[PATCH] usb: storage: sddr55: Fix a possible null-pointer dereference in sddr55_transport()

[PATCH] usb: storage: sddr55: Fix a possible null-pointer dereference in sddr55_transport()

[Jia-Ju Bai]

In sddr55_transport(), there is an if statement on line 836 to check
whether info->lba_to_pba is NULL:
    if (info->lba_to_pba == NULL || ...)

When info->lba_to_pba is NULL, it is used on line 948:
    pba = info->lba_to_pba[lba];

Thus, a possible null-pointer dereference may occur.

To fix this bug, info->lba_to_pba is checked before being used.

This bug is found by a static analysis tool STCheck written by us.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
 drivers/usb/storage/sddr55.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/storage/sddr55.c b/drivers/usb/storage/sddr55.c
index b8527c55335b..50afc39aa21d 100644
--- a/drivers/usb/storage/sddr55.c
+++ b/drivers/usb/storage/sddr55.c
@@ -945,7 +945,8 @@ static int sddr55_transport(struct scsi_cmnd *srb, struct us_data *us)
 			return USB_STOR_TRANSPORT_FAILED;
 		}
 
-		pba = info->lba_to_pba[lba];
+		if (info->lba_to_pba)
+			pba = info->lba_to_pba[lba];
 
 		if (srb->cmnd[0] == WRITE_10) {
 			usb_stor_dbg(us, "WRITE_10: write block %04X (LBA %04X) page %01X pages %d\n",
-- 
2.17.0

Re: [PATCH] usb: storage: sddr55: Fix a possible null-pointer dereference in sddr55_transport()

[Oliver Neukum]

Am Montag, den 29.07.2019, 18:05 +0800 schrieb Jia-Ju Bai:

Hi,

> In sddr55_transport(), there is an if statement on line 836 to check
> whether info->lba_to_pba is NULL:
>     if (info->lba_to_pba == NULL || ...)
> 
> When info->lba_to_pba is NULL, it is used on line 948:
>     pba = info->lba_to_pba[lba];
> 
> Thus, a possible null-pointer dereference may occur.

Yes, in practice READ_CAPACITY will always be called and set
up the correct translation table, but you can probably exploit
this.

> To fix this bug, info->lba_to_pba is checked before being used.
> 
> This bug is found by a static analysis tool STCheck written by us.
> 
> Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
> ---
>  drivers/usb/storage/sddr55.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/storage/sddr55.c b/drivers/usb/storage/sddr55.c
> index b8527c55335b..50afc39aa21d 100644
> --- a/drivers/usb/storage/sddr55.c
> +++ b/drivers/usb/storage/sddr55.c
> @@ -945,7 +945,8 @@ static int sddr55_transport(struct scsi_cmnd *srb, struct us_data *us)
>  			return USB_STOR_TRANSPORT_FAILED;
>  		}
>  
> -		pba = info->lba_to_pba[lba];
> +		if (info->lba_to_pba)
> +			pba = info->lba_to_pba[lba];

If you use that fix, pba will be uninitialized when used. It should be
something like:

pba = info->lba_to_pba ? info->lba_to_pba[lba] : 0;

	Regards
		Oliver

Re: [PATCH] usb: storage: sddr55: Fix a possible null-pointer dereference in sddr55_transport()

[Jia-Ju Bai]

On 2019/7/29 19:15, Oliver Neukum wrote:
> Am Montag, den 29.07.2019, 18:05 +0800 schrieb Jia-Ju Bai:
>
> Hi,
>
>> In sddr55_transport(), there is an if statement on line 836 to check
>> whether info->lba_to_pba is NULL:
>>      if (info->lba_to_pba == NULL || ...)
>>
>> When info->lba_to_pba is NULL, it is used on line 948:
>>      pba = info->lba_to_pba[lba];
>>
>> Thus, a possible null-pointer dereference may occur.
> Yes, in practice READ_CAPACITY will always be called and set
> up the correct translation table, but you can probably exploit
> this.
>
>> To fix this bug, info->lba_to_pba is checked before being used.
>>
>> This bug is found by a static analysis tool STCheck written by us.
>>
>> Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
>> ---
>>   drivers/usb/storage/sddr55.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/usb/storage/sddr55.c b/drivers/usb/storage/sddr55.c
>> index b8527c55335b..50afc39aa21d 100644
>> --- a/drivers/usb/storage/sddr55.c
>> +++ b/drivers/usb/storage/sddr55.c
>> @@ -945,7 +945,8 @@ static int sddr55_transport(struct scsi_cmnd *srb, struct us_data *us)
>>   			return USB_STOR_TRANSPORT_FAILED;
>>   		}
>>   
>> -		pba = info->lba_to_pba[lba];
>> +		if (info->lba_to_pba)
>> +			pba = info->lba_to_pba[lba];
> If you use that fix, pba will be uninitialized when used. It should be
> something like:
>
> pba = info->lba_to_pba ? info->lba_to_pba[lba] : 0;

Thanks for the advice.
I will send a v2 patch.


Best wishes,
Jia-Ju Bai

Re: [PATCH] usb: storage: sddr55: Fix a possible null-pointer dereference in sddr55_transport()

[kbuild test robot]

[-- Attachment #1: Type: text/plain, Size: 20159 bytes --]

Hi Jia-Ju,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on linus/master]
[cannot apply to v5.3-rc2 next-20190729]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Jia-Ju-Bai/usb-storage-sddr55-Fix-a-possible-null-pointer-dereference-in-sddr55_transport/20190729-204126
config: x86_64-randconfig-s0-07291935 (attached as .config)
compiler: gcc-7 (Debian 7.4.0-10) 7.4.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>

Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings

All warnings (new ones prefixed by >>):

   drivers/usb/storage/sddr55.c: In function 'sddr55_transport':
>> drivers/usb/storage/sddr55.c:952:4: warning: 'pba' may be used uninitialized in this function [-Wmaybe-uninitialized]
       usb_stor_dbg(us, "WRITE_10: write block %04X (LBA %04X) page %01X pages %d\n",
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             pba, lba, page, pages);
             ~~~~~~~~~~~~~~~~~~~~~~

vim +/pba +952 drivers/usb/storage/sddr55.c

^1da177e4c3f415 Linus Torvalds 2005-04-16   769  
^1da177e4c3f415 Linus Torvalds 2005-04-16   770  
^1da177e4c3f415 Linus Torvalds 2005-04-16   771  /*
^1da177e4c3f415 Linus Torvalds 2005-04-16   772   * Transport for the Sandisk SDDR-55
^1da177e4c3f415 Linus Torvalds 2005-04-16   773   */
70fcc0050733a7c Alan Stern     2009-02-12   774  static int sddr55_transport(struct scsi_cmnd *srb, struct us_data *us)
^1da177e4c3f415 Linus Torvalds 2005-04-16   775  {
^1da177e4c3f415 Linus Torvalds 2005-04-16   776  	int result;
^1da177e4c3f415 Linus Torvalds 2005-04-16   777  	static unsigned char inquiry_response[8] = {
^1da177e4c3f415 Linus Torvalds 2005-04-16   778  		0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
^1da177e4c3f415 Linus Torvalds 2005-04-16   779  	};
^1da177e4c3f415 Linus Torvalds 2005-04-16   780   	// write-protected for now, no block descriptor support
^1da177e4c3f415 Linus Torvalds 2005-04-16   781  	static unsigned char mode_page_01[20] = {
^1da177e4c3f415 Linus Torvalds 2005-04-16   782  		0x0, 0x12, 0x00, 0x80, 0x0, 0x0, 0x0, 0x0,
^1da177e4c3f415 Linus Torvalds 2005-04-16   783  		0x01, 0x0A,
^1da177e4c3f415 Linus Torvalds 2005-04-16   784  		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
^1da177e4c3f415 Linus Torvalds 2005-04-16   785  	};
^1da177e4c3f415 Linus Torvalds 2005-04-16   786  	unsigned char *ptr = us->iobuf;
^1da177e4c3f415 Linus Torvalds 2005-04-16   787  	unsigned long capacity;
^1da177e4c3f415 Linus Torvalds 2005-04-16   788  	unsigned int lba;
^1da177e4c3f415 Linus Torvalds 2005-04-16   789  	unsigned int pba;
^1da177e4c3f415 Linus Torvalds 2005-04-16   790  	unsigned int page;
^1da177e4c3f415 Linus Torvalds 2005-04-16   791  	unsigned short pages;
^1da177e4c3f415 Linus Torvalds 2005-04-16   792  	struct sddr55_card_info *info;
^1da177e4c3f415 Linus Torvalds 2005-04-16   793  
^1da177e4c3f415 Linus Torvalds 2005-04-16   794  	if (!us->extra) {
887c2560b6ceb5f Oliver Neukum  2006-01-08   795  		us->extra = kzalloc(
^1da177e4c3f415 Linus Torvalds 2005-04-16   796  			sizeof(struct sddr55_card_info), GFP_NOIO);
^1da177e4c3f415 Linus Torvalds 2005-04-16   797  		if (!us->extra)
^1da177e4c3f415 Linus Torvalds 2005-04-16   798  			return USB_STOR_TRANSPORT_ERROR;
^1da177e4c3f415 Linus Torvalds 2005-04-16   799  		us->extra_destructor = sddr55_card_info_destructor;
^1da177e4c3f415 Linus Torvalds 2005-04-16   800  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   801  
^1da177e4c3f415 Linus Torvalds 2005-04-16   802  	info = (struct sddr55_card_info *)(us->extra);
^1da177e4c3f415 Linus Torvalds 2005-04-16   803  
^1da177e4c3f415 Linus Torvalds 2005-04-16   804  	if (srb->cmnd[0] == REQUEST_SENSE) {
191648d03d20229 Joe Perches    2013-04-19   805  		usb_stor_dbg(us, "request sense %02x/%02x/%02x\n",
191648d03d20229 Joe Perches    2013-04-19   806  			     info->sense_data[2],
191648d03d20229 Joe Perches    2013-04-19   807  			     info->sense_data[12],
191648d03d20229 Joe Perches    2013-04-19   808  			     info->sense_data[13]);
^1da177e4c3f415 Linus Torvalds 2005-04-16   809  
^1da177e4c3f415 Linus Torvalds 2005-04-16   810  		memcpy (ptr, info->sense_data, sizeof info->sense_data);
^1da177e4c3f415 Linus Torvalds 2005-04-16   811  		ptr[0] = 0x70;
^1da177e4c3f415 Linus Torvalds 2005-04-16   812  		ptr[7] = 11;
^1da177e4c3f415 Linus Torvalds 2005-04-16   813  		usb_stor_set_xfer_buf (ptr, sizeof info->sense_data, srb);
^1da177e4c3f415 Linus Torvalds 2005-04-16   814  		memset (info->sense_data, 0, sizeof info->sense_data);
^1da177e4c3f415 Linus Torvalds 2005-04-16   815  
^1da177e4c3f415 Linus Torvalds 2005-04-16   816  		return USB_STOR_TRANSPORT_GOOD;
^1da177e4c3f415 Linus Torvalds 2005-04-16   817  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   818  
^1da177e4c3f415 Linus Torvalds 2005-04-16   819  	memset (info->sense_data, 0, sizeof info->sense_data);
^1da177e4c3f415 Linus Torvalds 2005-04-16   820  
f0183a338e4f90e Felipe Balbi   2016-04-18   821  	/*
f0183a338e4f90e Felipe Balbi   2016-04-18   822  	 * Dummy up a response for INQUIRY since SDDR55 doesn't
f0183a338e4f90e Felipe Balbi   2016-04-18   823  	 * respond to INQUIRY commands
f0183a338e4f90e Felipe Balbi   2016-04-18   824  	 */
^1da177e4c3f415 Linus Torvalds 2005-04-16   825  
^1da177e4c3f415 Linus Torvalds 2005-04-16   826  	if (srb->cmnd[0] == INQUIRY) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   827  		memcpy(ptr, inquiry_response, 8);
^1da177e4c3f415 Linus Torvalds 2005-04-16   828  		fill_inquiry_response(us, ptr, 36);
^1da177e4c3f415 Linus Torvalds 2005-04-16   829  		return USB_STOR_TRANSPORT_GOOD;
^1da177e4c3f415 Linus Torvalds 2005-04-16   830  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   831  
f0183a338e4f90e Felipe Balbi   2016-04-18   832  	/*
f0183a338e4f90e Felipe Balbi   2016-04-18   833  	 * only check card status if the map isn't allocated, ie no card seen yet
^1da177e4c3f415 Linus Torvalds 2005-04-16   834  	 * or if it's been over half a second since we last accessed it
^1da177e4c3f415 Linus Torvalds 2005-04-16   835  	 */
^1da177e4c3f415 Linus Torvalds 2005-04-16   836  	if (info->lba_to_pba == NULL || time_after(jiffies, info->last_access + HZ/2)) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   837  
^1da177e4c3f415 Linus Torvalds 2005-04-16   838  		/* check to see if a card is fitted */
^1da177e4c3f415 Linus Torvalds 2005-04-16   839  		result = sddr55_status (us);
^1da177e4c3f415 Linus Torvalds 2005-04-16   840  		if (result) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   841  			result = sddr55_status (us);
^1da177e4c3f415 Linus Torvalds 2005-04-16   842  			if (!result) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   843  			set_sense_info (6, 0x28, 0);	/* new media, set unit attention, not ready to ready */
^1da177e4c3f415 Linus Torvalds 2005-04-16   844  			}
^1da177e4c3f415 Linus Torvalds 2005-04-16   845  			return USB_STOR_TRANSPORT_FAILED;
^1da177e4c3f415 Linus Torvalds 2005-04-16   846  		}
^1da177e4c3f415 Linus Torvalds 2005-04-16   847  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   848  
f0183a338e4f90e Felipe Balbi   2016-04-18   849  	/*
f0183a338e4f90e Felipe Balbi   2016-04-18   850  	 * if we detected a problem with the map when writing,
f0183a338e4f90e Felipe Balbi   2016-04-18   851  	 * don't allow any more access
f0183a338e4f90e Felipe Balbi   2016-04-18   852  	 */
^1da177e4c3f415 Linus Torvalds 2005-04-16   853  	if (info->fatal_error) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   854  
^1da177e4c3f415 Linus Torvalds 2005-04-16   855  		set_sense_info (3, 0x31, 0);
^1da177e4c3f415 Linus Torvalds 2005-04-16   856  		return USB_STOR_TRANSPORT_FAILED;
^1da177e4c3f415 Linus Torvalds 2005-04-16   857  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   858  
^1da177e4c3f415 Linus Torvalds 2005-04-16   859  	if (srb->cmnd[0] == READ_CAPACITY) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   860  
^1da177e4c3f415 Linus Torvalds 2005-04-16   861  		capacity = sddr55_get_capacity(us);
^1da177e4c3f415 Linus Torvalds 2005-04-16   862  
^1da177e4c3f415 Linus Torvalds 2005-04-16   863  		if (!capacity) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   864  			set_sense_info (3, 0x30, 0); /* incompatible medium */
^1da177e4c3f415 Linus Torvalds 2005-04-16   865  			return USB_STOR_TRANSPORT_FAILED;
^1da177e4c3f415 Linus Torvalds 2005-04-16   866  		}
^1da177e4c3f415 Linus Torvalds 2005-04-16   867  
^1da177e4c3f415 Linus Torvalds 2005-04-16   868  		info->capacity = capacity;
^1da177e4c3f415 Linus Torvalds 2005-04-16   869  
f0183a338e4f90e Felipe Balbi   2016-04-18   870  		/*
f0183a338e4f90e Felipe Balbi   2016-04-18   871  		 * figure out the maximum logical block number, allowing for
f0183a338e4f90e Felipe Balbi   2016-04-18   872  		 * the fact that only 250 out of every 256 are used
f0183a338e4f90e Felipe Balbi   2016-04-18   873  		 */
^1da177e4c3f415 Linus Torvalds 2005-04-16   874  		info->max_log_blks = ((info->capacity >> (info->pageshift + info->blockshift)) / 256) * 250;
^1da177e4c3f415 Linus Torvalds 2005-04-16   875  
f0183a338e4f90e Felipe Balbi   2016-04-18   876  		/*
f0183a338e4f90e Felipe Balbi   2016-04-18   877  		 * Last page in the card, adjust as we only use 250 out of
f0183a338e4f90e Felipe Balbi   2016-04-18   878  		 * every 256 pages
f0183a338e4f90e Felipe Balbi   2016-04-18   879  		 */
^1da177e4c3f415 Linus Torvalds 2005-04-16   880  		capacity = (capacity / 256) * 250;
^1da177e4c3f415 Linus Torvalds 2005-04-16   881  
^1da177e4c3f415 Linus Torvalds 2005-04-16   882  		capacity /= PAGESIZE;
^1da177e4c3f415 Linus Torvalds 2005-04-16   883  		capacity--;
^1da177e4c3f415 Linus Torvalds 2005-04-16   884  
^1da177e4c3f415 Linus Torvalds 2005-04-16   885  		((__be32 *) ptr)[0] = cpu_to_be32(capacity);
^1da177e4c3f415 Linus Torvalds 2005-04-16   886  		((__be32 *) ptr)[1] = cpu_to_be32(PAGESIZE);
^1da177e4c3f415 Linus Torvalds 2005-04-16   887  		usb_stor_set_xfer_buf(ptr, 8, srb);
^1da177e4c3f415 Linus Torvalds 2005-04-16   888  
^1da177e4c3f415 Linus Torvalds 2005-04-16   889  		sddr55_read_map(us);
^1da177e4c3f415 Linus Torvalds 2005-04-16   890  
^1da177e4c3f415 Linus Torvalds 2005-04-16   891  		return USB_STOR_TRANSPORT_GOOD;
^1da177e4c3f415 Linus Torvalds 2005-04-16   892  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   893  
^1da177e4c3f415 Linus Torvalds 2005-04-16   894  	if (srb->cmnd[0] == MODE_SENSE_10) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   895  
^1da177e4c3f415 Linus Torvalds 2005-04-16   896  		memcpy(ptr, mode_page_01, sizeof mode_page_01);
^1da177e4c3f415 Linus Torvalds 2005-04-16   897  		ptr[3] = (info->read_only || info->force_read_only) ? 0x80 : 0;
^1da177e4c3f415 Linus Torvalds 2005-04-16   898  		usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
^1da177e4c3f415 Linus Torvalds 2005-04-16   899  
^1da177e4c3f415 Linus Torvalds 2005-04-16   900  		if ( (srb->cmnd[2] & 0x3F) == 0x01 ) {
191648d03d20229 Joe Perches    2013-04-19   901  			usb_stor_dbg(us, "Dummy up request for mode page 1\n");
^1da177e4c3f415 Linus Torvalds 2005-04-16   902  			return USB_STOR_TRANSPORT_GOOD;
^1da177e4c3f415 Linus Torvalds 2005-04-16   903  
^1da177e4c3f415 Linus Torvalds 2005-04-16   904  		} else if ( (srb->cmnd[2] & 0x3F) == 0x3F ) {
191648d03d20229 Joe Perches    2013-04-19   905  			usb_stor_dbg(us, "Dummy up request for all mode pages\n");
^1da177e4c3f415 Linus Torvalds 2005-04-16   906  			return USB_STOR_TRANSPORT_GOOD;
^1da177e4c3f415 Linus Torvalds 2005-04-16   907  		}
^1da177e4c3f415 Linus Torvalds 2005-04-16   908  
^1da177e4c3f415 Linus Torvalds 2005-04-16   909  		set_sense_info (5, 0x24, 0);	/* invalid field in command */
^1da177e4c3f415 Linus Torvalds 2005-04-16   910  		return USB_STOR_TRANSPORT_FAILED;
^1da177e4c3f415 Linus Torvalds 2005-04-16   911  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   912  
^1da177e4c3f415 Linus Torvalds 2005-04-16   913  	if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   914  
191648d03d20229 Joe Perches    2013-04-19   915  		usb_stor_dbg(us, "%s medium removal. Not that I can do anything about it...\n",
^1da177e4c3f415 Linus Torvalds 2005-04-16   916  			     (srb->cmnd[4]&0x03) ? "Prevent" : "Allow");
^1da177e4c3f415 Linus Torvalds 2005-04-16   917  
^1da177e4c3f415 Linus Torvalds 2005-04-16   918  		return USB_STOR_TRANSPORT_GOOD;
^1da177e4c3f415 Linus Torvalds 2005-04-16   919  
^1da177e4c3f415 Linus Torvalds 2005-04-16   920  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   921  
^1da177e4c3f415 Linus Torvalds 2005-04-16   922  	if (srb->cmnd[0] == READ_10 || srb->cmnd[0] == WRITE_10) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   923  
^1da177e4c3f415 Linus Torvalds 2005-04-16   924  		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
^1da177e4c3f415 Linus Torvalds 2005-04-16   925  		page <<= 16;
^1da177e4c3f415 Linus Torvalds 2005-04-16   926  		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
^1da177e4c3f415 Linus Torvalds 2005-04-16   927  		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
^1da177e4c3f415 Linus Torvalds 2005-04-16   928  
^1da177e4c3f415 Linus Torvalds 2005-04-16   929  		page <<= info->smallpageshift;
^1da177e4c3f415 Linus Torvalds 2005-04-16   930  
^1da177e4c3f415 Linus Torvalds 2005-04-16   931  		// convert page to block and page-within-block
^1da177e4c3f415 Linus Torvalds 2005-04-16   932  
^1da177e4c3f415 Linus Torvalds 2005-04-16   933  		lba = page >> info->blockshift;
^1da177e4c3f415 Linus Torvalds 2005-04-16   934  		page = page & info->blockmask;
^1da177e4c3f415 Linus Torvalds 2005-04-16   935  
^1da177e4c3f415 Linus Torvalds 2005-04-16   936  		// locate physical block corresponding to logical block
^1da177e4c3f415 Linus Torvalds 2005-04-16   937  
^1da177e4c3f415 Linus Torvalds 2005-04-16   938  		if (lba >= info->max_log_blks) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   939  
191648d03d20229 Joe Perches    2013-04-19   940  			usb_stor_dbg(us, "Error: Requested LBA %04X exceeds maximum block %04X\n",
191648d03d20229 Joe Perches    2013-04-19   941  				     lba, info->max_log_blks - 1);
^1da177e4c3f415 Linus Torvalds 2005-04-16   942  
^1da177e4c3f415 Linus Torvalds 2005-04-16   943  			set_sense_info (5, 0x24, 0);	/* invalid field in command */
^1da177e4c3f415 Linus Torvalds 2005-04-16   944  
^1da177e4c3f415 Linus Torvalds 2005-04-16   945  			return USB_STOR_TRANSPORT_FAILED;
^1da177e4c3f415 Linus Torvalds 2005-04-16   946  		}
^1da177e4c3f415 Linus Torvalds 2005-04-16   947  
09c020225d3b3bd Jia-Ju Bai     2019-07-29   948  		if (info->lba_to_pba)
^1da177e4c3f415 Linus Torvalds 2005-04-16   949  			pba = info->lba_to_pba[lba];
^1da177e4c3f415 Linus Torvalds 2005-04-16   950  
^1da177e4c3f415 Linus Torvalds 2005-04-16   951  		if (srb->cmnd[0] == WRITE_10) {
191648d03d20229 Joe Perches    2013-04-19  @952  			usb_stor_dbg(us, "WRITE_10: write block %04X (LBA %04X) page %01X pages %d\n",
^1da177e4c3f415 Linus Torvalds 2005-04-16   953  				     pba, lba, page, pages);
^1da177e4c3f415 Linus Torvalds 2005-04-16   954  
^1da177e4c3f415 Linus Torvalds 2005-04-16   955  			return sddr55_write_data(us, lba, page, pages);
^1da177e4c3f415 Linus Torvalds 2005-04-16   956  		} else {
191648d03d20229 Joe Perches    2013-04-19   957  			usb_stor_dbg(us, "READ_10: read block %04X (LBA %04X) page %01X pages %d\n",
^1da177e4c3f415 Linus Torvalds 2005-04-16   958  				     pba, lba, page, pages);
^1da177e4c3f415 Linus Torvalds 2005-04-16   959  
^1da177e4c3f415 Linus Torvalds 2005-04-16   960  			return sddr55_read_data(us, lba, page, pages);
^1da177e4c3f415 Linus Torvalds 2005-04-16   961  		}
^1da177e4c3f415 Linus Torvalds 2005-04-16   962  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   963  
^1da177e4c3f415 Linus Torvalds 2005-04-16   964  
^1da177e4c3f415 Linus Torvalds 2005-04-16   965  	if (srb->cmnd[0] == TEST_UNIT_READY) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   966  		return USB_STOR_TRANSPORT_GOOD;
^1da177e4c3f415 Linus Torvalds 2005-04-16   967  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   968  
^1da177e4c3f415 Linus Torvalds 2005-04-16   969  	if (srb->cmnd[0] == START_STOP) {
^1da177e4c3f415 Linus Torvalds 2005-04-16   970  		return USB_STOR_TRANSPORT_GOOD;
^1da177e4c3f415 Linus Torvalds 2005-04-16   971  	}
^1da177e4c3f415 Linus Torvalds 2005-04-16   972  
^1da177e4c3f415 Linus Torvalds 2005-04-16   973  	set_sense_info (5, 0x20, 0);	/* illegal command */
^1da177e4c3f415 Linus Torvalds 2005-04-16   974  
^1da177e4c3f415 Linus Torvalds 2005-04-16   975  	return USB_STOR_TRANSPORT_FAILED; // FIXME: sense buffer?
^1da177e4c3f415 Linus Torvalds 2005-04-16   976  }
^1da177e4c3f415 Linus Torvalds 2005-04-16   977  
aa519be34f45954 Akinobu Mita   2015-05-06   978  static struct scsi_host_template sddr55_host_template;
70fcc0050733a7c Alan Stern     2009-02-12   979  
70fcc0050733a7c Alan Stern     2009-02-12   980  static int sddr55_probe(struct usb_interface *intf,
70fcc0050733a7c Alan Stern     2009-02-12   981  			 const struct usb_device_id *id)
70fcc0050733a7c Alan Stern     2009-02-12   982  {
70fcc0050733a7c Alan Stern     2009-02-12   983  	struct us_data *us;
70fcc0050733a7c Alan Stern     2009-02-12   984  	int result;
70fcc0050733a7c Alan Stern     2009-02-12   985  
70fcc0050733a7c Alan Stern     2009-02-12   986  	result = usb_stor_probe1(&us, intf, id,
aa519be34f45954 Akinobu Mita   2015-05-06   987  			(id - sddr55_usb_ids) + sddr55_unusual_dev_list,
aa519be34f45954 Akinobu Mita   2015-05-06   988  			&sddr55_host_template);
70fcc0050733a7c Alan Stern     2009-02-12   989  	if (result)
70fcc0050733a7c Alan Stern     2009-02-12   990  		return result;
70fcc0050733a7c Alan Stern     2009-02-12   991  
70fcc0050733a7c Alan Stern     2009-02-12   992  	us->transport_name = "SDDR55";
70fcc0050733a7c Alan Stern     2009-02-12   993  	us->transport = sddr55_transport;
70fcc0050733a7c Alan Stern     2009-02-12   994  	us->transport_reset = sddr55_reset;
70fcc0050733a7c Alan Stern     2009-02-12   995  	us->max_lun = 0;
70fcc0050733a7c Alan Stern     2009-02-12   996  
70fcc0050733a7c Alan Stern     2009-02-12   997  	result = usb_stor_probe2(us);
70fcc0050733a7c Alan Stern     2009-02-12   998  	return result;
70fcc0050733a7c Alan Stern     2009-02-12   999  }
70fcc0050733a7c Alan Stern     2009-02-12  1000  
70fcc0050733a7c Alan Stern     2009-02-12  1001  static struct usb_driver sddr55_driver = {
aa519be34f45954 Akinobu Mita   2015-05-06  1002  	.name =		DRV_NAME,
70fcc0050733a7c Alan Stern     2009-02-12  1003  	.probe =	sddr55_probe,
70fcc0050733a7c Alan Stern     2009-02-12  1004  	.disconnect =	usb_stor_disconnect,
70fcc0050733a7c Alan Stern     2009-02-12  1005  	.suspend =	usb_stor_suspend,
70fcc0050733a7c Alan Stern     2009-02-12  1006  	.resume =	usb_stor_resume,
70fcc0050733a7c Alan Stern     2009-02-12  1007  	.reset_resume =	usb_stor_reset_resume,
70fcc0050733a7c Alan Stern     2009-02-12  1008  	.pre_reset =	usb_stor_pre_reset,
70fcc0050733a7c Alan Stern     2009-02-12  1009  	.post_reset =	usb_stor_post_reset,
70fcc0050733a7c Alan Stern     2009-02-12  1010  	.id_table =	sddr55_usb_ids,
70fcc0050733a7c Alan Stern     2009-02-12  1011  	.soft_unbind =	1,
e73b2db6c9bc5bd Huajun Li      2012-01-14  1012  	.no_dynamic_id = 1,
70fcc0050733a7c Alan Stern     2009-02-12  1013  };
70fcc0050733a7c Alan Stern     2009-02-12  1014  
aa519be34f45954 Akinobu Mita   2015-05-06  1015  module_usb_stor_driver(sddr55_driver, sddr55_host_template, DRV_NAME);

:::::: The code at line 952 was first introduced by commit
:::::: 191648d03d20229523d9a75b8abef56421298d28 usb: storage: Convert US_DEBUGP to usb_stor_dbg

:::::: TO: Joe Perches <joe@perches.com>
:::::: CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 36087 bytes --]