Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp3111961pxm; Mon, 28 Feb 2022 12:15:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJxl+i7PcFAyf1MIiFoTx1E+ld2okJp+VSm8OBtxhROPKFyWitlmr99zP0rbjYjcN54SgZHK X-Received: by 2002:a62:75d2:0:b0:4f1:a27:4466 with SMTP id q201-20020a6275d2000000b004f10a274466mr23695978pfc.47.1646079324745; Mon, 28 Feb 2022 12:15:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646079324; cv=none; d=google.com; s=arc-20160816; b=KivkdkV0nFKJfpi6AAYkE80zg79893mg8f+SOvBARX0Q2vJgScO9+eVV96JB1D6jSU 7rryLEuFN6/a76dZmnyvsnNZdI4MW97jNgkeY2oG3EPlS2jfr7MCly+7/tOYgiQrCq2z hR6BrvJLrsFbxMbNJe20o/fZjq8AsWit0I/1zqriCe37ajvuoNQgJUCUvWIPRqv29uIe NjItByG88wQ9kTkovBohz9VWB1nq6yTmVc6zlqzRy+GC8tg7j/YMBIP/c2L7ow658Cxb L3ji4gZqUaCrcpg2ogLcs+7BBE3W9jrqGLykRlosqmtmOO6yWKB05F8LtkXZXYNx4Of1 6hLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=fWSYSwU8lHN5K1wTTpATxiCHypEouomHD1NyHfptDX8=; b=M6GNOCgHPS+MtxcXiO1TuuehNdYA47Nvuhh6HOXkjA+cD1Ax7e+9Q1BoMttSJZKWEH AgGn8KCSwpWFXcJaSAW7jtzdiuEFQrbTQRGIJfoth9R7DdQfl+wgKtycNUi1DGLDHwON tK75FBr587e/uwXEdGXd98RiSP/EaeTX9GITxHANcPtHfp6hBFJP4af9DjZX8snEEui7 jGwJeGXhe3fyPYsQ7/TTpIvj04LrznazvkTlc/0YCtm6WVw03b0hzvGDwAaetG89uFLV j0BSPOswmr6IX8/eRCxSywLa1Ck8RnXaOfdASU0i5pkT0uV0UzqgFDW8WVFRqmDl/ftQ Hxkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=qUq5dNAC; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id g28-20020a63565c000000b0036c2db3654asi10294918pgm.720.2022.02.28.12.15.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Feb 2022 12:15:24 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=qUq5dNAC; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B487716EAB0; Mon, 28 Feb 2022 11:37:16 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239669AbiB1R6i (ORCPT + 99 others); Mon, 28 Feb 2022 12:58:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51158 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240573AbiB1RyY (ORCPT ); Mon, 28 Feb 2022 12:54:24 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA10D98587; Mon, 28 Feb 2022 09:42:31 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id F398EB815B4; Mon, 28 Feb 2022 17:42:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 563C0C340E7; Mon, 28 Feb 2022 17:42:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1646070148; bh=feNSroQfbv/1PQwanrzmB3kCqc3gNCv6CqxUvZfeVls=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qUq5dNAC5FBUC/WYKkBg1tyqNY9+R8JwKiFbGzdk+4HT7B0i2G5s3pvEdyY/b98Pm EYldfhangWKD8MwxiRnc3skqpKv8vu3kuXztLpmTd/taYY87pKH16VWoOpvTUgHGR7 ccrWJ1sG4rWwVumkaC28m7FFyK0sa0b2JLqK2nog= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Starke Subject: [PATCH 5.15 132/139] tty: n_gsm: fix wrong modem processing in convergence layer type 2 Date: Mon, 28 Feb 2022 18:25:06 +0100 Message-Id: <20220228172401.550558260@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220228172347.614588246@linuxfoundation.org> References: <20220228172347.614588246@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: daniel.starke@siemens.com commit 687f9ad43c52501f46164758e908a5dd181a87fc upstream. The function gsm_process_modem() exists to handle modem status bits of incoming frames. This includes incoming MSC (modem status command) frames and convergence layer type 2 data frames. The function, however, was only designed to handle MSC frames as it expects the command length. Within gsm_dlci_data() it is wrongly assumed that this is the same as the data frame length. This is only true if the data frame contains only 1 byte of payload. This patch names the length parameter of gsm_process_modem() in a generic manner to reflect its association. It also corrects all calls to the function to handle the variable number of modem status octets correctly in both cases. Fixes: 7263287af93d ("tty: n_gsm: Fixed logic to decode break signal from modem status") Cc: stable@vger.kernel.org Signed-off-by: Daniel Starke Link: https://lore.kernel.org/r/20220218073123.2121-6-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman --- drivers/tty/n_gsm.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1009,25 +1009,25 @@ static void gsm_control_reply(struct gsm * @tty: virtual tty bound to the DLCI * @dlci: DLCI to affect * @modem: modem bits (full EA) - * @clen: command length + * @slen: number of signal octets * * Used when a modem control message or line state inline in adaption * layer 2 is processed. Sort out the local modem state and throttles */ static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci, - u32 modem, int clen) + u32 modem, int slen) { int mlines = 0; u8 brk = 0; int fc; - /* The modem status command can either contain one octet (v.24 signals) - or two octets (v.24 signals + break signals). The length field will - either be 2 or 3 respectively. This is specified in section - 5.4.6.3.7 of the 27.010 mux spec. */ + /* The modem status command can either contain one octet (V.24 signals) + * or two octets (V.24 signals + break signals). This is specified in + * section 5.4.6.3.7 of the 07.10 mux spec. + */ - if (clen == 2) + if (slen == 1) modem = modem & 0x7f; else { brk = modem & 0x7f; @@ -1084,6 +1084,7 @@ static void gsm_control_modem(struct gsm unsigned int brk = 0; struct gsm_dlci *dlci; int len = clen; + int slen; const u8 *dp = data; struct tty_struct *tty; @@ -1103,6 +1104,7 @@ static void gsm_control_modem(struct gsm return; dlci = gsm->dlci[addr]; + slen = len; while (gsm_read_ea(&modem, *dp++) == 0) { len--; if (len == 0) @@ -1119,7 +1121,7 @@ static void gsm_control_modem(struct gsm modem |= (brk & 0x7f); } tty = tty_port_tty_get(&dlci->port); - gsm_process_modem(tty, dlci, modem, clen); + gsm_process_modem(tty, dlci, modem, slen); if (tty) { tty_wakeup(tty); tty_kref_put(tty); @@ -1567,6 +1569,7 @@ static void gsm_dlci_data(struct gsm_dlc struct tty_struct *tty; unsigned int modem = 0; int len = clen; + int slen = 0; if (debug & 16) pr_debug("%d bytes for tty\n", len); @@ -1579,12 +1582,14 @@ static void gsm_dlci_data(struct gsm_dlc case 2: /* Asynchronous serial with line state in each frame */ while (gsm_read_ea(&modem, *data++) == 0) { len--; + slen++; if (len == 0) return; } + slen++; tty = tty_port_tty_get(port); if (tty) { - gsm_process_modem(tty, dlci, modem, clen); + gsm_process_modem(tty, dlci, modem, slen); tty_kref_put(tty); } fallthrough;