Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp1449879pxb;
        Thu, 14 Apr 2022 06:33:12 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz9tKoHI6lr/mu7HHktfmeGMcTgVIiH8IcdMvLQZEujQaWjdhXBIrjtNgbataDsDnVNG9zL
X-Received: by 2002:a9d:7d96:0:b0:5cd:ae1e:3043 with SMTP id j22-20020a9d7d96000000b005cdae1e3043mr933710otn.284.1649943191980;
        Thu, 14 Apr 2022 06:33:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649943191; cv=none;
        d=google.com; s=arc-20160816;
        b=mp1nNNTB0mKxo9IWxnzLB0opEMqsTC5bm9TOo7p5Oe/AIFCW5KsJgoAkjtNsJ4TZcx
         /LEwMkRlAY+X1yI5sxdvRLMIaG7jJrZaxYVeiB8CoF0le37lTU2oZ7KnKhrG+bwQ5h8V
         G4PAsdaScMeFmNc9TwFhFgKKP4Ya5x0q0SEp6k6M6xSZXQEq1ziCHAuKeAlvdDTOm9y1
         21bvoPYaDISqjxNVDGknDmXg5jpNdc5ig23u3jTar0eH57ojut1r2Uz3MgT9vSawMtfP
         m0pOo1KePQJhKe5flSPYPWi+o0mRKMUKWnszJilrVyqgsKgEmkfq+LDri5HzXLuPEwZv
         C6lQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:feedback-id:content-transfer-encoding
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=E2kKLS8GAqSiKmByiMNtnOdHF+DKznLVuFly18vV66E=;
        b=Ea2hWwxZWz0vcJjygCTIa6E0IEZktwQPS4vnhCLPHtpGbj2jkwF2hhom5vJRJplol+
         BqnisK2Li1CUZ94Uh1qjtx0NOlDDojpD/jHsoAlJkVWf2g5lDJz573HlFwQqIUbMVuSp
         wSBkSu6hSJgBtnDAN52V81tWG5bKSvE1vqVFEM4tgPEVL/GxY51xT6Zfc74KTfofXi9h
         zHo8Y/pWXOxqqesY/0kyYUfItlyCKk9xw8r1ANgr2a6hNMNKxtzVsxmwf80UPrPzd3yw
         3hkeABzdhT0h7eH2LmpeQzdWJHhU+1OgaxM788WByQete4jnYX9jyCG/YFyEr/cQ+RUs
         GkuA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm1 header.b=Lce7cR9J;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id o17-20020a056870969100b000e3116a7cabsi2132280oaq.99.2022.04.14.06.32.58;
        Thu, 14 Apr 2022 06:33:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm1 header.b=Lce7cR9J;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235810AbiDNJrE (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Thu, 14 Apr 2022 05:47:04 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40836 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241916AbiDNJqT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 14 Apr 2022 05:46:19 -0400
X-Greylist: delayed 61 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Thu, 14 Apr 2022 02:43:54 PDT
Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net [185.136.64.225])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3ED576E545
        for <linux-kernel@vger.kernel.org>; Thu, 14 Apr 2022 02:43:53 -0700 (PDT)
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 202204140942444b5251dd4bae0e5f85
        for <linux-kernel@vger.kernel.org>;
        Thu, 14 Apr 2022 11:42:50 +0200
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=daniel.starke@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=E2kKLS8GAqSiKmByiMNtnOdHF+DKznLVuFly18vV66E=;
 b=Lce7cR9J8iUMbPujFITx6yqHBjcQuhmRgD1nb6f5DEcqcMrrhRrxwRNLaQhcmDCd+mD/Co
 /zhSiKH80FygpTw+DRXT1PEi5myPXyfdxJ2gF+a80ji9q9m5ZdUCeTmOFGcAACiNG8594fHL
 iN3/yQ+LyD89rQILExEF7HV/ZDCqs=;
From:   "D. Starke" <daniel.starke@siemens.com>
To:     linux-serial@vger.kernel.org, gregkh@linuxfoundation.org,
        jirislaby@kernel.org
Cc:     linux-kernel@vger.kernel.org,
        Daniel Starke <daniel.starke@siemens.com>
Subject: [PATCH 08/20] tty: n_gsm: fix insufficient txframe size
Date:   Thu, 14 Apr 2022 02:42:13 -0700
Message-Id: <20220414094225.4527-8-daniel.starke@siemens.com>
In-Reply-To: <20220414094225.4527-1-daniel.starke@siemens.com>
References: <20220414094225.4527-1-daniel.starke@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-314044:519-21489:flowmailer
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H5,
        RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Daniel Starke <daniel.starke@siemens.com>

n_gsm is based on the 3GPP 07.010 and its newer version is the 3GPP 27.010.
See https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1516
The changes from 07.010 to 27.010 are non-functional. Therefore, I refer to
the newer 27.010 here. Chapter 5.7.2 states that the maximum frame size
(N1) refers to the length of the information field (i.e. user payload).
However, 'txframe' stores the whole frame including frame header, checksum
and start/end flags. We also need to consider the byte stuffing overhead.
Define constant for the protocol overhead and adjust the 'txframe' size
calculation accordingly to reserve enough space for a complete mux frame
including byte stuffing for advanced option mode. Note that no byte
stuffing is applied to the start and end flag.
Also use MAX_MTU instead of MAX_MRU as this buffer is used for data
transmission.

Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Starke <daniel.starke@siemens.com>
---
 drivers/tty/n_gsm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 2e3da8a4697e..cc90b03ce005 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -73,6 +73,8 @@ module_param(debug, int, 0600);
  */
 #define MAX_MRU 1500
 #define MAX_MTU 1500
+/* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
+#define PROT_OVERHEAD 7
 #define	GSM_NET_TX_TIMEOUT (HZ*10)
 
 /*
@@ -2264,7 +2266,7 @@ static struct gsm_mux *gsm_alloc_mux(void)
 		kfree(gsm);
 		return NULL;
 	}
-	gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL);
+	gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
 	if (gsm->txframe == NULL) {
 		kfree(gsm->buf);
 		kfree(gsm);
-- 
2.25.1