| Message ID | 1623227044-22635-1-git-send-email-cang@codeaurora.org (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v3] scsi: ufs: Fix a possible use before initialization case | expand |
On Wed, Jun 09, 2021 at 01:24:00AM -0700, Can Guo wrote: > In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized, > then we should bail out instead of letting trace record the error. > > Fixes: a45f937110fa6 ("scsi: ufs: Optimize host lock on transfer requests send/compl paths") > Reported-by: kernel test robot <lkp@intel.com> > Reviewed-by: Stanley Chu <stanley.chu@mediatek.com> > Signed-off-by: Can Guo <cang@codeaurora.org> Reviewed-by: Nathan Chancellor <nathan@kernel.org> > --- > > Change since V2: > - Removed unused goto out_put_tag > > Change since V1: > - Use codeaurora mail in Signed-off-by tag > > drivers/scsi/ufs/ufshcd.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c > index fe1b5f4..25fe18a 100644 > --- a/drivers/scsi/ufs/ufshcd.c > +++ b/drivers/scsi/ufs/ufshcd.c > @@ -2980,7 +2980,7 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba, > WARN_ON(lrbp->cmd); > err = ufshcd_compose_dev_cmd(hba, lrbp, cmd_type, tag); > if (unlikely(err)) > - goto out_put_tag; > + goto out; > > hba->dev_cmd.complete = &wait; > > @@ -2990,11 +2990,10 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba, > > ufshcd_send_command(hba, tag); > err = ufshcd_wait_for_dev_cmd(hba, lrbp, timeout); > -out: > ufshcd_add_query_upiu_trace(hba, err ? UFS_QUERY_ERR : UFS_QUERY_COMP, > (struct utp_upiu_req *)lrbp->ucd_rsp_ptr); > > -out_put_tag: > +out: > blk_put_request(req); > out_unlock: > up_read(&hba->clk_scaling_lock); > -- > Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project. >
Can, > In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized, > then we should bail out instead of letting trace record the error. Applied to 5.14/scsi-staging, thanks!
On Wed, 9 Jun 2021 01:24:00 -0700, Can Guo wrote: > In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized, > then we should bail out instead of letting trace record the error. Applied to 5.14/scsi-queue, thanks! [1/1] scsi: ufs: Fix a possible use before initialization case https://git.kernel.org/mkp/scsi/c/eb783bb8bbe7
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index fe1b5f4..25fe18a 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -2980,7 +2980,7 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba, WARN_ON(lrbp->cmd); err = ufshcd_compose_dev_cmd(hba, lrbp, cmd_type, tag); if (unlikely(err)) - goto out_put_tag; + goto out; hba->dev_cmd.complete = &wait; @@ -2990,11 +2990,10 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba, ufshcd_send_command(hba, tag); err = ufshcd_wait_for_dev_cmd(hba, lrbp, timeout); -out: ufshcd_add_query_upiu_trace(hba, err ? UFS_QUERY_ERR : UFS_QUERY_COMP, (struct utp_upiu_req *)lrbp->ucd_rsp_ptr); -out_put_tag: +out: blk_put_request(req); out_unlock: up_read(&hba->clk_scaling_lock);
In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized, then we should bail out instead of letting trace record the error. Fixes: a45f937110fa6 ("scsi: ufs: Optimize host lock on transfer requests send/compl paths") Reported-by: kernel test robot <lkp@intel.com> Reviewed-by: Stanley Chu <stanley.chu@mediatek.com> Signed-off-by: Can Guo <cang@codeaurora.org> --- Change since V2: - Removed unused goto out_put_tag Change since V1: - Use codeaurora mail in Signed-off-by tag drivers/scsi/ufs/ufshcd.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)