From a66639ab286250fe66b960c34ac91d0b2ee58a79 Mon Sep 17 00:00:00 2001 From: Thomas Viehmann Date: Wed, 25 Jul 2007 10:21:21 +0200 Subject: [PATCH] usb-serial: fix oti6858.c segfault in termios handling The oti6858 usb serial driver should use kernel_termios_to_user_termios/ user_termios_to_kernel_termios to avoid segfaults because the kernel uses a structure differing from that of user space with a different size. Signed-off-by: Thomas Viehmann CC: stable Signed-off-by: Greg Kroah-Hartman --- drivers/usb/serial/oti6858.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/usb/serial/oti6858.c b/drivers/usb/serial/oti6858.c index d7db71e..833ada4 100644 --- a/drivers/usb/serial/oti6858.c +++ b/drivers/usb/serial/oti6858.c @@ -818,19 +818,17 @@ static int oti6858_ioctl(struct usb_serial_port *port, struct file *file, switch (cmd) { case TCGETS: - if (copy_to_user(user_arg, port->tty->termios, - sizeof(struct ktermios))) { + if (kernel_termios_to_user_termios((struct ktermios __user *)arg, + port->tty->termios)) return -EFAULT; - } return 0; case TCSETS: case TCSETSW: /* FIXME: this is not the same! */ case TCSETSF: /* FIXME: this is not the same! */ - if (copy_from_user(port->tty->termios, user_arg, - sizeof(struct ktermios))) { + if (user_termios_to_kernel_termios(port->tty->termios, + (struct ktermios __user *)arg)) return -EFAULT; - } oti6858_set_termios(port, NULL); return 0; -- 2.7.4