[PATCH 5.15 137/230] tty: n_gsm: fix invalid gsmtty_write_room() result

From: Greg Kroah-Hartman
Date: Mon Jul 11 2022 - 05:59:50 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.15 174/230] virtio-blk: modify the value type of num in virtio_queue_rq()"
Previous message: Greg Kroah-Hartman: "[PATCH 5.15 136/230] serial: 8250_mtk: Make sure to select the right FEATURE_SEL"
In reply to: Greg Kroah-Hartman: "[PATCH 5.15 136/230] serial: 8250_mtk: Make sure to select the right FEATURE_SEL"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.15 174/230] virtio-blk: modify the value type of num in virtio_queue_rq()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Daniel Starke <daniel.starke@xxxxxxxxxxx>

[ Upstream commit 9361ebfbb79fd1bc8594a487c01ad52cdaa391ea ]

gsmtty_write() does not prevent the user to use the full fifo size of 4096
bytes as allocated in gsm_dlci_alloc(). However, gsmtty_write_room() tries
to limit the return value by 'TX_SIZE' and returns a negative value if the
fifo has more than 'TX_SIZE' bytes stored. This is obviously wrong as
'TX_SIZE' is defined as 512.
Define 'TX_SIZE' to the fifo size and use it accordingly for allocation to
keep the current behavior. Return the correct remaining size of the fifo in
gsmtty_write_room() via kfifo_avail().

Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Daniel Starke <daniel.starke@xxxxxxxxxxx>
Link: https://lore.kernel.org/r/20220504081733.3494-3-daniel.starke@xxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/tty/n_gsm.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index fd4a86111a6e..4a430f6ca170 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -137,6 +137,7 @@ struct gsm_dlci {
int retries;
/* Uplink tty if active */
struct tty_port port; /* The tty bound to this DLCI if there is one */
+#define TX_SIZE 4096 /* Must be power of 2. */
struct kfifo fifo; /* Queue fifo for the DLCI */
int adaption; /* Adaption layer in use */
int prev_adaption;
@@ -1758,7 +1759,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
return NULL;
spin_lock_init(&dlci->lock);
mutex_init(&dlci->mutex);
- if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) {
+ if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {
kfree(dlci);
return NULL;
}
@@ -3035,8 +3036,6 @@ static struct tty_ldisc_ops tty_ldisc_packet = {
* Virtual tty side
*/

-#define TX_SIZE 512
-
/**
* gsm_modem_upd_via_data - send modem bits via convergence layer
* @dlci: channel
@@ -3274,7 +3273,7 @@ static unsigned int gsmtty_write_room(struct tty_struct *tty)
struct gsm_dlci *dlci = tty->driver_data;
if (dlci->state == DLCI_CLOSED)
return 0;
- return TX_SIZE - kfifo_len(&dlci->fifo);
+ return kfifo_avail(&dlci->fifo);
}

static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)
--
2.35.1

Next message: Greg Kroah-Hartman: "[PATCH 5.15 174/230] virtio-blk: modify the value type of num in virtio_queue_rq()"
Previous message: Greg Kroah-Hartman: "[PATCH 5.15 136/230] serial: 8250_mtk: Make sure to select the right FEATURE_SEL"
In reply to: Greg Kroah-Hartman: "[PATCH 5.15 136/230] serial: 8250_mtk: Make sure to select the right FEATURE_SEL"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.15 174/230] virtio-blk: modify the value type of num in virtio_queue_rq()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]