In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized,
then we should bail out instead of letting trace record the error.
Fixes: a45f937110fa6 ("scsi: ufs: Optimize host lock on transfer requests send/compl paths")
Reported-by: kernel test robot <[email protected]>
Reviewed-by: Stanley Chu <[email protected]>
Signed-off-by: Can Guo <[email protected]>
---
Change since V2:
- Removed unused goto out_put_tag
Change since V1:
- Use codeaurora mail in Signed-off-by tag
drivers/scsi/ufs/ufshcd.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index fe1b5f4..25fe18a 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -2980,7 +2980,7 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba,
WARN_ON(lrbp->cmd);
err = ufshcd_compose_dev_cmd(hba, lrbp, cmd_type, tag);
if (unlikely(err))
- goto out_put_tag;
+ goto out;
hba->dev_cmd.complete = &wait;
@@ -2990,11 +2990,10 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba,
ufshcd_send_command(hba, tag);
err = ufshcd_wait_for_dev_cmd(hba, lrbp, timeout);
-out:
ufshcd_add_query_upiu_trace(hba, err ? UFS_QUERY_ERR : UFS_QUERY_COMP,
(struct utp_upiu_req *)lrbp->ucd_rsp_ptr);
-out_put_tag:
+out:
blk_put_request(req);
out_unlock:
up_read(&hba->clk_scaling_lock);
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project.
On Wed, Jun 09, 2021 at 01:24:00AM -0700, Can Guo wrote:
> In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized,
> then we should bail out instead of letting trace record the error.
>
> Fixes: a45f937110fa6 ("scsi: ufs: Optimize host lock on transfer requests send/compl paths")
> Reported-by: kernel test robot <[email protected]>
> Reviewed-by: Stanley Chu <[email protected]>
> Signed-off-by: Can Guo <[email protected]>
Reviewed-by: Nathan Chancellor <[email protected]>
> ---
>
> Change since V2:
> - Removed unused goto out_put_tag
>
> Change since V1:
> - Use codeaurora mail in Signed-off-by tag
>
> drivers/scsi/ufs/ufshcd.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
> index fe1b5f4..25fe18a 100644
> --- a/drivers/scsi/ufs/ufshcd.c
> +++ b/drivers/scsi/ufs/ufshcd.c
> @@ -2980,7 +2980,7 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba,
> WARN_ON(lrbp->cmd);
> err = ufshcd_compose_dev_cmd(hba, lrbp, cmd_type, tag);
> if (unlikely(err))
> - goto out_put_tag;
> + goto out;
>
> hba->dev_cmd.complete = &wait;
>
> @@ -2990,11 +2990,10 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba,
>
> ufshcd_send_command(hba, tag);
> err = ufshcd_wait_for_dev_cmd(hba, lrbp, timeout);
> -out:
> ufshcd_add_query_upiu_trace(hba, err ? UFS_QUERY_ERR : UFS_QUERY_COMP,
> (struct utp_upiu_req *)lrbp->ucd_rsp_ptr);
>
> -out_put_tag:
> +out:
> blk_put_request(req);
> out_unlock:
> up_read(&hba->clk_scaling_lock);
> --
> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project.
>
Can,
> In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized,
> then we should bail out instead of letting trace record the error.
Applied to 5.14/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
On Wed, 9 Jun 2021 01:24:00 -0700, Can Guo wrote:
> In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized,
> then we should bail out instead of letting trace record the error.
Applied to 5.14/scsi-queue, thanks!
[1/1] scsi: ufs: Fix a possible use before initialization case
https://git.kernel.org/mkp/scsi/c/eb783bb8bbe7
--
Martin K. Petersen Oracle Linux Engineering