net: mctp-serial: Fix missing escapes on transmit

0x7d and 0x7e bytes are meant to be escaped in the data portion of
frames, but this didn't occur since next_chunk_len() had an off-by-one
error. That also resulted in the final byte of a payload being written
as a separate tty write op.

The chunk prior to an escaped byte would be one byte short, and the
next call would never test the txpos+1 case, which is where the escaped
byte was located. That meant it never hit the escaping case in
mctp_serial_tx_work().

Example Input: 01 00 08 c8 7e 80 02

Previous incorrect chunks from next_chunk_len():

01 00 08
c8 7e 80
02

With this fix:

01 00 08 c8
7e
80 02

Cc: stable@vger.kernel.org
Fixes: a0c2ccd9b5ad ("mctp: Add MCTP-over-serial transport binding")
Signed-off-by: Matt Johnston <matt@codeconstruct.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/mctp/mctp-serial.c b/drivers/net/mctp/mctp-serial.c
index 7a40d07ff77bbec1e314ddc4b7b38005782ee3f7..f39bbe255497df939db098e9d5e34d30d7ec4679 100644 (file)
--- a/drivers/net/mctp/mctp-serial.c
+++ b/drivers/net/mctp/mctp-serial.c
@@ -91,8 +91,8 @@ static int next_chunk_len(struct mctp_serial *dev)
         * will be those non-escaped bytes, and does not include the escaped
         * byte.
         */
-       for (i = 1; i + dev->txpos + 1 < dev->txlen; i++) {
-               if (needs_escape(dev->txbuf[dev->txpos + i + 1]))
+       for (i = 1; i + dev->txpos < dev->txlen; i++) {
+               if (needs_escape(dev->txbuf[dev->txpos + i]))
                        break;
        }