> > From: Bean Huo <beanhuo@xxxxxxxxxx> > > Remove checks on job->request_len and job->reply_len because The following > msgcode checks will rule out malicious requests. > > Signed-off-by: Bean Huo <beanhuo@xxxxxxxxxx> Acked-by: Avri Altman <avri.altman@xxxxxxx> > --- > drivers/ufs/core/ufs_bsg.c | 21 --------------------- > 1 file changed, 21 deletions(-) > > diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c index > b99e3f3dc4ef..9ac8204f1ee6 100644 > --- a/drivers/ufs/core/ufs_bsg.c > +++ b/drivers/ufs/core/ufs_bsg.c > @@ -30,21 +30,6 @@ static int ufs_bsg_get_query_desc_size(struct ufs_hba > *hba, int *desc_len, > return 0; > } > > -static int ufs_bsg_verify_query_size(struct ufs_hba *hba, > - unsigned int request_len, > - unsigned int reply_len) > -{ > - int min_req_len = sizeof(struct ufs_bsg_request); > - int min_rsp_len = sizeof(struct ufs_bsg_reply); > - > - if (min_req_len > request_len || min_rsp_len > reply_len) { > - dev_err(hba->dev, "not enough space assigned\n"); > - return -EINVAL; > - } > - > - return 0; > -} > - > static int ufs_bsg_alloc_desc_buffer(struct ufs_hba *hba, struct bsg_job *job, > uint8_t **desc_buff, int *desc_len, > enum query_opcode desc_op) @@ -88,8 +73,6 @@ > static int ufs_bsg_request(struct bsg_job *job) > struct ufs_bsg_request *bsg_request = job->request; > struct ufs_bsg_reply *bsg_reply = job->reply; > struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent)); > - unsigned int req_len = job->request_len; > - unsigned int reply_len = job->reply_len; > struct uic_command uc = {}; > int msgcode; > uint8_t *desc_buff = NULL; > @@ -97,10 +80,6 @@ static int ufs_bsg_request(struct bsg_job *job) > enum query_opcode desc_op = UPIU_QUERY_OPCODE_NOP; > int ret; > > - ret = ufs_bsg_verify_query_size(hba, req_len, reply_len); > - if (ret) > - goto out; > - > bsg_reply->reply_payload_rcv_len = 0; > > ufshcd_rpm_get_sync(hba); > -- > 2.25.1