Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp312167pxu;
        Fri, 23 Oct 2020 01:03:42 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzo62vFbGsUPckma9ijBCV5e30uC55Nfa7PF+BarfwhwemugFZHKckKsH2wrhTuZwnEqGJS
X-Received: by 2002:a17:906:bb0d:: with SMTP id jz13mr811166ejb.154.1603440222472;
        Fri, 23 Oct 2020 01:03:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1603440222; cv=none;
        d=google.com; s=arc-20160816;
        b=EzWRRjwR4sQcPM1idBTgcItQBo+F7jBefe4RejDs5W2lgG3LQdEGbJPreu8dIt69+n
         XgAwIWsrqoFiG/Ta/q1qq9OuZXpwA7JaXRdyLZkpECMqQgcadw7mGd1YlYpDLZECV9rG
         qMkfXRIcP7YdQgpDijA+WvNUwp3/v9VpYGvMEcLdNIioY1wsGYZo80SZHTI9wbXi/2Hl
         GNaqTs0tWl+sxEMHQQAukNwzzPfZuPfevQG0wYN+PHuWl81y/MJNQ9VV5e1zN1yVA3lZ
         WFXnR+53Q0LeMUqlSOjYpaysvfgbzEshCu5vhSw/t/uOVRboJbiCFMurSpkFOJr9ackx
         KNYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:references:content-transfer-encoding:date
         :message-id:cc:to:from:sender:reply-to:subject:mime-version
         :dkim-signature:dkim-filter;
        bh=Oy9omAIecAKdgFVEVvzDVyMqznHnVZS3dnaOuPZUWXw=;
        b=fI5AK7Y8jQYZoJ8fYSSIzQ1HKp9gGHC/fjbbKQUhMv92g3Fv4KS8KU7EtSqmvP4oPU
         WIcPi8N2vuZFDtqW6Z01wBBK0fOgvaJijmJ0shwTPUbESkpZxodUIJLBr7+lOjzPW1GI
         stYHgspZswgHRdEKasCiA9tthzVXhsjw8EqgeXTVhrJQFy+97JlxGioxvpgZLwSvPGTB
         cG1eqDlqGhqRCQz675CjcWFxSF7/GS1Z0gTmldmkwdUJMbr0KRM7ziIIlZBpHeZ/RgeR
         VyNrXE6OMgaPQsyENqQE/xGiLRrkOEXojRbl9ptp+z5sCEBKsNSuOzAkybfpyafvahGs
         4TtA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@samsung.com header.s=mail20170921 header.b=DWzNA3Rn;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=samsung.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id i20si315637edb.116.2020.10.23.01.03.20;
        Fri, 23 Oct 2020 01:03:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@samsung.com header.s=mail20170921 header.b=DWzNA3Rn;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=samsung.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S375354AbgJWGkG (ORCPT <rfc822;testajctc@gmail.com> + 99 others);
        Fri, 23 Oct 2020 02:40:06 -0400
Received: from mailout4.samsung.com ([203.254.224.34]:42673 "EHLO
        mailout4.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S375348AbgJWGkG (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 23 Oct 2020 02:40:06 -0400
Received: from epcas1p2.samsung.com (unknown [182.195.41.46])
        by mailout4.samsung.com (KnoxPortal) with ESMTP id 20201023064002epoutp0404ddd4d8dae5679ffcb86d10a62255e3~Ai9JJqwDl1889318893epoutp04e
        for <linux-kernel@vger.kernel.org>; Fri, 23 Oct 2020 06:40:02 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout4.samsung.com 20201023064002epoutp0404ddd4d8dae5679ffcb86d10a62255e3~Ai9JJqwDl1889318893epoutp04e
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com;
        s=mail20170921; t=1603435202;
        bh=Oy9omAIecAKdgFVEVvzDVyMqznHnVZS3dnaOuPZUWXw=;
        h=Subject:Reply-To:From:To:CC:Date:References:From;
        b=DWzNA3RnCdc4OkSHSqycpmvpt1GJeM4oMs79PYFU6WlJfWZD2ag+7bhI6qnLGzNYJ
         GuPtIz2sU/dpV2JhaHHZKpwSTZtMczxiFwkI/KfDxmyFk++6r9mywUVg/YnmR4h8AS
         jJHvUMOYi3xLoHMx1ML5DLaVKoTi2217xjAPgXjw=
Received: from epcpadp1 (unknown [182.195.40.11]) by epcas1p2.samsung.com
        (KnoxPortal) with ESMTP id
        20201023064002epcas1p29c622cb5a9788ea3e361bcc39950c083~Ai9IwWNI52161321613epcas1p2T;
        Fri, 23 Oct 2020 06:40:02 +0000 (GMT)
Mime-Version: 1.0
Subject: RE: [PATCH v2 1/1] scsi: ufs: Fix unexpected values get from
 ufshcd_read_desc_param()
Reply-To: daejun7.park@samsung.com
Sender: Daejun Park <daejun7.park@samsung.com>
From:   Daejun Park <daejun7.park@samsung.com>
To:     "cang@codeaurora.org" <cang@codeaurora.org>
CC:     ALIM AKHTAR <alim.akhtar@samsung.com>,
        "asutoshd@codeaurora.org" <asutoshd@codeaurora.org>,
        "avri.altman@wdc.com" <avri.altman@wdc.com>,
        "beanhuo@micron.com" <beanhuo@micron.com>,
        "bvanassche@acm.org" <bvanassche@acm.org>,
        "hongwus@codeaurora.org" <hongwus@codeaurora.org>,
        "jejb@linux.ibm.com" <jejb@linux.ibm.com>,
        "kernel-team@android.com" <kernel-team@android.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
        "martin.petersen@oracle.com" <martin.petersen@oracle.com>,
        "nguyenb@codeaurora.org" <nguyenb@codeaurora.org>,
        "rnayak@codeaurora.org" <rnayak@codeaurora.org>,
        "salyzyn@google.com" <salyzyn@google.com>,
        "saravanak@google.com" <saravanak@google.com>,
        "stanley.chu@mediatek.com" <stanley.chu@mediatek.com>
X-Priority: 3
X-Content-Kind-Code: NORMAL
X-CPGS-Detection: blocking_info_exchange
X-Drm-Type: N,general
X-Msg-Generator: Mail
X-Msg-Type: PERSONAL
X-Reply-Demand: N
Message-ID: <963815509.21603435202191.JavaMail.epsvc@epcpadp1>
Date:   Fri, 23 Oct 2020 15:35:28 +0900
X-CMS-MailID: 20201023063528epcms2p11b57d929a926d582539ce4e1a57caf80
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Sendblock-Type: AUTO_CONFIDENTIAL
X-CPGSPASS: Y
X-CPGSPASS: Y
X-Hop-Count: 3
X-CMS-RootMailID: 20201023063528epcms2p11b57d929a926d582539ce4e1a57caf80
References: <CGME20201023063528epcms2p11b57d929a926d582539ce4e1a57caf80@epcms2p1>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi, Can Guo

>Since WB feature has been added, WB related sysfs entries can be accessed
>even when an UFS device does not support WB feature. In that case, the
>descriptors which are not supported by the UFS device may be wrongly
>reported when they are accessed from their corrsponding sysfs entries.
>Fix it by adding a sanity check of parameter offset against the actual
>decriptor length.
>
>Signed-off-by: Can Guo <cang@codeaurora.org>
>---
> drivers/scsi/ufs/ufshcd.c | 24 +++++++++++++++---------
> 1 file changed, 15 insertions(+), 9 deletions(-)
>
>diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
>index a2ebcc8..aeec10d 100644
>--- a/drivers/scsi/ufs/ufshcd.c
>+++ b/drivers/scsi/ufs/ufshcd.c
>@@ -3184,13 +3184,19 @@ int ufshcd_read_desc_param(struct ufs_hba *hba,
> 	/* Get the length of descriptor */
> 	ufshcd_map_desc_id_to_length(hba, desc_id, &buff_len);
> 	if (!buff_len) {
>-		dev_err(hba->dev, "%s: Failed to get desc length", __func__);
>+		dev_err(hba->dev, "%s: Failed to get desc length\n", __func__);
>+		return -EINVAL;
>+	}
>+
>+	if (param_offset >= buff_len) {
>+		dev_err(hba->dev, "%s: Invalid offset 0x%x in descriptor IDN 0x%x, length 0x%x\n",
>+			__func__, param_offset, desc_id, buff_len);

In my understanding, this code seems to check incorrect access to not
supportted features (e.g. WB) via buff_len value from
ufshcd_map_desc_id_to_length().
However, since buff_len is initialized as QUERY_DESC_MAX_SIZE and is
updated later by ufshcd_update_desc_length(), So it is impossible to find
incorrect access by checking buff_len at first time.

Thanks,
Daejun