From: Avri Altman <Avri.Altman@wdc.com>
To: Bean Huo <huobean@gmail.com>,
"alim.akhtar@samsung.com" <alim.akhtar@samsung.com>,
"asutoshd@codeaurora.org" <asutoshd@codeaurora.org>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"martin.petersen@oracle.com" <martin.petersen@oracle.com>,
"stanley.chu@mediatek.com" <stanley.chu@mediatek.com>,
"beanhuo@micron.com" <beanhuo@micron.com>,
"bvanassche@acm.org" <bvanassche@acm.org>,
"tomas.winkler@intel.com" <tomas.winkler@intel.com>,
"cang@codeaurora.org" <cang@codeaurora.org>
Cc: "linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH v4 3/4] scsi: ufs: cleanup ufs initialization path
Date: Sat, 30 May 2020 06:37:17 +0000 [thread overview]
Message-ID: <SN6PR04MB464078AE07966E53FFB237F5FC8C0@SN6PR04MB4640.namprd04.prod.outlook.com> (raw)
In-Reply-To: <20200529164054.27552-4-huobean@gmail.com>
> - case QUERY_DESC_IDN_RFU_0:
> - case QUERY_DESC_IDN_RFU_1:
You forgot to check that desc_id < QUERY_DESC_IDN_MAX
> + if (desc_id == QUERY_DESC_IDN_RFU_0 || desc_id ==
> QUERY_DESC_IDN_RFU_1)
> *desc_len = 0;
> - break;
> - default:
> - *desc_len = 0;
> - return -EINVAL;
> - }
> - return 0;
> + else
> + *desc_len = hba->desc_size[desc_id];
> }
> EXPORT_SYMBOL(ufshcd_map_desc_id_to_length);
>
> +static void ufshcd_update_desc_length(struct ufs_hba *hba,
> + enum desc_idn desc_id,
> + unsigned char desc_len)
> +{
> + if (hba->desc_size[desc_id] == QUERY_DESC_MAX_SIZE &&
> + desc_id != QUERY_DESC_IDN_STRING)
> + hba->desc_size[desc_id] = desc_len;
> +}
> +
> /**
> * ufshcd_read_desc_param - read the specified descriptor parameter
> * @hba: Pointer to adapter instance
> @@ -3168,16 +3105,11 @@ int ufshcd_read_desc_param(struct ufs_hba
> *hba,
> if (desc_id >= QUERY_DESC_IDN_MAX || !param_size)
> return -EINVAL;
>
> - /* Get the max length of descriptor from structure filled up at probe
> - * time.
> - */
> - ret = ufshcd_map_desc_id_to_length(hba, desc_id, &buff_len);
> -
> - /* Sanity checks */
> - if (ret || !buff_len) {
> - dev_err(hba->dev, "%s: Failed to get full descriptor length",
> - __func__);
> - return ret;
> + /* Get the length of descriptor */
> + ufshcd_map_desc_id_to_length(hba, desc_id, &buff_len);
> + if (!buff_len) {
> + dev_err(hba->dev, "%s: Failed to get desc length", __func__);
> + return -EINVAL;
> }
>
> /* Check whether we need temp memory */
The first time we are reading the descriptor, we no longer can rely on its true size.
So for this check, buff_len is 256 and kmalloc will always happen.
Do you think that this check is still relevant?
/* Check whether we need temp memory */
if (param_offset != 0 || param_size < buff_len) {
desc_buf = kmalloc(buff_len, GFP_KERNEL);
if (!desc_buf)
return -ENOMEM;
} else {
desc_buf = param_read_buf;
is_kmalloc = false;
}
> @@ -3209,6 +3141,9 @@ int ufshcd_read_desc_param(struct ufs_hba *hba,
> goto out;
> }
>
> + ufshcd_update_desc_length(hba, desc_id,
> + desc_buf[QUERY_DESC_LENGTH_OFFSET]);
> +
> /* Check wherher we will not copy more data, than available */
> if (is_kmalloc && param_size > buff_len)
> param_size = buff_len;
And here, we might want to update buff_len to hold the true descriptor size,
Before checking the copy-back buffer.
Thanks,
Avri
next prev parent reply other threads:[~2020-05-30 6:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-29 16:40 [PATCH v4 0/4] scsi: ufs: cleanup ufs initialization Bean Huo
2020-05-29 16:40 ` [PATCH v4 1/4] scsi: ufs: remove max_t in ufs_get_device_desc Bean Huo
2020-05-29 17:37 ` Stanley Chu
2020-05-29 16:40 ` [PATCH v4 2/4] scsi: ufs: delete ufshcd_read_desc() Bean Huo
2020-05-29 16:40 ` [PATCH v4 3/4] scsi: ufs: cleanup ufs initialization path Bean Huo
2020-05-30 6:37 ` Avri Altman [this message]
2020-05-30 18:38 ` Bean Huo
2020-05-31 15:11 ` Bean Huo
2020-05-29 16:40 ` [PATCH v4 4/4] scsi: ufs: add compatibility with 3.1 UFS unit descriptor length Bean Huo
2020-05-30 6:56 ` Avri Altman
2020-05-30 18:33 ` Bean Huo
2020-05-30 19:43 ` Avri Altman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SN6PR04MB464078AE07966E53FFB237F5FC8C0@SN6PR04MB4640.namprd04.prod.outlook.com \
--to=avri.altman@wdc.com \
--cc=alim.akhtar@samsung.com \
--cc=asutoshd@codeaurora.org \
--cc=beanhuo@micron.com \
--cc=bvanassche@acm.org \
--cc=cang@codeaurora.org \
--cc=huobean@gmail.com \
--cc=jejb@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=stanley.chu@mediatek.com \
--cc=tomas.winkler@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).