tty/n_gsm: fix bug in CRC calculation for gsm1 mode

Problem description:
  gsm_queue() calculate a CRC for arrived frames. As a last step of
  CRC calculation it call

    gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);

  This work perfectly for the case of GSM0 mode as gsm->received_fcs
  contain the last piece of data required to generate final CRC.

  gsm->received_fcs is not used for GSM1 mode. Thus we put an
  additional byte to CRC calculation. As result we get a wrong CRC
  and reject incoming frame.

Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy@gmail.com>
Acked-by: Alan Cox <alan@linux.intel.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 47f8cdb207f14089fcb2eaa3f284cdb11f58228c..74273e638c0dfce1d0350a14d57502a5692ee7d9 100644 (file)
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1658,8 +1658,12 @@ static void gsm_queue(struct gsm_mux *gsm)
 
        if ((gsm->control & ~PF) == UI)
                gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
-       /* generate final CRC with received FCS */
-       gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
+       if (gsm->encoding == 0){
+               /* WARNING: gsm->received_fcs is used for gsm->encoding = 0 only.
+                           In this case it contain the last piece of data
+                           required to generate final CRC */
+               gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
+       }
        if (gsm->fcs != GOOD_FCS) {
                gsm->bad_fcs++;
                if (debug & 4)