From a6b68a69fa89daeddc6ca6bb90b6f19a86ed7a9f Mon Sep 17 00:00:00 2001 From: Paul Fulghum Date: Mon, 3 Dec 2012 11:13:24 -0600 Subject: [PATCH] synclink fix ldisc buffer argument Fix call to line discipline receive_buf by synclink drivers. Dummy flag buffer argument is ignored by N_HDLC line discipline but might be of insufficient size if accessed by a different line discipline selected by mistake. flag buffer allocation now matches max size of data buffer. Unused char_buf buffers are removed. Signed-off-by: Paul Fulghum Signed-off-by: Greg Kroah-Hartman --- drivers/char/pcmcia/synclink_cs.c | 12 +++++++++++- drivers/tty/synclink.c | 13 ++++++++++--- drivers/tty/synclink_gt.c | 18 ++++++++++++++++-- drivers/tty/synclinkmp.c | 12 ++++++++++-- 4 files changed, 47 insertions(+), 8 deletions(-) diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c index b66eaa0..b2f35d7 100644 --- a/drivers/char/pcmcia/synclink_cs.c +++ b/drivers/char/pcmcia/synclink_cs.c @@ -210,7 +210,7 @@ typedef struct _mgslpc_info { char testing_irq; unsigned int init_error; /* startup error (DIAGS) */ - char flag_buf[MAX_ASYNC_BUFFER_SIZE]; + char *flag_buf; bool drop_rts_on_tx_done; struct _input_signal_events input_signal_events; @@ -2674,6 +2674,14 @@ static int rx_alloc_buffers(MGSLPC_INFO *info) if (info->rx_buf == NULL) return -ENOMEM; + /* unused flag buffer to satisfy receive_buf calling interface */ + info->flag_buf = kzalloc(info->max_frame_size, GFP_KERNEL); + if (!info->flag_buf) { + kfree(info->rx_buf); + info->rx_buf = NULL; + return -ENOMEM; + } + rx_reset_buffers(info); return 0; } @@ -2682,6 +2690,8 @@ static void rx_free_buffers(MGSLPC_INFO *info) { kfree(info->rx_buf); info->rx_buf = NULL; + kfree(info->flag_buf); + info->flag_buf = NULL; } static int claim_resources(MGSLPC_INFO *info) diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c index 9e071f6..d42b661 100644 --- a/drivers/tty/synclink.c +++ b/drivers/tty/synclink.c @@ -291,8 +291,7 @@ struct mgsl_struct { bool lcr_mem_requested; u32 misc_ctrl_value; - char flag_buf[MAX_ASYNC_BUFFER_SIZE]; - char char_buf[MAX_ASYNC_BUFFER_SIZE]; + char *flag_buf; bool drop_rts_on_tx_done; bool loopmode_insert_requested; @@ -3898,7 +3897,13 @@ static int mgsl_alloc_intermediate_rxbuffer_memory(struct mgsl_struct *info) info->intermediate_rxbuffer = kmalloc(info->max_frame_size, GFP_KERNEL | GFP_DMA); if ( info->intermediate_rxbuffer == NULL ) return -ENOMEM; - + /* unused flag buffer to satisfy receive_buf calling interface */ + info->flag_buf = kzalloc(info->max_frame_size, GFP_KERNEL); + if (!info->flag_buf) { + kfree(info->intermediate_rxbuffer); + info->intermediate_rxbuffer = NULL; + return -ENOMEM; + } return 0; } /* end of mgsl_alloc_intermediate_rxbuffer_memory() */ @@ -3917,6 +3922,8 @@ static void mgsl_free_intermediate_rxbuffer_memory(struct mgsl_struct *info) { kfree(info->intermediate_rxbuffer); info->intermediate_rxbuffer = NULL; + kfree(info->flag_buf); + info->flag_buf = NULL; } /* end of mgsl_free_intermediate_rxbuffer_memory() */ diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c index aba1e59..62a0db7 100644 --- a/drivers/tty/synclink_gt.c +++ b/drivers/tty/synclink_gt.c @@ -317,8 +317,7 @@ struct slgt_info { unsigned char *tx_buf; int tx_count; - char flag_buf[MAX_ASYNC_BUFFER_SIZE]; - char char_buf[MAX_ASYNC_BUFFER_SIZE]; + char *flag_buf; bool drop_rts_on_tx_done; struct _input_signal_events input_signal_events; @@ -3355,11 +3354,24 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, return retval; } +/* + * allocate buffers used for calling line discipline receive_buf + * directly in synchronous mode + * note: add 5 bytes to max frame size to allow appending + * 32-bit CRC and status byte when configured to do so + */ static int alloc_tmp_rbuf(struct slgt_info *info) { info->tmp_rbuf = kmalloc(info->max_frame_size + 5, GFP_KERNEL); if (info->tmp_rbuf == NULL) return -ENOMEM; + /* unused flag buffer to satisfy receive_buf calling interface */ + info->flag_buf = kzalloc(info->max_frame_size + 5, GFP_KERNEL); + if (!info->flag_buf) { + kfree(info->tmp_rbuf); + info->tmp_rbuf = NULL; + return -ENOMEM; + } return 0; } @@ -3367,6 +3379,8 @@ static void free_tmp_rbuf(struct slgt_info *info) { kfree(info->tmp_rbuf); info->tmp_rbuf = NULL; + kfree(info->flag_buf); + info->flag_buf = NULL; } /* diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c index fd43fb6..33b7314 100644 --- a/drivers/tty/synclinkmp.c +++ b/drivers/tty/synclinkmp.c @@ -262,8 +262,7 @@ typedef struct _synclinkmp_info { bool sca_statctrl_requested; u32 misc_ctrl_value; - char flag_buf[MAX_ASYNC_BUFFER_SIZE]; - char char_buf[MAX_ASYNC_BUFFER_SIZE]; + char *flag_buf; bool drop_rts_on_tx_done; struct _input_signal_events input_signal_events; @@ -3553,6 +3552,13 @@ static int alloc_tmp_rx_buf(SLMP_INFO *info) info->tmp_rx_buf = kmalloc(info->max_frame_size, GFP_KERNEL); if (info->tmp_rx_buf == NULL) return -ENOMEM; + /* unused flag buffer to satisfy receive_buf calling interface */ + info->flag_buf = kzalloc(info->max_frame_size, GFP_KERNEL); + if (!info->flag_buf) { + kfree(info->tmp_rx_buf); + info->tmp_rx_buf = NULL; + return -ENOMEM; + } return 0; } @@ -3560,6 +3566,8 @@ static void free_tmp_rx_buf(SLMP_INFO *info) { kfree(info->tmp_rx_buf); info->tmp_rx_buf = NULL; + kfree(info->flag_buf); + info->flag_buf = NULL; } static int claim_resources(SLMP_INFO *info) -- 2.7.4