From: <peter.wang@mediatek.com>
To: <stanley.chu@mediatek.com>, <linux-scsi@vger.kernel.org>,
<martin.petersen@oracle.com>, <avri.altman@wdc.com>,
<alim.akhtar@samsung.com>, <jejb@linux.ibm.com>
Cc: <wsd_upstream@mediatek.com>, <linux-mediatek@lists.infradead.org>,
<peter.wang@mediatek.com>, <chun-hung.wu@mediatek.com>,
<alice.chao@mediatek.com>, <cc.chou@mediatek.com>,
<chaotian.jing@mediatek.com>, <jiajie.hao@mediatek.com>,
<powen.kao@mediatek.com>, <qilin.tan@mediatek.com>,
<lin.gui@mediatek.com>, <mikebi@micron.com>, <beanhuo@micron.com>
Subject: [PATCH v1] scsi: ufs: scsi_get_lba error fix by check cmd opcode
Date: Mon, 7 Mar 2022 19:17:52 +0800 [thread overview]
Message-ID: <20220307111752.10465-1-peter.wang@mediatek.com> (raw)
From: Peter Wang <peter.wang@mediatek.com>
When ufs init without scmd->device->sector_size set,
scsi_get_lba will get a wrong shift number and ubsan error.
shift exponent 4294967286 is too large for 64-bit type
'sector_t' (aka 'unsigned long long')
Call scsi_get_lba only when opcode is READ_10/WRITE_10/UNMAP.
Signed-off-by: Peter Wang <peter.wang@mediatek.com>
---
drivers/scsi/ufs/ufshcd.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index 9349557b8a01..3c4caee8fb93 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -367,7 +367,7 @@ static void ufshcd_add_uic_command_trace(struct ufs_hba *hba,
static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag,
enum ufs_trace_str_t str_t)
{
- u64 lba;
+ u64 lba = 0;
u8 opcode = 0, group_id = 0;
u32 intr, doorbell;
struct ufshcd_lrb *lrbp = &hba->lrb[tag];
@@ -384,7 +384,6 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag,
return;
opcode = cmd->cmnd[0];
- lba = scsi_get_lba(cmd);
if (opcode == READ_10 || opcode == WRITE_10) {
/*
@@ -392,6 +391,7 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag,
*/
transfer_len =
be32_to_cpu(lrbp->ucd_req_ptr->sc.exp_data_transfer_len);
+ lba = scsi_get_lba(cmd);
if (opcode == WRITE_10)
group_id = lrbp->cmd->cmnd[6];
} else if (opcode == UNMAP) {
@@ -399,6 +399,7 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag,
* The number of Bytes to be unmapped beginning with the lba.
*/
transfer_len = blk_rq_bytes(rq);
+ lba = scsi_get_lba(cmd);
}
intr = ufshcd_readl(hba, REG_INTERRUPT_STATUS);
--
2.18.0
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
WARNING: multiple messages have this Message-ID (diff)
From: <peter.wang@mediatek.com>
To: <stanley.chu@mediatek.com>, <linux-scsi@vger.kernel.org>,
<martin.petersen@oracle.com>, <avri.altman@wdc.com>,
<alim.akhtar@samsung.com>, <jejb@linux.ibm.com>
Cc: <wsd_upstream@mediatek.com>, <linux-mediatek@lists.infradead.org>,
<peter.wang@mediatek.com>, <chun-hung.wu@mediatek.com>,
<alice.chao@mediatek.com>, <cc.chou@mediatek.com>,
<chaotian.jing@mediatek.com>, <jiajie.hao@mediatek.com>,
<powen.kao@mediatek.com>, <qilin.tan@mediatek.com>,
<lin.gui@mediatek.com>, <mikebi@micron.com>, <beanhuo@micron.com>
Subject: [PATCH v1] scsi: ufs: scsi_get_lba error fix by check cmd opcode
Date: Mon, 7 Mar 2022 19:17:52 +0800 [thread overview]
Message-ID: <20220307111752.10465-1-peter.wang@mediatek.com> (raw)
From: Peter Wang <peter.wang@mediatek.com>
When ufs init without scmd->device->sector_size set,
scsi_get_lba will get a wrong shift number and ubsan error.
shift exponent 4294967286 is too large for 64-bit type
'sector_t' (aka 'unsigned long long')
Call scsi_get_lba only when opcode is READ_10/WRITE_10/UNMAP.
Signed-off-by: Peter Wang <peter.wang@mediatek.com>
---
drivers/scsi/ufs/ufshcd.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index 9349557b8a01..3c4caee8fb93 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -367,7 +367,7 @@ static void ufshcd_add_uic_command_trace(struct ufs_hba *hba,
static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag,
enum ufs_trace_str_t str_t)
{
- u64 lba;
+ u64 lba = 0;
u8 opcode = 0, group_id = 0;
u32 intr, doorbell;
struct ufshcd_lrb *lrbp = &hba->lrb[tag];
@@ -384,7 +384,6 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag,
return;
opcode = cmd->cmnd[0];
- lba = scsi_get_lba(cmd);
if (opcode == READ_10 || opcode == WRITE_10) {
/*
@@ -392,6 +391,7 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag,
*/
transfer_len =
be32_to_cpu(lrbp->ucd_req_ptr->sc.exp_data_transfer_len);
+ lba = scsi_get_lba(cmd);
if (opcode == WRITE_10)
group_id = lrbp->cmd->cmnd[6];
} else if (opcode == UNMAP) {
@@ -399,6 +399,7 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag,
* The number of Bytes to be unmapped beginning with the lba.
*/
transfer_len = blk_rq_bytes(rq);
+ lba = scsi_get_lba(cmd);
}
intr = ufshcd_readl(hba, REG_INTERRUPT_STATUS);
--
2.18.0
next reply other threads:[~2022-03-07 11:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-07 11:17 peter.wang [this message]
2022-03-07 11:17 ` [PATCH v1] scsi: ufs: scsi_get_lba error fix by check cmd opcode peter.wang
2022-03-07 17:52 ` Bart Van Assche
2022-03-07 17:52 ` Bart Van Assche
2022-03-08 11:24 ` Peter Wang
2022-03-08 22:11 ` Bart Van Assche
2022-03-08 22:11 ` Bart Van Assche
2022-03-09 3:52 ` Martin K. Petersen
2022-03-09 3:52 ` Martin K. Petersen
2022-03-15 5:02 ` Martin K. Petersen
2022-03-15 5:02 ` Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220307111752.10465-1-peter.wang@mediatek.com \
--to=peter.wang@mediatek.com \
--cc=alice.chao@mediatek.com \
--cc=alim.akhtar@samsung.com \
--cc=avri.altman@wdc.com \
--cc=beanhuo@micron.com \
--cc=cc.chou@mediatek.com \
--cc=chaotian.jing@mediatek.com \
--cc=chun-hung.wu@mediatek.com \
--cc=jejb@linux.ibm.com \
--cc=jiajie.hao@mediatek.com \
--cc=lin.gui@mediatek.com \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=mikebi@micron.com \
--cc=powen.kao@mediatek.com \
--cc=qilin.tan@mediatek.com \
--cc=stanley.chu@mediatek.com \
--cc=wsd_upstream@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.