lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f55e96d0-6683-0aef-4d4c-5c635e85aabd@kernel.org>
Date:   Mon, 9 May 2022 12:31:54 +0200
From:   Jiri Slaby <jirislaby@...nel.org>
To:     "D. Starke" <daniel.starke@...mens.com>,
        linux-serial@...r.kernel.org, gregkh@...uxfoundation.org
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/3] tty: n_gsm: fix invalid gsmtty_write_room() result

On 04. 05. 22, 10:17, D. Starke wrote:
> From: Daniel Starke <daniel.starke@...mens.com>
> 
> gsmtty_write() does not prevent the user to use the full fifo size of 4096
> bytes as allocated in gsm_dlci_alloc(). However, gsmtty_write_room() tries
> to limit the return value by 'TX_SIZE' and returns a negative value if the
> fifo has more than 'TX_SIZE' bytes stored. This is obviously wrong as
> 'TX_SIZE' is defined as 512.
> Define 'TX_SIZE' to the fifo size and use it accordingly for allocation to
> keep the current behavior. Return the correct remaining size of the fifo in
> gsmtty_write_room() via kfifo_avail().

Right.

Reviewed-by: Jiri Slaby <jirislaby@...nel.org>

> Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
> Cc: stable@...r.kernel.org
> Signed-off-by: Daniel Starke <daniel.starke@...mens.com>
> ---
>   drivers/tty/n_gsm.c | 7 +++----
>   1 file changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
> index bcb714031d69..fd8b86dde525 100644
> --- a/drivers/tty/n_gsm.c
> +++ b/drivers/tty/n_gsm.c
> @@ -137,6 +137,7 @@ struct gsm_dlci {
>   	int retries;
>   	/* Uplink tty if active */
>   	struct tty_port port;	/* The tty bound to this DLCI if there is one */
> +#define TX_SIZE		4096    /* Must be power of 2. */

Only that I'd not put the macro definition here. But outside the structure.

>   	struct kfifo fifo;	/* Queue fifo for the DLCI */
>   	int adaption;		/* Adaption layer in use */
>   	int prev_adaption;
> @@ -1731,7 +1732,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
>   		return NULL;
>   	spin_lock_init(&dlci->lock);
>   	mutex_init(&dlci->mutex);
> -	if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) {
> +	if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {
>   		kfree(dlci);
>   		return NULL;
>   	}
> @@ -2976,8 +2977,6 @@ static struct tty_ldisc_ops tty_ldisc_packet = {
>    *	Virtual tty side
>    */
>   
> -#define TX_SIZE		512
> -
>   /**
>    *	gsm_modem_upd_via_data	-	send modem bits via convergence layer
>    *	@dlci: channel
> @@ -3217,7 +3216,7 @@ static unsigned int gsmtty_write_room(struct tty_struct *tty)
>   	struct gsm_dlci *dlci = tty->driver_data;
>   	if (dlci->state == DLCI_CLOSED)
>   		return 0;
> -	return TX_SIZE - kfifo_len(&dlci->fifo);
> +	return kfifo_avail(&dlci->fifo);
>   }
>   
>   static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)


-- 
js
suse labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ