tty: n_gsm: Modify gsmtty driver register method when config requester

dvdgomez · dvdgomez · commit ebf5f969a725 · 2025-05-15T11:30:44.000-07:00
jira VULN-676 cve-pre CVE-2023-6546 commit-author Zhenguo Zhao <Zhenguo.Zhao1@unisoc.com> commit 5b87686 As requester,because n_gsm has no uevent report for application,the application can't know dlci connect or disconnect. The application will control every dlcl dev by uevent,when application receive gsmtty0 dev remove uevent,it will close mux function,and change to normal mode. Example: Before modify: gsmld receive DLC0 DISC,no event report to application gsmld receive DLC1 SABM,no event report to application gsmld receive DLC1 DISC,no event report to application After modify: Receive DLC0 DISC,report "/devices/virtual/tty/gsmtty0" remove uevent Receive DLC1 SABM,report "/devices/virtual/tty/gsmtty1" add uevent Receive DLC1 DISC,report "/devices/virtual/tty/gsmtty1" remove uevent Signed-off-by: Zhenguo Zhao <Zhenguo.Zhao1@unisoc.com> Link: https://lore.kernel.org/r/1629461872-26965-7-git-send-email-zhenguo6858@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 5b87686) Signed-off-by: David Gomez <dgomez@ciq.com>
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
@@ -1429,6 +1429,8 @@ static void gsm_dlci_close(struct gsm_dlci *dlci)
 		kfifo_reset(&dlci->fifo);
 	} else
 		dlci->gsm->dead = true;
+	/* Unregister gsmtty driver,report gsmtty dev remove uevent for user */
+	tty_unregister_device(gsm_tty_driver, dlci->addr);
 	wake_up(&dlci->gsm->event);
 	/* A DLCI 0 close is a MUX termination so we need to kick that
 	   back to userspace somehow */
@@ -1450,6 +1452,8 @@ static void gsm_dlci_open(struct gsm_dlci *dlci)
 	dlci->state = DLCI_OPEN;
 	if (debug & 8)
 		pr_debug("DLCI %d goes open.\n", dlci->addr);
+	/* Register gsmtty driver,report gsmtty dev add uevent for user */
+	tty_register_device(gsm_tty_driver, dlci->addr, NULL);
 	wake_up(&dlci->gsm->event);
 }
 
@@ -2384,17 +2388,19 @@ static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
 	else {
 		/* Don't register device 0 - this is the control channel and not
 		   a usable tty interface */
-		base = mux_num_to_base(gsm); /* Base for this MUX */
-		for (i = 1; i < NUM_DLCI; i++) {
-			struct device *dev;
+		if (gsm->initiator) {
+			base = mux_num_to_base(gsm); /* Base for this MUX */
+			for (i = 1; i < NUM_DLCI; i++) {
+				struct device *dev;
 
-			dev = tty_register_device(gsm_tty_driver,
+				dev = tty_register_device(gsm_tty_driver,
 							base + i, NULL);
-			if (IS_ERR(dev)) {
-				for (i--; i >= 1; i--)
-					tty_unregister_device(gsm_tty_driver,
-								base + i);
-				return PTR_ERR(dev);
+				if (IS_ERR(dev)) {
+					for (i--; i >= 1; i--)
+						tty_unregister_device(gsm_tty_driver,
+									base + i);
+					return PTR_ERR(dev);
+				}
 			}
 		}
 	}
@@ -2416,8 +2422,10 @@ static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
 	int i;
 
 	WARN_ON(tty != gsm->tty);
-	for (i = 1; i < NUM_DLCI; i++)
-		tty_unregister_device(gsm_tty_driver, base + i);
+	if (gsm->initiator) {
+		for (i = 1; i < NUM_DLCI; i++)
+			tty_unregister_device(gsm_tty_driver, base + i);
+	}
 	gsm_cleanup_mux(gsm);
 	tty_kref_put(gsm->tty);
 	gsm->tty = NULL;
