From: Mikhail Kshevetskiy Date: Sun, 27 Mar 2011 00:05:00 +0000 (+0400) Subject: tty/n_gsm: fix bug in CRC calculation for gsm1 mode X-Git-Tag: firefly_0821_release~7613^2~1562^2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=9db4e4381a8e881ff65a5d3400bfa471f84217e7;p=firefly-linux-kernel-4.4.55.git tty/n_gsm: fix bug in CRC calculation for gsm1 mode Problem description: gsm_queue() calculate a CRC for arrived frames. As a last step of CRC calculation it call gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs); This work perfectly for the case of GSM0 mode as gsm->received_fcs contain the last piece of data required to generate final CRC. gsm->received_fcs is not used for GSM1 mode. Thus we put an additional byte to CRC calculation. As result we get a wrong CRC and reject incoming frame. Signed-off-by: Mikhail Kshevetskiy Acked-by: Alan Cox Cc: stable Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 47f8cdb207f1..74273e638c0d 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1658,8 +1658,12 @@ static void gsm_queue(struct gsm_mux *gsm) if ((gsm->control & ~PF) == UI) gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len); - /* generate final CRC with received FCS */ - gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs); + if (gsm->encoding == 0){ + /* WARNING: gsm->received_fcs is used for gsm->encoding = 0 only. + In this case it contain the last piece of data + required to generate final CRC */ + gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs); + } if (gsm->fcs != GOOD_FCS) { gsm->bad_fcs++; if (debug & 4)