[PATCH v1 0/2] Two fixes for UFS

[PATCH v1 0/2] Two fixes for UFS

[Bean Huo]

From: Bean Huo <beanhuo@micron.com>



Bean Huo (2):
  scsi: ufs: ufshpb: Fix NULL pointer dereference
  scsi: ufs: core: Fix a non-constant function argument name

 drivers/scsi/ufs/ufshcd.c | 2 +-
 drivers/scsi/ufs/ufshpb.c | 3 ---
 2 files changed, 1 insertion(+), 4 deletions(-)

-- 
2.25.1

[PATCH v1 1/2] scsi: ufs: ufshpb: Fix NULL pointer dereference

[Bean Huo]

From: Bean Huo <beanhuo@micron.com>

Before ufshcd_scsi_add_wlus() is executed, call ufshcd_rpm_{get/put}_sync(),
"Null pointer dereference" issue will be triggered. Because hba->sdev_ufs_device
is initialized in ufshcd_scsi_add_wlus() later.

Unable to handle kernel NULL pointer dereference at virtual address
0000000000000348
Mem abort info:
  ESR = 0x96000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004
  CM = 0, WnR = 0
[0000000000000348] user address but active_mm is swapper
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 91 Comm: kworker/u16:1 Not tainted 5.15.0-rc1-beanhuo-linaro-1423
Hardware name: MicronRB (DT)
Workqueue: events_unbound async_run_entry_fn
pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : pm_runtime_drop_link+0x128/0x338
lr : ufshpb_get_dev_info+0x8c/0x148
sp : ffff800012573c10
x29: ffff800012573c10 x28: 0000000000000000 x27: 0000000000000003
x26: ffff000001d21298 x25: 000000005abcea60 x24: ffff800011d89000
x23: 0000000000000001 x22: ffff000001d21880 x21: ffff000001ec9300
x20: 0000000000000004 x19: 0000000000000198 x18: ffffffffffffffff
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000041400
x14: 5eee00201100200a x13: 000000000000bb03 x12: 0000000000000000
x11: 0000000000000100 x10: 0200000000000000 x9 : bb0000021a162c01
x8 : 0302010021021003 x7 : 0000000000000000 x6 : ffff800012573af0
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000200
x2 : 0000000000000348 x1 : 0000000000000348 x0 : ffff80001095308c
Call trace:
 pm_runtime_drop_link+0x128/0x338
 ufshpb_get_dev_info+0x8c/0x148
 ufshcd_probe_hba+0xda0/0x11b8
 ufshcd_async_scan+0x34/0x330
 async_run_entry_fn+0x38/0x180
 process_one_work+0x1f4/0x498
 worker_thread+0x48/0x480
 kthread+0x140/0x158
 ret_from_fork+0x10/0x20
Code: 88027c01 35ffffa2 17fff6c4 f9800051 (885f7c40)
---[ end trace 2ba541335f595c95 ]

Since ufshpb_get_dev_info() is only called in asynchronous execution
ufshcd_async_scan(), and before ufshpb_get_dev_info(), pm_runtime_get_sync()
has been called:

...
/* Hold auto suspend until async scan completes */
pm_runtime_get_sync(dev);
atomic_set(&hba->scsi_block_reqs_cnt, 0);
...
ufshcd_async_scan()
{
 ufshcd_probe_hba(hba, true);
 ufshcd_device_params_init(hba);
 ufshpb_get_dev_info();
 ...
 pm_runtime_put_sync(hba->dev);
}

Remove ufshcd_rpmb_rpm_{get/put}_sync() from ufshpb_get_dev_info(), fix
this issue.

Fixes: 351b3a849ac7 ("scsi: ufs: ufshpb: Use proper power management API")
Signed-off-by: Bean Huo <beanhuo@micron.com>
---
 drivers/scsi/ufs/ufshpb.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/drivers/scsi/ufs/ufshpb.c b/drivers/scsi/ufs/ufshpb.c
index 9ea639bf6a59..33a38c06a296 100644
--- a/drivers/scsi/ufs/ufshpb.c
+++ b/drivers/scsi/ufs/ufshpb.c
@@ -2877,11 +2877,8 @@ void ufshpb_get_dev_info(struct ufs_hba *hba, u8 *desc_buf)
 	if (version == HPB_SUPPORT_LEGACY_VERSION)
 		hpb_dev_info->is_legacy = true;
 
-	ufshcd_rpm_get_sync(hba);
 	ret = ufshcd_query_attr_retry(hba, UPIU_QUERY_OPCODE_READ_ATTR,
 		QUERY_ATTR_IDN_MAX_HPB_SINGLE_CMD, 0, 0, &max_hpb_single_cmd);
-	ufshcd_rpm_put_sync(hba);
-
 	if (ret)
 		dev_err(hba->dev, "%s: idn: read max size of single hpb cmd query request failed",
 			__func__);
-- 
2.25.1

[PATCH v1 2/2] scsi: ufs: core: Fix a non-constant function argument name

[Bean Huo]

From: Bean Huo <beanhuo@micron.com>

Since commit 568dd9959611 ("scsi: ufs: Rename the second
ufshcd_probe_hba() argument"), the second ufshcd_probe_hba()
argument has been changed to init_dev_params.

Fixes: 568dd9959611 ("scsi: ufs: Rename the second ufshcd_probe_hba() argument")
Signed-off-by: Bean Huo <beanhuo@micron.com>
---
 drivers/scsi/ufs/ufshcd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index debef631c89a..081092418e2d 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -225,7 +225,7 @@ static int ufshcd_eh_host_reset_handler(struct scsi_cmnd *cmd);
 static int ufshcd_clear_tm_cmd(struct ufs_hba *hba, int tag);
 static void ufshcd_hba_exit(struct ufs_hba *hba);
 static int ufshcd_clear_ua_wluns(struct ufs_hba *hba);
-static int ufshcd_probe_hba(struct ufs_hba *hba, bool async);
+static int ufshcd_probe_hba(struct ufs_hba *hba, bool init_dev_params);
 static int ufshcd_setup_clocks(struct ufs_hba *hba, bool on);
 static int ufshcd_uic_hibern8_enter(struct ufs_hba *hba);
 static inline void ufshcd_add_delay_before_dme_cmd(struct ufs_hba *hba);
-- 
2.25.1