Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1716006iob; Thu, 5 May 2022 07:03:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzQYVet1iPyB9wESCROky2m7kwf06qIcAeI1I3FlLykYdZLvc7/GVBusAsmNhix4NqXdEIN X-Received: by 2002:a65:6e0d:0:b0:3c6:12af:15b4 with SMTP id bd13-20020a656e0d000000b003c612af15b4mr3126697pgb.338.1651759383618; Thu, 05 May 2022 07:03:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651759383; cv=none; d=google.com; s=arc-20160816; b=LzUgFQBKCQlGVAmCBMCpFtD+IHudT3rZ8mopt5ahZcUFGqBkf85Gb5IHanGcjD81gM 1FAuukh4dVuGC2BftN8m1FS/j9o4GksGQ2XvRC1aGnplRVqQXDezRpRBBZXKWd+mk1Vk uk4SiDfgsQptcrCKV5Mf+6BhctjcZdbmUr6vtVID1nB5pLl+EuiQ7uabINC5Z2wMons2 wzjxS+x8Z/NQ3G+BedtivRJufbMcuA/79MeUIvrYuuxwilGV+jhofZ9xKuoua1SDuj5w 5VH9uAWcmsCSN1uxnwj9hcKdaYCKn8KZsBrf+itEmLWlsVhSbvAasT38uOow7youAGkg CZzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ROyWx5Tnqz0mkOeKc9/e8+/GHl/XeO9mLtCpx8175lc=; b=n0IXE32fnDH2yC+t7JBcKzIF/uIdTnrjQSbs2kDUsIV5ZLv22RFXfGJ6r84j79zSJf LkPLWxodHqfTBRSQlmTZuAopUmYMYx2G7cJsITQlM3DxswBfQRKmjnNOxaZDVk9G+Uqr r68Dk//AvldJ8KloPgCkdOlETR9eV0WP3AT12tFJRIkgB7pmTVr1PpozsqtrXw3i0S0q pGOfP7gFwLUicV1YzW2r11AXyx0AYWYGWDUHn2NOAoke04bK90U/me4+AlPf4+4I7c76 +0/ZtxN86m2pi4J134MvAC3eBmVSLPAOHwqJhrHsC0f2UqDIvyxRuH9KLqOYJhX4hWAW Ol6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=NuTn81Ch; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y17-20020a17090322d100b001569af11990si1998759plg.507.2022.05.05.07.02.45; Thu, 05 May 2022 07:03:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=NuTn81Ch; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358440AbiEDRmT (ORCPT + 99 others); Wed, 4 May 2022 13:42:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38574 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1356509AbiEDRJR (ORCPT ); Wed, 4 May 2022 13:09:17 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C070F5372E; Wed, 4 May 2022 09:55:12 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 687EFB827A3; Wed, 4 May 2022 16:55:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1A3A1C385AF; Wed, 4 May 2022 16:55:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1651683311; bh=NyBwdZm7ykRxzUtmVqHq3ACRJ6KDv4OPUpqmtzgH9OE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NuTn81ChmWQJulGcXgXm7iEv+AWsf8UFlxQfkdZzIOrqGrYzUDhzKeNfdQBZqvqq2 CJzSCzI7+d3Rrdhl3hRM5JI/K3C/BZM4CnobU4bTgr6CY1VffX0r5Y0EimBJXHBzXn JlPzrBXlyCiFO6CiXKOExNK2ANJJrI1xFhoEZqtA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Starke Subject: [PATCH 5.15 163/177] tty: n_gsm: fix insufficient txframe size Date: Wed, 4 May 2022 18:45:56 +0200 Message-Id: <20220504153108.090989874@linuxfoundation.org> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220504153053.873100034@linuxfoundation.org> References: <20220504153053.873100034@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Daniel Starke commit 535bf600de75a859698892ee873521a48d289ec1 upstream. n_gsm is based on the 3GPP 07.010 and its newer version is the 3GPP 27.010. See https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1516 The changes from 07.010 to 27.010 are non-functional. Therefore, I refer to the newer 27.010 here. Chapter 5.7.2 states that the maximum frame size (N1) refers to the length of the information field (i.e. user payload). However, 'txframe' stores the whole frame including frame header, checksum and start/end flags. We also need to consider the byte stuffing overhead. Define constant for the protocol overhead and adjust the 'txframe' size calculation accordingly to reserve enough space for a complete mux frame including byte stuffing for advanced option mode. Note that no byte stuffing is applied to the start and end flag. Also use MAX_MTU instead of MAX_MRU as this buffer is used for data transmission. Fixes: e1eaea46bb40 ("tty: n_gsm line discipline") Cc: stable@vger.kernel.org Signed-off-by: Daniel Starke Link: https://lore.kernel.org/r/20220414094225.4527-8-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman --- drivers/tty/n_gsm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -73,6 +73,8 @@ module_param(debug, int, 0600); */ #define MAX_MRU 1500 #define MAX_MTU 1500 +/* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */ +#define PROT_OVERHEAD 7 #define GSM_NET_TX_TIMEOUT (HZ*10) /* @@ -2199,7 +2201,7 @@ static struct gsm_mux *gsm_alloc_mux(voi kfree(gsm); return NULL; } - gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL); + gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL); if (gsm->txframe == NULL) { kfree(gsm->buf); kfree(gsm);