lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240911053951.4032533-1-avri.altman@wdc.com>
Date: Wed, 11 Sep 2024 08:39:51 +0300
From: Avri Altman <avri.altman@....com>
To: "Martin K . Petersen" <martin.petersen@...cle.com>
Cc: linux-scsi@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Bart Van Assche <bvanassche@....org>,
	Avri Altman <avri.altman@....com>
Subject: [PATCH] scsi: ufs: Zero utp_upiu_req at the beginning of each command

This patch introduces a previously missing step: zeroing the
`utp_upiu_req` structure at the beginning of each upiu transaction. This
ensures that the upiu request fields are properly initialized,
preventing potential issues caused by residual data from previous
commands.

No changes to  struct utp_upiu_req memory layout: not its size nor
cacheline usage.

Signed-off-by: Avri Altman <avri.altman@....com>
---
 drivers/ufs/core/ufshcd.c        | 14 +++++++++++++-
 include/uapi/scsi/scsi_bsg_ufs.h | 12 +++++++-----
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
index 8ea5a82503a9..0f7ad1acfda0 100644
--- a/drivers/ufs/core/ufshcd.c
+++ b/drivers/ufs/core/ufshcd.c
@@ -2735,6 +2735,11 @@ ufshcd_prepare_req_desc_hdr(struct ufs_hba *hba, struct ufshcd_lrb *lrbp,
 	req_desc->prd_table_length = 0;
 }
 
+static void zero_utp_upiu(struct utp_upiu_req *req)
+{
+	memset(&req->utp_upiu, 0, sizeof(req->utp_upiu));
+}
+
 /**
  * ufshcd_prepare_utp_scsi_cmd_upiu() - fills the utp_transfer_req_desc,
  * for scsi commands
@@ -2758,10 +2763,11 @@ void ufshcd_prepare_utp_scsi_cmd_upiu(struct ufshcd_lrb *lrbp, u8 upiu_flags)
 
 	WARN_ON_ONCE(ucd_req_ptr->header.task_tag != lrbp->task_tag);
 
+	zero_utp_upiu(ucd_req_ptr);
+
 	ucd_req_ptr->sc.exp_data_transfer_len = cpu_to_be32(cmd->sdb.length);
 
 	cdb_len = min_t(unsigned short, cmd->cmd_len, UFS_CDB_SIZE);
-	memset(ucd_req_ptr->sc.cdb, 0, UFS_CDB_SIZE);
 	memcpy(ucd_req_ptr->sc.cdb, cmd->cmnd, cdb_len);
 
 	memset(lrbp->ucd_rsp_ptr, 0, sizeof(struct utp_upiu_rsp));
@@ -2795,6 +2801,8 @@ static void ufshcd_prepare_utp_query_req_upiu(struct ufs_hba *hba,
 				0,
 	};
 
+	zero_utp_upiu(ucd_req_ptr);
+
 	/* Copy the Query Request buffer as is */
 	memcpy(&ucd_req_ptr->qr, &query->request.upiu_req,
 			QUERY_OSF_SIZE);
@@ -7170,6 +7178,8 @@ static int ufshcd_issue_devman_upiu_cmd(struct ufs_hba *hba,
 	/* update the task tag in the request upiu */
 	req_upiu->header.task_tag = tag;
 
+	zero_utp_upiu(lrbp->ucd_req_ptr);
+
 	/* just copy the upiu request as it is */
 	memcpy(lrbp->ucd_req_ptr, req_upiu, sizeof(*lrbp->ucd_req_ptr));
 	if (desc_buff && desc_op == UPIU_QUERY_OPCODE_WRITE_DESC) {
@@ -7322,6 +7332,8 @@ int ufshcd_advanced_rpmb_req_handler(struct ufs_hba *hba, struct utp_upiu_req *r
 	/* update the task tag */
 	req_upiu->header.task_tag = tag;
 
+	zero_utp_upiu(lrbp->ucd_req_ptr);
+
 	/* copy the UPIU(contains CDB) request as it is */
 	memcpy(lrbp->ucd_req_ptr, req_upiu, sizeof(*lrbp->ucd_req_ptr));
 	/* Copy EHS, starting with byte32, immediately after the CDB package */
diff --git a/include/uapi/scsi/scsi_bsg_ufs.h b/include/uapi/scsi/scsi_bsg_ufs.h
index 8c29e498ef98..b0d60d54d6c9 100644
--- a/include/uapi/scsi/scsi_bsg_ufs.h
+++ b/include/uapi/scsi/scsi_bsg_ufs.h
@@ -162,11 +162,13 @@ struct utp_upiu_cmd {
  */
 struct utp_upiu_req {
 	struct utp_upiu_header header;
-	union {
-		struct utp_upiu_cmd		sc;
-		struct utp_upiu_query		qr;
-		struct utp_upiu_query		uc;
-	};
+	struct_group(utp_upiu,
+		union {
+			struct utp_upiu_cmd	sc;
+			struct utp_upiu_query	qr;
+			struct utp_upiu_query	uc;
+		};
+	);
 };
 
 struct ufs_arpmb_meta {
-- 
2.25.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ