From dfea4f5957d8bbbb5ce967125498f3aabef7f5d7 Mon Sep 17 00:00:00 2001 From: Arthur Simchaev Date: Sun, 11 Dec 2022 15:05:11 +0200 Subject: [PATCH] FROMGIT: scsi: ufs: core: Remove ufshcd_map_desc_id_to_length() There shouldn't be any restriction of the descriptor size (not the descriptor id for that matter) up to QUERY_DESC_MAX_SIZE. According to the spec, the caller can use any descriptor size, and it is up to the device to return the actual size. Therefore there shouldn't be any sizes hardcoded in the kernel, nor any need to cache it, hence the ufshcd_map_desc_id_to_length() function is redundant. Always read the descriptors with QUERY_DESC_MAX_SIZE size. Reviewed-by: Bart Van Assche Reviewed-by: Bean Huo Suggested-by: Bean Huo Change-Id: Ie8377548c09155285dc9b5f249bfad1e3aceacee Signed-off-by: Arthur Simchaev Signed-off-by: Martin K. Petersen Bug: 267974767 (cherry picked from commit 16ed9d312b42180242476d159dd2fab05129029a git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next) Signed-off-by: Bart Van Assche --- drivers/ufs/core/ufs_bsg.c | 1 - drivers/ufs/core/ufshcd.c | 23 +++++++++++------------ 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c index 43f43db1a123..0044029bcf7b 100644 --- a/drivers/ufs/core/ufs_bsg.c +++ b/drivers/ufs/core/ufs_bsg.c @@ -17,7 +17,6 @@ static int ufs_bsg_get_query_desc_size(struct ufs_hba *hba, int *desc_len, struct utp_upiu_query *qr) { int desc_size = be16_to_cpu(qr->length); - int desc_id = qr->idn; if (desc_size <= 0) return -EINVAL; diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 7f42e419cb39..860bb4024325 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -3464,12 +3464,6 @@ int ufshcd_read_desc_param(struct ufs_hba *hba, if (desc_id >= QUERY_DESC_IDN_MAX || !param_size) return -EINVAL; - if (param_offset >= buff_len) { - dev_err(hba->dev, "%s: Invalid offset 0x%x in descriptor IDN 0x%x, length 0x%x\n", - __func__, param_offset, desc_id, buff_len); - return -EINVAL; - } - /* Check whether we need temp memory */ if (param_offset != 0 || param_size < buff_len) { desc_buf = kzalloc(buff_len, GFP_KERNEL); @@ -3482,15 +3476,23 @@ int ufshcd_read_desc_param(struct ufs_hba *hba, /* Request for full descriptor */ ret = ufshcd_query_descriptor_retry(hba, UPIU_QUERY_OPCODE_READ_DESC, - desc_id, desc_index, 0, - desc_buf, &buff_len); - + desc_id, desc_index, 0, + desc_buf, &buff_len); if (ret) { dev_err(hba->dev, "%s: Failed reading descriptor. desc_id %d, desc_index %d, param_offset %d, ret %d\n", __func__, desc_id, desc_index, param_offset, ret); goto out; } + /* Update descriptor length */ + buff_len = desc_buf[QUERY_DESC_LENGTH_OFFSET]; + + if (param_offset >= buff_len) { + dev_err(hba->dev, "%s: Invalid offset 0x%x in descriptor IDN 0x%x, length 0x%x\n", + __func__, param_offset, desc_id, buff_len); + return -EINVAL; + } + /* Sanity check */ if (desc_buf[QUERY_DESC_DESC_TYPE_OFFSET] != desc_id) { dev_err(hba->dev, "%s: invalid desc_id %d in descriptor header\n", @@ -3499,9 +3501,6 @@ int ufshcd_read_desc_param(struct ufs_hba *hba, goto out; } - /* Update descriptor length */ - buff_len = desc_buf[QUERY_DESC_LENGTH_OFFSET]; - if (is_kmalloc) { /* Make sure we don't copy more data than available */ if (param_offset >= buff_len)