scsi: ufs: Check that space was properly alloced in copy_query_response

[ Upstream commit 1c90836f70f9a8ef7b7ad9e1fdd8961903e6ced6 ] struct ufs_dev_cmd is the main container that supports device management commands. In the case of a read descriptor request, we assume that the proper space was allocated in dev_cmd to hold the returning descriptor. This is no longer true, as there are flows that doesn't use dev_cmd for device management requests, and was wrong in the first place. Fixes: d44a5f98 (ufs: query descriptor API) Signed-off-by: N Avri Altman <avri.altman@wdc.com> Reviewed-by: N Alim Akhtar <alim.akhtar@samsung.com> Acked-by: N Bean Huo <beanhuo@micron.com> Signed-off-by: N Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: N Sasha Levin <sashal@kernel.org>

scsi: ufs: Check that space was properly alloced in copy_query_response
[ Upstream commit 1c90836f70f9a8ef7b7ad9e1fdd8961903e6ced6 ] struct ufs_dev_cmd is the main container that supports device management commands. In the case of a read descriptor request, we assume that the proper space was allocated in dev_cmd to hold the returning descriptor. This is no longer true, as there are flows that doesn't use dev_cmd for device management requests, and was wrong in the first place. Fixes: d44a5f98 (ufs: query descriptor API) Signed-off-by: N Avri Altman <avri.altman@wdc.com> Reviewed-by: N Alim Akhtar <alim.akhtar@samsung.com> Acked-by: N Bean Huo <beanhuo@micron.com> Signed-off-by: N Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: N Sasha Levin <sashal@kernel.org>
04ceb134 · Avri Altman · Greg Kroah-Hartman · e1a101a9 · 04ceb134
显示空白变更内容
内联并排

Showing with 2 addition and 1 deletion

drivers/scsi/ufs/ufshcd.c drivers/scsi/ufs/ufshcd.c +2 -1

未找到文件。
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -1914,7 +1914,8 @@ int ufshcd_copy_query_response(struct ufs_hba *hba, struct ufshcd_lrb *lrbp)
 	memcpy(&query_res->upiu_res, &lrbp->ucd_rsp_ptr->qr, QUERY_OSF_SIZE);
 	/* Get the descriptor */
-	if (lrbp->ucd_rsp_ptr->qr.opcode == UPIU_QUERY_OPCODE_READ_DESC) {
+	if (hba->dev_cmd.query.descriptor &&
+	    lrbp->ucd_rsp_ptr->qr.opcode == UPIU_QUERY_OPCODE_READ_DESC) {
 		u8 *descp = (u8 *)lrbp->ucd_rsp_ptr +
 				GENERAL_UPIU_REQUEST_SIZE;
 		u16 resp_len;