From patchwork Wed Jun 9 08:24:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Can Guo X-Patchwork-Id: 12309279 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41EEEC47095 for ; Wed, 9 Jun 2021 08:24:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2387A61375 for ; Wed, 9 Jun 2021 08:24:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237620AbhFII0E (ORCPT ); Wed, 9 Jun 2021 04:26:04 -0400 Received: from labrats.qualcomm.com ([199.106.110.90]:8655 "EHLO labrats.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236161AbhFII0D (ORCPT ); Wed, 9 Jun 2021 04:26:03 -0400 IronPort-SDR: 3RIrc1zMYL0CwGu753WOSZXjPYtsfKXr4Z/Lc7IRt4hQuKlapzYLVjuwft4CVJ8rY8nhScLXsK FULjQS5sFz+7zcMSpbN09NYwZyMdY1eWY5VepZwZYEYt9B+t4apssR4bPVxoTaiDP4rh1PLUTC 4R7dOZFiueQWbYx3m8GN3m8PnSC6Uyum1+4HCWR3WgWy2g0oGPLbcvuxy2/2ix91Zi5BeLrziJ sOLikgPWeZdOipf7aG63FZoEvqwS84wMyhMNt1ShRMLxZDC6FS3cSY3XZ9Qm6tzjw2o/39HOJ9 F4U= X-IronPort-AV: E=Sophos;i="5.83,260,1616482800"; d="scan'208";a="29778265" Received: from unknown (HELO ironmsg03-sd.qualcomm.com) ([10.53.140.143]) by labrats.qualcomm.com with ESMTP; 09 Jun 2021 01:24:07 -0700 X-QCInternal: smtphost Received: from stor-presley.qualcomm.com ([192.168.140.85]) by ironmsg03-sd.qualcomm.com with ESMTP; 09 Jun 2021 01:24:06 -0700 Received: by stor-presley.qualcomm.com (Postfix, from userid 359480) id 1644321B40; Wed, 9 Jun 2021 01:24:06 -0700 (PDT) From: Can Guo To: asutoshd@codeaurora.org, nguyenb@codeaurora.org, hongwus@codeaurora.org, ziqichen@codeaurora.org, linux-scsi@vger.kernel.org, kernel-team@android.com, cang@codeaurora.org Cc: Alim Akhtar , Avri Altman , "James E.J. Bottomley" , "Martin K. Petersen" , Matthias Brugger , Stanley Chu , Bean Huo , Jaegeuk Kim , linux-kernel@vger.kernel.org (open list), linux-arm-kernel@lists.infradead.org (moderated list:ARM/Mediatek SoC support), linux-mediatek@lists.infradead.org (moderated list:ARM/Mediatek SoC support) Subject: [PATCH v3] scsi: ufs: Fix a possible use before initialization case Date: Wed, 9 Jun 2021 01:24:00 -0700 Message-Id: <1623227044-22635-1-git-send-email-cang@codeaurora.org> X-Mailer: git-send-email 2.7.4 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized, then we should bail out instead of letting trace record the error. Fixes: a45f937110fa6 ("scsi: ufs: Optimize host lock on transfer requests send/compl paths") Reported-by: kernel test robot Reviewed-by: Stanley Chu Signed-off-by: Can Guo Reviewed-by: Nathan Chancellor --- Change since V2: - Removed unused goto out_put_tag Change since V1: - Use codeaurora mail in Signed-off-by tag drivers/scsi/ufs/ufshcd.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index fe1b5f4..25fe18a 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -2980,7 +2980,7 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba, WARN_ON(lrbp->cmd); err = ufshcd_compose_dev_cmd(hba, lrbp, cmd_type, tag); if (unlikely(err)) - goto out_put_tag; + goto out; hba->dev_cmd.complete = &wait; @@ -2990,11 +2990,10 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba, ufshcd_send_command(hba, tag); err = ufshcd_wait_for_dev_cmd(hba, lrbp, timeout); -out: ufshcd_add_query_upiu_trace(hba, err ? UFS_QUERY_ERR : UFS_QUERY_COMP, (struct utp_upiu_req *)lrbp->ucd_rsp_ptr); -out_put_tag: +out: blk_put_request(req); out_unlock: up_read(&hba->clk_scaling_lock);