2011-03-27 00:05:14

by Mikhail Kshevetskiy

[permalink] [raw]
Subject: [PATCH] tty/n_gsm: fix bug in CRC calculation for gsm1 mode

Problem description:
gsm_queue() calculate a CRC for arrived frames. As a last step of
CRC calculation it call

gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);

This work perfectly for the case of GSM0 mode as gsm->received_fcs
contain the last piece of data required to generate final CRC.

gsm->received_fcs is not used for GSM1 mode. Thus we put an
additional byte to CRC calculation. As result we get a wrong CRC
and reject incoming frame.

Signed-off-by: Mikhail Kshevetskiy <[email protected]>
---
drivers/tty/n_gsm.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 176f632..4806276 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1658,8 +1658,12 @@ static void gsm_queue(struct gsm_mux *gsm)

if ((gsm->control & ~PF) == UI)
gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
- /* generate final CRC with received FCS */
- gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
+ if (gsm->encoding == 0){
+ /* WARNING: gsm->received_fcs is used for gsm->encoding = 0 only.
+ In this case it contain the last piece of data
+ required to generate final CRC */
+ gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
+ }
if (gsm->fcs != GOOD_FCS) {
gsm->bad_fcs++;
if (debug & 4)
--
1.7.4.1


2011-03-27 13:32:54

by Alan

[permalink] [raw]
Subject: Re: [PATCH] tty/n_gsm: fix bug in CRC calculation for gsm1 mode

> gsm->received_fcs is not used for GSM1 mode. Thus we put an
> additional byte to CRC calculation. As result we get a wrong CRC
> and reject incoming frame.

That much is true except that it was originally tested with gsm encoding
1 on various modems for a while and not seen the problem. So I am trying
to work out why or whether some of the GSM0 patches broke GSM1 somewhere.

What hardware was it tested on ?

It looks right - probably the code wants pushing into
gsm0_receive/gsm1_receive appropriately so no special cases leak into
gsm_queue.



>
> Signed-off-by: Mikhail Kshevetskiy <[email protected]>
> ---
> drivers/tty/n_gsm.c | 8 ++++++--
> 1 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
> index 176f632..4806276 100644
> --- a/drivers/tty/n_gsm.c
> +++ b/drivers/tty/n_gsm.c
> @@ -1658,8 +1658,12 @@ static void gsm_queue(struct gsm_mux *gsm)
>
> if ((gsm->control & ~PF) == UI)
> gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
> - /* generate final CRC with received FCS */
> - gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
> + if (gsm->encoding == 0){
> + /* WARNING: gsm->received_fcs is used for gsm->encoding = 0 only.
> + In this case it contain the last piece of data
> + required to generate final CRC */
> + gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
> + }
> if (gsm->fcs != GOOD_FCS) {
> gsm->bad_fcs++;
> if (debug & 4)


--
--
"Alan, I'm getting a bit worried about you."
-- Linus Torvalds

2011-03-27 17:33:10

by Mikhail Kshevetskiy

[permalink] [raw]
Subject: Re: [PATCH] tty/n_gsm: fix bug in CRC calculation for gsm1 mode

On Sun, 27 Mar 2011 14:30:24 +0100
Alan Cox <[email protected]> wrote:

> > gsm->received_fcs is not used for GSM1 mode. Thus we put an
> > additional byte to CRC calculation. As result we get a wrong CRC
> > and reject incoming frame.
>
> That much is true except that it was originally tested with gsm encoding
> 1 on various modems for a while and not seen the problem. So I am trying
> to work out why or whether some of the GSM0 patches broke GSM1 somewhere.

as i can see, it's your commit c2f2f0000bb69f067fea12624272e6a58a811702.

Why we need received_fcs variable? We can completely drop it and calculate
fsc in gsm0_receive() and gsm1_receive(). gsm_queue() in this case will
contain only fsc checking code.

> What hardware was it tested on ?

Enfora, Inc. Enabler-III G Modem

> It looks right - probably the code wants pushing into
> gsm0_receive/gsm1_receive appropriately so no special cases leak into
> gsm_queue.

It's possible, see my comment about received_fcs variable above

>
>
> >
> > Signed-off-by: Mikhail Kshevetskiy <[email protected]>
> > ---
> > drivers/tty/n_gsm.c | 8 ++++++--
> > 1 files changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
> > index 176f632..4806276 100644
> > --- a/drivers/tty/n_gsm.c
> > +++ b/drivers/tty/n_gsm.c
> > @@ -1658,8 +1658,12 @@ static void gsm_queue(struct gsm_mux *gsm)
> >
> > if ((gsm->control & ~PF) == UI)
> > gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
> > - /* generate final CRC with received FCS */
> > - gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
> > + if (gsm->encoding == 0){
> > + /* WARNING: gsm->received_fcs is used for gsm->encoding = 0 only.
> > + In this case it contain the last piece of data
> > + required to generate final CRC */
> > + gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
> > + }
> > if (gsm->fcs != GOOD_FCS) {
> > gsm->bad_fcs++;
> > if (debug & 4)
>
>
> --
> --
> "Alan, I'm getting a bit worried about you."
> -- Linus Torvalds

2011-03-31 12:11:23

by Alan

[permalink] [raw]
Subject: Re: [PATCH] tty/n_gsm: fix bug in CRC calculation for gsm1 mode

On Sun, 27 Mar 2011 04:05:00 +0400
Mikhail Kshevetskiy <[email protected]> wrote:

> Problem description:
> gsm_queue() calculate a CRC for arrived frames. As a last step of
> CRC calculation it call
>
> gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
>
> This work perfectly for the case of GSM0 mode as gsm->received_fcs
> contain the last piece of data required to generate final CRC.
>
> gsm->received_fcs is not used for GSM1 mode. Thus we put an
> additional byte to CRC calculation. As result we get a wrong CRC
> and reject incoming frame.
>
> Signed-off-by: Mikhail Kshevetskiy <[email protected]>

Acked-by: Alan Cox <[email protected]>

(This wants cleaning up better as Mikhael also says but this patch is
clear and unlike a big clean up a better base point for a stable fix and
can be reworked further)