From: Paul Fulghum <paulkf@microgate.com>
To: Chen Gang <gang.chen@asianux.com>
Cc: Greg KH <gregkh@linuxfoundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-serial@vger.kernel.org, Alan Cox <alan@lxorguk.ukuu.org.uk>
Subject: Re: [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE
Date: Fri, 30 Nov 2012 10:24:12 -0600 [thread overview]
Message-ID: <50B8DDAC.8070901@microgate.com> (raw)
In-Reply-To: <50B81F76.8020508@asianux.com>
On 11/29/2012 8:52 PM, Chen Gang wrote:
> 于 2012年11月30日 02:32, Greg KH 写道:
>> On Thu, Nov 29, 2012 at 01:57:59PM +0800, Chen Gang wrote:
>>>> And, I really don't understand here, why do you want to change this?
>>>> What is it going to change? And why?
>>>
>>> Why:
>>> for the context MGSLPC_INFO *info in drivers/char/pcmcia/synclink_cs.c
>>> info->max_frame_size can be the value between 4096 .. 65535 (can be
>>> set by its module input parameter)
>>> info->flag_buf length is 4096 (MAX_ASYNC_BUFFER_SIZE)
>>> in function rx_get_frame
>>> the framesize is limit by info->max_frame_size, but may still be
>>> larger that 4096.
>>> when call function ldisc_receive_buf, info->flag_buf is equal to
>>> 4096, but framesize can be more than 4096. it will cause memory over flow.
The confusion centers on calling the line discipline receive_buf
function with a data buffer larger than the flag buffer.
The synclink drivers support asynchronous and synchronous (HDLC)
serial communications.
In asynchronous mode, the tty flip buffer is used to feed
data to the line discipline. In this mode, the above argument
does not apply. The receive_buf function is not called directly.
In synchronous mode, the driver calls the line discipline
receive_buf function directly to feed one HDLC frame
of data per call. Maintaining frame boundaries is needed
in this mode. This is done only with the N_HDLC line
discipline which expects this format and ignores the flag buffer.
The flag buffer passed is just a place holder to meet the
calling conventions of the line discipline receive_buf function.
The only danger is if:
1. driver is configured for synchronous mode
2. driver is configured for frames > 4K
3. line discipline other than N_HDLC is selected
In this case the line discipline might try to access
beyond the end of the flag buffer. This is a non-functional
configuration that would not occur on purpose.
Increasing the flag buffer size would prevent a problem
in this degenerate case of purposeful misconfiguration.
This would be at the expense of larger allocations that are
not used.
I think the correct fix is for me to change the direct
calls to pass the same buffer for both data and flag and
add a comment describing the fact the flag buffer is ignored
when using N_HDLC. That way a misconfigured setup won't
cause problems and no unneeded allocations are made.
My suggestion is to leave it as is for now until I can make
those changes. I admit the current code is ugly enough to
cause confusion (sorry Chen Gang), but I don't see any immediate danger.
--
Paul Fulghum
MicroGate Systems, Ltd.
=Customer Driven, by Design=
(800)444-1982 (US Sales)
(512)345-7791 x102 (Direct)
(512)343-9046 (Fax)
Central Time Zone (GMT -6h)
www.microgate.com
next prev parent reply other threads:[~2012-11-30 16:24 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <50B6E751.9000000@asianux.com>
[not found] ` <20121129051335.GA4375@kroah.com>
2012-11-29 5:57 ` [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE Chen Gang
2012-11-29 6:14 ` [PATCH] MAINTAINERS: TTY - Add linux-serial mailing list Joe Perches
2012-11-29 6:27 ` Chen Gang
2012-11-29 8:23 ` Jiri Slaby
2012-11-29 18:32 ` [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE Greg KH
2012-11-30 2:52 ` Chen Gang
[not found] ` <C7D3911F-7B6B-4353-A84B-0218FAB27198@microgate.com>
2012-11-30 6:28 ` Chen Gang
2012-11-30 7:14 ` Chen Gang
2012-11-30 16:24 ` Paul Fulghum [this message]
2012-11-30 19:46 ` [PATCH] synclink fix ldisc buffer argument Paul Fulghum
2012-12-02 15:13 ` Alan Cox
[not found] ` <F6B8A325-7DBF-4623-B16C-CDC5642EFD16@microgate.com>
2012-12-02 18:10 ` Alan Cox
[not found] ` <989CB961-79F8-479B-B16C-41358A60AC94@microgate.com>
2012-12-03 2:20 ` Chen Gang
2012-12-03 16:03 ` Paul Fulghum
2012-12-05 1:57 ` Chen Gang
2012-12-19 2:23 ` Chen Gang
2012-12-19 4:09 ` Greg KH
2012-12-19 4:10 ` Chen Gang
2012-12-20 4:16 ` [PATCH] drivers/tty/synclink: let receive buffer size match max frame size Chen Gang
2012-12-03 17:13 ` [PATCH] synclink fix ldisc buffer argument Paul Fulghum
2012-12-05 1:35 ` Chen Gang
2012-12-07 2:15 ` Chen Gang
2012-12-10 1:32 ` [Consult]: " Chen Gang
2012-12-01 9:01 ` [Suggestion] drivers/tty: drivers/char/: for MAX_ASYNC_BUFFER_SIZE Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50B8DDAC.8070901@microgate.com \
--to=paulkf@microgate.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=gang.chen@asianux.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).