From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Avri Altman <avri.altman@wdc.com>,
Alim Akhtar <alim.akhtar@samsung.com>,
Bean Huo <beanhuo@micron.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 32/51] scsi: ufs: Check that space was properly alloced in copy_query_response
Date: Mon, 24 Jun 2019 17:56:50 +0800 [thread overview]
Message-ID: <20190624092310.033425650@linuxfoundation.org> (raw)
In-Reply-To: <20190624092305.919204959@linuxfoundation.org>
[ Upstream commit 1c90836f70f9a8ef7b7ad9e1fdd8961903e6ced6 ]
struct ufs_dev_cmd is the main container that supports device management
commands. In the case of a read descriptor request, we assume that the
proper space was allocated in dev_cmd to hold the returning descriptor.
This is no longer true, as there are flows that doesn't use dev_cmd for
device management requests, and was wrong in the first place.
Fixes: d44a5f98bb49 (ufs: query descriptor API)
Signed-off-by: Avri Altman <avri.altman@wdc.com>
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Acked-by: Bean Huo <beanhuo@micron.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ufs/ufshcd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index d8f0a1ccd9b1..60c9184bad3b 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -1788,7 +1788,8 @@ int ufshcd_copy_query_response(struct ufs_hba *hba, struct ufshcd_lrb *lrbp)
memcpy(&query_res->upiu_res, &lrbp->ucd_rsp_ptr->qr, QUERY_OSF_SIZE);
/* Get the descriptor */
- if (lrbp->ucd_rsp_ptr->qr.opcode == UPIU_QUERY_OPCODE_READ_DESC) {
+ if (hba->dev_cmd.query.descriptor &&
+ lrbp->ucd_rsp_ptr->qr.opcode == UPIU_QUERY_OPCODE_READ_DESC) {
u8 *descp = (u8 *)lrbp->ucd_rsp_ptr +
GENERAL_UPIU_REQUEST_SIZE;
u16 resp_len;
--
2.20.1
next prev parent reply other threads:[~2019-06-24 9:58 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-24 9:56 [PATCH 4.14 00/51] 4.14.130-stable review Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 01/51] tracing: Silence GCC 9 array bounds warning Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 02/51] objtool: Support per-function rodata sections Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 03/51] gcc-9: silence address-of-packed-member warning Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 04/51] net: phy: broadcom: Use strlcpy() for ethtool::get_strings Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 05/51] mmc: core: Prevent processing SDIO IRQs when the card is suspended Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 06/51] scsi: ufs: Avoid runtime suspend possibly being blocked forever Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 07/51] usb: chipidea: udc: workaround for endpoint conflict issue Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 08/51] IB/hfi1: Silence txreq allocation warnings Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 09/51] Input: synaptics - enable SMBus on ThinkPad E480 and E580 Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 10/51] Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 11/51] apparmor: enforce nullbyte at end of tag string Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 12/51] ARC: fix build warnings Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 13/51] ARC: [plat-hsdk]: Add missing multicast filter bins number to GMAC node Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 14/51] ARC: [plat-hsdk]: Add missing FIFO size entry in " Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 15/51] parport: Fix mem leak in parport_register_dev_model Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 16/51] parisc: Fix compiler warnings in float emulation code Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 17/51] IB/rdmavt: Fix alloc_qpn() WARN_ON() Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 18/51] IB/hfi1: Insure freeze_work work_struct is canceled on shutdown Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 19/51] IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 20/51] IB/hfi1: Validate page aligned for a given virtual address Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 21/51] MIPS: uprobes: remove set but not used variable epc Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 22/51] xtensa: Fix section mismatch between memblock_reserve and mem_reserve Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 23/51] net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0 Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 24/51] net: hns: Fix loopback test failed at copper ports Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 25/51] mdesc: fix a missing-check bug in get_vdev_port_node_info() Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 26/51] sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 27/51] net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 28/51] net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 29/51] drm/arm/hdlcd: Actually validate CRTC modes Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 30/51] drm/arm/hdlcd: Allow a bit of clock tolerance Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 31/51] scripts/checkstack.pl: Fix arm64 wrong or unknown architecture Greg Kroah-Hartman
2019-06-24 9:56 ` Greg Kroah-Hartman [this message]
2019-06-24 9:56 ` [PATCH 4.14 33/51] scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 34/51] net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 35/51] s390/qeth: fix VLAN attribute in bridge_hostnotify udev event Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 36/51] hwmon: (core) add thermal sensors only if dev->of_node is present Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 37/51] hwmon: (pmbus/core) Treat parameters as paged if on multiple pages Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 38/51] nvme: Fix u32 overflow in the number of namespace list calculation Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 39/51] btrfs: start readahead also in seed devices Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 40/51] can: flexcan: fix timeout when set small bitrate Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.14 41/51] can: purge socket error queue on sock destruct Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.14 42/51] powerpc/bpf: use unsigned division instruction for 64-bit operations Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.14 43/51] ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.14 44/51] ARM: dts: am57xx-idk: Remove support for voltage switching for SD card Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.14 45/51] Bluetooth: Align minimum encryption key size for LE and BR/EDR connections Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.14 46/51] Bluetooth: Fix regression with minimum encryption key size alignment Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.14 47/51] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.14 48/51] cfg80211: fix memory leak of wiphy device name Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.14 49/51] mac80211: drop robust management frames from unknown TA Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.14 50/51] mac80211: handle deauthentication/disassociation from TDLS peer Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.14 51/51] mac80211: Do not use stack memory with scatterlist for GMAC Greg Kroah-Hartman
2019-06-24 15:31 ` [PATCH 4.14 00/51] 4.14.130-stable review kernelci.org bot
2019-06-24 15:47 ` Naresh Kamboju
2019-06-24 18:03 ` Guenter Roeck
2019-06-25 9:59 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190624092310.033425650@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alim.akhtar@samsung.com \
--cc=avri.altman@wdc.com \
--cc=beanhuo@micron.com \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox