Commit 9361ebfb authored by Daniel Starke's avatar Daniel Starke Committed by Greg Kroah-Hartman
Browse files

tty: n_gsm: fix invalid gsmtty_write_room() result 



gsmtty_write() does not prevent the user to use the full fifo size of 4096
bytes as allocated in gsm_dlci_alloc(). However, gsmtty_write_room() tries
to limit the return value by 'TX_SIZE' and returns a negative value if the
fifo has more than 'TX_SIZE' bytes stored. This is obviously wrong as
'TX_SIZE' is defined as 512.
Define 'TX_SIZE' to the fifo size and use it accordingly for allocation to
keep the current behavior. Return the correct remaining size of the fifo in
gsmtty_write_room() via kfifo_avail().

Fixes: e1eaea46 ("tty: n_gsm line discipline")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarDaniel Starke <daniel.starke@siemens.com>
Link: https://lore.kernel.org/r/20220504081733.3494-3-daniel.starke@siemens.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent edd5f60c

drivers/tty/n_gsm.c

+3 −4
Original line number Diff line number Diff line
@@ -137,6 +137,7 @@ struct gsm_dlci { 
	int retries;

	/* Uplink tty if active */

	struct tty_port port;	/* The tty bound to this DLCI if there is one */

#define TX_SIZE		4096    /* Must be power of 2. */

	struct kfifo fifo;	/* Queue fifo for the DLCI */

	int adaption;		/* Adaption layer in use */

	int prev_adaption;
@@ -1731,7 +1732,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) 
		return NULL;

	spin_lock_init(&dlci->lock);

	mutex_init(&dlci->mutex);

	if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) {

	if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {

		kfree(dlci);

		return NULL;

	}
@@ -2976,8 +2977,6 @@ static struct tty_ldisc_ops tty_ldisc_packet = { 
 *	Virtual tty side

 */



#define TX_SIZE		512



/**

 *	gsm_modem_upd_via_data	-	send modem bits via convergence layer

 *	@dlci: channel
@@ -3217,7 +3216,7 @@ static unsigned int gsmtty_write_room(struct tty_struct *tty) 
	struct gsm_dlci *dlci = tty->driver_data;

	if (dlci->state == DLCI_CLOSED)

		return 0;

	return TX_SIZE - kfifo_len(&dlci->fifo);

	return kfifo_avail(&dlci->fifo);

}



static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)