Commit 9db4e438 authored Mar 27, 2011 by Mikhail Kshevetskiy Committed by Greg Kroah-Hartman Apr 19, 2011

tty/n_gsm: fix bug in CRC calculation for gsm1 mode



Problem description:
  gsm_queue() calculate a CRC for arrived frames. As a last step of
  CRC calculation it call

    gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);

  This work perfectly for the case of GSM0 mode as gsm->received_fcs
  contain the last piece of data required to generate final CRC.

  gsm->received_fcs is not used for GSM1 mode. Thus we put an
  additional byte to CRC calculation. As result we get a wrong CRC
  and reject incoming frame.

Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy@gmail.com>
Acked-by: Alan Cox <alan@linux.intel.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

parent 5680e941

drivers/tty/n_gsm.c

+6 −2

Original line number	Original line	Diff line number	Diff line
	@@ -1658,8 +1658,12 @@ static void gsm_queue(struct gsm_mux *gsm)

	if ((gsm->control & ~PF) == UI)		if ((gsm->control & ~PF) == UI)
	gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);		gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
	/* generate final CRC with received FCS */		if (gsm->encoding == 0){
			/* WARNING: gsm->received_fcs is used for gsm->encoding = 0 only.
			In this case it contain the last piece of data
			required to generate final CRC */
	gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);		gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
			}
	if (gsm->fcs != GOOD_FCS) {		if (gsm->fcs != GOOD_FCS) {
	gsm->bad_fcs++;		gsm->bad_fcs++;
	if (debug & 4)		if (debug & 4)