>> Hi, Can Guo
>>
>>> Since WB feature has been added, WB related sysfs entries can be
>>> accessed
>>> even when an UFS device does not support WB feature. In that case, the
>>> descriptors which are not supported by the UFS device may be wrongly
>>> reported when they are accessed from their corrsponding sysfs entries.
>>> Fix it by adding a sanity check of parameter offset against the actual
>>> decriptor length.
>>>
>>> Signed-off-by: Can Guo <cang@xxxxxxxxxxxxxx>
>>> ---
>>> drivers/scsi/ufs/ufshcd.c | 24 +++++++++++++++---------
>>> 1 file changed, 15 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
>>> index a2ebcc8..aeec10d 100644
>>> --- a/drivers/scsi/ufs/ufshcd.c
>>> +++ b/drivers/scsi/ufs/ufshcd.c
>>> @@ -3184,13 +3184,19 @@ int ufshcd_read_desc_param(struct ufs_hba
>>> *hba,
>>> /* Get the length of descriptor */
>>> ufshcd_map_desc_id_to_length(hba, desc_id, &buff_len);
>>> if (!buff_len) {
>>> - dev_err(hba->dev, "%s: Failed to get desc length", __func__);
>>> + dev_err(hba->dev, "%s: Failed to get desc length\n", __func__);
>>> + return -EINVAL;
>>> + }
>>> +
>>> + if (param_offset >= buff_len) {
>>> + dev_err(hba->dev, "%s: Invalid offset 0x%x in descriptor IDN 0x%x,
>>> length 0x%x\n",
>>> + __func__, param_offset, desc_id, buff_len);
>>
>> In my understanding, this code seems to check incorrect access to not
>> supportted features (e.g. WB) via buff_len value from
>> ufshcd_map_desc_id_to_length().
>> However, since buff_len is initialized as QUERY_DESC_MAX_SIZE and is
>> updated later by ufshcd_update_desc_length(), So it is impossible to
>> find
>> incorrect access by checking buff_len at first time.
>>
>> Thanks,
>> Daejun
>
>Yes, I considered that during bootup time, but the current driver won't
>even
>access WB related stuffs it is not supported (there are checks against
>UFS version
>and feature supports in ufshcd_wb_probe()). So this change is only
>proecting illegal
>access from sysfs entries after bootup is done. Do you see real error
>during bootup
>time? If yes, please let me know.
>
>Thanks,
>
>Can Guo.
Can Guo,
I haven't seen any real errors. If it's meant to prevent erroneous access
from sysfs, it seems good enough.
Acked-by: Daejun Park <daejun7.park@xxxxxxxxxxx>
Avri,
ufshcd_is_wb_attrs or ufshcd_is_wb_flag is used to match appropriate lun
in case of shared lu WB. I think Can Guo's code is suitable to prevent
wrong access to descriptors.
Thanks,
Daejun
