Commit eb783bb8 authored Jun 09, 2021 by Can Guo Committed by Martin K. Petersen Jun 09, 2021

scsi: ufs: core: Fix a possible use before initialization case

In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized, then
we should bail out instead of letting trace record the error.

Link: https://lore.kernel.org/r/1623227044-22635-1-git-send-email-cang@codeaurora.org

Fixes: a45f9371 ("scsi: ufs: Optimize host lock on transfer requests send/compl paths")
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Stanley Chu <stanley.chu@mediatek.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Can Guo <cang@codeaurora.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

parent 10542489

drivers/scsi/ufs/ufshcd.c

+2 −3

Original line number	Diff line number	Diff line
		@@ -2980,7 +2980,7 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba,
		WARN_ON(lrbp->cmd);
		err = ufshcd_compose_dev_cmd(hba, lrbp, cmd_type, tag);
		if (unlikely(err))
		goto out_put_tag;
		goto out;

		hba->dev_cmd.complete = &wait;

		@@ -2990,11 +2990,10 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba,

		ufshcd_send_command(hba, tag);
		err = ufshcd_wait_for_dev_cmd(hba, lrbp, timeout);
		out:
		ufshcd_add_query_upiu_trace(hba, err ? UFS_QUERY_ERR : UFS_QUERY_COMP,
		(struct utp_upiu_req *)lrbp->ucd_rsp_ptr);

		out_put_tag:
		out:
		blk_put_request(req);
		out_unlock:
		up_read(&hba->clk_scaling_lock);