RE: [PATCH v4 3/4] scsi: ufs: cleanup ufs initialization path

Avri Altman <Avri.Altman@xxxxxxx> · Sat, 30 May 2020 06:37:17 +0000



> -       case QUERY_DESC_IDN_RFU_0:
> -       case QUERY_DESC_IDN_RFU_1:
You forgot to check that desc_id < QUERY_DESC_IDN_MAX

> +       if (desc_id == QUERY_DESC_IDN_RFU_0 || desc_id ==
> QUERY_DESC_IDN_RFU_1)
>                 *desc_len = 0;
> -               break;
> -       default:
> -               *desc_len = 0;
> -               return -EINVAL;
> -       }
> -       return 0;
> +       else
> +               *desc_len = hba->desc_size[desc_id];
>  }
>  EXPORT_SYMBOL(ufshcd_map_desc_id_to_length);
> 
> +static void ufshcd_update_desc_length(struct ufs_hba *hba,
> +                                     enum desc_idn desc_id,
> +                                     unsigned char desc_len)
> +{
> +       if (hba->desc_size[desc_id] == QUERY_DESC_MAX_SIZE &&
> +           desc_id != QUERY_DESC_IDN_STRING)
> +               hba->desc_size[desc_id] = desc_len;
> +}
> +
>  /**
>   * ufshcd_read_desc_param - read the specified descriptor parameter
>   * @hba: Pointer to adapter instance
> @@ -3168,16 +3105,11 @@ int ufshcd_read_desc_param(struct ufs_hba
> *hba,
>         if (desc_id >= QUERY_DESC_IDN_MAX || !param_size)
>                 return -EINVAL;
> 
> -       /* Get the max length of descriptor from structure filled up at probe
> -        * time.
> -        */
> -       ret = ufshcd_map_desc_id_to_length(hba, desc_id, &buff_len);
> -
> -       /* Sanity checks */
> -       if (ret || !buff_len) {
> -               dev_err(hba->dev, "%s: Failed to get full descriptor length",
> -                       __func__);
> -               return ret;
> +       /* Get the length of descriptor */
> +       ufshcd_map_desc_id_to_length(hba, desc_id, &buff_len);
> +       if (!buff_len) {
> +               dev_err(hba->dev, "%s: Failed to get desc length", __func__);
> +               return -EINVAL;
>         }
> 
>         /* Check whether we need temp memory */
The first time we are reading the descriptor, we no longer can rely on its true size.
So for this check, buff_len is 256 and kmalloc will always happen. 
Do you think that this check is still relevant?

/* Check whether we need temp memory */
        if (param_offset != 0 || param_size < buff_len) {
                desc_buf = kmalloc(buff_len, GFP_KERNEL);
                if (!desc_buf)
                        return -ENOMEM;
        } else {
                desc_buf = param_read_buf;
                is_kmalloc = false;
        }


> @@ -3209,6 +3141,9 @@ int ufshcd_read_desc_param(struct ufs_hba *hba,
>                 goto out;
>         }
> 
> +       ufshcd_update_desc_length(hba, desc_id,
> +                                 desc_buf[QUERY_DESC_LENGTH_OFFSET]);
> +
>         /* Check wherher we will not copy more data, than available */
>         if (is_kmalloc && param_size > buff_len)
>                 param_size = buff_len;
And here, we might want to update buff_len to hold the true descriptor size,
Before checking the copy-back buffer.

Thanks,
Avri