8065 – bug in Cyclades serial board's get_serial_info( ) function?

Bug 8065 - bug in Cyclades serial board's get_serial_info( ) function?

Summary: bug in Cyclades serial board's get_serial_info( ) function?

Status:	CLOSED CODE_FIX

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Serial (show other bugs)
Hardware:	i386 Linux

Importance:	P2 normal
Assignee:	Russell King

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-02-22 18:45 UTC by Shan
Modified:	2007-03-05 18:53 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	Linux-2.6.20
Subsystem:
Regression:	---
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Shan 2007-02-22 18:45:46 UTC

Distribution:
  Linux-2.6.20

Problem Description:
  get_serial_info function is used to return serial device information to user.
Cycladess serial board's get_serial_info( ) implementation seems to forget to 
assign the `closing_wait' value (parameter for `time to wait before closing')

3487  static int
3488  get_serial_info(struct cyclades_port *info,
3489		struct serial_struct __user * retinfo)
3490  {
...
3496 	memset(&tmp, 0, sizeof(tmp));
3497	tmp.type = info->type;
3498	tmp.line = info->line;
3499	tmp.port = info->card * 0x100 + info->line - cinfo->first_line;
3500	tmp.irq = cinfo->irq;
3501	tmp.flags = info->flags;
3502	tmp.close_delay = info->close_delay;
3503	tmp.baud_base = info->baud;
3504	tmp.custom_divisor = info->custom_divisor;
3505	tmp.hub6 = 0;		/*!!! */
3506	return copy_to_user(retinfo, &tmp, sizeof(*retinfo)) ? -EFAULT : 0;
3507  }

all parameters, except for closing_wait, is returned.
Actually, closing_wait is very likely to be non-zero. Therefore, in most 
cases, what user gets about this type of device's 'time-to-wait-before-
closing' parameter would be wrong.

I have compared this code with set_serial_info in the same file and many other 
serial device's get_serial_info (e.g. moxa_get_serial_info(..) in 
driver/char/moxa.c, get_serial_info in drivers/usb/serial/io_edgeport.c, 
etc.). It seems that the closing_wait is very likely to be forgotten.

Steps to reproduce:
got by source code analysis, no test case yet.

Comment 1 Andrew Morton 2007-02-28 21:37:56 UTC

I merged a patch, thanks.

Comment 2 Shan 2007-03-04 01:47:11 UTC

I just find a similar problem in another device:
drivers/usb/serial/ti_usb_3410_5052.c
1402 static int ti_get_serial_info(struct ti_port *tport,
1403    struct serial_struct __user *ret_arg)
...
1413   	ret_serial.type = PORT_16550A;
1414	ret_serial.line = port->serial->minor;
1415	ret_serial.port = port->number - port->serial->minor;
1416	ret_serial.flags = tport->tp_flags;
1417	ret_serial.xmit_fifo_size = TI_WRITE_BUF_SIZE;
1418	ret_serial.baud_base = tport->tp_tdev->td_is_3410 ? 921600 : 460800;
1419	ret_serial.closing_wait = tport->tp_closing_wait;

I guess closing_delay is similarly missed, isn't it?
Also, should ret_serial.irq be set and returned in this function?

Comment 3 Adrian Bunk 2007-03-05 18:53:05 UTC

Patch was merged into Linus' tree, and will therefore be in 2.6.21.

Note You need to log in before you can comment on or make changes to this bug.