The driver was issuing synchronous uninterruptible control requests without using a timeout. This could lead to the driver hanging on open() or tiocmset() due to a malfunctioning (or malicious) device until the device is physically disconnected.
The USB upper limit of five seconds per request should be more than enough.
Fixes: 309a057932ab ("USB: opticon: add rts and cts support") Cc: stable stable@vger.kernel.org # 2.6.39 Cc: Martin Jansen martin.jansen@opticon.com Signed-off-by: Johan Hovold johan@kernel.org ---
This was reported to me off-list to be an issue with some opticon devices. Let's address the obvious bug while waiting for a bug report to be sent to the list.
Johan
drivers/usb/serial/opticon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/serial/opticon.c b/drivers/usb/serial/opticon.c index cb7aac9cd9e7..ed2b4e6dca38 100644 --- a/drivers/usb/serial/opticon.c +++ b/drivers/usb/serial/opticon.c @@ -113,7 +113,7 @@ static int send_control_msg(struct usb_serial_port *port, u8 requesttype, retval = usb_control_msg(serial->dev, usb_sndctrlpipe(serial->dev, 0), requesttype, USB_DIR_OUT|USB_TYPE_VENDOR|USB_RECIP_INTERFACE, - 0, 0, buffer, 1, 0); + 0, 0, buffer, 1, USB_CTRL_SET_TIMEOUT); kfree(buffer);
if (retval < 0)