From a6b68a69fa89daeddc6ca6bb90b6f19a86ed7a9f Mon Sep 17 00:00:00 2001 From: Paul Fulghum Date: Mon, 3 Dec 2012 11:13:24 -0600 Subject: synclink fix ldisc buffer argument Fix call to line discipline receive_buf by synclink drivers. Dummy flag buffer argument is ignored by N_HDLC line discipline but might be of insufficient size if accessed by a different line discipline selected by mistake. flag buffer allocation now matches max size of data buffer. Unused char_buf buffers are removed. Signed-off-by: Paul Fulghum Signed-off-by: Greg Kroah-Hartman --- drivers/tty/synclink_gt.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'drivers/tty/synclink_gt.c') diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c index aba1e59f4a88..62a0db7ead07 100644 --- a/drivers/tty/synclink_gt.c +++ b/drivers/tty/synclink_gt.c @@ -317,8 +317,7 @@ struct slgt_info { unsigned char *tx_buf; int tx_count; - char flag_buf[MAX_ASYNC_BUFFER_SIZE]; - char char_buf[MAX_ASYNC_BUFFER_SIZE]; + char *flag_buf; bool drop_rts_on_tx_done; struct _input_signal_events input_signal_events; @@ -3355,11 +3354,24 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, return retval; } +/* + * allocate buffers used for calling line discipline receive_buf + * directly in synchronous mode + * note: add 5 bytes to max frame size to allow appending + * 32-bit CRC and status byte when configured to do so + */ static int alloc_tmp_rbuf(struct slgt_info *info) { info->tmp_rbuf = kmalloc(info->max_frame_size + 5, GFP_KERNEL); if (info->tmp_rbuf == NULL) return -ENOMEM; + /* unused flag buffer to satisfy receive_buf calling interface */ + info->flag_buf = kzalloc(info->max_frame_size + 5, GFP_KERNEL); + if (!info->flag_buf) { + kfree(info->tmp_rbuf); + info->tmp_rbuf = NULL; + return -ENOMEM; + } return 0; } @@ -3367,6 +3379,8 @@ static void free_tmp_rbuf(struct slgt_info *info) { kfree(info->tmp_rbuf); info->tmp_rbuf = NULL; + kfree(info->flag_buf); + info->flag_buf = NULL; } /* -- cgit