On Thu, May 23, 2024 at 05:26:08PM +0800, Shichao Lai wrote: > Since uzonesize may be zero, so judgements for non-zero are nessesary in both place. > Previous check is moved out of loop, and one more check is added in alauda_write_lba. > > Reported-by: xingwei lee <xrivendell7@xxxxxxxxx> > Reported-by: yue sun <samsun1006219@xxxxxxxxx> > Signed-off-by: Shichao Lai <shichaorai@xxxxxxxxx> > --- > drivers/usb/storage/alauda.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/usb/storage/alauda.c b/drivers/usb/storage/alauda.c > index 115f05a6201a..a6e60ef5cb0d 100644 > --- a/drivers/usb/storage/alauda.c > +++ b/drivers/usb/storage/alauda.c > @@ -818,6 +818,8 @@ static int alauda_write_lba(struct us_data *us, u16 lba, > unsigned int blocksize = MEDIA_INFO(us).blocksize; > unsigned int lba_offset = lba % uzonesize; > unsigned int new_pba_offset; > + if (!uzonesize) > + return USB_STOR_TRANSPORT_ERROR; > unsigned int zone = lba / uzonesize; > > alauda_ensure_map_for_zone(us, zone); > @@ -923,6 +925,8 @@ static int alauda_read_data(struct us_data *us, unsigned long address, > unsigned int uzonesize = MEDIA_INFO(us).uzonesize; > struct scatterlist *sg; > int result; > + if (!uzonesize) > + return USB_STOR_TRANSPORT_ERROR; > > /* > * Since we only read in one block at a time, we have to create This is definitely NOT the right way to fix the bug! uzonesize is set once, when the device is probed, in alauda_init_media(). That is where the check belongs; if uzonesize is 0 then the function should print a warning and return USB_STOR_TRANSPORT_ERROR, because the device is unusable. It's probably a good idea to check pagesize, blocksize, and zonesize at the same time, even though none of them are used for any divisions. Alan Stern
