Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1801634iob; Thu, 5 May 2022 08:26:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzw+2L2NJChDVRonh4mkryi8VryA6YBk6e3mk/xZaRiJZ9jv7v1XIvDXt7ebWNfv3yqSuN9 X-Received: by 2002:a05:6402:4384:b0:427:b5c0:4bf with SMTP id o4-20020a056402438400b00427b5c004bfmr26359472edc.127.1651764401226; Thu, 05 May 2022 08:26:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651764401; cv=none; d=google.com; s=arc-20160816; b=c/CPGX806GB9A/3BO9IxR5H1mFWek5yEjQvMHDWLQIUU9vTAMw3cN7y5SuQesT0+g7 Dc7Orw4xFOU6Aj1ZiOCTG1UFlGBain/L9OZSzkxgS23Dnq3HGk7RU/z0A5/j9hmqMuCl Z7a3wfV6M7ldS7WDXwuyzPBZ3sIW7XvgagPjhp98y1OfDHCvgSRospBSMItoc3sIFGbZ H1zAN4UcrnPm9JBhm30xBkpj0jSGX03X47dspzIt+2vtP4AZYzr+DGGdHXfXfxxruuOJ ppf506lz1Do6wwoKP9VlH2pBi389FSfuXD6ubZeaJaNptIOFaEzp42agnJWvPtHYCN1G qUvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=xs6g163tCd6CRhH+cPuG7GDVLkfd+zMbcvvDYi0xpoo=; b=LyAkirRDiMazAXNXnUj2SP4m/OvUp6TUIecCbhNmggSHZcBNXRmvhkDqW1Uu5cJgW0 FZDPd5VnX84RIJXQyH3iwFvI95BFM/P7OrF64pWXWLr3ZCW1lybVrxSQMbzI3XR/DLJp 5atQsMwXJgti6oTPMCG7zl6ASEcnAW/tuiUUFB2MII9/PH1j+D09uBoafxWUgQ29WIAy 0Dg+78dRSQQrVH4C0gZkl/5MzRmRVUOweXlnZkIDxvImowbpLIuhBlysoB6G959w6SPF o/o1E93NjeUuj/hufyAHIeVHPf0ik6LvD8ofbHPwfgx23lv6vbb9YOo6aR4imZqvpsoA kELQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="D/gJkHr7"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 13-20020a50874d000000b00427ddc0faa1si2026266edv.541.2022.05.05.08.26.17; Thu, 05 May 2022 08:26:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="D/gJkHr7"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357305AbiEDR3D (ORCPT + 99 others); Wed, 4 May 2022 13:29:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1356307AbiEDRJL (ORCPT ); Wed, 4 May 2022 13:09:11 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 08EBB532DB; Wed, 4 May 2022 09:55:02 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C2E4261899; Wed, 4 May 2022 16:55:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 17D0FC385AA; Wed, 4 May 2022 16:55:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1651683302; bh=7pBfGO7jJD7TSXKhPud04PKEnIWy2lecZmL2TL3JfC8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=D/gJkHr7qUwFSaEjq1VWmAcj+p1V8cRnuzPJiEs1HVoMTciy05vj2vA7njOH5kp76 mYm/WC8edXaHP3OintIEjGzfWeBdD/ISO1d/y3RwWLCS3sNmosADyiWXBYB0Tx5qWi fYFrgYz2fGGOsOyVFxnEazNRd5rZYRes1b5UUcDU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Starke Subject: [PATCH 5.15 167/177] tty: n_gsm: fix wrong command frame length field encoding Date: Wed, 4 May 2022 18:46:00 +0200 Message-Id: <20220504153108.497103113@linuxfoundation.org> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220504153053.873100034@linuxfoundation.org> References: <20220504153053.873100034@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Daniel Starke commit 398867f59f956985f4c324f173eff7b946e14bd8 upstream. n_gsm is based on the 3GPP 07.010 and its newer version is the 3GPP 27.010. See https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1516 The changes from 07.010 to 27.010 are non-functional. Therefore, I refer to the newer 27.010 here. Chapter 5.4.6.1 states that each command frame shall be made up from type, length and value. Looking for example in chapter 5.4.6.3.5 at the description for the encoding of a flow control on command it becomes obvious, that the type and length field is always present whereas the value may be zero bytes long. The current implementation omits the length field if the value is not present. This is wrong. Correct this by always sending the length in gsm_control_transmit(). So far only the modem status command (MSC) has included a value and encoded its length directly. Therefore, also change gsmtty_modem_update(). Fixes: e1eaea46bb40 ("tty: n_gsm line discipline") Cc: stable@vger.kernel.org Signed-off-by: Daniel Starke Link: https://lore.kernel.org/r/20220414094225.4527-12-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman --- drivers/tty/n_gsm.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1302,11 +1302,12 @@ static void gsm_control_response(struct static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl) { - struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype); + struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype); if (msg == NULL) return; - msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */ - memcpy(msg->data + 1, ctrl->data, ctrl->len); + msg->data[0] = (ctrl->cmd << 1) | CR | EA; /* command */ + msg->data[1] = (ctrl->len << 1) | EA; + memcpy(msg->data + 2, ctrl->data, ctrl->len); gsm_data_queue(gsm->dlci[0], msg); } @@ -2889,19 +2890,17 @@ static struct tty_ldisc_ops tty_ldisc_pa static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk) { - u8 modembits[5]; + u8 modembits[3]; struct gsm_control *ctrl; int len = 2; - if (brk) + modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */ + modembits[1] = (gsm_encode_modem(dlci) << 1) | EA; + if (brk) { + modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */ len++; - - modembits[0] = len << 1 | EA; /* Data bytes */ - modembits[1] = dlci->addr << 2 | 3; /* DLCI, EA, 1 */ - modembits[2] = gsm_encode_modem(dlci) << 1 | EA; - if (brk) - modembits[3] = brk << 4 | 2 | EA; /* Valid, EA */ - ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1); + } + ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len); if (ctrl == NULL) return -ENOMEM; return gsm_control_wait(dlci->gsm, ctrl);