Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4683439iob; Sun, 8 May 2022 21:53:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxpp5QCvenQwHxkOJ+HmJ3Sjzta3haRWMRcf6tCY7JqWtsRefjK9XNncGgYqzskKQeOPJxo X-Received: by 2002:a17:90b:4a4a:b0:1dc:4731:31a4 with SMTP id lb10-20020a17090b4a4a00b001dc473131a4mr16429029pjb.19.1652072011850; Sun, 08 May 2022 21:53:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652072011; cv=none; d=google.com; s=arc-20160816; b=OWheqJSryAS7HjaDjreK2IEit6imAOKJe6Zt9KdRBvaKlnf/+ik03N7CnXXtao2RAE RhL/hnYBIhp3QNwvAwagYpkTOl5qD2eZhb6gRZb6EUkvW82iRJc578c4t81t9WCsPhCx Lm87+20uWqEY0T+hCbisqcYqboIRvUANSFQv3B5AFcmfTBli2WHh/xFsDhQjAghxvHtA OTIh70jygur16EK07aetDhbxReZdnbj9HJeVgg7xuzp8epb8EkGe9u18USSwie5kTOwl 0vHENMayPl0Yq8ZnWEYUmI0RUTTSmnJOpEbf859BtqT8+P29vlSLI5WgaC5vJrpZ19dO 9/Yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=j7LePXU8kAD4M2fDvs9gg5SNJ6lPMkCaFFX54viMumw=; b=JH7WcHDbW+xjQ+tDlNcdG5u3fXSrpKev0sv/4UGT1l2GtxfwoWiCJRtR/IKkk8Ko/b 5Oiuse5INd+ECVVBQbfRF6Dks57iRXyvojqlQ1Ou+mmk8ocpLeEd+zAls2LaRH/bY9EQ yPLyYfPJ8RWgJX7W/ty8Pg0+diwbETeuK40sPWH3E6SAhYv2z1cls6wUyLMvmaQLtOUC sBefW7I9xhDQY96HWL+Md6JEIBVQ9QZ840hqyYFg9I+8o6gFU/yrlmFG4jPpAPVh7qst 3zbfegiDtksh8vLI4aP6WxSCWgbBwG09TiSsBzb+QAyh2nq84E9clyyFS1JDi2kHNZJl S7+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HUiJ9WnI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id x8-20020a056a00188800b005105d7d18dcsi13457332pfh.64.2022.05.08.21.53.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 May 2022 21:53:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HUiJ9WnI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 93DCD1339F9; Sun, 8 May 2022 21:52:17 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1359736AbiEDRxp (ORCPT + 99 others); Wed, 4 May 2022 13:53:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57536 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1357832AbiEDRPW (ORCPT ); Wed, 4 May 2022 13:15:22 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94EB6554A5; Wed, 4 May 2022 09:59:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5E12C618B4; Wed, 4 May 2022 16:59:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AA758C385A4; Wed, 4 May 2022 16:59:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1651683542; bh=ACO7i/FXakBjXCp4V8+W6PGe2JnJ7nZ3J3vCklj4BsE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HUiJ9WnI9fvB8aizNjphoQbySSgZho4Kjkr9yyFaYvOH0AAgfDfUsUwHA2OtzIRVD Rykbl+oxCecUsMfJau99o8H6136oa0nCGCFDBWp734CRD0FeVEFCtLn+HGsqMq7SHS v2BUcT4YbG50aTMe3jeqTkNicEl6/c5KL3qcXekY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Starke Subject: [PATCH 5.17 213/225] tty: n_gsm: fix wrong command frame length field encoding Date: Wed, 4 May 2022 18:47:31 +0200 Message-Id: <20220504153128.988659340@linuxfoundation.org> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220504153110.096069935@linuxfoundation.org> References: <20220504153110.096069935@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Daniel Starke commit 398867f59f956985f4c324f173eff7b946e14bd8 upstream. n_gsm is based on the 3GPP 07.010 and its newer version is the 3GPP 27.010. See https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1516 The changes from 07.010 to 27.010 are non-functional. Therefore, I refer to the newer 27.010 here. Chapter 5.4.6.1 states that each command frame shall be made up from type, length and value. Looking for example in chapter 5.4.6.3.5 at the description for the encoding of a flow control on command it becomes obvious, that the type and length field is always present whereas the value may be zero bytes long. The current implementation omits the length field if the value is not present. This is wrong. Correct this by always sending the length in gsm_control_transmit(). So far only the modem status command (MSC) has included a value and encoded its length directly. Therefore, also change gsmtty_modem_update(). Fixes: e1eaea46bb40 ("tty: n_gsm line discipline") Cc: stable@vger.kernel.org Signed-off-by: Daniel Starke Link: https://lore.kernel.org/r/20220414094225.4527-12-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman --- drivers/tty/n_gsm.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1327,11 +1327,12 @@ static void gsm_control_response(struct static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl) { - struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype); + struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype); if (msg == NULL) return; - msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */ - memcpy(msg->data + 1, ctrl->data, ctrl->len); + msg->data[0] = (ctrl->cmd << 1) | CR | EA; /* command */ + msg->data[1] = (ctrl->len << 1) | EA; + memcpy(msg->data + 2, ctrl->data, ctrl->len); gsm_data_queue(gsm->dlci[0], msg); } @@ -2957,19 +2958,17 @@ static struct tty_ldisc_ops tty_ldisc_pa static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk) { - u8 modembits[5]; + u8 modembits[3]; struct gsm_control *ctrl; int len = 2; - if (brk) + modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */ + modembits[1] = (gsm_encode_modem(dlci) << 1) | EA; + if (brk) { + modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */ len++; - - modembits[0] = len << 1 | EA; /* Data bytes */ - modembits[1] = dlci->addr << 2 | 3; /* DLCI, EA, 1 */ - modembits[2] = gsm_encode_modem(dlci) << 1 | EA; - if (brk) - modembits[3] = brk << 4 | 2 | EA; /* Valid, EA */ - ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1); + } + ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len); if (ctrl == NULL) return -ENOMEM; return gsm_control_wait(dlci->gsm, ctrl);