Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7147112ybi; Mon, 8 Jul 2019 15:35:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqwYb4fZuoNFMurI/8NdPXl2LklVMhRjuQoc1093urY5XfR8/977lCne9n87GjSeqyTfrco1 X-Received: by 2002:a63:7887:: with SMTP id t129mr26936046pgc.309.1562625311175; Mon, 08 Jul 2019 15:35:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562625311; cv=none; d=google.com; s=arc-20160816; b=PC6YDlGICpZyo/Vzp9Dy6o1nkELcw8VjBr0JsYoVrkSsiOJLAmp8emC7b8iMmG/eKc ItczHna0HWYMLSb6piLNqdr7CqJYQTWBfrV0GTmhzKN7JKCGi4U5KFXsFcvn8753Rip2 1zJ4QXmDRU/tD/OtwV35ovB0OWPcpT1/TRAqrh9vt6MBF63UnV6jTsMkscmP79MmIxBo 6ubXj4tVmg1mUSvSgeRzX0DY7a+DpSFlyeVJXoM/0jqPNXH1vsSPk5MGeLQwo7pa8vrq qu3serkD2mlQCqPLRSlvkjKPuh7vAkrfEZ7ZxeIEfDSGGJdhmbt+x8ZYEvPnlbIm+qfj Tlaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=OczNZwXAdMMjOeDhJeb9ewBynM6Uc4w1i67cqdJTnss=; b=ZhvlAkJcwv8j4Tmohodf3sxRFTJnIZdclkkKRUtiHbYKiCOhiswCIl3JZLpN7H8qTn CvRWqQFUXj70Xq4851ytGsTxH5mkc2gWEt2iHe8KUnkJLcD24hNoU8UXrRHBbuAgY9Mn GXRaHqquy+vPVHV1ZkFC+9WJleiAhJQ5oBGZjDDUFZH0x7FPIJ8IsJRQnd7QWKWYje1g WfXgs0adzmNIJL5LlF8ZJzAe84Rqdio5hLdMQ1kJF+qMESrHegdxg529t/G0acg+aCll FF35VQbW8LM30vhKcbFiMw28TSCOH6w+T2kR+El5hDCrY+aBzlANJRhlfPfAeaCQ6iUO URUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vPDNrVxI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m2si18608899pls.391.2019.07.08.15.34.56; Mon, 08 Jul 2019 15:35:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vPDNrVxI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729599AbfGHPTP (ORCPT + 99 others); Mon, 8 Jul 2019 11:19:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:43424 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733192AbfGHPTN (ORCPT ); Mon, 8 Jul 2019 11:19:13 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 032512166E; Mon, 8 Jul 2019 15:19:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1562599152; bh=bfHs3ROo57RB2tcNBss4vHTBOJ2MIl4Akl8RACSTyxs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vPDNrVxI9Eu/dagqpoq9nhyZoRC6hXV81J5K07SpnDkgX0ftP9As7AV2DiCYSFTS8 vB/Pbnyu5ifEz1GfN6HC7jjje6ttnbZeO5Swo1+IR+FruStWCGG2CuxUXhGfPNH5Un +dq6vqGk71lWRiwaCGnUHK4VOhb5VZnRcV7e2JWY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Avri Altman , Alim Akhtar , Bean Huo , "Martin K. Petersen" , Sasha Levin Subject: [PATCH 4.9 022/102] scsi: ufs: Check that space was properly alloced in copy_query_response Date: Mon, 8 Jul 2019 17:12:15 +0200 Message-Id: <20190708150527.366495203@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190708150525.973820964@linuxfoundation.org> References: <20190708150525.973820964@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit 1c90836f70f9a8ef7b7ad9e1fdd8961903e6ced6 ] struct ufs_dev_cmd is the main container that supports device management commands. In the case of a read descriptor request, we assume that the proper space was allocated in dev_cmd to hold the returning descriptor. This is no longer true, as there are flows that doesn't use dev_cmd for device management requests, and was wrong in the first place. Fixes: d44a5f98bb49 (ufs: query descriptor API) Signed-off-by: Avri Altman Reviewed-by: Alim Akhtar Acked-by: Bean Huo Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin --- drivers/scsi/ufs/ufshcd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index 0fe4f8e8c8c9..a9c172692f21 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -941,7 +941,8 @@ int ufshcd_copy_query_response(struct ufs_hba *hba, struct ufshcd_lrb *lrbp) memcpy(&query_res->upiu_res, &lrbp->ucd_rsp_ptr->qr, QUERY_OSF_SIZE); /* Get the descriptor */ - if (lrbp->ucd_rsp_ptr->qr.opcode == UPIU_QUERY_OPCODE_READ_DESC) { + if (hba->dev_cmd.query.descriptor && + lrbp->ucd_rsp_ptr->qr.opcode == UPIU_QUERY_OPCODE_READ_DESC) { u8 *descp = (u8 *)lrbp->ucd_rsp_ptr + GENERAL_UPIU_REQUEST_SIZE; u16 resp_len; -- 2.20.1