;
> >  	u8 status_idx = UART_STATE;
> > -	u8 length = UART_STATE;
> > +	u8 length = UART_STATE + 1;
> 
> "safe side" yes, but this will just prevent any line changes from going
> back to the user, right?

IMHO not, no. The PL-2303 interrupt IN endpoint has a 10 bytes FIFO and
(as far as I've observed from the type_1 model) always sends packets
with exactly this size. The UART_STATE is located at offset 0x08,
therefore the minimum packet length we need is 0x09 (UART_STATE + 1).

Here are the two different byte sequences from that endpoint I picked
up; the first with a terminal on the serial end, the second without one
(both times using the patched pl2303 module with debug=1):

a1 20 00 00 00 00 02 00 00 00
a1 20 00 00 00 00 02 00 82 00

Note the UART_STATE byte with the DSR and CTS bits set in the second
case.

> Hm, how is this working at all, it looks like we overflow the buffer...

In the unlikely case that some weird hardware sends a packet with
exactly UART_STATE (8) bytes length, yes, we do. Normal PL-2303 hardware
_should_ cause no trouble, as it always sends 10 bytes (at least my
hardware does), therefore my side note "this keeps it on the safe side".

> Have you tested this change?

Yes, I have.

> thanks,
> 
> greg k-h

Kind regards,
 Horst

-- 
PGP-Key 0xD40E0E7A

Attachment: signature.asc
Description: Digital signature

---

• References:
  • [PATCH 2.6.13-rc3-git9] pl2303: pl2303_update_line_status data length fix
    • From: Horst Schirmeier <[email protected]>
  • Re: [PATCH 2.6.13-rc3-git9] pl2303: pl2303_update_line_status data length fix
    • From: Greg KH <[email protected]>

• Prev by Date: Re: Linux-2.6.13-rc6: aic7xxx testers please..-deadlock
• Next by Date: Re: Wireless support
• Previous by thread: Re: [PATCH 2.6.13-rc3-git9] pl2303: pl2303_update_line_status data length fix
• Next by thread: [ANNOUNCE] sdparm 0.94
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]