From: <peter.wang@mediatek.com> To: <stanley.chu@mediatek.com>, <linux-scsi@vger.kernel.org>, <martin.petersen@oracle.com>, <avri.altman@wdc.com>, <alim.akhtar@samsung.com>, <jejb@linux.ibm.com> Cc: <wsd_upstream@mediatek.com>, <linux-mediatek@lists.infradead.org>, <peter.wang@mediatek.com>, <chun-hung.wu@mediatek.com>, <alice.chao@mediatek.com>, <cc.chou@mediatek.com>, <chaotian.jing@mediatek.com>, <jiajie.hao@mediatek.com>, <powen.kao@mediatek.com>, <qilin.tan@mediatek.com>, <lin.gui@mediatek.com>, <mikebi@micron.com>, <beanhuo@micron.com> Subject: [PATCH v1] scsi: ufs: scsi_get_lba error fix by check cmd opcode Date: Mon, 7 Mar 2022 19:17:52 +0800 [thread overview] Message-ID: <20220307111752.10465-1-peter.wang@mediatek.com> (raw) From: Peter Wang <peter.wang@mediatek.com> When ufs init without scmd->device->sector_size set, scsi_get_lba will get a wrong shift number and ubsan error. shift exponent 4294967286 is too large for 64-bit type 'sector_t' (aka 'unsigned long long') Call scsi_get_lba only when opcode is READ_10/WRITE_10/UNMAP. Signed-off-by: Peter Wang <peter.wang@mediatek.com> --- drivers/scsi/ufs/ufshcd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index 9349557b8a01..3c4caee8fb93 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -367,7 +367,7 @@ static void ufshcd_add_uic_command_trace(struct ufs_hba *hba, static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag, enum ufs_trace_str_t str_t) { - u64 lba; + u64 lba = 0; u8 opcode = 0, group_id = 0; u32 intr, doorbell; struct ufshcd_lrb *lrbp = &hba->lrb[tag]; @@ -384,7 +384,6 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag, return; opcode = cmd->cmnd[0]; - lba = scsi_get_lba(cmd); if (opcode == READ_10 || opcode == WRITE_10) { /* @@ -392,6 +391,7 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag, */ transfer_len = be32_to_cpu(lrbp->ucd_req_ptr->sc.exp_data_transfer_len); + lba = scsi_get_lba(cmd); if (opcode == WRITE_10) group_id = lrbp->cmd->cmnd[6]; } else if (opcode == UNMAP) { @@ -399,6 +399,7 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag, * The number of Bytes to be unmapped beginning with the lba. */ transfer_len = blk_rq_bytes(rq); + lba = scsi_get_lba(cmd); } intr = ufshcd_readl(hba, REG_INTERRUPT_STATUS); -- 2.18.0 _______________________________________________ Linux-mediatek mailing list Linux-mediatek@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-mediatek
WARNING: multiple messages have this Message-ID (diff)
From: <peter.wang@mediatek.com> To: <stanley.chu@mediatek.com>, <linux-scsi@vger.kernel.org>, <martin.petersen@oracle.com>, <avri.altman@wdc.com>, <alim.akhtar@samsung.com>, <jejb@linux.ibm.com> Cc: <wsd_upstream@mediatek.com>, <linux-mediatek@lists.infradead.org>, <peter.wang@mediatek.com>, <chun-hung.wu@mediatek.com>, <alice.chao@mediatek.com>, <cc.chou@mediatek.com>, <chaotian.jing@mediatek.com>, <jiajie.hao@mediatek.com>, <powen.kao@mediatek.com>, <qilin.tan@mediatek.com>, <lin.gui@mediatek.com>, <mikebi@micron.com>, <beanhuo@micron.com> Subject: [PATCH v1] scsi: ufs: scsi_get_lba error fix by check cmd opcode Date: Mon, 7 Mar 2022 19:17:52 +0800 [thread overview] Message-ID: <20220307111752.10465-1-peter.wang@mediatek.com> (raw) From: Peter Wang <peter.wang@mediatek.com> When ufs init without scmd->device->sector_size set, scsi_get_lba will get a wrong shift number and ubsan error. shift exponent 4294967286 is too large for 64-bit type 'sector_t' (aka 'unsigned long long') Call scsi_get_lba only when opcode is READ_10/WRITE_10/UNMAP. Signed-off-by: Peter Wang <peter.wang@mediatek.com> --- drivers/scsi/ufs/ufshcd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index 9349557b8a01..3c4caee8fb93 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -367,7 +367,7 @@ static void ufshcd_add_uic_command_trace(struct ufs_hba *hba, static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag, enum ufs_trace_str_t str_t) { - u64 lba; + u64 lba = 0; u8 opcode = 0, group_id = 0; u32 intr, doorbell; struct ufshcd_lrb *lrbp = &hba->lrb[tag]; @@ -384,7 +384,6 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag, return; opcode = cmd->cmnd[0]; - lba = scsi_get_lba(cmd); if (opcode == READ_10 || opcode == WRITE_10) { /* @@ -392,6 +391,7 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag, */ transfer_len = be32_to_cpu(lrbp->ucd_req_ptr->sc.exp_data_transfer_len); + lba = scsi_get_lba(cmd); if (opcode == WRITE_10) group_id = lrbp->cmd->cmnd[6]; } else if (opcode == UNMAP) { @@ -399,6 +399,7 @@ static void ufshcd_add_command_trace(struct ufs_hba *hba, unsigned int tag, * The number of Bytes to be unmapped beginning with the lba. */ transfer_len = blk_rq_bytes(rq); + lba = scsi_get_lba(cmd); } intr = ufshcd_readl(hba, REG_INTERRUPT_STATUS); -- 2.18.0
next reply other threads:[~2022-03-07 11:29 UTC|newest] Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-03-07 11:17 peter.wang [this message] 2022-03-07 11:17 ` [PATCH v1] scsi: ufs: scsi_get_lba error fix by check cmd opcode peter.wang 2022-03-07 17:52 ` Bart Van Assche 2022-03-07 17:52 ` Bart Van Assche 2022-03-08 11:24 ` Peter Wang 2022-03-08 22:11 ` Bart Van Assche 2022-03-08 22:11 ` Bart Van Assche 2022-03-09 3:52 ` Martin K. Petersen 2022-03-09 3:52 ` Martin K. Petersen 2022-03-15 5:02 ` Martin K. Petersen 2022-03-15 5:02 ` Martin K. Petersen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220307111752.10465-1-peter.wang@mediatek.com \ --to=peter.wang@mediatek.com \ --cc=alice.chao@mediatek.com \ --cc=alim.akhtar@samsung.com \ --cc=avri.altman@wdc.com \ --cc=beanhuo@micron.com \ --cc=cc.chou@mediatek.com \ --cc=chaotian.jing@mediatek.com \ --cc=chun-hung.wu@mediatek.com \ --cc=jejb@linux.ibm.com \ --cc=jiajie.hao@mediatek.com \ --cc=lin.gui@mediatek.com \ --cc=linux-mediatek@lists.infradead.org \ --cc=linux-scsi@vger.kernel.org \ --cc=martin.petersen@oracle.com \ --cc=mikebi@micron.com \ --cc=powen.kao@mediatek.com \ --cc=qilin.tan@mediatek.com \ --cc=stanley.chu@mediatek.com \ --cc=wsd_upstream@mediatek.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.