USB: serial: ftdi_sio: fix line-status over-reporting
authorJohan Hovold <johan@kernel.org>
Thu, 2 Feb 2017 16:38:35 +0000 (17:38 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 26 Feb 2017 10:07:51 +0000 (11:07 +0100)
commit a6bb1e17a39818b01b55d8e6238b4b5f06d55038 upstream.

FTDI devices use a receive latency timer to periodically empty the
receive buffer and report modem and line status (also when the buffer is
empty).

When a break or error condition is detected the corresponding status
flags will be set on a packet with nonzero data payload and the flags
are not updated until the break is over or further characters are
received.

In order to avoid over-reporting break and error conditions, these flags
must therefore only be processed for packets with payload.

This specifically fixes the case where after an overrun, the error
condition is continuously reported and NULL-characters inserted until
further data is received.

Reported-by: Michael Walle <michael@walle.cc>
Fixes: 72fda3ca6fc1 ("USB: serial: ftd_sio: implement sysrq handling on
break")
Fixes: 166ceb690750 ("USB: ftdi_sio: clean up line-status handling")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/serial/ftdi_sio.c

index 46d5d8cd4c7918ddfee914c9bce9c956f507b34e..19a98116c2ab08c9778c969f591c1152b7e8a71b 100644 (file)
@@ -2070,6 +2070,20 @@ static int ftdi_process_packet(struct usb_serial_port *port,
                priv->prev_status = status;
        }
 
+       /* save if the transmitter is empty or not */
+       if (packet[1] & FTDI_RS_TEMT)
+               priv->transmit_empty = 1;
+       else
+               priv->transmit_empty = 0;
+
+       len -= 2;
+       if (!len)
+               return 0;       /* status only */
+
+       /*
+        * Break and error status must only be processed for packets with
+        * data payload to avoid over-reporting.
+        */
        flag = TTY_NORMAL;
        if (packet[1] & FTDI_RS_ERR_MASK) {
                /* Break takes precedence over parity, which takes precedence
@@ -2092,15 +2106,6 @@ static int ftdi_process_packet(struct usb_serial_port *port,
                }
        }
 
-       /* save if the transmitter is empty or not */
-       if (packet[1] & FTDI_RS_TEMT)
-               priv->transmit_empty = 1;
-       else
-               priv->transmit_empty = 0;
-
-       len -= 2;
-       if (!len)
-               return 0;       /* status only */
        port->icount.rx += len;
        ch = packet + 2;