subject:"\[Suggestion\] drivers\/tty\: drivers\/char\/\: for MAX_ASYNC_BUFFER

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-12-01 Thread Chen Gang

于 2012年12月01日 00:24, Paul Fulghum 写道:
> My suggestion is to leave it as is for now until I can make
> those changes. I admit the current code is ugly enough to
> cause confusion (sorry Chen Gang), but I don't see any immediate danger.
> 

  do not need 'sorry', learn with each other. (I am just learning
through read kernel source code -- "code review")

  I am glad to know that my suggestion is useful (although it seems a
minor suggestion).  for me, it is enough.

  :-)

  thanks.

-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-12-01 Thread Chen Gang

于 2012年12月01日 00:24, Paul Fulghum 写道:
 My suggestion is to leave it as is for now until I can make
 those changes. I admit the current code is ugly enough to
 cause confusion (sorry Chen Gang), but I don't see any immediate danger.
 

  do not need 'sorry', learn with each other. (I am just learning
through read kernel source code -- code review)

  I am glad to know that my suggestion is useful (although it seems a
minor suggestion).  for me, it is enough.

  :-)

  thanks.

-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-30 Thread Paul Fulghum

On 11/29/2012 8:52 PM, Chen Gang wrote:
> 于 2012年11月30日 02:32, Greg KH 写道:
>> On Thu, Nov 29, 2012 at 01:57:59PM +0800, Chen Gang wrote:
 And, I really don't understand here, why do you want to change this?
 What is it going to change?  And why?
>>>
>>> Why:
>>>   for the context MGSLPC_INFO *info in drivers/char/pcmcia/synclink_cs.c
>>> info->max_frame_size can be the value between 4096 .. 65535 (can be
>>> set by its module input parameter)
>>> info->flag_buf length is 4096 (MAX_ASYNC_BUFFER_SIZE)
>>>   in function rx_get_frame
>>> the framesize is limit by info->max_frame_size, but may still be
>>> larger that 4096.
>>> when call function ldisc_receive_buf, info->flag_buf is equal to
>>> 4096, but framesize can be more than 4096. it will cause memory over flow.

The confusion centers on calling the line discipline receive_buf
function with a data buffer larger than the flag buffer.

The synclink drivers support asynchronous and synchronous (HDLC)
serial communications.

In asynchronous mode, the tty flip buffer is used to feed
data to the line discipline. In this mode, the above argument
does not apply. The receive_buf function is not called directly.

In synchronous mode, the driver calls the line discipline
receive_buf function directly to feed one HDLC frame
of data per call. Maintaining frame boundaries is needed
in this mode. This is done only with the N_HDLC line
discipline which expects this format and ignores the flag buffer.
The flag buffer passed is just a place holder to meet the
calling conventions of the line discipline receive_buf function.

The only danger is if:
1. driver is configured for synchronous mode
2. driver is configured for frames > 4K
3. line discipline other than N_HDLC is selected

In this case the line discipline might try to access
beyond the end of the flag buffer. This is a non-functional
configuration that would not occur on purpose.

Increasing the flag buffer size would prevent a problem
in this degenerate case of purposeful misconfiguration.
This would be at the expense of larger allocations that are
not used.

I think the correct fix is for me to change the direct
calls to pass the same buffer for both data and flag and
add a comment describing the fact the flag buffer is ignored
when using N_HDLC. That way a misconfigured setup won't
cause problems and no unneeded allocations are made.

My suggestion is to leave it as is for now until I can make
those changes. I admit the current code is ugly enough to
cause confusion (sorry Chen Gang), but I don't see any immediate danger.

-- 
Paul Fulghum
MicroGate Systems, Ltd.
=Customer Driven, by Design=
(800)444-1982 (US Sales)
(512)345-7791 x102 (Direct)
(512)343-9046 (Fax)
Central Time Zone (GMT -6h)
www.microgate.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-30 Thread Paul Fulghum

On 11/29/2012 8:52 PM, Chen Gang wrote:
 于 2012年11月30日 02:32, Greg KH 写道:
 On Thu, Nov 29, 2012 at 01:57:59PM +0800, Chen Gang wrote:
 And, I really don't understand here, why do you want to change this?
 What is it going to change?  And why?

 Why:
   for the context MGSLPC_INFO *info in drivers/char/pcmcia/synclink_cs.c
 info-max_frame_size can be the value between 4096 .. 65535 (can be
 set by its module input parameter)
 info-flag_buf length is 4096 (MAX_ASYNC_BUFFER_SIZE)
   in function rx_get_frame
 the framesize is limit by info-max_frame_size, but may still be
 larger that 4096.
 when call function ldisc_receive_buf, info-flag_buf is equal to
 4096, but framesize can be more than 4096. it will cause memory over flow.

The confusion centers on calling the line discipline receive_buf
function with a data buffer larger than the flag buffer.

The synclink drivers support asynchronous and synchronous (HDLC)
serial communications.

In asynchronous mode, the tty flip buffer is used to feed
data to the line discipline. In this mode, the above argument
does not apply. The receive_buf function is not called directly.

In synchronous mode, the driver calls the line discipline
receive_buf function directly to feed one HDLC frame
of data per call. Maintaining frame boundaries is needed
in this mode. This is done only with the N_HDLC line
discipline which expects this format and ignores the flag buffer.
The flag buffer passed is just a place holder to meet the
calling conventions of the line discipline receive_buf function.

The only danger is if:
1. driver is configured for synchronous mode
2. driver is configured for frames  4K
3. line discipline other than N_HDLC is selected

In this case the line discipline might try to access
beyond the end of the flag buffer. This is a non-functional
configuration that would not occur on purpose.

Increasing the flag buffer size would prevent a problem
in this degenerate case of purposeful misconfiguration.
This would be at the expense of larger allocations that are
not used.

I think the correct fix is for me to change the direct
calls to pass the same buffer for both data and flag and
add a comment describing the fact the flag buffer is ignored
when using N_HDLC. That way a misconfigured setup won't
cause problems and no unneeded allocations are made.

My suggestion is to leave it as is for now until I can make
those changes. I admit the current code is ugly enough to
cause confusion (sorry Chen Gang), but I don't see any immediate danger.

-- 
Paul Fulghum
MicroGate Systems, Ltd.
=Customer Driven, by Design=
(800)444-1982 (US Sales)
(512)345-7791 x102 (Direct)
(512)343-9046 (Fax)
Central Time Zone (GMT -6h)
www.microgate.com
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Chen Gang

于 2012年11月30日 11:27, Paul Fulghum 写道:
> 
> I’m the maintainer for these drivers. I only caught this message by
> chance and
> have not had a chance to review the entire thread and original patches.
> It’s late and I’m tired so I won’t be able to look at this until tomorrow.
> 
> I do not doubt there is a problem that needs cleaning up. I just need a
> day to
> review and make sure this does not cause any problems.

  if it is surely an issue,
is it suitable to let Paul Fulghum to provide the relative patch ?
for synclink, he is more expert than me.
for test and test environments, he is also more expert than me.

  thanks.

-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Chen Gang

于 2012年11月30日 11:27, Paul Fulghum 写道:
> 
> I’m the maintainer for these drivers. I only caught this message by
> chance and

  it seems you are not in MAINTAINER file.
  is it suitable to add your name into MAINTAINER file ?
(if it was, please help adding ?  I am not quite familiar with it)

  thanks.

-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Chen Gang

于 2012年11月30日 10:27, Chen Gang 写道:
> 于 2012年11月29日 21:41, Alan Cox 写道:
>> On Thu, 29 Nov 2012 13:07:28 +0800
>> Chen Gang  wrote:
>>
>>> Hello Greg Kroah-Hartman:
>>>
>>> for MAX_ASYNC_BUFFER_SIZE:
>>>   it is defined as 4096;
>>>   but for the max buffer size which it processes, is 65535.
>>>   so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)
>>
>> I don't see the need to change this. Possibly some of the old synclink
>> drivers need to check more carefully for overflows if configured for very
>> large frame sizes ?
>>
> 

  sorry forget to reply "I don't see the need to change this"

  I think what Alan Cox said is:
if it was necessary (surely overflows by testing):
  not touch MAX_ASYNC_BUFFER_SIZE,
  can judge the buffer whether larger than MAX_ASYNC_BUFFER_SIZE.
if larger, we can skip it.

  I think we also have another 4 ways: (if surely overflows by testing)
I prefer:
  use flag_buf[HDLC_MAX_FRAME_SIZE] instead of 
flag_buf[MAX_ASYNC_BUFFER_SIZE]
  it is the simplest and clearest way.
  it will consume a little more memory, but it seems minor negative effect 
with global.
2nd way:
  dynamically allocate relative buffer to fit the current max frame size 
(4096..65535).
  it is not complex, but can save a little memory
3rd way:
  we have to make a loop to receive one frame.
  it will be complex, need reconstruction current source code (and more 
testing).
4th way:
  #define MAX_ASYNC_BUFFER_SIZE  0x1
  it is my original suggestion, but it seems not quite suitable.


  welcome to giving your choice (or provide your new choice), thanks.

  thanks.

gchen.
> I am just through code review (so it is only a suggestion), I will try to 
> perform test.
> also welcome another members to help testing.
> 
> this issue has effect with 4 synclink drivers (most of source code are the 
> same).
>   drivers/char/pcmcia/synclink_cs.c:213:  char 
> flag_buf[MAX_ASYNC_BUFFER_SIZE];
>   drivers/tty/synclink_gt.c:320:  char flag_buf[MAX_ASYNC_BUFFER_SIZE];
>   drivers/tty/synclink.c:294: char flag_buf[MAX_ASYNC_BUFFER_SIZE];
>   drivers/tty/synclinkmp.c:265:   char flag_buf[MAX_ASYNC_BUFFER_SIZE];
> 
> for the char_buf, has already useless (can be removed)
>   drivers/tty/synclink_gt.c:321:  char char_buf[MAX_ASYNC_BUFFER_SIZE];
>   drivers/tty/synclink.c:295: char char_buf[MAX_ASYNC_BUFFER_SIZE];   
>   drivers/tty/synclinkmp.c:266:   char char_buf[MAX_ASYNC_BUFFER_SIZE];
> 
> 
>>>
>>> -
>>> Step 3:
>>>
>>> one sample in drivers/tty/n_gsm.c  (same for another implementation)
>>>
>>>   receive_buf is a function ptr which may be gsmld_receive_buf at line 
>>> 2819. 
>>>   it does not check the length of count whether larger than 
>>> MAX_ASYNC_BUFFER_SIZE.
>>>   if count is larger than MAX_ASYNC_BUFFER_SIZE, will cause issue.
>>
>> Why should it - MAX_ASYNC_BUFFER_SIZE is an internal detail of the
>> synclink drivers. 
>>
>> Alan
>>
>>
> 
>   no, not need.  (excuse me, my English is not quite well, maybe you 
> misunderstand what I said)
> 
>   at least, currently:
> the caller should be sure that the buffer length is enough (it seems not, 
> I need test it).
> the internal has no duty to check it.
> 
> 


-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Chen Gang

于 2012年11月30日 02:32, Greg KH 写道:
> On Thu, Nov 29, 2012 at 01:57:59PM +0800, Chen Gang wrote:
>>> And, I really don't understand here, why do you want to change this?
>>> What is it going to change?  And why?
>>>
>>
>> Why:
>>   for the context MGSLPC_INFO *info in drivers/char/pcmcia/synclink_cs.c
>> info->max_frame_size can be the value between 4096 .. 65535 (can be
>> set by its module input parameter)
>> info->flag_buf length is 4096 (MAX_ASYNC_BUFFER_SIZE)
>>   in function rx_get_frame
>> the framesize is limit by info->max_frame_size, but may still be
>> larger that 4096.
>> when call function ldisc_receive_buf, info->flag_buf is equal to
>> 4096, but framesize can be more than 4096. it will cause memory over flow.
> 
> Do you use that pcmcia driver for anything?  Are those cards still
> around?

I am not use them.

I am just through code review (so it is only a suggestion).

this issue has effect with 4 synclink drivers
I checked their source code, all of them have the same issue.
  drivers/char/pcmcia/synclink_cs.c:213:char 
flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink_gt.c:320:char flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink.c:294:   char flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclinkmp.c:265: char flag_buf[MAX_ASYNC_BUFFER_SIZE];

by the way, for the char_buf, has already useless (can be removed)
  drivers/tty/synclink_gt.c:321:char char_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink.c:295:   char char_buf[MAX_ASYNC_BUFFER_SIZE];   
  drivers/tty/synclinkmp.c:266: char char_buf[MAX_ASYNC_BUFFER_SIZE];



> 
>> What:
>>   #define MAX_ASYNC_BUFFER_SIZE  0x1 (instead of 4096, originally).
>>   let it match the max frame size.
>>
>> At last:
>>   my suggestion may be incorrect, need relative member (who expert about
>> it) to help checking.
> 
> That driver might be incorrect, yes, care to make up a patch for it and
> test it to verify it fixes the problem?
> 

and now Alan Cox has his own opinions
  at least, I think it is valuable to continue discussing about it.

if Alan Cox agree with it (but it seems not),  I will make patch, and try to 
perform test.
also welcome another members to help testing.



> thanks,
> 
> greg k-h
> 
> 


-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Chen Gang

于 2012年11月29日 21:41, Alan Cox 写道:
> On Thu, 29 Nov 2012 13:07:28 +0800
> Chen Gang  wrote:
> 
>> Hello Greg Kroah-Hartman:
>>
>> for MAX_ASYNC_BUFFER_SIZE:
>>   it is defined as 4096;
>>   but for the max buffer size which it processes, is 65535.
>>   so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)
> 
> I don't see the need to change this. Possibly some of the old synclink
> drivers need to check more carefully for overflows if configured for very
> large frame sizes ?
> 

I am just through code review (so it is only a suggestion), I will try to 
perform test.
also welcome another members to help testing.

this issue has effect with 4 synclink drivers (most of source code are the 
same).
  drivers/char/pcmcia/synclink_cs.c:213:char 
flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink_gt.c:320:char flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink.c:294:   char flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclinkmp.c:265: char flag_buf[MAX_ASYNC_BUFFER_SIZE];

for the char_buf, has already useless (can be removed)
  drivers/tty/synclink_gt.c:321:char char_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink.c:295:   char char_buf[MAX_ASYNC_BUFFER_SIZE];   
  drivers/tty/synclinkmp.c:266: char char_buf[MAX_ASYNC_BUFFER_SIZE];

>>
>> -
>> Step 3:
>>
>> one sample in drivers/tty/n_gsm.c  (same for another implementation)
>>
>>   receive_buf is a function ptr which may be gsmld_receive_buf at line 2819. 
>>   it does not check the length of count whether larger than 
>> MAX_ASYNC_BUFFER_SIZE.
>>   if count is larger than MAX_ASYNC_BUFFER_SIZE, will cause issue.
> 
> Why should it - MAX_ASYNC_BUFFER_SIZE is an internal detail of the
> synclink drivers. 
> 
> Alan
> 
> 

  no, not need.  (excuse me, my English is not quite well, maybe you 
misunderstand what I said)

  at least, currently:
the caller should be sure that the buffer length is enough (it seems not, I 
need test it).
the internal has no duty to check it.

-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Greg KH

On Thu, Nov 29, 2012 at 01:57:59PM +0800, Chen Gang wrote:
> > And, I really don't understand here, why do you want to change this?
> > What is it going to change?  And why?
> > 
> 
> Why:
>   for the context MGSLPC_INFO *info in drivers/char/pcmcia/synclink_cs.c
> info->max_frame_size can be the value between 4096 .. 65535 (can be
> set by its module input parameter)
> info->flag_buf length is 4096 (MAX_ASYNC_BUFFER_SIZE)
>   in function rx_get_frame
> the framesize is limit by info->max_frame_size, but may still be
> larger that 4096.
> when call function ldisc_receive_buf, info->flag_buf is equal to
> 4096, but framesize can be more than 4096. it will cause memory over flow.

Do you use that pcmcia driver for anything?  Are those cards still
around?

> What:
>   #define MAX_ASYNC_BUFFER_SIZE  0x1 (instead of 4096, originally).
>   let it match the max frame size.
> 
> At last:
>   my suggestion may be incorrect, need relative member (who expert about
> it) to help checking.

That driver might be incorrect, yes, care to make up a patch for it and
test it to verify it fixes the problem?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Alan Cox

On Thu, 29 Nov 2012 13:07:28 +0800
Chen Gang  wrote:

> Hello Greg Kroah-Hartman:
> 
> for MAX_ASYNC_BUFFER_SIZE:
>   it is defined as 4096;
>   but for the max buffer size which it processes, is 65535.
>   so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)

I don't see the need to change this. Possibly some of the old synclink
drivers need to check more carefully for overflows if configured for very
large frame sizes ?

> 
> -
> Step 3:
> 
> one sample in drivers/tty/n_gsm.c  (same for another implementation)
> 
>   receive_buf is a function ptr which may be gsmld_receive_buf at line 2819. 
>   it does not check the length of count whether larger than 
> MAX_ASYNC_BUFFER_SIZE.
>   if count is larger than MAX_ASYNC_BUFFER_SIZE, will cause issue.

Why should it - MAX_ASYNC_BUFFER_SIZE is an internal detail of the
synclink drivers. 

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Alan Cox

On Thu, 29 Nov 2012 13:07:28 +0800
Chen Gang gang.c...@asianux.com wrote:

 Hello Greg Kroah-Hartman:
 
 for MAX_ASYNC_BUFFER_SIZE:
   it is defined as 4096;
   but for the max buffer size which it processes, is 65535.
   so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)

I don't see the need to change this. Possibly some of the old synclink
drivers need to check more carefully for overflows if configured for very
large frame sizes ?

 
 -
 Step 3:
 
 one sample in drivers/tty/n_gsm.c  (same for another implementation)
 
   receive_buf is a function ptr which may be gsmld_receive_buf at line 2819. 
   it does not check the length of count whether larger than 
 MAX_ASYNC_BUFFER_SIZE.
   if count is larger than MAX_ASYNC_BUFFER_SIZE, will cause issue.

Why should it - MAX_ASYNC_BUFFER_SIZE is an internal detail of the
synclink drivers. 

Alan
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Greg KH

On Thu, Nov 29, 2012 at 01:57:59PM +0800, Chen Gang wrote:
  And, I really don't understand here, why do you want to change this?
  What is it going to change?  And why?
  
 
 Why:
   for the context MGSLPC_INFO *info in drivers/char/pcmcia/synclink_cs.c
 info-max_frame_size can be the value between 4096 .. 65535 (can be
 set by its module input parameter)
 info-flag_buf length is 4096 (MAX_ASYNC_BUFFER_SIZE)
   in function rx_get_frame
 the framesize is limit by info-max_frame_size, but may still be
 larger that 4096.
 when call function ldisc_receive_buf, info-flag_buf is equal to
 4096, but framesize can be more than 4096. it will cause memory over flow.

Do you use that pcmcia driver for anything?  Are those cards still
around?

 What:
   #define MAX_ASYNC_BUFFER_SIZE  0x1 (instead of 4096, originally).
   let it match the max frame size.
 
 At last:
   my suggestion may be incorrect, need relative member (who expert about
 it) to help checking.

That driver might be incorrect, yes, care to make up a patch for it and
test it to verify it fixes the problem?

thanks,

greg k-h
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Chen Gang

于 2012年11月29日 21:41, Alan Cox 写道:
 On Thu, 29 Nov 2012 13:07:28 +0800
 Chen Gang gang.c...@asianux.com wrote:
 
 Hello Greg Kroah-Hartman:

 for MAX_ASYNC_BUFFER_SIZE:
   it is defined as 4096;
   but for the max buffer size which it processes, is 65535.
   so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)
 
 I don't see the need to change this. Possibly some of the old synclink
 drivers need to check more carefully for overflows if configured for very
 large frame sizes ?
 

I am just through code review (so it is only a suggestion), I will try to 
perform test.
also welcome another members to help testing.

this issue has effect with 4 synclink drivers (most of source code are the 
same).
  drivers/char/pcmcia/synclink_cs.c:213:char 
flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink_gt.c:320:char flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink.c:294:   char flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclinkmp.c:265: char flag_buf[MAX_ASYNC_BUFFER_SIZE];

for the char_buf, has already useless (can be removed)
  drivers/tty/synclink_gt.c:321:char char_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink.c:295:   char char_buf[MAX_ASYNC_BUFFER_SIZE];   
  drivers/tty/synclinkmp.c:266: char char_buf[MAX_ASYNC_BUFFER_SIZE];



 -
 Step 3:

 one sample in drivers/tty/n_gsm.c  (same for another implementation)

   receive_buf is a function ptr which may be gsmld_receive_buf at line 2819. 
   it does not check the length of count whether larger than 
 MAX_ASYNC_BUFFER_SIZE.
   if count is larger than MAX_ASYNC_BUFFER_SIZE, will cause issue.
 
 Why should it - MAX_ASYNC_BUFFER_SIZE is an internal detail of the
 synclink drivers. 
 
 Alan
 
 

  no, not need.  (excuse me, my English is not quite well, maybe you 
misunderstand what I said)

  at least, currently:
the caller should be sure that the buffer length is enough (it seems not, I 
need test it).
the internal has no duty to check it.


-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Chen Gang

于 2012年11月30日 02:32, Greg KH 写道:
 On Thu, Nov 29, 2012 at 01:57:59PM +0800, Chen Gang wrote:
 And, I really don't understand here, why do you want to change this?
 What is it going to change?  And why?


 Why:
   for the context MGSLPC_INFO *info in drivers/char/pcmcia/synclink_cs.c
 info-max_frame_size can be the value between 4096 .. 65535 (can be
 set by its module input parameter)
 info-flag_buf length is 4096 (MAX_ASYNC_BUFFER_SIZE)
   in function rx_get_frame
 the framesize is limit by info-max_frame_size, but may still be
 larger that 4096.
 when call function ldisc_receive_buf, info-flag_buf is equal to
 4096, but framesize can be more than 4096. it will cause memory over flow.
 
 Do you use that pcmcia driver for anything?  Are those cards still
 around?

I am not use them.

I am just through code review (so it is only a suggestion).

this issue has effect with 4 synclink drivers
I checked their source code, all of them have the same issue.
  drivers/char/pcmcia/synclink_cs.c:213:char 
flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink_gt.c:320:char flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink.c:294:   char flag_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclinkmp.c:265: char flag_buf[MAX_ASYNC_BUFFER_SIZE];

by the way, for the char_buf, has already useless (can be removed)
  drivers/tty/synclink_gt.c:321:char char_buf[MAX_ASYNC_BUFFER_SIZE];
  drivers/tty/synclink.c:295:   char char_buf[MAX_ASYNC_BUFFER_SIZE];   
  drivers/tty/synclinkmp.c:266: char char_buf[MAX_ASYNC_BUFFER_SIZE];



 
 What:
   #define MAX_ASYNC_BUFFER_SIZE  0x1 (instead of 4096, originally).
   let it match the max frame size.

 At last:
   my suggestion may be incorrect, need relative member (who expert about
 it) to help checking.
 
 That driver might be incorrect, yes, care to make up a patch for it and
 test it to verify it fixes the problem?
 

and now Alan Cox has his own opinions
  at least, I think it is valuable to continue discussing about it.

if Alan Cox agree with it (but it seems not),  I will make patch, and try to 
perform test.
also welcome another members to help testing.



 thanks,
 
 greg k-h
 
 


-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Chen Gang

于 2012年11月30日 10:27, Chen Gang 写道:
 于 2012年11月29日 21:41, Alan Cox 写道:
 On Thu, 29 Nov 2012 13:07:28 +0800
 Chen Gang gang.c...@asianux.com wrote:

 Hello Greg Kroah-Hartman:

 for MAX_ASYNC_BUFFER_SIZE:
   it is defined as 4096;
   but for the max buffer size which it processes, is 65535.
   so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)

 I don't see the need to change this. Possibly some of the old synclink
 drivers need to check more carefully for overflows if configured for very
 large frame sizes ?

 

  sorry forget to reply I don't see the need to change this

  I think what Alan Cox said is:
if it was necessary (surely overflows by testing):
  not touch MAX_ASYNC_BUFFER_SIZE,
  can judge the buffer whether larger than MAX_ASYNC_BUFFER_SIZE.
if larger, we can skip it.

  I think we also have another 4 ways: (if surely overflows by testing)
I prefer:
  use flag_buf[HDLC_MAX_FRAME_SIZE] instead of 
flag_buf[MAX_ASYNC_BUFFER_SIZE]
  it is the simplest and clearest way.
  it will consume a little more memory, but it seems minor negative effect 
with global.
2nd way:
  dynamically allocate relative buffer to fit the current max frame size 
(4096..65535).
  it is not complex, but can save a little memory
3rd way:
  we have to make a loop to receive one frame.
  it will be complex, need reconstruction current source code (and more 
testing).
4th way:
  #define MAX_ASYNC_BUFFER_SIZE  0x1
  it is my original suggestion, but it seems not quite suitable.


  welcome to giving your choice (or provide your new choice), thanks.

  thanks.

gchen.
 I am just through code review (so it is only a suggestion), I will try to 
 perform test.
 also welcome another members to help testing.
 
 this issue has effect with 4 synclink drivers (most of source code are the 
 same).
   drivers/char/pcmcia/synclink_cs.c:213:  char 
 flag_buf[MAX_ASYNC_BUFFER_SIZE];
   drivers/tty/synclink_gt.c:320:  char flag_buf[MAX_ASYNC_BUFFER_SIZE];
   drivers/tty/synclink.c:294: char flag_buf[MAX_ASYNC_BUFFER_SIZE];
   drivers/tty/synclinkmp.c:265:   char flag_buf[MAX_ASYNC_BUFFER_SIZE];
 
 for the char_buf, has already useless (can be removed)
   drivers/tty/synclink_gt.c:321:  char char_buf[MAX_ASYNC_BUFFER_SIZE];
   drivers/tty/synclink.c:295: char char_buf[MAX_ASYNC_BUFFER_SIZE];   
   drivers/tty/synclinkmp.c:266:   char char_buf[MAX_ASYNC_BUFFER_SIZE];
 
 

 -
 Step 3:

 one sample in drivers/tty/n_gsm.c  (same for another implementation)

   receive_buf is a function ptr which may be gsmld_receive_buf at line 
 2819. 
   it does not check the length of count whether larger than 
 MAX_ASYNC_BUFFER_SIZE.
   if count is larger than MAX_ASYNC_BUFFER_SIZE, will cause issue.

 Why should it - MAX_ASYNC_BUFFER_SIZE is an internal detail of the
 synclink drivers. 

 Alan


 
   no, not need.  (excuse me, my English is not quite well, maybe you 
 misunderstand what I said)
 
   at least, currently:
 the caller should be sure that the buffer length is enough (it seems not, 
 I need test it).
 the internal has no duty to check it.
 
 


-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Chen Gang

于 2012年11月30日 11:27, Paul Fulghum 写道:
 
 I’m the maintainer for these drivers. I only caught this message by
 chance and

  it seems you are not in MAINTAINER file.
  is it suitable to add your name into MAINTAINER file ?
(if it was, please help adding ?  I am not quite familiar with it)

  thanks.

-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-29 Thread Chen Gang

于 2012年11月30日 11:27, Paul Fulghum 写道:
 
 I’m the maintainer for these drivers. I only caught this message by
 chance and
 have not had a chance to review the entire thread and original patches.
 It’s late and I’m tired so I won’t be able to look at this until tomorrow.
 
 I do not doubt there is a problem that needs cleaning up. I just need a
 day to
 review and make sure this does not cause any problems.

  if it is surely an issue,
is it suitable to let Paul Fulghum to provide the relative patch ?
for synclink, he is more expert than me.
for test and test environments, he is also more expert than me.

  thanks.

-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-28 Thread Chen Gang

于 2012年11月29日 13:13, Greg KH 写道:
> On Thu, Nov 29, 2012 at 12:40:49PM +0800, Chen Gang wrote:
>> Hello Greg Kroah-Hartman:
>>
>> for MAX_ASYNC_BUFFER_SIZE:
>>   it is defined as 4096;
>>   but for the max buffer size which it processes, is 65535.
>>   so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)
> 
> Please, send tty questions to the linux-ser...@vger.kernel.org list
> also.

  I cc to linux-ser...@vger.kernel.org, in this reply.

  I referenced the file MAINTAINERS, before sent original mail:

  it seems all drivers/tty/serial/* are relative with
linux-ser...@vger.kernel.org. but our case is not relative
drivers/tty/serial. so for not bother them, I am not send to them,
originally.

  in MAINTAINERS, line 7438, I find for common of driver/tty/*, can send
to you and no cc, so I send you and cc to linux-kernel@vger.kernel.org.

  next time, for all tty questions, I will cc to
linux-ser...@vger.kernel.org (not cc to linux-kernel@vger.kernel.org).

> 
> And, I really don't understand here, why do you want to change this?
> What is it going to change?  And why?
> 

Why:
  for the context MGSLPC_INFO *info in drivers/char/pcmcia/synclink_cs.c
info->max_frame_size can be the value between 4096 .. 65535 (can be
set by its module input parameter)
info->flag_buf length is 4096 (MAX_ASYNC_BUFFER_SIZE)
  in function rx_get_frame
the framesize is limit by info->max_frame_size, but may still be
larger that 4096.
when call function ldisc_receive_buf, info->flag_buf is equal to
4096, but framesize can be more than 4096. it will cause memory over flow.

What:
  #define MAX_ASYNC_BUFFER_SIZE  0x1 (instead of 4096, originally).
  let it match the max frame size.

At last:
  my suggestion may be incorrect, need relative member (who expert about
it) to help checking.

  welcome another suggestion or completions.

  thanks.

gchen.

> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 
> 

-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: 【Suggestion】drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-28 Thread Greg KH

On Thu, Nov 29, 2012 at 12:40:49PM +0800, Chen Gang wrote:
> Hello Greg Kroah-Hartman:
> 
> for MAX_ASYNC_BUFFER_SIZE:
>   it is defined as 4096;
>   but for the max buffer size which it processes, is 65535.
>   so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)

Please, send tty questions to the linux-ser...@vger.kernel.org list
also.

And, I really don't understand here, why do you want to change this?
What is it going to change?  And why?

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-28 Thread Chen Gang

Hello Greg Kroah-Hartman:

for MAX_ASYNC_BUFFER_SIZE:
  it is defined as 4096;
  but for the max buffer size which it processes, is 65535.
  so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)

  I use 3 Step to prove it, please see below:

by the way:
  I find it only through code review, not test it.
  so I send it as suggestions (not a patch).
  next time:
for the same case, if it is better to send a patch, directly.
please tell me by replying for this mail.
(at least, it can save your time, since you are busy)

gchen.

-
Step 1:

the MAX_ASYNC_BUFFER_SIZE is 4096:

root@gchen-desktop:~/linux# grep -rn MAX_ASYNC_BUFFER_SIZE *
drivers/char/pcmcia/synclink_cs.c:213:  char flag_buf[MAX_ASYNC_BUFFER_SIZE];
drivers/tty/synclink_gt.c:320:  char flag_buf[MAX_ASYNC_BUFFER_SIZE];
drivers/tty/synclink_gt.c:321:  char char_buf[MAX_ASYNC_BUFFER_SIZE];
drivers/tty/synclink.c:294: char flag_buf[MAX_ASYNC_BUFFER_SIZE];
drivers/tty/synclink.c:295: char char_buf[MAX_ASYNC_BUFFER_SIZE];   
drivers/tty/synclinkmp.c:265:   char flag_buf[MAX_ASYNC_BUFFER_SIZE];
drivers/tty/synclinkmp.c:266:   char char_buf[MAX_ASYNC_BUFFER_SIZE];
include/uapi/linux/synclink.h:54:#define MAX_ASYNC_BUFFER_SIZE  4096

-
Step 2:

one sample in drivers/char/pcmcia/synclink_cs.c: (same for another files)

  we check the framesize according to info->max_frame_size in line 3687..3689.
and call ldisc_receive_buf without checking whether it is larger than 
MAX_ASYNC_BUFFER_SIZE at line 3705
  info->max_frame_size can be the value between 4096 and 65535 in line 
2729..2732.
  ldisc_receive_buf call ld->ops->receive_buf to perform the work.


 496 static void ldisc_receive_buf(struct tty_struct *tty,
 497   const __u8 *data, char *flags, int count)
 498 {
 499 struct tty_ldisc *ld;
 500 if (!tty)
 501 return;
 502 ld = tty_ldisc_ref(tty);
 503 if (ld) {
 504 if (ld->ops->receive_buf)
 505 ld->ops->receive_buf(tty, data, flags, count);
 506 tty_ldisc_deref(ld);
 507 }
 508 }
 ...

2728 
2729 if (info->max_frame_size < 4096)
2730 info->max_frame_size = 4096;
2731 else if (info->max_frame_size > 65535)
2732 info->max_frame_size = 65535;
2733 
...

3686 if (framesize) {
3687 if ((info->params.crc_type & HDLC_CRC_RETURN_EX &&
3688   framesize+1 > info->max_frame_size) ||
3689 framesize > info->max_frame_size)
3690 info->icount.rxlong++;
3691 else {
3692 if (status & BIT5)
3693 info->icount.rxok++;
3694 
3695 if (info->params.crc_type & HDLC_CRC_RETURN_EX) {
3696 *(buf->data + framesize) = status & BIT5 ? 
RX_OK:RX_CRC_ERROR;
3697 ++framesize;
3698 }
3699 
3700 #if SYNCLINK_GENERIC_HDLC
3701 if (info->netcount)
3702 hdlcdev_rx(info, buf->data, framesize);
3703 else
3704 #endif
3705 ldisc_receive_buf(tty, buf->data, 
info->flag_buf, framesize);
3706 }
3707 }

-
Step 3:

one sample in drivers/tty/n_gsm.c  (same for another implementation)

  receive_buf is a function ptr which may be gsmld_receive_buf at line 2819. 
  it does not check the length of count whether larger than 
MAX_ASYNC_BUFFER_SIZE.
  if count is larger than MAX_ASYNC_BUFFER_SIZE, will cause issue.

  it is only a sample, maybe not the function ptr which mentioned in Step 2.
  at lease, I have checked 3 function ptr implementations, none of them check 
the MAX_ASYNC_BUFFER_SIZE.
  the all function ptr searching is at the bottom.

2257 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char 
*cp,
2258   char *fp, int count)
2259 {
2260 struct gsm_mux *gsm = tty->disc_data;
2261 const unsigned char *dp;
2262 char *f;
2263 int i;
2264 char buf[64];
2265 char flags;
2266 
2267 if (debug & 4)
2268 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET,
2269  cp, count);
2270 
2271 for (i = count, dp = cp, f = fp; i; i--, dp++) {
2272 flags = *f++;
2273 switch (flags) {
2274 case TTY_NORMAL:
2275 gsm->receive(gsm, *dp);
2276 break;
2277 case TTY_OVERRUN:
2278

[Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-28 Thread Chen Gang

Hello Greg Kroah-Hartman:

for MAX_ASYNC_BUFFER_SIZE:
  it is defined as 4096;
  but for the max buffer size which it processes, is 65535.
  so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)

  I use 3 Step to prove it, please see below:

by the way:
  I find it only through code review, not test it.
  so I send it as suggestions (not a patch).
  next time:
for the same case, if it is better to send a patch, directly.
please tell me by replying for this mail.
(at least, it can save your time, since you are busy)

gchen.

-
Step 1:

the MAX_ASYNC_BUFFER_SIZE is 4096:

root@gchen-desktop:~/linux# grep -rn MAX_ASYNC_BUFFER_SIZE *
drivers/char/pcmcia/synclink_cs.c:213:  char flag_buf[MAX_ASYNC_BUFFER_SIZE];
drivers/tty/synclink_gt.c:320:  char flag_buf[MAX_ASYNC_BUFFER_SIZE];
drivers/tty/synclink_gt.c:321:  char char_buf[MAX_ASYNC_BUFFER_SIZE];
drivers/tty/synclink.c:294: char flag_buf[MAX_ASYNC_BUFFER_SIZE];
drivers/tty/synclink.c:295: char char_buf[MAX_ASYNC_BUFFER_SIZE];   
drivers/tty/synclinkmp.c:265:   char flag_buf[MAX_ASYNC_BUFFER_SIZE];
drivers/tty/synclinkmp.c:266:   char char_buf[MAX_ASYNC_BUFFER_SIZE];
include/uapi/linux/synclink.h:54:#define MAX_ASYNC_BUFFER_SIZE  4096

-
Step 2:

one sample in drivers/char/pcmcia/synclink_cs.c: (same for another files)

  we check the framesize according to info-max_frame_size in line 3687..3689.
and call ldisc_receive_buf without checking whether it is larger than 
MAX_ASYNC_BUFFER_SIZE at line 3705
  info-max_frame_size can be the value between 4096 and 65535 in line 
2729..2732.
  ldisc_receive_buf call ld-ops-receive_buf to perform the work.


 496 static void ldisc_receive_buf(struct tty_struct *tty,
 497   const __u8 *data, char *flags, int count)
 498 {
 499 struct tty_ldisc *ld;
 500 if (!tty)
 501 return;
 502 ld = tty_ldisc_ref(tty);
 503 if (ld) {
 504 if (ld-ops-receive_buf)
 505 ld-ops-receive_buf(tty, data, flags, count);
 506 tty_ldisc_deref(ld);
 507 }
 508 }
 ...

2728 
2729 if (info-max_frame_size  4096)
2730 info-max_frame_size = 4096;
2731 else if (info-max_frame_size  65535)
2732 info-max_frame_size = 65535;
2733 
...

3686 if (framesize) {
3687 if ((info-params.crc_type  HDLC_CRC_RETURN_EX 
3688   framesize+1  info-max_frame_size) ||
3689 framesize  info-max_frame_size)
3690 info-icount.rxlong++;
3691 else {
3692 if (status  BIT5)
3693 info-icount.rxok++;
3694 
3695 if (info-params.crc_type  HDLC_CRC_RETURN_EX) {
3696 *(buf-data + framesize) = status  BIT5 ? 
RX_OK:RX_CRC_ERROR;
3697 ++framesize;
3698 }
3699 
3700 #if SYNCLINK_GENERIC_HDLC
3701 if (info-netcount)
3702 hdlcdev_rx(info, buf-data, framesize);
3703 else
3704 #endif
3705 ldisc_receive_buf(tty, buf-data, 
info-flag_buf, framesize);
3706 }
3707 }

-
Step 3:

one sample in drivers/tty/n_gsm.c  (same for another implementation)

  receive_buf is a function ptr which may be gsmld_receive_buf at line 2819. 
  it does not check the length of count whether larger than 
MAX_ASYNC_BUFFER_SIZE.
  if count is larger than MAX_ASYNC_BUFFER_SIZE, will cause issue.

  it is only a sample, maybe not the function ptr which mentioned in Step 2.
  at lease, I have checked 3 function ptr implementations, none of them check 
the MAX_ASYNC_BUFFER_SIZE.
  the all function ptr searching is at the bottom.

2257 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char 
*cp,
2258   char *fp, int count)
2259 {
2260 struct gsm_mux *gsm = tty-disc_data;
2261 const unsigned char *dp;
2262 char *f;
2263 int i;
2264 char buf[64];
2265 char flags;
2266 
2267 if (debug  4)
2268 print_hex_dump_bytes(gsmld_receive: , DUMP_PREFIX_OFFSET,
2269  cp, count);
2270 
2271 for (i = count, dp = cp, f = fp; i; i--, dp++) {
2272 flags = *f++;
2273 switch (flags) {
2274 case TTY_NORMAL:
2275 gsm-receive(gsm, *dp);
2276 break;
2277 case TTY_OVERRUN:
2278 case TTY_BREAK:
2279

Re: 【Suggestion】drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-28 Thread Greg KH

On Thu, Nov 29, 2012 at 12:40:49PM +0800, Chen Gang wrote:
 Hello Greg Kroah-Hartman:
 
 for MAX_ASYNC_BUFFER_SIZE:
   it is defined as 4096;
   but for the max buffer size which it processes, is 65535.
   so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)

Please, send tty questions to the linux-ser...@vger.kernel.org list
also.

And, I really don't understand here, why do you want to change this?
What is it going to change?  And why?

greg k-h
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

2012-11-28 Thread Chen Gang

于 2012年11月29日 13:13, Greg KH 写道:
 On Thu, Nov 29, 2012 at 12:40:49PM +0800, Chen Gang wrote:
 Hello Greg Kroah-Hartman:

 for MAX_ASYNC_BUFFER_SIZE:
   it is defined as 4096;
   but for the max buffer size which it processes, is 65535.
   so suggest to #define MAX_ASYNC_BUFFER_SIZE 0x1  (better than 0x)
 
 Please, send tty questions to the linux-ser...@vger.kernel.org list
 also.

  I cc to linux-ser...@vger.kernel.org, in this reply.

  I referenced the file MAINTAINERS, before sent original mail:

  it seems all drivers/tty/serial/* are relative with
linux-ser...@vger.kernel.org. but our case is not relative
drivers/tty/serial. so for not bother them, I am not send to them,
originally.

  in MAINTAINERS, line 7438, I find for common of driver/tty/*, can send
to you and no cc, so I send you and cc to linux-kernel@vger.kernel.org.

  next time, for all tty questions, I will cc to
linux-ser...@vger.kernel.org (not cc to linux-kernel@vger.kernel.org).

 
 And, I really don't understand here, why do you want to change this?
 What is it going to change?  And why?
 

Why:
  for the context MGSLPC_INFO *info in drivers/char/pcmcia/synclink_cs.c
info-max_frame_size can be the value between 4096 .. 65535 (can be
set by its module input parameter)
info-flag_buf length is 4096 (MAX_ASYNC_BUFFER_SIZE)
  in function rx_get_frame
the framesize is limit by info-max_frame_size, but may still be
larger that 4096.
when call function ldisc_receive_buf, info-flag_buf is equal to
4096, but framesize can be more than 4096. it will cause memory over flow.

What:
  #define MAX_ASYNC_BUFFER_SIZE  0x1 (instead of 4096, originally).
  let it match the max frame size.

At last:
  my suggestion may be incorrect, need relative member (who expert about
it) to help checking.


  welcome another suggestion or completions.

  thanks.

gchen.

 greg k-h
 --
 To unsubscribe from this list: send the line unsubscribe linux-kernel in
 the body of a message to majord...@vger.kernel.org
 More majordomo info at  http://vger.kernel.org/majordomo-info.html
 Please read the FAQ at  http://www.tux.org/lkml/
 
 


-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: 【Suggestion】drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

[Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

[Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: 【Suggestion】drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE

24 matches

Site Navigation

Mail list logo

Footer information