[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <DM6PR04MB65759E6D99477E462E3C6B57FC149@DM6PR04MB6575.namprd04.prod.outlook.com>
Date: Thu, 1 Dec 2022 06:46:52 +0000
From: Avri Altman <Avri.Altman@....com>
To: Bean Huo <beanhuo@...pp.de>,
"alim.akhtar@...sung.com" <alim.akhtar@...sung.com>,
"jejb@...ux.ibm.com" <jejb@...ux.ibm.com>,
"martin.petersen@...cle.com" <martin.petersen@...cle.com>,
"stanley.chu@...iatek.com" <stanley.chu@...iatek.com>,
"beanhuo@...ron.com" <beanhuo@...ron.com>,
"bvanassche@....org" <bvanassche@....org>,
"tomas.winkler@...el.com" <tomas.winkler@...el.com>,
"daejun7.park@...sung.com" <daejun7.park@...sung.com>,
"quic_cang@...cinc.com" <quic_cang@...cinc.com>,
"quic_nguyenb@...cinc.com" <quic_nguyenb@...cinc.com>,
"quic_xiaosenh@...cinc.com" <quic_xiaosenh@...cinc.com>,
"quic_richardp@...cinc.com" <quic_richardp@...cinc.com>,
"quic_asutoshd@...cinc.com" <quic_asutoshd@...cinc.com>,
"hare@...e.de" <hare@...e.de>
CC: "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v2 1/6] ufs: ufs_bsg: Remove unnecessary length checkup
>
> From: Bean Huo <beanhuo@...ron.com>
>
> Remove checks on job->request_len and job->reply_len because The following
> msgcode checks will rule out malicious requests.
>
> Signed-off-by: Bean Huo <beanhuo@...ron.com>
Acked-by: Avri Altman <avri.altman@....com>
> ---
> drivers/ufs/core/ufs_bsg.c | 21 ---------------------
> 1 file changed, 21 deletions(-)
>
> diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c index
> b99e3f3dc4ef..9ac8204f1ee6 100644
> --- a/drivers/ufs/core/ufs_bsg.c
> +++ b/drivers/ufs/core/ufs_bsg.c
> @@ -30,21 +30,6 @@ static int ufs_bsg_get_query_desc_size(struct ufs_hba
> *hba, int *desc_len,
> return 0;
> }
>
> -static int ufs_bsg_verify_query_size(struct ufs_hba *hba,
> - unsigned int request_len,
> - unsigned int reply_len)
> -{
> - int min_req_len = sizeof(struct ufs_bsg_request);
> - int min_rsp_len = sizeof(struct ufs_bsg_reply);
> -
> - if (min_req_len > request_len || min_rsp_len > reply_len) {
> - dev_err(hba->dev, "not enough space assigned\n");
> - return -EINVAL;
> - }
> -
> - return 0;
> -}
> -
> static int ufs_bsg_alloc_desc_buffer(struct ufs_hba *hba, struct bsg_job *job,
> uint8_t **desc_buff, int *desc_len,
> enum query_opcode desc_op) @@ -88,8 +73,6 @@
> static int ufs_bsg_request(struct bsg_job *job)
> struct ufs_bsg_request *bsg_request = job->request;
> struct ufs_bsg_reply *bsg_reply = job->reply;
> struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
> - unsigned int req_len = job->request_len;
> - unsigned int reply_len = job->reply_len;
> struct uic_command uc = {};
> int msgcode;
> uint8_t *desc_buff = NULL;
> @@ -97,10 +80,6 @@ static int ufs_bsg_request(struct bsg_job *job)
> enum query_opcode desc_op = UPIU_QUERY_OPCODE_NOP;
> int ret;
>
> - ret = ufs_bsg_verify_query_size(hba, req_len, reply_len);
> - if (ret)
> - goto out;
> -
> bsg_reply->reply_payload_rcv_len = 0;
>
> ufshcd_rpm_get_sync(hba);
> --
> 2.25.1
Powered by blists - more mailing lists