From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752275AbcBUVqB (ORCPT <rfc822;w@1wt.eu>);
	Sun, 21 Feb 2016 16:46:01 -0500
Received: from mail.tnode.com ([46.54.226.45]:42956 "EHLO mail.tnode.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1750708AbcBUVp7 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Sun, 21 Feb 2016 16:45:59 -0500
X-Greylist: delayed 437 seconds by postgrey-1.27 at vger.kernel.org; Sun, 21 Feb 2016 16:45:59 EST
From: Andrej Krpic <ak77@tnode.com>
To: linux-kernel@vger.kernel.org
Cc: jslaby@suse.com, gregkh@linuxfoundation.org, Andrej Krpic <ak77@tnode.com>
Subject: [PATCH 6/8] tty: n_gsm: add missing length field in control channel commands
Date: Sun, 21 Feb 2016 22:38:35 +0100
Message-Id: <1456090717-19913-7-git-send-email-ak77@tnode.com>
X-Mailer: git-send-email 2.7.0
In-Reply-To: <1456090717-19913-1-git-send-email-ak77@tnode.com>
References: <1456090717-19913-1-git-send-email-ak77@tnode.com>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Observing debug output while running initator and responder using n_gsm
shows all control channel commands sent by initiator are malformed
 - they don't include length field (3GPP TS 07.10 ver 7.2.0, 5.4.6.1).

Add length field to transmitted control channel commands in the
gsm_control_transmit) as it is done in gsm_control_reply and expected in
gsm_dlci_command.

Signed-off-by: Andrej Krpic <ak77@tnode.com>
---
 drivers/tty/n_gsm.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 3c4c521..8aa90e0 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1320,12 +1320,13 @@ static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
 
 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
 {
-	struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype);
+	struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype);
 
 	if (msg == NULL)
 		return;
-	msg->data[0] = (ctrl->cmd << 1) | 2 | EA;	/* command */
-	memcpy(msg->data + 1, ctrl->data, ctrl->len);
+	msg->data[0] = (ctrl->cmd << 1) | 2 | EA;   /* command */
+	msg->data[1] = ((ctrl->len) << 1) | EA;
+	memcpy(msg->data + 2, ctrl->data, ctrl->len);
 	gsm_data_queue(gsm->dlci[0], msg);
 }
 
-- 
2.7.0