All of lore.kernel.org
 help / color / mirror / Atom feed
From: Daejun Park <daejun7.park@samsung.com>
To: "cang@codeaurora.org" <cang@codeaurora.org>
Cc: ALIM AKHTAR <alim.akhtar@samsung.com>,
	"asutoshd@codeaurora.org" <asutoshd@codeaurora.org>,
	"avri.altman@wdc.com" <avri.altman@wdc.com>,
	"beanhuo@micron.com" <beanhuo@micron.com>,
	"bvanassche@acm.org" <bvanassche@acm.org>,
	"hongwus@codeaurora.org" <hongwus@codeaurora.org>,
	"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
	"kernel-team@android.com" <kernel-team@android.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
	"martin.petersen@oracle.com" <martin.petersen@oracle.com>,
	"nguyenb@codeaurora.org" <nguyenb@codeaurora.org>,
	"rnayak@codeaurora.org" <rnayak@codeaurora.org>,
	"salyzyn@google.com" <salyzyn@google.com>,
	"saravanak@google.com" <saravanak@google.com>,
	"stanley.chu@mediatek.com" <stanley.chu@mediatek.com>
Subject: RE: [PATCH v2 1/1] scsi: ufs: Fix unexpected values get from ufshcd_read_desc_param()
Date: Fri, 23 Oct 2020 15:35:28 +0900	[thread overview]
Message-ID: <963815509.21603435202191.JavaMail.epsvc@epcpadp1> (raw)
In-Reply-To: CGME20201023063528epcms2p11b57d929a926d582539ce4e1a57caf80@epcms2p1

Hi, Can Guo

>Since WB feature has been added, WB related sysfs entries can be accessed
>even when an UFS device does not support WB feature. In that case, the
>descriptors which are not supported by the UFS device may be wrongly
>reported when they are accessed from their corrsponding sysfs entries.
>Fix it by adding a sanity check of parameter offset against the actual
>decriptor length.
>
>Signed-off-by: Can Guo <cang@codeaurora.org>
>---
> drivers/scsi/ufs/ufshcd.c | 24 +++++++++++++++---------
> 1 file changed, 15 insertions(+), 9 deletions(-)
>
>diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
>index a2ebcc8..aeec10d 100644
>--- a/drivers/scsi/ufs/ufshcd.c
>+++ b/drivers/scsi/ufs/ufshcd.c
>@@ -3184,13 +3184,19 @@ int ufshcd_read_desc_param(struct ufs_hba *hba,
> 	/* Get the length of descriptor */
> 	ufshcd_map_desc_id_to_length(hba, desc_id, &buff_len);
> 	if (!buff_len) {
>-		dev_err(hba->dev, "%s: Failed to get desc length", __func__);
>+		dev_err(hba->dev, "%s: Failed to get desc length\n", __func__);
>+		return -EINVAL;
>+	}
>+
>+	if (param_offset >= buff_len) {
>+		dev_err(hba->dev, "%s: Invalid offset 0x%x in descriptor IDN 0x%x, length 0x%x\n",
>+			__func__, param_offset, desc_id, buff_len);

In my understanding, this code seems to check incorrect access to not
supportted features (e.g. WB) via buff_len value from
ufshcd_map_desc_id_to_length().
However, since buff_len is initialized as QUERY_DESC_MAX_SIZE and is
updated later by ufshcd_update_desc_length(), So it is impossible to find
incorrect access by checking buff_len at first time.

Thanks,
Daejun

       reply	other threads:[~2020-10-23  6:40 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20201023063528epcms2p11b57d929a926d582539ce4e1a57caf80@epcms2p1>
2020-10-23  6:35 ` Daejun Park [this message]
2020-10-26  2:56   ` [PATCH v2 1/1] scsi: ufs: Fix unexpected values get from ufshcd_read_desc_param() Can Guo
     [not found]   ` <CGME20201023063528epcms2p11b57d929a926d582539ce4e1a57caf80@epcms2p3>
2020-10-30  7:19     ` Daejun Park
2020-10-22  5:59 Can Guo
2020-10-22  6:37 ` Avri Altman
2020-10-26  3:19   ` Can Guo
2020-10-26  5:22     ` Avri Altman
2020-10-26  7:01       ` Can Guo
2020-11-10 22:23 ` Asutosh Das (asd)
2020-11-19 15:03 ` Martin K. Petersen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=963815509.21603435202191.JavaMail.epsvc@epcpadp1 \
    --to=daejun7.park@samsung.com \
    --cc=alim.akhtar@samsung.com \
    --cc=asutoshd@codeaurora.org \
    --cc=avri.altman@wdc.com \
    --cc=beanhuo@micron.com \
    --cc=bvanassche@acm.org \
    --cc=cang@codeaurora.org \
    --cc=hongwus@codeaurora.org \
    --cc=jejb@linux.ibm.com \
    --cc=kernel-team@android.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=martin.petersen@oracle.com \
    --cc=nguyenb@codeaurora.org \
    --cc=rnayak@codeaurora.org \
    --cc=salyzyn@google.com \
    --cc=saravanak@google.com \
    --cc=stanley.chu@mediatek.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.