From: Thomas Viehmann <tv@beamnet.de>

The oti6858 usb serial driver should use kernel_termios_to_user_termios/
user_termios_to_kernel_termios to avoid segfaults because the kernel uses a
structure differing from that of user space with a different size.

Signed-off-by: Thomas Viehmann <tv@beamnet.de>
Cc: Greg KH <greg@kroah.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 drivers/usb/serial/oti6858.c |   11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff -puN drivers/usb/serial/oti6858.c~usb-serial-fix-oti6858c-segfault-in-termios-handling drivers/usb/serial/oti6858.c
--- a/drivers/usb/serial/oti6858.c~usb-serial-fix-oti6858c-segfault-in-termios-handling
+++ a/drivers/usb/serial/oti6858.c
@@ -818,19 +818,18 @@ static int oti6858_ioctl(struct usb_seri
 
 	switch (cmd) {
 		case TCGETS:
-			if (copy_to_user(user_arg, port->tty->termios,
-						sizeof(struct ktermios))) {
+			if (kernel_termios_to_user_termios(
+					(struct ktermios __user *)arg,
+					port->tty->termios))
 				return -EFAULT;
-			}
 			return 0;
 
 		case TCSETS:
 		case TCSETSW:	/* FIXME: this is not the same! */
 		case TCSETSF:	/* FIXME: this is not the same! */
-			if (copy_from_user(port->tty->termios, user_arg,
-						sizeof(struct ktermios))) {
+			if (user_termios_to_kernel_termios(port->tty->termios,
+					(struct ktermios __user *)arg))
 				return -EFAULT;
-			}
 			oti6858_set_termios(port, NULL);
 			return 0;
 
_